From 4427774d576c90d9e1c6e2daa5dc6f9ca3776125 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Wed, 26 Jan 2011 18:36:08 -0600 Subject: [PATCH] agents: filter agents by UID for user-requested connections When a user makes an explicit request for secrets via GetSecrets or activates a device, don't ask other users' agents for secrets. Restrict secrets request to agents owned by the user that made the initial activate or GetSecrets request. Automatic activations still request secrets from any available agent. --- marshallers/nm-marshal.list | 2 +- src/modem-manager/nm-modem.c | 2 - src/nm-activation-request.c | 66 +++++++++++++++++++++---- src/nm-activation-request.h | 24 ++++++--- src/nm-agent-manager.c | 21 +++++++- src/nm-agent-manager.h | 4 +- src/nm-device-ethernet.c | 10 +--- src/nm-device-wifi.c | 10 +--- src/nm-manager.c | 71 +++++++++++++++++++++------ src/nm-manager.h | 2 +- src/nm-policy.c | 2 +- src/ppp-manager/nm-ppp-manager.c | 1 - src/settings/nm-settings-connection.c | 29 +++++++---- src/settings/nm-settings-connection.h | 1 + src/vpn-manager/nm-vpn-connection.c | 24 ++++++--- src/vpn-manager/nm-vpn-connection.h | 6 ++- src/vpn-manager/nm-vpn-manager.c | 4 +- src/vpn-manager/nm-vpn-manager.h | 2 + src/vpn-manager/nm-vpn-service.c | 4 +- src/vpn-manager/nm-vpn-service.h | 2 + 20 files changed, 209 insertions(+), 78 deletions(-) diff --git a/marshallers/nm-marshal.list b/marshallers/nm-marshal.list index 3aefac93b6..b152d9c1f2 100644 --- a/marshallers/nm-marshal.list +++ b/marshallers/nm-marshal.list @@ -26,5 +26,5 @@ BOOLEAN:VOID VOID:STRING,BOOLEAN VOID:STRING,OBJECT,POINTER VOID:BOOLEAN,UINT -UINT:STRING,POINTER,POINTER +UINT:STRING,STRING,POINTER,POINTER diff --git a/src/modem-manager/nm-modem.c b/src/modem-manager/nm-modem.c index 30817f9322..2131d90ca9 100644 --- a/src/modem-manager/nm-modem.c +++ b/src/modem-manager/nm-modem.c @@ -523,7 +523,6 @@ nm_modem_get_secrets (NMModem *self, if (request_new) flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW; priv->secrets_id = nm_act_request_get_secrets (priv->act_request, - NULL, setting_name, flags, hint, @@ -571,7 +570,6 @@ nm_modem_act_stage1_prepare (NMModem *self, flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW; priv->secrets_id = nm_act_request_get_secrets (req, - NULL, setting_name, flags, hints ? g_ptr_array_index (hints, 0) : NULL, diff --git a/src/nm-activation-request.c b/src/nm-activation-request.c index 1ecdbf5988..a25e46e2ee 100644 --- a/src/nm-activation-request.c +++ b/src/nm-activation-request.c @@ -15,7 +15,7 @@ * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * - * Copyright (C) 2005 - 2010 Red Hat, Inc. + * Copyright (C) 2005 - 2011 Red Hat, Inc. * Copyright (C) 2007 - 2008 Novell, Inc. */ @@ -66,6 +66,7 @@ typedef struct { char *specific_object; NMDevice *device; gboolean user_requested; + gulong user_uid; NMActiveConnectionState state; gboolean is_default; @@ -112,14 +113,16 @@ get_secrets_cb (NMAgentManager *manager, callback (self, call_id, connection, error, user_data3); } -guint32 -nm_act_request_get_secrets (NMActRequest *self, - NMConnection *connection, - const char *setting_name, - guint32 flags, - const char *hint, - NMActRequestSecretsFunc callback, - gpointer callback_data) +static guint32 +_internal_get_secrets (NMActRequest *self, + NMConnection *connection, + gboolean filter_by_uid, + gulong uid, + const char *setting_name, + guint32 flags, + const char *hint, + NMActRequestSecretsFunc callback, + gpointer callback_data) { NMActRequestPrivate *priv; guint32 call_id; @@ -137,7 +140,9 @@ nm_act_request_get_secrets (NMActRequest *self, * itself. */ call_id = nm_agent_manager_get_secrets (priv->agent_mgr, - connection ? connection : priv->connection, + connection, + filter_by_uid, + uid, setting_name, flags, hint, @@ -151,6 +156,45 @@ nm_act_request_get_secrets (NMActRequest *self, return call_id; } +guint32 +nm_act_request_get_secrets (NMActRequest *self, + const char *setting_name, + guint32 flags, + const char *hint, + NMActRequestSecretsFunc callback, + gpointer callback_data) +{ + NMActRequestPrivate *priv = NM_ACT_REQUEST_GET_PRIVATE (self); + + /* non-VPN requests use the activation request's internal connection, and + * also the user-requested status and user_uid if the activation was + * requested by a user. + */ + return _internal_get_secrets (self, priv->connection, priv->user_requested, + priv->user_uid, setting_name, flags, hint, + callback, callback_data); +} + +guint32 +nm_act_request_get_secrets_vpn (NMActRequest *self, + NMConnection *connection, + gboolean user_requested, + gulong user_uid, + const char *setting_name, + guint32 flags, + const char *hint, + NMActRequestSecretsFunc callback, + gpointer callback_data) +{ + g_return_val_if_fail (connection != NULL, 0); + + /* VPN requests use the VPN's connection, and also the VPN's user-requested + * status and user_uid if the activation was requested by a user. + */ + return _internal_get_secrets (self, connection, user_requested, user_uid, + setting_name, flags, hint, callback, callback_data); +} + void nm_act_request_cancel_secrets (NMActRequest *self, guint32 call_id) { @@ -448,6 +492,7 @@ nm_act_request_new (NMConnection *connection, const char *specific_object, NMAgentManager *agent_mgr, gboolean user_requested, + gulong user_uid, gboolean assumed, gpointer *device) { @@ -475,6 +520,7 @@ nm_act_request_new (NMConnection *connection, G_CALLBACK (device_state_changed), NM_ACT_REQUEST (object)); + priv->user_uid = user_uid; priv->user_requested = user_requested; priv->assumed = assumed; diff --git a/src/nm-activation-request.h b/src/nm-activation-request.h index f7a3addd77..f91eb1c721 100644 --- a/src/nm-activation-request.h +++ b/src/nm-activation-request.h @@ -51,6 +51,7 @@ NMActRequest *nm_act_request_new (NMConnection *connection, const char *specific_object, NMAgentManager *agent_mgr, gboolean user_requested, + gulong user_uid, gboolean assumed, gpointer *device); /* An NMDevice */ @@ -92,13 +93,22 @@ typedef void (*NMActRequestSecretsFunc) (NMActRequest *req, GError *error, gpointer user_data); -guint32 nm_act_request_get_secrets (NMActRequest *req, - NMConnection *connection, /* NULL == use activation request's connection */ - const char *setting_name, - guint32 flags, - const char *hint, - NMActRequestSecretsFunc callback, - gpointer callback_data); +guint32 nm_act_request_get_secrets (NMActRequest *req, + const char *setting_name, + guint32 flags, + const char *hint, + NMActRequestSecretsFunc callback, + gpointer callback_data); + +guint32 nm_act_request_get_secrets_vpn (NMActRequest *req, + NMConnection *connection, + gboolean user_requested, + gulong user_uid, + const char *setting_name, + guint32 flags, + const char *hint, + NMActRequestSecretsFunc callback, + gpointer callback_data); void nm_act_request_cancel_secrets (NMActRequest *req, guint32 call_id); diff --git a/src/nm-agent-manager.c b/src/nm-agent-manager.c index 8a3400256c..d5f8ef4723 100644 --- a/src/nm-agent-manager.c +++ b/src/nm-agent-manager.c @@ -330,6 +330,8 @@ struct _Request { guint32 reqid; NMConnection *connection; + gboolean filter_by_uid; + gulong uid_filter; char *setting_name; guint32 flags; char *hint; @@ -364,6 +366,8 @@ struct _Request { static Request * request_new (NMConnection *connection, + gboolean filter_by_uid, + gulong uid_filter, const char *setting_name, guint32 flags, const char *hint, @@ -380,6 +384,8 @@ request_new (NMConnection *connection, req = g_malloc0 (sizeof (Request)); req->reqid = next_id++; req->connection = g_object_ref (connection); + req->filter_by_uid = filter_by_uid; + req->uid_filter = uid_filter; req->setting_name = g_strdup (setting_name); req->flags = flags; req->hint = g_strdup (hint); @@ -682,7 +688,7 @@ request_add_agent (Request *req, agent_uid = nm_secret_agent_get_owner_uid (agent); if (0 != agent_uid) { if (!nm_auth_uid_in_acl (req->connection, session_monitor, agent_uid, NULL)) { - nm_log_dbg (LOGD_AGENTS, "(%s) agent ignored for secrets request %p/%s", + nm_log_dbg (LOGD_AGENTS, "(%s) agent ignored for secrets request %p/%s (not in ACL)", nm_secret_agent_get_description (agent), req, req->setting_name); /* Connection not visible to this agent's user */ @@ -691,6 +697,15 @@ request_add_agent (Request *req, /* Caller is allowed to add this connection */ } + /* If the request should filter agents by UID, do that now */ + if (req->filter_by_uid && (agent_uid != req->uid_filter)) { + nm_log_dbg (LOGD_AGENTS, "(%s) agent ignored for secrets request %p/%s " + "(uid %ld not required %ld)", + nm_secret_agent_get_description (agent), + req, req->setting_name, agent_uid, req->uid_filter); + return; + } + nm_log_dbg (LOGD_AGENTS, "(%s) agent allowed for secrets request %p/%s", nm_secret_agent_get_description (agent), req, req->setting_name); @@ -781,6 +796,8 @@ mgr_req_complete_cb (Request *req, guint32 nm_agent_manager_get_secrets (NMAgentManager *self, NMConnection *connection, + gboolean filter_by_uid, + gulong uid_filter, const char *setting_name, guint32 flags, const char *hint, @@ -805,6 +822,8 @@ nm_agent_manager_get_secrets (NMAgentManager *self, setting_name); req = request_new (connection, + filter_by_uid, + uid_filter, setting_name, flags, hint, diff --git a/src/nm-agent-manager.h b/src/nm-agent-manager.h index e9caa10bd2..17d918d5d3 100644 --- a/src/nm-agent-manager.h +++ b/src/nm-agent-manager.h @@ -15,7 +15,7 @@ * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * - * Copyright (C) 2010 Red Hat, Inc. + * Copyright (C) 2010 - 2011 Red Hat, Inc. */ #ifndef NM_AGENT_MANAGER_H @@ -59,6 +59,8 @@ typedef void (*NMAgentSecretsResultFunc) (NMAgentManager *manager, guint32 nm_agent_manager_get_secrets (NMAgentManager *manager, NMConnection *connection, + gboolean filter_by_uid, + gulong uid, const char *setting_name, guint32 flags, const char *hint, diff --git a/src/nm-device-ethernet.c b/src/nm-device-ethernet.c index 0250490a5f..f18d5b9a9f 100644 --- a/src/nm-device-ethernet.c +++ b/src/nm-device-ethernet.c @@ -1055,7 +1055,6 @@ link_timeout_cb (gpointer user_data) nm_device_state_changed (dev, NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_SUPPLICANT_DISCONNECT); nm_act_request_get_secrets (req, - NULL, setting_name, NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW, NULL, @@ -1245,14 +1244,7 @@ handle_auth_or_fail (NMDeviceEthernet *self, */ if (new_secrets || tries) flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW; - - nm_act_request_get_secrets (req, - NULL, - setting_name, - flags, - NULL, - wired_secrets_cb, - self); + nm_act_request_get_secrets (req, setting_name, flags, NULL, wired_secrets_cb, self); g_object_set_data (G_OBJECT (connection), WIRED_SECRETS_TRIES, GUINT_TO_POINTER (++tries)); } else { diff --git a/src/nm-device-wifi.c b/src/nm-device-wifi.c index 1068b0e1b4..8dfc81b9ec 100644 --- a/src/nm-device-wifi.c +++ b/src/nm-device-wifi.c @@ -2495,7 +2495,6 @@ link_timeout_cb (gpointer user_data) cleanup_association_attempt (self, TRUE); nm_device_state_changed (dev, NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_SUPPLICANT_DISCONNECT); nm_act_request_get_secrets (req, - NULL, setting_name, NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW, NULL, @@ -2742,14 +2741,7 @@ handle_auth_or_fail (NMDeviceWifi *self, */ if (new_secrets || tries) flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW; - - nm_act_request_get_secrets (req, - NULL, - setting_name, - flags, - NULL, - wifi_secrets_cb, - self); + nm_act_request_get_secrets (req, setting_name, flags, NULL, wifi_secrets_cb, self); g_object_set_data (G_OBJECT (connection), WIRELESS_SECRETS_TRIES, GUINT_TO_POINTER (++tries)); } else { diff --git a/src/nm-manager.c b/src/nm-manager.c index f28a405ee4..3bd1482e5e 100644 --- a/src/nm-manager.c +++ b/src/nm-manager.c @@ -140,6 +140,7 @@ static const char *internal_activate_device (NMManager *manager, NMConnection *connection, const char *specific_object, gboolean user_requested, + gulong sender_uid, gboolean assumed, GError **error); @@ -942,6 +943,7 @@ secrets_result_cb (NMAgentManager *manager, static guint32 system_connection_get_secrets_cb (NMSettingsConnection *connection, + const char *sender, const char *setting_name, NMSettingsConnectionSecretsUpdatedFunc callback, gpointer callback_data, @@ -949,17 +951,31 @@ system_connection_get_secrets_cb (NMSettingsConnection *connection, { NMManager *self = NM_MANAGER (user_data); NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self); - gboolean call_id; + gboolean call_id = 0; + DBusError error; + gulong sender_uid; + + /* Get the unix user of the requestor */ + dbus_error_init (&error); + sender_uid = dbus_bus_get_unix_user (nm_dbus_manager_get_dbus_connection (priv->dbus_mgr), + sender, + &error); + if (dbus_error_is_set (&error)) + dbus_error_free (&error); + else { + call_id = nm_agent_manager_get_secrets (priv->agent_mgr, + NM_CONNECTION (connection), + TRUE, + sender_uid, + setting_name, + NM_SECRET_AGENT_GET_SECRETS_FLAG_NONE, + NULL, + secrets_result_cb, + self, + callback, + callback_data); + } - call_id = nm_agent_manager_get_secrets (priv->agent_mgr, - NM_CONNECTION (connection), - setting_name, - NM_SECRET_AGENT_GET_SECRETS_FLAG_NONE, - NULL, - secrets_result_cb, - self, - callback, - callback_data); return call_id; } @@ -1576,7 +1592,7 @@ add_device (NMManager *self, NMDevice *device) nm_log_dbg (LOGD_DEVICE, "(%s): will attempt to assume existing connection", nm_device_get_iface (device)); - ac_path = internal_activate_device (self, device, existing, NULL, FALSE, TRUE, &error); + ac_path = internal_activate_device (self, device, existing, NULL, FALSE, 0, TRUE, &error); if (ac_path) g_object_notify (G_OBJECT (self), NM_MANAGER_ACTIVE_CONNECTIONS); else { @@ -1910,6 +1926,7 @@ internal_activate_device (NMManager *manager, NMConnection *connection, const char *specific_object, gboolean user_requested, + gulong sender_uid, gboolean assumed, GError **error) { @@ -1938,6 +1955,7 @@ internal_activate_device (NMManager *manager, specific_object, NM_MANAGER_GET_PRIVATE (manager)->agent_mgr, user_requested, + sender_uid, assumed, (gpointer) device); success = nm_device_interface_activate (dev_iface, req, error); @@ -1951,7 +1969,7 @@ nm_manager_activate_connection (NMManager *manager, NMConnection *connection, const char *specific_object, const char *device_path, - gboolean user_requested, + const char *dbus_sender, GError **error) { NMManagerPrivate *priv; @@ -1959,6 +1977,8 @@ nm_manager_activate_connection (NMManager *manager, NMSettingConnection *s_con; NMVPNConnection *vpn_connection; const char *path = NULL; + gulong sender_uid = 0; + DBusError dbus_error; g_return_val_if_fail (manager != NULL, NULL); g_return_val_if_fail (connection != NULL, NULL); @@ -1967,6 +1987,21 @@ nm_manager_activate_connection (NMManager *manager, priv = NM_MANAGER_GET_PRIVATE (manager); + /* Get the UID of the user that originated the request, if any */ + if (dbus_sender) { + dbus_error_init (&dbus_error); + sender_uid = dbus_bus_get_unix_user (nm_dbus_manager_get_dbus_connection (priv->dbus_mgr), + dbus_sender, + &dbus_error); + if (dbus_error_is_set (&dbus_error)) { + g_set_error_literal (error, + NM_MANAGER_ERROR, NM_MANAGER_ERROR_PERMISSION_DENIED, + "Failed to get unix user for dbus sender"); + dbus_error_free (&dbus_error); + return NULL; + } + } + s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); g_assert (s_con); @@ -2014,6 +2049,8 @@ nm_manager_activate_connection (NMManager *manager, connection, parent_req, device, + TRUE, + sender_uid, error); if (vpn_connection) path = nm_vpn_connection_get_active_connection_path (vpn_connection); @@ -2042,7 +2079,8 @@ nm_manager_activate_connection (NMManager *manager, device, connection, specific_object, - user_requested, + dbus_sender ? TRUE : FALSE, + dbus_sender ? sender_uid : 0, FALSE, error); } @@ -2063,6 +2101,7 @@ pending_activate (NMManager *self, PendingActivation *pending) NMSettingsConnection *connection; const char *path = NULL; GError *error = NULL; + char *sender; /* Ok, we're authorized */ @@ -2074,12 +2113,16 @@ pending_activate (NMManager *self, PendingActivation *pending) goto out; } + sender = dbus_g_method_get_sender (pending->context); + g_assert (sender); path = nm_manager_activate_connection (self, NM_CONNECTION (connection), pending->specific_object_path, pending->device_path, - TRUE, + sender, &error); + g_free (sender); + if (!path) { nm_log_warn (LOGD_CORE, "connection %s failed to activate: (%d) %s", pending->connection_path, error->code, error->message); diff --git a/src/nm-manager.h b/src/nm-manager.h index ba9375488f..22bfca9e8b 100644 --- a/src/nm-manager.h +++ b/src/nm-manager.h @@ -87,7 +87,7 @@ const char * nm_manager_activate_connection (NMManager *manager, NMConnection *connection, const char *specific_object, const char *device_path, - gboolean user_requested, + const char *dbus_sender, /* NULL if automatic */ GError **error); gboolean nm_manager_deactivate_connection (NMManager *manager, diff --git a/src/nm-policy.c b/src/nm-policy.c index 23fc6ac736..06cdb24bb7 100644 --- a/src/nm-policy.c +++ b/src/nm-policy.c @@ -758,7 +758,7 @@ auto_activate_device (gpointer user_data) best_connection, specific_object, nm_device_get_path (data->device), - FALSE, + NULL, &error)) { NMSettingConnection *s_con; diff --git a/src/ppp-manager/nm-ppp-manager.c b/src/ppp-manager/nm-ppp-manager.c index 35db28e6e8..bf0f020d57 100644 --- a/src/ppp-manager/nm-ppp-manager.c +++ b/src/ppp-manager/nm-ppp-manager.c @@ -471,7 +471,6 @@ impl_ppp_manager_need_secrets (NMPPPManager *manager, flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW; priv->secrets_id = nm_act_request_get_secrets (priv->act_req, - NULL, setting_name, flags, hints ? g_ptr_array_index (hints, 0) : NULL, diff --git a/src/settings/nm-settings-connection.c b/src/settings/nm-settings-connection.c index 7bf4b7daf4..01be346014 100644 --- a/src/settings/nm-settings-connection.c +++ b/src/settings/nm-settings-connection.c @@ -711,14 +711,22 @@ dbus_secrets_auth_cb (NMSettingsConnection *self, gpointer user_data) { NMSettingsConnectionPrivate *priv = NM_SETTINGS_CONNECTION_GET_PRIVATE (self); - char *setting_name = user_data; + char *sender, *setting_name = user_data; guint32 call_id = 0; GError *local = NULL; - if (error) - dbus_g_method_return_error (context, error); - else { - g_signal_emit (self, signals[GET_SECRETS], 0, setting_name, dbus_get_agent_secrets_cb, context, &call_id); + sender = dbus_g_method_get_sender (context); + if (!sender) { + local = g_error_new_literal (NM_SETTINGS_ERROR, + NM_SETTINGS_ERROR_PERMISSION_DENIED, + "Unable to get request D-Bus sender"); + } else if (!error) { + g_signal_emit (self, signals[GET_SECRETS], 0, + sender, + setting_name, + dbus_get_agent_secrets_cb, + context, + &call_id); if (call_id > 0) { /* track the request and wait for the callback */ priv->reqs = g_slist_append (priv->reqs, GUINT_TO_POINTER (call_id)); @@ -726,12 +734,15 @@ dbus_secrets_auth_cb (NMSettingsConnection *self, local = g_error_new_literal (NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_SECRETS_UNAVAILABLE, "No secrets were available"); - dbus_g_method_return_error (context, local); - g_error_free (local); } } + if (error || local) + dbus_g_method_return_error (context, error ? error : local); + g_free (setting_name); + g_free (sender); + g_clear_error (&local); } static void @@ -877,8 +888,8 @@ nm_settings_connection_class_init (NMSettingsConnectionClass *class) G_SIGNAL_RUN_FIRST, G_STRUCT_OFFSET (NMSettingsConnectionClass, get_secrets), get_secrets_accumulator, NULL, - _nm_marshal_UINT__STRING_POINTER_POINTER, - G_TYPE_UINT, 3, G_TYPE_STRING, G_TYPE_POINTER, G_TYPE_POINTER); + _nm_marshal_UINT__STRING_STRING_POINTER_POINTER, + G_TYPE_UINT, 4, G_TYPE_STRING, G_TYPE_STRING, G_TYPE_POINTER, G_TYPE_POINTER); signals[CANCEL_SECRETS] = g_signal_new (NM_SETTINGS_CONNECTION_CANCEL_SECRETS, diff --git a/src/settings/nm-settings-connection.h b/src/settings/nm-settings-connection.h index 6f7a2ed921..b192346fc2 100644 --- a/src/settings/nm-settings-connection.h +++ b/src/settings/nm-settings-connection.h @@ -80,6 +80,7 @@ struct _NMSettingsConnectionClass { /* signals */ guint32 (*get_secrets) (NMSettingsConnection *connection, + const char *sender, /* dbus bus name of requestor */ const char *setting_name, NMSettingsConnectionSecretsUpdatedFunc callback, gpointer callback_data); diff --git a/src/vpn-manager/nm-vpn-connection.c b/src/vpn-manager/nm-vpn-connection.c index 6f160dfa16..30790f03fd 100644 --- a/src/vpn-manager/nm-vpn-connection.c +++ b/src/vpn-manager/nm-vpn-connection.c @@ -57,6 +57,8 @@ typedef struct { NMConnection *connection; + gboolean user_requested; + gulong user_uid; NMActRequest *act_request; guint32 secrets_id; @@ -198,7 +200,9 @@ device_ip4_config_changed (NMDevice *device, NMVPNConnection * nm_vpn_connection_new (NMConnection *connection, NMActRequest *act_request, - NMDevice *parent_device) + NMDevice *parent_device, + gboolean user_requested, + gulong user_uid) { NMVPNConnection *self; NMVPNConnectionPrivate *priv; @@ -213,6 +217,8 @@ nm_vpn_connection_new (NMConnection *connection, priv = NM_VPN_CONNECTION_GET_PRIVATE (self); + priv->user_requested = user_requested; + priv->user_uid = user_uid; priv->connection = g_object_ref (connection); priv->parent_dev = g_object_ref (parent_device); priv->act_request = g_object_ref (act_request); @@ -811,13 +817,15 @@ connection_need_secrets_cb (DBusGProxy *proxy, return; } - priv->secrets_id = nm_act_request_get_secrets (priv->act_request, - priv->connection, - setting_name, - NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION, - NULL, - vpn_secrets_cb, - self); + priv->secrets_id = nm_act_request_get_secrets_vpn (priv->act_request, + priv->connection, + priv->user_requested, + priv->user_uid, + setting_name, + NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION, + NULL, + vpn_secrets_cb, + self); if (!priv->secrets_id) nm_vpn_connection_fail (self, NM_VPN_CONNECTION_STATE_REASON_NO_SECRETS); } diff --git a/src/vpn-manager/nm-vpn-connection.h b/src/vpn-manager/nm-vpn-connection.h index ecd0a89aa4..fd5ee24e19 100644 --- a/src/vpn-manager/nm-vpn-connection.h +++ b/src/vpn-manager/nm-vpn-connection.h @@ -15,7 +15,7 @@ * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * - * Copyright (C) 2005 - 2010 Red Hat, Inc. + * Copyright (C) 2005 - 2011 Red Hat, Inc. * Copyright (C) 2006 - 2008 Novell, Inc. */ @@ -58,7 +58,9 @@ GType nm_vpn_connection_get_type (void); NMVPNConnection * nm_vpn_connection_new (NMConnection *connection, NMActRequest *act_request, - NMDevice *parent_device); + NMDevice *parent_device, + gboolean user_requested, + gulong user_uid); void nm_vpn_connection_activate (NMVPNConnection *connection); NMConnection * nm_vpn_connection_get_connection (NMVPNConnection *connection); diff --git a/src/vpn-manager/nm-vpn-manager.c b/src/vpn-manager/nm-vpn-manager.c index 4b58be0d48..aec6f9121b 100644 --- a/src/vpn-manager/nm-vpn-manager.c +++ b/src/vpn-manager/nm-vpn-manager.c @@ -159,6 +159,8 @@ nm_vpn_manager_activate_connection (NMVPNManager *manager, NMConnection *connection, NMActRequest *act_request, NMDevice *device, + gboolean user_requested, + gulong user_uid, GError **error) { NMSettingVPN *vpn_setting; @@ -205,7 +207,7 @@ nm_vpn_manager_activate_connection (NMVPNManager *manager, return NULL; } - vpn = nm_vpn_service_activate (service, connection, act_request, device, error); + vpn = nm_vpn_service_activate (service, connection, act_request, device, user_requested, user_uid, error); if (vpn) { g_signal_connect (vpn, "vpn-state-changed", G_CALLBACK (connection_vpn_state_changed), diff --git a/src/vpn-manager/nm-vpn-manager.h b/src/vpn-manager/nm-vpn-manager.h index f14844a9d4..6159bb86f5 100644 --- a/src/vpn-manager/nm-vpn-manager.h +++ b/src/vpn-manager/nm-vpn-manager.h @@ -71,6 +71,8 @@ NMVPNConnection *nm_vpn_manager_activate_connection (NMVPNManager *manager, NMConnection *connection, NMActRequest *act_request, NMDevice *device, + gboolean user_requested, + gulong user_uid, GError **error); gboolean nm_vpn_manager_deactivate_connection (NMVPNManager *manager, diff --git a/src/vpn-manager/nm-vpn-service.c b/src/vpn-manager/nm-vpn-service.c index 3377cd9ada..3b4e2b4817 100644 --- a/src/vpn-manager/nm-vpn-service.c +++ b/src/vpn-manager/nm-vpn-service.c @@ -325,6 +325,8 @@ nm_vpn_service_activate (NMVPNService *service, NMConnection *connection, NMActRequest *act_request, NMDevice *device, + gboolean user_requested, + gulong user_uid, GError **error) { NMVPNConnection *vpn; @@ -341,7 +343,7 @@ nm_vpn_service_activate (NMVPNService *service, clear_quit_timeout (service); - vpn = nm_vpn_connection_new (connection, act_request, device); + vpn = nm_vpn_connection_new (connection, act_request, device, user_requested, user_uid); g_signal_connect (vpn, "vpn-state-changed", G_CALLBACK (connection_vpn_state_changed), service); diff --git a/src/vpn-manager/nm-vpn-service.h b/src/vpn-manager/nm-vpn-service.h index c7c1b0366a..0c2445e26d 100644 --- a/src/vpn-manager/nm-vpn-service.h +++ b/src/vpn-manager/nm-vpn-service.h @@ -59,6 +59,8 @@ NMVPNConnection * nm_vpn_service_activate (NMVPNService *service, NMConnection *connection, NMActRequest *act_request, NMDevice *device, + gboolean user_requested, + gulong user_uid, GError **error); GSList * nm_vpn_service_get_active_connections (NMVPNService *service);