diff options
author | Vsevolod Buzinov <ext-vsevolod.buzinov@nokia.com> | 2010-09-07 10:40:40 +0300 |
---|---|---|
committer | Vsevolod Buzinov <ext-vsevolod.buzinov@nokia.com> | 2010-09-07 10:45:05 +0300 |
commit | b92d591cf1b948744a9d6042f02d3050385310d3 (patch) | |
tree | 7588caba110f026f28c2d04203444b7d66af5bd0 | |
parent | f2d801cbb8aa97384cc8a2debbbc55b9678c5539 (diff) |
Reverted security changes
-rw-r--r-- | configure.ac | 10 | ||||
-rw-r--r-- | src/Makefile.am | 4 | ||||
-rw-r--r-- | src/dbus-proto.c | 88 | ||||
-rw-r--r-- | tests/Makefile.am | 6 | ||||
-rw-r--r-- | tests/tests.xml | 3 |
5 files changed, 5 insertions, 106 deletions
diff --git a/configure.ac b/configure.ac index d618b22..9483498 100644 --- a/configure.ac +++ b/configure.ac @@ -56,15 +56,6 @@ esac],[debug=false]) AM_CONDITIONAL([DEBUG], [test x$debug = xtrue]) -# check for aegis -aegis_enabled="no" -AC_CHECK_LIB(creds, creds_find, [AEGIS_CFLAGS="-DLIBRESOURCE_AEGIS"; - AEGIS_LIBS="-lcreds"; - aegis_enabled="yes"], - [AC_MSG_WARN([Building without aegis support])]) -AC_SUBST(AEGIS_CFLAGS) -AC_SUBST(AEGIS_LIBS) - AC_OUTPUT([ libresource0.pc libresource0-glib.pc @@ -83,5 +74,4 @@ echo " Debug enabled: ${debug} With example: ${have_dbus_glib} - Aegis enabled: ${aegis_enabled} " diff --git a/src/Makefile.am b/src/Makefile.am index 98c9774..86e6d91 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -4,11 +4,11 @@ lib_LTLIBRARIES = libresource.la libresource-glib.la libresource_la_SOURCES = res-msg.c res-conn.c res-proto.c res-set.c \ dbus-proto.c dbus-msg.c \ internal-proto.c internal-msg.c -libresource_la_CFLAGS = @DBUS_CFLAGS@ @AEGIS_CFLAGS@ -I$(top_srcdir) -fvisibility=hidden +libresource_la_CFLAGS = @DBUS_CFLAGS@ -I$(top_srcdir) -fvisibility=hidden if DEBUG libresource_la_CFLAGS += -D__DEBUG__ endif -libresource_la_LDFLAGS = /usr/lib -version-info $(subst .,:,$(VERSION)) @AEGIS_LIBS@ +libresource_la_LDFLAGS = /usr/lib -version-info $(subst .,:,$(VERSION)) libresource_la_LIBADD = @DBUS_LIBS@ libresource_glib_la_SOURCES = resource.c resource-glib-glue.c diff --git a/src/dbus-proto.c b/src/dbus-proto.c index 26c7d9f..6aa26db 100644 --- a/src/dbus-proto.c +++ b/src/dbus-proto.c @@ -30,9 +30,6 @@ USA. #include "dbus-proto.h" #include "dbus-msg.h" -#ifdef LIBRESOURCE_AEGIS -#include <sys/creds.h> -#endif /* * local function prototypes @@ -610,17 +607,6 @@ static DBusHandlerResult manager_method(DBusConnection *dcon, resset_t *rset; char *method; - int has_creds = 1; - resmsg_t reply; - int success; -#ifdef LIBRESOURCE_AEGIS - char creds_buf[200]; - int pid; - creds_t creds; - int res; - const char *security_token = "Cellular"; - const char *name; -#endif if (!strcmp(interface, RESPROTO_DBUS_MANAGER_INTERFACE) && type == DBUS_MESSAGE_TYPE_METHOD_CALL && @@ -646,7 +632,6 @@ static DBusHandlerResult manager_method(DBusConnection *dcon, if (resmsg.type == RESMSG_REGISTER) { - rset = resset_create(rcon, sender, resmsg.any.id, RESPROTO_RSET_STATE_CONNECTED, resmsg.record.klass, @@ -656,85 +641,16 @@ static DBusHandlerResult manager_method(DBusConnection *dcon, resmsg.record.rset.share, resmsg.record.rset.mask); -#ifdef LIBRESOURCE_AEGIS - printf("resmsg.record.klass: %s\n", resmsg.record.klass); - if (!strcmp(resmsg.record.klass, "call")) { - - printf("checking credentials\n"); - - - DBusMessage *message; - DBusMessage *reply; - DBusMessageIter iter; - DBusError error; - - message = dbus_message_new_method_call ("org.freedesktop.DBus", - "/org/freedesktop/DBus/Bus", - "org.freedesktop.DBus", - "GetConnectionUnixProcessID"); - dbus_message_iter_init_append (message, &iter); - name = dbus_message_get_sender(dbusmsg); - dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &name); - dbus_error_init (&error); - reply = dbus_connection_send_with_reply_and_block (dcon, message, -1, &error); - if (reply == NULL || dbus_error_is_set (&error)) { - printf("Error doing GetConnectionUnixProcessID on Bus: %s: %s\n", error.name, error.message); - dbus_message_unref (message); - if (reply != NULL) - dbus_message_unref (reply); - goto error; - } - dbus_message_iter_init (reply, &iter); - dbus_message_iter_get_basic (&iter, &pid); - dbus_message_unref (message); - dbus_message_unref (reply); - - - printf("pid is %d\n", pid); - - creds = creds_gettask(pid); - - res = creds_find(creds, security_token, creds_buf, sizeof(creds_buf)); - if (res < 0) { - printf("creds_find failed %d with match %s\n", res, security_token); - has_creds = 0; - } else if (res >= sizeof(creds_buf)) { - printf("creds_find failed -- buf too short for %.*s\n", sizeof(creds_buf), creds_buf); - } else { - printf("creds_find matched: %s\n", creds_buf); - } - - creds_free(creds); - } -#endif - - if (rset != NULL && watch_client(&rcon->dbus, sender, TRUE)) { dbus_message_ref(dbusmsg); - - if (has_creds) { - rcon->dbus.receive(&resmsg, rset, dbusmsg); - } else { - - memset(&reply, 0, sizeof(reply)); - reply.status.type = RESMSG_STATUS; - reply.status.id = rset->id; - reply.status.reqno = resmsg.any.reqno; - reply.status.errcod = 401; - reply.status.errmsg = "Access denied"; - - success = rcon->dbus.error(rset, &reply, dbusmsg); - printf("3\n"); - } + rcon->dbus.receive(&resmsg, rset, dbusmsg); } - + return DBUS_HANDLER_RESULT_HANDLED; } } } -error: - return DBUS_HANDLER_RESULT_HANDLED; } diff --git a/tests/Makefile.am b/tests/Makefile.am index bee6914..e7fe19d 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -7,14 +7,10 @@ resource_test_LDADD = -lcheck \ @DBUS_LIBS@ memory_leak_test_SOURCES = memory-leak-test.c -security_test_SOURCES = security-test.c - -security_test_CFLAGS = -I../src/ @DBUS_CFLAGS@ @AEGIS_CFLAGS@ -security_test_LDADD = -L../src/.libs/ -lresource -lresource-glib memory_leak_test_CFLAGS = -I$(top_srcdir)/src @DBUS_CFLAGS@ memory_leak_test_LDADD = $(top_builddir)/src/libresource-glib.la \ $(top_builddir)/src/libresource.la \ @DBUS_LIBS@ -noinst_PROGRAMS = resource_test security_test memory_leak_test +noinst_PROGRAMS = resource_test memory_leak_test diff --git a/tests/tests.xml b/tests/tests.xml index b994855..cbbfc8e 100644 --- a/tests/tests.xml +++ b/tests/tests.xml @@ -9,9 +9,6 @@ <case name="resource_set_acquire_and_release" type="Functional" level="Component" subfeature="High-level C API" description="resource_set_acquire_and_release" timeout="15"><step expected_result="0">/usr/lib/libresource-tests/resource_test 4</step></case> <case name="resource_set_configure_audio" type="Functional" level="Component" subfeature="High-level C API" description="resource_set_configure_audio" timeout="15"><step expected_result="0">/usr/lib/libresource-tests/resource_test 5</step></case> - <case name="security_test_with_token" type="Functional" level="Component" subfeature="High-level C API" description="security_test_with_token" timeout="15"><step expected_result="0">/usr/lib/libresource-tests/test-security-with-aegis-token</step></case> - <case name="security_test_without_token" type="Functional" level="Component" subfeature="High-level C API" description="security_test_without_token" timeout="15"><step expected_result="1">/usr/lib/libresource-tests/test-security-without-aegis-token</step></case> - <environments> <scratchbox>true</scratchbox> <hardware>true</hardware> |