diff --git a/src/backends/meta-remote-desktop-session.c b/src/backends/meta-remote-desktop-session.c index c8fd2da3d..468747572 100644 --- a/src/backends/meta-remote-desktop-session.c +++ b/src/backends/meta-remote-desktop-session.c @@ -42,6 +42,8 @@ struct _MetaRemoteDesktopSession { MetaDBusRemoteDesktopSessionSkeleton parent; + char *peer_name; + char *session_id; char *object_path; @@ -165,6 +167,7 @@ meta_remote_desktop_session_register_screen_cast (MetaRemoteDesktopSession *ses MetaRemoteDesktopSession * meta_remote_desktop_session_new (MetaRemoteDesktop *remote_desktop, + const char *peer_name, GError **error) { GDBusInterfaceSkeleton *interface_skeleton; @@ -173,6 +176,8 @@ meta_remote_desktop_session_new (MetaRemoteDesktop *remote_desktop, session = g_object_new (META_TYPE_REMOTE_DESKTOP_SESSION, NULL); + session->peer_name = g_strdup (peer_name); + interface_skeleton = G_DBUS_INTERFACE_SKELETON (session); connection = meta_remote_desktop_get_connection (remote_desktop); if (!g_dbus_interface_skeleton_export (interface_skeleton, @@ -187,6 +192,14 @@ meta_remote_desktop_session_new (MetaRemoteDesktop *remote_desktop, return session; } +static gboolean +check_permission (MetaRemoteDesktopSession *session, + GDBusMethodInvocation *invocation) +{ + return g_strcmp0 (session->peer_name, + g_dbus_method_invocation_get_sender (invocation)) == 0; +} + static gboolean handle_start (MetaDBusRemoteDesktopSession *skeleton, GDBusMethodInvocation *invocation) @@ -194,6 +207,14 @@ handle_start (MetaDBusRemoteDesktopSession *skeleton, MetaRemoteDesktopSession *session = META_REMOTE_DESKTOP_SESSION (skeleton); GError *error = NULL; + if (!check_permission (session, invocation)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Permission denied"); + return TRUE; + } + if (!meta_remote_desktop_session_start (session, &error)) { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, @@ -218,6 +239,14 @@ handle_stop (MetaDBusRemoteDesktopSession *skeleton, { MetaRemoteDesktopSession *session = META_REMOTE_DESKTOP_SESSION (skeleton); + if (!check_permission (session, invocation)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Permission denied"); + return TRUE; + } + meta_remote_desktop_session_close (session); meta_dbus_remote_desktop_session_complete_stop (skeleton, invocation); @@ -232,9 +261,16 @@ handle_notify_keyboard_keysym (MetaDBusRemoteDesktopSession *skeleton, gboolean pressed) { MetaRemoteDesktopSession *session = META_REMOTE_DESKTOP_SESSION (skeleton); - ClutterKeyState state; + if (!check_permission (session, invocation)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Permission denied"); + return TRUE; + } + if (pressed) state = CLUTTER_KEY_STATE_PRESSED; else @@ -281,6 +317,14 @@ handle_notify_pointer_button (MetaDBusRemoteDesktopSession *skeleton, uint32_t button; ClutterButtonState state; + if (!check_permission (session, invocation)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Permission denied"); + return TRUE; + } + button = translate_to_clutter_button (button_code); if (pressed) @@ -324,6 +368,14 @@ handle_notify_pointer_axis_discrete (MetaDBusRemoteDesktopSession *skeleton, MetaRemoteDesktopSession *session = META_REMOTE_DESKTOP_SESSION (skeleton); ClutterScrollDirection direction; + if (!check_permission (session, invocation)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Permission denied"); + return TRUE; + } + if (axis <= 1) { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, @@ -369,6 +421,14 @@ handle_notify_pointer_motion_absolute (MetaDBusRemoteDesktopSession *skeleton, { MetaRemoteDesktopSession *session = META_REMOTE_DESKTOP_SESSION (skeleton); + if (!check_permission (session, invocation)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Permission denied"); + return TRUE; + } + clutter_virtual_input_device_notify_absolute_motion (session->virtual_pointer, CLUTTER_CURRENT_TIME, x, y); @@ -409,6 +469,7 @@ meta_remote_desktop_session_finalize (GObject *object) g_assert (!meta_remote_desktop_session_is_running (session)); + g_free (session->peer_name); g_free (session->session_id); g_free (session->object_path); diff --git a/src/backends/meta-remote-desktop-session.h b/src/backends/meta-remote-desktop-session.h index a406a0ffe..54dce4119 100644 --- a/src/backends/meta-remote-desktop-session.h +++ b/src/backends/meta-remote-desktop-session.h @@ -44,6 +44,7 @@ gboolean meta_remote_desktop_session_register_screen_cast (MetaRemoteDesktopSess void meta_remote_desktop_session_close (MetaRemoteDesktopSession *session); MetaRemoteDesktopSession * meta_remote_desktop_session_new (MetaRemoteDesktop *remote_desktop, + const char *peer_name, GError **error); #endif /* META_REMOTE_DESKTOP_SESSION_H */ diff --git a/src/backends/meta-remote-desktop.c b/src/backends/meta-remote-desktop.c index 481727627..38dbb57ae 100644 --- a/src/backends/meta-remote-desktop.c +++ b/src/backends/meta-remote-desktop.c @@ -94,13 +94,16 @@ handle_create_session (MetaDBusRemoteDesktop *skeleton, GDBusMethodInvocation *invocation) { MetaRemoteDesktop *remote_desktop = META_REMOTE_DESKTOP (skeleton); + const