mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2026-01-04 04:00:17 +01:00
core: consolidate all permissions checking into main D-Bus interface
Moves the system settings permissions checking into the core service's permissions checking, which at the same time enables 3-way permission reporting (yes, no, auth) instead of the old yes/no that we had for system settings permissions before. This allows UI to show a lock icon or such when the user could authenticate to gain the permission. It also moves the wifi-create permissions' namespace to the main namespace (not .settings) since they really should be checked before starting a shared wifi connection, rather than having anything to do with the settings service.
This commit is contained in:
Dan Williams
parent
022d8e665c
commit
3945f75bda
12 changed files with 79 additions and 391 deletions
|
|
@ -44,19 +44,6 @@
|
|||
</arg>
|
||||
</method>
|
||||
|
||||
<method name="GetPermissions">
|
||||
<tp:docstring>
|
||||
Returns a bitfield indicating certain operations the caller is permitted to perform. Some of these operations may require authorization by the user.
|
||||
</tp:docstring>
|
||||
<annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_settings_get_permissions"/>
|
||||
<annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
|
||||
<arg name="permissions" type="u" direction="out" tp:type="NM_SETTINGS_PERMISSIONS">
|
||||
<tp:docstring>
|
||||
A bitfield of permitted operations. Some of these operations may require the user to authorize via password entry or other means.
|
||||
</tp:docstring>
|
||||
</arg>
|
||||
</method>
|
||||
|
||||
<property name="Hostname" type="s" access="read">
|
||||
<tp:docstring>
|
||||
The machine hostname stored in persistent configuration.
|
||||
|
|
@ -77,12 +64,6 @@
|
|||
</arg>
|
||||
</signal>
|
||||
|
||||
<signal name="CheckPermissions">
|
||||
<tp:docstring>
|
||||
Emitted when system authorization details change, indicating that clients may wish to recheck permissions with GetPermissions.
|
||||
</tp:docstring>
|
||||
</signal>
|
||||
|
||||
<signal name="NewConnection">
|
||||
<tp:docstring>
|
||||
Emitted when a new connection has been added.
|
||||
|
|
@ -94,24 +75,6 @@
|
|||
</arg>
|
||||
</signal>
|
||||
|
||||
<tp:flags name="NM_SETTINGS_PERMISSIONS" value-prefix="NM_SETTINGS_PERMISSION" type="u">
|
||||
<tp:flag suffix="NONE" value="0x0">
|
||||
<tp:docstring>No permissions.</tp:docstring>
|
||||
</tp:flag>
|
||||
<tp:flag suffix="CONNECTION_MODIFY" value="0x1">
|
||||
<tp:docstring>Can modify/add/delete connections.</tp:docstring>
|
||||
</tp:flag>
|
||||
<tp:flag suffix="WIFI_SHARING_PROTECTED" value="0x2">
|
||||
<tp:docstring>Can share connections via a encrypted user-created WiFi network.</tp:docstring>
|
||||
</tp:flag>
|
||||
<tp:flag suffix="WIFI_SHARING_OPEN" value="0x4">
|
||||
<tp:docstring>Can share connections via a open/unencrypted user-created WiFi network.</tp:docstring>
|
||||
</tp:flag>
|
||||
<tp:flag suffix="HOSTNAME_MODIFY" value="0x8">
|
||||
<tp:docstring>Can modify the persistent system hostname.</tp:docstring>
|
||||
</tp:flag>
|
||||
</tp:flags>
|
||||
|
||||
</interface>
|
||||
</node>
|
||||
|
||||
|
|
|
|||
|
|
@ -290,9 +290,15 @@ register_for_property_changed (NMClient *client)
|
|||
property_changed_info);
|
||||
}
|
||||
|
||||
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network"
|
||||
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI "org.freedesktop.NetworkManager.enable-disable-wifi"
|
||||
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN "org.freedesktop.NetworkManager.enable-disable-wwan"
|
||||
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network"
|
||||
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI "org.freedesktop.NetworkManager.enable-disable-wifi"
|
||||
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN "org.freedesktop.NetworkManager.enable-disable-wwan"
|
||||
#define NM_AUTH_PERMISSION_SLEEP_WAKE "org.freedesktop.NetworkManager.sleep-wake"
|
||||
#define NM_AUTH_PERMISSION_NETWORK_CONTROL "org.freedesktop.NetworkManager.network-control"
|
||||
#define NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED "org.freedesktop.NetworkManager.wifi.share.protected"
|
||||
#define NM_AUTH_PERMISSION_WIFI_SHARE_OPEN "org.freedesktop.NetworkManager.wifi.share.open"
|
||||
#define NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY "org.freedesktop.NetworkManager.settings.modify"
|
||||
#define NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY "org.freedesktop.NetworkManager.settings.hostname.modify"
