NetworkManager/clients/cli/polkit-agent.c

// SPDX-License-Identifier: GPL-2.0+
/*
 * Copyright (C) 2014 Red Hat, Inc.
 */

#include "nm-default.h"

#include "polkit-agent.h"

#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>

#include "nm-polkit-listener.h"
#include "common.h"

static char *
polkit_read_passwd (gpointer instance,
                    const char *action_id,
                    const char *message,
                    const char *user,
                    gpointer user_data)
{
	NmCli *nmc = user_data;

	g_print ("%s\n", message);
	g_print ("(action_id: %s)\n", action_id);

	/* Ask user for polkit authorization password */
	if (user) {
		return nmc_readline_echo (&nmc->nmc_config, FALSE, "password (%s): ", user);
	}
	return nmc_readline_echo (&nmc->nmc_config, FALSE, "password: ");
}

static void
polkit_error (gpointer instance,
              const char *error,
              gpointer user_data)
{
	g_printerr (_("Error: polkit agent failed: %s\n"), error);
}

gboolean
nmc_polkit_agent_init (NmCli* nmc, gboolean for_session, GError **error)
{
	NMPolkitListener *listener;
	GDBusConnection *dbus_connection = NULL;

	g_return_val_if_fail (error == NULL || *error == NULL, FALSE);

	if (nmc->client && nm_client_get_dbus_connection (nmc->client)) {
		dbus_connection = nm_client_get_dbus_connection (nmc->client);
		listener = nm_polkit_listener_new (dbus_connection, for_session);
	} else {
		dbus_connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM,
		                                  NULL,
		                                  error);

		if (!dbus_connection) {
			return FALSE;
		}

		listener = nm_polkit_listener_new (dbus_connection, for_session);
		g_object_unref (dbus_connection);
	}

	g_signal_connect (listener,
	                  NM_POLKIT_LISTENER_SIGNAL_REQUEST_SYNC,
	                  G_CALLBACK (polkit_read_passwd),
	                  nmc);
	g_signal_connect (listener,
	                  NM_POLKIT_LISTENER_SIGNAL_ERROR,
	                  G_CALLBACK (polkit_error),
	                  NULL);

	nmc->pk_listener = listener;
	return TRUE;
}

void
nmc_polkit_agent_fini (NmCli* nmc)
{
	if (nmc->pk_listener) {
		g_clear_object (&nmc->pk_listener);
	}
}

gboolean
nmc_start_polkit_agent_start_try (NmCli *nmc)
{
	gs_free_error GError *error = NULL;

	/* We don't register polkit agent at all when running non-interactively */
	if (!nmc->ask)
		return TRUE;

	if (!nmc_polkit_agent_init (nmc, FALSE, &error)) {
		g_printerr (_("Warning: polkit agent initialization failed: %s\n"),
		            error->message);
		return FALSE;
	}
	return TRUE;
}
all: SPDX header conversion $ find * -type f \|xargs perl contrib/scripts/spdx.pl $ git rm contrib/scripts/spdx.pl 2019-09-10 11:19:01 +02:00			`// SPDX-License-Identifier: GPL-2.0+`
all: manually drop code comments with file description 2019-09-25 13:13:40 +02:00			`/*`
all: unify format of our Copyright source code comments ```bash readarray -d '' FILES < <( git ls-files -z \ ':(exclude)po' \ ':(exclude)shared/c-rbtree' \ ':(exclude)shared/c-list' \ ':(exclude)shared/c-siphash' \ ':(exclude)shared/c-stdaux' \ ':(exclude)shared/n-acd' \ ':(exclude)shared/n-dhcp4' \ ':(exclude)src/systemd/src' \ ':(exclude)shared/systemd/src' \ ':(exclude)m4' \ ':(exclude)COPYING' ) sed \ -e 's/^\(--\\|#\\| \\) \(([cC]) \)\?Copyright \+\(\(([cC])\) \+\)\?\(\(20\\|19\)[0-9][0-9]\) [-–] \(\(20\\|19\)[0-9][0-9]\) \+\([^ ].\)$/\1 C1pyright#\5 - \7#\9/' \ -e 's/^\(--\\|#\\| \\) \(([cC]) \)\?Copyright \+\(\(([cC])\) \+\)\?\(\(20\\|19\)[0-9][0-9]\) [,] \(\(20\\|19\)[0-9][0-9]\) \+\([^ ].\)$/\1 C2pyright#\5, \7#\9/' \ -e 's/^\(--\\|#\\| \\) \(([cC]) \)\?Copyright \+\(\(([cC])\) \+\)\?\(\(20\\|19\)[0-9][0-9]\) \+\([^ ].\)$/\1 C3pyright#\5#\7/' \ -e 's/^Copyright \(\(20\\|19\)[0-9][0-9]\) \+\([^ ].\)$/C4pyright#\1#\3/' \ -i \ "${FILES[@]}" echo ">>> untouched Copyright lines" git grep Copyright "${FILES[@]}" echo ">>> Copyright lines with unusual extra" git grep '\<C[0-9]pyright#' "${FILES[@]}" \| grep -i reserved sed \ -e 's/\<C[0-9]pyright#\([^#]\)#\(.\)$/Copyright (C) \1 \2/' \ -i \ "${FILES[@]}" ``` https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/298 2019-10-01 09:20:35 +02:00			`* Copyright (C) 2014 Red Hat, Inc.`
cli: add a polkit agent support for nmcli Example: nmcli --ask general hostname computer007 2014-10-30 11:25:55 +01:00			`*/`

