[gnome-keyring/wip/cosimoc/gdbus-fixes: 1/4] dbus: do not handle methods when they don't match initial caller
- From: Cosimo Cecchi <cosimoc src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-keyring/wip/cosimoc/gdbus-fixes: 1/4] dbus: do not handle methods when they don't match initial caller
- Date: Mon, 24 Aug 2015 15:48:03 +0000 (UTC)
commit 1fec3ff9deb9bc31546cf5a68fedb3c38c69dcc7
Author: Cosimo Cecchi <cosimoc gnome org>
Date: Fri Aug 7 13:42:42 2015 +0200
dbus: do not handle methods when they don't match initial caller
Match the previous behavior in GkdSecretPrompt, GkdSecretSession and
GkdSecretUnlock, where we do not reply to dbus methods that are being
invoked for a caller different than the one initially requesting the
object.
https://bugzilla.gnome.org/show_bug.cgi?id=622905
daemon/dbus/gkd-dbus.c | 17 +++++++++++++++++
daemon/dbus/gkd-dbus.h | 5 +++++
daemon/dbus/gkd-secret-prompt.c | 7 +++++++
daemon/dbus/gkd-secret-session.c | 4 ++++
daemon/dbus/gkd-secret-unlock.c | 7 +++++++
5 files changed, 40 insertions(+), 0 deletions(-)
---
diff --git a/daemon/dbus/gkd-dbus.c b/daemon/dbus/gkd-dbus.c
index 4f7c143..6644a79 100644
--- a/daemon/dbus/gkd-dbus.c
+++ b/daemon/dbus/gkd-dbus.c
@@ -282,3 +282,20 @@ gkd_dbus_setup (void)
egg_cleanup_register (dbus_cleanup, NULL);
return TRUE;
}
+
+gboolean
+gkd_dbus_invocation_matches_caller (GDBusMethodInvocation *invocation,
+ const char *caller)
+{
+ const char *invocation_caller;
+
+ invocation_caller = g_dbus_method_invocation_get_sender (invocation);
+ if (!g_str_equal (invocation_caller, caller)) {
+ g_dbus_method_invocation_return_error_literal (invocation, G_DBUS_ERROR,
+ G_DBUS_ERROR_ACCESS_DENIED,
+ "Invalid caller");
+ return FALSE;
+ }
+
+ return TRUE;
+}
diff --git a/daemon/dbus/gkd-dbus.h b/daemon/dbus/gkd-dbus.h
index 6506aa9..8a9ca45 100644
--- a/daemon/dbus/gkd-dbus.h
+++ b/daemon/dbus/gkd-dbus.h
@@ -23,6 +23,7 @@
#ifndef GKD_DBUS_H
#define GKD_DBUS_H
+#include <gio/gio.h>
#include <glib.h>
gboolean gkd_dbus_setup (void);
@@ -33,4 +34,8 @@ gboolean gkd_dbus_singleton_acquire (gboolean *acquired);
gchar* gkd_dbus_singleton_control (void);
+/* DBus utils */
+gboolean gkd_dbus_invocation_matches_caller (GDBusMethodInvocation *invocation,
+ const char *caller);
+
#endif /* GKD_DBUS_H */
diff --git a/daemon/dbus/gkd-secret-prompt.c b/daemon/dbus/gkd-secret-prompt.c
index 3aa4dcc..65ee413 100644
--- a/daemon/dbus/gkd-secret-prompt.c
+++ b/daemon/dbus/gkd-secret-prompt.c
@@ -20,6 +20,7 @@
#include "config.h"
+#include "gkd-dbus.h"
#include "gkd-secret-dispatch.h"
#include "gkd-secret-error.h"
#include "gkd-secret-exchange.h"
@@ -103,6 +104,9 @@ prompt_method_prompt (GkdExportedPrompt *skeleton,
gchar *window_id,
GkdSecretPrompt *self)
{
+ if (!gkd_dbus_invocation_matches_caller (invocation, self->pv->caller))
+ return FALSE;
+
/* Act as if this object no longer exists */
if (self->pv->completed)
return FALSE;
@@ -131,6 +135,9 @@ prompt_method_dismiss (GkdExportedPrompt *skeleton,
GDBusMethodInvocation *invocation,
GkdSecretPrompt *self)
{
+ if (!gkd_dbus_invocation_matches_caller (invocation, self->pv->caller))
+ return FALSE;
+
/* Act as if this object no longer exists */
if (self->pv->completed)
return FALSE;
diff --git a/daemon/dbus/gkd-secret-session.c b/daemon/dbus/gkd-secret-session.c
index 6ae382f..11950bf 100644
--- a/daemon/dbus/gkd-secret-session.c
+++ b/daemon/dbus/gkd-secret-session.c
@@ -20,6 +20,7 @@
#include "config.h"
+#include "gkd-dbus.h"
#include "gkd-secret-dispatch.h"
#include "gkd-secret-error.h"
#include "gkd-secret-secret.h"
@@ -290,6 +291,9 @@ session_method_close (GkdExportedSession *skeleton,
GDBusMethodInvocation *invocation,
GkdSecretSession *self)
{
+ if (!gkd_dbus_invocation_matches_caller (invocation, self->caller))
+ return FALSE;
+
gkd_secret_service_close_session (self->service, self);
gkd_exported_session_complete_close (skeleton, invocation);
diff --git a/daemon/dbus/gkd-secret-unlock.c b/daemon/dbus/gkd-secret-unlock.c
index 4198fb6..02f8cff 100644
--- a/daemon/dbus/gkd-secret-unlock.c
+++ b/daemon/dbus/gkd-secret-unlock.c
@@ -20,6 +20,7 @@
#include "config.h"
+#include "gkd-dbus.h"
#include "gkd-secret-dispatch.h"
#include "gkd-secret-error.h"
#include "gkd-secret-objects.h"
@@ -304,6 +305,9 @@ prompt_method_prompt (GkdExportedPrompt *skeleton,
gchar *window_id,
GkdSecretUnlock *self)
{
+ if (!gkd_dbus_invocation_matches_caller (invocation, self->caller))
+ return FALSE;
+
/* Act as if this object no longer exists */
if (self->completed)
return FALSE;
@@ -328,6 +332,9 @@ prompt_method_dismiss (GkdExportedPrompt *skeleton,
GDBusMethodInvocation *invocation,
GkdSecretUnlock *self)
{
+ if (!gkd_dbus_invocation_matches_caller (invocation, self->caller))
+ return FALSE;
+
/* Act as if this object no longer exists */
if (self->completed)
return FALSE;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]