diff options
| author | Simon McVittie <smcv@collabora.com> | 2019-06-05 13:33:38 +0100 |
|---|---|---|
| committer | Ondrej Holy <oholy@redhat.com> | 2019-06-06 12:36:15 +0200 |
| commit | 70dbfc68a79faac49bd3423e079cb6902522082a (patch) | |
| tree | 6bb61e7dfd0b2c041f84d4852ad3600b31081efc | |
| parent | 409619412e11be146a31b9a99ed965925f1aabb8 (diff) | |
| download | gvfs-70dbfc68a79faac49bd3423e079cb6902522082a.tar.gz | |
gvfsdaemon: Check that the connecting client is the same user
Otherwise, an attacker who learns the abstract socket address from
netstat(8) or similar could connect to it and issue D-Bus method
calls.
Signed-off-by: Simon McVittie <smcv@collabora.com>
| -rw-r--r-- | daemon/gvfsdaemon.c | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/daemon/gvfsdaemon.c b/daemon/gvfsdaemon.c index 406d4f8e..be148a7b 100644 --- a/daemon/gvfsdaemon.c +++ b/daemon/gvfsdaemon.c @@ -79,6 +79,7 @@ struct _GVfsDaemon gint mount_counter; + GDBusAuthObserver *auth_observer; GDBusConnection *conn; GVfsDBusDaemon *daemon_skeleton; GVfsDBusMountable *mountable_skeleton; @@ -171,6 +172,8 @@ g_vfs_daemon_finalize (GObject *object) } if (daemon->conn != NULL) g_object_unref (daemon->conn); + if (daemon->auth_observer != NULL) + g_object_unref (daemon->auth_observer); g_hash_table_destroy (daemon->registered_paths); g_hash_table_destroy (daemon->client_connections); @@ -236,6 +239,35 @@ name_vanished_handler (GDBusConnection *connection, daemon->lost_main_daemon = TRUE; } +/* + * Authentication observer signal handler that authorizes connections + * from the same uid as this process. This matches the behaviour of a + * libdbus DBusServer/DBusConnection when no DBusAllowUnixUserFunction + * has been set, but is not the default in GDBus. + */ +static gboolean +authorize_authenticated_peer_cb (GDBusAuthObserver *observer, + G_GNUC_UNUSED GIOStream *stream, + GCredentials *credentials, + G_GNUC_UNUSED gpointer user_data) +{ + gboolean authorized = FALSE; + + if (credentials != NULL) + { + GCredentials *own_credentials; + + own_credentials = g_credentials_new (); + + if (g_credentials_is_same_user (credentials, own_credentials, NULL)) + authorized = TRUE; + + g_object_unref (own_credentials); + } + + return authorized; +} + static void g_vfs_daemon_init (GVfsDaemon *daemon) { @@ -265,6 +297,8 @@ g_vfs_daemon_init (GVfsDaemon *daemon) daemon->conn = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, NULL); g_assert (daemon->conn != NULL); + daemon->auth_observer = g_dbus_auth_observer_new (); + g_signal_connect (daemon->auth_observer, "authorize-authenticated-peer", G_CALLBACK (authorize_authenticated_peer_cb), NULL); daemon->daemon_skeleton = gvfs_dbus_daemon_skeleton_new (); g_signal_connect (daemon->daemon_skeleton, "handle-get-connection", G_CALLBACK (handle_get_connection), daemon); @@ -876,7 +910,7 @@ handle_get_connection (GVfsDBusDaemon *object, server = g_dbus_server_new_sync (address1, G_DBUS_SERVER_FLAGS_NONE, guid, - NULL, /* GDBusAuthObserver */ + daemon->auth_observer, NULL, /* GCancellable */ &error); g_free (guid); |