remote-desktop, screen-cast: Fail session method calls from other peers

Only accept method calls on the session objects from the same peer that created the session. https://bugzilla.gnome.org/show_bug.cgi?id=784199
author: Jonas Ådahl <jadahl@gmail.com> 2017-08-25 15:19:53 +0800
committer: Jonas Ådahl <jadahl@gmail.com> 2017-08-29 14:39:04 +0800
commit: 6e46ad9f3a9c63fddacf87d9995b35018cc060d7 (patch)
tree: 0481fc2bae2f07ed081f63b1455fde09949ef09d /src/backends/meta-screen-cast-session.c
parent: 921b18f7131342c1d90dc94db073b263cf53afed (diff)
download: mutter-6e46ad9f3a9c63fddacf87d9995b35018cc060d7.tar.gz
1 files changed, 47 insertions, 0 deletions
diff --git a/src/backends/meta-screen-cast-session.c b/src/backends/meta-screen-cast-session.c
index 907e645e3..674e1214e 100644
--- a/src/backends/meta-screen-cast-session.c
+++ b/src/backends/meta-screen-cast-session.c
@@ -35,6 +35,8 @@ struct _MetaScreenCastSession
 {
   MetaDBusScreenCastSessionSkeleton parent;
 
+  char *peer_name;
+
   MetaScreenCastSessionType session_type;
   char *object_path;
 
@@ -102,12 +104,28 @@ meta_screen_cast_session_get_object_path (MetaScreenCastSession *session)
 }
 
 static gboolean
+check_permission (MetaScreenCastSession *session,
+                  GDBusMethodInvocation *invocation)
+{
+  return g_strcmp0 (session->peer_name,
+                    g_dbus_method_invocation_get_sender (invocation)) == 0;
+}
+
+static gboolean
 handle_start (MetaDBusScreenCastSession *skeleton,
               GDBusMethodInvocation     *invocation)
 {
   MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (skeleton);
   GError *error = NULL;
 
+  if (!check_permission (session, invocation))
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_ACCESS_DENIED,
+                                             "Permission denied");
+      return TRUE;
+    }
+
   switch (session->session_type)
     {
     case META_SCREEN_CAST_SESSION_TYPE_NORMAL:
@@ -141,6 +159,14 @@ handle_stop (MetaDBusScreenCastSession *skeleton,
 {
   MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (skeleton);
 
+  if (!check_permission (session, invocation))
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_ACCESS_DENIED,
+                                             "Permission denied");
+      return TRUE;
+    }
+
   switch (session->session_type)
     {
     case META_SCREEN_CAST_SESSION_TYPE_NORMAL:
@@ -185,6 +211,14 @@ handle_record_monitor (MetaDBusScreenCastSession *skeleton,
   MetaScreenCastStream *stream;
   char *stream_path;
 
+  if (!check_permission (session, invocation))
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_ACCESS_DENIED,
+                                             "Permission denied");
+      return TRUE;
+    }
+
   interface_skeleton = G_DBUS_INTERFACE_SKELETON (skeleton);
   connection = g_dbus_interface_skeleton_get_connection (interface_skeleton);
 
@@ -238,6 +272,16 @@ handle_record_window (MetaDBusScreenCastSession *skeleton,
                       GDBusMethodInvocation     *invocation,
                       GVariant                  *properties_variant)
 {
+  MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (skeleton);
+
+  if (!check_permission (session, invocation))
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_ACCESS_DENIED,
+                                             "Permission denied");
+      return TRUE;
+    }
+
   g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
                                          G_DBUS_ERROR_FAILED,
                                          "Recording a window not yet supported");
@@ -268,6 +312,7 @@ meta_dbus_session_init_iface (MetaDbusSessionInterface *iface)
 MetaScreenCastSession *
 meta_screen_cast_session_new (MetaScreenCast             *screen_cast,
                               MetaScreenCastSessionType   session_type,
+                              const char                 *peer_name,
                               GError                    **error)
 {
   GDBusInterfaceSkeleton *interface_skeleton;
@@ -277,6 +322,7 @@ meta_screen_cast_session_new (MetaScreenCast             *screen_cast,
 
   session = g_object_new (META_TYPE_SCREEN_CAST_SESSION, NULL);
   session->session_type = session_type;
+  session->peer_name = g_strdup (peer_name);
   session->object_path =
     g_strdup_printf (META_SCREEN_CAST_SESSION_DBUS_PATH "/u%u",
                      ++global_session_number);
@@ -297,6 +343,7 @@ meta_screen_cast_session_finalize (GObject *object)
 {
   MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (object);
 
+  g_free (session->peer_name);
   g_free (session->object_path);
 
   G_OBJECT_CLASS (meta_screen_cast_session_parent_class)->finalize (object);
author	Jonas Ådahl <jadahl@gmail.com>	2017-08-25 15:19:53 +0800
committer	Jonas Ådahl <jadahl@gmail.com>	2017-08-29 14:39:04 +0800
commit	6e46ad9f3a9c63fddacf87d9995b35018cc060d7 (patch)
tree	0481fc2bae2f07ed081f63b1455fde09949ef09d /src/backends/meta-screen-cast-session.c
parent	921b18f7131342c1d90dc94db073b263cf53afed (diff)
download	mutter-6e46ad9f3a9c63fddacf87d9995b35018cc060d7.tar.gz