|
||||
|
||||
static NMClientPermission
|
||||
nm_permission_to_client (const char *nm)
|
||||
|
|
@ -303,6 +309,19 @@ nm_permission_to_client (const char *nm)
|
|||
return NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIFI;
|
||||
else if (!strcmp (nm, NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN))
|
||||
return NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN;
|
||||
else if (!strcmp (nm, NM_AUTH_PERMISSION_SLEEP_WAKE))
|
||||
return NM_CLIENT_PERMISSION_SLEEP_WAKE;
|
||||
else if (!strcmp (nm, NM_AUTH_PERMISSION_NETWORK_CONTROL))
|
||||
return NM_CLIENT_PERMISSION_NETWORK_CONTROL;
|
||||
else if (!strcmp (nm, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED))
|
||||
return NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED;
|
||||
else if (!strcmp (nm, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN))
|
||||
return NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN;
|
||||
else if (!strcmp (nm, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY))
|
||||
return NM_CLIENT_PERMISSION_SETTINGS_CONNECTION_MODIFY;
|
||||
else if (!strcmp (nm, NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY))
|
||||
return NM_CLIENT_PERMISSION_SETTINGS_HOSTNAME_MODIFY;
|
||||
|
||||
return NM_CLIENT_PERMISSION_NONE;
|
||||
}
|
||||
|
||||
|
|
@ -461,9 +480,9 @@ constructor (GType type,
|
|||
get_permissions_sync (NM_CLIENT (object));
|
||||
|
||||
priv->bus_proxy = dbus_g_proxy_new_for_name (connection,
|
||||
"org.freedesktop.DBus",
|
||||
"/org/freedesktop/DBus",
|
||||
"org.freedesktop.DBus");
|
||||
DBUS_SERVICE_DBUS,
|
||||
DBUS_PATH_DBUS,
|
||||
DBUS_INTERFACE_DBUS);
|
||||
|
||||
dbus_g_proxy_add_signal (priv->bus_proxy, "NameOwnerChanged",
|
||||
G_TYPE_STRING, G_TYPE_STRING, G_TYPE_STRING,
|
||||
|
|
|
|||
|
|
@ -56,8 +56,14 @@ typedef enum {
|
|||
NM_CLIENT_PERMISSION_ENABLE_DISABLE_NETWORK = 1,
|
||||
NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIFI = 2,
|
||||
NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN = 3,
|
||||
NM_CLIENT_PERMISSION_SLEEP_WAKE = 4,
|
||||
NM_CLIENT_PERMISSION_NETWORK_CONTROL = 5,
|
||||
NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED = 6,
|
||||
NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN = 7,
|
||||
NM_CLIENT_PERMISSION_SETTINGS_CONNECTION_MODIFY = 8,
|
||||
NM_CLIENT_PERMISSION_SETTINGS_HOSTNAME_MODIFY = 9,
|
||||
|
||||
NM_CLIENT_PERMISSION_LAST = NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN
|
||||
NM_CLIENT_PERMISSION_LAST = NM_CLIENT_PERMISSION_SETTINGS_HOSTNAME_MODIFY
|
||||
} NMClientPermission;
|
||||
|
||||
typedef enum {
|
||||
|
|
|
|||
|
|
@ -44,8 +44,6 @@ typedef struct {
|
|||
gboolean service_running;
|
||||
|
||||
DBusGProxy *props_proxy;
|
||||
NMSettingsPermissions permissions;
|
||||
gboolean have_permissions;
|
||||
char *hostname;
|
||||
gboolean can_modify;
|
||||
|
||||
|
|
@ -70,7 +68,6 @@ enum {
|
|||
enum {
|
||||
NEW_CONNECTION,
|
||||
CONNECTIONS_READ,
|
||||
CHECK_PERMISSIONS,
|
||||
|
||||
LAST_SIGNAL
|
||||
};
|
||||
|
|
@ -412,77 +409,6 @@ nm_remote_settings_save_hostname (NMRemoteSettings *settings,
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
typedef struct {
|
||||
NMRemoteSettings *settings;
|
||||
NMRemoteSettingsGetPermissionsFunc callback;
|
||||
gpointer callback_data;
|
||||
} GetPermissionsInfo;
|
||||
|
||||
static void
|
||||
get_permissions_cb (DBusGProxy *proxy,
|
||||
DBusGProxyCall *call,
|
||||
gpointer user_data)
|
||||
{
|
||||
GetPermissionsInfo *info = user_data;
|
||||
NMRemoteSettings *self = NM_REMOTE_SETTINGS (info->settings);
|
||||
NMRemoteSettingsPrivate *priv = NM_REMOTE_SETTINGS_GET_PRIVATE (self);
|
||||
NMSettingsPermissions permissions = NM_SETTINGS_PERMISSION_NONE;
|
||||
GError *error = NULL;
|
||||
|
||||
dbus_g_proxy_end_call (proxy, call, &error,
|
||||
G_TYPE_UINT, &permissions,
|
||||
G_TYPE_INVALID);
|
||||
priv->permissions = permissions;
|
||||
priv->have_permissions = !error;
|
||||
info->callback (info->settings, permissions, error, info->callback_data);
|
||||
g_clear_error (&error);
|
||||
}
|
||||
|
||||
/**
|
||||
* nm_remote_settings_get_permissions:
|
||||
* @settings: the %NMRemoteSettings
|
||||
* @callback: callback to be called when the permissions operation completes
|
||||
* @user_data: caller-specific data passed to @callback
|
||||
*
|
||||
* Requests an indication of the operations the caller is permitted to perform
|
||||
* including those that may require authorization.
