fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-02-05 12:20:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

auth: move common nm_dbus_manager_get_caller_info() functionality into nm_auth_chain_new()

Browse source 
Most callers of nm_auth_chain_new() call nm_dbus_manager_get_caller_info()
right before that, so just fold the get_caller_info() call into
nm_auth_chain_new() to reduce code complexity in callers.  Yes, this
means sometimes we call nm_dbus_manager_get_caller_info() twice,
but that's not really a problem.
This commit is contained in:
Dan Williams 2012-12-16 12:30:41 -06:00
parent b389ad3141
commit 72bdb5707e
6 changed files with 159 additions and 149 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
src/nm-manager-auth.c
View file

@ -114,7 +114,7 @@ _auth_chain_new (DBusGMethodInvocation *context,
{
NMAuthChain *self;
g_return_val_if_fail (context || message || dbus_sender, NULL);
g_return_val_if_fail (message || dbus_sender, NULL);
self = g_malloc0 (sizeof (NMAuthChain));
self->refcount = 1;
@ -127,9 +127,7 @@ _auth_chain_new (DBusGMethodInvocation *context,
self->context = context;
self->user_uid = user_uid;
if (context)
self->owner = dbus_g_method_get_sender (context);
else if (message)
if (message)
self->owner = g_strdup (dbus_message_get_sender (message));
else if (dbus_sender)
self->owner = g_strdup (dbus_sender);
@ -146,11 +144,33 @@ _auth_chain_new (DBusGMethodInvocation *context,
NMAuthChain *
nm_auth_chain_new (DBusGMethodInvocation *context,
gulong user_uid,
NMAuthChainResultFunc done_func,
gpointer user_data)
gpointer user_data,
const char **out_error_desc)
{
return _auth_chain_new (context, NULL, NULL, user_uid, done_func, user_data);
gulong sender_uid = G_MAXULONG;
char *sender = NULL;
NMDBusManager *dbus_mgr;
NMAuthChain *chain = NULL;
g_return_val_if_fail (context != NULL, NULL);
dbus_mgr = nm_dbus_manager_get ();
g_assert (dbus_mgr);
if (nm_dbus_manager_get_caller_info (dbus_mgr,
context,
&sender,
&sender_uid)) {
chain = _auth_chain_new (context, NULL, sender, sender_uid, done_func, user_data);
}
if (!chain && out_error_desc)
*out_error_desc = "Unable to determine request UID and sender.";
g_free (sender);
g_object_unref (dbus_mgr);
return chain;
}
NMAuthChain *

4
src/nm-manager-auth.h
View file

@ -56,9 +56,9 @@ typedef void (*NMAuthChainResultFunc) (NMAuthChain *chain,
gpointer user_data);
NMAuthChain *nm_auth_chain_new (DBusGMethodInvocation *context,
gulong user_uid,
NMAuthChainResultFunc done_func,
gpointer user_data);
gpointer user_data,
const char **out_error_desc);
NMAuthChain *nm_auth_chain_new_raw_message (DBusMessage *message,
gulong user_uid,

