X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=dbus%2Fdbus-auth.c;h=3768cdb7066ec7d94d7d4edce08deaad33b807bc;hb=1200c464b6c9051340960e07f0d61a51dad71286;hp=a218701676784fcaf9f7fc03bc9d3d4dc38202c0;hpb=3006b952dbd939d01507d1397e8c4a0e03f2d7a6;p=platform%2Fupstream%2Fdbus.git diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c index a218701..3768cdb 100644 --- a/dbus/dbus-auth.c +++ b/dbus/dbus-auth.c @@ -30,7 +30,6 @@ #include "dbus-sha.h" #include "dbus-protocol.h" #include "dbus-credentials.h" -#include "dbus-authorization.h" /** * @defgroup DBusAuth Authentication @@ -170,7 +169,7 @@ struct DBusAuth DBusCredentials *credentials; /**< Credentials read from socket */ - DBusCredentials *authenticated_identity; /**< Credentials that are authorized */ + DBusCredentials *authorized_identity; /**< Credentials that are authorized */ DBusCredentials *desired_identity; /**< Identity client has requested */ @@ -214,8 +213,6 @@ typedef struct { DBusAuth base; /**< Parent class */ - DBusAuthorization *authorization; /* DBus Authorization callbacks */ - int failures; /**< Number of times client has been rejected */ int max_failures; /**< Number of times we reject before disconnect */ @@ -382,8 +379,8 @@ _dbus_auth_new (int size) if (auth->credentials == NULL) goto enomem_6; - auth->authenticated_identity = _dbus_credentials_new (); - if (auth->authenticated_identity == NULL) + auth->authorized_identity = _dbus_credentials_new (); + if (auth->authorized_identity == NULL) goto enomem_7; auth->desired_identity = _dbus_credentials_new (); @@ -397,7 +394,7 @@ _dbus_auth_new (int size) _dbus_credentials_unref (auth->desired_identity); #endif enomem_8: - _dbus_credentials_unref (auth->authenticated_identity); + _dbus_credentials_unref (auth->authorized_identity); enomem_7: _dbus_credentials_unref (auth->credentials); enomem_6: @@ -424,7 +421,7 @@ shutdown_mech (DBusAuth *auth) auth->already_asked_for_initial_response = FALSE; _dbus_string_set_length (&auth->identity, 0); - _dbus_credentials_clear (auth->authenticated_identity); + _dbus_credentials_clear (auth->authorized_identity); _dbus_credentials_clear (auth->desired_identity); if (auth->mech != NULL) @@ -745,13 +742,13 @@ sha1_handle_second_client_response (DBusAuth *auth, goto out_3; } - if (!_dbus_credentials_add_credentials (auth->authenticated_identity, + if (!_dbus_credentials_add_credentials (auth->authorized_identity, auth->desired_identity)) goto out_3; /* Copy process ID from the socket credentials if it's there */ - if (!_dbus_credentials_add_credential (auth->authenticated_identity, + if (!_dbus_credentials_add_credential (auth->authorized_identity, DBUS_CREDENTIAL_UNIX_PROCESS_ID, auth->credentials)) goto out_3; @@ -1101,43 +1098,29 @@ handle_server_data_external_mech (DBusAuth *auth, auth->desired_identity)) { /* client has authenticated */ - if (!_dbus_credentials_add_credentials (auth->authenticated_identity, + if (!_dbus_credentials_add_credentials (auth->authorized_identity, auth->desired_identity)) return FALSE; /* also copy process ID from the socket credentials */ - if (!_dbus_credentials_add_credential (auth->authenticated_identity, + if (!_dbus_credentials_add_credential (auth->authorized_identity, DBUS_CREDENTIAL_UNIX_PROCESS_ID, auth->credentials)) return FALSE; /* also copy audit data from the socket credentials */ - if (!_dbus_credentials_add_credential (auth->authenticated_identity, + if (!