diff options
| author | William Jon McCann <mccann@jhu.edu> | 2007-02-15 15:26:06 -0500 |
|---|---|---|
| committer | William Jon McCann <mccann@jhu.edu> | 2007-02-15 15:26:06 -0500 |
| commit | 66c740f30d36bac8f7b56261f0bd595b297d3dd2 (patch) | |
| tree | be181edf369f5c46b3f94c4ffc6d244322d6a1e2 /src | |
| parent | be0751cd3ec3638082721b1556c07a4238c6c4ac (diff) | |
restrict access to CloseSession
Only allow the uid and pid that opened the session to close it.
Diffstat (limited to 'src')
| -rw-r--r-- | src/ck-manager.c | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/src/ck-manager.c b/src/ck-manager.c index 40e7a46..151badb 100644 --- a/src/ck-manager.c +++ b/src/ck-manager.c @@ -740,16 +740,93 @@ remove_session_for_cookie (CkManager *manager, return TRUE; } +static gboolean +paranoia_check_is_cookie_owner (CkManager *manager, + const char *cookie, + uid_t calling_uid, + pid_t calling_pid, + GError **error) +{ + LeaderInfo *leader_info; + + if (cookie == NULL) { + g_set_error (error, + CK_MANAGER_ERROR, + CK_MANAGER_ERROR_GENERAL, + "No cookie specified"); + return FALSE; + } + + leader_info = g_hash_table_lookup (manager->priv->leaders, cookie); + if (leader_info == NULL) { + g_set_error (error, + CK_MANAGER_ERROR, + CK_MANAGER_ERROR_GENERAL, + _("Unable to find session for cookie")); + return FALSE; + } + + if (leader_info->uid != calling_uid) { + g_set_error (error, + CK_MANAGER_ERROR, + CK_MANAGER_ERROR_GENERAL, + _("User ID does not match the owner of cookie")); + return FALSE; + + } + + /* do we want to restrict to the same process? */ + if (leader_info->pid != calling_pid) { + g_set_error (error, + CK_MANAGER_ERROR, + CK_MANAGER_ERROR_GENERAL, + _("Process ID does not match the owner of cookie")); + return FALSE; + + } + + return TRUE; +} + gboolean ck_manager_close_session (CkManager *manager, const char *cookie, DBusGMethodInvocation *context) { gboolean res; + char *sender; + uid_t calling_uid; + pid_t calling_pid; GError *error; ck_debug ("Closing session for cookie: %s", cookie); + sender = dbus_g_method_get_sender (context); + res = get_caller_info (manager, + sender, + &calling_uid, + &calling_pid); + g_free (sender); + + if (! res) { + error = g_error_new (CK_MANAGER_ERROR, + CK_MANAGER_ERROR_GENERAL, + "Unable to get information about the calling process"); + dbus_g_method_return_error (context, error); + g_error_free (error); + + return FALSE; + } + + error = NULL; + res = paranoia_check_is_cookie_owner (manager, cookie, calling_uid, calling_pid, &error); + if (! res) { + dbus_g_method_return_error (context, error); + g_error_free (error); + + return FALSE; + } + error = NULL; res = remove_session_for_cookie (manager, cookie, &error); if (! res) { |