remote-desktop, screen-cast: Fail session method calls from other peers

Only accept method calls on the session objects from the same peer that created the session. https://bugzilla.gnome.org/show_bug.cgi?id=784199
author: Jonas Ådahl <jadahl@gmail.com> 2017-08-25 15:19:53 +0800
committer: Jonas Ådahl <jadahl@gmail.com> 2017-08-29 14:39:04 +0800
commit: 6e46ad9f3a9c63fddacf87d9995b35018cc060d7 (patch)
tree: 0481fc2bae2f07ed081f63b1455fde09949ef09d /src
parent: 921b18f7131342c1d90dc94db073b263cf53afed (diff)
download: mutter-6e46ad9f3a9c63fddacf87d9995b35018cc060d7.tar.gz
6 files changed, 120 insertions, 2 deletions
diff --git a/src/backends/meta-remote-desktop-session.c b/src/backends/meta-remote-desktop-session.c
index c8fd2da3d..468747572 100644
--- a/src/backends/meta-remote-desktop-session.c
+++ b/src/backends/meta-remote-desktop-session.c
@@ -42,6 +42,8 @@ struct _MetaRemoteDesktopSession
 {
   MetaDBusRemoteDesktopSessionSkeleton parent;
 
+  char *peer_name;
+
   char *session_id;
   char *object_path;
 
@@ -165,6 +167,7 @@ meta_remote_desktop_session_register_screen_cast (MetaRemoteDesktopSession  *ses
 
 MetaRemoteDesktopSession *
 meta_remote_desktop_session_new (MetaRemoteDesktop  *remote_desktop,
+                                 const char         *peer_name,
                                  GError            **error)
 {
   GDBusInterfaceSkeleton *interface_skeleton;
@@ -173,6 +176,8 @@ meta_remote_desktop_session_new (MetaRemoteDesktop  *remote_desktop,
 
   session = g_object_new (META_TYPE_REMOTE_DESKTOP_SESSION, NULL);
 
+  session->peer_name = g_strdup (peer_name);
+
   interface_skeleton = G_DBUS_INTERFACE_SKELETON (session);
   connection = meta_remote_desktop_get_connection (remote_desktop);
   if (!g_dbus_interface_skeleton_export (interface_skeleton,
@@ -188,12 +193,28 @@ meta_remote_desktop_session_new (MetaRemoteDesktop  *remote_desktop,
 }
 
 static gboolean
+check_permission (MetaRemoteDesktopSession *session,
+                  GDBusMethodInvocation    *invocation)
+{
+  return g_strcmp0 (session->peer_name,
+                    g_dbus_method_invocation_get_sender (invocation)) == 0;
+}
+
+static gboolean
 handle_start (MetaDBusRemoteDesktopSession *skeleton,
               GDBusMethodInvocation        *invocation)
 {
   MetaRemoteDesktopSession *session = META_REMOTE_DESKTOP_SESSION (skeleton);
   GError *error = NULL;
 
+  if (!check_permission (session, invocation))
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_ACCESS_DENIED,
+                                             "Permission denied");
+      return TRUE;
+    }
+
   if (!meta_remote_desktop_session_start (session, &error))
     {
       g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
@@ -218,6 +239,14 @@ handle_stop (MetaDBusRemoteDesktopSession *skeleton,
 {
   MetaRemoteDesktopSession *session = META_REMOTE_DESKTOP_SESSION (skeleton);
 
+  if (!check_permission (session, invocation))
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_ACCESS_DENIED,
+                                             "Permission denied");
+      return TRUE;
+    }
+
   meta_remote_desktop_session_close (session);
 
   meta_dbus_remote_desktop_session_complete_stop (skeleton, invocation);
@@ -232,9 +261,16 @@ handle_notify_keyboard_keysym (MetaDBusRemoteDesktopSession *skeleton,
                                gboolean                      pressed)
 {
   MetaRemoteDesktopSession *session = META_REMOTE_DESKTOP_SESSION (skeleton);
-
   ClutterKeyState state;
 
+  if (!check_permission (session, invocation))
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_ACCESS_DENIED,
+                                             "Permission denied");
+      return TRUE;
+    }
+
   if (pressed)
     state = CLUTTER_KEY_STATE_PRESSED;
   else
@@ -281,6 +317,14 @@ handle_notify_pointer_button (MetaDBusRemoteDesktopSession *skeleton,
   uint32_t button;
   ClutterButtonState state;
 
+  if (!check_permission (session, invocation))
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_ACCESS_DENIED,
+                                             "Permission denied");
+      return TRUE;
+    }
+
   button = translate_to_clutter_button (button_code);
 
   if (pressed)
@@ -324,6 +368,14 @@ handle_notify_pointer_axis_discrete (MetaDBusRemoteDesktopSession *skeleton,
   MetaRemoteDesktopSession *session = META_REMOTE_DESKTOP_SESSION (skeleton);
   ClutterScrollDirection direction;
 