all: cleanup includes and let "nm-default.h" include "config.h" - All internal source files (except "examples", which are not internal) should include "config.h" first. As also all internal source files should include "nm-default.h", let "config.h" be included by "nm-default.h" and include "nm-default.h" as first in every source file. We already wanted to include "nm-default.h" before other headers because it might contains some fixes (like "nm-glib.h" compatibility) that is required first. - After including "nm-default.h", we optinally allow for including the corresponding header file for the source file at hand. The idea is to ensure that each header file is self contained. - Don't include "config.h" or "nm-default.h" in any header file (except "nm-sd-adapt.h"). Public headers anyway must not include these headers, and internal headers are never included after "nm-default.h", as of the first previous point. - Include all internal headers with quotes instead of angle brackets. In practice it doesn't matter, because in our public headers we must include other headers with angle brackets. As we use our public headers also to compile our interal source files, effectively the result must be the same. Still do it for consistency. - Except for <config.h> itself. Include it with angle brackets as suggested by https://www.gnu.org/software/autoconf/manual/autoconf.html#Configuration-Headers 2016-02-19 14:57:48 +01:00			`#include "nm-default.h"`
cli: add a polkit agent support for nmcli Example: nmcli --ask general hostname computer007 2014-10-30 11:25:55 +01:00
cli: move NmcMetaGenericInfo to "utils.h" 2017-04-04 13:52:13 +02:00			`#include "polkit-agent.h"`

cli: add a polkit agent support for nmcli Example: nmcli --ask general hostname computer007 2014-10-30 11:25:55 +01:00			`#include <stdio.h>`
			`#include <sys/types.h>`
			`#include <unistd.h>`

			`#include "nm-polkit-listener.h"`
			`#include "common.h"`

			`static char *`
clients: polkit-agent: implement polkit agent without using libpolkit 2019-12-17 16:42:05 +01:00			`polkit_read_passwd (gpointer instance,`
			`const char *action_id,`
			`const char *message,`
			`const char *user,`
			`gpointer user_data)`
cli: add a polkit agent support for nmcli Example: nmcli --ask general hostname computer007 2014-10-30 11:25:55 +01:00			`{`
cli: don't use global nm_cli in nmc_readline_*() Globals are bad. Don't let nmc_readline_helper() access nm_cli. Instead, pass nmc_config along. nmc_config albeit being a complex struct, is much more begning: - the configuration nmc_config is initialized early on and afterwards immutable. - it only contains simple fields, which affect the behavior. - it's not a global. While passing around the complex configuration struct, it is clear that all callpaths don't access additional global information. 2018-10-09 11:50:26 +02:00			`NmCli *nmc = user_data;`
cli: add a polkit agent support for nmcli Example: nmcli --ask general hostname computer007 2014-10-30 11:25:55 +01:00
			`g_print ("%s\n", message);`
			`g_print ("(action_id: %s)\n", action_id);`

