fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-25 08:20:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/src/core/nm-auth-utils.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

693 lines
21 KiB
C
Raw Permalink Normal View History

all: update deprecated SPDX license identifiers These SPDX license identifiers are deprecated ([1]). Update them. [1] https://spdx.org/licenses/ sed \ -e '1 s%^/\* SPDX-License-Identifier: \(GPL-2.0\|LGPL-2.1\)+ \*/$%/* SPDX-License-Identifier: \1-or-later */%' \ -e '1,2 s%^\(--\|#\|//\) SPDX-License-Identifier: \(GPL-2.0\|LGPL-2.1\)+$%\1 SPDX-License-Identifier: \2-or-later%' \ -i \ $(git grep -l SPDX-License-Identifier -- \ ':(exclude)shared/c-*/' \ ':(exclude)shared/n-*/' \ ':(exclude)shared/systemd/src' \ ':(exclude)src/systemd/src')
2020-12-23 22:21:36 +01:00
/* SPDX-License-Identifier: GPL-2.0-or-later */
all: manually drop code comments with file description
2019-09-25 13:13:40 +02:00
/*
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
* Copyright (C) 2010 Red Hat, Inc.
*/
all: add "src/core/nm-default-daemon.h" as replacement for "nm-default.h"
2021-02-04 18:04:13 +01:00
#include "src/core/nm-default-daemon.h"
all: consistently include config.h config.h should be included from every .c file, and it should be included before any other include. Fix that. (As a side effect of how I did this, this also changes us to consistently use "config.h" rather than <config.h>. To the extent that it matters [which is not much], quotes are more correct anyway, since we're talking about a file in our own build tree, not a system include.)
2014-11-13 10:07:02 -05:00
all: move NM_AUTH_PERMISSION_* defines to "nm-common-macros.h" header
2016-06-01 12:31:36 +02:00
#include "nm-auth-utils.h"
build: move "shared/nm-{glib-aux,log-null,log-core}" to "src/libnm-{glib-aux,log-null,log-core}"
2021-02-18 17:37:47 +01:00
#include "libnm-glib-aux/nm-c-list.h"
core: consolidate PolicyKit code Use one global PolkitAuthority object; we only really need to use it in one place anyway. So consolidate the code that uses polkit into nm-manager-auth.c.
2011-05-18 22:20:24 -05:00
#include "nm-setting-connection.h"
build: move "libnm-core/" to "src/" and split it "libnm-core/" is rather complicated. It provides a static library that is linked into libnm.so and NetworkManager. It also contains public headers (like "nm-setting.h") which are part of public libnm API. Then we have helper libraries ("libnm-core/nm-libnm-core-*/") which only rely on public API of libnm-core, but are themself static libraries that can be used by anybody who uses libnm-core. And "libnm-core/nm-libnm-core-intern" is used by libnm-core itself. Move "libnm-core/" to "src/". But also split it in different directories so that they have a clearer purpose. The goal is to have a flat directory hierarchy. The "src/libnm-core*/" directories correspond to the different modules (static libraries and set of headers that we have). We have different kinds of such modules because of how we combine various code together. The directory layout now reflects this.
2021-02-12 15:01:09 +01:00
#include "libnm-core-aux-intern/nm-auth-subject.h"
auth: rework polkit autorization to use DBUS interface directly This makes NetworkManager independent of <polkit/polkit.h> development headers and libpolkit-gobject-1.so library. Instead communicate directly with polkit using its DBUS interface. PolicyKit support is now always compiled in. You can control polkit authorization with the configuration option [main] auth-polkit=yes|no If the configure option is omitted, a build time default value is used. This default value can be set with the configure option --enable-polkit. This commit adds a new class NMAuthManager that reimplements the relevant DBUS client parts. It takes source code from the polkit library. https://bugzilla.gnome.org/show_bug.cgi?id=734146 Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-14 13:34:57 +02:00
#include "nm-auth-manager.h"
core: fill in nm-types.h, clean out other headers Clean up some of the cross-includes between headers (which made it so that, eg, if you included NetworkManagerUtils.h in a test program, you would need to build the test with -I$(top_srcdir)/src/platform, and if you included nm-device.h you'd need $(POLKIT_CFLAGS)) by moving all GObject struct definitions for src/ and src/settings/ into nm-types.h (which already existed to solve the NMDevice/NMActRequest circular references). Update various .c files to explicitly include the headers they used to get implicitly, and remove some now-unnecessary -I options from Makefiles.
2014-07-17 17:06:44 -04:00
#include "nm-session-monitor.h"
shared: move nm-dbus-auth-subject to shared/nm-libnm-core-intern Move it to shared as it's useful for clients as well. Move and rename nm_dbus_manager_new_auth_subject_from_context() and nm_dbus_manager_new_auth_subject_from_message() in nm-dbus-manager.c as they're needed there.
2019-12-19 11:30:38 +01:00
#include "nm-dbus-manager.h"
core: add nm_auth_is_invocation_in_acl_set_error() helper
2020-09-24 19:11:40 +02:00
#include "nm-core-utils.h"
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
/*****************************************************************************/
auth: track NMAuthChain data in array instead of CList It's about as complicated to track a CList as it is to track an allocated array. The latter requires fewer allocations and has better locality. That makes it preferable. (cherry picked from commit d935692bc7bcb774aa9c27840265687d1b79c729)
2020-04-26 17:41:55 +02:00
typedef struct {
format: reformat source tree with clang-format 13.0 We use clang-format for automatic formatting of our source files. Since clang-format is actively maintained software, the actual formatting depends on the used version of clang-format. That is unfortunate and painful, but really unavoidable unless clang-format would be strictly bug-compatible. So the version that we must use is from the current Fedora release, which is also tested by our gitlab-ci. Previously, we were using Fedora 34 with clang-tools-extra-12.0.1-1.fc34.x86_64. As Fedora 35 comes along, we need to update our formatting as Fedora 35 comes with version "13.0.0~rc1-1.fc35". An alternative would be to freeze on version 12, but that has different problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it would be cumbersome for our developers which are on Fedora 35 to use a clang that they cannot easily install). The (differently painful) solution is to reformat from time to time, as we switch to a new Fedora (and thus clang) version. Usually we would expect that such a reformatting brings minor changes. But this time, the changes are huge. That is mentioned in the release notes [1] as Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353) [1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
2021-11-09 13:28:54 +01:00
const char *tag;
auth: track NMAuthChain data in array instead of CList It's about as complicated to track a CList as it is to track an allocated array. The latter requires fewer allocations and has better locality. That makes it preferable. (cherry picked from commit d935692bc7bcb774aa9c27840265687d1b79c729)
2020-04-26 17:41:55 +02:00
gpointer data;
GDestroyNotify destroy;
} ChainData;
auth-chain: add nm_auth_chain_get_context() accessor Will be used later. Also rename "struct NMAuthChain" to "struct _NMAuthChain". It follows how we commonly name this kind of struct.
2019-12-23 10:54:16 +01:00
struct _NMAuthChain {
auth-chain: track auth-chains in embedded CList NMManager and NMSettings both may have multiple authorization requests ongoing. They need to keep track of them, at the very least to be able to cancel them on shutdown. Since NMAuthChain is not ref-countable, it always has only one clear user/owner. It makes little sense otherwise. Since most callers already want to track their NMAuthChain instances, let NMAuthChain help with that. Embed a "parent" CList field inside NMAuthChain. This avoids requiring an additional GSList allocation to track the element. Also, it allows to link and append an element without iterating the list. This ties the caller and the NMAuthChain a bit tighter together (making them less indepdendent). Generally that is not desirable. But here it seems the logic (of tracking the NMAuthChain) is still trivial and well separated. It's just that NMAuthChain instances now can be linked in a CList.
2019-05-26 18:49:55 +02:00
CList parent_lst;
ChainData *data_arr;
guint data_len;
auth: track NMAuthChain data in array instead of CList It's about as complicated to track a CList as it is to track an allocated array. The latter requires fewer allocations and has better locality. That makes it preferable. (cherry picked from commit d935692bc7bcb774aa9c27840265687d1b79c729)
2020-04-26 17:41:55 +02:00
guint data_alloc;
auth-chain: track auth-chains in embedded CList NMManager and NMSettings both may have multiple authorization requests ongoing. They need to keep track of them, at the very least to be able to cancel them on shutdown. Since NMAuthChain is not ref-countable, it always has only one clear user/owner. It makes little sense otherwise. Since most callers already want to track their NMAuthChain instances, let NMAuthChain help with that. Embed a "parent" CList field inside NMAuthChain. This avoids requiring an additional GSList allocation to track the element. Also, it allows to link and append an element without iterating the list. This ties the caller and the NMAuthChain a bit tighter together (making them less indepdendent). Generally that is not desirable. But here it seems the logic (of tracking the NMAuthChain) is still trivial and well separated. It's just that NMAuthChain instances now can be linked in a CList.
2019-05-26 18:49:55 +02:00
auth: track NMAuthChain data in array instead of CList It's about as complicated to track a CList as it is to track an allocated array. The latter requires fewer allocations and has better locality. That makes it preferable. (cherry picked from commit d935692bc7bcb774aa9c27840265687d1b79c729)
2020-04-26 17:41:55 +02:00
CList auth_call_lst_head;
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
GDBusMethodInvocation *context;
format: reformat source tree with clang-format 13.0 We use clang-format for automatic formatting of our source files. Since clang-format is actively maintained software, the actual formatting depends on the used version of clang-format. That is unfortunate and painful, but really unavoidable unless clang-format would be strictly bug-compatible. So the version that we must use is from the current Fedora release, which is also tested by our gitlab-ci. Previously, we were using Fedora 34 with clang-tools-extra-12.0.1-1.fc34.x86_64. As Fedora 35 comes along, we need to update our formatting as Fedora 35 comes with version "13.0.0~rc1-1.fc35". An alternative would be to freeze on version 12, but that has different problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it would be cumbersome for our developers which are on Fedora 35 to use a clang that they cannot easily install). The (differently painful) solution is to reformat from time to time, as we switch to a new Fedora (and thus clang) version. Usually we would expect that such a reformatting brings minor changes. But this time, the changes are huge. That is mentioned in the release notes [1] as Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353) [1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
2021-11-09 13:28:54 +01:00
NMAuthSubject *subject;
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
core: final gdbus porting Port remaining bits to gdbus and remove stray dbus-glib references Drop the dbus-glib version check from configure, since nothing depends on new dbus-glib any more. Move nm-dbus-glib-types.h and nm-gvaluearray-compat.h from include/ to libnm-util/ since they are now only used by libnm-util and libnm-glib.
