From 2ec3ced24c9397b33f8913f4fc4f59d5f6d45438 Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Wed, 27 Jul 2022 10:23:31 +1000 Subject: [PATCH] proto: specify that Configure messages must be sent before connection There's a very limited use for configure messages after client connection. The name is already static after connect anyway, and the ability to drop capabilities after connect would just complicate the EIS implementations unnecessary. --- proto/ei.proto | 10 +++++----- src/libeis-client.c | 8 ++++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/proto/ei.proto b/proto/ei.proto index 0ea1229..f6e75c1 100644 --- a/proto/ei.proto +++ b/proto/ei.proto @@ -37,15 +37,15 @@ syntax = "proto3"; * ---------------------------- * * Where a proxy is in place (e.g. a portal), the client connection can be - * preconfigured to match the permissions model. The proxy would open a - * socket to the server, write the Configure* messages onto that socket and - * then pass the fd to the client to create a libei context from that. + * pre-configured to match the permissions model. The proxy opens or obtains a + * socket to the server, writes the Configure* messages onto that socket and + * then passes the fd to the client to create a libei context from that. * * The proxy can force a client name and/or restrict other options. This is * invisible to the client, it does not know what restrictions are in place. * - * Configure messages may come at any time but they can only ever *reduce* - * the current capabilities, not increase them. + * Configure messages may only be sent before the client connection. Sending + * Configure messages after a client has connected will be silently ignored. */ /* ConfigureName *must* be sent before the Connect event */ diff --git a/src/libeis-client.c b/src/libeis-client.c index bf74c7c..3ee396f 100644 --- a/src/libeis-client.c +++ b/src/libeis-client.c @@ -469,11 +469,11 @@ client_msg_configure_name(struct eis_client *client, const char *name) static int client_msg_configure_capabilities(struct eis_client *client, uint32_t allowed_caps) { - client->restrictions.cap_allow_mask = allowed_caps; + /* We silently ignore wrong configure messages */ + if (client->state != EIS_CLIENT_STATE_NEW) + return 0; - /* FIXME: if something is disallowed now, we should disconnect - * accordingly. - */ + client->restrictions.cap_allow_mask = allowed_caps; return 0; }