Gio.DBusAuthObserver

g GObject.Object GObject.Object Gio.DBusAuthObserver Gio.DBusAuthObserver GObject.Object->Gio.DBusAuthObserver

Subclasses:

None

Methods

Inherited:

GObject.Object (37)

Structs:

GObject.ObjectClass (5)

class

new ()

allow_mechanism (mechanism)

authorize_authenticated_peer (stream, credentials)

Virtual Methods

Inherited:

GObject.Object (7)

Properties

None

Signals

Inherited:

GObject.Object (1)

Name

Short Description

allow-mechanism

Emitted to check if mechanism is allowed to be used.

authorize-authenticated-peer

Emitted to check if a peer that is successfully authenticated is authorized.

Fields

Inherited:

GObject.Object (1)

Class Details

class Gio.DBusAuthObserver(**kwargs)
Bases:

GObject.Object

Abstract:

No

The Gio.DBusAuthObserver type provides a mechanism for participating in how a Gio.DBusServer (or a Gio.DBusConnection) authenticates remote peers. Simply instantiate a Gio.DBusAuthObserver and connect to the signals you are interested in. Note that new signals may be added in the future

Controlling Authentication Mechanisms

By default, a Gio.DBusServer or server-side Gio.DBusConnection will allow any authentication mechanism to be used. If you only want to allow D-Bus connections with the EXTERNAL mechanism, which makes use of credentials passing and is the recommended mechanism for modern Unix platforms such as Linux and the BSD family, you would use a signal handler like this:

static gboolean
on_allow_mechanism (GDBusAuthObserver *observer,
                    const gchar       *mechanism,
                    gpointer           user_data)
{
  if (g_strcmp0 (mechanism, "EXTERNAL") == 0)
    {
      return TRUE;
    }

  return FALSE;
}
Controlling Authorization

By default, a Gio.DBusServer or server-side Gio.DBusConnection will accept connections from any successfully authenticated user (but not from anonymous connections using the ANONYMOUS mechanism). If you only want to allow D-Bus connections from processes owned by the same uid as the server, since GLib 2.68, you should use the Gio.DBusServerFlags.AUTHENTICATION_REQUIRE_SAME_USER flag. It’s equivalent to the following signal handler:

static gboolean
on_authorize_authenticated_peer (GDBusAuthObserver *observer,
                                 GIOStream         *stream,
                                 GCredentials      *credentials,
                                 gpointer           user_data)
{
  gboolean authorized;

  authorized = FALSE;
  if (credentials != NULL)
    {
      GCredentials *own_credentials;
      own_credentials = g_credentials_new ();
      if (g_credentials_is_same_user (credentials, own_credentials, NULL))
        authorized = TRUE;
      g_object_unref (own_credentials);
    }

  return authorized;
}

New in version 2.26.

classmethod new()[source]
Returns:

A Gio.DBusAuthObserver. Free with GObject.Object.unref().

Return type:

Gio.DBusAuthObserver

Creates a new Gio.DBusAuthObserver object.

New in version 2.26.

allow_mechanism(mechanism)[source]
Parameters:

mechanism (str) – The name of the mechanism, e.g. DBUS_COOKIE_SHA1.

Returns:

True if mechanism can be used to authenticate the other peer, False if not.

Return type:

bool

Emits the Gio.DBusAuthObserver ::allow-mechanism signal on self.

New in version 2.34.

authorize_authenticated_peer(stream, credentials)[source]
Parameters:
Returns:

True if the peer is authorized, False if not.

Return type:

bool

Emits the Gio.DBusAuthObserver ::authorize-authenticated-peer signal on self.

New in version 2.26.

Signal Details

Gio.DBusAuthObserver.signals.allow_mechanism(d_bus_auth_observer, mechanism)
Signal Name:

allow-mechanism

Flags:

RUN_LAST

Parameters:
  • d_bus_auth_observer (Gio.DBusAuthObserver) – The object which received the signal

  • mechanism (str) – The name of the mechanism, e.g. DBUS_COOKIE_SHA1.

Returns:

True if mechanism can be used to authenticate the other peer, False if not.

Return type:

bool

Emitted to check if mechanism is allowed to be used.

New in version 2.34.

Gio.DBusAuthObserver.signals.authorize_authenticated_peer(d_bus_auth_observer, stream, credentials)
Signal Name:

authorize-authenticated-peer

Flags:

RUN_LAST

Parameters:
Returns:

True if the peer is authorized, False if not.

Return type:

bool

Emitted to check if a peer that is successfully authenticated is authorized.

New in version 2.26.