2015-04-16 12:34:55 -04:00
GCancellable *cancellable;
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
/* if set, it also means that the chain is already started and was cancelled. */
GSource *cancellable_idle_source;
NMAuthChainResultFunc done_func;
gpointer user_data;
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
gulong cancellable_id;
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
guint num_pending_auth_calls;
bool is_started : 1;
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
bool is_destroyed : 1;
bool is_finishing : 1;
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
};
auth-chain: track auth-chains in embedded CList NMManager and NMSettings both may have multiple authorization requests ongoing. They need to keep track of them, at the very least to be able to cancel them on shutdown. Since NMAuthChain is not ref-countable, it always has only one clear user/owner. It makes little sense otherwise. Since most callers already want to track their NMAuthChain instances, let NMAuthChain help with that. Embed a "parent" CList field inside NMAuthChain. This avoids requiring an additional GSList allocation to track the element. Also, it allows to link and append an element without iterating the list. This ties the caller and the NMAuthChain a bit tighter together (making them less indepdendent). Generally that is not desirable. But here it seems the logic (of tracking the NMAuthChain) is still trivial and well separated. It's just that NMAuthChain instances now can be linked in a CList.
2019-05-26 18:49:55 +02:00
G_STATIC_ASSERT(G_STRUCT_OFFSET(NMAuthChain, parent_lst) == 0);
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
typedef struct {
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
CList auth_call_lst;
format: reformat source tree with clang-format 13.0 We use clang-format for automatic formatting of our source files. Since clang-format is actively maintained software, the actual formatting depends on the used version of clang-format. That is unfortunate and painful, but really unavoidable unless clang-format would be strictly bug-compatible. So the version that we must use is from the current Fedora release, which is also tested by our gitlab-ci. Previously, we were using Fedora 34 with clang-tools-extra-12.0.1-1.fc34.x86_64. As Fedora 35 comes along, we need to update our formatting as Fedora 35 comes with version "13.0.0~rc1-1.fc35". An alternative would be to freeze on version 12, but that has different problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it would be cumbersome for our developers which are on Fedora 35 to use a clang that they cannot easily install). The (differently painful) solution is to reformat from time to time, as we switch to a new Fedora (and thus clang) version. Usually we would expect that such a reformatting brings minor changes. But this time, the changes are huge. That is mentioned in the release notes [1] as Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353) [1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
2021-11-09 13:28:54 +01:00
NMAuthChain *chain;
auth-manager: rework auth-manager's API Don't use the GAsyncResult pattern for internal API of auth-manager. Instead, use a simpler API that has a more strict API and simpler use. - return a call-id handle when scheduling the authorization request. The request is always scheduled asynchronsously and thus call-id is never %NULL. - the call-id can be used to cancel the request. It can be used exactly once, and only before the callback is invoked. - the async keeps the auth-manager alive. It needs to do so, because when cancelling the request we might not yet be done: instead we might still need to issue a CancelCheckAuthorization call (which we need to handle as well). - the callback is always invoked exactly once. Currently NMAuthManager's API effectivly is only called by NMAuthChain. The point of this is to make NMAuthManager's API more consumable, and thus let users use it directly (instead of using the NMAuthChain layer). As well known, we don't do a good job during shutdown of NetworkManager to release all resources and cancel pending requests. This rework also makes it possible to actually get this right. See the comment in nm_auth_manager_force_shutdown(). But yes, it is still a bit complicated to do a controlled shutdown, because we cannot just synchronously complete. We need to issue CancelCheckAuthorization D-Bus calls, and give these requests time to complete. The new API introduced by this patch would make that easier.
2018-04-09 13:27:03 +02:00
NMAuthManagerCallId *call_id;
format: reformat source tree with clang-format 13.0 We use clang-format for automatic formatting of our source files. Since clang-format is actively maintained software, the actual formatting depends on the used version of clang-format. That is unfortunate and painful, but really unavoidable unless clang-format would be strictly bug-compatible. So the version that we must use is from the current Fedora release, which is also tested by our gitlab-ci. Previously, we were using Fedora 34 with clang-tools-extra-12.0.1-1.fc34.x86_64. As Fedora 35 comes along, we need to update our formatting as Fedora 35 comes with version "13.0.0~rc1-1.fc35". An alternative would be to freeze on version 12, but that has different problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it would be cumbersome for our developers which are on Fedora 35 to use a clang that they cannot easily install). The (differently painful) solution is to reformat from time to time, as we switch to a new Fedora (and thus clang) version. Usually we would expect that such a reformatting brings minor changes. But this time, the changes are huge. That is mentioned in the release notes [1] as Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353) [1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
2021-11-09 13:28:54 +01:00
const char *permission;
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
NMAuthCallResult result;
core: rename PolkitCall to AuthCall
2011-05-20 10:07:26 -05:00
} AuthCall;
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
/*****************************************************************************/
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
static void _auth_chain_destroy(NMAuthChain *self);
/*****************************************************************************/
auth-chain: split handling auth-call in idle auth_call_complete() had two callers: once from the idle handler, and once from pk_call_cb(). The conditions are slightly different, split the function in two. For one, this allows to unset the obsolete call_idle_id.
2018-04-05 09:24:22 +02:00
static void
_ASSERT_call(AuthCall *call)
{
nm_assert(call);
nm_assert(call->chain);
auth-chain: don't clone the permission string for AuthChain Out of the 33 callers of nm_auth_chain_add_call(), the permission argument is: - 29 times a C string literal like NM_AUTH_PERMISSION_NETWORK_CONTROL. - 3 times assign a string that is in fact a static string (it's just not a string literal) - only NMManager's device_auth_request_cb() passes a permission of (possibly) non static origin. But it already duplicates the string for it's own purposes and attaches it as user-data to the NMAuthChain. There really is no need to duplicate the string. Replace nm_auth_chain_add_call() by a macro that ensures that the permission string is a C literal. Rename nm_auth_chain_add_call() to nm_auth_chain_add_call_unsafe() to indicate that the lifetime of the permission argument is now the responsibility of the caller.
2019-05-04 10:31:18 +02:00
nm_assert(call->permission && strlen(call->permission) > 0);
auth-chain: split handling auth-call in idle auth_call_complete() had two callers: once from the idle handler, and once from pk_call_cb(). The conditions are slightly different, split the function in two. For one, this allows to unset the obsolete call_idle_id.
2018-04-05 09:24:22 +02:00
nm_assert(nm_c_list_contains_entry(&call->chain->auth_call_lst_head, call, auth_call_lst));
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
#if NM_MORE_ASSERTS > 5
{
AuthCall *auth_call;
guint n = 0;
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
c_list_for_each_entry (auth_call, &call->chain->auth_call_lst_head, auth_call_lst) {
nm_assert(auth_call->result == NM_AUTH_CALL_RESULT_UNKNOWN || !auth_call->call_id);
if (auth_call->call_id)
n++;
}
nm_assert(n == call->chain->num_pending_auth_calls);
}
#endif
auth-chain: split handling auth-call in idle auth_call_complete() had two callers: once from the idle handler, and once from pk_call_cb(). The conditions are slightly different, split the function in two. For one, this allows to unset the obsolete call_idle_id.
2018-04-05 09:24:22 +02:00
}
/*****************************************************************************/
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
static void
_done_and_destroy(NMAuthChain *self)
{
self->is_finishing = TRUE;
self->done_func(self, self->context, self->user_data);
nm_assert(self->is_finishing);
_auth_chain_destroy(self);
}
static gboolean
_cancellable_idle_cb(gpointer user_data)
{
NMAuthChain *self = user_data;
format: reformat source tree with clang-format 13.0 We use clang-format for automatic formatting of our source files. Since clang-format is actively maintained software, the actual formatting depends on the used version of clang-format. That is unfortunate and painful, but really unavoidable unless clang-format would be strictly bug-compatible. So the version that we must use is from the current Fedora release, which is also tested by our gitlab-ci. Previously, we were using Fedora 34 with clang-tools-extra-12.0.1-1.fc34.x86_64. As Fedora 35 comes along, we need to update our formatting as Fedora 35 comes with version "13.0.0~rc1-1.fc35". An alternative would be to freeze on version 12, but that has different problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it would be cumbersome for our developers which are on Fedora 35 to use a clang that they cannot easily install). The (differently painful) solution is to reformat from time to time, as we switch to a new Fedora (and thus clang) version. Usually we would expect that such a reformatting brings minor changes. But this time, the changes are huge. That is mentioned in the release notes [1] as Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353) [1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
2021-11-09 13:28:54 +01:00
AuthCall *call;
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
nm_assert(g_cancellable_is_cancelled(self->cancellable));
nm_assert(self->cancellable_idle_source);
c_list_for_each_entry (call, &self->auth_call_lst_head, auth_call_lst) {
if (call->call_id) {
self->num_pending_auth_calls--;
nm_auth_manager_check_authorization_cancel(g_steal_pointer(&call->call_id));
}
}
_done_and_destroy(self);
return G_SOURCE_REMOVE;
}
static void
_cancellable_on_idle(NMAuthChain *self)
{
all: use nm_{idle,timeout}_add_source() instead of g_source_attach()
2021-06-24 11:39:27 +02:00
if (!self->cancellable_idle_source)
self->cancellable_idle_source = nm_g_idle_add_source(_cancellable_idle_cb, self);
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
}
GCancellable *
nm_auth_chain_get_cancellable(NMAuthChain *self)
{
return self->cancellable;
}
static void
_cancellable_cancelled(GCancellable *cancellable, NMAuthChain *self)
{
_cancellable_on_idle(self);
}
void
nm_auth_chain_set_cancellable(NMAuthChain *self, GCancellable *cancellable)
{
g_return_if_fail(self);
g_return_if_fail(G_IS_CANCELLABLE(cancellable));
/* after the chain is started, the cancellable can no longer be changed.
* No need to handle the complexity of swapping the cancellable *after*
* requests are already started. */
g_return_if_fail(!self->is_started);
nm_assert(c_list_is_empty(&self->auth_call_lst_head));
/* also no need to allow setting different cancellables. */
g_return_if_fail(!self->cancellable);
self->cancellable = g_object_ref(cancellable);
}
/*****************************************************************************/
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
static void
auth_call_free(AuthCall *call)
{
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
_ASSERT_call(call);
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
c_list_unlink_stale(&call->auth_call_lst);
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
if (call->call_id) {
call->chain->num_pending_auth_calls--;
nm_auth_manager_check_authorization_cancel(call->call_id);
}
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
nm_g_slice_free(call);
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
}
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
static AuthCall *
_find_auth_call(NMAuthChain *self, const char *permission)
{
AuthCall *auth_call;
c_list_for_each_entry (auth_call, &self->auth_call_lst_head, auth_call_lst) {
if (nm_streq(auth_call->permission, permission))
return auth_call;
}
return NULL;
}
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
/*****************************************************************************/
auth-chain: cleanup chain-data in NMAuthChain - consistently name the ChainData variable "chain_data" - return the ChainData element from _get_data(). This way it also can be used by nm_auth_chain_steal_data(), which needs the ChainData element.