|
||||
*
|
||||
* Returns: TRUE if the request was successful, FALSE if it failed
|
||||
**/
|
||||
gboolean
|
||||
nm_remote_settings_get_permissions (NMRemoteSettings *settings,
|
||||
NMRemoteSettingsGetPermissionsFunc callback,
|
||||
gpointer user_data)
|
||||
{
|
||||
NMRemoteSettingsPrivate *priv;
|
||||
GetPermissionsInfo *info;
|
||||
|
||||
g_return_val_if_fail (settings != NULL, FALSE);
|
||||
g_return_val_if_fail (NM_IS_REMOTE_SETTINGS (settings), FALSE);
|
||||
g_return_val_if_fail (callback != NULL, FALSE);
|
||||
|
||||
priv = NM_REMOTE_SETTINGS_GET_PRIVATE (settings);
|
||||
|
||||
/* Skip D-Bus if we already have permissions */
|
||||
if (priv->have_permissions) {
|
||||
callback (settings, priv->permissions, NULL, user_data);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/* Otherwise fetch them from NM */
|
||||
info = g_malloc0 (sizeof (GetPermissionsInfo));
|
||||
info->settings = settings;
|
||||
info->callback = callback;
|
||||
info->callback_data = user_data;
|
||||
|
||||
dbus_g_proxy_begin_call (priv->proxy, "GetPermissions",
|
||||
get_permissions_cb,
|
||||
info,
|
||||
g_free,
|
||||
G_TYPE_INVALID);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
static void
|
||||
name_owner_changed (DBusGProxy *proxy,
|
||||
const char *name,
|
||||
|
|
@ -509,17 +435,6 @@ name_owner_changed (DBusGProxy *proxy,
|
|||
}
|
||||
}
|
||||
|
||||
static void
|
||||
check_permissions_cb (DBusGProxy *proxy, gpointer user_data)
|
||||
{
|
||||
NMRemoteSettings *self = NM_REMOTE_SETTINGS (user_data);
|
||||
NMRemoteSettingsPrivate *priv = NM_REMOTE_SETTINGS_GET_PRIVATE (self);
|
||||
|
||||
/* Permissions need to be re-fetched */
|
||||
priv->have_permissions = FALSE;
|
||||
g_signal_emit (self, signals[CHECK_PERMISSIONS], 0);
|
||||
}
|
||||
|
||||
static void
|
||||
properties_changed_cb (DBusGProxy *proxy,
|
||||
GHashTable *properties,
|
||||
|
|
@ -690,13 +605,6 @@ constructor (GType type,
|
|||
object,
|
||||
NULL);
|
||||
|
||||
/* Monitor for permissions changes */
|
||||
dbus_g_proxy_add_signal (priv->proxy, "CheckPermissions", G_TYPE_INVALID);
|
||||
dbus_g_proxy_connect_signal (priv->proxy, "CheckPermissions",
|
||||
G_CALLBACK (check_permissions_cb),
|
||||
object,
|
||||
NULL);
|
||||
|
||||
/* Get properties */
|
||||
dbus_g_proxy_begin_call (priv->props_proxy, "GetAll",
|
||||
get_all_cb,
|
||||
|
|
@ -843,14 +751,5 @@ nm_remote_settings_class_init (NMRemoteSettingsClass *class)
|
|||
NULL, NULL,
|
||||
g_cclosure_marshal_VOID__VOID,
|
||||
G_TYPE_NONE, 0);
|
||||
|
||||
signals[CHECK_PERMISSIONS] =
|
||||
g_signal_new (NM_REMOTE_SETTINGS_CHECK_PERMISSIONS,
|
||||
G_OBJECT_CLASS_TYPE (object_class),
|
||||
G_SIGNAL_RUN_FIRST,
|
||||
G_STRUCT_OFFSET (NMRemoteSettingsClass, check_permissions),
|
||||
NULL, NULL,
|
||||
g_cclosure_marshal_VOID__VOID,
|
||||
G_TYPE_NONE, 0);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -31,15 +31,6 @@
|
|||
|
||||
G_BEGIN_DECLS
|
||||
|
||||
// FIXME this is temporary, permissions format to be improved
|
||||
typedef enum {
|
||||
NM_SETTINGS_PERMISSION_NONE = 0x0,
|
||||
NM_SETTINGS_PERMISSION_CONNECTION_MODIFY = 0x1,
|
||||
NM_SETTINGS_PERMISSION_WIFI_SHARE_PROTECTED = 0x2,
|
||||
NM_SETTINGS_PERMISSION_WIFI_SHARE_OPEN = 0x4,
|
||||
NM_SETTINGS_PERMISSION_HOSTNAME_MODIFY = 0x8
|
||||
} NMSettingsPermissions;
|
||||
|
||||
#define NM_TYPE_REMOTE_SETTINGS (nm_remote_settings_get_type ())
|
||||
#define NM_REMOTE_SETTINGS(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_REMOTE_SETTINGS, NMRemoteSettings))
|
||||
#define NM_REMOTE_SETTINGS_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_REMOTE_SETTINGS, NMRemoteSettingsClass))
|
||||
|
|
@ -54,7 +45,6 @@ typedef enum {
|
|||
|
||||
#define NM_REMOTE_SETTINGS_NEW_CONNECTION "new-connection"
|
||||
#define NM_REMOTE_SETTINGS_CONNECTIONS_READ "connections-read"
|
||||
#define NM_REMOTE_SETTINGS_CHECK_PERMISSIONS "check-permissions"
|
||||
|
||||
