/* GDBus - GLib D-Bus Library
*
- * Copyright (C) 2008-2009 Red Hat, Inc.
+ * Copyright (C) 2008-2010 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
- * Boston, MA 02111-1307, USA.
+ * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
*
* Author: David Zeuthen <davidz@redhat.com>
*/
#include "config.h"
#include "gdbusauthobserver.h"
-#include "gio-marshal.h"
#include "gcredentials.h"
#include "gioenumtypes.h"
#include "giostream.h"
+#include "gdbusprivate.h"
#include "glibintl.h"
* signals you are interested in. Note that new signals may be added
* in the future
*
+ * ## Controlling Authentication # {#auth-observer}
+ *
* For example, if you only want to allow D-Bus connections from
- * processes owned by the same uid as the server, you would do this:
- * <example id="auth-observer"><title>Controlling Authentication</title><programlisting>
+ * processes owned by the same uid as the server, you would use a
+ * signal handler like the following:
+ *
+ * |[
* static gboolean
- * on_deny_authenticated_peer (GDBusAuthObserver *observer,
- * GIOStream *stream,
- * GCredentials *credentials,
- * gpointer user_data)
+ * on_authorize_authenticated_peer (GDBusAuthObserver *observer,
+ * GIOStream *stream,
+ * GCredentials *credentials,
+ * gpointer user_data)
* {
- * gboolean deny;
- * deny = TRUE;
- * if (credentials != NULL &&
- * g_credentials_has_unix_user (credentials) &&
- * g_credentials_get_unix_user (credentials) == getuid ())
- * deny = FALSE;
- * return deny;
- * }
+ * gboolean authorized;
*
- * static gboolean
- * on_new_connection (GDBusServer *server,
- * GDBusConnection *connection,
- * gpointer user_data)
- * {
- * /<!-- -->* Guaranteed here that @connection is from a process owned by the same user *<!-- -->/
+ * authorized = FALSE;
+ * if (credentials != NULL)
+ * {
+ * GCredentials *own_credentials;
+ * own_credentials = g_credentials_new ();
+ * if (g_credentials_is_same_user (credentials, own_credentials, NULL))
+ * authorized = TRUE;
+ * g_object_unref (own_credentials);
+ * }
+ *
+ * return authorized;
* }
+ * ]|
+ */
+
+typedef struct _GDBusAuthObserverClass GDBusAuthObserverClass;
+
+/**
+ * GDBusAuthObserverClass:
+ * @authorize_authenticated_peer: Signal class handler for the #GDBusAuthObserver::authorize-authenticated-peer signal.
+ *
+ * Class structure for #GDBusAuthObserverClass.
*
- * [...]
- *
- * GDBusAuthObserver *observer;
- * GDBusServer *server;
- * GError *error;
- *
- * error = NULL;
- * observer = g_dbus_auth_observer_new ();
- * server = g_dbus_server_new_sync ("unix:tmpdir=/tmp/my-app-name",
- * G_DBUS_SERVER_FLAGS_NONE,
- * observer,
- * NULL, /<!-- -->* GCancellable *<!-- -->/
- * &error);
- * g_signal_connect (observer,
- * "deny-authenticated-peer",
- * G_CALLBACK (on_deny_authenticated_peer),
- * NULL);
- * g_signal_connect (server,
- * "new-connection",
- * G_CALLBACK (on_new_connection),
- * NULL);
- * g_object_unref (observer);
- * g_dbus_server_start (server);
- * </programlisting></example>
+ * Since: 2.26
*/
+struct _GDBusAuthObserverClass
+{
+ /*< private >*/
+ GObjectClass parent_class;
+
+ /*< public >*/
-struct _GDBusAuthObserverPrivate
+ /* Signals */
+ gboolean (*authorize_authenticated_peer) (GDBusAuthObserver *observer,
+ GIOStream *stream,
+ GCredentials *credentials);
+
+ gboolean (*allow_mechanism) (GDBusAuthObserver *observer,
+ const gchar *mechanism);
+};
+
+/**
+ * GDBusAuthObserver:
+ *
+ * The #GDBusAuthObserver structure contains only private data and
+ * should only be accessed using the provided API.
+ *
+ * Since: 2.26
+ */
+struct _GDBusAuthObserver
{
- gint foo;
+ GObject parent_instance;
};
enum
{
- DENY_AUTHENTICATED_PEER_SIGNAL,
+ AUTHORIZE_AUTHENTICATED_PEER_SIGNAL,
+ ALLOW_MECHANISM_SIGNAL,
LAST_SIGNAL,
};
static void
g_dbus_auth_observer_finalize (GObject *object)
{
- //GDBusAuthObserver *observer = G_DBUS_AUTH_OBSERVER (object);
+ G_OBJECT_CLASS (g_dbus_auth_observer_parent_class)->finalize (object);
+}
- if (G_OBJECT_CLASS (g_dbus_auth_observer_parent_class)->finalize != NULL)
- G_OBJECT_CLASS (g_dbus_auth_observer_parent_class)->finalize (object);
+static gboolean
+g_dbus_auth_observer_authorize_authenticated_peer_real (GDBusAuthObserver *observer,
+ GIOStream *stream,
+ GCredentials *credentials)
+{
+ return TRUE;
}
static gboolean
-g_dbus_auth_observer_deny_authenticated_peer_real (GDBusAuthObserver *observer,
- GIOStream *stream,
- GCredentials *credentials)
+g_dbus_auth_observer_allow_mechanism_real (GDBusAuthObserver *observer,
+ const gchar *mechanism)
{
- return FALSE;
+ return TRUE;
}
static void
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
- gobject_class->finalize = g_dbus_auth_observer_finalize;
+ gobject_class->finalize = g_dbus_auth_observer_finalize;
- klass->deny_authenticated_peer = g_dbus_auth_observer_deny_authenticated_peer_real;
+ klass->authorize_authenticated_peer = g_dbus_auth_observer_authorize_authenticated_peer_real;
+ klass->allow_mechanism = g_dbus_auth_observer_allow_mechanism_real;
/**
- * GDBusAuthObserver::deny-authenticated-peer:
+ * GDBusAuthObserver::authorize-authenticated-peer:
* @observer: The #GDBusAuthObserver emitting the signal.