+  if (!check_permission (session, invocation))
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_ACCESS_DENIED,
+                                             "Permission denied");
+      return TRUE;
+    }
+
   if (axis <= 1)
     {
       g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
@@ -369,6 +421,14 @@ handle_notify_pointer_motion_absolute (MetaDBusRemoteDesktopSession *skeleton,
 {
   MetaRemoteDesktopSession *session = META_REMOTE_DESKTOP_SESSION (skeleton);
 
+  if (!check_permission (session, invocation))
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_ACCESS_DENIED,
+                                             "Permission denied");
+      return TRUE;
+    }
+
   clutter_virtual_input_device_notify_absolute_motion (session->virtual_pointer,
                                                        CLUTTER_CURRENT_TIME,
                                                        x, y);
@@ -409,6 +469,7 @@ meta_remote_desktop_session_finalize (GObject *object)
 
   g_assert (!meta_remote_desktop_session_is_running (session));
 
+  g_free (session->peer_name);
   g_free (session->session_id);
   g_free (session->object_path);
 
diff --git a/src/backends/meta-remote-desktop-session.h b/src/backends/meta-remote-desktop-session.h
index a406a0ffe..54dce4119 100644
--- a/src/backends/meta-remote-desktop-session.h
+++ b/src/backends/meta-remote-desktop-session.h
@@ -44,6 +44,7 @@ gboolean meta_remote_desktop_session_register_screen_cast (MetaRemoteDesktopSess
 void meta_remote_desktop_session_close (MetaRemoteDesktopSession *session);
 
 MetaRemoteDesktopSession * meta_remote_desktop_session_new (MetaRemoteDesktop  *remote_desktop,
+                                                            const char         *peer_name,
                                                             GError            **error);
 
 #endif /* META_REMOTE_DESKTOP_SESSION_H */
diff --git a/src/backends/meta-remote-desktop.c b/src/backends/meta-remote-desktop.c
index 481727627..38dbb57ae 100644
--- a/src/backends/meta-remote-desktop.c
+++ b/src/backends/meta-remote-desktop.c
@@ -94,13 +94,16 @@ handle_create_session (MetaDBusRemoteDesktop *skeleton,
                        GDBusMethodInvocation *invocation)
 {
   MetaRemoteDesktop *remote_desktop = META_REMOTE_DESKTOP (skeleton);
+  const char *peer_name;
   MetaRemoteDesktopSession *session;
   GError *error = NULL;
   char *session_id;
   char *session_path;
   const char *client_dbus_name;
 
+  peer_name = g_dbus_method_invocation_get_sender (invocation);
   session = meta_remote_desktop_session_new (remote_desktop,
+                                             peer_name,
                                              &error);
   if (!session)
     {
diff --git a/src/backends/meta-screen-cast-session.c b/src/backends/meta-screen-cast-session.c
index 907e645e3..674e1214e 100644
--- a/src/backends/meta-screen-cast-session.c
+++ b/src/backends/meta-screen-cast-session.c
@@ -35,6 +35,8 @@ struct _MetaScreenCastSession
 {
   MetaDBusScreenCastSessionSkeleton parent;
 
+  char *peer_name;
+
   MetaScreenCastSessionType session_type;
   char *object_path;
 
@@ -102,12 +104,28 @@ meta_screen_cast_session_get_object_path (MetaScreenCastSession *session)
 }
 
 static gboolean
+check_permission (MetaScreenCastSession *session,
+                  GDBusMethodInvocation *invocation)
+{
+  return g_strcmp0 (session->peer_name,
+                    g_dbus_method_invocation_get_sender (invocation)) == 0;
+}
+
+static gboolean
 handle_start (MetaDBusScreenCastSession *skeleton,
               GDBusMethodInvocation     *invocation)
 {
   MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (skeleton);
   GError *error = NULL;
 
+  if (!check_permission (session, invocation))
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_ACCESS_DENIED,
+                                             "Permission denied");
+      return TRUE;
+    }
+
   switch (session->session_type)
     {
     case META_SCREEN_CAST_SESSION_TYPE_NORMAL:
@@ -141,6 +159,14 @@ handle_stop (MetaDBusScreenCastSession *skeleton,
 {
   MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (skeleton);
 
