From 4164f01e263c846434b2bd48649edd2f88a8af91 Mon Sep 17 00:00:00 2001
From: Marcel Holtmann <marcel@holtmann.org>
Date: Tue, 6 Jan 2009 21:24:55 +0100
Subject: [PATCH] Restrict passphrase access to secret privilege

---
 src/network.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/network.c b/src/network.c
index 7b0ed7a..cf641e2 100644
--- a/src/network.c
+++ b/src/network.c
@@ -132,7 +132,9 @@ static DBusMessage *get_properties(DBusConnection *conn,
 		connman_dbus_dict_append_variant(&dict, "WiFi.Security",
 				DBUS_TYPE_STRING, &network->wifi.security);
 
-	if (network->wifi.passphrase != NULL)
+	if (network->wifi.passphrase != NULL &&
+			__connman_security_check_privilege(msg,
+				CONNMAN_SECURITY_PRIVILEGE_SECRET) == 0)
 		connman_dbus_dict_append_variant(&dict, "WiFi.Passphrase",
 				DBUS_TYPE_STRING, &network->wifi.passphrase);
 
@@ -171,6 +173,10 @@ static DBusMessage *set_property(DBusConnection *conn,
 	} else if (g_str_equal(name, "WiFi.Passphrase") == TRUE) {
 		const char *passphrase;
 
+		if (__connman_security_check_privilege(msg,
+					CONNMAN_SECURITY_PRIVILEGE_SECRET) < 0)
+			return __connman_error_permission_denied(msg);
+
 		dbus_message_iter_get_basic(&value, &passphrase);
 
 		g_free(network->wifi.passphrase);
-- 
2.7.4