* @stream: A #GIOStream for the #GDBusConnection.
- * @credentials: Credentials received from the peer or %NULL.
+ * @credentials: (allow-none): Credentials received from the peer or %NULL.
*
* Emitted to check if a peer that is successfully authenticated
- * should be denied.
+ * is authorized.
*
- * Returns: %TRUE if the peer should be denied, %FALSE otherwise.
+ * Returns: %TRUE if the peer is authorized, %FALSE if not.
*
* Since: 2.26
*/
- signals[DENY_AUTHENTICATED_PEER_SIGNAL] =
- g_signal_new ("deny-authenticated-peer",
+ signals[AUTHORIZE_AUTHENTICATED_PEER_SIGNAL] =
+ g_signal_new ("authorize-authenticated-peer",
G_TYPE_DBUS_AUTH_OBSERVER,
G_SIGNAL_RUN_LAST,
- G_STRUCT_OFFSET (GDBusAuthObserverClass, deny_authenticated_peer),
- g_signal_accumulator_true_handled,
+ G_STRUCT_OFFSET (GDBusAuthObserverClass, authorize_authenticated_peer),
+ _g_signal_accumulator_false_handled,
NULL, /* accu_data */
- _gio_marshal_BOOLEAN__OBJECT_OBJECT,
+ NULL,
G_TYPE_BOOLEAN,
2,
G_TYPE_IO_STREAM,
G_TYPE_CREDENTIALS);
-
- g_type_class_add_private (klass, sizeof (GDBusAuthObserverPrivate));
+ /**
+ * GDBusAuthObserver::allow-mechanism:
+ * @observer: The #GDBusAuthObserver emitting the signal.
+ * @mechanism: The name of the mechanism, e.g. `DBUS_COOKIE_SHA1`.
+ *
+ * Emitted to check if @mechanism is allowed to be used.
+ *
+ * Returns: %TRUE if @mechanism can be used to authenticate the other peer, %FALSE if not.
+ *
+ * Since: 2.34
+ */
+ signals[ALLOW_MECHANISM_SIGNAL] =
+ g_signal_new ("allow-mechanism",
+ G_TYPE_DBUS_AUTH_OBSERVER,
+ G_SIGNAL_RUN_LAST,
+ G_STRUCT_OFFSET (GDBusAuthObserverClass, allow_mechanism),
+ _g_signal_accumulator_false_handled,
+ NULL, /* accu_data */
+ NULL,
+ G_TYPE_BOOLEAN,
+ 1,
+ G_TYPE_STRING);
}
static void
g_dbus_auth_observer_init (GDBusAuthObserver *observer)
{
- /* not used for now */
- observer->priv = G_TYPE_INSTANCE_GET_PRIVATE (observer,
- G_TYPE_DBUS_AUTH_OBSERVER,
- GDBusAuthObserverPrivate);;
}
/**
/* ---------------------------------------------------------------------------------------------------- */
/**
- * g_dbus_auth_observer_deny_authenticated_peer:
+ * g_dbus_auth_observer_authorize_authenticated_peer:
* @observer: A #GDBusAuthObserver.
* @stream: A #GIOStream for the #GDBusConnection.
- * @credentials: Credentials received from the peer or %NULL.
+ * @credentials: (allow-none): Credentials received from the peer or %NULL.
*
- * Emits the #GDBusAuthObserver::deny-authenticated-peer signal on @observer.
+ * Emits the #GDBusAuthObserver::authorize-authenticated-peer signal on @observer.
*
- * Returns: %TRUE if the peer should be denied, %FALSE otherwise.
+ * Returns: %TRUE if the peer is authorized, %FALSE if not.
*
* Since: 2.26
*/
gboolean
-g_dbus_auth_observer_deny_authenticated_peer (GDBusAuthObserver *observer,
- GIOStream *stream,
- GCredentials *credentials)
+g_dbus_auth_observer_authorize_authenticated_peer (GDBusAuthObserver *observer,
+ GIOStream *stream,
+ GCredentials *credentials)
{
gboolean denied;
denied = FALSE;
g_signal_emit (observer,
- signals[DENY_AUTHENTICATED_PEER_SIGNAL],
+ signals[AUTHORIZE_AUTHENTICATED_PEER_SIGNAL],
0,
stream,
credentials,
return denied;
}
+/**
+ * g_dbus_auth_observer_allow_mechanism:
+ * @observer: A #GDBusAuthObserver.
+ * @mechanism: The name of the mechanism, e.g. `DBUS_COOKIE_SHA1`.
+ *
+ * Emits the #GDBusAuthObserver::allow-mechanism signal on @observer.
+ *
+ * Returns: %TRUE if @mechanism can be used to authenticate the other peer, %FALSE if not.
+ *
+ * Since: 2.34
+ */
+gboolean
+g_dbus_auth_observer_allow_mechanism (GDBusAuthObserver *observer,
+ const gchar *mechanism)
+{
+ gboolean ret;
+
+ ret = FALSE;
+ g_signal_emit (observer,
+ signals[ALLOW_MECHANISM_SIGNAL],
+ 0,
+ mechanism,
+ &ret);
+ return ret;
+}
projects / platform / upstream / glib.git / blobdiff