From 94125e89b6be74cb20100d5321a98aa6529187a9 Mon Sep 17 00:00:00 2001
From: Havoc Pennington <hp@redhat.com>
Date: Tue, 12 Jun 2007 18:36:19 +0000
Subject: 2007-06-12  Havoc Pennington  <hp@redhat.com>

	* dbus/dbus-auth.c (sha1_handle_second_client_response)
	(handle_server_data_anonymous_mech): add the process ID from
	socket credentials, if available, even if not using EXTERNAL

	* dbus/dbus-transport.c (auth_via_default_rules): support
	allow_anonymous flag

	* dbus/dbus-connection.c (dbus_connection_get_is_anonymous)
	(dbus_connection_set_allow_anonymous): new API for controlling
	anonymous access
---
 dbus/dbus-transport.c | 43 +++++++++++++++++++++++++++++++++++++++----
 1 file changed, 39 insertions(+), 4 deletions(-)

(limited to 'dbus/dbus-transport.c')

diff --git a/dbus/dbus-transport.c b/dbus/dbus-transport.c
index 029cc6cf..d738cc0c 100644
--- a/dbus/dbus-transport.c
+++ b/dbus/dbus-transport.c
@@ -603,10 +603,10 @@ auth_via_default_rules (DBusTransport *transport)
   auth_identity = _dbus_auth_get_identity (transport->auth);
   _dbus_assert (auth_identity != NULL);
 
-  /* By default, connection is allowed if the client is
-   * 1) root or 2) has the same UID as us
+  /* By default, connection is allowed if the client is 1) root or 2)
+   * has the same UID as us or 3) anonymous is allowed.
    */
-              
+  
   our_identity = _dbus_credentials_new_from_current_process ();
   if (our_identity == NULL)
     {
@@ -614,7 +614,8 @@ auth_via_default_rules (DBusTransport *transport)
       return FALSE;
     }
               
-  if (_dbus_credentials_get_unix_uid (auth_identity) == 0 ||
+  if (transport->allow_anonymous ||
+      _dbus_credentials_get_unix_uid (auth_identity) == 0 ||
       _dbus_credentials_same_user (our_identity,
                                    auth_identity))
     {
@@ -755,6 +756,28 @@ _dbus_transport_get_is_authenticated (DBusTransport *transport)
     }
 }
 
+/**
+ * See dbus_connection_get_is_anonymous().
+ *
+ * @param transport the transport
+ * @returns #TRUE if not authenticated or authenticated as anonymous
+ */
+dbus_bool_t
+_dbus_transport_get_is_anonymous (DBusTransport *transport)
+{
+  DBusCredentials *auth_identity;
+  
+  if (!transport->authenticated)
+    return TRUE;
+  
+  auth_identity = _dbus_auth_get_identity (transport->auth);
+
+  if (_dbus_credentials_are_anonymous (auth_identity))
+    return TRUE;
+  else
+    return FALSE;
+}
+
 /**
  * Gets the address of a transport. It will be
  * #NULL for a server-side transport.
@@ -1298,5 +1321,17 @@ _dbus_transport_set_auth_mechanisms (DBusTransport  *transport,
   return _dbus_auth_set_mechanisms (transport->auth, mechanisms);
 }
 
+/**
+ * See dbus_connection_set_allow_anonymous()
+ *
+ * @param transport the transport
+ * @param value #TRUE to allow anonymous connection
+ */
+void
+_dbus_transport_set_allow_anonymous (DBusTransport              *transport,
+                                     dbus_bool_t                 value)
+{
+  transport->allow_anonymous = value != FALSE;
+}
 
 /** @} */
-- 
cgit