From: Simon McVittie Date: Fri, 23 Aug 2013 10:09:21 +0000 (+0100) Subject: Revert "Remove transport's call to _dbus_authorization_do_authorization()." X-Git-Tag: dbus-1.7.6~102 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f9b4432dbb1a5e9575d2ae61305b57ad6c254149;p=thirdparty%2Fdbus.git Revert "Remove transport's call to _dbus_authorization_do_authorization()." This reverts commit 64e50dd167993fb2344d2d3be18bb0d5820b5b26. --- diff --git a/dbus/dbus-transport.c b/dbus/dbus-transport.c index da95d2c28..db16574a1 100644 --- a/dbus/dbus-transport.c +++ b/dbus/dbus-transport.c @@ -589,6 +589,9 @@ _dbus_transport_try_to_authenticate (DBusTransport *transport) if (transport->disconnected) return FALSE; + /* paranoia ref since we call user callbacks sometimes */ + _dbus_connection_ref_unlocked (transport->connection); + maybe_authenticated = (!(transport->send_credentials_pending || transport->receive_credentials_pending)); @@ -620,12 +623,32 @@ _dbus_transport_try_to_authenticate (DBusTransport *transport) _dbus_verbose ("Client expected GUID '%s' and we got '%s' from the server\n", transport->expected_guid, server_guid); _dbus_transport_disconnect (transport); + _dbus_connection_unref_unlocked (transport->connection); return FALSE; } } + /* If we're the server, see if we want to allow this identity to proceed. + */ + if (maybe_authenticated && transport->is_server) + { + DBusCredentials *auth_identity; + + auth_identity = _dbus_auth_get_identity (transport->auth); + _dbus_assert (auth_identity != NULL); + + /* If we have an authenticated user, delegate deciding whether auth + * credentials are good enough to the app */ + if (!_dbus_authorization_do_authorization (transport->authorization, auth_identity)) + { + _dbus_transport_disconnect (transport); + maybe_authenticated = FALSE; + } + } + transport->authenticated = maybe_authenticated; + _dbus_connection_unref_unlocked (transport->connection); return maybe_authenticated; } }