177
src/nm-manager.c
View file

@ -869,29 +869,15 @@ pending_auth_done (NMAuthChain *chain,
}
static void
pending_activation_check_authorized (PendingActivation *pending,
NMDBusManager *dbus_mgr)
pending_activation_check_authorized (PendingActivation *pending)
{
gulong sender_uid = G_MAXULONG;
GError *error;
const char *wifi_permission = NULL;
NMConnection *connection;
NMSettings *settings;
const char *error_desc = NULL;
g_return_if_fail (pending != NULL);
g_return_if_fail (dbus_mgr != NULL);
if (!nm_dbus_manager_get_caller_info (dbus_mgr,
pending->context,
NULL,
&sender_uid)) {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
"Unable to determine UID of request.");
pending->callback (pending, error);
g_error_free (error);
return;
}
/* By this point we have an auto-completed connection (for AddAndActivate)
* or an existing connection (for Activate).
@ -915,17 +901,24 @@ pending_activation_check_authorized (PendingActivation *pending,
* the user a chance to authenticate to gain the permission.
*/
pending->chain = nm_auth_chain_new (pending->context,
sender_uid,
pending_auth_done,
pending);
g_assert (pending->chain);
nm_auth_chain_add_call (pending->chain, NM_AUTH_PERMISSION_NETWORK_CONTROL, TRUE);
pending,
&error_desc);
if (pending->chain) {
nm_auth_chain_add_call (pending->chain, NM_AUTH_PERMISSION_NETWORK_CONTROL, TRUE);
/* Shared wifi connections require special permissions too */
wifi_permission = nm_utils_get_shared_wifi_permission (connection);
if (wifi_permission) {
pending->wifi_shared_permission = wifi_permission;
nm_auth_chain_add_call (pending->chain, wifi_permission, TRUE);
/* Shared wifi connections require special permissions too */
wifi_permission = nm_utils_get_shared_wifi_permission (connection);
if (wifi_permission) {
pending->wifi_shared_permission = wifi_permission;
nm_auth_chain_add_call (pending->chain, wifi_permission, TRUE);
}
} else {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
error_desc);
pending->callback (pending, error);
g_error_free (error);
}
}
@ -1764,32 +1757,26 @@ device_auth_request_cb (NMDevice *device,
{
NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self);
GError *error = NULL;
gulong sender_uid = G_MAXULONG;
NMAuthChain *chain;
/* Get the caller's UID for the root check */
if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr,
context,
NULL,
&sender_uid)) {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
"Unable to determine request UID.");
callback (device, context, error, user_data);
g_error_free (error);
return;
}
const char *error_desc = NULL;
/* Validate the request */
chain = nm_auth_chain_new (context, sender_uid, device_auth_done_cb, self);
g_assert (chain);
priv->auth_chains = g_slist_append (priv->auth_chains, chain);
chain = nm_auth_chain_new (context, device_auth_done_cb, self, &error_desc);
if (chain) {
priv->auth_chains = g_slist_append (priv->auth_chains, chain);
nm_auth_chain_set_data (chain, "device", g_object_ref (device), g_object_unref);
nm_auth_chain_set_data (chain, "requested-permission", g_strdup (permission), g_free);
nm_auth_chain_set_data (chain, "callback", callback, NULL);
nm_auth_chain_set_data (chain, "user-data", user_data, NULL);
nm_auth_chain_add_call (chain, permission, allow_interaction);
nm_auth_chain_set_data (chain, "device", g_object_ref (device), g_object_unref);
nm_auth_chain_set_data (chain, "requested-permission", g_strdup (permission), g_free);
nm_auth_chain_set_data (chain, "callback", callback, NULL);
nm_auth_chain_set_data (chain, "user-data", user_data, NULL);
nm_auth_chain_add_call (chain, permission, allow_interaction);
} else {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
error_desc);
callback (device, context, error, user_data);
g_error_free (error);
}
}
static void
@ -3020,7 +3007,6 @@ impl_manager_activate_connection (NMManager *self,
const char *specific_object_path,
DBusGMethodInvocation *context)
{
NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self);
PendingActivation *pending;
GError *error = NULL;
@ -3036,7 +3022,7 @@ impl_manager_activate_connection (NMManager *self,
activation_auth_done,
&error);
if (pending)
pending_activation_check_authorized (pending, priv->dbus_mgr);
pending_activation_check_authorized (pending);
else {
g_assert (error);
dbus_g_method_return_error (context, error);
@ -3088,7 +3074,6 @@ impl_manager_add_and_activate_connection (NMManager *self,
const char *specific_object_path,
DBusGMethodInvocation *context)
{
NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self);
PendingActivation *pending;
GError *error = NULL;
@ -3104,7 +3089,7 @@ impl_manager_add_and_activate_connection (NMManager *self,
add_and_activate_auth_done,
&error);
if (pending)
pending_activation_check_authorized (pending, priv->dbus_mgr);
pending_activation_check_authorized (pending);
else {
g_assert (error);
dbus_g_method_return_error (context, error);
@ -3204,7 +3189,7 @@ impl_manager_deactivate_connection (NMManager *self,
GError *error = NULL;
GSList *iter;
NMAuthChain *chain;
gulong sender_uid = G_MAXULONG;
const char *error_desc = NULL;
