Copyright | Will Thompson and Iñaki García Etxebarria |
---|---|
License | LGPL-2.1 |
Maintainer | Iñaki García Etxebarria |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
The DBusAuthObserver
type provides a mechanism for participating
in how a DBusServer
(or a DBusConnection
) authenticates remote
peers. Simply instantiate a DBusAuthObserver
and connect to the
signals you are interested in. Note that new signals may be added
in the future
Controlling Authentication Mechanisms
By default, a DBusServer
or server-side DBusConnection
will allow
any authentication mechanism to be used. If you only
want to allow D-Bus connections with the EXTERNAL
mechanism,
which makes use of credentials passing and is the recommended
mechanism for modern Unix platforms such as Linux and the BSD family,
you would use a signal handler like this:
C code
static gboolean on_allow_mechanism (GDBusAuthObserver *observer, const gchar *mechanism, gpointer user_data) { if (g_strcmp0 (mechanism, "EXTERNAL") == 0) { return TRUE; } return FALSE; }
## Controlling Authorization # {auth
-observer}
By default, a DBusServer
or server-side DBusConnection
will accept
connections from any successfully authenticated user (but not from
anonymous connections using the ANONYMOUS
mechanism). If you only
want to allow D-Bus connections from processes owned by the same uid
as the server, since GLib 2.68, you should use the
DBusServerFlagsAuthenticationRequireSameUser
flag. It’s equivalent
to the following signal handler:
C code
static gboolean on_authorize_authenticated_peer (GDBusAuthObserver *observer, GIOStream *stream, GCredentials *credentials, gpointer user_data) { gboolean authorized; authorized = FALSE; if (credentials != NULL) { GCredentials *own_credentials; own_credentials = g_credentials_new (); if (g_credentials_is_same_user (credentials, own_credentials, NULL)) authorized = TRUE; g_object_unref (own_credentials); } return authorized; }
Since: 2.26
Synopsis
- newtype DBusAuthObserver = DBusAuthObserver (ManagedPtr DBusAuthObserver)
- class (GObject o, IsDescendantOf DBusAuthObserver o) => IsDBusAuthObserver o
- toDBusAuthObserver :: (MonadIO m, IsDBusAuthObserver o) => o -> m DBusAuthObserver
- dBusAuthObserverAllowMechanism :: (HasCallStack, MonadIO m, IsDBusAuthObserver a) => a -> Text -> m Bool
- dBusAuthObserverAuthorizeAuthenticatedPeer :: (HasCallStack, MonadIO m, IsDBusAuthObserver a, IsIOStream b, IsCredentials c) => a -> b -> Maybe c -> m Bool
- dBusAuthObserverNew :: (HasCallStack, MonadIO m) => m DBusAuthObserver
- type DBusAuthObserverAllowMechanismCallback = Text -> IO Bool
- afterDBusAuthObserverAllowMechanism :: (IsDBusAuthObserver a, MonadIO m) => a -> ((?self :: a) => DBusAuthObserverAllowMechanismCallback) -> m SignalHandlerId
- onDBusAuthObserverAllowMechanism :: (IsDBusAuthObserver a, MonadIO m) => a -> ((?self :: a) => DBusAuthObserverAllowMechanismCallback) -> m SignalHandlerId
- type DBusAuthObserverAuthorizeAuthenticatedPeerCallback = IOStream -> Maybe Credentials -> IO Bool
- afterDBusAuthObserverAuthorizeAuthenticatedPeer :: (IsDBusAuthObserver a, MonadIO m) => a -> ((?self :: a) => DBusAuthObserverAuthorizeAuthenticatedPeerCallback) -> m SignalHandlerId
- onDBusAuthObserverAuthorizeAuthenticatedPeer :: (IsDBusAuthObserver a, MonadIO m) => a -> ((?self :: a) => DBusAuthObserverAuthorizeAuthenticatedPeerCallback) -> m SignalHandlerId
Exported types
newtype DBusAuthObserver Source #
Memory-managed wrapper type.
DBusAuthObserver (ManagedPtr DBusAuthObserver) |
Instances
class (GObject o, IsDescendantOf DBusAuthObserver o) => IsDBusAuthObserver o Source #
Type class for types which can be safely cast to DBusAuthObserver
, for instance with toDBusAuthObserver
.