typedef struct _NMRemoteSettings NMRemoteSettings;
|
||||
typedef struct _NMRemoteSettingsClass NMRemoteSettingsClass;
|
||||
|
|
@ -68,11 +58,6 @@ typedef void (*NMRemoteSettingsSaveHostnameFunc) (NMRemoteSettings *settings,
|
|||
GError *error,
|
||||
gpointer user_data);
|
||||
|
||||
typedef void (*NMRemoteSettingsGetPermissionsFunc) (NMRemoteSettings *settings,
|
||||
NMSettingsPermissions permissions,
|
||||
GError *error,
|
||||
gpointer user_data);
|
||||
|
||||
|
||||
struct _NMRemoteSettings {
|
||||
GObject parent;
|
||||
|
|
@ -87,8 +72,6 @@ struct _NMRemoteSettingsClass {
|
|||
|
||||
void (*connections_read) (NMRemoteSettings *settings);
|
||||
|
||||
void (*check_permissions) (NMRemoteSettings *settings);
|
||||
|
||||
/* Padding for future expansion */
|
||||
void (*_reserved1) (void);
|
||||
void (*_reserved2) (void);
|
||||
|
|
@ -117,10 +100,6 @@ gboolean nm_remote_settings_save_hostname (NMRemoteSettings *settings,
|
|||
NMRemoteSettingsSaveHostnameFunc callback,
|
||||
gpointer user_data);
|
||||
|
||||
gboolean nm_remote_settings_get_permissions (NMRemoteSettings *settings,
|
||||
NMRemoteSettingsGetPermissionsFunc callback,
|
||||
gpointer user_data);
|
||||
|
||||
G_END_DECLS
|
||||
|
||||
#endif /* NM_REMOTE_SETTINGS_H */
|
||||
|
|
|
|||
|
|
@ -54,6 +54,24 @@
|
|||
</defaults>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.NetworkManager.wifi.share.protected">
|
||||
<_description>Connection sharing via a protected WiFi network</_description>
|
||||
<_message>System policy prevents sharing connections via a protected WiFi network</_message>
|
||||
<defaults>
|
||||
<allow_inactive>no</allow_inactive>
|
||||
<allow_active>yes</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.NetworkManager.wifi.share.open">
|
||||
<_description>Connection sharing via an open WiFi network</_description>
|
||||
<_message>System policy prevents sharing connections via an open WiFi network</_message>
|
||||
<defaults>
|
||||
<allow_inactive>no</allow_inactive>
|
||||
<allow_active>yes</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.NetworkManager.settings.modify">
|
||||
<_description>Modify system connections</_description>
|
||||
<_message>System policy prevents modification of system settings</_message>
|
||||
|
|
@ -72,23 +90,5 @@
|
|||
</defaults>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.NetworkManager.settings.wifi.share.protected">
|
||||
<_description>Connection sharing via a protected WiFi network</_description>
|
||||
<_message>System policy prevents sharing connections via a protected WiFi network</_message>
|
||||
<defaults>
|
||||
<allow_inactive>no</allow_inactive>
|
||||
<allow_active>yes</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.NetworkManager.settings.wifi.share.open">
|
||||
<_description>Connection sharing via an open WiFi network</_description>
|
||||
<_message>System policy prevents sharing connections via an open WiFi network</_message>
|
||||
<defaults>
|
||||
<allow_inactive>no</allow_inactive>
|
||||
<allow_active>yes</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
|
||||
</policyconfig>
|
||||
|
||||
|
|
|
|||
|
|
@ -27,11 +27,15 @@
|
|||
|
||||
#include "nm-dbus-manager.h"
|
||||
|
||||
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network"
|
||||
#define NM_AUTH_PERMISSION_SLEEP_WAKE "org.freedesktop.NetworkManager.sleep-wake"
|
||||
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI "org.freedesktop.NetworkManager.enable-disable-wifi"
|
||||
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN "org.freedesktop.NetworkManager.enable-disable-wwan"
|
||||
#define NM_AUTH_PERMISSION_NETWORK_CONTROL "org.freedesktop.NetworkManager.network-control"
|
||||
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network"
|
||||
#define NM_AUTH_PERMISSION_SLEEP_WAKE "org.freedesktop.NetworkManager.sleep-wake"
|
||||
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI "org.freedesktop.NetworkManager.enable-disable-wifi"