/* Find the connection by its object path */
for (iter = priv->active_connections; iter; iter = g_slist_next (iter)) {
@ -3225,28 +3210,20 @@ impl_manager_deactivate_connection (NMManager *self,
return;
}
/* Need to check the caller's permissions and stuff before we can
* deactivate the connection.
*/
if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr,
context,
NULL,
&sender_uid)) {
/* Validate the user request */
chain = nm_auth_chain_new (context, deactivate_net_auth_done_cb, self, &error_desc);
if (chain) {
priv->auth_chains = g_slist_append (priv->auth_chains, chain);
nm_auth_chain_set_data (chain, "path", g_strdup (active_path), g_free);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_NETWORK_CONTROL, TRUE);
} else {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
"Unable to determine request UID.");
error_desc);
dbus_g_method_return_error (context, error);
g_error_free (error);
return;
}
/* Otherwise validate the user request */
chain = nm_auth_chain_new (context, sender_uid, deactivate_net_auth_done_cb, self);
g_assert (chain);
priv->auth_chains = g_slist_append (priv->auth_chains, chain);
nm_auth_chain_set_data (chain, "path", g_strdup (active_path), g_free);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_NETWORK_CONTROL, TRUE);
}
static void
@ -3380,7 +3357,6 @@ impl_manager_sleep (NMManager *self,
GError *error = NULL;
#if 0
NMAuthChain *chain;
gulong sender_uid = G_MAXULONG;
const char *error_desc = NULL;
#endif
@ -3410,20 +3386,18 @@ impl_manager_sleep (NMManager *self,
return;
#if 0
if (!nm_auth_get_caller_uid (context, priv->dbus_mgr, &sender_uid, &error_desc)) {
chain = nm_auth_chain_new (context, sleep_auth_done_cb, self, &error_desc);
if (chain) {
priv->auth_chains = g_slist_append (priv->auth_chains, chain);
nm_auth_chain_set_data (chain, "sleep", GUINT_TO_POINTER (do_sleep), NULL);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SLEEP_WAKE, TRUE);
} else {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
error_desc);
dbus_g_method_return_error (context, error);
g_error_free (error);
return;
}
chain = nm_auth_chain_new (context, sender_uid, sleep_auth_done_cb, self);
g_assert (chain);
priv->auth_chains = g_slist_append (priv->auth_chains, chain);
nm_auth_chain_set_data (chain, "sleep", GUINT_TO_POINTER (do_sleep), NULL);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SLEEP_WAKE, TRUE);
#endif
}
@ -3521,7 +3495,7 @@ impl_manager_enable (NMManager *self,
NMManagerPrivate *priv;
NMAuthChain *chain;
GError *error = NULL;
gulong sender_uid = G_MAXULONG;
const char *error_desc;
g_return_if_fail (NM_IS_MANAGER (self));
@ -3536,24 +3510,19 @@ impl_manager_enable (NMManager *self,
return;
}
if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr,
context,
NULL,
&sender_uid)) {
chain = nm_auth_chain_new (context, enable_net_done_cb, self, &error_desc);
if (chain) {
priv->auth_chains = g_slist_append (priv->auth_chains, chain);
nm_auth_chain_set_data (chain, "enable", GUINT_TO_POINTER (enable), NULL);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK, TRUE);
} else {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
"Unable to determine request UID.");
error_desc);
dbus_g_method_return_error (context, error);
g_error_free (error);
return;
}
chain = nm_auth_chain_new (context, sender_uid, enable_net_done_cb, self);
g_assert (chain);
priv->auth_chains = g_slist_append (priv->auth_chains, chain);
nm_auth_chain_set_data (chain, "enable", GUINT_TO_POINTER (enable), NULL);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK, TRUE);
}
/* Permissions */
@ -3623,21 +3592,11 @@ impl_manager_get_permissions (NMManager *self,
{
NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self);
NMAuthChain *chain;
gulong sender_uid = G_MAXULONG;
const char *error_desc = NULL;
GError *error;
if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr,
context,
NULL,
&sender_uid)) {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
"Unable to determine request UID.");
dbus_g_method_return_error (context, error);
g_error_free (error);
} else {
chain = nm_auth_chain_new (context, sender_uid, get_permissions_done_cb, self);
g_assert (chain);
chain = nm_auth_chain_new (context, get_permissions_done_cb, self, &error_desc);
if (chain) {
priv->auth_chains = g_slist_append (priv->auth_chains, chain);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK, FALSE);
@ -3651,6 +3610,12 @@ impl_manager_get_permissions (NMManager *self,
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM, FALSE);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_OWN, FALSE);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME, FALSE);
} else {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
error_desc);
dbus_g_method_return_error (context, error);
g_error_free (error);
}
}
@ -3958,7 +3923,7 @@ prop_filter (DBusConnection *connection,
goto out;
}
/* Otherwise validate the user request */
/* Validate the user request */
chain = nm_auth_chain_new_raw_message (message, caller_uid, prop_set_auth_done_cb, self);
g_assert (chain);
priv->auth_chains = g_slist_append (priv->auth_chains, chain);

