diff options
| author | Havoc Pennington <hp@redhat.com> | 2007-06-12 18:36:19 +0000 |
|---|---|---|
| committer | Havoc Pennington <hp@redhat.com> | 2007-06-12 18:36:19 +0000 |
| commit | 94125e89b6be74cb20100d5321a98aa6529187a9 (patch) | |
| tree | 7ec1aab41bad3448155c07e1a8328e9d0168a0a3 /dbus/dbus-connection.c | |
| parent | a789b7b38cb4f4540a41444cbd64bf7ada2d60d2 (diff) | |
2007-06-12 Havoc Pennington <hp@redhat.com>
* dbus/dbus-auth.c (sha1_handle_second_client_response)
(handle_server_data_anonymous_mech): add the process ID from
socket credentials, if available, even if not using EXTERNAL
* dbus/dbus-transport.c (auth_via_default_rules): support
allow_anonymous flag
* dbus/dbus-connection.c (dbus_connection_get_is_anonymous)
(dbus_connection_set_allow_anonymous): new API for controlling
anonymous access
Diffstat (limited to 'dbus/dbus-connection.c')
| -rw-r--r-- | dbus/dbus-connection.c | 72 |
1 files changed, 71 insertions, 1 deletions
diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c index 1cd3d05d..656f7502 100644 --- a/dbus/dbus-connection.c +++ b/dbus/dbus-connection.c @@ -2811,6 +2811,40 @@ dbus_connection_get_is_authenticated (DBusConnection *connection) } /** + * Gets whether the connection is not authenticated as a specific + * user. If the connection is not authenticated, this function + * returns #TRUE, and if it is authenticated but as an anonymous user, + * it returns #TRUE. If it is authenticated as a specific user, then + * this returns #FALSE. (Note that if the connection was authenticated + * as anonymous then disconnected, this function still returns #TRUE.) + * + * If the connection is not anonymous, you can use + * dbus_connection_get_unix_user() and + * dbus_connection_get_windows_user() to see who it's authorized as. + * + * If you want to prevent non-anonymous authorization, use + * dbus_server_set_auth_mechanisms() to remove the mechanisms that + * allow proving user identity (i.e. only allow the ANONYMOUS + * mechanism). + * + * @param connection the connection + * @returns #TRUE if not authenticated or authenticated as anonymous + */ +dbus_bool_t +dbus_connection_get_is_anonymous (DBusConnection *connection) +{ + dbus_bool_t res; + + _dbus_return_val_if_fail (connection != NULL, FALSE); + + CONNECTION_LOCK (connection); + res = _dbus_transport_get_is_anonymous (connection->transport); + CONNECTION_UNLOCK (connection); + + return res; +} + +/** * Set whether _exit() should be called when the connection receives a * disconnect signal. The call to _exit() comes after any handlers for * the disconnect signal run; handlers can cancel the exit by calling @@ -4987,6 +5021,43 @@ dbus_connection_set_windows_user_function (DBusConnection *connecti } /** + * This function must be called on the server side of a connection when the + * connection is first seen in the #DBusNewConnectionFunction. If set to + * #TRUE (the default is #FALSE), then the connection can proceed even if + * the client does not authenticate as some user identity, i.e. clients + * can connect anonymously. + * + * This setting interacts with the available authorization mechanisms + * (see dbus_server_set_auth_mechanisms()). Namely, an auth mechanism + * such as ANONYMOUS that supports anonymous auth must be included in + * the list of available mechanisms for anonymous login to work. + * + * This setting also changes the default rule for connections + * authorized as a user; normally, if a connection authorizes as + * a user identity, it is permitted if the user identity is + * root or the user identity matches the user identity of the server + * process. If anonymous connections are allowed, however, + * then any user identity is allowed. + * + * You can override the rules for connections authorized as a + * user identity with dbus_connection_set_unix_user_function() + * and dbus_connection_set_windows_user_function(). + * + * @param connection the connection + * @param value whether to allow authentication as an anonymous user + */ +void +dbus_connection_set_allow_anonymous (DBusConnection *connection, + dbus_bool_t value) +{ + _dbus_return_if_fail (connection != NULL); + + CONNECTION_LOCK (connection); + _dbus_transport_set_allow_anonymous (connection->transport, value); + CONNECTION_UNLOCK (connection); +} + +/** * * Normally #DBusConnection automatically handles all messages to the * org.freedesktop.DBus.Peer interface. However, the message bus wants @@ -4997,7 +5068,6 @@ dbus_connection_set_windows_user_function (DBusConnection *connecti * handled by the #DBusConnection and instead will be dispatched * normally to the application. * - * * If a normal application sets this flag, it can break things badly. * So don't set this unless you are the message bus. * |