|
||||
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN "org.freedesktop.NetworkManager.enable-disable-wwan"
|
||||
#define NM_AUTH_PERMISSION_NETWORK_CONTROL "org.freedesktop.NetworkManager.network-control"
|
||||
#define NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED "org.freedesktop.NetworkManager.wifi.share.protected"
|
||||
#define NM_AUTH_PERMISSION_WIFI_SHARE_OPEN "org.freedesktop.NetworkManager.wifi.share.open"
|
||||
#define NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY "org.freedesktop.NetworkManager.settings.modify"
|
||||
#define NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY "org.freedesktop.NetworkManager.settings.hostname.modify"
|
||||
|
||||
|
||||
typedef struct NMAuthChain NMAuthChain;
|
||||
|
|
|
|||
|
|
@ -2735,6 +2735,10 @@ get_permissions_done_cb (NMAuthChain *chain,
|
|||
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI);
|
||||
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN);
|
||||
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_NETWORK_CONTROL);
|
||||
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED);
|
||||
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN);
|
||||
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY);
|
||||
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY);
|
||||
dbus_g_method_return (context, results);
|
||||
g_hash_table_destroy (results);
|
||||
}
|
||||
|
|
@ -2761,6 +2765,10 @@ impl_manager_get_permissions (NMManager *self,
|
|||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI, FALSE);
|
||||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN, FALSE);
|
||||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_NETWORK_CONTROL, FALSE);
|
||||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED, FALSE);
|
||||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN, FALSE);
|
||||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY, FALSE);
|
||||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY, FALSE);
|
||||
}
|
||||
|
||||
/* Legacy 0.6 compatibility interface */
|
||||
|
|
|
|||
|
|
@ -25,11 +25,6 @@
|
|||
#include <config.h>
|
||||
#include <polkit/polkit.h>
|
||||
|
||||
#define NM_SYSCONFIG_POLICY_ACTION_CONNECTION_MODIFY "org.freedesktop.NetworkManager.settings.modify"
|
||||
#define NM_SYSCONFIG_POLICY_ACTION_WIFI_SHARE_PROTECTED "org.freedesktop.NetworkManager.settings.wifi.share.protected"
|
||||
#define NM_SYSCONFIG_POLICY_ACTION_WIFI_SHARE_OPEN "org.freedesktop.NetworkManager.settings.wifi.share.open"
|
||||
#define NM_SYSCONFIG_POLICY_ACTION_HOSTNAME_MODIFY "org.freedesktop.NetworkManager.settings.hostname.modify"
|
||||
|
||||
/* Fix for polkit 0.97 and later */
|
||||
#if !HAVE_POLKIT_AUTHORITY_GET_SYNC
|
||||
static inline PolkitAuthority *
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@
|
|||
#include "nm-dbus-glib-types.h"
|
||||
#include "nm-polkit-helpers.h"
|
||||
#include "nm-logging.h"
|
||||
#include "nm-manager-auth.h"
|
||||
|
||||
static void impl_sysconfig_connection_get_settings (NMSysconfigConnection *connection,
|
||||
DBusGMethodInvocation *context);
|
||||
|
|
@ -717,13 +718,13 @@ auth_get_session_cb (NMSessionInfo *session,
|
|||
g_free (sender);
|
||||
|
||||
polkit_authority_check_authorization (priv->authority,
|
||||
info->subject,
|
||||
NM_SYSCONFIG_POLICY_ACTION_CONNECTION_MODIFY,
|
||||
NULL,
|
||||
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
|
||||
info->cancellable,
|
||||
auth_pk_cb,
|
||||
info);
|
||||
info->subject,
|
||||
NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY,
|
||||
NULL,
|
||||
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
|
||||
info->cancellable,
|
||||
auth_pk_cb,
|
||||
info);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -59,6 +59,7 @@
|
|||
#include "nm-default-wired-connection.h"
|
||||
#include "nm-logging.h"
|
||||
#include "nm-dbus-manager.h"
|
||||
#include "nm-manager-auth.h"
|
||||
|