2019-05-02 11:37:49 +02:00
static ChainData *
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
_get_data(NMAuthChain *self, const char *tag)
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
{
auth: track NMAuthChain data in array instead of CList It's about as complicated to track a CList as it is to track an allocated array. The latter requires fewer allocations and has better locality. That makes it preferable. (cherry picked from commit d935692bc7bcb774aa9c27840265687d1b79c729)
2020-04-26 17:41:55 +02:00
guint i;
auth-chain: use linked list instead of hash table to track user data of NMAuthChain The number of user-datas attached to the NMAuthChain is generally fixed and small. For example, in current code impl_manager_get_permissions() will be the instance that ends up with the largest number of data items. It performs zero calls of nm_auth_chain_set_data() but 16 times nm_auth_chain_add_call(). So currently the maximum number is 16. With such a fixed, small number of elements it is expected to be more efficient to just track the elements in a CList instead of a GHashTable.
2019-05-02 11:21:22 +02:00
auth: track NMAuthChain data in array instead of CList It's about as complicated to track a CList as it is to track an allocated array. The latter requires fewer allocations and has better locality. That makes it preferable. (cherry picked from commit d935692bc7bcb774aa9c27840265687d1b79c729)
2020-04-26 17:41:55 +02:00
for (i = 0; i < self->data_len; i++) {
ChainData *chain_data = &self->data_arr[i];
if (chain_data->tag && nm_streq(chain_data->tag, tag))
auth-chain: use linked list instead of hash table to track user data of NMAuthChain The number of user-datas attached to the NMAuthChain is generally fixed and small. For example, in current code impl_manager_get_permissions() will be the instance that ends up with the largest number of data items. It performs zero calls of nm_auth_chain_set_data() but 16 times nm_auth_chain_add_call(). So currently the maximum number is 16. With such a fixed, small number of elements it is expected to be more efficient to just track the elements in a CList instead of a GHashTable.
2019-05-02 11:21:22 +02:00
return chain_data;
}
return NULL;
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
}
gpointer
nm_auth_chain_get_data(NMAuthChain *self, const char *tag)
{
auth-chain: cleanup chain-data in NMAuthChain - consistently name the ChainData variable "chain_data" - return the ChainData element from _get_data(). This way it also can be used by nm_auth_chain_steal_data(), which needs the ChainData element.
2019-05-02 11:37:49 +02:00
ChainData *chain_data;
auth-chain: don't compare pointers explicitly against NULL
2018-04-05 09:33:52 +02:00
g_return_val_if_fail(self, NULL);
g_return_val_if_fail(tag, NULL);
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
auth-chain: cleanup chain-data in NMAuthChain - consistently name the ChainData variable "chain_data" - return the ChainData element from _get_data(). This way it also can be used by nm_auth_chain_steal_data(), which needs the ChainData element.
2019-05-02 11:37:49 +02:00
chain_data = _get_data(self, tag);
return chain_data ? chain_data->data : NULL;
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
}
core: add nm_auth_chain_steal_data() New function for removing data from the auth chain without destroying it.
2011-07-01 14:18:46 -05:00
/**
* nm_auth_chain_steal_data:
* @self: A #NMAuthChain.
* @tag: A "tag" uniquely identifying the data to steal.
*
docs: misc. typos pt2 Remainder of typos found using `codespell -q 3 --skip="./shared,./src/systemd,*.po" -I ../NetworkManager-word-whitelist.txt` whereby whitelist consists of: ``` ans busses cace cna conexant crasher iff liftime creat nd sav technik uint ``` https://github.com/NetworkManager/NetworkManager/pull/205
2018-09-15 07:20:54 -04:00
* Removes the datum associated with @tag from the chain's data associations,
core: add nm_auth_chain_steal_data() New function for removing data from the auth chain without destroying it.
2011-07-01 14:18:46 -05:00
* without invoking the association's destroy handler. The caller assumes
* ownership over the returned value.
*
* Returns: the datum originally associated with @tag
*/
gpointer
nm_auth_chain_steal_data(NMAuthChain *self, const char *tag)
{
auth-chain: cleanup chain-data in NMAuthChain - consistently name the ChainData variable "chain_data" - return the ChainData element from _get_data(). This way it also can be used by nm_auth_chain_steal_data(), which needs the ChainData element.
2019-05-02 11:37:49 +02:00
ChainData *chain_data;
core: add nm_auth_chain_steal_data() New function for removing data from the auth chain without destroying it.
2011-07-01 14:18:46 -05:00
auth-chain: don't compare pointers explicitly against NULL
2018-04-05 09:33:52 +02:00
g_return_val_if_fail(self, NULL);
g_return_val_if_fail(tag, NULL);
core: add nm_auth_chain_steal_data() New function for removing data from the auth chain without destroying it.
2011-07-01 14:18:46 -05:00
auth-chain: cleanup chain-data in NMAuthChain - consistently name the ChainData variable "chain_data" - return the ChainData element from _get_data(). This way it also can be used by nm_auth_chain_steal_data(), which needs the ChainData element.
2019-05-02 11:37:49 +02:00
chain_data = _get_data(self, tag);
if (!chain_data)
auth-chain: optimize tracking of user data for NMAuthChain - instead of allocating memory separately for the @tag (key) and ChainData (data), store the tag also inside ChainData. - instead of adding two separate key and value items to GHashTable, use g_hash_table_add(), which is optimized for this case.
2018-04-05 09:43:45 +02:00
return NULL;
auth: track NMAuthChain data in array instead of CList It's about as complicated to track a CList as it is to track an allocated array. The latter requires fewer allocations and has better locality. That makes it preferable. (cherry picked from commit d935692bc7bcb774aa9c27840265687d1b79c729)
2020-04-26 17:41:55 +02:00
/* Make sure the destroy handler isn't called when freeing.
*
* We don't bother to really remove the element from the array.
* Just mark the entry as unused by clearing the tag. */
auth-chain: cleanup chain-data in NMAuthChain - consistently name the ChainData variable "chain_data" - return the ChainData element from _get_data(). This way it also can be used by nm_auth_chain_steal_data(), which needs the ChainData element.
2019-05-02 11:37:49 +02:00
chain_data->destroy = NULL;
auth: track NMAuthChain data in array instead of CList It's about as complicated to track a CList as it is to track an allocated array. The latter requires fewer allocations and has better locality. That makes it preferable. (cherry picked from commit d935692bc7bcb774aa9c27840265687d1b79c729)
2020-04-26 17:41:55 +02:00
chain_data->tag = NULL;
return chain_data->data;
core: add nm_auth_chain_steal_data() New function for removing data from the auth chain without destroying it.
2011-07-01 14:18:46 -05:00
}
auth-chain: don't copy ChainData tag All callers pass a C string literal as the user-data tag of NMAuthChain. It makes little sense otherwise because you usually know which user data you need in advance. So don't bother with copying the string. Just reference the defacto static string. Rename nm_auth_chain_set_data() to nm_auth_chain_set_data_unsafe() to indicate that the lifetime of the tag string is now the caller's responsibility. The nm_auth_chain_set_data() macro now ensures that the tag argument is a C string literal. In fact, all callers that we had did that already.
2019-05-06 10:04:16 +02:00
/**
* nm_auth_chain_set_data_unsafe:
* @self: the #NMAuthChain
* @tag: the tag for referencing the attached data.
* @data: the data to attach. If %NULL, this call has no effect
* and nothing is attached.
* @data_destroy: (allow-none): the destroy function for the data pointer.
*
auth: track NMAuthChain data in array instead of CList It's about as complicated to track a CList as it is to track an allocated array. The latter requires fewer allocations and has better locality. That makes it preferable. (cherry picked from commit d935692bc7bcb774aa9c27840265687d1b79c729)
2020-04-26 17:41:55 +02:00
* @tag string is not cloned and must outlive @self. That is why
auth-chain: don't copy ChainData tag All callers pass a C string literal as the user-data tag of NMAuthChain. It makes little sense otherwise because you usually know which user data you need in advance. So don't bother with copying the string. Just reference the defacto static string. Rename nm_auth_chain_set_data() to nm_auth_chain_set_data_unsafe() to indicate that the lifetime of the tag string is now the caller's responsibility. The nm_auth_chain_set_data() macro now ensures that the tag argument is a C string literal. In fact, all callers that we had did that already.
2019-05-06 10:04:16 +02:00
* the function is "unsafe". Use nm_auth_chain_set_data() with a C literal
* instead.
*
* It is a bug to add the same tag more than once.
*/
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
void
format: reformat source tree with clang-format 13.0 We use clang-format for automatic formatting of our source files. Since clang-format is actively maintained software, the actual formatting depends on the used version of clang-format. That is unfortunate and painful, but really unavoidable unless clang-format would be strictly bug-compatible. So the version that we must use is from the current Fedora release, which is also tested by our gitlab-ci. Previously, we were using Fedora 34 with clang-tools-extra-12.0.1-1.fc34.x86_64. As Fedora 35 comes along, we need to update our formatting as Fedora 35 comes with version "13.0.0~rc1-1.fc35". An alternative would be to freeze on version 12, but that has different problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it would be cumbersome for our developers which are on Fedora 35 to use a clang that they cannot easily install). The (differently painful) solution is to reformat from time to time, as we switch to a new Fedora (and thus clang) version. Usually we would expect that such a reformatting brings minor changes. But this time, the changes are huge. That is mentioned in the release notes [1] as Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353) [1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
2021-11-09 13:28:54 +01:00
nm_auth_chain_set_data_unsafe(NMAuthChain *self,
const char *tag,
auth-chain: don't copy ChainData tag All callers pass a C string literal as the user-data tag of NMAuthChain. It makes little sense otherwise because you usually know which user data you need in advance. So don't bother with copying the string. Just reference the defacto static string. Rename nm_auth_chain_set_data() to nm_auth_chain_set_data_unsafe() to indicate that the lifetime of the tag string is now the caller's responsibility. The nm_auth_chain_set_data() macro now ensures that the tag argument is a C string literal. In fact, all callers that we had did that already.
2019-05-06 10:04:16 +02:00
gpointer data,
GDestroyNotify data_destroy)
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
{
auth-chain: use linked list instead of hash table to track user data of NMAuthChain The number of user-datas attached to the NMAuthChain is generally fixed and small. For example, in current code impl_manager_get_permissions() will be the instance that ends up with the largest number of data items. It performs zero calls of nm_auth_chain_set_data() but 16 times nm_auth_chain_add_call(). So currently the maximum number is 16. With such a fixed, small number of elements it is expected to be more efficient to just track the elements in a CList instead of a GHashTable.