+  if (!check_permission (session, invocation))
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_ACCESS_DENIED,
+                                             "Permission denied");
+      return TRUE;
+    }
+
   switch (session->session_type)
     {
     case META_SCREEN_CAST_SESSION_TYPE_NORMAL:
@@ -185,6 +211,14 @@ handle_record_monitor (MetaDBusScreenCastSession *skeleton,
   MetaScreenCastStream *stream;
   char *stream_path;
 
+  if (!check_permission (session, invocation))
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_ACCESS_DENIED,
+                                             "Permission denied");
+      return TRUE;
+    }
+
   interface_skeleton = G_DBUS_INTERFACE_SKELETON (skeleton);
   connection = g_dbus_interface_skeleton_get_connection (interface_skeleton);
 
@@ -238,6 +272,16 @@ handle_record_window (MetaDBusScreenCastSession *skeleton,
                       GDBusMethodInvocation     *invocation,
                       GVariant                  *properties_variant)
 {
+  MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (skeleton);
+
+  if (!check_permission (session, invocation))
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_ACCESS_DENIED,
+                                             "Permission denied");
+      return TRUE;
+    }
+
   g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
                                          G_DBUS_ERROR_FAILED,
                                          "Recording a window not yet supported");
@@ -268,6 +312,7 @@ meta_dbus_session_init_iface (MetaDbusSessionInterface *iface)
 MetaScreenCastSession *
 meta_screen_cast_session_new (MetaScreenCast             *screen_cast,
                               MetaScreenCastSessionType   session_type,
+                              const char                 *peer_name,
                               GError                    **error)
 {
   GDBusInterfaceSkeleton *interface_skeleton;
@@ -277,6 +322,7 @@ meta_screen_cast_session_new (MetaScreenCast             *screen_cast,
 
   session = g_object_new (META_TYPE_SCREEN_CAST_SESSION, NULL);
   session->session_type = session_type;
+  session->peer_name = g_strdup (peer_name);
   session->object_path =
     g_strdup_printf (META_SCREEN_CAST_SESSION_DBUS_PATH "/u%u",
                      ++global_session_number);
@@ -297,6 +343,7 @@ meta_screen_cast_session_finalize (GObject *object)
 {
   MetaScreenCastSession *session = META_SCREEN_CAST_SESSION (object);
 
+  g_free (session->peer_name);
   g_free (session->object_path);
 
   G_OBJECT_CLASS (meta_screen_cast_session_parent_class)->finalize (object);
diff --git a/src/backends/meta-screen-cast-session.h b/src/backends/meta-screen-cast-session.h
index cf8d8e293..20bbf84e7 100644
--- a/src/backends/meta-screen-cast-session.h
+++ b/src/backends/meta-screen-cast-session.h
@@ -40,6 +40,7 @@ char * meta_screen_cast_session_get_object_path (MetaScreenCastSession *session)
 
 MetaScreenCastSession * meta_screen_cast_session_new (MetaScreenCast             *screen_cast,
                                                       MetaScreenCastSessionType   session_type,
+                                                      const char                 *peer_name,
                                                       GError                    **error);
 
 gboolean meta_screen_cast_session_start (MetaScreenCastSession  *session,
diff --git a/src/backends/meta-screen-cast.c b/src/backends/meta-screen-cast.c
index 558ad181b..3d12c1e32 100644
--- a/src/backends/meta-screen-cast.c
+++ b/src/backends/meta-screen-cast.c
@@ -100,6 +100,7 @@ handle_create_session (MetaDBusScreenCast    *skeleton,
                        GVariant              *properties)
 {
   MetaScreenCast *screen_cast = META_SCREEN_CAST (skeleton);
+  const char *peer_name;
   MetaScreenCastSession *session;
   GError *error = NULL;
   const char *session_path;
@@ -115,7 +116,11 @@ handle_create_session (MetaDBusScreenCast    *skeleton,
   else
     session_type = META_SCREEN_CAST_SESSION_TYPE_NORMAL;
 
-  session = meta_screen_cast_session_new (screen_cast, session_type, &error);
+  peer_name = g_dbus_method_invocation_get_sender (invocation);
+  session = meta_screen_cast_session_new (screen_cast,
+                                          session_type,
+                                          peer_name,
+                                          &error);
   if (!session)
     {
       g_warning ("Failed to create screen cast session: %s",
author	Jonas Ådahl <jadahl@gmail.com>	2017-08-25 15:19:53 +0800
committer	Jonas Ådahl <jadahl@gmail.com>	2017-08-29 14:39:04 +0800
commit	6e46ad9f3a9c63fddacf87d9995b35018cc060d7 (patch)
tree	0481fc2bae2f07ed081f63b1455fde09949ef09d /src
parent	921b18f7131342c1d90dc94db073b263cf53afed (diff)
download	mutter-6e46ad9f3a9c63fddacf87d9995b35018cc060d7.tar.gz