dbus-transport.c fix

Ralf Habacker ralf.habacker at freenet.de
Thu Jun 21 14:07:49 PDT 2007


Havoc Pennington schrieb:
> Hi,
>
> This is an overkill solution - the simple solution I prefer is to just 
> print both uid and windows_sid on both platforms, using _dbus_verbose
>
You means in this way ?

      /* FIXME the verbose spam here is unix-specific */                 
      _dbus_verbose ("Client authorized as UID "DBUS_UID_FORMAT
                     " matching our UID "DBUS_UID_FORMAT"\n",
                     _dbus_credentials_get_unix_uid(auth_identity),
                     _dbus_credentials_get_unix_uid(our_identity));
      _dbus_verbose ("Client authorized as SID %s"
                     " matching our SID %d"\n",
                     _dbus_credentials_get_windows_sid(auth_identity),
                     _dbus_credentials_get_windows_sid(our_identity));
      /* We have authenticated! */
      allow = TRUE;
    }
  else
    {
      /* FIXME the verbose spam here is unix-specific */
      _dbus_verbose ("Client authorized as UID "DBUS_UID_FORMAT
                     " but our UID is "DBUS_UID_FORMAT", disconnecting\n",
                     _dbus_credentials_get_unix_uid(our_identity),
                     _dbus_credentials_get_unix_uid(our_identity));
      _dbus_verbose ("Client authorized as SID %s
                     " but our SID is %s, disconnecting\n",
                     _dbus_credentials_get_windows_sid(our_identity),
                     _dbus_credentials_get_windows_sid(our_identity));
      _dbus_transport_disconnect (transport);
      allow = FALSE;
    } 


I don't think that this is a good idea. This will confuse users. They 
will ask "for what should it look uid or sid" every time. Only the 
relevant part should be printed.

If you don't like my idea of a generic credential related verbose 
function the DbusCredentials namespace should have a function which 
detects if a DBusCredentials objects is holding a unix uid or a windows 
sid object.

This would allow to limit the verbose output to the real important part.

  if (transport->allow_anonymous ||
      _dbus_credentials_get_unix_uid (auth_identity) == 0 ||
      _dbus_credentials_same_user (our_identity,
                                   auth_identity))
    {
    if (_dbus_credentials_has_windows_sid(our_identity))
      _dbus_verbose ("Client authorized as SID %s"
                     " matching our SID %d"\n",
                     _dbus_credentials_get_windows_sid(auth_identity),
                     _dbus_credentials_get_windows_sid(our_identity));

    else
     _dbus_verbose ("Client authorized as UID "DBUS_UID_FORMAT
                     " matching our UID "DBUS_UID_FORMAT"\n",
                     _dbus_credentials_get_unix_uid(auth_identity),
                     _dbus_credentials_get_unix_uid(our_identity));



Using the given api this would be able with

  if (transport->allow_anonymous ||
      _dbus_credentials_get_unix_uid (auth_identity) == 0 ||
      _dbus_credentials_same_user (our_identity,
                                   auth_identity))
    {
      if (_dbus_credentials_get_windows_sid(our_identity))
          _dbus_verbose ("Client authorized as SID %s"
                         " matching our SID %d"\n",
                         _dbus_credentials_get_windows_sid(auth_identity),
                         _dbus_credentials_get_windows_sid(our_identity));
      else
          _dbus_verbose ("Client authorized as UID "DBUS_UID_FORMAT
                         " matching our UID "DBUS_UID_FORMAT"\n",
                         _dbus_credentials_get_unix_uid(auth_identity),
                         _dbus_credentials_get_unix_uid(our_identity));
      /* We have authenticated! */
      allow = TRUE;
    }
  else
    {
      if (_dbus_credentials_get_windows_sid(our_identity))
          _dbus_verbose ("Client authorized as UID "DBUS_UID_FORMAT
                         " but our UID is "DBUS_UID_FORMAT", 
disconnecting\n",
                         _dbus_credentials_get_unix_uid(our_identity),
                         _dbus_credentials_get_unix_uid(our_identity));
      else
          _dbus_verbose ("Client authorized as SID %s
                         " but our SID is %s, disconnecting\n",
                         _dbus_credentials_get_windows_sid(our_identity),
                         _dbus_credentials_get_windows_sid(our_identity));
      _dbus_transport_disconnect (transport);
      allow = FALSE;
    } 


Ralf



More information about the dbus mailing list