gio/gdbusauthobserver.c

   1 /* GDBus - GLib D-Bus Library
   2  *
   3  * Copyright (C) 2008-2010 Red Hat, Inc.
   4  *
   5  * This library is free software; you can redistribute it and/or
   6  * modify it under the terms of the GNU Lesser General Public
   7  * License as published by the Free Software Foundation; either
   8  * version 2 of the License, or (at your option) any later version.
   9  *
  10  * This library is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13  * Lesser General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU Lesser General
  16  * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
  17  *
  18  * Author: David Zeuthen <davidz@redhat.com>
  19  */
  20
  21 #include "config.h"
  22
  23 #include "gdbusauthobserver.h"
  24 #include "gcredentials.h"
  25 #include "gioenumtypes.h"
  26 #include "giostream.h"
  27 #include "gdbusprivate.h"
  28
  29 #include "glibintl.h"
  30
  31 /**
  32  * SECTION:gdbusauthobserver
  33  * @short_description: Object used for authenticating connections
  34  * @include: gio/gio.h
  35  *
  36  * The #GDBusAuthObserver type provides a mechanism for participating
  37  * in how a #GDBusServer (or a #GDBusConnection) authenticates remote
  38  * peers. Simply instantiate a #GDBusAuthObserver and connect to the
  39  * signals you are interested in. Note that new signals may be added
  40  * in the future
  41  *
  42  * For example, if you only want to allow D-Bus connections from
  43  * processes owned by the same uid as the server, you would use a
  44  * signal handler like the following:
  45  * <example id="auth-observer"><title>Controlling Authentication</title><programlisting>
  46  * static gboolean
  47  * on_authorize_authenticated_peer (GDBusAuthObserver *observer,
  48  *                                  GIOStream         *stream,
  49  *                                  GCredentials      *credentials,
  50  *                                  gpointer           user_data)
  51  * {
  52  *   gboolean authorized;
  53  *
  54  *   authorized = FALSE;
  55  *   if (credentials != NULL)
  56  *     {
  57  *       GCredentials *own_credentials;
  58  *       own_credentials = g_credentials_new ();
  59  *       if (g_credentials_is_same_user (credentials, own_credentials, NULL))
  60  *         authorized = TRUE;
  61  *       g_object_unref (own_credentials);
  62  *     }
  63  *
  64  *   return authorized;
  65  * }
  66  * </programlisting></example>
  67  */
  68
  69 typedef struct _GDBusAuthObserverClass GDBusAuthObserverClass;
  70
  71 /**
  72  * GDBusAuthObserverClass:
  73  * @authorize_authenticated_peer: Signal class handler for the #GDBusAuthObserver::authorize-authenticated-peer signal.
  74  *
  75  * Class structure for #GDBusAuthObserverClass.
  76  *
  77  * Since: 2.26
  78  */
  79 struct _GDBusAuthObserverClass
  80 {
  81   /*< private >*/
  82   GObjectClass parent_class;
  83
  84   /*< public >*/
  85
  86   /* Signals */
  87   gboolean (*authorize_authenticated_peer) (GDBusAuthObserver  *observer,
  88                                             GIOStream          *stream,
  89                                             GCredentials       *credentials);
  90
  91   gboolean (*allow_mechanism) (GDBusAuthObserver  *observer,
  92                                const gchar        *mechanism);
  93 };
  94
  95 /**
  96  * GDBusAuthObserver:
  97  *
  98  * The #GDBusAuthObserver structure contains only private data and
  99  * should only be accessed using the provided API.
 100  *
 101  * Since: 2.26
 102  */
 103 struct _GDBusAuthObserver
 104 {
 105   GObject parent_instance;
 106 };
 107
 108 enum
 109 {
 110   AUTHORIZE_AUTHENTICATED_PEER_SIGNAL,
 111   ALLOW_MECHANISM_SIGNAL,
 112   LAST_SIGNAL,
 113 };
 114
 115 static guint signals[LAST_SIGNAL] = { 0 };
 116
 117 G_DEFINE_TYPE (GDBusAuthObserver, g_dbus_auth_observer, G_TYPE_OBJECT);
 118
 119 /* ---------------------------------------------------------------------------------------------------- */
 120
 121 static void
 122 g_dbus_auth_observer_finalize (GObject *object)
 123 {
 124   G_OBJECT_CLASS (g_dbus_auth_observer_parent_class)->finalize (object);
 125 }
 126
 127 static gboolean
 128 g_dbus_auth_observer_authorize_authenticated_peer_real (GDBusAuthObserver  *observer,
 129                                                         GIOStream          *stream,
 130                                                         GCredentials       *credentials)
 131 {
 132   return TRUE;
 133 }
 134
 135 static gboolean
 136 g_dbus_auth_observer_allow_mechanism_real (GDBusAuthObserver  *observer,
 137                                            const gchar        *mechanism)
 138 {
 139   return TRUE;
 140 }
 141
 142 static void
 143 g_dbus_auth_observer_class_init (GDBusAuthObserverClass *klass)
 144 {
 145   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
 146
 147   gobject_class->finalize = g_dbus_auth_observer_finalize;
 148
 149   klass->authorize_authenticated_peer = g_dbus_auth_observer_authorize_authenticated_peer_real;
 150   klass->allow_mechanism = g_dbus_auth_observer_allow_mechanism_real;
 151
 152   /**
 153    * GDBusAuthObserver::authorize-authenticated-peer:
 154    * @observer: The #GDBusAuthObserver emitting the signal.
