[mutter] remote-desktop, screen-cast: Fail session method calls from other peers
- From: Jonas Ådahl <jadahl src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [mutter] remote-desktop, screen-cast: Fail session method calls from other peers
- Date: Tue, 29 Aug 2017 06:42:17 +0000 (UTC)
commit 6e46ad9f3a9c63fddacf87d9995b35018cc060d7
Author: Jonas Ådahl <jadahl gmail com>
Date: Fri Aug 25 15:19:53 2017 +0800
remote-desktop, screen-cast: Fail session method calls from other peers
Only accept method calls on the session objects from the same peer that
created the session.
https://bugzilla.gnome.org/show_bug.cgi?id=784199
src/backends/meta-remote-desktop-session.c | 63 +++++++++++++++++++++++++++-
src/backends/meta-remote-desktop-session.h | 1 +
src/backends/meta-remote-desktop.c | 3 +
src/backends/meta-screen-cast-session.c | 47 +++++++++++++++++++++
src/backends/meta-screen-cast-session.h | 1 +
src/backends/meta-screen-cast.c | 7 +++-
6 files changed, 120 insertions(+), 2 deletions(-)
---
diff --git a/src/backends/meta-remote-desktop-session.c b/src/backends/meta-remote-desktop-session.c
index c8fd2da..4687475 100644
--- a/src/backends/meta-remote-desktop-session.c
+++ b/src/backends/meta-remote-desktop-session.c
@@ -42,6 +42,8 @@ struct _MetaRemoteDesktopSession
{
MetaDBusRemoteDesktopSessionSkeleton parent;
+ char *peer_name;
+
char *session_id;
char *object_path;
@@ -165,6 +167,7 @@ meta_remote_desktop_session_register_screen_cast (MetaRemoteDesktopSession *ses
MetaRemoteDesktopSession *
meta_remote_desktop_session_new (MetaRemoteDesktop *remote_desktop,
+ const char *peer_name,
GError **error)
{
GDBusInterfaceSkeleton *interface_skeleton;
@@ -173,6 +176,8 @@ meta_remote_desktop_session_new (MetaRemoteDesktop *remote_desktop,
session = g_object_new (META_TYPE_REMOTE_DESKTOP_SESSION, NULL);
+ session->peer_name = g_strdup (peer_name);
+
interface_skeleton = G_DBUS_INTERFACE_SKELETON (session);
connection = meta_remote_desktop_get_connection (remote_desktop);
if (!g_dbus_interface_skeleton_export (interface_skeleton,
@@ -188,12 +193,28 @@ meta_remote_desktop_session_new (MetaRemoteDesktop *remote_desktop,
}
static gboolean
+check_permission (MetaRemoteDesktopSession *session,
+ GDBusMethodInvocation *invocation)
+{
+ return g_strcmp0 (session->peer_name,
+ g_dbus_method_invocation_get_sender (invocation)) == 0;
+}
+
+static gboolean
handle_start (MetaDBusRemoteDesktopSession *skeleton,
GDBusMethodInvocation *invocation)
{
MetaRemoteDesktopSession *session = META_REMOTE_DESKTOP_SESSION (skeleton);
GError *error = NULL;
+ if (!check_permission (session, invocation))
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+ G_DBUS_ERROR_ACCESS_DENIED,
+ "Permission denied");
+ return TRUE;
+ }
+
if (!meta_remote_desktop_session_start (session, &error))
{
g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
@@ -218,6 +239,14 @@ handle_stop (MetaDBusRemoteDesktopSession *skeleton,
{
MetaRemoteDesktopSession *session = META_REMOTE_DESKTOP_SESSION (skeleton);
+ if (!check_permission (session, invocation))
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+ G_DBUS_ERROR_ACCESS_DENIED,
+ "Permission denied");
+ return TRUE;
+ }
+
meta_remote_desktop_session_close (session);
meta_dbus_remote_desktop_session_complete_stop (skeleton, invocation);
@@ -232,9 +261,16 @@ handle_notify_keyboard_keysym (MetaDBusRemoteDesktopSession *skeleton,
gboolean pressed)
{
MetaRemoteDesktopSession *session = META_REMOTE_DESKTOP_SESSION (skeleton);
-
ClutterKeyState state;
+ if (!check_permission (session, invocation))
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+ G_DBUS_ERROR_ACCESS_DENIED,
+ "Permission denied");
+ return TRUE;
+ }
+
if (pressed)
state = CLUTTER_KEY_STATE_PRESSED;
else
@@ -281,6 +317,14 @@ handle_notify_pointer_button (MetaDBusRemoteDesktopSession *skeleton,
