GDBusAuthObserver
g_dbus_auth_observer_new
g_dbus_auth_observer_authorize_authenticated_peer
+g_dbus_auth_observer_allow_mechanism
<SUBSECTION Standard>
G_DBUS_AUTH_OBSERVER
G_IS_DBUS_AUTH_OBSERVER
}
static void
-add_mechanism (GDBusAuth *auth,
- GType mechanism_type)
+add_mechanism (GDBusAuth *auth,
+ GDBusAuthObserver *observer,
+ GType mechanism_type)
{
- Mechanism *m;
-
- m = g_new0 (Mechanism, 1);
- m->name = _g_dbus_auth_mechanism_get_name (mechanism_type);
- m->priority = _g_dbus_auth_mechanism_get_priority (mechanism_type);
- m->gtype = mechanism_type;
+ const gchar *name;
- auth->priv->available_mechanisms = g_list_prepend (auth->priv->available_mechanisms, m);
+ name = _g_dbus_auth_mechanism_get_name (mechanism_type);
+ if (g_dbus_auth_observer_allow_mechanism (observer, name))
+ {
+ Mechanism *m;
+ m = g_new0 (Mechanism, 1);
+ m->name = name;
+ m->priority = _g_dbus_auth_mechanism_get_priority (mechanism_type);
+ m->gtype = mechanism_type;
+ auth->priv->available_mechanisms = g_list_prepend (auth->priv->available_mechanisms, m);
+ }
}
static gint
{
auth->priv = G_TYPE_INSTANCE_GET_PRIVATE (auth, G_TYPE_DBUS_AUTH, GDBusAuthPrivate);
+}
+
+static void
+_g_dbus_auth_add_mechs (GDBusAuth *auth,
+ GDBusAuthObserver *observer)
+{
/* TODO: trawl extension points */
- add_mechanism (auth, G_TYPE_DBUS_AUTH_MECHANISM_ANON);
- add_mechanism (auth, G_TYPE_DBUS_AUTH_MECHANISM_SHA1);
- add_mechanism (auth, G_TYPE_DBUS_AUTH_MECHANISM_EXTERNAL);
+ add_mechanism (auth, observer, G_TYPE_DBUS_AUTH_MECHANISM_ANON);
+ add_mechanism (auth, observer, G_TYPE_DBUS_AUTH_MECHANISM_SHA1);
+ add_mechanism (auth, observer, G_TYPE_DBUS_AUTH_MECHANISM_EXTERNAL);
auth->priv->available_mechanisms = g_list_sort (auth->priv->available_mechanisms,
(GCompareFunc) mech_compare_func);
gchar *
_g_dbus_auth_run_client (GDBusAuth *auth,
+ GDBusAuthObserver *observer,
GDBusCapabilityFlags offered_capabilities,
GDBusCapabilityFlags *out_negotiated_capabilities,
GCancellable *cancellable,
debug_print ("CLIENT: initiating");
+ _g_dbus_auth_add_mechs (auth, observer);
+
ret_guid = NULL;
supported_auth_mechs = NULL;
attempted_auth_mechs = g_ptr_array_new ();
debug_print ("SERVER: initiating");
+ _g_dbus_auth_add_mechs (auth, observer);
+
ret = FALSE;
dis = NULL;
dos = NULL;
GError **error);
gchar *_g_dbus_auth_run_client (GDBusAuth *auth,
+ GDBusAuthObserver *observer,
GDBusCapabilityFlags offered_capabilities,
GDBusCapabilityFlags *out_negotiated_capabilities,
GCancellable *cancellable,
gboolean (*authorize_authenticated_peer) (GDBusAuthObserver *observer,
GIOStream *stream,
GCredentials *credentials);
+
+ gboolean (*allow_mechanism) (GDBusAuthObserver *observer,
+ const gchar *mechanism);
};
/**
enum
{
AUTHORIZE_AUTHENTICATED_PEER_SIGNAL,
+ ALLOW_MECHANISM_SIGNAL,
LAST_SIGNAL,
};
return TRUE;
}
+static gboolean
+g_dbus_auth_observer_allow_mechanism_real (GDBusAuthObserver *observer,
+ const gchar *mechanism)
+{
+ return TRUE;
+}
+
static void
g_dbus_auth_observer_class_init (GDBusAuthObserverClass *klass)
{
gobject_class->finalize = g_dbus_auth_observer_finalize;
klass->authorize_authenticated_peer = g_dbus_auth_observer_authorize_authenticated_peer_real;
+ klass->allow_mechanism = g_dbus_auth_observer_allow_mechanism_real;
/**
* GDBusAuthObserver::authorize-authenticated-peer:
2,
G_TYPE_IO_STREAM,
G_TYPE_CREDENTIALS);
+
+ /**
+ * GDBusAuthObserver::allow-mechanism:
+ * @observer: The #GDBusAuthObserver emitting the signal.
+ * @mechanism: The name of the mechanism, e.g. <literal>DBUS_COOKIE_SHA1</literal>.
+ *
+ * Emitted to check if @mechanism is allowed to be used.
+ *
+ * Returns: %TRUE if @mechanism can be used to authenticate the other peer, %FALSE if not.
+ *
+ * Since: 2.34
+ */
+ signals[ALLOW_MECHANISM_SIGNAL] =
+ g_signal_new ("allow-mechanism",
+ G_TYPE_DBUS_AUTH_OBSERVER,
+ G_SIGNAL_RUN_LAST,
+ G_STRUCT_OFFSET (GDBusAuthObserverClass, allow_mechanism),
+ _g_signal_accumulator_false_handled,
+ NULL, /* accu_data */
+ NULL,
+ G_TYPE_BOOLEAN,
+ 1,
+ G_TYPE_STRING);
}
static void
&denied);
return denied;
}
+
+/**
+ * g_dbus_auth_observer_allow_mechanism:
+ * @observer: A #GDBusAuthObserver.
+ * @mechanism: The name of the mechanism, e.g. <literal>DBUS_COOKIE_SHA1</literal>.
+ *
+ * Emits the #GDBusAuthObserver::allow-mechanism signal on @observer.
+ *
+ * Returns: %TRUE if @mechanism can be used to authenticate the other peer, %FALSE if not.
+ *
+ * Since: 2.34
+ */
+gboolean
+g_dbus_auth_observer_allow_mechanism (GDBusAuthObserver *observer,
+ const gchar *mechanism)
+{
+ gboolean ret;
+
+ ret = FALSE;
+ g_signal_emit (observer,
+ signals[ALLOW_MECHANISM_SIGNAL],
+ 0,
+ mechanism,
+ &ret);
+ return ret;
+}
+
GIOStream *stream,
GCredentials *credentials);
+gboolean g_dbus_auth_observer_allow_mechanism (GDBusAuthObserver *observer,
+ const gchar *mechanism);
+
G_END_DECLS
#endif /* _G_DBUS_AUTH_OBSERVER_H__ */
g_assert (connection->guid == NULL);
connection->auth = _g_dbus_auth_new (connection->stream);
connection->guid = _g_dbus_auth_run_client (connection->auth,
+ connection->authentication_observer,
get_offered_capabilities_max (connection),
&connection->capabilities,
cancellable,
g_dbus_auth_observer_get_type
g_dbus_auth_observer_new
g_dbus_auth_observer_authorize_authenticated_peer
+g_dbus_auth_observer_allow_mechanism
g_dbus_connection_get_type
g_bus_get
g_bus_get_finish