||||
#define CONFIG_KEY_NO_AUTO_DEFAULT "no-auto-default"
|
||||
|
||||
|
|
@ -92,9 +93,6 @@ static void impl_settings_save_hostname (NMSysconfigSettings *self,
|
|||
const char *hostname,
|
||||
DBusGMethodInvocation *context);
|
||||
|
||||
static void impl_settings_get_permissions (NMSysconfigSettings *self,
|
||||
DBusGMethodInvocation *context);
|
||||
|
||||
#include "nm-settings-glue.h"
|
||||
|
||||
static void unmanaged_specs_changed (NMSystemConfigInterface *config, gpointer user_data);
|
||||
|
|
@ -108,7 +106,6 @@ typedef struct {
|
|||
char *config_file;
|
||||
|
||||
GSList *pk_calls;
|
||||
GSList *permissions_calls;
|
||||
|
||||
GSList *plugins;
|
||||
gboolean connections_loaded;
|
||||
|
|
@ -124,7 +121,6 @@ G_DEFINE_TYPE (NMSysconfigSettings, nm_sysconfig_settings, G_TYPE_OBJECT)
|
|||
enum {
|
||||
PROPERTIES_CHANGED,
|
||||
NEW_CONNECTION,
|
||||
CHECK_PERMISSIONS,
|
||||
|
||||
LAST_SIGNAL
|
||||
};
|
||||
|
|
@ -627,9 +623,6 @@ typedef struct {
|
|||
gpointer callback_data;
|
||||
|
||||
char *hostname;
|
||||
|
||||
NMSettingsPermissions permissions;
|
||||
guint32 permissions_calls;
|
||||
} PolkitCall;
|
||||
|
||||
#include "nm-dbus-manager.h"
|
||||
|
|
@ -799,7 +792,7 @@ impl_settings_add_connection (NMSysconfigSettings *self,
|
|||
g_assert (call);
|
||||
polkit_authority_check_authorization (priv->authority,
|
||||
call->subject,
|
||||
NM_SYSCONFIG_POLICY_ACTION_CONNECTION_MODIFY,
|
||||
NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY,
|
||||
NULL,
|
||||
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
|
||||
call->cancellable,
|
||||
|
|
@ -904,7 +897,7 @@ impl_settings_save_hostname (NMSysconfigSettings *self,
|
|||
g_assert (call);
|
||||
polkit_authority_check_authorization (priv->authority,
|
||||
call->subject,
|
||||
NM_SYSCONFIG_POLICY_ACTION_HOSTNAME_MODIFY,
|
||||
NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY,
|
||||
NULL,
|
||||
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
|
||||
call->cancellable,
|
||||
|
|
@ -913,151 +906,6 @@ impl_settings_save_hostname (NMSysconfigSettings *self,
|
|||
priv->pk_calls = g_slist_append (priv->pk_calls, call);
|
||||
}
|
||||
|
||||
static void
|
||||
pk_authority_changed_cb (GObject *object, gpointer user_data)
|
||||
{
|
||||
/* Let clients know they should re-check their authorization */
|
||||
g_signal_emit (NM_SYSCONFIG_SETTINGS (user_data), signals[CHECK_PERMISSIONS], 0);
|
||||
}
|
||||
|
||||
typedef struct {
|
||||
PolkitCall *pk_call;
|
||||
const char *pk_action;
|
||||
GCancellable *cancellable;
|
||||
NMSettingsPermissions permission;
|
||||
gboolean disposed;
|
||||
} PermissionsCall;
|
||||
|
||||
static void
|
||||
permission_call_done (GObject *object, GAsyncResult *result, gpointer user_data)
|
||||
{
|
||||
PermissionsCall *call = user_data;
|
||||
PolkitCall *pk_call = call->pk_call;
|
||||
NMSysconfigSettings *self = pk_call->self;
|
||||
NMSysconfigSettingsPrivate *priv;
|
||||
PolkitAuthorizationResult *pk_result;
|
||||
GError *error = NULL;
|
||||
|
||||
/* If NMSysconfigSettings is gone, just skip to the end */
|
||||
if (call->disposed)
|
||||
goto done;
|
||||
|
||||
priv = NM_SYSCONFIG_SETTINGS_GET_PRIVATE (self);
|
||||
|
||||
priv->permissions_calls = g_slist_remove (priv->permissions_calls, call);
|
||||
|
||||
pk_result = polkit_authority_check_authorization_finish (priv->authority,
|
||||
result,
|
||||
&error);
|
||||
/* Some random error happened */
|
||||
if (error) {
|
||||
nm_log_err (LOGD_SYS_SET, "error checking '%s' permission: (%d) %s",
|
||||
__FILE__, __LINE__, __func__,
|
||||
call->pk_action,
|
||||
error ? error->code : -1,
|
||||
error && error->message ? error->message : "(unknown)");
|
||||
if (error)
|
||||
g_error_free (error);
|
||||
} else {
|
||||
/* If the caller is authorized, or the caller could authorize via a
|
||||
* challenge, then authorization is possible. Otherwise, caller is out of
|
||||
* luck.