2019-05-02 11:21:22 +02:00
ChainData *chain_data;
auth-chain: don't compare pointers explicitly against NULL
2018-04-05 09:33:52 +02:00
g_return_if_fail(self);
g_return_if_fail(tag);
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
all: fix typo in man pages There should be a comma after 'Otherwise' and 'Currently'. https://bugzilla.redhat.com/show_bug.cgi?id=1852452 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/560
2020-07-01 17:20:40 -04:00
/* The tag must not yet exist. Otherwise, we'd have to first search the
auth: track NMAuthChain data in array instead of CList It's about as complicated to track a CList as it is to track an allocated array. The latter requires fewer allocations and has better locality. That makes it preferable. (cherry picked from commit d935692bc7bcb774aa9c27840265687d1b79c729)
2020-04-26 17:41:55 +02:00
* list for an existing entry. That usage pattern is not supported. */
auth-chain: don't allow setting the same user-data twice We track the user-data in a linked list. Hence, when setting a user data we would need to search the list whether the tag already exists. This has an overhead and makes set-data() O(n). But we really don't need this. The NMAuthChain allows a simple way to attach user-data to the request. We don't need a full-blown g_object_set_data() (which btw is also just implemented as a linked list).
2019-05-04 10:07:21 +02:00
nm_assert(!_get_data(self, tag));
if (!data) {
/* we don't track user data of %NULL.
*
* In the past this had also the meaning of removing a user-data. But since
* nm_auth_chain_set_data() does not allow being called more than once
* for the same tag, we don't need to remove anything. */
auth-chain: use linked list instead of hash table to track user data of NMAuthChain The number of user-datas attached to the NMAuthChain is generally fixed and small. For example, in current code impl_manager_get_permissions() will be the instance that ends up with the largest number of data items. It performs zero calls of nm_auth_chain_set_data() but 16 times nm_auth_chain_add_call(). So currently the maximum number is 16. With such a fixed, small number of elements it is expected to be more efficient to just track the elements in a CList instead of a GHashTable.
2019-05-02 11:21:22 +02:00
return;
auth-chain: cleanup chain-data in NMAuthChain - consistently name the ChainData variable "chain_data" - return the ChainData element from _get_data(). This way it also can be used by nm_auth_chain_steal_data(), which needs the ChainData element.
2019-05-02 11:37:49 +02:00
}
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
auth: track NMAuthChain data in array instead of CList It's about as complicated to track a CList as it is to track an allocated array. The latter requires fewer allocations and has better locality. That makes it preferable. (cherry picked from commit d935692bc7bcb774aa9c27840265687d1b79c729)
2020-04-26 17:41:55 +02:00
if (self->data_len + 1 > self->data_alloc) {
if (self->data_alloc == 0)
self->data_alloc = 8;
else
self->data_alloc *= 2;
self->data_arr = g_realloc(self->data_arr, sizeof(self->data_arr[0]) * self->data_alloc);
}
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
auth: track NMAuthChain data in array instead of CList It's about as complicated to track a CList as it is to track an allocated array. The latter requires fewer allocations and has better locality. That makes it preferable. (cherry picked from commit d935692bc7bcb774aa9c27840265687d1b79c729)
2020-04-26 17:41:55 +02:00
chain_data = &self->data_arr[self->data_len++];
auth-chain: don't copy ChainData tag All callers pass a C string literal as the user-data tag of NMAuthChain. It makes little sense otherwise because you usually know which user data you need in advance. So don't bother with copying the string. Just reference the defacto static string. Rename nm_auth_chain_set_data() to nm_auth_chain_set_data_unsafe() to indicate that the lifetime of the tag string is now the caller's responsibility. The nm_auth_chain_set_data() macro now ensures that the tag argument is a C string literal. In fact, all callers that we had did that already.
2019-05-06 10:04:16 +02:00
*chain_data = (ChainData){
.tag = tag,
.data = data,
.destroy = data_destroy,
};
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
}
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
/*****************************************************************************/
auth-utils: add nm_auth_chain_get_subject()
2015-07-15 15:42:50 +02:00
core: add helper to access authentication result
2010-11-17 16:56:34 -06:00
NMAuthCallResult
nm_auth_chain_get_result(NMAuthChain *self, const char *permission)
{
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
AuthCall *auth_call;
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
auth-chain: don't compare pointers explicitly against NULL
2018-04-05 09:33:52 +02:00
g_return_val_if_fail(self, NM_AUTH_CALL_RESULT_UNKNOWN);
g_return_val_if_fail(permission, NM_AUTH_CALL_RESULT_UNKNOWN);
core: add helper to access authentication result
2010-11-17 16:56:34 -06:00
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
/* it is a bug to request the result other than from the done_func()
* callback. You are not supposed to poll for the result but request
* it upon notification. */
nm_assert(self->is_finishing);
auth_call = _find_auth_call(self, permission);
/* it is a bug to request a permission result that was not
* previously requested or which did not complete yet. */
if (!auth_call)
g_return_val_if_reached(NM_AUTH_CALL_RESULT_UNKNOWN);
nm_assert(!auth_call->call_id);
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
if (self->cancellable_idle_source) {
/* already cancelled. We always return unknown (even if we happen to
* have already received the response. */
return NM_AUTH_CALL_RESULT_UNKNOWN;
}
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
return auth_call->result;
core: consolidate PolicyKit code Use one global PolkitAuthority object; we only really need to use it in one place anyway. So consolidate the code that uses polkit into nm-manager-auth.c.
2011-05-18 22:20:24 -05:00
}
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
NMAuthSubject *
nm_auth_chain_get_subject(NMAuthChain *self)
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
{
auth-chain: don't compare pointers explicitly against NULL
2018-04-05 09:33:52 +02:00
g_return_val_if_fail(self, NULL);
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
return self->subject;
}
auth-chain: add nm_auth_chain_get_context() accessor Will be used later. Also rename "struct NMAuthChain" to "struct _NMAuthChain". It follows how we commonly name this kind of struct.
2019-12-23 10:54:16 +01:00
GDBusMethodInvocation *
nm_auth_chain_get_context(NMAuthChain *self)
{
g_return_val_if_fail(self, NULL);
return self->context;
}
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
/*****************************************************************************/
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
static void
format: reformat source tree with clang-format 13.0 We use clang-format for automatic formatting of our source files. Since clang-format is actively maintained software, the actual formatting depends on the used version of clang-format. That is unfortunate and painful, but really unavoidable unless clang-format would be strictly bug-compatible. So the version that we must use is from the current Fedora release, which is also tested by our gitlab-ci. Previously, we were using Fedora 34 with clang-tools-extra-12.0.1-1.fc34.x86_64. As Fedora 35 comes along, we need to update our formatting as Fedora 35 comes with version "13.0.0~rc1-1.fc35". An alternative would be to freeze on version 12, but that has different problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it would be cumbersome for our developers which are on Fedora 35 to use a clang that they cannot easily install). The (differently painful) solution is to reformat from time to time, as we switch to a new Fedora (and thus clang) version. Usually we would expect that such a reformatting brings minor changes. But this time, the changes are huge. That is mentioned in the release notes [1] as Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353) [1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
2021-11-09 13:28:54 +01:00
pk_call_cb(NMAuthManager *auth_manager,
auth-manager: rework auth-manager's API Don't use the GAsyncResult pattern for internal API of auth-manager. Instead, use a simpler API that has a more strict API and simpler use. - return a call-id handle when scheduling the authorization request. The request is always scheduled asynchronsously and thus call-id is never %NULL. - the call-id can be used to cancel the request. It can be used exactly once, and only before the callback is invoked. - the async keeps the auth-manager alive. It needs to do so, because when cancelling the request we might not yet be done: instead we might still need to issue a CancelCheckAuthorization call (which we need to handle as well). - the callback is always invoked exactly once. Currently NMAuthManager's API effectivly is only called by NMAuthChain. The point of this is to make NMAuthManager's API more consumable, and thus let users use it directly (instead of using the NMAuthChain layer). As well known, we don't do a good job during shutdown of NetworkManager to release all resources and cancel pending requests. This rework also makes it possible to actually get this right. See the comment in nm_auth_manager_force_shutdown(). But yes, it is still a bit complicated to do a controlled shutdown, because we cannot just synchronously complete. We need to issue CancelCheckAuthorization D-Bus calls, and give these requests time to complete. The new API introduced by this patch would make that easier.
2018-04-09 13:27:03 +02:00
NMAuthManagerCallId *call_id,
gboolean is_authorized,
gboolean is_challenge,
format: reformat source tree with clang-format 13.0 We use clang-format for automatic formatting of our source files. Since clang-format is actively maintained software, the actual formatting depends on the used version of clang-format. That is unfortunate and painful, but really unavoidable unless clang-format would be strictly bug-compatible. So the version that we must use is from the current Fedora release, which is also tested by our gitlab-ci. Previously, we were using Fedora 34 with clang-tools-extra-12.0.1-1.fc34.x86_64. As Fedora 35 comes along, we need to update our formatting as Fedora 35 comes with version "13.0.0~rc1-1.fc35". An alternative would be to freeze on version 12, but that has different problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it would be cumbersome for our developers which are on Fedora 35 to use a clang that they cannot easily install). The (differently painful) solution is to reformat from time to time, as we switch to a new Fedora (and thus clang) version. Usually we would expect that such a reformatting brings minor changes. But this time, the changes are huge. That is mentioned in the release notes [1] as Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353) [1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
2021-11-09 13:28:54 +01:00
GError *error,
auth-manager: rework auth-manager's API Don't use the GAsyncResult pattern for internal API of auth-manager. Instead, use a simpler API that has a more strict API and simpler use. - return a call-id handle when scheduling the authorization request. The request is always scheduled asynchronsously and thus call-id is never %NULL. - the call-id can be used to cancel the request. It can be used exactly once, and only before the callback is invoked. - the async keeps the auth-manager alive. It needs to do so, because when cancelling the request we might not yet be done: instead we might still need to issue a CancelCheckAuthorization call (which we need to handle as well). - the callback is always invoked exactly once. Currently NMAuthManager's API effectivly is only called by NMAuthChain. The point of this is to make NMAuthManager's API more consumable, and thus let users use it directly (instead of using the NMAuthChain layer). As well known, we don't do a good job during shutdown of NetworkManager to release all resources and cancel pending requests. This rework also makes it possible to actually get this right. See the comment in nm_auth_manager_force_shutdown(). But yes, it is still a bit complicated to do a controlled shutdown, because we cannot just synchronously complete. We need to issue CancelCheckAuthorization D-Bus calls, and give these requests time to complete. The new API introduced by this patch would make that easier.