19
src/settings/nm-agent-manager.c
View file

@ -269,6 +269,7 @@ impl_agent_manager_register (NMAgentManager *self,
GError *error = NULL, *local = NULL;
NMSecretAgent *agent;
NMAuthChain *chain;
const char *error_desc = NULL;
if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr,
context,
@ -316,12 +317,18 @@ impl_agent_manager_register (NMAgentManager *self,
nm_secret_agent_get_description (agent));
/* Kick off permissions requests for this agent */
chain = nm_auth_chain_new (context, sender_uid, agent_register_permissions_done, self);
g_assert (chain);
priv->chains = g_slist_append (priv->chains, chain);
nm_auth_chain_set_data (chain, "agent", agent, g_object_unref);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED, FALSE);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN, FALSE);
chain = nm_auth_chain_new (context, agent_register_permissions_done, self, &error_desc);
if (chain) {
nm_auth_chain_set_data (chain, "agent", agent, g_object_unref);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED, FALSE);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN, FALSE);
priv->chains = g_slist_append (priv->chains, chain);
} else {
error = g_error_new_literal (NM_AGENT_MANAGER_ERROR,
NM_AGENT_MANAGER_ERROR_SENDER_UNKNOWN,
error_desc);
}
done:
if (error)

25
src/settings/nm-settings-connection.c
View file

@ -971,6 +971,7 @@ auth_start (NMSettingsConnection *self,
NMAuthChain *chain;
gulong sender_uid = G_MAXULONG;
GError *error = NULL;
const char *error_desc = NULL;
if (!check_user_in_acl (NM_CONNECTION (self),
context,
@ -984,16 +985,24 @@ auth_start (NMSettingsConnection *self,
}
if (check_permission) {
chain = nm_auth_chain_new (context, sender_uid, pk_auth_cb, self);
g_assert (chain);
priv->pending_auths = g_slist_append (priv->pending_auths, chain);
chain = nm_auth_chain_new (context, pk_auth_cb, self, &error_desc);
if (chain) {
priv->pending_auths = g_slist_append (priv->pending_auths, chain);
nm_auth_chain_set_data (chain, "perm", (gpointer) check_permission, NULL);
nm_auth_chain_set_data (chain, "callback", callback, NULL);
nm_auth_chain_set_data (chain, "callback-data", callback_data, NULL);
nm_auth_chain_set_data_ulong (chain, "sender-uid", sender_uid);
nm_auth_chain_set_data (chain, "perm", (gpointer) check_permission, NULL);
nm_auth_chain_set_data (chain, "callback", callback, NULL);
nm_auth_chain_set_data (chain, "callback-data", callback_data, NULL);
nm_auth_chain_set_data_ulong (chain, "sender-uid", sender_uid);
nm_auth_chain_add_call (chain, check_permission, TRUE);
nm_auth_chain_add_call (chain, check_permission, TRUE);
} else {
g_set_error_literal (&error,
NM_SETTINGS_ERROR,
NM_SETTINGS_ERROR_PERMISSION_DENIED,
error_desc);
callback (self, context, G_MAXULONG, error, callback_data);
g_clear_error (&error);
}
} else {
/* Don't need polkit auth, automatic success */
callback (self, context, sender_uid, NULL, callback_data);

