[patch] Auth method for console users
Havoc Pennington
hp at redhat.com
Tue Jun 29 02:54:42 PDT 2004
Hi,
Some comments:
- _dbus_is_console_user() args in prototype should align with
function above it (get a copy of egtk-format-protos for emacs)
- should not include unistd.h in dbus-userdb.c, only in
dbus-sysdeps.c; suggest that all the stuff about /var/run
be in sysdeps
- dbus_is_console_user() has to indicate to its caller whether
it ran out of memory; the OOM error has to be handled, not
ignored by assuming the user is not a console user.
- this isn't right, since you want to use the auth_on_user=true
items if it is the console user, and =false items if it isn't,
so you have to go over each item:
+ if (_dbus_is_console_user (uid))
+ if (!add_list_to_client (&policy->console_rules,
+ client))
+ goto nomem;
+
- in list_allows_user() you have the same basic issue
- read over the man page for dbus-daemon on this;
the arg "user" in "<policy user='foo'>" is a match rule.
So similarly <policy console='true'> would be a match rule,
i.e. the policy applies if you're on the console, and
not otherwise
- suggest s/auth_on_user/at_console/ or something like that
- would it be interesting to allow user="hp" console="true"
?
Havoc
More information about the dbus
mailing list