diff options
author | Havoc Pennington <hp@redhat.com> | 2003-01-04 07:28:54 +0000 |
---|---|---|
committer | Havoc Pennington <hp@redhat.com> | 2003-01-04 07:28:54 +0000 |
commit | 01af5ff4101e540a6456bca01d56272e701bea78 (patch) | |
tree | a5b0fc81b99e3b0564d0b2cc2ac4c20196a051f0 /dbus/dbus-transport.c | |
parent | 1ed128b52484d95e30f7437bf87f34d85371f1f8 (diff) |
2003-01-04 Havoc Pennington <hp@pobox.com>
* test/watch.c (error_handler): make it safe if the error handler
is called multiple times (if we s/error handler/disconnect
handler/ we should just guarantee it's called only once)
* dbus/dbus-transport.c (_dbus_transport_disconnect): call the
error handler on disconnect (it's quite possible we should
just change the error handler to a "disconnect handler," I'm
not sure we have any other meaningful errors)
* configure.in: check for getpwnam_r
* dbus/dbus-transport.c, dbus/dbus-transport-unix.c,
dbus/dbus-auth.c: add credentials support, add EXTERNAL auth
mechanism as in SASL spec, using socket credentials
* dbus/dbus-sysdeps.c (_dbus_read_credentials_unix_socket): new function
(_dbus_send_credentials_unix_socket): new function
* dbus/dbus-sysdeps.c (_dbus_accept_unix_socket): rename just
dbus_accept()
(_dbus_write): only check errno if <0 returned
(_dbus_write_two): ditto
Diffstat (limited to 'dbus/dbus-transport.c')
-rw-r--r-- | dbus/dbus-transport.c | 49 |
1 files changed, 48 insertions, 1 deletions
diff --git a/dbus/dbus-transport.c b/dbus/dbus-transport.c index 085b0224..110153dd 100644 --- a/dbus/dbus-transport.c +++ b/dbus/dbus-transport.c @@ -105,6 +105,13 @@ _dbus_transport_init_base (DBusTransport *transport, transport->authenticated = FALSE; transport->messages_need_sending = FALSE; transport->disconnected = FALSE; + transport->send_credentials_pending = !server; + transport->receive_credentials_pending = server; + transport->is_server = server; + + transport->credentials.pid = -1; + transport->credentials.uid = -1; + transport->credentials.gid = -1; return TRUE; } @@ -205,8 +212,12 @@ _dbus_transport_disconnect (DBusTransport *transport) DBUS_TRANSPORT_HOLD_REF (transport); (* transport->vtable->disconnect) (transport); - + transport->disconnected = TRUE; + + _dbus_connection_transport_error (transport->connection, + DBUS_RESULT_DISCONNECTED); + DBUS_TRANSPORT_RELEASE_REF (transport); } @@ -238,9 +249,45 @@ _dbus_transport_get_is_authenticated (DBusTransport *transport) return TRUE; else { + if (transport->disconnected) + return FALSE; + transport->authenticated = + (!(transport->send_credentials_pending || + transport->receive_credentials_pending)) && _dbus_auth_do_work (transport->auth) == DBUS_AUTH_STATE_AUTHENTICATED; + /* If we've authenticated as some identity, check that the auth + * identity is the same as our own identity. In the future, we + * may have API allowing applications to specify how this is + * done, for example they may allow connection as any identity, + * but then impose restrictions on certain identities. + * Or they may give certain identities extra privileges. + */ + + if (transport->authenticated && transport->is_server) + { + DBusCredentials auth_identity; + DBusCredentials our_identity; + + _dbus_credentials_from_current_process (&our_identity); + _dbus_auth_get_identity (transport->auth, &auth_identity); + + if (!_dbus_credentials_match (&our_identity, + &auth_identity)) + { + _dbus_verbose ("Client authorized as UID %d but our UID is %d, disconnecting\n", + auth_identity.uid, our_identity.uid); + _dbus_transport_disconnect (transport); + return FALSE; + } + else + { + _dbus_verbose ("Client authorized as UID %d matching our UID %d\n", + auth_identity.uid, our_identity.uid); + } + } + return transport->authenticated; } } |