diff options
Diffstat (limited to 'src/dbus-proto.c')
-rw-r--r-- | src/dbus-proto.c | 86 |
1 files changed, 84 insertions, 2 deletions
diff --git a/src/dbus-proto.c b/src/dbus-proto.c index f1fd314..511b8df 100644 --- a/src/dbus-proto.c +++ b/src/dbus-proto.c @@ -8,6 +8,8 @@ #include "dbus-proto.h" #include "dbus-msg.h" +#include <sys/creds.h> + /* * local function prototypes @@ -579,6 +581,16 @@ static DBusHandlerResult manager_method(DBusConnection *dcon, resset_t *rset; char *method; + char creds_buf[200]; + int has_creds = 1; + int pid; + creds_t creds; + int res; + const char *security_token = "Cellular"; + const char *name; + resmsg_t reply; + int success; + if (!strcmp(interface, RESPROTO_DBUS_MANAGER_INTERFACE) && type == DBUS_MESSAGE_TYPE_METHOD_CALL && @@ -604,6 +616,7 @@ static DBusHandlerResult manager_method(DBusConnection *dcon, if (resmsg.type == RESMSG_REGISTER) { + rset = resset_create(rcon, sender, resmsg.any.id, RESPROTO_RSET_STATE_CONNECTED, resmsg.record.klass, @@ -613,16 +626,85 @@ static DBusHandlerResult manager_method(DBusConnection *dcon, resmsg.record.rset.share, resmsg.record.rset.mask); + + printf("resmsg.record.klass: %s\n", resmsg.record.klass); + if (!strcmp(resmsg.record.klass, "call")) { + + printf("checking credentials\n"); + + + DBusMessage *message; + DBusMessage *reply; + DBusMessageIter iter; + DBusError error; + + message = dbus_message_new_method_call ("org.freedesktop.DBus", + "/org/freedesktop/DBus/Bus", + "org.freedesktop.DBus", + "GetConnectionUnixProcessID"); + dbus_message_iter_init_append (message, &iter); + name = dbus_message_get_sender(dbusmsg); + dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &name); + dbus_error_init (&error); + reply = dbus_connection_send_with_reply_and_block (dcon, message, -1, &error); + if (reply == NULL || dbus_error_is_set (&error)) { + printf("Error doing GetConnectionUnixProcessID on Bus: %s: %s\n", error.name, error.message); + dbus_message_unref (message); + if (reply != NULL) + dbus_message_unref (reply); + goto error; + } + dbus_message_iter_init (reply, &iter); + dbus_message_iter_get_basic (&iter, &pid); + dbus_message_unref (message); + dbus_message_unref (reply); + + + printf("pid is %d\n", pid); + + creds = creds_gettask(pid); + + res = creds_find(creds, security_token, creds_buf, sizeof(creds_buf)); + if (res < 0) { + printf("creds_find failed %d with match %s\n", res, security_token); + has_creds = 0; + } else if (res >= sizeof(creds_buf)) { + printf("creds_find failed -- buf too short for %.*s\n", sizeof(creds_buf), creds_buf); + } else { + printf("creds_find matched: %s\n", creds_buf); + } + + creds_free(creds); + } + + + if (rset != NULL && watch_client(&rcon->dbus, sender, TRUE)) { dbus_message_ref(dbusmsg); - rcon->dbus.receive(&resmsg, rset, dbusmsg); + + if (has_creds) { + rcon->dbus.receive(&resmsg, rset, dbusmsg); + } else { + + memset(&reply, 0, sizeof(reply)); + reply.status.type = RESMSG_STATUS; + reply.status.id = rset->id; + reply.status.reqno = resmsg.any.reqno; + reply.status.errcod = 401; + reply.status.errmsg = "Access denied"; + + success = rcon->dbus.error(rset, &reply, dbusmsg); + printf("3\n"); + } } - + return DBUS_HANDLER_RESULT_HANDLED; } } } +error: + return DBUS_HANDLER_RESULT_HANDLED; } |