fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-21 04:00:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/src/nm-auth-utils.c

467 lines
12 KiB
C
Raw Normal View History

core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
/* NetworkManager -- Network link manager
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Copyright (C) 2010 Red Hat, Inc.
*/
all: cleanup includes and let "nm-default.h" include "config.h" - All internal source files (except "examples", which are not internal) should include "config.h" first. As also all internal source files should include "nm-default.h", let "config.h" be included by "nm-default.h" and include "nm-default.h" as first in every source file. We already wanted to include "nm-default.h" before other headers because it might contains some fixes (like "nm-glib.h" compatibility) that is required first. - After including "nm-default.h", we optinally allow for including the corresponding header file for the source file at hand. The idea is to ensure that each header file is self contained. - Don't include "config.h" or "nm-default.h" in any header file (except "nm-sd-adapt.h"). Public headers anyway must not include these headers, and internal headers are never included after "nm-default.h", as of the first previous point. - Include all internal headers with quotes instead of angle brackets. In practice it doesn't matter, because in our public headers we must include other headers with angle brackets. As we use our public headers also to compile our interal source files, effectively the result must be the same. Still do it for consistency. - Except for <config.h> itself. Include it with angle brackets as suggested by https://www.gnu.org/software/autoconf/manual/autoconf.html#Configuration-Headers
2016-02-19 14:57:48 +01:00
#include "nm-default.h"
all: consistently include config.h config.h should be included from every .c file, and it should be included before any other include. Fix that. (As a side effect of how I did this, this also changes us to consistently use "config.h" rather than <config.h>. To the extent that it matters [which is not much], quotes are more correct anyway, since we're talking about a file in our own build tree, not a system include.)
2014-11-13 10:07:02 -05:00
all: move NM_AUTH_PERMISSION_* defines to "nm-common-macros.h" header
2016-06-01 12:31:36 +02:00
#include "nm-auth-utils.h"
shared: move most of "shared/nm-utils" to "shared/nm-glib-aux" From the files under "shared/nm-utils" we build an internal library that provides glib-based helper utilities. Move the files of that basic library to a new subdirectory "shared/nm-glib-aux" and rename the helper library "libnm-core-base.la" to "libnm-glib-aux.la". Reasons: - the name "utils" is overused in our code-base. Everything's an "utils". Give this thing a more distinct name. - there were additional files under "shared/nm-utils", which are not part of this internal library "libnm-utils-base.la". All the files that are part of this library should be together in the same directory, but files that are not, should not be there. - the new name should better convey what this library is and what is isn't: it's a set of utilities and helper functions that extend glib with funcitonality that we commonly need. There are still some files left under "shared/nm-utils". They have less a unifying propose to be in their own directory, so I leave them there for now. But at least they are separate from "shared/nm-glib-aux", which has a very clear purpose. (cherry picked from commit 80db06f768e47541eae7d66ef48fbe47bf1a69ce)
2019-04-15 08:16:00 +02:00
#include "nm-glib-aux/nm-c-list.h"
core: consolidate PolicyKit code Use one global PolkitAuthority object; we only really need to use it in one place anyway. So consolidate the code that uses polkit into nm-manager-auth.c.
2011-05-18 22:20:24 -05:00
#include "nm-setting-connection.h"
core: add function to create auth chains from a subjects or contexts The subject already contains all the information we need.
2013-07-29 10:39:23 -05:00
#include "nm-auth-subject.h"
auth: rework polkit autorization to use DBUS interface directly This makes NetworkManager independent of <polkit/polkit.h> development headers and libpolkit-gobject-1.so library. Instead communicate directly with polkit using its DBUS interface. PolicyKit support is now always compiled in. You can control polkit authorization with the configuration option [main] auth-polkit=yes|no If the configure option is omitted, a build time default value is used. This default value can be set with the configure option --enable-polkit. This commit adds a new class NMAuthManager that reimplements the relevant DBUS client parts. It takes source code from the polkit library. https://bugzilla.gnome.org/show_bug.cgi?id=734146 Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-14 13:34:57 +02:00
#include "nm-auth-manager.h"
core: fill in nm-types.h, clean out other headers Clean up some of the cross-includes between headers (which made it so that, eg, if you included NetworkManagerUtils.h in a test program, you would need to build the test with -I$(top_srcdir)/src/platform, and if you included nm-device.h you'd need $(POLKIT_CFLAGS)) by moving all GObject struct definitions for src/ and src/settings/ into nm-types.h (which already existed to solve the NMDevice/NMActRequest circular references). Update various .c files to explicitly include the headers they used to get implicitly, and remove some now-unnecessary -I options from Makefiles.
2014-07-17 17:06:44 -04:00
#include "nm-session-monitor.h"
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
/*****************************************************************************/
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
struct NMAuthChain {
auth-chain/trivial: rename data field in NMAuthChain We already use "data" for other places. Let's use unique names that can be searched within one file.
2018-04-10 14:34:30 +02:00
GHashTable *data_hash;
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
CList auth_call_lst_head;
core: final gdbus porting Port remaining bits to gdbus and remove stray dbus-glib references Drop the dbus-glib version check from configure, since nothing depends on new dbus-glib any more. Move nm-dbus-glib-types.h and nm-gvaluearray-compat.h from include/ to libnm-util/ since they are now only used by libnm-util and libnm-glib.
2015-04-16 12:34:55 -04:00
GDBusMethodInvocation *context;
core: add function to create auth chains from a subjects or contexts The subject already contains all the information we need.
