diff options
author | Havoc Pennington <hp@redhat.com> | 2007-06-12 18:36:19 +0000 |
---|---|---|
committer | Havoc Pennington <hp@redhat.com> | 2007-06-12 18:36:19 +0000 |
commit | 94125e89b6be74cb20100d5321a98aa6529187a9 (patch) | |
tree | 7ec1aab41bad3448155c07e1a8328e9d0168a0a3 /dbus/dbus-auth.c | |
parent | a789b7b38cb4f4540a41444cbd64bf7ada2d60d2 (diff) |
2007-06-12 Havoc Pennington <hp@redhat.com>
* dbus/dbus-auth.c (sha1_handle_second_client_response)
(handle_server_data_anonymous_mech): add the process ID from
socket credentials, if available, even if not using EXTERNAL
* dbus/dbus-transport.c (auth_via_default_rules): support
allow_anonymous flag
* dbus/dbus-connection.c (dbus_connection_get_is_anonymous)
(dbus_connection_set_allow_anonymous): new API for controlling
anonymous access
Diffstat (limited to 'dbus/dbus-auth.c')
-rw-r--r-- | dbus/dbus-auth.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c index 657f8d3d..e47f6e36 100644 --- a/dbus/dbus-auth.c +++ b/dbus/dbus-auth.c @@ -731,6 +731,13 @@ sha1_handle_second_client_response (DBusAuth *auth, if (!_dbus_credentials_add_credentials (auth->authorized_identity, auth->desired_identity)) goto out_3; + + /* Copy process ID from the socket credentials if it's there + */ + if (!_dbus_credentials_add_credential (auth->authorized_identity, + DBUS_CREDENTIAL_UNIX_PROCESS_ID, + auth->credentials)) + goto out_3; if (!send_ok (auth)) goto out_3; @@ -994,7 +1001,7 @@ static dbus_bool_t handle_server_data_external_mech (DBusAuth *auth, const DBusString *data) { - if (_dbus_credentials_are_empty (auth->credentials)) + if (_dbus_credentials_are_anonymous (auth->credentials)) { _dbus_verbose ("%s: no credentials, mechanism EXTERNAL can't authenticate\n", DBUS_AUTH_NAME (auth)); @@ -1059,7 +1066,7 @@ handle_server_data_external_mech (DBusAuth *auth, } } - if (_dbus_credentials_are_empty (auth->desired_identity)) + if (_dbus_credentials_are_anonymous (auth->desired_identity)) { _dbus_verbose ("%s: desired user %s is no good\n", DBUS_AUTH_NAME (auth), @@ -1075,8 +1082,7 @@ handle_server_data_external_mech (DBusAuth *auth, auth->desired_identity)) return FALSE; - /* also copy process ID from the socket credentials - FIXME this - * should be done even if auth EXTERNAL not used + /* also copy process ID from the socket credentials */ if (!_dbus_credentials_add_credential (auth->authorized_identity, DBUS_CREDENTIAL_UNIX_PROCESS_ID, @@ -1192,6 +1198,13 @@ handle_server_data_anonymous_mech (DBusAuth *auth, /* We want to be anonymous (clear in case some other protocol got midway through I guess) */ _dbus_credentials_clear (auth->desired_identity); + /* Copy process ID from the socket credentials + */ + if (!_dbus_credentials_add_credential (auth->authorized_identity, + DBUS_CREDENTIAL_UNIX_PROCESS_ID, + auth->credentials)) + return FALSE; + /* Anonymous is always allowed */ if (!send_ok (auth)) return FALSE; |