From 46aacb6cf597eecde409ac65581fecbdf2af3958 Mon Sep 17 00:00:00 2001
From: sinanmohd <sinan@sinanmohd.com>
Date: Sun, 21 Apr 2024 18:35:00 +0530
Subject: npassd/session/close: only allow owner to close session

---
 src/npassd/session.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/npassd/session.c b/src/npassd/session.c
index 7190aec..8d2ecf7 100644
--- a/src/npassd/session.c
+++ b/src/npassd/session.c
@@ -44,11 +44,20 @@ static int handle_nameownerchanged(sd_bus_message *msg, void *data,
 	return 0;
 }
 
-static int handle_close(__attribute__((unused)) sd_bus_message *msg, void *data,
+static int handle_close(sd_bus_message *msg, void *data,
 			__attribute__((unused)) sd_bus_error *ret_error)
 {
+	struct session *session = data;
+	const char *sender;
 	int ret;
 
+	sender = sd_bus_message_get_sender(msg);
+	ret = strcmp(sender, session->owner);
+	if (ret) {
+		print_err("Unauthorized session close by %s", sender);
+		return -EPERM;
+	}
+
 	ret = session_free((struct session *)data);
 	if (ret < 0)
 		print_err("Failed to free session: %s", strerror(-ret));
-- 
cgit v1.2.3