2013-07-29 10:39:23 -05:00
NMAuthSubject *subject;
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
NMAuthChainResultFunc done_func;
gpointer user_data;
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
bool is_destroyed:1;
bool is_finishing:1;
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
};
typedef struct {
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
CList auth_call_lst;
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
NMAuthChain *chain;
auth-manager: rework auth-manager's API Don't use the GAsyncResult pattern for internal API of auth-manager. Instead, use a simpler API that has a more strict API and simpler use. - return a call-id handle when scheduling the authorization request. The request is always scheduled asynchronsously and thus call-id is never %NULL. - the call-id can be used to cancel the request. It can be used exactly once, and only before the callback is invoked. - the async keeps the auth-manager alive. It needs to do so, because when cancelling the request we might not yet be done: instead we might still need to issue a CancelCheckAuthorization call (which we need to handle as well). - the callback is always invoked exactly once. Currently NMAuthManager's API effectivly is only called by NMAuthChain. The point of this is to make NMAuthManager's API more consumable, and thus let users use it directly (instead of using the NMAuthChain layer). As well known, we don't do a good job during shutdown of NetworkManager to release all resources and cancel pending requests. This rework also makes it possible to actually get this right. See the comment in nm_auth_manager_force_shutdown(). But yes, it is still a bit complicated to do a controlled shutdown, because we cannot just synchronously complete. We need to issue CancelCheckAuthorization D-Bus calls, and give these requests time to complete. The new API introduced by this patch would make that easier.
2018-04-09 13:27:03 +02:00
NMAuthManagerCallId *call_id;
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
char *permission;
core: rename PolkitCall to AuthCall
2011-05-20 10:07:26 -05:00
} AuthCall;
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
/*****************************************************************************/
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
static void _auth_chain_destroy (NMAuthChain *self);
/*****************************************************************************/
auth-chain: split handling auth-call in idle auth_call_complete() had two callers: once from the idle handler, and once from pk_call_cb(). The conditions are slightly different, split the function in two. For one, this allows to unset the obsolete call_idle_id.
2018-04-05 09:24:22 +02:00
static void
_ASSERT_call (AuthCall *call)
{
nm_assert (call);
nm_assert (call->chain);
nm_assert (nm_c_list_contains_entry (&call->chain->auth_call_lst_head, call, auth_call_lst));
}
/*****************************************************************************/
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
static void
auth_call_free (AuthCall *call)
{
auth-manager: rework auth-manager's API Don't use the GAsyncResult pattern for internal API of auth-manager. Instead, use a simpler API that has a more strict API and simpler use. - return a call-id handle when scheduling the authorization request. The request is always scheduled asynchronsously and thus call-id is never %NULL. - the call-id can be used to cancel the request. It can be used exactly once, and only before the callback is invoked. - the async keeps the auth-manager alive. It needs to do so, because when cancelling the request we might not yet be done: instead we might still need to issue a CancelCheckAuthorization call (which we need to handle as well). - the callback is always invoked exactly once. Currently NMAuthManager's API effectivly is only called by NMAuthChain. The point of this is to make NMAuthManager's API more consumable, and thus let users use it directly (instead of using the NMAuthChain layer). As well known, we don't do a good job during shutdown of NetworkManager to release all resources and cancel pending requests. This rework also makes it possible to actually get this right. See the comment in nm_auth_manager_force_shutdown(). But yes, it is still a bit complicated to do a controlled shutdown, because we cannot just synchronously complete. We need to issue CancelCheckAuthorization D-Bus calls, and give these requests time to complete. The new API introduced by this patch would make that easier.
2018-04-09 13:27:03 +02:00
if (call->call_id)
nm_auth_manager_check_authorization_cancel (call->call_id);
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
c_list_unlink_stale (&call->auth_call_lst);
g_free (call->permission);
g_slice_free (AuthCall, call);
}
/*****************************************************************************/
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
typedef struct {
auth-chain: optimize tracking of user data for NMAuthChain - instead of allocating memory separately for the @tag (key) and ChainData (data), store the tag also inside ChainData. - instead of adding two separate key and value items to GHashTable, use g_hash_table_add(), which is optimized for this case.
2018-04-05 09:43:45 +02:00
/* must be the first field. */
const char *tag;
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
gpointer data;
GDestroyNotify destroy;
auth-chain: optimize tracking of user data for NMAuthChain - instead of allocating memory separately for the @tag (key) and ChainData (data), store the tag also inside ChainData. - instead of adding two separate key and value items to GHashTable, use g_hash_table_add(), which is optimized for this case.
2018-04-05 09:43:45 +02:00
char tag_data[];
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
} ChainData;
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
static ChainData *
auth-chain: optimize tracking of user data for NMAuthChain - instead of allocating memory separately for the @tag (key) and ChainData (data), store the tag also inside ChainData. - instead of adding two separate key and value items to GHashTable, use g_hash_table_add(), which is optimized for this case.
2018-04-05 09:43:45 +02:00
chain_data_new (const char *tag, gpointer data, GDestroyNotify destroy)
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
{
ChainData *tmp;
auth-chain: optimize tracking of user data for NMAuthChain - instead of allocating memory separately for the @tag (key) and ChainData (data), store the tag also inside ChainData. - instead of adding two separate key and value items to GHashTable, use g_hash_table_add(), which is optimized for this case.
2018-04-05 09:43:45 +02:00
gsize l = strlen (tag);
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
auth-chain: optimize tracking of user data for NMAuthChain - instead of allocating memory separately for the @tag (key) and ChainData (data), store the tag also inside ChainData. - instead of adding two separate key and value items to GHashTable, use g_hash_table_add(), which is optimized for this case.
2018-04-05 09:43:45 +02:00
tmp = g_malloc (sizeof (ChainData) + l + 1);
tmp->tag = &tmp->tag_data[0];
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
tmp->data = data;
tmp->destroy = destroy;
auth-chain: optimize tracking of user data for NMAuthChain - instead of allocating memory separately for the @tag (key) and ChainData (data), store the tag also inside ChainData. - instead of adding two separate key and value items to GHashTable, use g_hash_table_add(), which is optimized for this case.
