diff --git a/src/nm-activation-request.c b/src/nm-activation-request.c index 6c331777f3..d0b1934b29 100644 --- a/src/nm-activation-request.c +++ b/src/nm-activation-request.c @@ -52,7 +52,6 @@ typedef struct { typedef struct { guint device_state_id; - char *dbus_sender; GSList *secrets_calls; gboolean shared; GSList *share_rules; @@ -68,14 +67,6 @@ nm_act_request_get_connection (NMActRequest *req) return nm_active_connection_get_connection (NM_ACTIVE_CONNECTION (req)); } -const char * -nm_act_request_get_dbus_sender (NMActRequest *req) -{ - g_return_val_if_fail (NM_IS_ACT_REQUEST (req), NULL); - - return NM_ACT_REQUEST_GET_PRIVATE (req)->dbus_sender; -} - /*******************************************************************/ typedef struct { @@ -351,11 +342,7 @@ device_state_changed (NMDevice *device, GParamSpec *pspec, NMActRequest *self) * @connection: the connection to activate @device with * @specific_object: the object path of the specific object (ie, WiFi access point, * etc) that will be used to activate @connection and @device - * @user_requested: pass %TRUE if the activation was requested via D-Bus, - * otherwise %FALSE if requested internally by NM (ie, autoconnect) - * @user_uid: if @user_requested is %TRUE, the Unix UID of the user that requested - * @dbus_sender: if @user_requested is %TRUE, the D-BUS sender that requested - * the activation + * @subject: the #NMAuthSubject representing the requestor of the activation * @device: the device/interface to configure according to @connection * @master: if the activation depends on another device (ie, bond or bridge * or team master to which this device will be enslaved) pass the #NMDevice @@ -368,29 +355,21 @@ device_state_changed (NMDevice *device, GParamSpec *pspec, NMActRequest *self) NMActRequest * nm_act_request_new (NMConnection *connection, const char *specific_object, - gboolean user_requested, - gulong user_uid, - const char *dbus_sender, + NMAuthSubject *subject, NMDevice *device, NMDevice *master) { - GObject *object; - g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL); g_return_val_if_fail (NM_IS_DEVICE (device), NULL); + g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), NULL); - object = g_object_new (NM_TYPE_ACT_REQUEST, - NM_ACTIVE_CONNECTION_INT_CONNECTION, connection, - NM_ACTIVE_CONNECTION_INT_DEVICE, device, - NM_ACTIVE_CONNECTION_SPECIFIC_OBJECT, specific_object, - NM_ACTIVE_CONNECTION_INT_USER_REQUESTED, user_requested, - NM_ACTIVE_CONNECTION_INT_USER_UID, user_uid, - NM_ACTIVE_CONNECTION_INT_MASTER, master, - NULL); - if (object) - NM_ACT_REQUEST_GET_PRIVATE (object)->dbus_sender = g_strdup (dbus_sender); - - return (NMActRequest *) object; + return (NMActRequest *) g_object_new (NM_TYPE_ACT_REQUEST, + NM_ACTIVE_CONNECTION_INT_CONNECTION, connection, + NM_ACTIVE_CONNECTION_INT_DEVICE, device, + NM_ACTIVE_CONNECTION_SPECIFIC_OBJECT, specific_object, + NM_ACTIVE_CONNECTION_INT_SUBJECT, subject, + NM_ACTIVE_CONNECTION_INT_MASTER, master, + NULL); } static void @@ -445,9 +424,6 @@ dispose (GObject *object) g_slist_free (priv->secrets_calls); priv->secrets_calls = NULL; - g_free (priv->dbus_sender); - priv->dbus_sender = NULL; - G_OBJECT_CLASS (nm_act_request_parent_class)->dispose (object); } diff --git a/src/nm-activation-request.h b/src/nm-activation-request.h index cd645ce9c2..2d5d864b2c 100644 --- a/src/nm-activation-request.h +++ b/src/nm-activation-request.h @@ -48,18 +48,12 @@ GType nm_act_request_get_type (void); NMActRequest *nm_act_request_new (NMConnection *connection, const char *specific_object, - gboolean user_requested, - gulong user_uid, - const char *dbus_sender, + NMAuthSubject *subject, NMDevice *device, NMDevice *master); NMConnection *nm_act_request_get_connection (NMActRequest *req); -gulong nm_act_request_get_user_uid (NMActRequest *req); - -const char *nm_act_request_get_dbus_sender (NMActRequest *req); - gboolean nm_act_request_get_shared (NMActRequest *req); void nm_act_request_set_shared (NMActRequest *req, gboolean shared); diff --git a/src/nm-active-connection.c b/src/nm-active-connection.c index dadb52c5f4..08ac050b2d 100644 --- a/src/nm-active-connection.c +++ b/src/nm-active-connection.c @@ -48,8 +48,7 @@ typedef struct { NMActiveConnectionState state; gboolean vpn; - gboolean user_requested; - gulong user_uid; + NMAuthSubject *subject; NMDevice *master; } NMActiveConnectionPrivate; @@ -67,8 +66,7 @@ enum { PROP_INT_CONNECTION, PROP_INT_DEVICE, - PROP_INT_USER_REQUESTED, - PROP_INT_USER_UID, + PROP_INT_SUBJECT, PROP_INT_MASTER, LAST_PROP @@ -216,20 +214,31 @@ nm_active_connection_export (NMActiveConnection *self) nm_dbus_manager_register_object (nm_dbus_manager_get (), priv->path, self); } +NMAuthSubject * +nm_active_connection_get_subject (NMActiveConnection *self) +{ + g_return_val_if_fail (NM_IS_ACTIVE_CONNECTION (self), NULL); + + return NM_ACTIVE_CONNECTION_GET_PRIVATE (self)->subject; +} + gboolean nm_active_connection_get_user_requested (NMActiveConnection *self) { g_return_val_if_fail (NM_IS_ACTIVE_CONNECTION (self), FALSE); - return NM_ACTIVE_CONNECTION_GET_PRIVATE (self)->user_requested; + return !nm_auth_subject_get_internal (NM_ACTIVE_CONNECTION_GET_PRIVATE (self)->subject); } gulong nm_active_connection_get_user_uid (NMActiveConnection *self) { - g_return_val_if_fail (NM_IS_ACTIVE_CONNECTION (self), G_MAXULONG); + NMActiveConnectionPrivate *priv; - return NM_ACTIVE_CONNECTION_GET_PRIVATE (self)->user_uid; + g_return_val_if_fail (NM_IS_ACTIVE_CONNECTION (self), G_MAXULONG); + priv = NM_ACTIVE_CONNECTION_GET_PRIVATE (self); + + return nm_auth_subject_get_uid (priv->subject); } NMDevice * @@ -255,6 +264,13 @@ nm_active_connection_init (NMActiveConnection *self) { } +static void +constructed (GObject *object) +{ + G_OBJECT_CLASS (nm_active_connection_parent_class)->constructed (object); + g_assert (NM_ACTIVE_CONNECTION_GET_PRIVATE (object)->subject); +} + static void set_property (GObject *object, guint prop_id, const GValue *value, GParamSpec *pspec) @@ -273,11 +289,8 @@ set_property (GObject *object, guint prop_id, if (priv->device) g_warn_if_fail (priv->device != priv->master); break; - case PROP_INT_USER_REQUESTED: - priv->user_requested = g_value_get_boolean (value); - break; - case PROP_INT_USER_UID: - priv->user_uid = g_value_get_ulong (value); + case PROP_INT_SUBJECT: + priv->subject = g_value_dup_object (value); break; case PROP_INT_MASTER: g_warn_if_fail (priv->master == NULL); @@ -346,6 +359,9 @@ get_property (GObject *object, guint prop_id, case PROP_MASTER: g_value_set_boxed (value, priv->master ? nm_device_get_path (priv->master) : "/"); break; + case PROP_INT_SUBJECT: + g_value_set_object (value, priv->subject); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -365,6 +381,7 @@ dispose (GObject *object) g_clear_object (&priv->connection); g_clear_object (&priv->device); g_clear_object (&priv->master); + g_clear_object (&priv->subject); G_OBJECT_CLASS (nm_active_connection_parent_class)->dispose (object); } @@ -379,6 +396,7 @@ nm_active_connection_class_init (NMActiveConnectionClass *ac_class) /* virtual methods */ object_class->get_property = get_property; object_class->set_property = set_property; + object_class->constructed = constructed; object_class->dispose = dispose; /* D-Bus exported properties */ @@ -462,19 +480,12 @@ nm_active_connection_class_init (NMActiveConnectionClass *ac_class) NM_TYPE_DEVICE, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); - g_object_class_install_property (object_class, PROP_INT_USER_REQUESTED, - g_param_spec_boolean (NM_ACTIVE_CONNECTION_INT_USER_REQUESTED, - "User requested", - "User requested", - FALSE, - G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); - - g_object_class_install_property (object_class, PROP_INT_USER_UID, - g_param_spec_ulong (NM_ACTIVE_CONNECTION_INT_USER_UID, - "User UID", - "User UID (if user requested)", - 0, G_MAXULONG, 0, - G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); + g_object_class_install_property (object_class, PROP_INT_SUBJECT, + g_param_spec_object (NM_ACTIVE_CONNECTION_INT_SUBJECT, + "Subject", + "Subject", + NM_TYPE_AUTH_SUBJECT, + G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); g_object_class_install_property (object_class, PROP_INT_MASTER, g_param_spec_object (NM_ACTIVE_CONNECTION_INT_MASTER, diff --git a/src/nm-active-connection.h b/src/nm-active-connection.h index 96bbfedd75..3d3585e4fd 100644 --- a/src/nm-active-connection.h +++ b/src/nm-active-connection.h @@ -24,6 +24,7 @@ #include #include "nm-types.h" #include "nm-connection.h" +#include "nm-auth-subject.h" #define NM_TYPE_ACTIVE_CONNECTION (nm_active_connection_get_type ()) #define NM_ACTIVE_CONNECTION(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_ACTIVE_CONNECTION, NMActiveConnection)) @@ -46,8 +47,7 @@ /* Internal non-exported construct-time properties */ #define NM_ACTIVE_CONNECTION_INT_CONNECTION "int-connection" #define NM_ACTIVE_CONNECTION_INT_DEVICE "int-device" -#define NM_ACTIVE_CONNECTION_INT_USER_REQUESTED "int-user-requested" -#define NM_ACTIVE_CONNECTION_INT_USER_UID "int-user-uid" +#define NM_ACTIVE_CONNECTION_INT_SUBJECT "int-subject" #define NM_ACTIVE_CONNECTION_INT_MASTER "int-master" @@ -91,6 +91,8 @@ void nm_active_connection_set_state (NMActiveConnection *self, NMDevice * nm_active_connection_get_device (NMActiveConnection *self); +NMAuthSubject *nm_active_connection_get_subject (NMActiveConnection *self); + gboolean nm_active_connection_get_user_requested (NMActiveConnection *self); gulong nm_active_connection_get_user_uid (NMActiveConnection *self); diff --git a/src/nm-manager.c b/src/nm-manager.c index 3b0e4dcc04..dd732f8ca1 100644 --- a/src/nm-manager.c +++ b/src/nm-manager.c @@ -160,9 +160,7 @@ static NMActiveConnection *internal_activate_device (NMManager *manager, NMDevice *device, NMConnection *connection, const char *specific_object, - gboolean user_requested, - gulong sender_uid, - const char *dbus_sender, + NMAuthSubject *subject, gboolean assumed, NMActiveConnection *master, GError **error); @@ -2049,12 +2047,14 @@ add_device (NMManager *self, NMDevice *device) /* If the device has a connection it can assume, do that now */ if (connection && nm_device_can_activate (device, connection)) { NMActiveConnection *ac; + NMAuthSubject *subject; GError *error = NULL; nm_log_dbg (LOGD_DEVICE, "(%s): will attempt to assume connection", nm_device_get_iface (device)); - ac = internal_activate_device (self, device, connection, NULL, FALSE, 0, NULL, TRUE, NULL, &error); + subject = nm_auth_subject_new_internal (); + ac = internal_activate_device (self, device, connection, NULL, subject, TRUE, NULL, &error); if (ac) active_connection_add (self, ac); else { @@ -2064,6 +2064,7 @@ add_device (NMManager *self, NMDevice *device) error && error->message ? error->message : "(unknown)"); g_error_free (error); } + g_object_unref (subject); } } @@ -2526,9 +2527,7 @@ internal_activate_device (NMManager *manager, NMDevice *device, NMConnection *connection, const char *specific_object, - gboolean user_requested, - gulong sender_uid, - const char *dbus_sender, + NMAuthSubject *subject, gboolean assumed, NMActiveConnection *master, GError **error) @@ -2539,6 +2538,7 @@ internal_activate_device (NMManager *manager, g_return_val_if_fail (NM_IS_MANAGER (manager), NULL); g_return_val_if_fail (NM_IS_DEVICE (device), NULL); g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL); + g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), NULL); /* Ensure the requested connection is compatible with the device */ if (!nm_device_check_connection_compatible (device, connection, error)) @@ -2558,9 +2558,7 @@ internal_activate_device (NMManager *manager, req = nm_act_request_new (connection, specific_object, - user_requested, - sender_uid, - dbus_sender, + subject, device, master_device); g_assert (req); @@ -2681,9 +2679,7 @@ is_compatible_with_slave (NMConnection *master, NMConnection *slave) * ensure_master_active_connection: * * @self: the #NMManager - * @dbus_sender: if the request was initiated by a user via D-Bus, the - * dbus sender name of the client that requested the activation; for auto - * activated connections use %NULL + * @subject: the #NMAuthSubject representing the requestor of this activation * @connection: the connection that should depend on @master_connection * @device: the #NMDevice, if any, which will activate @connection * @master_connection: the master connection @@ -2698,7 +2694,7 @@ is_compatible_with_slave (NMConnection *master, NMConnection *slave) */ static NMActiveConnection * ensure_master_active_connection (NMManager *self, - const char *dbus_sender, + NMAuthSubject *subject, NMConnection *connection, NMDevice *device, NMConnection *master_connection, @@ -2754,7 +2750,7 @@ ensure_master_active_connection (NMManager *self, candidate, NULL, master_device, - dbus_sender, + subject, error); if (!master_ac) g_prefix_error (error, "%s", "Master device activation failed: "); @@ -2802,7 +2798,7 @@ ensure_master_active_connection (NMManager *self, master_connection, NULL, candidate, - dbus_sender, + subject, error); if (!master_ac) g_prefix_error (error, "%s", "Master device activation failed: "); @@ -2817,7 +2813,7 @@ ensure_master_active_connection (NMManager *self, master_connection, NULL, NULL, - dbus_sender, + subject, error); if (!master_ac) g_prefix_error (error, "%s", "Master device activation failed: "); @@ -2839,8 +2835,7 @@ static NMActiveConnection * activate_vpn_connection (NMManager *self, NMConnection *connection, const char *specific_object, - gboolean user_requested, - gulong sender_uid, + NMAuthSubject *subject, GError **error) { NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self); @@ -2885,8 +2880,7 @@ activate_vpn_connection (NMManager *self, vpn = nm_vpn_connection_new (connection, device, nm_active_connection_get_path (parent), - user_requested, - sender_uid); + subject); g_assert (vpn); success = nm_vpn_manager_activate_connection (priv->vpn_manager, vpn, error); if (!success) @@ -2900,48 +2894,37 @@ nm_manager_activate_connection (NMManager *manager, NMConnection *connection, const char *specific_object, NMDevice *device, - const char *dbus_sender, + NMAuthSubject *subject, GError **error) { NMManagerPrivate *priv; - gulong sender_uid = G_MAXULONG; char *iface; NMDevice *master_device = NULL; NMConnection *master_connection = NULL; NMActiveConnection *master_ac = NULL, *ac = NULL; gboolean matched; + gboolean user_requested; g_return_val_if_fail (manager != NULL, NULL); g_return_val_if_fail (connection != NULL, NULL); + g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), NULL); g_return_val_if_fail (error != NULL, NULL); g_return_val_if_fail (*error == NULL, NULL); priv = NM_MANAGER_GET_PRIVATE (manager); - /* Get the UID of the user that originated the request, if any */ - if (dbus_sender) { - if (!nm_dbus_manager_get_unix_user (priv->dbus_mgr, dbus_sender, &sender_uid)) { - g_set_error_literal (error, - NM_MANAGER_ERROR, NM_MANAGER_ERROR_PERMISSION_DENIED, - "Failed to get unix user for dbus sender"); - return NULL; - } - } else { - /* No sender means an internal/automatic activation request */ - sender_uid = 0; - } - /* VPN ? */ if (nm_connection_is_type (connection, NM_SETTING_VPN_SETTING_NAME)) { ac = activate_vpn_connection (manager, connection, specific_object, - !!dbus_sender, - sender_uid, + subject, error); goto activated; } + user_requested = !nm_auth_subject_get_internal (subject); + /* Device-based connection */ if (device) { /* If it's a virtual interface make sure the device given by the @@ -2990,7 +2973,7 @@ nm_manager_activate_connection (NMManager *manager, * at this time (the device was manually disconnected/deleted before) */ if (!nm_manager_can_device_auto_connect (manager, iface)) { - if (dbus_sender) { + if (user_requested) { /* Manual activation - allow device auto-activation again */ nm_manager_prevent_device_auto_connect (manager, iface, FALSE); } else { @@ -3034,7 +3017,7 @@ nm_manager_activate_connection (NMManager *manager, /* If this is an autoconnect request, but the device isn't allowing autoconnect * right now, we reject it. */ - if (!dbus_sender && !nm_device_autoconnect_allowed (device)) { + if (!user_requested && !nm_device_autoconnect_allowed (device)) { g_set_error (error, NM_MANAGER_ERROR, NM_MANAGER_ERROR_AUTOCONNECT_NOT_ALLOWED, "%s does not allow automatic connections at this time", nm_device_get_iface (device)); @@ -3073,7 +3056,7 @@ nm_manager_activate_connection (NMManager *manager, } master_ac = ensure_master_active_connection (manager, - dbus_sender, + subject, connection, device, master_connection, @@ -3094,9 +3077,7 @@ nm_manager_activate_connection (NMManager *manager, device, connection, specific_object, - dbus_sender ? TRUE : FALSE, - dbus_sender ? sender_uid : 0, - dbus_sender, + subject, FALSE, master_ac, error); @@ -3126,7 +3107,7 @@ pending_activate (PendingActivation *pending, NM_CONNECTION (new_connection) : pending->connection, pending->specific_object_path, pending->device, - nm_auth_subject_get_dbus_sender (pending->subject), + pending->subject, &local); if (!ac) { nm_log_warn (LOGD_CORE, "connection %s failed to activate: (%d) %s", diff --git a/src/nm-manager.h b/src/nm-manager.h index 6baf6f4d90..5f848688d9 100644 --- a/src/nm-manager.h +++ b/src/nm-manager.h @@ -27,6 +27,7 @@ #include #include "nm-device.h" #include "nm-settings.h" +#include "nm-auth-subject.h" #define NM_TYPE_MANAGER (nm_manager_get_type ()) #define