|
||||
*/
|
||||
if ( polkit_authorization_result_get_is_authorized (pk_result)
|
||||
|| polkit_authorization_result_get_is_challenge (pk_result))
|
||||
pk_call->permissions |= call->permission;
|
||||
}
|
||||
|
||||
g_object_unref (pk_result);
|
||||
|
||||
done:
|
||||
pk_call->permissions_calls--;
|
||||
if (pk_call->permissions_calls == 0) {
|
||||
if (call->disposed) {
|
||||
error = g_error_new_literal (NM_SYSCONFIG_SETTINGS_ERROR,
|
||||
NM_SYSCONFIG_SETTINGS_ERROR_GENERAL,
|
||||
"Request was canceled.");
|
||||
dbus_g_method_return_error (pk_call->context, error);
|
||||
g_error_free (error);
|
||||
} else {
|
||||
/* All the permissions calls are done, return the full permissions
|
||||
* bitfield back to the user.
|
||||
*/
|
||||
dbus_g_method_return (pk_call->context, pk_call->permissions);
|
||||
}
|
||||
|
||||
polkit_call_free (pk_call);
|
||||
}
|
||||
memset (call, 0, sizeof (PermissionsCall));
|
||||
g_free (call);
|
||||
}
|
||||
|
||||
static void
|
||||
start_permission_check (NMSysconfigSettings *self,
|
||||
PolkitCall *pk_call,
|
||||
const char *pk_action,
|
||||
NMSettingsPermissions permission)
|
||||
{
|
||||
NMSysconfigSettingsPrivate *priv = NM_SYSCONFIG_SETTINGS_GET_PRIVATE (self);
|
||||
PermissionsCall *call;
|
||||
|
||||
g_return_if_fail (pk_call != NULL);
|
||||
g_return_if_fail (pk_action != NULL);
|
||||
g_return_if_fail (permission != NM_SETTINGS_PERMISSION_NONE);
|
||||
|
||||
call = g_malloc0 (sizeof (PermissionsCall));
|
||||
call->pk_call = pk_call;
|
||||
call->pk_action = pk_action;
|
||||
call->permission = permission;
|
||||
call->cancellable = g_cancellable_new ();
|
||||
|
||||
pk_call->permissions_calls++;
|
||||
|
||||
polkit_authority_check_authorization (priv->authority,
|
||||
pk_call->subject,
|
||||
pk_action,
|
||||
NULL,
|
||||
0,
|
||||
call->cancellable,
|
||||
permission_call_done,
|
||||
call);
|
||||
priv->permissions_calls = g_slist_append (priv->permissions_calls, call);
|
||||
}
|
||||
|
||||
static void
|
||||
impl_settings_get_permissions (NMSysconfigSettings *self,
|
||||
DBusGMethodInvocation *context)
|
||||
{
|
||||
PolkitCall *call;
|
||||
|
||||
call = polkit_call_new (self, context, NULL, FALSE);
|
||||
g_assert (call);
|
||||
|
||||
/* Start checks for the various permissions */
|
||||
|
||||
/* Only check for connection-modify if one of our plugins supports it. */
|
||||
if (get_plugin (self, NM_SYSTEM_CONFIG_INTERFACE_CAP_MODIFY_CONNECTIONS)) {
|
||||
start_permission_check (self, call,
|
||||
NM_SYSCONFIG_POLICY_ACTION_CONNECTION_MODIFY,
|
||||
NM_SETTINGS_PERMISSION_CONNECTION_MODIFY);
|
||||
}
|
||||
|
||||
/* Only check for hostname-modify if one of our plugins supports it. */
|
||||
if (get_plugin (self, NM_SYSTEM_CONFIG_INTERFACE_CAP_MODIFY_HOSTNAME)) {
|
||||
start_permission_check (self, call,
|
||||
NM_SYSCONFIG_POLICY_ACTION_HOSTNAME_MODIFY,
|
||||
NM_SETTINGS_PERMISSION_HOSTNAME_MODIFY);
|
||||
}
|
||||
|
||||
// FIXME: hook these into plugin permissions like the modify permissions */
|
||||
start_permission_check (self, call,
|
||||
NM_SYSCONFIG_POLICY_ACTION_WIFI_SHARE_OPEN,
|
||||
NM_SETTINGS_PERMISSION_WIFI_SHARE_OPEN);
|
||||
start_permission_check (self, call,
|
||||
NM_SYSCONFIG_POLICY_ACTION_WIFI_SHARE_PROTECTED,