2018-04-05 09:43:45 +02:00
memcpy (&tmp->tag_data[0], tag, l + 1);
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
return tmp;
}
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
static void
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
chain_data_free (gpointer data)
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
{
ChainData *tmp = data;
if (tmp->destroy)
tmp->destroy (tmp->data);
auth-chain: optimize tracking of user data for NMAuthChain - instead of allocating memory separately for the @tag (key) and ChainData (data), store the tag also inside ChainData. - instead of adding two separate key and value items to GHashTable, use g_hash_table_add(), which is optimized for this case.
2018-04-05 09:43:45 +02:00
g_free (tmp);
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
}
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
static gpointer
_get_data (NMAuthChain *self, const char *tag)
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
{
ChainData *tmp;
auth-chain: create data-hash hashtable only when needed It makes sense to use NMAuthChain also when not attaching any user-data to the chain. The main reason would be, the ability to schedule multiple permission checks in parallel, and wait for them to complete together. Only allocate the hash-table, when we really need it.
2018-04-10 14:38:14 +02:00
if (!self->data_hash)
return NULL;
auth-chain/trivial: rename data field in NMAuthChain We already use "data" for other places. Let's use unique names that can be searched within one file.
2018-04-10 14:34:30 +02:00
tmp = g_hash_table_lookup (self->data_hash, &tag);
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
return tmp ? tmp->data : NULL;
}
gpointer
nm_auth_chain_get_data (NMAuthChain *self, const char *tag)
{
auth-chain: don't compare pointers explicitly against NULL
2018-04-05 09:33:52 +02:00
g_return_val_if_fail (self, NULL);
g_return_val_if_fail (tag, NULL);
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
return _get_data (self, tag);
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
}
core: add nm_auth_chain_steal_data() New function for removing data from the auth chain without destroying it.
2011-07-01 14:18:46 -05:00
/**
* nm_auth_chain_steal_data:
* @self: A #NMAuthChain.
* @tag: A "tag" uniquely identifying the data to steal.
*
docs: misc. typos pt2 Remainder of typos found using `codespell -q 3 --skip="./shared,./src/systemd,*.po" -I ../NetworkManager-word-whitelist.txt` whereby whitelist consists of: ``` ans busses cace cna conexant crasher iff liftime creat nd sav technik uint ``` https://github.com/NetworkManager/NetworkManager/pull/205
2018-09-15 07:20:54 -04:00
* Removes the datum associated with @tag from the chain's data associations,
core: add nm_auth_chain_steal_data() New function for removing data from the auth chain without destroying it.
2011-07-01 14:18:46 -05:00
* without invoking the association's destroy handler. The caller assumes
* ownership over the returned value.
*
* Returns: the datum originally associated with @tag
*/
gpointer
nm_auth_chain_steal_data (NMAuthChain *self, const char *tag)
{
ChainData *tmp;
gpointer value = NULL;
auth-chain: don't compare pointers explicitly against NULL
2018-04-05 09:33:52 +02:00
g_return_val_if_fail (self, NULL);
g_return_val_if_fail (tag, NULL);
core: add nm_auth_chain_steal_data() New function for removing data from the auth chain without destroying it.
2011-07-01 14:18:46 -05:00
auth-chain: create data-hash hashtable only when needed It makes sense to use NMAuthChain also when not attaching any user-data to the chain. The main reason would be, the ability to schedule multiple permission checks in parallel, and wait for them to complete together. Only allocate the hash-table, when we really need it.
2018-04-10 14:38:14 +02:00
if (!self->data_hash)
return NULL;
auth-chain/trivial: rename data field in NMAuthChain We already use "data" for other places. Let's use unique names that can be searched within one file.
2018-04-10 14:34:30 +02:00
tmp = g_hash_table_lookup (self->data_hash, &tag);
auth-chain: optimize tracking of user data for NMAuthChain - instead of allocating memory separately for the @tag (key) and ChainData (data), store the tag also inside ChainData. - instead of adding two separate key and value items to GHashTable, use g_hash_table_add(), which is optimized for this case.
2018-04-05 09:43:45 +02:00
if (!tmp)
return NULL;
value = tmp->data;
/* Make sure the destroy handler isn't called when freeing */
tmp->destroy = NULL;
auth-chain/trivial: rename data field in NMAuthChain We already use "data" for other places. Let's use unique names that can be searched within one file.
2018-04-10 14:34:30 +02:00
g_hash_table_remove (self->data_hash, tmp);
core: add nm_auth_chain_steal_data() New function for removing data from the auth chain without destroying it.
2011-07-01 14:18:46 -05:00
return value;
}
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
void
nm_auth_chain_set_data (NMAuthChain *self,
const char *tag,
gpointer data,
GDestroyNotify data_destroy)
{
auth-chain: don't compare pointers explicitly against NULL
2018-04-05 09:33:52 +02:00
g_return_if_fail (self);
g_return_if_fail (tag);
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
auth-chain: create data-hash hashtable only when needed It makes sense to use NMAuthChain also when not attaching any user-data to the chain. The main reason would be, the ability to schedule multiple permission checks in parallel, and wait for them to complete together. Only allocate the hash-table, when we really need it.
2018-04-10 14:38:14 +02:00
if (data == NULL) {
if (self->data_hash)
g_hash_table_remove (self->data_hash, &tag);
} else {
if (!self->data_hash) {
self->data_hash = g_hash_table_new_full (nm_pstr_hash, nm_pstr_equal,
NULL, chain_data_free);
}
auth-chain/trivial: rename data field in NMAuthChain We already use "data" for other places. Let's use unique names that can be searched within one file.
