From 94125e89b6be74cb20100d5321a98aa6529187a9 Mon Sep 17 00:00:00 2001
From: Havoc Pennington <hp@redhat.com>
Date: Tue, 12 Jun 2007 18:36:19 +0000
Subject: 2007-06-12  Havoc Pennington  <hp@redhat.com>

	* dbus/dbus-auth.c (sha1_handle_second_client_response)
	(handle_server_data_anonymous_mech): add the process ID from
	socket credentials, if available, even if not using EXTERNAL

	* dbus/dbus-transport.c (auth_via_default_rules): support
	allow_anonymous flag

	* dbus/dbus-connection.c (dbus_connection_get_is_anonymous)
	(dbus_connection_set_allow_anonymous): new API for controlling
	anonymous access
---
 dbus/dbus-auth.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

(limited to 'dbus/dbus-auth.c')

diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
index 657f8d3d..e47f6e36 100644
--- a/dbus/dbus-auth.c
+++ b/dbus/dbus-auth.c
@@ -731,6 +731,13 @@ sha1_handle_second_client_response (DBusAuth         *auth,
   if (!_dbus_credentials_add_credentials (auth->authorized_identity,
                                           auth->desired_identity))
     goto out_3;
+
+  /* Copy process ID from the socket credentials if it's there
+   */
+  if (!_dbus_credentials_add_credential (auth->authorized_identity,
+                                         DBUS_CREDENTIAL_UNIX_PROCESS_ID,
+                                         auth->credentials))
+    goto out_3;
   
   if (!send_ok (auth))
     goto out_3;
@@ -994,7 +1001,7 @@ static dbus_bool_t
 handle_server_data_external_mech (DBusAuth         *auth,
                                   const DBusString *data)
 {
-  if (_dbus_credentials_are_empty (auth->credentials))
+  if (_dbus_credentials_are_anonymous (auth->credentials))
     {
       _dbus_verbose ("%s: no credentials, mechanism EXTERNAL can't authenticate\n",
                      DBUS_AUTH_NAME (auth));
@@ -1059,7 +1066,7 @@ handle_server_data_external_mech (DBusAuth         *auth,
         }
     }
 
-  if (_dbus_credentials_are_empty (auth->desired_identity))
+  if (_dbus_credentials_are_anonymous (auth->desired_identity))
     {
       _dbus_verbose ("%s: desired user %s is no good\n",
                      DBUS_AUTH_NAME (auth),
@@ -1075,8 +1082,7 @@ handle_server_data_external_mech (DBusAuth         *auth,
                                               auth->desired_identity))
         return FALSE;
 
-      /* also copy process ID from the socket credentials - FIXME this
-       * should be done even if auth EXTERNAL not used
+      /* also copy process ID from the socket credentials
        */
       if (!_dbus_credentials_add_credential (auth->authorized_identity,
                                              DBUS_CREDENTIAL_UNIX_PROCESS_ID,
@@ -1192,6 +1198,13 @@ handle_server_data_anonymous_mech (DBusAuth         *auth,
   /* We want to be anonymous (clear in case some other protocol got midway through I guess) */
   _dbus_credentials_clear (auth->desired_identity);
 
+  /* Copy process ID from the socket credentials
+   */
+  if (!_dbus_credentials_add_credential (auth->authorized_identity,
+                                         DBUS_CREDENTIAL_UNIX_PROCESS_ID,
+                                         auth->credentials))
+    return FALSE;
+  
   /* Anonymous is always allowed */
   if (!send_ok (auth))
     return FALSE;
-- 
cgit