uint32_t button;
ClutterButtonState state;
+ if (!check_permission (session, invocation))
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+ G_DBUS_ERROR_ACCESS_DENIED,
+ "Permission denied");
+ return TRUE;
+ }
+
button = translate_to_clutter_button (button_code);
if (pressed)
@@ -324,6 +368,14 @@ handle_notify_pointer_axis_discrete (MetaDBusRemoteDesktopSession *skeleton,
MetaRemoteDesktopSession *session = META_REMOTE_DESKTOP_SESSION (skeleton);
ClutterScrollDirection direction;
+ if (!check_permission (session, invocation))
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+ G_DBUS_ERROR_ACCESS_DENIED,
+ "Permission denied");
+ return TRUE;
+ }
+
if (axis <= 1)
{
g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
@@ -369,6 +421,14 @@ handle_notify_pointer_motion_absolute (MetaDBusRemoteDesktopSession *skeleton,
{
MetaRemoteDesktopSession *session = META_REMOTE_DESKTOP_SESSION (skeleton);
+ if (!check_permission (session, invocation))
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+ G_DBUS_ERROR_ACCESS_DENIED,
+ "Permission denied");
+ return TRUE;
+ }
+
clutter_virtual_input_device_notify_absolute_motion (session->virtual_pointer,
CLUTTER_CURRENT_TIME,
x, y);
@@ -409,6 +469,7 @@ meta_remote_desktop_session_finalize (GObject *object)
g_assert (!meta_remote_desktop_session_is_running (session));
+ g_free (session->peer_name);
g_free (session->session_id);
g_free (session->object_path);
diff --git a/src/backends/meta-remote-desktop-session.h b/src/backends/meta-remote-desktop-session.h
index a406a0f..54dce41 100644
--- a/src/backends/meta-remote-desktop-session.h
+++ b/src/backends/meta-remote-desktop-session.h
@@ -44,6 +44,7 @@ gboolean meta_remote_desktop_session_register_screen_cast (MetaRemoteDesktopSess
void meta_remote_desktop_session_close (MetaRemoteDesktopSession *session);
MetaRemoteDesktopSession * meta_remote_desktop_session_new (MetaRemoteDesktop *remote_desktop,
+ const char *peer_name,
GError **error);
#endif /* META_REMOTE_DESKTOP_SESSION_H */
diff --git a/src/backends/meta-remote-desktop.c b/src/backends/meta-remote-desktop.c
index 4817276..38dbb57 100644
--- a/src/backends/meta-remote-desktop.c
+++ b/src/backends/meta-remote-desktop.c
@@ -94,13 +94,16 @@ handle_create_session (MetaDBusRemoteDesktop *skeleton,
GDBusMethodInvocation *invocation)
{
MetaRemoteDesktop *remote_desktop = META_REMOTE_DESKTOP (skeleton);
+ const char *peer_name;
MetaRemoteDesktopSession *session;
GError *error = NULL;
char *session_id;
char *session_path;
const char *client_dbus_name;
+ peer_name = g_dbus_method_invocation_get_sender (invocation);
session = meta_remote_desktop_session_new (remote_desktop,
+ peer_name,
&error);
if (!session)
{
diff --git a/src/backends/meta-screen-cast-session.c b/src/backends/meta-screen-cast-session.c
index 907e645..674e121 100644
--- a/src/backends/meta-screen-cast-session.c
+++ b/src/backends/meta-screen-cast-session.c
@@ -35,6 +35,8 @@ struct _MetaScreenCastSession
{
MetaDBusScreenCastSessionSkeleton parent;
+ char *peer_name;
+
MetaScreenCastSessionType session_type;
char *object_path;
@@ -102,12 +104,28 @@ meta_screen_cast_session_get_object_path (MetaScreenCastSession *session)
}
static gboolean
+check_permission (MetaScreenCastSession *session,
+ GDBusMethodInvocation *invocation)
+{
+ return g_strcmp0 (session->peer_name,
+ g_dbus_method_invocation_get_sender (invocation)) == 0;
+}
+
+static gboolean
handle_start (MetaDBusScreenCastSession *skeleton,
GDBusMethodInvocation *invocation)
{
MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (skeleton);
GError *error = NULL;
+ if (!check_permission (session, invocation))
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+ G_DBUS_ERROR_ACCESS_DENIED,
+ "Permission denied");
+ return TRUE;
+ }
+