2018-04-10 14:34:30 +02:00
g_hash_table_add (self->data_hash,
auth-chain: optimize tracking of user data for NMAuthChain - instead of allocating memory separately for the @tag (key) and ChainData (data), store the tag also inside ChainData. - instead of adding two separate key and value items to GHashTable, use g_hash_table_add(), which is optimized for this case.
2018-04-05 09:43:45 +02:00
chain_data_new (tag, data, data_destroy));
core: PolicyKit-protect enable/disable networking method
2010-05-29 23:00:46 -07:00
}
}
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
/*****************************************************************************/
auth-utils: add nm_auth_chain_get_subject()
2015-07-15 15:42:50 +02:00
core: add helper to access authentication result
2010-11-17 16:56:34 -06:00
NMAuthCallResult
nm_auth_chain_get_result (NMAuthChain *self, const char *permission)
{
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
gpointer data;
auth-chain: don't compare pointers explicitly against NULL
2018-04-05 09:33:52 +02:00
g_return_val_if_fail (self, NM_AUTH_CALL_RESULT_UNKNOWN);
g_return_val_if_fail (permission, NM_AUTH_CALL_RESULT_UNKNOWN);
core: add helper to access authentication result
2010-11-17 16:56:34 -06:00
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
data = _get_data (self, permission);
return data ? GPOINTER_TO_UINT (data) : NM_AUTH_CALL_RESULT_UNKNOWN;
core: consolidate PolicyKit code Use one global PolkitAuthority object; we only really need to use it in one place anyway. So consolidate the code that uses polkit into nm-manager-auth.c.
2011-05-18 22:20:24 -05:00
}
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
NMAuthSubject *
nm_auth_chain_get_subject (NMAuthChain *self)
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
{
auth-chain: don't compare pointers explicitly against NULL
2018-04-05 09:33:52 +02:00
g_return_val_if_fail (self, NULL);
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
return self->subject;
}
/*****************************************************************************/
auth-chain: split handling auth-call in idle auth_call_complete() had two callers: once from the idle handler, and once from pk_call_cb(). The conditions are slightly different, split the function in two. For one, this allows to unset the obsolete call_idle_id.
2018-04-05 09:24:22 +02:00
static void
core: clean up auth handling after polkit enable/disable changes Slash and burn the #ifdef jungle so that the flow and blocks are cleaner and less confusing to follow.
2011-05-20 11:35:24 -05:00
auth_call_complete (AuthCall *call)
{
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
NMAuthChain *self;
auth-chain: split handling auth-call in idle auth_call_complete() had two callers: once from the idle handler, and once from pk_call_cb(). The conditions are slightly different, split the function in two. For one, this allows to unset the obsolete call_idle_id.
2018-04-05 09:24:22 +02:00
_ASSERT_call (call);
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
self = call->chain;
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
nm_assert (!self->is_finishing);
auth-chain: avoid another idle-call when auth-request completes NMAuthChain schedules (possibly) multiple authentication requests. When they all complete, it will once invoke the result-callback. There is no need to schedule this result-callback on another idle-handler, because nm_auth_manager_polkit_authority_check_authorization() should guarantee to invoke the callback never-synchronously and on a clean call-stack (to avoid problems with re-entrancy). At that point, NMAuthChain does not need to delay this further.
2018-04-09 12:36:06 +02:00
auth_call_free (call);
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
if (c_list_is_empty (&self->auth_call_lst_head)) {
auth-chain: avoid another idle-call when auth-request completes NMAuthChain schedules (possibly) multiple authentication requests. When they all complete, it will once invoke the result-callback. There is no need to schedule this result-callback on another idle-handler, because nm_auth_manager_polkit_authority_check_authorization() should guarantee to invoke the callback never-synchronously and on a clean call-stack (to avoid problems with re-entrancy). At that point, NMAuthChain does not need to delay this further.
2018-04-09 12:36:06 +02:00
/* we are on an idle-handler or a clean call-stack (non-reentrant). */
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
nm_assert (!self->is_destroyed);
nm_assert (!self->is_finishing);
self->is_finishing = TRUE;
self->done_func (self, NULL, self->context, self->user_data);
nm_assert (self->is_finishing);
_auth_chain_destroy (self);
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
}
auth-chain: split handling auth-call in idle auth_call_complete() had two callers: once from the idle handler, and once from pk_call_cb(). The conditions are slightly different, split the function in two. For one, this allows to unset the obsolete call_idle_id.
2018-04-05 09:24:22 +02:00
}
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
static void
auth-manager: rework auth-manager's API Don't use the GAsyncResult pattern for internal API of auth-manager. Instead, use a simpler API that has a more strict API and simpler use. - return a call-id handle when scheduling the authorization request. The request is always scheduled asynchronsously and thus call-id is never %NULL. - the call-id can be used to cancel the request. It can be used exactly once, and only before the callback is invoked. - the async keeps the auth-manager alive. It needs to do so, because when cancelling the request we might not yet be done: instead we might still need to issue a CancelCheckAuthorization call (which we need to handle as well). - the callback is always invoked exactly once. Currently NMAuthManager's API effectivly is only called by NMAuthChain. The point of this is to make NMAuthManager's API more consumable, and thus let users use it directly (instead of using the NMAuthChain layer). As well known, we don't do a good job during shutdown of NetworkManager to release all resources and cancel pending requests. This rework also makes it possible to actually get this right. See the comment in nm_auth_manager_force_shutdown(). But yes, it is still a bit complicated to do a controlled shutdown, because we cannot just synchronously complete. We need to issue CancelCheckAuthorization D-Bus calls, and give these requests time to complete. The new API introduced by this patch would make that easier.