_dbus_credentials_add_credential (auth->authorized_identity, DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID, auth->credentials)) return FALSE; + + if (!send_ok (auth)) + return FALSE; - /* Do a first authorization of the transport, in order to REJECT - * immediately connection if needed (FDO#39720), transport will - * re-authorize later, but it will close the connection on fail, - * we want to REJECT now if possible */ - if (_dbus_authorization_do_authorization (DBUS_AUTH_SERVER (auth)->authorization, - auth->authenticated_identity)) - { - if (!send_ok (auth)) - return FALSE; - } - else - { - _dbus_verbose ("%s: desired identity does not match server identity: " - "not authorized\n", DBUS_AUTH_NAME (auth)); - return send_rejected (auth); - } - - _dbus_verbose ("%s: authenticated and authorized client based on " - "socket credentials\n", DBUS_AUTH_NAME (auth)); + _dbus_verbose ("%s: authenticated client based on socket credentials\n", + DBUS_AUTH_NAME (auth)); return TRUE; } @@ -1232,7 +1215,7 @@ handle_server_data_anonymous_mech (DBusAuth *auth, /* Copy process ID from the socket credentials */ - if (!_dbus_credentials_add_credential (auth->authenticated_identity, + if (!_dbus_credentials_add_credential (auth->authorized_identity, DBUS_CREDENTIAL_UNIX_PROCESS_ID, auth->credentials)) return FALSE; @@ -2261,8 +2244,7 @@ process_command (DBusAuth *auth) * @returns the new object or #NULL if no memory */ DBusAuth* -_dbus_auth_server_new (const DBusString *guid, - DBusAuthorization *authorization) +_dbus_auth_server_new (const DBusString *guid) { DBusAuth *auth; DBusAuthServer *server_auth; @@ -2290,8 +2272,7 @@ _dbus_auth_server_new (const DBusString *guid, server_auth = DBUS_AUTH_SERVER (auth); server_auth->guid = guid_copy; - server_auth->authorization = _dbus_authorization_ref (authorization); - + /* perhaps this should be per-mechanism with a lower * max */ @@ -2341,6 +2322,47 @@ _dbus_auth_client_new (void) } /** + * Creates a new auth conversation object for the client side of kdbus. + * In fact it only initialize structures and sets authenticated state + * because of different authentication-like mechanism in kdbus - policies + * TODO Probably to be checked and modified when kdbus will be documented + * + * @returns the new object or #NULL if no memory + */ +DBusAuth* +_dbus_auth_client_new_kdbus (void) +{ + DBusAuth *auth; + DBusString guid_str; + + if (!_dbus_string_init (&guid_str)) + return NULL; + + auth = _dbus_auth_new (sizeof (DBusAuthClient)); + if (auth == NULL) + { + _dbus_string_free (&guid_str); + return NULL; + } + + DBUS_AUTH_CLIENT (auth)->guid_from_server = guid_str; + + auth->side = auth_side_client; + auth->state = &common_state_authenticated; + auth->unix_fd_negotiated = TRUE; + + /* Start the auth conversation by sending AUTH for our default + * mechanism */ +/* if (!send_auth (auth, &all_mechanisms[0])) + { + _dbus_auth_unref (auth); + return NULL; + }*/ + + return auth; +} + +/** * Increments the refcount of an auth object. * * @param auth the auth conversation @@ -2382,7 +2404,6 @@ _dbus_auth_unref (DBusAuth *auth) _dbus_assert (DBUS_AUTH_IS_SERVER (auth)); _dbus_string_free (& DBUS_AUTH_SERVER (auth)->guid); - _dbus_authorization_unref (DBUS_AUTH_SERVER (auth)->authorization); } if (auth->keyring) @@ -2397,7 +2418,7 @@ _dbus_auth_unref (DBusAuth *auth) dbus_free_string_array (auth->allowed_mechs); _dbus_credentials_unref (auth->credentials); - _dbus_credentials_unref (auth->authenticated_identity); + _dbus_credentials_unref (auth->authorized_identity); _dbus_credentials_unref (auth->desired_identity); dbus_free (auth); @@ -2754,7 +2775,7 @@ _dbus_auth_get_identity (DBusAuth *auth) { if (auth->state == &common_state_authenticated) { - return auth->authenticated_identity; + return auth->authorized_identity; } else { @@ -2762,8 +2783,8 @@ _dbus_auth_get_identity (DBusAuth *auth) * doesn't require allocation or something */ /* return empty credentials */ - _dbus_assert (_dbus_credentials_are_empty (auth->authenticated_identity)); - return auth->authenticated_identity; + _dbus_assert (_dbus_credentials_are_empty (auth->authorized_identity)); + return auth->authorized_identity; } }