switch (session->session_type)
{
case META_SCREEN_CAST_SESSION_TYPE_NORMAL:
@@ -141,6 +159,14 @@ handle_stop (MetaDBusScreenCastSession *skeleton,
{
MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (skeleton);
+ if (!check_permission (session, invocation))
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+ G_DBUS_ERROR_ACCESS_DENIED,
+ "Permission denied");
+ return TRUE;
+ }
+
switch (session->session_type)
{
case META_SCREEN_CAST_SESSION_TYPE_NORMAL:
@@ -185,6 +211,14 @@ handle_record_monitor (MetaDBusScreenCastSession *skeleton,
MetaScreenCastStream *stream;
char *stream_path;
+ if (!check_permission (session, invocation))
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+ G_DBUS_ERROR_ACCESS_DENIED,
+ "Permission denied");
+ return TRUE;
+ }
+
interface_skeleton = G_DBUS_INTERFACE_SKELETON (skeleton);
connection = g_dbus_interface_skeleton_get_connection (interface_skeleton);
@@ -238,6 +272,16 @@ handle_record_window (MetaDBusScreenCastSession *skeleton,
GDBusMethodInvocation *invocation,
GVariant *properties_variant)
{
+ MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (skeleton);
+
+ if (!check_permission (session, invocation))
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+ G_DBUS_ERROR_ACCESS_DENIED,
+ "Permission denied");
+ return TRUE;
+ }
+
g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
G_DBUS_ERROR_FAILED,
"Recording a window not yet supported");
@@ -268,6 +312,7 @@ meta_dbus_session_init_iface (MetaDbusSessionInterface *iface)
MetaScreenCastSession *
meta_screen_cast_session_new (MetaScreenCast *screen_cast,
MetaScreenCastSessionType session_type,
+ const char *peer_name,
GError **error)
{
GDBusInterfaceSkeleton *interface_skeleton;
@@ -277,6 +322,7 @@ meta_screen_cast_session_new (MetaScreenCast *screen_cast,
session = g_object_new (META_TYPE_SCREEN_CAST_SESSION, NULL);
session->session_type = session_type;
+ session->peer_name = g_strdup (peer_name);
session->object_path =
g_strdup_printf (META_SCREEN_CAST_SESSION_DBUS_PATH "/u%u",
++global_session_number);
@@ -297,6 +343,7 @@ meta_screen_cast_session_finalize (GObject *object)
{
MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (object);
+ g_free (session->peer_name);
g_free (session->object_path);
G_OBJECT_CLASS (meta_screen_cast_session_parent_class)->finalize (object);
diff --git a/src/backends/meta-screen-cast-session.h b/src/backends/meta-screen-cast-session.h
index cf8d8e2..20bbf84 100644
--- a/src/backends/meta-screen-cast-session.h
+++ b/src/backends/meta-screen-cast-session.h
@@ -40,6 +40,7 @@ char * meta_screen_cast_session_get_object_path (MetaScreenCastSession *session)
MetaScreenCastSession * meta_screen_cast_session_new (MetaScreenCast *screen_cast,
MetaScreenCastSessionType session_type,
+ const char *peer_name,
GError **error);
gboolean meta_screen_cast_session_start (MetaScreenCastSession *session,
diff --git a/src/backends/meta-screen-cast.c b/src/backends/meta-screen-cast.c
index 558ad18..3d12c1e 100644
--- a/src/backends/meta-screen-cast.c
+++ b/src/backends/meta-screen-cast.c
@@ -100,6 +100,7 @@ handle_create_session (MetaDBusScreenCast *skeleton,
GVariant *properties)
{
MetaScreenCast *screen_cast = META_SCREEN_CAST (skeleton);
+ const char *peer_name;
MetaScreenCastSession *session;
GError *error = NULL;
const char *session_path;
@@ -115,7 +116,11 @@ handle_create_session (MetaDBusScreenCast *skeleton,
else
session_type = META_SCREEN_CAST_SESSION_TYPE_NORMAL;
- session = meta_screen_cast_session_new (screen_cast, session_type, &error);
+ peer_name = g_dbus_method_invocation_get_sender (invocation);
+ session = meta_screen_cast_session_new (screen_cast,
+ session_type,
+ peer_name,
+ &error);
if (!session)
{
g_warning ("Failed to create screen cast session: %s",
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