2018-04-09 13:27:03 +02:00
pk_call_cb (NMAuthManager *auth_manager,
NMAuthManagerCallId *call_id,
gboolean is_authorized,
gboolean is_challenge,
GError *error,
gpointer user_data)
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
{
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
AuthCall *call;
auth-manager: add helper function nm_auth_call_result_eval() This makes NMAuthCallResult not only usable from within a NMAuthChain. It makes sense to just call nm-auth-manager directly, but then we need a way to convert the more detailed result into an NMAuthCallResult value.
2018-04-09 17:03:58 +02:00
NMAuthCallResult call_result;
auth-manager: rework auth-manager's API Don't use the GAsyncResult pattern for internal API of auth-manager. Instead, use a simpler API that has a more strict API and simpler use. - return a call-id handle when scheduling the authorization request. The request is always scheduled asynchronsously and thus call-id is never %NULL. - the call-id can be used to cancel the request. It can be used exactly once, and only before the callback is invoked. - the async keeps the auth-manager alive. It needs to do so, because when cancelling the request we might not yet be done: instead we might still need to issue a CancelCheckAuthorization call (which we need to handle as well). - the callback is always invoked exactly once. Currently NMAuthManager's API effectivly is only called by NMAuthChain. The point of this is to make NMAuthManager's API more consumable, and thus let users use it directly (instead of using the NMAuthChain layer). As well known, we don't do a good job during shutdown of NetworkManager to release all resources and cancel pending requests. This rework also makes it possible to actually get this right. See the comment in nm_auth_manager_force_shutdown(). But yes, it is still a bit complicated to do a controlled shutdown, because we cannot just synchronously complete. We need to issue CancelCheckAuthorization D-Bus calls, and give these requests time to complete. The new API introduced by this patch would make that easier.
2018-04-09 13:27:03 +02:00
if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
return;
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
call = user_data;
auth-manager: rework auth-manager's API Don't use the GAsyncResult pattern for internal API of auth-manager. Instead, use a simpler API that has a more strict API and simpler use. - return a call-id handle when scheduling the authorization request. The request is always scheduled asynchronsously and thus call-id is never %NULL. - the call-id can be used to cancel the request. It can be used exactly once, and only before the callback is invoked. - the async keeps the auth-manager alive. It needs to do so, because when cancelling the request we might not yet be done: instead we might still need to issue a CancelCheckAuthorization call (which we need to handle as well). - the callback is always invoked exactly once. Currently NMAuthManager's API effectivly is only called by NMAuthChain. The point of this is to make NMAuthManager's API more consumable, and thus let users use it directly (instead of using the NMAuthChain layer). As well known, we don't do a good job during shutdown of NetworkManager to release all resources and cancel pending requests. This rework also makes it possible to actually get this right. See the comment in nm_auth_manager_force_shutdown(). But yes, it is still a bit complicated to do a controlled shutdown, because we cannot just synchronously complete. We need to issue CancelCheckAuthorization D-Bus calls, and give these requests time to complete. The new API introduced by this patch would make that easier.
2018-04-09 13:27:03 +02:00
nm_assert (call->call_id == call_id);
call->call_id = NULL;
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
auth-manager: add helper function nm_auth_call_result_eval() This makes NMAuthCallResult not only usable from within a NMAuthChain. It makes sense to just call nm-auth-manager directly, but then we need a way to convert the more detailed result into an NMAuthCallResult value.
2018-04-09 17:03:58 +02:00
call_result = nm_auth_call_result_eval (is_authorized, is_challenge, error);
auth-utils: don't fail the auth chain if we can't get a single permissions It could be that the client is just newer and it's just too harsh to fail the whole request. Leave the unknown permission in unknown and possibly proceed filling in the rest.
2016-11-11 17:39:03 +01:00
nm_auth_chain_set_data (call->chain, call->permission, GUINT_TO_POINTER (call_result), NULL);
core: clean up auth handling after polkit enable/disable changes Slash and burn the #ifdef jungle so that the flow and blocks are cleaner and less confusing to follow.
2011-05-20 11:35:24 -05:00
auth_call_complete (call);
core: consolidate PolicyKit code Use one global PolkitAuthority object; we only really need to use it in one place anyway. So consolidate the code that uses polkit into nm-manager-auth.c.
2011-05-18 22:20:24 -05:00
}
auth: rework polkit autorization to use DBUS interface directly This makes NetworkManager independent of <polkit/polkit.h> development headers and libpolkit-gobject-1.so library. Instead communicate directly with polkit using its DBUS interface. PolicyKit support is now always compiled in. You can control polkit authorization with the configuration option [main] auth-polkit=yes|no If the configure option is omitted, a build time default value is used. This default value can be set with the configure option --enable-polkit. This commit adds a new class NMAuthManager that reimplements the relevant DBUS client parts. It takes source code from the polkit library. https://bugzilla.gnome.org/show_bug.cgi?id=734146 Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-14 13:34:57 +02:00
void
core: use same codepaths for root and non-root during authentication Instead of doing something like <get caller UID> if (root) { perform_operation() other boilerplate stuff return; } nm_auth_chain_new(perform_operation) ... just have root also go through the auth chain, which is now short circuited for root. This ensures we always use the same code paths for root and non-root, and that fixes made in one path are also executed for the other.
2012-10-08 12:52:15 -05:00
nm_auth_chain_add_call (NMAuthChain *self,
const char *permission,
gboolean allow_interaction)
{
AuthCall *call;
auth: rework polkit autorization to use DBUS interface directly This makes NetworkManager independent of <polkit/polkit.h> development headers and libpolkit-gobject-1.so library. Instead communicate directly with polkit using its DBUS interface. PolicyKit support is now always compiled in. You can control polkit authorization with the configuration option [main] auth-polkit=yes|no If the configure option is omitted, a build time default value is used. This default value can be set with the configure option --enable-polkit. This commit adds a new class NMAuthManager that reimplements the relevant DBUS client parts. It takes source code from the polkit library. https://bugzilla.gnome.org/show_bug.cgi?id=734146 Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-14 13:34:57 +02:00
NMAuthManager *auth_manager = nm_auth_manager_get ();
core: clean up auth handling after polkit enable/disable changes Slash and burn the #ifdef jungle so that the flow and blocks are cleaner and less confusing to follow.