|
||||
NM_SETTINGS_PERMISSION_WIFI_SHARE_PROTECTED);
|
||||
}
|
||||
|
||||
static gboolean
|
||||
have_connection_for_device (NMSysconfigSettings *self, GByteArray *mac)
|
||||
{
|
||||
|
|
@ -1440,16 +1288,6 @@ dispose (GObject *object)
|
|||
g_slist_free (priv->pk_calls);
|
||||
priv->pk_calls = NULL;
|
||||
|
||||
/* Cancel PolicyKit permissions requests */
|
||||
for (iter = priv->permissions_calls; iter; iter = g_slist_next (iter)) {
|
||||
PermissionsCall *call = iter->data;
|
||||
|
||||
call->disposed = TRUE;
|
||||
g_cancellable_cancel (call->cancellable);
|
||||
}
|
||||
g_slist_free (priv->permissions_calls);
|
||||
priv->permissions_calls = NULL;
|
||||
|
||||
G_OBJECT_CLASS (nm_sysconfig_settings_parent_class)->dispose (object);
|
||||
}
|
||||
|
||||
|
|
@ -1560,15 +1398,6 @@ nm_sysconfig_settings_class_init (NMSysconfigSettingsClass *class)
|
|||
g_cclosure_marshal_VOID__OBJECT,
|
||||
G_TYPE_NONE, 1, G_TYPE_OBJECT);
|
||||
|
||||
signals[CHECK_PERMISSIONS] =
|
||||
g_signal_new (NM_SYSCONFIG_SETTINGS_CHECK_PERMISSIONS,
|
||||
G_OBJECT_CLASS_TYPE (object_class),
|
||||
G_SIGNAL_RUN_FIRST,
|
||||
0,
|
||||
NULL, NULL,
|
||||
g_cclosure_marshal_VOID__VOID,
|
||||
G_TYPE_NONE, 0);
|
||||
|
||||
dbus_g_error_domain_register (NM_SYSCONFIG_SETTINGS_ERROR,
|
||||
NM_DBUS_IFACE_SETTINGS,
|
||||
NM_TYPE_SYSCONFIG_SETTINGS_ERROR);
|
||||
|
|
@ -1607,12 +1436,7 @@ nm_sysconfig_settings_init (NMSysconfigSettings *self)
|
|||
priv->all_connections = g_hash_table_new_full (g_direct_hash, g_direct_equal, g_object_unref, NULL);
|
||||
|
||||
priv->authority = polkit_authority_get_sync (NULL, &error);
|
||||
if (priv->authority) {
|
||||
priv->auth_changed_id = g_signal_connect (priv->authority,
|
||||
"changed",
|
||||
G_CALLBACK (pk_authority_changed_cb),
|
||||
self);
|
||||
} else {
|
||||
if (!priv->authority) {
|
||||
nm_log_warn (LOGD_SYS_SET, "failed to create PolicyKit authority: (%d) %s",
|
||||
error ? error->code : -1,
|
||||
error && error->message ? error->message : "(unknown)");
|
||||
|
|
|
|||
|
|
@ -32,15 +32,6 @@
|
|||
#include "nm-system-config-interface.h"
|
||||
#include "nm-device.h"
|
||||
|
||||
// FIXME this is temporary, permissions format to be improved
|
||||
typedef enum {
|
||||
NM_SETTINGS_PERMISSION_NONE = 0x0,
|
||||
NM_SETTINGS_PERMISSION_CONNECTION_MODIFY = 0x1,
|
||||
NM_SETTINGS_PERMISSION_WIFI_SHARE_PROTECTED = 0x2,
|
||||
NM_SETTINGS_PERMISSION_WIFI_SHARE_OPEN = 0x4,
|
||||
NM_SETTINGS_PERMISSION_HOSTNAME_MODIFY = 0x8
|
||||
} NMSettingsPermissions;
|
||||
|
||||
#define NM_TYPE_SYSCONFIG_SETTINGS (nm_sysconfig_settings_get_type ())
|
||||
#define NM_SYSCONFIG_SETTINGS(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_SYSCONFIG_SETTINGS, NMSysconfigSettings))
|
||||
#define NM_SYSCONFIG_SETTINGS_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_SYSCONFIG_SETTINGS, NMSysconfigSettingsClass))
|
||||
|
|
@ -53,7 +44,6 @@ typedef enum {
|
|||
#define NM_SYSCONFIG_SETTINGS_CAN_MODIFY "can-modify"
|
||||
|
||||
#define NM_SYSCONFIG_SETTINGS_NEW_CONNECTION "new-connection"
|
||||
#define NM_SYSCONFIG_SETTINGS_CHECK_PERMISSIONS "check-permissions"
|
||||
|
||||
typedef struct {
|
||||
GObject parent_instance;
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue