GDBusAuthObserver

GDBusAuthObserver — Object used for authenticating connections

Signals

gboolean allow-mechanism Run Last
gboolean authorize-authenticated-peer Run Last

Types and Values

Object Hierarchy

    GObject
    ╰── GDBusAuthObserver

Includes

#include <gio/gio.h>

Description

The GDBusAuthObserver type provides a mechanism for participating in how a GDBusServer (or a GDBusConnection) authenticates remote peers. Simply instantiate a GDBusAuthObserver and connect to the signals you are interested in. Note that new signals may be added in the future

Controlling Authentication Mechanisms

By default, a GDBusServer or server-side GDBusConnection will allow any authentication mechanism to be used. If you only want to allow D-Bus connections with the EXTERNAL mechanism, which makes use of credentials passing and is the recommended mechanism for modern Unix platforms such as Linux and the BSD family, you would use a signal handler like this:

1
2
3
4
5
6
7
8
9
10
11
12
static gboolean
on_allow_mechanism (GDBusAuthObserver *observer,
                    const gchar       *mechanism,
                    gpointer           user_data)
{
  if (g_strcmp0 (mechanism, "EXTERNAL") == 0)
    {
      return TRUE;
    }

  return FALSE;
}

Controlling Authorization

By default, a GDBusServer or server-side GDBusConnection will accept connections from any successfully authenticated user (but not from anonymous connections using the ANONYMOUS mechanism). If you only want to allow D-Bus connections from processes owned by the same uid as the server, you would use a signal handler like the following:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
static gboolean
on_authorize_authenticated_peer (GDBusAuthObserver *observer,
                                 GIOStream         *stream,
                                 GCredentials      *credentials,
                                 gpointer           user_data)
{
  gboolean authorized;

  authorized = FALSE;
  if (credentials != NULL)
    {
      GCredentials *own_credentials;
      own_credentials = g_credentials_new ();
      if (g_credentials_is_same_user (credentials, own_credentials, NULL))
        authorized = TRUE;
      g_object_unref (own_credentials);
    }

  return authorized;
}

Functions

g_dbus_auth_observer_new ()

GDBusAuthObserver *
g_dbus_auth_observer_new (void);

Creates a new GDBusAuthObserver object.

Returns

A GDBusAuthObserver. Free with g_object_unref().

Since: 2.26


g_dbus_auth_observer_authorize_authenticated_peer ()

gboolean
g_dbus_auth_observer_authorize_authenticated_peer
                               (GDBusAuthObserver *observer,
                                GIOStream *stream,
                                GCredentials *credentials);

Emits the “authorize-authenticated-peer” signal on observer .

Parameters

observer

A GDBusAuthObserver.

 

stream

A GIOStream for the GDBusConnection.

 

credentials

Credentials received from the peer or NULL.

[nullable]

Returns

TRUE if the peer is authorized, FALSE if not.

Since: 2.26


g_dbus_auth_observer_allow_mechanism ()

gboolean
g_dbus_auth_observer_allow_mechanism (GDBusAuthObserver *observer,
                                      const gchar *mechanism);

Emits the “allow-mechanism” signal on observer .

Parameters

observer

A GDBusAuthObserver.

 

mechanism

The name of the mechanism, e.g. DBUS_COOKIE_SHA1.

 

Returns

TRUE if mechanism can be used to authenticate the other peer, FALSE if not.

Since: 2.34

Types and Values

GDBusAuthObserver

typedef struct _GDBusAuthObserver GDBusAuthObserver;

The GDBusAuthObserver structure contains only private data and should only be accessed using the provided API.

Since: 2.26

Signal Details

The “allow-mechanism” signal

gboolean
user_function (GDBusAuthObserver *observer,
               gchar             *mechanism,
               gpointer           user_data)

Emitted to check if mechanism is allowed to be used.

Parameters

observer

The GDBusAuthObserver emitting the signal.

 

mechanism

The name of the mechanism, e.g. DBUS_COOKIE_SHA1.

 

user_data

user data set when the signal handler was connected.

 

Returns

TRUE if mechanism can be used to authenticate the other peer, FALSE if not.

Flags: Run Last

Since: 2.34


The “authorize-authenticated-peer” signal

gboolean
user_function (GDBusAuthObserver *observer,
               GIOStream         *stream,
               GCredentials      *credentials,
               gpointer           user_data)

Emitted to check if a peer that is successfully authenticated is authorized.

Parameters

observer

The GDBusAuthObserver emitting the signal.

 

stream

A GIOStream for the GDBusConnection.

 

credentials

Credentials received from the peer or NULL.

[nullable]

user_data

user data set when the signal handler was connected.

 

Returns

TRUE if the peer is authorized, FALSE if not.

Flags: Run Last

Since: 2.26