2011-05-20 11:35:24 -05:00
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
g_return_if_fail (self);
auth: rework polkit autorization to use DBUS interface directly This makes NetworkManager independent of <polkit/polkit.h> development headers and libpolkit-gobject-1.so library. Instead communicate directly with polkit using its DBUS interface. PolicyKit support is now always compiled in. You can control polkit authorization with the configuration option [main] auth-polkit=yes|no If the configure option is omitted, a build time default value is used. This default value can be set with the configure option --enable-polkit. This commit adds a new class NMAuthManager that reimplements the relevant DBUS client parts. It takes source code from the polkit library. https://bugzilla.gnome.org/show_bug.cgi?id=734146 Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-14 13:34:57 +02:00
g_return_if_fail (self->subject);
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
g_return_if_fail (!self->is_finishing);
g_return_if_fail (!self->is_destroyed);
auth-chain: avoid another idle-call when auth-request completes NMAuthChain schedules (possibly) multiple authentication requests. When they all complete, it will once invoke the result-callback. There is no need to schedule this result-callback on another idle-handler, because nm_auth_manager_polkit_authority_check_authorization() should guarantee to invoke the callback never-synchronously and on a clean call-stack (to avoid problems with re-entrancy). At that point, NMAuthChain does not need to delay this further.
2018-04-09 12:36:06 +02:00
g_return_if_fail (permission && *permission);
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
nm_assert ( nm_auth_subject_is_unix_process (self->subject)
|| nm_auth_subject_is_internal (self->subject));
call = g_slice_new (AuthCall);
*call = (AuthCall) {
.chain = self,
.permission = g_strdup (permission),
};
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
c_list_link_tail (&self->auth_call_lst_head, &call->auth_call_lst);
auth-manager: let NMAuthChain always call to NMAuthManager for dummy requests NMAuthChain's nm_auth_chain_add_call() used to add special handling for the NMAuthSubject. This handling really belongs to NMAuthManager for two reasons: - NMAuthManager already goes through the effort of scheduling an idle handler to handle the case where no GDBusProxy is present. It can just as well handle the special cases where polkit-auth is disabled or when we have internal requests. - by NMAuthChain doing special handling, it makes it more complicated to call nm_auth_manager_check_authorization() directly. Previously, the NMAuthChain had additional logic, which means you either were forced to create an NMAuthChain, or you had to reimplement special handling like nm_auth_chain_add_call().
2018-04-09 16:04:46 +02:00
call->call_id = nm_auth_manager_check_authorization (auth_manager,
self->subject,
permission,
allow_interaction,
pk_call_cb,
call);
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
}
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
/*****************************************************************************/
/* Creates the NMAuthSubject automatically */
NMAuthChain *
nm_auth_chain_new_context (GDBusMethodInvocation *context,
NMAuthChainResultFunc done_func,
gpointer user_data)
{
NMAuthSubject *subject;
NMAuthChain *chain;
auth-chain: don't compare pointers explicitly against NULL
2018-04-05 09:33:52 +02:00
g_return_val_if_fail (context, NULL);
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
nm_assert (done_func);
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
subject = nm_auth_subject_new_unix_process_from_context (context);
if (!subject)
return NULL;
chain = nm_auth_chain_new_subject (subject,
context,
done_func,
user_data);
g_object_unref (subject);
return chain;
}
/* Requires an NMAuthSubject */
NMAuthChain *
nm_auth_chain_new_subject (NMAuthSubject *subject,
GDBusMethodInvocation *context,
NMAuthChainResultFunc done_func,
gpointer user_data)
{
NMAuthChain *self;
g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), NULL);
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
nm_assert ( nm_auth_subject_is_unix_process (subject)
|| nm_auth_subject_is_internal (subject));
nm_assert (done_func);
self = g_slice_new (NMAuthChain);
*self = (NMAuthChain) {
.done_func = done_func,
.user_data = user_data,
.context = nm_g_object_ref (context),
.subject = g_object_ref (subject),
.auth_call_lst_head = C_LIST_INIT (self->auth_call_lst_head),
};
auth-chain/trivial: move code
2018-04-05 09:07:12 +02:00
return self;
}
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
/**
auth-chain/trivial: rename nm_auth_chain_unref() to nm_auth_chain_destroy() NMAuthChain is not really ref-counted. True, we have an internal ref-counter to ensure that the instance stays alive while the callback is invoked. However, the user cannot take additional references as there is no nm_auth_chain_ref(). When the user wants to get rid of the auth-chain, with the current API it is important that the callback won't be called after that point. From the name nm_auth_chain_unref(), it sounds like that there could be multiple references to the auth-chain, and merely unreferencing the object might not guarantee that the callback is canceled. However, that is luckily not the case, because there is no real ref-counting involved here. Just rename the destroy function to make this clearer.
2018-04-09 11:52:55 +02:00
* nm_auth_chain_destroy:
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
* @self: the auth-chain
*
auth-chain/trivial: rename nm_auth_chain_unref() to nm_auth_chain_destroy() NMAuthChain is not really ref-counted. True, we have an internal ref-counter to ensure that the instance stays alive while the callback is invoked. However, the user cannot take additional references as there is no nm_auth_chain_ref(). When the user wants to get rid of the auth-chain, with the current API it is important that the callback won't be called after that point. From the name nm_auth_chain_unref(), it sounds like that there could be multiple references to the auth-chain, and merely unreferencing the object might not guarantee that the callback is canceled. However, that is luckily not the case, because there is no real ref-counting involved here. Just rename the destroy function to make this clearer.
2018-04-09 11:52:55 +02:00
* Destroys the auth-chain. By destroying the auth-chain, you also cancel
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
* the receipt of the done-callback. IOW, the callback will not be invoked.
*
auth-chain/trivial: rename nm_auth_chain_unref() to nm_auth_chain_destroy() NMAuthChain is not really ref-counted. True, we have an internal ref-counter to ensure that the instance stays alive while the callback is invoked. However, the user cannot take additional references as there is no nm_auth_chain_ref(). When the user wants to get rid of the auth-chain, with the current API it is important that the callback won't be called after that point. From the name nm_auth_chain_unref(), it sounds like that there could be multiple references to the auth-chain, and merely unreferencing the object might not guarantee that the callback is canceled. However, that is luckily not the case, because there is no real ref-counting involved here. Just rename the destroy function to make this clearer.
2018-04-09 11:52:55 +02:00
* The only exception is, if may call nm_auth_chain_destroy() from inside
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
* the callback. In this case, @self stays alive until the callback returns.
auth-chain/trivial: rename nm_auth_chain_unref() to nm_auth_chain_destroy() NMAuthChain is not really ref-counted. True, we have an internal ref-counter to ensure that the instance stays alive while the callback is invoked. However, the user cannot take additional references as there is no nm_auth_chain_ref(). When the user wants to get rid of the auth-chain, with the current API it is important that the callback won't be called after that point. From the name nm_auth_chain_unref(), it sounds like that there could be multiple references to the auth-chain, and merely unreferencing the object might not guarantee that the callback is canceled. However, that is luckily not the case, because there is no real ref-counting involved here. Just rename the destroy function to make this clearer.
2018-04-09 11:52:55 +02:00
*
* Note that you might only destroy an auth-chain exactly once, and never
* after the callback was handled.
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
*/
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
void
auth-chain/trivial: rename nm_auth_chain_unref() to nm_auth_chain_destroy() NMAuthChain is not really ref-counted. True, we have an internal ref-counter to ensure that the instance stays alive while the callback is invoked. However, the user cannot take additional references as there is no nm_auth_chain_ref(). When the user wants to get rid of the auth-chain, with the current API it is important that the callback won't be called after that point. From the name nm_auth_chain_unref(), it sounds like that there could be multiple references to the auth-chain, and merely unreferencing the object might not guarantee that the callback is canceled. However, that is luckily not the case, because there is no real ref-counting involved here. Just rename the destroy function to make this clearer.
2018-04-09 11:52:55 +02:00
nm_auth_chain_destroy (NMAuthChain *self)
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
{
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
g_return_if_fail (self);
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
g_return_if_fail (!self->is_destroyed);
self->is_destroyed = TRUE;
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
if (self->is_finishing) {
/* we are called from inside the callback. Keep the instance alive for the moment. */
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
return;
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
}
_auth_chain_destroy (self);
}
static void
_auth_chain_destroy (NMAuthChain *self)
{
AuthCall *call;
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
nm_clear_g_object (&self->subject);
nm_clear_g_object (&self->context);
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
while ((call = c_list_first_entry (&self->auth_call_lst_head, AuthCall, auth_call_lst)))
auth_call_free (call);
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
auth-chain/trivial: rename data field in NMAuthChain We already use "data" for other places. Let's use unique names that can be searched within one file.
2018-04-10 14:34:30 +02:00
nm_clear_pointer (&self->data_hash, g_hash_table_destroy);
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
auth-utils: some refactoring in nm-auth-utils.c - move nm_auth_chain_check_done() and nm_auth_chain_remove_call() into the only caller auth_call_complete(). - take a ref of the "context" argument. - in nm_auth_chain_add_call(), assert that we didn't yet invoke the done-callback. The auth-chain should not be reusued. - use slice allocator for ChainData, AuthCall and NMAuthChain
2015-08-31 16:37:55 +02:00
g_slice_free (NMAuthChain, self);
core: add permissions framework for various operations (rh #585182) (bgo #619323)
2010-05-28 18:23:00 -07:00
}
auth-chain: use CList for tracking pending authentication requests
2018-04-04 21:38:38 +02:00
/******************************************************************************
* utils
*****************************************************************************/
core: root can always enable/disable and sleep/wake
2010-05-30 08:30:37 -07:00
core: add nm_auth_uid_in_acl() For checking whether a specific user ID is: 1) in a known session 2) allowed by the connection's permissions ACL
2010-11-18 13:49:47 -06:00
gboolean
auth: rework polkit autorization to use DBUS interface directly This makes NetworkManager independent of <polkit/polkit.h> development headers and libpolkit-gobject-1.so library. Instead communicate directly with polkit using its DBUS interface. PolicyKit support is now always compiled in. You can control polkit authorization with the configuration option [main] auth-polkit=yes|no If the configure option is omitted, a build time default value is used. This default value can be set with the configure option --enable-polkit. This commit adds a new class NMAuthManager that reimplements the relevant DBUS client parts. It takes source code from the polkit library. https://bugzilla.gnome.org/show_bug.cgi?id=734146 Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-14 13:34:57 +02:00
nm_auth_is_subject_in_acl (NMConnection *connection,
NMAuthSubject *subject,
char **out_error_desc)
core: add nm_auth_uid_in_acl() For checking whether a specific user ID is: 1) in a known session 2) allowed by the connection's permissions ACL