2018-04-09 13:27:03 +02:00
gpointer user_data)
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
{
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
NMAuthChain *self;
format: reformat source tree with clang-format 13.0 We use clang-format for automatic formatting of our source files. Since clang-format is actively maintained software, the actual formatting depends on the used version of clang-format. That is unfortunate and painful, but really unavoidable unless clang-format would be strictly bug-compatible. So the version that we must use is from the current Fedora release, which is also tested by our gitlab-ci. Previously, we were using Fedora 34 with clang-tools-extra-12.0.1-1.fc34.x86_64. As Fedora 35 comes along, we need to update our formatting as Fedora 35 comes with version "13.0.0~rc1-1.fc35". An alternative would be to freeze on version 12, but that has different problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it would be cumbersome for our developers which are on Fedora 35 to use a clang that they cannot easily install). The (differently painful) solution is to reformat from time to time, as we switch to a new Fedora (and thus clang) version. Usually we would expect that such a reformatting brings minor changes. But this time, the changes are huge. That is mentioned in the release notes [1] as Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353) [1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
2021-11-09 13:28:54 +01:00
AuthCall *call;
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
nm_assert(call_id);
auth-manager: rework auth-manager's API Don't use the GAsyncResult pattern for internal API of auth-manager. Instead, use a simpler API that has a more strict API and simpler use. - return a call-id handle when scheduling the authorization request. The request is always scheduled asynchronsously and thus call-id is never %NULL. - the call-id can be used to cancel the request. It can be used exactly once, and only before the callback is invoked. - the async keeps the auth-manager alive. It needs to do so, because when cancelling the request we might not yet be done: instead we might still need to issue a CancelCheckAuthorization call (which we need to handle as well). - the callback is always invoked exactly once. Currently NMAuthManager's API effectivly is only called by NMAuthChain. The point of this is to make NMAuthManager's API more consumable, and thus let users use it directly (instead of using the NMAuthChain layer). As well known, we don't do a good job during shutdown of NetworkManager to release all resources and cancel pending requests. This rework also makes it possible to actually get this right. See the comment in nm_auth_manager_force_shutdown(). But yes, it is still a bit complicated to do a controlled shutdown, because we cannot just synchronously complete. We need to issue CancelCheckAuthorization D-Bus calls, and give these requests time to complete. The new API introduced by this patch would make that easier.
2018-04-09 13:27:03 +02:00
if (g_error_matches(error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
return;
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
call = user_data;
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
_ASSERT_call(call);
auth-manager: rework auth-manager's API Don't use the GAsyncResult pattern for internal API of auth-manager. Instead, use a simpler API that has a more strict API and simpler use. - return a call-id handle when scheduling the authorization request. The request is always scheduled asynchronsously and thus call-id is never %NULL. - the call-id can be used to cancel the request. It can be used exactly once, and only before the callback is invoked. - the async keeps the auth-manager alive. It needs to do so, because when cancelling the request we might not yet be done: instead we might still need to issue a CancelCheckAuthorization call (which we need to handle as well). - the callback is always invoked exactly once. Currently NMAuthManager's API effectivly is only called by NMAuthChain. The point of this is to make NMAuthManager's API more consumable, and thus let users use it directly (instead of using the NMAuthChain layer). As well known, we don't do a good job during shutdown of NetworkManager to release all resources and cancel pending requests. This rework also makes it possible to actually get this right. See the comment in nm_auth_manager_force_shutdown(). But yes, it is still a bit complicated to do a controlled shutdown, because we cannot just synchronously complete. We need to issue CancelCheckAuthorization D-Bus calls, and give these requests time to complete. The new API introduced by this patch would make that easier.
2018-04-09 13:27:03 +02:00
nm_assert(call->call_id == call_id);
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
nm_assert(call->result == NM_AUTH_CALL_RESULT_UNKNOWN);
self = call->chain;
nm_assert(!self->is_destroyed);
nm_assert(!self->is_finishing);
auth-manager: rework auth-manager's API Don't use the GAsyncResult pattern for internal API of auth-manager. Instead, use a simpler API that has a more strict API and simpler use. - return a call-id handle when scheduling the authorization request. The request is always scheduled asynchronsously and thus call-id is never %NULL. - the call-id can be used to cancel the request. It can be used exactly once, and only before the callback is invoked. - the async keeps the auth-manager alive. It needs to do so, because when cancelling the request we might not yet be done: instead we might still need to issue a CancelCheckAuthorization call (which we need to handle as well). - the callback is always invoked exactly once. Currently NMAuthManager's API effectivly is only called by NMAuthChain. The point of this is to make NMAuthManager's API more consumable, and thus let users use it directly (instead of using the NMAuthChain layer). As well known, we don't do a good job during shutdown of NetworkManager to release all resources and cancel pending requests. This rework also makes it possible to actually get this right. See the comment in nm_auth_manager_force_shutdown(). But yes, it is still a bit complicated to do a controlled shutdown, because we cannot just synchronously complete. We need to issue CancelCheckAuthorization D-Bus calls, and give these requests time to complete. The new API introduced by this patch would make that easier.
2018-04-09 13:27:03 +02:00
call->call_id = NULL;
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
call->result = nm_auth_call_result_eval(is_authorized, is_challenge, error);
auth-manager: add helper function nm_auth_call_result_eval() This makes NMAuthCallResult not only usable from within a NMAuthChain. It makes sense to just call nm-auth-manager directly, but then we need a way to convert the more detailed result into an NMAuthCallResult value.
2018-04-09 17:03:58 +02:00
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
call->chain->num_pending_auth_calls--;
auth-utils: don't fail the auth chain if we can't get a single permissions It could be that the client is just newer and it's just too harsh to fail the whole request. Leave the unknown permission in unknown and possibly proceed filling in the rest.
2016-11-11 17:39:03 +01:00
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
_ASSERT_call(call);
if (call->chain->num_pending_auth_calls == 0) {
/* we are on an idle-handler or a clean call-stack (non-reentrant) so it's safe
* to invoke the callback right away. */
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
_done_and_destroy(self);
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
}
core: consolidate PolicyKit code Use one global PolkitAuthority object; we only really need to use it in one place anyway. So consolidate the code that uses polkit into nm-manager-auth.c.
2011-05-18 22:20:24 -05:00
}
auth-chain: don't clone the permission string for AuthChain Out of the 33 callers of nm_auth_chain_add_call(), the permission argument is: - 29 times a C string literal like NM_AUTH_PERMISSION_NETWORK_CONTROL. - 3 times assign a string that is in fact a static string (it's just not a string literal) - only NMManager's device_auth_request_cb() passes a permission of (possibly) non static origin. But it already duplicates the string for it's own purposes and attaches it as user-data to the NMAuthChain. There really is no need to duplicate the string. Replace nm_auth_chain_add_call() by a macro that ensures that the permission string is a C literal. Rename nm_auth_chain_add_call() to nm_auth_chain_add_call_unsafe() to indicate that the lifetime of the permission argument is now the responsibility of the caller.
2019-05-04 10:31:18 +02:00
/**
* nm_auth_chain_add_call_unsafe:
* @self: the #NMAuthChain
* @permission: the permission string. This string is kept by reference
* and you must make sure that it's lifetime lasts until the NMAuthChain
* gets destroyed. That's why the function is "unsafe". Use
* nm_auth_chain_add_call() instead.
* @allow_interaction: flag
*
* It's "unsafe" because @permission is not copied. It's the callers responsibility
* that the permission string stays valid as long as NMAuthChain.
*
* If you can, use nm_auth_chain_add_call() instead!
*
* If you have a non-static string, you may attach the permission string as
* user-data via nm_auth_chain_set_data().
*/
auth: rework polkit autorization to use DBUS interface directly This makes NetworkManager independent of <polkit/polkit.h> development headers and libpolkit-gobject-1.so library. Instead communicate directly with polkit using its DBUS interface. PolicyKit support is now always compiled in. You can control polkit authorization with the configuration option [main] auth-polkit=yes|no If the configure option is omitted, a build time default value is used. This default value can be set with the configure option --enable-polkit. This commit adds a new class NMAuthManager that reimplements the relevant DBUS client parts. It takes source code from the polkit library. https://bugzilla.gnome.org/show_bug.cgi?id=734146 Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-14 13:34:57 +02:00
void
auth-chain: don't clone the permission string for AuthChain Out of the 33 callers of nm_auth_chain_add_call(), the permission argument is: - 29 times a C string literal like NM_AUTH_PERMISSION_NETWORK_CONTROL. - 3 times assign a string that is in fact a static string (it's just not a string literal) - only NMManager's device_auth_request_cb() passes a permission of (possibly) non static origin. But it already duplicates the string for it's own purposes and attaches it as user-data to the NMAuthChain. There really is no need to duplicate the string. Replace nm_auth_chain_add_call() by a macro that ensures that the permission string is a C literal. Rename nm_auth_chain_add_call() to nm_auth_chain_add_call_unsafe() to indicate that the lifetime of the permission argument is now the responsibility of the caller.
2019-05-04 10:31:18 +02:00
nm_auth_chain_add_call_unsafe(NMAuthChain *self, const char *permission, gboolean allow_interaction)
core: use same codepaths for root and non-root during authentication Instead of doing something like <get caller UID> if (root) { perform_operation() other boilerplate stuff return; } nm_auth_chain_new(perform_operation) ... just have root also go through the auth chain, which is now short circuited for root. This ensures we always use the same code paths for root and non-root, and that fixes made in one path are also executed for the other.
2012-10-08 12:52:15 -05:00
{
AuthCall *call;
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
g_return_if_fail(self);
auth: rework polkit autorization to use DBUS interface directly This makes NetworkManager independent of <polkit/polkit.h> development headers and libpolkit-gobject-1.so library. Instead communicate directly with polkit using its DBUS interface. PolicyKit support is now always compiled in. You can control polkit authorization with the configuration option [main] auth-polkit=yes|no If the configure option is omitted, a build time default value is used. This default value can be set with the configure option --enable-polkit. This commit adds a new class NMAuthManager that reimplements the relevant DBUS client parts. It takes source code from the polkit library. https://bugzilla.gnome.org/show_bug.cgi?id=734146 Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-14 13:34:57 +02:00
g_return_if_fail(self->subject);
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
g_return_if_fail(!self->is_finishing);
g_return_if_fail(!self->is_destroyed);
auth-chain: avoid another idle-call when auth-request completes NMAuthChain schedules (possibly) multiple authentication requests. When they all complete, it will once invoke the result-callback. There is no need to schedule this result-callback on another idle-handler, because nm_auth_manager_polkit_authority_check_authorization() should guarantee to invoke the callback never-synchronously and on a clean call-stack (to avoid problems with re-entrancy). At that point, NMAuthChain does not need to delay this further.
