hal/hald hald_dbus.c,1.13,1.14
David Zeuthen
david at freedesktop.org
Mon Sep 27 07:49:47 PDT 2004
Update of /cvs/hal/hal/hald
In directory gabe:/tmp/cvs-serv8139/hald
Modified Files:
hald_dbus.c
Log Message:
2004-09-27 David Zeuthen <david at fubar.dk>
* libhal/libhal.c:
(struct LibHalContext_s): add is_shutdown field
(filter_func): if ctx->is_shutdown is TRUE don't process the message.
Return NOT_YET_HANDLED instead of HANDLED on all messages as several
libhal contexts may want to process them.
(hal_initialize): Set ctx->is_shutdown to FALSE
(hal_shutdown): Remove the matching rule on the Manager object and
set is_shutdown to TRUE. Don't fix the leak on the DBusConnection
because leaking it means that the application will terminate. Hence
introduce a leak of the LibHalContext since shutdown is async. Add
a few TODO comments about that this needs fixing (probably needs
dbus_bus_get_dedicated).
* hald/hald_dbus.c (sender_has_superuser_privileges): New function
(device_set_property): Require superuser
(device_add_capability): Require superuser
* hald/linux/block_class_device.c (block_class_pre_process): Add checks
for SATA disks - code snippet from Alan Cox <alan at redhat.com>
Index: hald_dbus.c
===================================================================
RCS file: /cvs/hal/hal/hald/hald_dbus.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- hald_dbus.c 19 Sep 2004 16:32:15 -0000 1.13
+++ hald_dbus.c 27 Sep 2004 14:49:45 -0000 1.14
@@ -910,6 +910,36 @@
}
+static dbus_bool_t
+sender_has_superuser_privileges (DBusConnection *connection, DBusMessage *message)
+{
+ DBusError error;
+ unsigned long user_uid;
+ const char *user_base_svc;
+
+ user_base_svc = dbus_message_get_sender (message);
+ if (user_base_svc == NULL) {
+ HAL_WARNING (("Cannot determine base service of caller"));
+ return FALSE;
+ }
+
+ HAL_DEBUG (("base_svc = %s", user_base_svc));
+
+ dbus_error_init (&error);
+ if ((user_uid = dbus_bus_get_unix_user (connection, user_base_svc, &error)) == -1) {
+ HAL_WARNING (("Could not get uid for connection"));
+ return FALSE;
+ }
+
+ HAL_INFO (("uid for caller is %ld", user_uid));
+
+ if (user_uid != 0) {
+ HAL_WARNING (("uid %d is not superuser", user_uid));
+ return FALSE;
+ }
+
+ return TRUE;
+}
/** Set a property on a device.
*
@@ -952,6 +982,11 @@
}
key = dbus_message_iter_get_string (&iter);
+ if (!sender_has_superuser_privileges (connection, message)) {
+ raise_permission_denied (connection, message, "SetProperty: not privileged");
+ return DBUS_HANDLER_RESULT_HANDLED;
+ }
+
HAL_DEBUG (("udi=%s, key=%s", udi, key));
device = hal_device_store_find (hald_get_gdl (), udi);
@@ -1065,6 +1100,11 @@
HAL_TRACE (("entering"));
+ if (!sender_has_superuser_privileges (connection, message)) {
+ raise_permission_denied (connection, message, "AddCapability: not privileged");
+ return DBUS_HANDLER_RESULT_HANDLED;
+ }
+
udi = dbus_message_get_path (message);
d = hal_device_store_find (hald_get_gdl (), udi);
More information about the hal-commit
mailing list