2010-11-18 13:49:47 -06:00
{
NMSettingConnection *s_con;
const char *user = NULL;
auth: rework polkit autorization to use DBUS interface directly This makes NetworkManager independent of <polkit/polkit.h> development headers and libpolkit-gobject-1.so library. Instead communicate directly with polkit using its DBUS interface. PolicyKit support is now always compiled in. You can control polkit authorization with the configuration option [main] auth-polkit=yes|no If the configure option is omitted, a build time default value is used. This default value can be set with the configure option --enable-polkit. This commit adds a new class NMAuthManager that reimplements the relevant DBUS client parts. It takes source code from the polkit library. https://bugzilla.gnome.org/show_bug.cgi?id=734146 Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-14 13:34:57 +02:00
gulong uid;
core: add nm_auth_uid_in_acl() For checking whether a specific user ID is: 1) in a known session 2) allowed by the connection's permissions ACL
2010-11-18 13:49:47 -06:00
auth-chain: don't compare pointers explicitly against NULL
2018-04-05 09:33:52 +02:00
g_return_val_if_fail (connection, FALSE);
auth: rework polkit autorization to use DBUS interface directly This makes NetworkManager independent of <polkit/polkit.h> development headers and libpolkit-gobject-1.so library. Instead communicate directly with polkit using its DBUS interface. PolicyKit support is now always compiled in. You can control polkit authorization with the configuration option [main] auth-polkit=yes|no If the configure option is omitted, a build time default value is used. This default value can be set with the configure option --enable-polkit. This commit adds a new class NMAuthManager that reimplements the relevant DBUS client parts. It takes source code from the polkit library. https://bugzilla.gnome.org/show_bug.cgi?id=734146 Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-14 13:34:57 +02:00
g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), FALSE);
auth-chain: drop refcounting of NMAuthChain for simple flags NMAuthChain is not really ref-counted, there is no need for that additional complexity. But it is graceful towards calling nm_auth_chain_destroy() from inside the callback. The caller may do so. But we don't need a "ref_count" to track that. Two flags suffice: one to say whether destroy was called and one to indicate that we are in the process of finishing (to delay deallocating the NMAuthChain struct). We already had the "done" flag that we used to indicate that the chain is finished. So, we just need one more flag instead.
2019-05-02 10:33:53 +02:00
nm_assert ( nm_auth_subject_is_internal (subject)
|| nm_auth_subject_is_unix_process (subject));
auth: rework polkit autorization to use DBUS interface directly This makes NetworkManager independent of <polkit/polkit.h> development headers and libpolkit-gobject-1.so library. Instead communicate directly with polkit using its DBUS interface. PolicyKit support is now always compiled in. You can control polkit authorization with the configuration option [main] auth-polkit=yes|no If the configure option is omitted, a build time default value is used. This default value can be set with the configure option --enable-polkit. This commit adds a new class NMAuthManager that reimplements the relevant DBUS client parts. It takes source code from the polkit library. https://bugzilla.gnome.org/show_bug.cgi?id=734146 Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-14 13:34:57 +02:00
if (nm_auth_subject_is_internal (subject))
return TRUE;
uid = nm_auth_subject_get_unix_process_uid (subject);
core: add nm_auth_uid_in_acl() For checking whether a specific user ID is: 1) in a known session 2) allowed by the connection's permissions ACL
2010-11-18 13:49:47 -06:00
core: assume root always has a session for connection visibility Normally, users which are not part of a login session can't access connections. Root won't always be part of a login session, so allow root to bypass visibility checks. The code already bypassed the ACL checks for root, but in multiple places. Consolidate those checks into one function.
2012-12-16 11:38:04 -06:00
/* Root gets a free pass */
if (0 == uid)
return TRUE;
session: switch code to nm_session_monitor_session_exists() Acked-By: Thomas Haller <thaller@redhat.com>
2015-01-02 21:20:38 +01:00
if (!nm_session_monitor_uid_to_user (uid, &user)) {
core: add nm_auth_is_subject_in_acl_set_error() helper
2018-04-12 09:34:40 +02:00
NM_SET_OUT (out_error_desc,
g_strdup_printf ("Could not determine username for uid %lu", uid));
core: add nm_auth_uid_in_acl() For checking whether a specific user ID is: 1) in a known session 2) allowed by the connection's permissions ACL
2010-11-18 13:49:47 -06:00
return FALSE;
}
core: fix crash when connecting to new Wi-Fi network (bgo #723163) If the user is AddAndActivating a new network, the connection may not have an NMSettingConnection yet, but we know that once it does, the user will be authorized.
2014-01-28 08:39:11 -05:00
s_con = nm_connection_get_setting_connection (connection);
if (!s_con) {
/* This can only happen when called from AddAndActivate, so we know
* the user will be authorized when the connection is completed.
*/
return TRUE;
}
core: add nm_auth_uid_in_acl() For checking whether a specific user ID is: 1) in a known session 2) allowed by the connection's permissions ACL
2010-11-18 13:49:47 -06:00
/* Match the username returned by the session check to a user in the ACL */
if (!nm_setting_connection_permissions_user_allowed (s_con, user)) {
core: add nm_auth_is_subject_in_acl_set_error() helper
2018-04-12 09:34:40 +02:00
NM_SET_OUT (out_error_desc,
g_strdup_printf ("uid %lu has no permission to perform this operation", uid));
core: add nm_auth_uid_in_acl() For checking whether a specific user ID is: 1) in a known session 2) allowed by the connection's permissions ACL
2010-11-18 13:49:47 -06:00
return FALSE;
}
return TRUE;
}
core: add nm_auth_is_subject_in_acl_set_error() helper
2018-04-12 09:34:40 +02:00
gboolean
nm_auth_is_subject_in_acl_set_error (NMConnection *connection,
NMAuthSubject *subject,
GQuark err_domain,
int err_code,
GError **error)
{
char *error_desc = NULL;
nm_assert (!error || !*error);
if (nm_auth_is_subject_in_acl (connection,
subject,
error ? &error_desc : NULL))
return TRUE;
g_set_error_literal (error, err_domain, err_code, error_desc);
g_free (error_desc);
return FALSE;
}
Reference in a new issue Copy permalink