2018-04-09 12:36:06 +02:00
g_return_if_fail(permission && *permission);
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
nm_assert(NM_IN_SET(nm_auth_subject_get_subject_type(self->subject),
NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS,
NM_AUTH_SUBJECT_TYPE_INTERNAL));
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
/* duplicate permissions are not supported, also because nm_auth_chain_get_result()
* can only return one-permission. */
nm_assert(!_find_auth_call(self, permission));
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
if (!self->is_started) {
self->is_started = TRUE;
nm_assert(!self->cancellable_id);
if (self->cancellable) {
if (g_cancellable_is_cancelled(self->cancellable)) {
/* the operation is already cancelled. Schedule the callback on idle. */
_cancellable_on_idle(self);
} else {
self->cancellable_id = g_signal_connect(self->cancellable,
"cancelled",
G_CALLBACK(_cancellable_cancelled),
self);
}
}
}
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
call = g_slice_new(AuthCall);
auth-chain: don't clone the permission string for AuthChain Out of the 33 callers of nm_auth_chain_add_call(), the permission argument is: - 29 times a C string literal like NM_AUTH_PERMISSION_NETWORK_CONTROL. - 3 times assign a string that is in fact a static string (it's just not a string literal) - only NMManager's device_auth_request_cb() passes a permission of (possibly) non static origin. But it already duplicates the string for it's own purposes and attaches it as user-data to the NMAuthChain. There really is no need to duplicate the string. Replace nm_auth_chain_add_call() by a macro that ensures that the permission string is a C literal. Rename nm_auth_chain_add_call() to nm_auth_chain_add_call_unsafe() to indicate that the lifetime of the permission argument is now the responsibility of the caller.
2019-05-04 10:31:18 +02:00
*call = (AuthCall){
.chain = self,
.call_id = NULL,
.result = NM_AUTH_CALL_RESULT_UNKNOWN,
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
/* we don't clone the permission string. It's the callers responsibility. */
auth-chain: don't clone the permission string for AuthChain Out of the 33 callers of nm_auth_chain_add_call(), the permission argument is: - 29 times a C string literal like NM_AUTH_PERMISSION_NETWORK_CONTROL. - 3 times assign a string that is in fact a static string (it's just not a string literal) - only NMManager's device_auth_request_cb() passes a permission of (possibly) non static origin. But it already duplicates the string for it's own purposes and attaches it as user-data to the NMAuthChain. There really is no need to duplicate the string. Replace nm_auth_chain_add_call() by a macro that ensures that the permission string is a C literal. Rename nm_auth_chain_add_call() to nm_auth_chain_add_call_unsafe() to indicate that the lifetime of the permission argument is now the responsibility of the caller.
2019-05-04 10:31:18 +02:00
.permission = permission,
};
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
/* above we assert that no duplicate permissions are added. Still, track the
* new request to the front of the list so that it would shadow an earlier
* call. */
c_list_link_front(&self->auth_call_lst_head, &call->auth_call_lst);
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
if (self->cancellable_idle_source) {
/* already cancelled. No need to actually start the request. */
nm_assert(call->result == NM_AUTH_CALL_RESULT_UNKNOWN);
} else {
call->call_id = nm_auth_manager_check_authorization(nm_auth_manager_get(),
self->subject,
permission,
allow_interaction,
pk_call_cb,
call);
self->num_pending_auth_calls++;
}
auth-chain: don't put permission results into regular user data NMAuthChain tracks arbitrary user-data pointers for convenience of the caller. Previously, it would also track the permission request result as such user-data. That is not optimal. - for one, we should keep the namespaces for user data (tags) and permissions separate. When the user requests a permission result with nm_auth_chain_get_result() then clearly no user-data is requested. - we already track permissions in a separate linked list. Previously, when the auth-call completes, we would destroy the entry in the linked list for requests and create an entry in the linked list for user-data. Possibly this was done in the past, because the user-data list was indexed by a hash table. So, in that case, we only would need to lookup the permission results in the indexed user-data hash, but never do any search of a linked list. That is no longer the case, because in practice the number of tracked user-data/permissions is fixed and small (at which point it's just more efficient to search a short linked list). - There is already distrinct API for getting user-data and permissions. By keeping the lists separate we don't need to search the list for entries of the wrong type (it's faster). - also assert that nm_auth_chain_get_result() indeed asks for a result that was previously requested. It makes no sense otherwise.
2019-05-04 09:33:26 +02:00
_ASSERT_call(call);
/* we track auth-calls in a linked list. If we end up requesting too many permissions this
* becomes inefficient. If that ever happens, consider a more efficient data structure for
* a large number of requests. */
auth: track NMAuthChain data in array instead of CList It's about as complicated to track a CList as it is to track an allocated array. The latter requires fewer allocations and has better locality. That makes it preferable. (cherry picked from commit d935692bc7bcb774aa9c27840265687d1b79c729)
2020-04-26 17:41:55 +02:00
nm_assert(c_list_length(&self->auth_call_lst_head) < 25);
G_STATIC_ASSERT_EXPR(NM_CLIENT_PERMISSION_LAST < 25);
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
}
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
/*****************************************************************************/
/* Creates the NMAuthSubject automatically */
NMAuthChain *
nm_auth_chain_new_context(GDBusMethodInvocation *context,
NMAuthChainResultFunc done_func,
gpointer user_data)
{
NMAuthSubject *subject;
format: reformat source tree with clang-format 13.0 We use clang-format for automatic formatting of our source files. Since clang-format is actively maintained software, the actual formatting depends on the used version of clang-format. That is unfortunate and painful, but really unavoidable unless clang-format would be strictly bug-compatible. So the version that we must use is from the current Fedora release, which is also tested by our gitlab-ci. Previously, we were using Fedora 34 with clang-tools-extra-12.0.1-1.fc34.x86_64. As Fedora 35 comes along, we need to update our formatting as Fedora 35 comes with version "13.0.0~rc1-1.fc35". An alternative would be to freeze on version 12, but that has different problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it would be cumbersome for our developers which are on Fedora 35 to use a clang that they cannot easily install). The (differently painful) solution is to reformat from time to time, as we switch to a new Fedora (and thus clang) version. Usually we would expect that such a reformatting brings minor changes. But this time, the changes are huge. That is mentioned in the release notes [1] as Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353) [1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
2021-11-09 13:28:54 +01:00
NMAuthChain *chain;
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
auth-chain: don't compare pointers explicitly against NULL
2018-04-05 09:33:52 +02:00
g_return_val_if_fail(context, NULL);
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
nm_assert(done_func);
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
shared: move nm-dbus-auth-subject to shared/nm-libnm-core-intern Move it to shared as it's useful for clients as well. Move and rename nm_dbus_manager_new_auth_subject_from_context() and nm_dbus_manager_new_auth_subject_from_message() in nm-dbus-manager.c as they're needed there.
2019-12-19 11:30:38 +01:00
subject = nm_dbus_manager_new_auth_subject_from_context(context);
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
if (!subject)
return NULL;
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
chain = nm_auth_chain_new_subject(subject, context, done_func, user_data);
g_object_unref(subject);
return chain;
}
NMAuthChain *
format: reformat source tree with clang-format 13.0 We use clang-format for automatic formatting of our source files. Since clang-format is actively maintained software, the actual formatting depends on the used version of clang-format. That is unfortunate and painful, but really unavoidable unless clang-format would be strictly bug-compatible. So the version that we must use is from the current Fedora release, which is also tested by our gitlab-ci. Previously, we were using Fedora 34 with clang-tools-extra-12.0.1-1.fc34.x86_64. As Fedora 35 comes along, we need to update our formatting as Fedora 35 comes with version "13.0.0~rc1-1.fc35". An alternative would be to freeze on version 12, but that has different problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it would be cumbersome for our developers which are on Fedora 35 to use a clang that they cannot easily install). The (differently painful) solution is to reformat from time to time, as we switch to a new Fedora (and thus clang) version. Usually we would expect that such a reformatting brings minor changes. But this time, the changes are huge. That is mentioned in the release notes [1] as Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353) [1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
2021-11-09 13:28:54 +01:00
nm_auth_chain_new_subject(NMAuthSubject *subject,
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
GDBusMethodInvocation *context,
NMAuthChainResultFunc done_func,
gpointer user_data)
{
NMAuthChain *self;
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
g_return_val_if_fail(NM_IS_AUTH_SUBJECT(subject), NULL);
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
nm_assert(NM_IN_SET(nm_auth_subject_get_subject_type(subject),
NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS,
NM_AUTH_SUBJECT_TYPE_INTERNAL));
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
nm_assert(done_func);
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
self = g_slice_new(NMAuthChain);
*self = (NMAuthChain){
.done_func = done_func,
.user_data = user_data,
.context = nm_g_object_ref(context),
.subject = g_object_ref(subject),
auth-chain: track auth-chains in embedded CList NMManager and NMSettings both may have multiple authorization requests ongoing. They need to keep track of them, at the very least to be able to cancel them on shutdown. Since NMAuthChain is not ref-countable, it always has only one clear user/owner. It makes little sense otherwise. Since most callers already want to track their NMAuthChain instances, let NMAuthChain help with that. Embed a "parent" CList field inside NMAuthChain. This avoids requiring an additional GSList allocation to track the element. Also, it allows to link and append an element without iterating the list. This ties the caller and the NMAuthChain a bit tighter together (making them less indepdendent). Generally that is not desirable. But here it seems the logic (of tracking the NMAuthChain) is still trivial and well separated. It's just that NMAuthChain instances now can be linked in a CList.
2019-05-26 18:49:55 +02:00
.parent_lst = C_LIST_INIT(self->parent_lst),
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
.auth_call_lst_head = C_LIST_INIT(self->auth_call_lst_head),
};
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
return self;
}
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
/**
auth-chain/trivial: rename nm_auth_chain_unref() to nm_auth_chain_destroy() NMAuthChain is not really ref-counted. True, we have an internal ref-counter to ensure that the instance stays alive while the callback is invoked. However, the user cannot take additional references as there is no nm_auth_chain_ref(). When the user wants to get rid of the auth-chain, with the current API it is important that the callback won't be called after that point. From the name nm_auth_chain_unref(), it sounds like that there could be multiple references to the auth-chain, and merely unreferencing the object might not guarantee that the callback is canceled. However, that is luckily not the case, because there is no real ref-counting involved here. Just rename the destroy function to make this clearer.