 155    * @stream: A #GIOStream for the #GDBusConnection.
 156    * @credentials: (allow-none): Credentials received from the peer or %NULL.
 157    *
 158    * Emitted to check if a peer that is successfully authenticated
 159    * is authorized.
 160    *
 161    * Returns: %TRUE if the peer is authorized, %FALSE if not.
 162    *
 163    * Since: 2.26
 164    */
 165   signals[AUTHORIZE_AUTHENTICATED_PEER_SIGNAL] =
 166     g_signal_new ("authorize-authenticated-peer",
 167                   G_TYPE_DBUS_AUTH_OBSERVER,
 168                   G_SIGNAL_RUN_LAST,
 169                   G_STRUCT_OFFSET (GDBusAuthObserverClass, authorize_authenticated_peer),
 170                   _g_signal_accumulator_false_handled,
 171                   NULL, /* accu_data */
 172                   NULL,
 173                   G_TYPE_BOOLEAN,
 174                   2,
 175                   G_TYPE_IO_STREAM,
 176                   G_TYPE_CREDENTIALS);
 177
 178   /**
 179    * GDBusAuthObserver::allow-mechanism:
 180    * @observer: The #GDBusAuthObserver emitting the signal.
 181    * @mechanism: The name of the mechanism, e.g. <literal>DBUS_COOKIE_SHA1</literal>.
 182    *
 183    * Emitted to check if @mechanism is allowed to be used.
 184    *
 185    * Returns: %TRUE if @mechanism can be used to authenticate the other peer, %FALSE if not.
 186    *
 187    * Since: 2.34
 188    */
 189   signals[ALLOW_MECHANISM_SIGNAL] =
 190     g_signal_new ("allow-mechanism",
 191                   G_TYPE_DBUS_AUTH_OBSERVER,
 192                   G_SIGNAL_RUN_LAST,
 193                   G_STRUCT_OFFSET (GDBusAuthObserverClass, allow_mechanism),
 194                   _g_signal_accumulator_false_handled,
 195                   NULL, /* accu_data */
 196                   NULL,
 197                   G_TYPE_BOOLEAN,
 198                   1,
 199                   G_TYPE_STRING);
 200 }
 201
 202 static void
 203 g_dbus_auth_observer_init (GDBusAuthObserver *observer)
 204 {
 205 }
 206
 207 /**
 208  * g_dbus_auth_observer_new:
 209  *
 210  * Creates a new #GDBusAuthObserver object.
 211  *
 212  * Returns: A #GDBusAuthObserver. Free with g_object_unref().
 213  *
 214  * Since: 2.26
 215  */
 216 GDBusAuthObserver *
 217 g_dbus_auth_observer_new (void)
 218 {
 219   return g_object_new (G_TYPE_DBUS_AUTH_OBSERVER, NULL);
 220 }
 221
 222 /* ---------------------------------------------------------------------------------------------------- */
 223
 224 /**
 225  * g_dbus_auth_observer_authorize_authenticated_peer:
 226  * @observer: A #GDBusAuthObserver.
 227  * @stream: A #GIOStream for the #GDBusConnection.
 228  * @credentials: (allow-none): Credentials received from the peer or %NULL.
 229  *
 230  * Emits the #GDBusAuthObserver::authorize-authenticated-peer signal on @observer.
 231  *
 232  * Returns: %TRUE if the peer is authorized, %FALSE if not.
 233  *
 234  * Since: 2.26
 235  */
 236 gboolean
 237 g_dbus_auth_observer_authorize_authenticated_peer (GDBusAuthObserver  *observer,
 238                                                    GIOStream          *stream,
 239                                                    GCredentials       *credentials)
 240 {
 241   gboolean denied;
 242
 243   denied = FALSE;
 244   g_signal_emit (observer,
 245                  signals[AUTHORIZE_AUTHENTICATED_PEER_SIGNAL],
 246                  0,
 247                  stream,
 248                  credentials,
 249                  &denied);
 250   return denied;
 251 }
 252
 253 /**
 254  * g_dbus_auth_observer_allow_mechanism:
 255  * @observer: A #GDBusAuthObserver.
 256  * @mechanism: The name of the mechanism, e.g. <literal>DBUS_COOKIE_SHA1</literal>.
 257  *
 258  * Emits the #GDBusAuthObserver::allow-mechanism signal on @observer.
 259  *
 260  * Returns: %TRUE if @mechanism can be used to authenticate the other peer, %FALSE if not.
 261  *
 262  * Since: 2.34
 263  */
 264 gboolean
 265 g_dbus_auth_observer_allow_mechanism (GDBusAuthObserver  *observer,
 266                                       const gchar        *mechanism)
 267 {
 268   gboolean ret;
 269
 270   ret = FALSE;
 271   g_signal_emit (observer,
 272                  signals[ALLOW_MECHANISM_SIGNAL],
 273                  0,
 274                  mechanism,
 275                  &ret);
 276   return ret;
 277 }
 278