Instances
(GObject o, IsDescendantOf DBusAuthObserver o) => IsDBusAuthObserver o Source # | |
Defined in GI.Gio.Objects.DBusAuthObserver |
toDBusAuthObserver :: (MonadIO m, IsDBusAuthObserver o) => o -> m DBusAuthObserver Source #
Cast to DBusAuthObserver
, for types for which this is known to be safe. For general casts, use castTo
.
Methods
Click to display all available methods, including inherited ones
Methods
allowMechanism, authorizeAuthenticatedPeer, bindProperty, bindPropertyFull, forceFloating, freezeNotify, getv, isFloating, notify, notifyByPspec, ref, refSink, runDispose, stealData, stealQdata, thawNotify, unref, watchClosure.
Getters
getData, getProperty, getQdata.
Setters
allowMechanism
dBusAuthObserverAllowMechanism Source #
:: (HasCallStack, MonadIO m, IsDBusAuthObserver a) | |
=> a |
|
-> Text |
|
-> m Bool | Returns: |
Emits the DBusAuthObserver::allowMechanism signal on observer
.
Since: 2.34
authorizeAuthenticatedPeer
dBusAuthObserverAuthorizeAuthenticatedPeer Source #
:: (HasCallStack, MonadIO m, IsDBusAuthObserver a, IsIOStream b, IsCredentials c) | |
=> a |
|
-> b |
|
-> Maybe c |
|
-> m Bool |
Emits the DBusAuthObserver::authorizeAuthenticatedPeer signal on observer
.
Since: 2.26
new
:: (HasCallStack, MonadIO m) | |
=> m DBusAuthObserver | Returns: A |
Creates a new DBusAuthObserver
object.
Since: 2.26
Signals
allowMechanism
type DBusAuthObserverAllowMechanismCallback Source #
= Text |
|
-> IO Bool | Returns: |
Emitted to check if mechanism
is allowed to be used.
Since: 2.34
afterDBusAuthObserverAllowMechanism :: (IsDBusAuthObserver a, MonadIO m) => a -> ((?self :: a) => DBusAuthObserverAllowMechanismCallback) -> m SignalHandlerId Source #
Connect a signal handler for the allowMechanism signal, to be run after the default handler. When overloading is enabled, this is equivalent to
after
dBusAuthObserver #allowMechanism callback
By default the object invoking the signal is not passed to the callback.
If you need to access it, you can use the implit ?self
parameter.
Note that this requires activating the ImplicitParams
GHC extension.
onDBusAuthObserverAllowMechanism :: (IsDBusAuthObserver a, MonadIO m) => a -> ((?self :: a) => DBusAuthObserverAllowMechanismCallback) -> m SignalHandlerId Source #
Connect a signal handler for the allowMechanism signal, to be run before the default handler. When overloading is enabled, this is equivalent to
on
dBusAuthObserver #allowMechanism callback
authorizeAuthenticatedPeer
type DBusAuthObserverAuthorizeAuthenticatedPeerCallback Source #
= IOStream |
|
-> Maybe Credentials |
|
-> IO Bool |
Emitted to check if a peer that is successfully authenticated is authorized.
Since: 2.26
afterDBusAuthObserverAuthorizeAuthenticatedPeer :: (IsDBusAuthObserver a, MonadIO m) => a -> ((?self :: a) => DBusAuthObserverAuthorizeAuthenticatedPeerCallback) -> m SignalHandlerId Source #
Connect a signal handler for the authorizeAuthenticatedPeer signal, to be run after the default handler. When overloading is enabled, this is equivalent to
after
dBusAuthObserver #authorizeAuthenticatedPeer callback
By default the object invoking the signal is not passed to the callback.
If you need to access it, you can use the implit ?self
parameter.
Note that this requires activating the ImplicitParams
GHC extension.
onDBusAuthObserverAuthorizeAuthenticatedPeer :: (IsDBusAuthObserver a, MonadIO m) => a -> ((?self :: a) => DBusAuthObserverAuthorizeAuthenticatedPeerCallback) -> m SignalHandlerId Source #
Connect a signal handler for the authorizeAuthenticatedPeer signal, to be run before the default handler. When overloading is enabled, this is equivalent to
on
dBusAuthObserver #authorizeAuthenticatedPeer callback