2007-06-12 Havoc Pennington <hp@redhat.com>

	* dbus/dbus-auth.c (sha1_handle_second_client_response)
	(handle_server_data_anonymous_mech): add the process ID from
	socket credentials, if available, even if not using EXTERNAL

	* dbus/dbus-transport.c (auth_via_default_rules): support
	allow_anonymous flag

	* dbus/dbus-connection.c (dbus_connection_get_is_anonymous)
	(dbus_connection_set_allow_anonymous): new API for controlling
	anonymous access

1 files changed, 17 insertions, 4 deletions

diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
index 657f8d3d..e47f6e36 100644
--- a/dbus/dbus-auth.c
+++ b/dbus/dbus-auth.c
@@ -731,6 +731,13 @@ sha1_handle_second_client_response (DBusAuth         *auth,
   if (!_dbus_credentials_add_credentials (auth->authorized_identity,
                                           auth->desired_identity))
     goto out_3;
+
+  /* Copy process ID from the socket credentials if it's there
+   */
+  if (!_dbus_credentials_add_credential (auth->authorized_identity,
+                                         DBUS_CREDENTIAL_UNIX_PROCESS_ID,
+                                         auth->credentials))
+    goto out_3;
   
   if (!send_ok (auth))
     goto out_3;
@@ -994,7 +1001,7 @@ static dbus_bool_t
 handle_server_data_external_mech (DBusAuth         *auth,
                                   const DBusString *data)
 {
-  if (_dbus_credentials_are_empty (auth->credentials))
+  if (_dbus_credentials_are_anonymous (auth->credentials))
     {
       _dbus_verbose ("%s: no credentials, mechanism EXTERNAL can't authenticate\n",
                      DBUS_AUTH_NAME (auth));
@@ -1059,7 +1066,7 @@ handle_server_data_external_mech (DBusAuth         *auth,
         }
     }
 
-  if (_dbus_credentials_are_empty (auth->desired_identity))
+  if (_dbus_credentials_are_anonymous (auth->desired_identity))
     {
       _dbus_verbose ("%s: desired user %s is no good\n",
                      DBUS_AUTH_NAME (auth),
@@ -1075,8 +1082,7 @@ handle_server_data_external_mech (DBusAuth         *auth,
                                               auth->desired_identity))
         return FALSE;
 
-      /* also copy process ID from the socket credentials - FIXME this
-       * should be done even if auth EXTERNAL not used
+      /* also copy process ID from the socket credentials
        */
       if (!_dbus_credentials_add_credential (auth->authorized_identity,
                                              DBUS_CREDENTIAL_UNIX_PROCESS_ID,
@@ -1192,6 +1198,13 @@ handle_server_data_anonymous_mech (DBusAuth         *auth,
   /* We want to be anonymous (clear in case some other protocol got midway through I guess) */
   _dbus_credentials_clear (auth->desired_identity);
 
+  /* Copy process ID from the socket credentials
+   */
+  if (!_dbus_credentials_add_credential (auth->authorized_identity,
+                                         DBUS_CREDENTIAL_UNIX_PROCESS_ID,
+                                         auth->credentials))
+    return FALSE;
+  
   /* Anonymous is always allowed */
   if (!send_ok (auth))
     return FALSE;