			`/* Ask user for polkit authorization password */`
			`if (user) {`
clients: polkit-agent: implement polkit agent without using libpolkit 2019-12-17 16:42:05 +01:00			`return nmc_readline_echo (&nmc->nmc_config, FALSE, "password (%s): ", user);`
cli: don't use global nm_cli in nmc_readline_*() Globals are bad. Don't let nmc_readline_helper() access nm_cli. Instead, pass nmc_config along. nmc_config albeit being a complex struct, is much more begning: - the configuration nmc_config is initialized early on and afterwards immutable. - it only contains simple fields, which affect the behavior. - it's not a global. While passing around the complex configuration struct, it is clear that all callpaths don't access additional global information. 2018-10-09 11:50:26 +02:00			`}`
clients: polkit-agent: implement polkit agent without using libpolkit 2019-12-17 16:42:05 +01:00			`return nmc_readline_echo (&nmc->nmc_config, FALSE, "password: ");`
cli: add a polkit agent support for nmcli Example: nmcli --ask general hostname computer007 2014-10-30 11:25:55 +01:00			`}`

			`static void`
clients: polkit-agent: implement polkit agent without using libpolkit 2019-12-17 16:42:05 +01:00			`polkit_error (gpointer instance,`
			`const char *error,`
			`gpointer user_data)`
cli: add a polkit agent support for nmcli Example: nmcli --ask general hostname computer007 2014-10-30 11:25:55 +01:00			`{`
clients: polkit-agent: implement polkit agent without using libpolkit 2019-12-17 16:42:05 +01:00			`g_printerr (_("Error: polkit agent failed: %s\n"), error);`
cli: add a polkit agent support for nmcli Example: nmcli --ask general hostname computer007 2014-10-30 11:25:55 +01:00			`}`

			`gboolean`
			`nmc_polkit_agent_init (NmCli* nmc, gboolean for_session, GError **error)`
			`{`
cli: rework callbacks in NMPolkitListener to use one vtable structure Instead of setting multiple callbacks, just let the user set one vtable with callbacks. Usually, GObject would implement this via signals. While that makes sense for public objects, for example to work better with GIR and allow intercepting the signal, this is overkill for our internal type. And NMPolkitListener already did not make use of signals, for good reason. Instead of passing multiple callbacks, must pass one structure with callback pointers. Also, extend the signature of the callbacks to always contain a @self argument and a @user_data. 2018-04-06 23:54:33 +02:00			`NMPolkitListener *listener;`
clients: polkit-agent: implement polkit agent without using libpolkit 2019-12-17 16:42:05 +01:00			`GDBusConnection *dbus_connection = NULL;`
cli: add a polkit agent support for nmcli Example: nmcli --ask general hostname computer007 2014-10-30 11:25:55 +01:00
			`g_return_val_if_fail (error == NULL \|\| *error == NULL, FALSE);`

clients: polkit-agent: implement polkit agent without using libpolkit 2019-12-17 16:42:05 +01:00			`if (nmc->client && nm_client_get_dbus_connection (nmc->client)) {`
			`dbus_connection = nm_client_get_dbus_connection (nmc->client);`
			`listener = nm_polkit_listener_new (dbus_connection, for_session);`
			`} else {`
			`dbus_connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM,`
			`NULL,`
			`error);`

