iface-modem-location: limit method/properties to root or a predefined clientaleksander/geoclue

2 files changed, 157 insertions, 10 deletions

diff --git a/src/mm-iface-modem-location-skeleton.c b/src/mm-iface-modem-location-skeleton.c
index 8f4335063..c4c3b28f0 100644
--- a/src/mm-iface-modem-location-skeleton.c
+++ b/src/mm-iface-modem-location-skeleton.c
@@ -13,14 +13,166 @@
  * Copyright (C) 2014 Aleksander Morgado <aleksander@aleksander.es>
  */
 
+#include "mm-log.h"
 #include "mm-iface-modem-location-skeleton.h"
 
 G_DEFINE_TYPE (MMIfaceModemLocationSkeleton, mm_iface_modem_location_skeleton, MM_GDBUS_TYPE_MODEM_LOCATION_SKELETON)
 
-struct _MMIfaceModemLocationSkeletonPrivate {
-    gpointer unused;
+/*****************************************************************************/
+
+static gboolean
+validate_user (GDBusConnection *connection,
+               const gchar     *sender)
+{
+#if defined SINGLE_LOCATION_USER
+    GCredentials *credentials;
+    uid_t uid;
+    GError *error = NULL;
+
+    mm_dbg ("remote client: %s", sender);
+
+    /* If this is the allowed preconfigured single user, allow */
+    if (g_str_equal (sender, SINGLE_LOCATION_USER)) {
+        mm_dbg ("access allowed: remote client is the single user '%s'", sender);
+        return TRUE;
+    }
+
+    /* Otherwise, check whether the remote user is actually root */
+    credentials = g_dbus_connection_get_peer_credentials (connection);
+    if (!credentials) {
+        mm_dbg ("access forbidden: couldn't get peer credentials");
+        return FALSE;
+    }
+    uid = g_credentials_get_unix_user (credentials, &error);
+    if (uid == -1) {
+        mm_dbg ("access forbidden: couldn't load peer user id: %s", error->message);
+        g_error_free (error);
+        return FALSE;
+    }
+
+    if (uid != 0) {
+        mm_dbg ("access forbidden: remote user is neither 'root' nor the single user '%s'",
+                SINGLE_LOCATION_USER);
+        return FALSE;
+    }
+
+    mm_dbg ("access allowed: remote user is root");
+
+#endif
+    return TRUE;
+}
+
+static void
+handle_method_call (GDBusConnection       *connection,
+                    const gchar           *sender,
+                    const gchar           *object_path,
+                    const gchar           *interface_name,
+                    const gchar           *method_name,
+                    GVariant              *parameters,
+                    GDBusMethodInvocation *invocation,
+                    gpointer               user_data)
+{
+    GDBusInterfaceSkeletonClass *skeleton_class;
+    GDBusInterfaceVTable *skeleton_vtable;
+
+    if (!validate_user (connection, sender)) {
+        g_dbus_method_invocation_return_error (invocation,
+                                               G_DBUS_ERROR,
+                                               G_DBUS_ERROR_ACCESS_DENIED,
+                                               "Access denied");
+        return;
+    }
+
+    skeleton_class = G_DBUS_INTERFACE_SKELETON_CLASS (mm_iface_modem_location_skeleton_parent_class);
+    skeleton_vtable = skeleton_class->get_vtable (G_DBUS_INTERFACE_SKELETON (user_data));
+    skeleton_vtable->method_call (connection,
+                                  sender,
+                                  object_path,
+                                  interface_name,
+                                  method_name,
+                                  parameters,
+                                  invocation,
+                                  user_data);
+}
+
+static GVariant *
+handle_get_property (GDBusConnection *connection,
+                     const gchar     *sender,
+                     const gchar     *object_path,
+                     const gchar     *interface_name,
+                     const gchar     *property_name,
+                     GError         **error,
+                     gpointer        user_data)
+{
+    GDBusInterfaceSkeletonClass *skeleton_class;
+    GDBusInterfaceVTable *skeleton_vtable;
+
+    if (!validate_user (connection, sender)) {
+        g_set_error (error,
+                     G_DBUS_ERROR,
+                     G_DBUS_ERROR_ACCESS_DENIED,
+                     "Access denied");
+        return NULL;
+    }
+
+    skeleton_class = G_DBUS_INTERFACE_SKELETON_CLASS (mm_iface_modem_location_skeleton_parent_class);
+    skeleton_vtable = skeleton_class->get_vtable (G_DBUS_INTERFACE_SKELETON (user_data));
+    return skeleton_vtable->get_property (connection,
+                                          sender,
+                                          object_path,
+                                          interface_name,
+                                          property_name,
+                                          error,
+                                          user_data);
+}
+
+static gboolean
+handle_set_property (GDBusConnection *connection,
+                     const gchar     *sender,
+                     const gchar     *object_path,
+                     const gchar     *interface_name,
+                     const gchar     *property_name,
+                     GVariant        *variant,
+                     GError         **error,
+                     gpointer        user_data)
+{
+    GDBusInterfaceSkeletonClass *skeleton_class;
+    GDBusInterfaceVTable *skeleton_vtable;
+
+    if (!validate_user (connection, sender)) {
+        g_set_error (error,
+                     G_DBUS_ERROR,
+                     G_DBUS_ERROR_ACCESS_DENIED,
+                     "Access denied");
+        return FALSE;
+    }
+
+    skeleton_class = G_DBUS_INTERFACE_SKELETON_CLASS (mm_iface_modem_location_skeleton_parent_class);
+    skeleton_vtable = skeleton_class->get_vtable (G_DBUS_INTERFACE_SKELETON (user_data));
+    return skeleton_vtable->set_property (connection,
+                                          sender,
+                                          object_path,
+                                          interface_name,
+                                          property_name,
+                                          variant,
+                                          error,
+                                          user_data);
+}
+
+static const GDBusInterfaceVTable mm_iface_modem_location_skeleton_vtable =
+{
+    handle_method_call,
+    handle_get_property,
+    handle_set_property,
+    {NULL}
 };
 