2018-04-09 11:52:55 +02:00
* nm_auth_chain_destroy:
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
* @self: the auth-chain
*
auth-chain/trivial: rename nm_auth_chain_unref() to nm_auth_chain_destroy() NMAuthChain is not really ref-counted. True, we have an internal ref-counter to ensure that the instance stays alive while the callback is invoked. However, the user cannot take additional references as there is no nm_auth_chain_ref(). When the user wants to get rid of the auth-chain, with the current API it is important that the callback won't be called after that point. From the name nm_auth_chain_unref(), it sounds like that there could be multiple references to the auth-chain, and merely unreferencing the object might not guarantee that the callback is canceled. However, that is luckily not the case, because there is no real ref-counting involved here. Just rename the destroy function to make this clearer.
2018-04-09 11:52:55 +02:00
* Destroys the auth-chain. By destroying the auth-chain, you also cancel
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
* the receipt of the done-callback. IOW, the callback will not be invoked.
*
core: don't call nm_auth_chain_destroy() from the callback NMAuthChain is not ref-counted. You may call nm_auth_chain_destroy() once before the callback gets invoked. This destroys the auth-chain instance right away. You may call nm_auth_chain_destroy() once from inside the callback. This basically has no effect but is allowed for convenince. All this does is remembering that destroy was called and asserts that destroy gets called at most once. After the callback returns, the auth-chain will always be destroyed. That means, generally there is no need to call nm_auth_chain_destroy() from inside the callback. Remove that code, and refactor some code to return early (where it makes sense).
2019-05-02 10:08:09 +02:00
* The only exception is, you may call nm_auth_chain_destroy() from inside
* the callback. In this case the call has no effect and @self stays alive
* until the callback returns.
auth-chain/trivial: rename nm_auth_chain_unref() to nm_auth_chain_destroy() NMAuthChain is not really ref-counted. True, we have an internal ref-counter to ensure that the instance stays alive while the callback is invoked. However, the user cannot take additional references as there is no nm_auth_chain_ref(). When the user wants to get rid of the auth-chain, with the current API it is important that the callback won't be called after that point. From the name nm_auth_chain_unref(), it sounds like that there could be multiple references to the auth-chain, and merely unreferencing the object might not guarantee that the callback is canceled. However, that is luckily not the case, because there is no real ref-counting involved here. Just rename the destroy function to make this clearer.
2018-04-09 11:52:55 +02:00
*
* Note that you might only destroy an auth-chain exactly once, and never
core: don't call nm_auth_chain_destroy() from the callback NMAuthChain is not ref-counted. You may call nm_auth_chain_destroy() once before the callback gets invoked. This destroys the auth-chain instance right away. You may call nm_auth_chain_destroy() once from inside the callback. This basically has no effect but is allowed for convenince. All this does is remembering that destroy was called and asserts that destroy gets called at most once. After the callback returns, the auth-chain will always be destroyed. That means, generally there is no need to call nm_auth_chain_destroy() from inside the callback. Remove that code, and refactor some code to return early (where it makes sense).
2019-05-02 10:08:09 +02:00
* after the callback was handled. After the callback returns, the auth chain
* always gets automatically destroyed. So you only need to explicitly destroy
* it, if you want to abort it before the callback complets.
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
*/
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
void
auth-chain/trivial: rename nm_auth_chain_unref() to nm_auth_chain_destroy() NMAuthChain is not really ref-counted. True, we have an internal ref-counter to ensure that the instance stays alive while the callback is invoked. However, the user cannot take additional references as there is no nm_auth_chain_ref(). When the user wants to get rid of the auth-chain, with the current API it is important that the callback won't be called after that point. From the name nm_auth_chain_unref(), it sounds like that there could be multiple references to the auth-chain, and merely unreferencing the object might not guarantee that the callback is canceled. However, that is luckily not the case, because there is no real ref-counting involved here. Just rename the destroy function to make this clearer.
2018-04-09 11:52:55 +02:00
nm_auth_chain_destroy(NMAuthChain *self)
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
{
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
g_return_if_fail(self);
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
g_return_if_fail(!self->is_destroyed);
self->is_destroyed = TRUE;
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
if (self->is_finishing) {
/* we are called from inside the callback. Keep the instance alive for the moment. */
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
return;
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
}
_auth_chain_destroy(self);
}
static void
_auth_chain_destroy(NMAuthChain *self)
{
AuthCall *call;
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
auth-chain: track auth-chains in embedded CList NMManager and NMSettings both may have multiple authorization requests ongoing. They need to keep track of them, at the very least to be able to cancel them on shutdown. Since NMAuthChain is not ref-countable, it always has only one clear user/owner. It makes little sense otherwise. Since most callers already want to track their NMAuthChain instances, let NMAuthChain help with that. Embed a "parent" CList field inside NMAuthChain. This avoids requiring an additional GSList allocation to track the element. Also, it allows to link and append an element without iterating the list. This ties the caller and the NMAuthChain a bit tighter together (making them less indepdendent). Generally that is not desirable. But here it seems the logic (of tracking the NMAuthChain) is still trivial and well separated. It's just that NMAuthChain instances now can be linked in a CList.
2019-05-26 18:49:55 +02:00
c_list_unlink(&self->parent_lst);
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
nm_clear_g_object(&self->subject);
nm_clear_g_object(&self->context);
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
nm_clear_g_signal_handler(self->cancellable, &self->cancellable_id);
nm_clear_g_source_inst(&self->cancellable_idle_source);
auth: track NMAuthChain data in array instead of CList It's about as complicated to track a CList as it is to track an allocated array. The latter requires fewer allocations and has better locality. That makes it preferable. (cherry picked from commit d935692bc7bcb774aa9c27840265687d1b79c729)
2020-04-26 17:41:55 +02:00
/* we must first destroy all AuthCall instances before ChainData. The reason is
auth-chain: don't clone the permission string for AuthChain Out of the 33 callers of nm_auth_chain_add_call(), the permission argument is: - 29 times a C string literal like NM_AUTH_PERMISSION_NETWORK_CONTROL. - 3 times assign a string that is in fact a static string (it's just not a string literal) - only NMManager's device_auth_request_cb() passes a permission of (possibly) non static origin. But it already duplicates the string for it's own purposes and attaches it as user-data to the NMAuthChain. There really is no need to duplicate the string. Replace nm_auth_chain_add_call() by a macro that ensures that the permission string is a C literal. Rename nm_auth_chain_add_call() to nm_auth_chain_add_call_unsafe() to indicate that the lifetime of the permission argument is now the responsibility of the caller.
2019-05-04 10:31:18 +02:00
* that AuthData.permission is not cloned and the lifetime of the string must
* be ensured by the caller. A sensible thing to do for the caller is attach the
* permission string via nm_auth_chain_set_data(). Hence, first free the AuthCall. */
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
while ((call = c_list_first_entry(&self->auth_call_lst_head, AuthCall, auth_call_lst)))
auth_call_free(call);
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
auth: track NMAuthChain data in array instead of CList It's about as complicated to track a CList as it is to track an allocated array. The latter requires fewer allocations and has better locality. That makes it preferable. (cherry picked from commit d935692bc7bcb774aa9c27840265687d1b79c729)
2020-04-26 17:41:55 +02:00
while (self->data_len > 0) {
ChainData *chain_data = &self->data_arr[--self->data_len];
if (chain_data->destroy)
chain_data->destroy(chain_data->data);
}
g_free(self->data_arr);
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
nm_g_object_unref(self->cancellable);
nm_g_slice_free(self);
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
}
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
/******************************************************************************
* utils
*****************************************************************************/
core: root can always enable/disable and sleep/wake
2010-05-30 08:30:37 -07:00
core: add nm_auth_uid_in_acl() For checking whether a specific user ID is: 1) in a known session 2) allowed by the connection's permissions ACL
2010-11-18 13:49:47 -06:00
gboolean
auth: rework polkit autorization to use DBUS interface directly This makes NetworkManager independent of <polkit/polkit.h> development headers and libpolkit-gobject-1.so library. Instead communicate directly with polkit using its DBUS interface. PolicyKit support is now always compiled in. You can control polkit authorization with the configuration option [main] auth-polkit=yes|no If the configure option is omitted, a build time default value is used. This default value can be set with the configure option --enable-polkit. This commit adds a new class NMAuthManager that reimplements the relevant DBUS client parts. It takes source code from the polkit library. https://bugzilla.gnome.org/show_bug.cgi?id=734146 Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-14 13:34:57 +02:00
nm_auth_is_subject_in_acl(NMConnection *connection, NMAuthSubject *subject, char **out_error_desc)
core: add nm_auth_uid_in_acl() For checking whether a specific user ID is: 1) in a known session 2) allowed by the connection's permissions ACL
2010-11-18 13:49:47 -06:00
{
NMSettingConnection *s_con;
format: reformat source tree with clang-format 13.0 We use clang-format for automatic formatting of our source files. Since clang-format is actively maintained software, the actual formatting depends on the used version of clang-format. That is unfortunate and painful, but really unavoidable unless clang-format would be strictly bug-compatible. So the version that we must use is from the current Fedora release, which is also tested by our gitlab-ci. Previously, we were using Fedora 34 with clang-tools-extra-12.0.1-1.fc34.x86_64. As Fedora 35 comes along, we need to update our formatting as Fedora 35 comes with version "13.0.0~rc1-1.fc35". An alternative would be to freeze on version 12, but that has different problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it would be cumbersome for our developers which are on Fedora 35 to use a clang that they cannot easily install). The (differently painful) solution is to reformat from time to time, as we switch to a new Fedora (and thus clang) version. Usually we would expect that such a reformatting brings minor changes. But this time, the changes are huge. That is mentioned in the release notes [1] as Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353) [1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
2021-11-09 13:28:54 +01:00
gs_free char *user = NULL;
auth: rework polkit autorization to use DBUS interface directly This makes NetworkManager independent of <polkit/polkit.h> development headers and libpolkit-gobject-1.so library. Instead communicate directly with polkit using its DBUS interface. PolicyKit support is now always compiled in. You can control polkit authorization with the configuration option [main] auth-polkit=yes|no If the configure option is omitted, a build time default value is used. This default value can be set with the configure option --enable-polkit. This commit adds a new class NMAuthManager that reimplements the relevant DBUS client parts. It takes source code from the polkit library. https://bugzilla.gnome.org/show_bug.cgi?id=734146 Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-14 13:34:57 +02:00
gulong uid;
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
auth-chain: don't compare pointers explicitly against NULL
2018-04-05 09:33:52 +02:00
g_return_val_if_fail(connection, FALSE);
auth: rework polkit autorization to use DBUS interface directly This makes NetworkManager independent of <polkit/polkit.h> development headers and libpolkit-gobject-1.so library. Instead communicate directly with polkit using its DBUS interface. PolicyKit support is now always compiled in. You can control polkit authorization with the configuration option [main] auth-polkit=yes|no If the configure option is omitted, a build time default value is used. This default value can be set with the configure option --enable-polkit. This commit adds a new class NMAuthManager that reimplements the relevant DBUS client parts. It takes source code from the polkit library. https://bugzilla.gnome.org/show_bug.cgi?id=734146 Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-14 13:34:57 +02:00
g_return_val_if_fail(NM_IS_AUTH_SUBJECT(subject), FALSE);
auth: natively support GCancellable in NMAuthChain We want that our asynchronous operations are cancellable. In fact, NMAuthChain is already (manually) cancellable by the user calling nm_auth_chain_destroy(). However, sometimes we have a GCancellable at hand, so the callers would have to register to the cancellable themselves. Instead, support setting a cancellable to the NMAuthChain, that aborts the request and invokes the callback. It does so always on an idle handler. Also, the user may only set the cancellable once, and only before starting the first call. (cherry picked from commit ef7fd9e4e35359ecf83f5987816013c960d91cf1)
2020-04-26 15:40:40 +02:00
nm_assert(NM_IN_SET(nm_auth_subject_get_subject_type(subject),
NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS,
NM_AUTH_SUBJECT_TYPE_INTERNAL));
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
shared: nm-auth-subject: add unix-session type
2019-12-17 20:36:18 +01:00
if (nm_auth_subject_get_subject_type(subject) == NM_AUTH_SUBJECT_TYPE_INTERNAL)
auth: rework polkit autorization to use DBUS interface directly This makes NetworkManager independent of <polkit/polkit.h> development headers and libpolkit-gobject-1.so library. Instead communicate directly with polkit using its DBUS interface. PolicyKit support is now always compiled in. You can control polkit authorization with the configuration option [main] auth-polkit=yes|no If the configure option is omitted, a build time default value is used. This default value can be set with the configure option --enable-polkit. This commit adds a new class NMAuthManager that reimplements the relevant DBUS client parts. It takes source code from the polkit library. https://bugzilla.gnome.org/show_bug.cgi?id=734146 Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-14 13:34:57 +02:00
return TRUE;
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
auth: rework polkit autorization to use DBUS interface directly This makes NetworkManager independent of <polkit/polkit.h> development headers and libpolkit-gobject-1.so library. Instead communicate directly with polkit using its DBUS interface. PolicyKit support is now always compiled in. You can control polkit authorization with the configuration option [main] auth-polkit=yes|no If the configure option is omitted, a build time default value is used. This default value can be set with the configure option --enable-polkit. This commit adds a new class NMAuthManager that reimplements the relevant DBUS client parts. It takes source code from the polkit library. https://bugzilla.gnome.org/show_bug.cgi?id=734146 Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-14 13:34:57 +02:00
uid = nm_auth_subject_get_unix_process_uid(subject);
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
core: assume root always has a session for connection visibility Normally, users which are not part of a login session can't access connections. Root won't always be part of a login session, so allow root to bypass visibility checks. The code already bypassed the ACL checks for root, but in multiple places. Consolidate those checks into one function.