NM_MANAGER(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_MANAGER, NMManager)) @@ -117,7 +118,7 @@ NMActiveConnection *nm_manager_activate_connection (NMManager *manager, NMConnection *connection, const char *specific_object, NMDevice *device, - const char *dbus_sender, /* NULL if automatic */ + NMAuthSubject *subject, GError **error); gboolean nm_manager_deactivate_connection (NMManager *manager, diff --git a/src/nm-policy.c b/src/nm-policy.c index 9f1db55cfb..9f480032e2 100644 --- a/src/nm-policy.c +++ b/src/nm-policy.c @@ -1034,14 +1034,16 @@ auto_activate_device (gpointer user_data) best_connection = nm_device_get_best_auto_connection (data->device, connections, &specific_object); if (best_connection) { GError *error = NULL; + NMAuthSubject *subject; nm_log_info (LOGD_DEVICE, "Auto-activating connection '%s'.", nm_connection_get_id (best_connection)); + subject = nm_auth_subject_new_internal (); if (!nm_manager_activate_connection (priv->manager, best_connection, specific_object, data->device, - NULL, + subject, &error)) { nm_log_info (LOGD_DEVICE, "Connection '%s' auto-activation failed: (%d) %s", nm_connection_get_id (best_connection), @@ -1049,6 +1051,7 @@ auto_activate_device (gpointer user_data) error ? error->message : "(none)"); g_error_free (error); } + g_object_unref (subject); } g_slist_free (connections); @@ -1358,7 +1361,7 @@ activate_secondary_connections (NMPolicy *policy, NM_CONNECTION (settings_con), nm_active_connection_get_path (NM_ACTIVE_CONNECTION (req)), device, - nm_act_request_get_dbus_sender (req), + nm_active_connection_get_subject (NM_ACTIVE_CONNECTION (req)), &error); if (ac) { secondary_ac_list = g_slist_append (secondary_ac_list, diff --git a/src/vpn-manager/nm-vpn-connection.c b/src/vpn-manager/nm-vpn-connection.c index a3a30e9ae8..129123acdb 100644 --- a/src/vpn-manager/nm-vpn-connection.c +++ b/src/vpn-manager/nm-vpn-connection.c @@ -400,8 +400,7 @@ NMVPNConnection * nm_vpn_connection_new (NMConnection *connection, NMDevice *parent_device, const char *specific_object, - gboolean user_requested, - gulong user_uid) + NMAuthSubject *subject) { g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL); g_return_val_if_fail (NM_IS_DEVICE (parent_device), NULL); @@ -410,8 +409,7 @@ nm_vpn_connection_new (NMConnection *connection, NM_ACTIVE_CONNECTION_INT_CONNECTION, connection, NM_ACTIVE_CONNECTION_INT_DEVICE, parent_device, NM_ACTIVE_CONNECTION_SPECIFIC_OBJECT, specific_object, - NM_ACTIVE_CONNECTION_INT_USER_REQUESTED, user_requested, - NM_ACTIVE_CONNECTION_INT_USER_UID, user_uid, + NM_ACTIVE_CONNECTION_INT_SUBJECT, subject, NM_ACTIVE_CONNECTION_VPN, TRUE, NULL); } diff --git a/src/vpn-manager/nm-vpn-connection.h b/src/vpn-manager/nm-vpn-connection.h index bf5433456d..d0554faee2 100644 --- a/src/vpn-manager/nm-vpn-connection.h +++ b/src/vpn-manager/nm-vpn-connection.h @@ -26,6 +26,7 @@ #include #include "NetworkManagerVPN.h" #include "nm-device.h" +#include "nm-auth-subject.h" #define NM_TYPE_VPN_CONNECTION (nm_vpn_connection_get_type ()) #define NM_VPN_CONNECTION(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_VPN_CONNECTION, NMVPNConnection)) @@ -67,8 +68,7 @@ GType nm_vpn_connection_get_type (void); NMVPNConnection * nm_vpn_connection_new (NMConnection *connection, NMDevice *parent_device, const char *specific_object, - gboolean user_requested, - gulong user_uid); + NMAuthSubject *subject); void nm_vpn_connection_activate (NMVPNConnection *connection); NMConnection * nm_vpn_connection_get_connection (NMVPNConnection *connection);