[patch] Auth method for console users
Havoc Pennington
hp at redhat.com
Sat Oct 2 23:01:46 UTC 2004
On Mon, 2004-09-27 at 14:38 +0200, David Zeuthen wrote:
> Hi,
>
> How about exposing the _dbus_user_at_console in dbus-sysdeps.h as
>
> dbus_bus_is_at_console (DBusConnection *connection,
> const char *service_name,
> DBusError *error);
>
> much like dbus_bus_get_unix_user(). I'd like to use this in HAL to lock
> down who is allowed to obtain advisory locks on devices, e.g. invoke the
> Lock() method on the org.freedesktop.Hal.Device interface.
>
> It seems I can't use the hal.conf policy file for this as I want all
> users to be able to invoke other methods such as GetProperty() on that
> interfaces. Perhaps the policy should be more finegrained or perhaps I'm
> mistaken.
You should be able to do a <deny> for a particular method name, wouldn't
that work?
A thing like dbus_bus_is_at_console() encourages code that has nasty
races in it, if you aren't careful to use only base/unique service
names...
Havoc
More information about the dbus
mailing list