GDBusAuthObserver: Document how to restrict authentication to EXTERNAL

This is simpler and more robust than DBUS_COOKIE_SHA1, which relies on assumptions about random numbers and a secure home directory. Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-09-20 01:06:15 +02:00 · 2019-06-05 13:48:13 +01:00 · 2019-06-05 13:48:13 +01:00 · 281a03d603
commit 281a03d603
parent 1da3280b9e
1 changed files with 24 additions and 0 deletions
--- a/gio/gdbusauthobserver.c
+++ b/gio/gdbusauthobserver.c
@ -39,6 +39,30 @@
 * signals you are interested in. Note that new signals may be added
 * in the future
 *
+ * ## Controlling Authentication Mechanisms
+ *
+ * By default, a #GDBusServer or server-side #GDBusConnection will allow
+ * any authentication mechanism to be used. If you only
+ * want to allow D-Bus connections with the `EXTERNAL` mechanism,
+ * which makes use of credentials passing and is the recommended
+ * mechanism for modern Unix platforms such as Linux and the BSD family,
+ * you would use a signal handler like this:
+ *
+ * |[<!-- language="C" -->
+ * static gboolean
+ * on_allow_mechanism (GDBusAuthObserver *observer,
+ *                     const gchar       *mechanism,
+ *                     gpointer           user_data)
+ * {
+ *   if (g_strcmp0 (mechanism, "EXTERNAL") == 0)
+ *     {
+ *       return TRUE;
+ *     }
+ *
+ *   return FALSE;
+ * }
+ * ]|
+ *
 * ## Controlling Authorization # {#auth-observer}
 *
 * By default, a #GDBusServer or server-side #GDBusConnection will accept