[patch] Auth method for console users

Havoc Pennington hp at redhat.com
Tue Jun 29 02:54:42 PDT 2004


Hi,

Some comments:

- _dbus_is_console_user() args in prototype should align with 
  function above it (get a copy of egtk-format-protos for emacs)

- should not include unistd.h in dbus-userdb.c, only in 
  dbus-sysdeps.c; suggest that all the stuff about /var/run
  be in sysdeps

- dbus_is_console_user() has to indicate to its caller whether
  it ran out of memory; the OOM error has to be handled, not 
  ignored by assuming the user is not a console user.

- this isn't right, since you want to use the auth_on_user=true
  items if it is the console user, and =false items if it isn't, 
  so you have to go over each item:
+  if (_dbus_is_console_user (uid))
+    if (!add_list_to_client (&policy->console_rules,
+                           client))
+      goto nomem;
+

- in list_allows_user() you have the same basic issue

- read over the man page for dbus-daemon on this; 
  the arg "user" in "<policy user='foo'>" is a match rule.
  So similarly <policy console='true'> would be a match rule,
  i.e. the policy applies if you're on the console, and 
  not otherwise

- suggest s/auth_on_user/at_console/ or something like that

- would it be interesting to allow user="hp" console="true"
  ?

Havoc





More information about the dbus mailing list