+static GDBusInterfaceVTable *
+get_vtable (GDBusInterfaceSkeleton *skeleton G_GNUC_UNUSED)
+{
+        return (GDBusInterfaceVTable *) &mm_iface_modem_location_skeleton_vtable;
+}
+
 /*****************************************************************************/
 
 MMIfaceModemLocationSkeleton *
@@ -32,16 +184,13 @@ mm_iface_modem_location_skeleton_new (void)
 static void
 mm_iface_modem_location_skeleton_init (MMIfaceModemLocationSkeleton *self)
 {
-    /* Initialize private data */
-    self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
-                                              MM_TYPE_IFACE_MODEM_LOCATION_SKELETON,
-                                              MMIfaceModemLocationSkeletonPrivate);
 }
 
 static void
 mm_iface_modem_location_skeleton_class_init (MMIfaceModemLocationSkeletonClass *klass)
 {
-    GObjectClass *object_class = G_OBJECT_CLASS (klass);
+    GDBusInterfaceSkeletonClass *skeleton_class;
 
-    g_type_class_add_private (object_class, sizeof (MMIfaceModemLocationSkeletonPrivate));
+    skeleton_class = G_DBUS_INTERFACE_SKELETON_CLASS (klass);
+    skeleton_class->get_vtable = get_vtable;
 }
diff --git a/src/mm-iface-modem-location-skeleton.h b/src/mm-iface-modem-location-skeleton.h
index 856154095..ea3b364bf 100644
--- a/src/mm-iface-modem-location-skeleton.h
+++ b/src/mm-iface-modem-location-skeleton.h
@@ -35,11 +35,9 @@
 
 typedef struct _MMIfaceModemLocationSkeleton MMIfaceModemLocationSkeleton;
 typedef struct _MMIfaceModemLocationSkeletonClass MMIfaceModemLocationSkeletonClass;
-typedef struct _MMIfaceModemLocationSkeletonPrivate MMIfaceModemLocationSkeletonPrivate;
 
 struct _MMIfaceModemLocationSkeleton {
     MmGdbusModemLocationSkeleton parent;
-    MMIfaceModemLocationSkeletonPrivate *priv;
 };
 
 struct _MMIfaceModemLocationSkeletonClass {