2012-12-16 11:38:04 -06:00
/* Root gets a free pass */
if (0 == uid)
return TRUE;
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
all: use nm_utils_uid_to_name() instead of getpwuid() We shouldn't use non-threadsafe API. We don't really know what other threads (e.g. GDBus' helper thread or GResolver) are doing.
2020-09-24 19:49:25 +02:00
user = nm_utils_uid_to_name(uid);
if (!user) {
core: add nm_auth_is_subject_in_acl_set_error() helper
2018-04-12 09:34:40 +02:00
NM_SET_OUT(out_error_desc,
g_strdup_printf("Could not determine username for uid %lu", uid));
core: add nm_auth_uid_in_acl() For checking whether a specific user ID is: 1) in a known session 2) allowed by the connection's permissions ACL
2010-11-18 13:49:47 -06:00
return FALSE;
}
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
core: fix crash when connecting to new Wi-Fi network (bgo #723163) If the user is AddAndActivating a new network, the connection may not have an NMSettingConnection yet, but we know that once it does, the user will be authorized.
2014-01-28 08:39:11 -05:00
s_con = nm_connection_get_setting_connection(connection);
if (!s_con) {
/* This can only happen when called from AddAndActivate, so we know
* the user will be authorized when the connection is completed.
*/
return TRUE;
}
core: add nm_auth_uid_in_acl() For checking whether a specific user ID is: 1) in a known session 2) allowed by the connection's permissions ACL
2010-11-18 13:49:47 -06:00
/* Match the username returned by the session check to a user in the ACL */
if (!nm_setting_connection_permissions_user_allowed(s_con, user)) {
core: add nm_auth_is_subject_in_acl_set_error() helper
2018-04-12 09:34:40 +02:00
NM_SET_OUT(out_error_desc,
g_strdup_printf("uid %lu has no permission to perform this operation", uid));
core: add nm_auth_uid_in_acl() For checking whether a specific user ID is: 1) in a known session 2) allowed by the connection's permissions ACL
2010-11-18 13:49:47 -06:00
return FALSE;
}
return TRUE;
}
core: add nm_auth_is_subject_in_acl_set_error() helper
2018-04-12 09:34:40 +02:00
gboolean
format: reformat source tree with clang-format 13.0 We use clang-format for automatic formatting of our source files. Since clang-format is actively maintained software, the actual formatting depends on the used version of clang-format. That is unfortunate and painful, but really unavoidable unless clang-format would be strictly bug-compatible. So the version that we must use is from the current Fedora release, which is also tested by our gitlab-ci. Previously, we were using Fedora 34 with clang-tools-extra-12.0.1-1.fc34.x86_64. As Fedora 35 comes along, we need to update our formatting as Fedora 35 comes with version "13.0.0~rc1-1.fc35". An alternative would be to freeze on version 12, but that has different problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it would be cumbersome for our developers which are on Fedora 35 to use a clang that they cannot easily install). The (differently painful) solution is to reformat from time to time, as we switch to a new Fedora (and thus clang) version. Usually we would expect that such a reformatting brings minor changes. But this time, the changes are huge. That is mentioned in the release notes [1] as Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353) [1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
2021-11-09 13:28:54 +01:00
nm_auth_is_subject_in_acl_set_error(NMConnection *connection,
core: add nm_auth_is_subject_in_acl_set_error() helper
2018-04-12 09:34:40 +02:00
NMAuthSubject *subject,
GQuark err_domain,
int err_code,
format: reformat source tree with clang-format 13.0 We use clang-format for automatic formatting of our source files. Since clang-format is actively maintained software, the actual formatting depends on the used version of clang-format. That is unfortunate and painful, but really unavoidable unless clang-format would be strictly bug-compatible. So the version that we must use is from the current Fedora release, which is also tested by our gitlab-ci. Previously, we were using Fedora 34 with clang-tools-extra-12.0.1-1.fc34.x86_64. As Fedora 35 comes along, we need to update our formatting as Fedora 35 comes with version "13.0.0~rc1-1.fc35". An alternative would be to freeze on version 12, but that has different problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it would be cumbersome for our developers which are on Fedora 35 to use a clang that they cannot easily install). The (differently painful) solution is to reformat from time to time, as we switch to a new Fedora (and thus clang) version. Usually we would expect that such a reformatting brings minor changes. But this time, the changes are huge. That is mentioned in the release notes [1] as Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353) [1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
2021-11-09 13:28:54 +01:00
GError **error)
core: add nm_auth_is_subject_in_acl_set_error() helper
2018-04-12 09:34:40 +02:00
{
char *error_desc = NULL;
nm_assert(!error || !*error);
if (nm_auth_is_subject_in_acl(connection, subject, error ? &error_desc : NULL))
return TRUE;
g_set_error_literal(error, err_domain, err_code, error_desc);
g_free(error_desc);
return FALSE;
}
core: add nm_auth_is_invocation_in_acl_set_error() helper
2020-09-24 19:11:40 +02:00
gboolean
format: reformat source tree with clang-format 13.0 We use clang-format for automatic formatting of our source files. Since clang-format is actively maintained software, the actual formatting depends on the used version of clang-format. That is unfortunate and painful, but really unavoidable unless clang-format would be strictly bug-compatible. So the version that we must use is from the current Fedora release, which is also tested by our gitlab-ci. Previously, we were using Fedora 34 with clang-tools-extra-12.0.1-1.fc34.x86_64. As Fedora 35 comes along, we need to update our formatting as Fedora 35 comes with version "13.0.0~rc1-1.fc35". An alternative would be to freeze on version 12, but that has different problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it would be cumbersome for our developers which are on Fedora 35 to use a clang that they cannot easily install). The (differently painful) solution is to reformat from time to time, as we switch to a new Fedora (and thus clang) version. Usually we would expect that such a reformatting brings minor changes. But this time, the changes are huge. That is mentioned in the release notes [1] as Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353) [1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
2021-11-09 13:28:54 +01:00
nm_auth_is_invocation_in_acl_set_error(NMConnection *connection,
core: add nm_auth_is_invocation_in_acl_set_error() helper
2020-09-24 19:11:40 +02:00
GDBusMethodInvocation *invocation,
GQuark err_domain,
int err_code,
format: reformat source tree with clang-format 13.0 We use clang-format for automatic formatting of our source files. Since clang-format is actively maintained software, the actual formatting depends on the used version of clang-format. That is unfortunate and painful, but really unavoidable unless clang-format would be strictly bug-compatible. So the version that we must use is from the current Fedora release, which is also tested by our gitlab-ci. Previously, we were using Fedora 34 with clang-tools-extra-12.0.1-1.fc34.x86_64. As Fedora 35 comes along, we need to update our formatting as Fedora 35 comes with version "13.0.0~rc1-1.fc35". An alternative would be to freeze on version 12, but that has different problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it would be cumbersome for our developers which are on Fedora 35 to use a clang that they cannot easily install). The (differently painful) solution is to reformat from time to time, as we switch to a new Fedora (and thus clang) version. Usually we would expect that such a reformatting brings minor changes. But this time, the changes are huge. That is mentioned in the release notes [1] as Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353) [1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
2021-11-09 13:28:54 +01:00
NMAuthSubject **out_subject,
GError **error)
core: add nm_auth_is_invocation_in_acl_set_error() helper
2020-09-24 19:11:40 +02:00
{
gs_unref_object NMAuthSubject *subject = NULL;
gboolean success;
nm_assert(!out_subject || !*out_subject);
subject = nm_dbus_manager_new_auth_subject_from_context(invocation);
if (!subject) {
g_set_error_literal(error, err_domain, err_code, NM_UTILS_ERROR_MSG_REQ_UID_UKNOWN);
return FALSE;
}
success = nm_auth_is_subject_in_acl_set_error(connection, subject, err_domain, err_code, error);
NM_SET_OUT(out_subject, g_steal_pointer(&subject));
return success;
}
Reference in a new issue Copy permalink