diff options
author | Cosimo Cecchi <cosimoc@gnome.org> | 2015-08-07 13:42:42 +0200 |
---|---|---|
committer | Stef Walter <stefw@gnome.org> | 2015-08-29 08:05:17 +0200 |
commit | 5b597626b8ae137836b524bf814cf904c8c9c450 (patch) | |
tree | 4d5ef28ec4a3858786b859dee993f285070e4515 /daemon | |
parent | 7130003e27cc1616140fe0aeeab41dc26177275c (diff) | |
download | gnome-keyring-5b597626b8ae137836b524bf814cf904c8c9c450.tar.gz |
dbus: do not handle methods when they don't match initial caller
Match the previous behavior in GkdSecretPrompt, GkdSecretSession and
GkdSecretUnlock, where we do not reply to dbus methods that are being
invoked for a caller different than the one initially requesting the
object.
https://bugzilla.gnome.org/show_bug.cgi?id=622905
Diffstat (limited to 'daemon')
-rw-r--r-- | daemon/dbus/gkd-dbus.c | 17 | ||||
-rw-r--r-- | daemon/dbus/gkd-dbus.h | 5 | ||||
-rw-r--r-- | daemon/dbus/gkd-secret-prompt.c | 7 | ||||
-rw-r--r-- | daemon/dbus/gkd-secret-session.c | 4 | ||||
-rw-r--r-- | daemon/dbus/gkd-secret-unlock.c | 7 |
5 files changed, 40 insertions, 0 deletions
diff --git a/daemon/dbus/gkd-dbus.c b/daemon/dbus/gkd-dbus.c index 4f7c1434..6644a790 100644 --- a/daemon/dbus/gkd-dbus.c +++ b/daemon/dbus/gkd-dbus.c @@ -282,3 +282,20 @@ gkd_dbus_setup (void) egg_cleanup_register (dbus_cleanup, NULL); return TRUE; } + +gboolean +gkd_dbus_invocation_matches_caller (GDBusMethodInvocation *invocation, + const char *caller) +{ + const char *invocation_caller; + + invocation_caller = g_dbus_method_invocation_get_sender (invocation); + if (!g_str_equal (invocation_caller, caller)) { + g_dbus_method_invocation_return_error_literal (invocation, G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Invalid caller"); + return FALSE; + } + + return TRUE; +} diff --git a/daemon/dbus/gkd-dbus.h b/daemon/dbus/gkd-dbus.h index 6506aa90..8a9ca450 100644 --- a/daemon/dbus/gkd-dbus.h +++ b/daemon/dbus/gkd-dbus.h @@ -23,6 +23,7 @@ #ifndef GKD_DBUS_H #define GKD_DBUS_H +#include <gio/gio.h> #include <glib.h> gboolean gkd_dbus_setup (void); @@ -33,4 +34,8 @@ gboolean gkd_dbus_singleton_acquire (gboolean *acquired); gchar* gkd_dbus_singleton_control (void); +/* DBus utils */ +gboolean gkd_dbus_invocation_matches_caller (GDBusMethodInvocation *invocation, + const char *caller); + #endif /* GKD_DBUS_H */ diff --git a/daemon/dbus/gkd-secret-prompt.c b/daemon/dbus/gkd-secret-prompt.c index 3aa4dcc6..65ee413d 100644 --- a/daemon/dbus/gkd-secret-prompt.c +++ b/daemon/dbus/gkd-secret-prompt.c @@ -20,6 +20,7 @@ #include "config.h" +#include "gkd-dbus.h" #include "gkd-secret-dispatch.h" #include "gkd-secret-error.h" #include "gkd-secret-exchange.h" @@ -103,6 +104,9 @@ prompt_method_prompt (GkdExportedPrompt *skeleton, gchar *window_id, GkdSecretPrompt *self) { + if (!gkd_dbus_invocation_matches_caller (invocation, self->pv->caller)) + return FALSE; + /* Act as if this object no longer exists */ if (self->pv->completed) return FALSE; @@ -131,6 +135,9 @@ prompt_method_dismiss (GkdExportedPrompt *skeleton, GDBusMethodInvocation *invocation, GkdSecretPrompt *self) { + if (!gkd_dbus_invocation_matches_caller (invocation, self->pv->caller)) + return FALSE; + /* Act as if this object no longer exists */ if (self->pv->completed) return FALSE; diff --git a/daemon/dbus/gkd-secret-session.c b/daemon/dbus/gkd-secret-session.c index 6ae382f5..11950bf3 100644 --- a/daemon/dbus/gkd-secret-session.c +++ b/daemon/dbus/gkd-secret-session.c @@ -20,6 +20,7 @@ #include "config.h" +#include "gkd-dbus.h" #include "gkd-secret-dispatch.h" #include "gkd-secret-error.h" #include "gkd-secret-secret.h" @@ -290,6 +291,9 @@ session_method_close (GkdExportedSession *skeleton, GDBusMethodInvocation *invocation, GkdSecretSession *self) { + if (!gkd_dbus_invocation_matches_caller (invocation, self->caller)) + return FALSE; + gkd_secret_service_close_session (self->service, self); gkd_exported_session_complete_close (skeleton, invocation); diff --git a/daemon/dbus/gkd-secret-unlock.c b/daemon/dbus/gkd-secret-unlock.c index 4198fb65..02f8cffb 100644 --- a/daemon/dbus/gkd-secret-unlock.c +++ b/daemon/dbus/gkd-secret-unlock.c @@ -20,6 +20,7 @@ #include "config.h" +#include "gkd-dbus.h" #include "gkd-secret-dispatch.h" #include "gkd-secret-error.h" #include "gkd-secret-objects.h" @@ -304,6 +305,9 @@ prompt_method_prompt (GkdExportedPrompt *skeleton, gchar *window_id, GkdSecretUnlock *self) { + if (!gkd_dbus_invocation_matches_caller (invocation, self->caller)) + return FALSE; + /* Act as if this object no longer exists */ if (self->completed) return FALSE; @@ -328,6 +332,9 @@ prompt_method_dismiss (GkdExportedPrompt *skeleton, GDBusMethodInvocation *invocation, GkdSecretUnlock *self) { + if (!gkd_dbus_invocation_matches_caller (invocation, self->caller)) + return FALSE; + /* Act as if this object no longer exists */ if (self->completed) return FALSE; |