[patch] Auth method for console users

Havoc Pennington hp at redhat.com
Sat Oct 2 23:01:46 UTC 2004


On Mon, 2004-09-27 at 14:38 +0200, David Zeuthen wrote:
> Hi,
> 
> How about exposing the _dbus_user_at_console in dbus-sysdeps.h as 
> 
>  dbus_bus_is_at_console (DBusConnection *connection,
>                          const char *service_name,
>                          DBusError *error);
> 
> much like dbus_bus_get_unix_user(). I'd like to use this in HAL to lock
> down who is allowed to obtain advisory locks on devices, e.g. invoke the
> Lock() method on the org.freedesktop.Hal.Device interface. 
> 
> It seems I can't use the hal.conf policy file for this as I want all
> users to be able to invoke other methods such as GetProperty() on that
> interfaces. Perhaps the policy should be more finegrained or perhaps I'm
> mistaken.

You should be able to do a <deny> for a particular method name, wouldn't
that work?

A thing like dbus_bus_is_at_console() encourages code that has nasty
races in it, if you aren't careful to use only base/unique service
names...

Havoc




More information about the dbus mailing list