diff options
| author | Havoc Pennington <hp@redhat.com> | 2007-06-12 18:36:19 +0000 |
|---|---|---|
| committer | Havoc Pennington <hp@redhat.com> | 2007-06-12 18:36:19 +0000 |
| commit | 94125e89b6be74cb20100d5321a98aa6529187a9 (patch) | |
| tree | 7ec1aab41bad3448155c07e1a8328e9d0168a0a3 /dbus/dbus-transport.c | |
| parent | a789b7b38cb4f4540a41444cbd64bf7ada2d60d2 (diff) | |
2007-06-12 Havoc Pennington <hp@redhat.com>
* dbus/dbus-auth.c (sha1_handle_second_client_response)
(handle_server_data_anonymous_mech): add the process ID from
socket credentials, if available, even if not using EXTERNAL
* dbus/dbus-transport.c (auth_via_default_rules): support
allow_anonymous flag
* dbus/dbus-connection.c (dbus_connection_get_is_anonymous)
(dbus_connection_set_allow_anonymous): new API for controlling
anonymous access
Diffstat (limited to 'dbus/dbus-transport.c')
| -rw-r--r-- | dbus/dbus-transport.c | 43 |
1 files changed, 39 insertions, 4 deletions
diff --git a/dbus/dbus-transport.c b/dbus/dbus-transport.c index 029cc6cf..d738cc0c 100644 --- a/dbus/dbus-transport.c +++ b/dbus/dbus-transport.c @@ -603,10 +603,10 @@ auth_via_default_rules (DBusTransport *transport) auth_identity = _dbus_auth_get_identity (transport->auth); _dbus_assert (auth_identity != NULL); - /* By default, connection is allowed if the client is - * 1) root or 2) has the same UID as us + /* By default, connection is allowed if the client is 1) root or 2) + * has the same UID as us or 3) anonymous is allowed. */ - + our_identity = _dbus_credentials_new_from_current_process (); if (our_identity == NULL) { @@ -614,7 +614,8 @@ auth_via_default_rules (DBusTransport *transport) return FALSE; } - if (_dbus_credentials_get_unix_uid (auth_identity) == 0 || + if (transport->allow_anonymous || + _dbus_credentials_get_unix_uid (auth_identity) == 0 || _dbus_credentials_same_user (our_identity, auth_identity)) { @@ -756,6 +757,28 @@ _dbus_transport_get_is_authenticated (DBusTransport *transport) } /** + * See dbus_connection_get_is_anonymous(). + * + * @param transport the transport + * @returns #TRUE if not authenticated or authenticated as anonymous + */ +dbus_bool_t +_dbus_transport_get_is_anonymous (DBusTransport *transport) +{ + DBusCredentials *auth_identity; + + if (!transport->authenticated) + return TRUE; + + auth_identity = _dbus_auth_get_identity (transport->auth); + + if (_dbus_credentials_are_anonymous (auth_identity)) + return TRUE; + else + return FALSE; +} + +/** * Gets the address of a transport. It will be * #NULL for a server-side transport. * @@ -1298,5 +1321,17 @@ _dbus_transport_set_auth_mechanisms (DBusTransport *transport, return _dbus_auth_set_mechanisms (transport->auth, mechanisms); } +/** + * See dbus_connection_set_allow_anonymous() + * + * @param transport the transport + * @param value #TRUE to allow anonymous connection + */ +void +_dbus_transport_set_allow_anonymous (DBusTransport *transport, + dbus_bool_t value) +{ + transport->allow_anonymous = value != FALSE; +} /** @} */ |