49
src/settings/nm-settings.c
View file

@ -1097,6 +1097,7 @@ nm_settings_add_connection (NMSettings *self,
GError *error = NULL, *tmp_error = NULL;
gulong caller_uid = G_MAXULONG;
char *error_desc = NULL;
const char *auth_error_desc = NULL;
const char *perm;
/* Connection must be valid, of course */
@ -1168,16 +1169,23 @@ nm_settings_add_connection (NMSettings *self,
else
perm = NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM;
/* Otherwise validate the user request */
chain = nm_auth_chain_new (context, caller_uid, pk_add_cb, self);
g_assert (chain);
priv->auths = g_slist_append (priv->auths, chain);
nm_auth_chain_add_call (chain, perm, TRUE);
nm_auth_chain_set_data (chain, "perm", (gpointer) perm, NULL);
nm_auth_chain_set_data (chain, "connection", g_object_ref (connection), g_object_unref);
nm_auth_chain_set_data (chain, "callback", callback, NULL);
nm_auth_chain_set_data (chain, "callback-data", user_data, NULL);
nm_auth_chain_set_data_ulong (chain, "caller-uid", caller_uid);
/* Validate the user request */
chain = nm_auth_chain_new (context, pk_add_cb, self, &auth_error_desc);
if (chain) {
priv->auths = g_slist_append (priv->auths, chain);
nm_auth_chain_add_call (chain, perm, TRUE);
nm_auth_chain_set_data (chain, "perm", (gpointer) perm, NULL);
nm_auth_chain_set_data (chain, "connection", g_object_ref (connection), g_object_unref);
nm_auth_chain_set_data (chain, "callback", callback, NULL);
nm_auth_chain_set_data (chain, "callback-data", user_data, NULL);
nm_auth_chain_set_data_ulong (chain, "caller-uid", caller_uid);
} else {
error = g_error_new_literal (NM_SETTINGS_ERROR,
NM_SETTINGS_ERROR_PERMISSION_DENIED,
auth_error_desc);
callback (self, NULL, error, context, user_data);
g_error_free (error);
}
}
static void
@ -1262,23 +1270,24 @@ impl_settings_save_hostname (NMSettings *self,
NMSettingsPrivate *priv = NM_SETTINGS_GET_PRIVATE (self);
NMAuthChain *chain;
GError *error = NULL;
gulong sender_uid = G_MAXULONG;
const char *error_desc = NULL;
/* Do any of the plugins support setting the hostname? */
if (!get_plugin (self, NM_SYSTEM_CONFIG_INTERFACE_CAP_MODIFY_HOSTNAME)) {
error = g_error_new_literal (NM_SETTINGS_ERROR,
NM_SETTINGS_ERROR_SAVE_HOSTNAME_NOT_SUPPORTED,
"None of the registered plugins support setting the hostname.");
} else if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr, context, NULL, &sender_uid)) {
error = g_error_new_literal (NM_SETTINGS_ERROR,
NM_SETTINGS_ERROR_PERMISSION_DENIED,
"Unable to determine request UID.");
} else {
chain = nm_auth_chain_new (context, sender_uid, pk_hostname_cb, self);
g_assert (chain);
priv->auths = g_slist_append (priv->auths, chain);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME, TRUE);
nm_auth_chain_set_data (chain, "hostname", g_strdup (hostname), g_free);
chain = nm_auth_chain_new (context, pk_hostname_cb, self, &error_desc);
if (chain) {
priv->auths = g_slist_append (priv->auths, chain);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME, TRUE);
nm_auth_chain_set_data (chain, "hostname", g_strdup (hostname), g_free);
} else {
error = g_error_new_literal (NM_SETTINGS_ERROR,
NM_SETTINGS_ERROR_PERMISSION_DENIED,
error_desc);
}
}
if (error) {