char *peer_name; MetaRemoteDesktopSession *session; GError *error = NULL; char *session_id; char *session_path; const char *client_dbus_name; + peer_name = g_dbus_method_invocation_get_sender (invocation); session = meta_remote_desktop_session_new (remote_desktop, + peer_name, &error); if (!session) { diff --git a/src/backends/meta-screen-cast-session.c b/src/backends/meta-screen-cast-session.c index 907e645e3..674e1214e 100644 --- a/src/backends/meta-screen-cast-session.c +++ b/src/backends/meta-screen-cast-session.c @@ -35,6 +35,8 @@ struct _MetaScreenCastSession { MetaDBusScreenCastSessionSkeleton parent; + char *peer_name; + MetaScreenCastSessionType session_type; char *object_path; @@ -101,6 +103,14 @@ meta_screen_cast_session_get_object_path (MetaScreenCastSession *session) return session->object_path; } +static gboolean +check_permission (MetaScreenCastSession *session, + GDBusMethodInvocation *invocation) +{ + return g_strcmp0 (session->peer_name, + g_dbus_method_invocation_get_sender (invocation)) == 0; +} + static gboolean handle_start (MetaDBusScreenCastSession *skeleton, GDBusMethodInvocation *invocation) @@ -108,6 +118,14 @@ handle_start (MetaDBusScreenCastSession *skeleton, MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (skeleton); GError *error = NULL; + if (!check_permission (session, invocation)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Permission denied"); + return TRUE; + } + switch (session->session_type) { case META_SCREEN_CAST_SESSION_TYPE_NORMAL: @@ -141,6 +159,14 @@ handle_stop (MetaDBusScreenCastSession *skeleton, { MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (skeleton); + if (!check_permission (session, invocation)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Permission denied"); + return TRUE; + } + switch (session->session_type) { case META_SCREEN_CAST_SESSION_TYPE_NORMAL: @@ -185,6 +211,14 @@ handle_record_monitor (MetaDBusScreenCastSession *skeleton, MetaScreenCastStream *stream; char *stream_path; + if (!check_permission (session, invocation)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Permission denied"); + return TRUE; + } + interface_skeleton = G_DBUS_INTERFACE_SKELETON (skeleton); connection = g_dbus_interface_skeleton_get_connection (interface_skeleton); @@ -238,6 +272,16 @@ handle_record_window (MetaDBusScreenCastSession *skeleton, GDBusMethodInvocation *invocation, GVariant *properties_variant) { + MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (skeleton); + + if (!check_permission (session, invocation)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, + G_DBUS_ERROR_ACCESS_DENIED, + "Permission denied"); + return TRUE; + } + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED, "Recording a window not yet supported"); @@ -268,6 +312,7 @@ meta_dbus_session_init_iface (MetaDbusSessionInterface *iface) MetaScreenCastSession * meta_screen_cast_session_new (MetaScreenCast *screen_cast, MetaScreenCastSessionType session_type, + const char *peer_name, GError **error) { GDBusInterfaceSkeleton *interface_skeleton; @@ -277,6 +322,7 @@ meta_screen_cast_session_new (MetaScreenCast *screen_cast, session = g_object_new (META_TYPE_SCREEN_CAST_SESSION, NULL); session->session_type = session_type; + session->peer_name = g_strdup (peer_name); session->object_path = g_strdup_printf (META_SCREEN_CAST_SESSION_DBUS_PATH "/u%u", ++global_session_number); @@ -297,6 +343,7 @@ meta_screen_cast_session_finalize (GObject *object) { MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (object); + g_free (session->peer_name); g_free (session->object_path); G_OBJECT_CLASS (meta_screen_cast_session_parent_class)->finalize (object); diff --git a/src/backends/meta-screen-cast-session.h b/src/backends/meta-screen-cast-session.h index cf8d8e293..20bbf84e7 100644 --- a/src/backends/meta-screen-cast-session.h +++ b/src/backends/meta-screen-cast-session.h @@ -40,6 +40,7 @@ char * meta_screen_cast_session_get_object_path (MetaScreenCastSession *session) MetaScreenCastSession * meta_screen_cast_session_new (MetaScreenCast *screen_cast, MetaScreenCastSessionType session_type, + const char *peer_name, GError **error); gboolean meta_screen_cast_session_start (MetaScreenCastSession *session, diff --git a/src/backends/meta-screen-cast.c b/src/backends/meta-screen-cast.c index 558ad181b..3d12c1e32 100644 --- a/src/backends/meta-screen-cast.c +++ b/src/backends/meta-screen-cast.c @@ -100,6 +100,7 @@ handle_create_session (MetaDBusScreenCast *skeleton, GVariant *properties) { MetaScreenCast *screen_cast = META_SCREEN_CAST (skeleton); + const char *peer_name; MetaScreenCastSession *session; GError *error = NULL; const char *session_path; @@ -115,7 +116,11 @@ handle_create_session (MetaDBusScreenCast *skeleton, else session_type = META_SCREEN_CAST_SESSION_TYPE_NORMAL; - session = meta_screen_cast_session_new (screen_cast, session_type, &error); + peer_name = g_dbus_method_invocation_get_sender (invocation); + session = meta_screen_cast_session_new (screen_cast, + session_type, + peer_name, + &error); if (!session) { g_warning ("Failed to create screen cast session: %s",