core,main: Add DBus ACL implementation

This implementation looks for interface org.gnome.Rygel1.AclProvider1 on the
session bus.

Signed-off-by: Jens Georg <mail@jensge.org>

5 files changed, 132 insertions, 1 deletions

diff --git a/src/librygel-core/rygel-dbus-interface.vala b/src/librygel-core/rygel-dbus-interface.vala
index 1fb9d7c8..16ca40ba 100644
--- a/src/librygel-core/rygel-dbus-interface.vala
+++ b/src/librygel-core/rygel-dbus-interface.vala
@@ -28,3 +28,16 @@ public interface Rygel.DBusInterface : Object {
 
     public abstract void shutdown () throws IOError;
 }
+
+[DBus (name = "org.gnome.Rygel1.AclProvider1")]
+public interface Rygel.DBusAclProvider : Object {
+    public const string SERVICE_NAME = "org.gnome.Rygel1.AclProvider1";
+    public const string OBJECT_PATH = "/org/gnome/Rygel1/AclProvider1";
+
+    public abstract async bool is_allowed (GLib.HashTable<string, string> device,
+                                           GLib.HashTable<string, string> service,
+                                           string                         path,
+                                           string                         address,
+                                           string?                        agent)
+                                           throws DBusError, IOError;
+}
diff --git a/src/librygel-server/rygel-http-server.vala b/src/librygel-server/rygel-http-server.vala
index a7d10491..92d44a65 100644
--- a/src/librygel-server/rygel-http-server.vala
+++ b/src/librygel-server/rygel-http-server.vala
@@ -68,7 +68,7 @@ public class Rygel.HTTPServer : GLib.Object, Rygel.StateMachine {
     }
 
     public async void run () {
-        context.server.add_handler (this.path_root, this.server_handler);
+        context.add_server_handler (true, this.path_root, this.server_handler);
         context.server.request_aborted.connect (this.on_request_aborted);
         context.server.request_started.connect (this.on_request_started);
 
diff --git a/src/rygel/Makefile.am b/src/rygel/Makefile.am
index 843dba02..a912eece 100644
--- a/src/rygel/Makefile.am
+++ b/src/rygel/Makefile.am
@@ -3,6 +3,7 @@ include $(top_srcdir)/common.am
 bin_PROGRAMS = rygel
 
 rygel_SOURCES = \
+	rygel-acl.vala \
 	rygel-dbus-service.vala \
 	rygel-main.vala \
 	rygel-cmdline-config.vala \
@@ -21,6 +22,7 @@ rygel_CFLAGS = \
 	-DLOCALEDIR=\""$(datadir)/locale"\" \
 	-DG_LOG_DOMAIN='"Rygel"' \
 	-DSYS_CONFIG_DIR='"$(sysconfigdir)"'
+
 rygel_LDADD = \
 	$(RYGEL_DEPS_LIBS) \
 	$(RYGEL_COMMON_LIBRYGEL_SERVER_LIBS)
diff --git a/src/rygel/rygel-acl.vala b/src/rygel/rygel-acl.vala
new file mode 100644
index 00000000..1cc2e6d1
--- /dev/null
+++ b/src/rygel/rygel-acl.vala
@@ -0,0 +1,110 @@
+/*
+ * Copyright (C) 2014 Jens Georg <mail@jensge.org>
+ *
+ * Author: Jens Georg <mail@jensge.org>
+ *
+ * This file is part of Rygel.
+ *
+ * Rygel is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Rygel is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
+internal class Rygel.Acl : GLib.Object, GUPnP.Acl
+{
+    private DBusAclProvider provider;
+
+    public Acl () {
+        Bus.watch_name (BusType.SESSION,
+                        DBusAclProvider.SERVICE_NAME,
+                        BusNameWatcherFlags.AUTO_START,
+                        this.on_name_appeared,
+                        this.on_name_vanished);
+    }
+
+    public bool can_sync () { return false; }
+
+    public bool is_allowed (GUPnP.Device? device,
+                            GUPnP.Service? service,
+                            string         path,
+                            string         address,
+                            string?        agent) {
+        assert_not_reached ();
+    }
+
+    public async bool is_allowed_async (GUPnP.Device? device,
+                                        GUPnP.Service? service,
+                                        string path,
+                                        string address,
+                                        string? agent,
+                                        GLib.Cancellable? cancellable)
+                                        throws GLib.Error {
+        if (this.provider == null) {
+            debug ("No external provider found, allowing access…");
+
+            return true;
+        }
+
+        debug ("Querying ACL for %s on %s by %s@%s",
+               path,
+               device != null ? device.udn : "none",
+               agent ?? "Unknown",
+               address);
+
+        try {
+            var device_hash = new HashTable<string, string> (str_hash, str_equal);
+
+            if (device != null) {
+                device_hash["FriendlyName"] = device.get_friendly_name ();
+                device_hash["UDN"] = device.udn;
+                device_hash["Type"] = device.device_type;
+            }
+
+            var service_hash = new HashTable<string, string> (str_hash, str_equal);
+            if (service != null) {
+                service_hash["Type"] = service.service_type;
+            }
+
+            var allowed = yield provider.is_allowed (device_hash,
+                                                     service_hash,
+                                                     path,
+                                                     address,
+                                                     agent);
+            return allowed;
+        } catch (Error error) {
+            warning (_("Failed to query ACL: %s"), error.message);
+        }
+
+        return false;
+    }
+
+    private void on_name_appeared (DBusConnection connection,
+                                   string         name,
+                                   string         name_owner) {
+        debug ("Found ACL provider %s (%s), creating object",
+               name,
+               name_owner);
+        try {
+            this.provider = Bus.get_proxy_sync (BusType.SESSION,
+                                                name,
+                                                DBusAclProvider.OBJECT_PATH);
+        } catch (Error error) {
+            warning (_("Error creating DBus proxy for ACL: %s"),
+                     error.message);
+        }
+    }
+
+    private void on_name_vanished (DBusConnection connection, string name) {
+        this.provider = null;
+    }
+}
diff --git a/src/rygel/rygel-main.vala b/src/rygel/rygel-main.vala
index 3b4ef0a9..ab42f6d0 100644
--- a/src/rygel/rygel-main.vala
+++ b/src/rygel/rygel-main.vala
@@ -3,9 +3,11 @@
  * Copyright (C) 2008 Zeeshan Ali (Khattak) <zeeshanak@gnome.org>.
  * Copyright (C) 2012 Openismus GmbH.
  * Copyright (C) 2012 Intel Corporation.
+ * Copyright (C) 2014 Jens Georg <mail@jensge.org>
  *
  * Author: Zeeshan Ali (Khattak) <zeeshanak@gnome.org>
  *         Jens Georg <jensg@openismus.com>
+ *         Jens Georg <mail@jensge.org>
  *
  * This file is part of Rygel.
  *
@@ -38,6 +40,7 @@ internal class Rygel.Main : Object {
 
     private Configuration config;
     private LogHandler log_handler;
+    private Acl acl;
 
     private MainLoop main_loop;
 
@@ -54,6 +57,7 @@ internal class Rygel.Main : Object {
         this.root_devices = new ArrayList <RootDevice> ();
         this.factories = new ArrayList <RootDeviceFactory> ();
         this.main_loop = new GLib.MainLoop (null, false);
+        this.acl = new Acl ();
 
         this.exit_code = 0;
 
@@ -151,6 +155,8 @@ internal class Rygel.Main : Object {
                context.interface,
                context.host_ip);
 
+        context.acl = this.acl;
+
         try {
             ifaces = this.config.get_interfaces ();
         } catch (GLib.Error err) {}