dbus-transport.c fix
Ralf Habacker
ralf.habacker at freenet.de
Thu Jun 21 14:07:49 PDT 2007
Havoc Pennington schrieb:
> Hi,
>
> This is an overkill solution - the simple solution I prefer is to just
> print both uid and windows_sid on both platforms, using _dbus_verbose
>
You means in this way ?
/* FIXME the verbose spam here is unix-specific */
_dbus_verbose ("Client authorized as UID "DBUS_UID_FORMAT
" matching our UID "DBUS_UID_FORMAT"\n",
_dbus_credentials_get_unix_uid(auth_identity),
_dbus_credentials_get_unix_uid(our_identity));
_dbus_verbose ("Client authorized as SID %s"
" matching our SID %d"\n",
_dbus_credentials_get_windows_sid(auth_identity),
_dbus_credentials_get_windows_sid(our_identity));
/* We have authenticated! */
allow = TRUE;
}
else
{
/* FIXME the verbose spam here is unix-specific */
_dbus_verbose ("Client authorized as UID "DBUS_UID_FORMAT
" but our UID is "DBUS_UID_FORMAT", disconnecting\n",
_dbus_credentials_get_unix_uid(our_identity),
_dbus_credentials_get_unix_uid(our_identity));
_dbus_verbose ("Client authorized as SID %s
" but our SID is %s, disconnecting\n",
_dbus_credentials_get_windows_sid(our_identity),
_dbus_credentials_get_windows_sid(our_identity));
_dbus_transport_disconnect (transport);
allow = FALSE;
}
I don't think that this is a good idea. This will confuse users. They
will ask "for what should it look uid or sid" every time. Only the
relevant part should be printed.
If you don't like my idea of a generic credential related verbose
function the DbusCredentials namespace should have a function which
detects if a DBusCredentials objects is holding a unix uid or a windows
sid object.
This would allow to limit the verbose output to the real important part.
if (transport->allow_anonymous ||
_dbus_credentials_get_unix_uid (auth_identity) == 0 ||
_dbus_credentials_same_user (our_identity,
auth_identity))
{
if (_dbus_credentials_has_windows_sid(our_identity))
_dbus_verbose ("Client authorized as SID %s"
" matching our SID %d"\n",
_dbus_credentials_get_windows_sid(auth_identity),
_dbus_credentials_get_windows_sid(our_identity));
else
_dbus_verbose ("Client authorized as UID "DBUS_UID_FORMAT
" matching our UID "DBUS_UID_FORMAT"\n",
_dbus_credentials_get_unix_uid(auth_identity),
_dbus_credentials_get_unix_uid(our_identity));
Using the given api this would be able with
if (transport->allow_anonymous ||
_dbus_credentials_get_unix_uid (auth_identity) == 0 ||
_dbus_credentials_same_user (our_identity,
auth_identity))
{
if (_dbus_credentials_get_windows_sid(our_identity))
_dbus_verbose ("Client authorized as SID %s"
" matching our SID %d"\n",
_dbus_credentials_get_windows_sid(auth_identity),
_dbus_credentials_get_windows_sid(our_identity));
else
_dbus_verbose ("Client authorized as UID "DBUS_UID_FORMAT
" matching our UID "DBUS_UID_FORMAT"\n",
_dbus_credentials_get_unix_uid(auth_identity),
_dbus_credentials_get_unix_uid(our_identity));
/* We have authenticated! */
allow = TRUE;
}
else
{
if (_dbus_credentials_get_windows_sid(our_identity))
_dbus_verbose ("Client authorized as UID "DBUS_UID_FORMAT
" but our UID is "DBUS_UID_FORMAT",
disconnecting\n",
_dbus_credentials_get_unix_uid(our_identity),
_dbus_credentials_get_unix_uid(our_identity));
else
_dbus_verbose ("Client authorized as SID %s
" but our SID is %s, disconnecting\n",
_dbus_credentials_get_windows_sid(our_identity),
_dbus_credentials_get_windows_sid(our_identity));
_dbus_transport_disconnect (transport);
allow = FALSE;
}
Ralf
More information about the dbus
mailing list