Restrict passphrase access to secret privilege

diff --git a/src/network.c b/src/network.c
index 7b0ed7a..cf641e2 100644 (file)
--- a/src/network.c
+++ b/src/network.c
@@ -132,7 +132,9 @@ static DBusMessage *get_properties(DBusConnection *conn,
                connman_dbus_dict_append_variant(&dict, "WiFi.Security",
                                DBUS_TYPE_STRING, &network->wifi.security);
 
-       if (network->wifi.passphrase != NULL)
+       if (network->wifi.passphrase != NULL &&
+                       __connman_security_check_privilege(msg,
+                               CONNMAN_SECURITY_PRIVILEGE_SECRET) == 0)
                connman_dbus_dict_append_variant(&dict, "WiFi.Passphrase",
                                DBUS_TYPE_STRING, &network->wifi.passphrase);
 
@@ -171,6 +173,10 @@ static DBusMessage *set_property(DBusConnection *conn,
        } else if (g_str_equal(name, "WiFi.Passphrase") == TRUE) {
                const char *passphrase;
 
+               if (__connman_security_check_privilege(msg,
+                                       CONNMAN_SECURITY_PRIVILEGE_SECRET) < 0)
+                       return __connman_error_permission_denied(msg);
+
                dbus_message_iter_get_basic(&value, &passphrase);
 
                g_free(network->wifi.passphrase);