			`if (!dbus_connection) {`
			`return FALSE;`
			`}`

			`listener = nm_polkit_listener_new (dbus_connection, for_session);`
			`g_object_unref (dbus_connection);`
			`}`
cli: add a polkit agent support for nmcli Example: nmcli --ask general hostname computer007 2014-10-30 11:25:55 +01:00
clients: polkit-agent: implement polkit agent without using libpolkit 2019-12-17 16:42:05 +01:00			`g_signal_connect (listener,`
cli/polkit: rename NM_POLKIT_LISTENER_SIGNAL_REQUEST signal to "request-sync" The response is blocking, which generally is rather ugly. Let's not fix that now, but at least rename the signal so that it clearly points this out. 2020-04-06 12:06:45 +02:00			`NM_POLKIT_LISTENER_SIGNAL_REQUEST_SYNC,`
clients: polkit-agent: implement polkit agent without using libpolkit 2019-12-17 16:42:05 +01:00			`G_CALLBACK (polkit_read_passwd),`
			`nmc);`
			`g_signal_connect (listener,`
			`NM_POLKIT_LISTENER_SIGNAL_ERROR,`
			`G_CALLBACK (polkit_error),`
			`NULL);`
cli: add a polkit agent support for nmcli Example: nmcli --ask general hostname computer007 2014-10-30 11:25:55 +01:00
cli: rework callbacks in NMPolkitListener to use one vtable structure Instead of setting multiple callbacks, just let the user set one vtable with callbacks. Usually, GObject would implement this via signals. While that makes sense for public objects, for example to work better with GIR and allow intercepting the signal, this is overkill for our internal type. And NMPolkitListener already did not make use of signals, for good reason. Instead of passing multiple callbacks, must pass one structure with callback pointers. Also, extend the signature of the callbacks to always contain a @self argument and a @user_data. 2018-04-06 23:54:33 +02:00			`nmc->pk_listener = listener;`
cli: add a polkit agent support for nmcli Example: nmcli --ask general hostname computer007 2014-10-30 11:25:55 +01:00			`return TRUE;`
			`}`

			`void`
			`nmc_polkit_agent_fini (NmCli* nmc)`
			`{`
cli: rework callbacks in NMPolkitListener to use one vtable structure Instead of setting multiple callbacks, just let the user set one vtable with callbacks. Usually, GObject would implement this via signals. While that makes sense for public objects, for example to work better with GIR and allow intercepting the signal, this is overkill for our internal type. And NMPolkitListener already did not make use of signals, for good reason. Instead of passing multiple callbacks, must pass one structure with callback pointers. Also, extend the signature of the callbacks to always contain a @self argument and a @user_data. 2018-04-06 23:54:33 +02:00			`if (nmc->pk_listener) {`
			`g_clear_object (&nmc->pk_listener);`
			`}`
cli: add a polkit agent support for nmcli Example: nmcli --ask general hostname computer007 2014-10-30 11:25:55 +01:00			`}`

cli: add 'nmcli agent' command (bgo #739568) Synopsis: nmcli agent { secret \| polkit \| all } The command runs separate NetworkManager secret agent or session polkit agent, or both. It is useful when - no other secret agent is available (such as GUI nm-applet, gnome-shell, KDE applet) - no other polkit agent is available (such as polkit-gnome-authentication-agent-1, polkit-kde-authentication-agent-1 or lxpolkit) https://bugzilla.gnome.org/show_bug.cgi?id=739568 2014-10-30 15:45:43 +01:00			`gboolean`
			`nmc_start_polkit_agent_start_try (NmCli *nmc)`
			`{`
clients: polkit-agent: implement polkit agent without using libpolkit 2019-12-17 16:42:05 +01:00			`gs_free_error GError *error = NULL;`
cli: add 'nmcli agent' command (bgo #739568) Synopsis: nmcli agent { secret \| polkit \| all } The command runs separate NetworkManager secret agent or session polkit agent, or both. It is useful when - no other secret agent is available (such as GUI nm-applet, gnome-shell, KDE applet) - no other polkit agent is available (such as polkit-gnome-authentication-agent-1, polkit-kde-authentication-agent-1 or lxpolkit) https://bugzilla.gnome.org/show_bug.cgi?id=739568 2014-10-30 15:45:43 +01:00
			`/* We don't register polkit agent at all when running non-interactively */`
			`if (!nmc->ask)`
			`return TRUE;`

			`if (!nmc_polkit_agent_init (nmc, FALSE, &error)) {`
			`g_printerr (_("Warning: polkit agent initialization failed: %s\n"),`
			`error->message);`
			`return FALSE;`
			`}`
			`return TRUE;`
			`}`