diff options
author | Havoc Pennington <hp@redhat.com> | 2005-05-05 22:02:11 +0000 |
---|---|---|
committer | Havoc Pennington <hp@redhat.com> | 2005-05-05 22:02:11 +0000 |
commit | 4db285c800a68245ad7593e606ca8cb2c21a1329 (patch) | |
tree | 4d10264c98f39ca3d048b97755983fd2feb794ce /dbus/dbus-transport.c | |
parent | b4b85685f139f1bbf64a557dee2b7c803e5e550b (diff) |
2005-05-05 Havoc Pennington <hp@redhat.com>
* configure.in (LT_*): add notes on how the libtool versioning
works to save thinking. Increment soname to indicate protocol
breakage (though really the library interface hasn't changed I
guess)
* dbus/dbus-transport.c (_dbus_transport_get_is_authenticated):
verify the GUID received from server matches what we were
expecting, if we had an expectation
* dbus/dbus-auth.c (send_ok): send GUID along with the OK command
(_dbus_auth_get_guid_from_server): new function
(send_begin): parse the OK args
* doc/dbus-specification.xml: add GUID to the auth protocol
Diffstat (limited to 'dbus/dbus-transport.c')
-rw-r--r-- | dbus/dbus-transport.c | 57 |
1 files changed, 54 insertions, 3 deletions
diff --git a/dbus/dbus-transport.c b/dbus/dbus-transport.c index b271d944..cfc86e4a 100644 --- a/dbus/dbus-transport.c +++ b/dbus/dbus-transport.c @@ -153,6 +153,8 @@ _dbus_transport_init_base (DBusTransport *transport, transport->unix_user_function = NULL; transport->unix_user_data = NULL; transport->free_unix_user_data = NULL; + + transport->expected_guid = NULL; /* Try to default to something that won't totally hose the system, * but doesn't impose too much of a limitation. @@ -195,6 +197,7 @@ _dbus_transport_finalize_base (DBusTransport *transport) 0, NULL, NULL); _dbus_counter_unref (transport->live_messages_size); dbus_free (transport->address); + dbus_free (transport->expected_guid); } /** @@ -213,7 +216,9 @@ _dbus_transport_open (DBusAddressEntry *entry, const char *address_problem_type; const char *address_problem_field; const char *address_problem_other; - const char *method; + const char *method; + const char *expected_guid_orig; + char *expected_guid; _DBUS_ASSERT_ERROR_IS_CLEAR (error); @@ -221,6 +226,14 @@ _dbus_transport_open (DBusAddressEntry *entry, address_problem_type = NULL; address_problem_field = NULL; address_problem_other = NULL; + expected_guid_orig = dbus_address_entry_get_value (entry, "guid"); + expected_guid = _dbus_strdup (expected_guid_orig); + + if (expected_guid_orig != NULL && expected_guid == NULL) + { + _DBUS_SET_OOM (error); + return NULL; + } method = dbus_address_entry_get_method (entry); _dbus_assert (method != NULL); @@ -306,11 +319,20 @@ _dbus_transport_open (DBusAddressEntry *entry, } if (transport == NULL) - _DBUS_ASSERT_ERROR_IS_SET (error); + { + _DBUS_ASSERT_ERROR_IS_SET (error); + dbus_free (expected_guid); + } + else + { + transport->expected_guid = expected_guid; + } return transport; bad_address: + dbus_free (expected_guid); + if (address_problem_type != NULL) dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS, "Address of type %s was missing argument %s", @@ -442,6 +464,35 @@ _dbus_transport_get_is_authenticated (DBusTransport *transport) maybe_authenticated = FALSE; } } + + if (maybe_authenticated && !transport->is_server) + { + const char *server_guid; + + server_guid = _dbus_auth_get_guid_from_server (transport->auth); + _dbus_assert (server_guid != NULL); + + if (transport->expected_guid && + strcmp (transport->expected_guid, server_guid) != 0) + { + _dbus_verbose ("Client expected GUID '%s' and we got '%s' from the server\n", + transport->expected_guid, server_guid); + _dbus_transport_disconnect (transport); + _dbus_connection_unref_unlocked (transport->connection); + return FALSE; + } + + if (transport->expected_guid == NULL) + { + transport->expected_guid = _dbus_strdup (server_guid); + + if (transport->expected_guid == NULL) + { + _dbus_verbose ("No memory to complete auth in %s\n", _DBUS_FUNCTION_NAME); + return FALSE; + } + } + } /* If we've authenticated as some identity, check that the auth * identity is the same as our own identity. In the future, we @@ -518,7 +569,7 @@ _dbus_transport_get_is_authenticated (DBusTransport *transport) } } } - + transport->authenticated = maybe_authenticated; _dbus_connection_unref_unlocked (transport->connection); |