brl/mutter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remote-desktop, screen-cast: Fail session method calls from other peers

Browse Source 
Only accept method calls on the session objects from the same peer that
created the session.

https://bugzilla.gnome.org/show_bug.cgi?id=784199
This commit is contained in:
Jonas Ådahl
2017-08-25 15:19:53 +08:00
parent 921b18f713
commit 6e46ad9f3a
6 changed files with 120 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
src/backends/meta-screen-cast-session.c
View File

@ -35,6 +35,8 @@ struct _MetaScreenCastSession
{
MetaDBusScreenCastSessionSkeleton parent;
char *peer_name;
MetaScreenCastSessionType session_type;
char *object_path;
@ -101,6 +103,14 @@ meta_screen_cast_session_get_object_path (MetaScreenCastSession *session)
return session->object_path;
}
static gboolean
check_permission (MetaScreenCastSession *session,
GDBusMethodInvocation *invocation)
{
return g_strcmp0 (session->peer_name,
g_dbus_method_invocation_get_sender (invocation)) == 0;
}
static gboolean
handle_start (MetaDBusScreenCastSession *skeleton,
GDBusMethodInvocation *invocation)
@ -108,6 +118,14 @@ handle_start (MetaDBusScreenCastSession *skeleton,
MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (skeleton);
GError *error = NULL;
if (!check_permission (session, invocation))
{
g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
G_DBUS_ERROR_ACCESS_DENIED,
"Permission denied");
return TRUE;
}
switch (session->session_type)
{
case META_SCREEN_CAST_SESSION_TYPE_NORMAL:
@ -141,6 +159,14 @@ handle_stop (MetaDBusScreenCastSession *skeleton,
{
MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (skeleton);
if (!check_permission (session, invocation))
{
g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
G_DBUS_ERROR_ACCESS_DENIED,
"Permission denied");
return TRUE;
}
switch (session->session_type)
{
case META_SCREEN_CAST_SESSION_TYPE_NORMAL:
@ -185,6 +211,14 @@ handle_record_monitor (MetaDBusScreenCastSession *skeleton,
MetaScreenCastStream *stream;
char *stream_path;
if (!check_permission (session, invocation))
{
g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
G_DBUS_ERROR_ACCESS_DENIED,
"Permission denied");
return TRUE;
}
interface_skeleton = G_DBUS_INTERFACE_SKELETON (skeleton);
connection = g_dbus_interface_skeleton_get_connection (interface_skeleton);
@ -238,6 +272,16 @@ handle_record_window (MetaDBusScreenCastSession *skeleton,
GDBusMethodInvocation *invocation,
GVariant *properties_variant)
{
MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (skeleton);
if (!check_permission (session, invocation))
{
g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
G_DBUS_ERROR_ACCESS_DENIED,
"Permission denied");
return TRUE;
}
g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
G_DBUS_ERROR_FAILED,
"Recording a window not yet supported");
@ -268,6 +312,7 @@ meta_dbus_session_init_iface (MetaDbusSessionInterface *iface)
MetaScreenCastSession *
meta_screen_cast_session_new (MetaScreenCast *screen_cast,
MetaScreenCastSessionType session_type,
const char *peer_name,
GError **error)
{
GDBusInterfaceSkeleton *interface_skeleton;
@ -277,6 +322,7 @@ meta_screen_cast_session_new (MetaScreenCast *screen_cast,
session = g_object_new (META_TYPE_SCREEN_CAST_SESSION, NULL);
session->session_type = session_type;
session->peer_name = g_strdup (peer_name);
session->object_path =
g_strdup_printf (META_SCREEN_CAST_SESSION_DBUS_PATH "/u%u",
++global_session_number);
@ -297,6 +343,7 @@ meta_screen_cast_session_finalize (GObject *object)
{
MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (object);
g_free (session->peer_name);
g_free (session->object_path);
G_OBJECT_CLASS (meta_screen_cast_session_parent_class)->finalize (object);