mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2026-05-05 06:28:05 +02:00
core: grab remote process id when authenticating D-Bus clients
This commit is contained in:
Dan Williams
parent
a007292937
commit
7a9d5a262a
7 changed files with 56 additions and 14 deletions
|
|
@ -267,6 +267,27 @@ private_server_get_connection_owner (PrivateServer *s, DBusGConnection *connecti
|
|||
|
||||
/**************************************************************/
|
||||
|
||||
static gboolean
|
||||
_bus_get_unix_pid (NMDBusManager *self,
|
||||
const char *sender,
|
||||
gulong *out_pid,
|
||||
GError **error)
|
||||
{
|
||||
guint32 unix_pid = G_MAXUINT32;
|
||||
|
||||
if (!dbus_g_proxy_call_with_timeout (NM_DBUS_MANAGER_GET_PRIVATE (self)->proxy,
|
||||
"GetConnectionUnixProcessID", 2000, error,
|
||||
G_TYPE_STRING, sender,
|
||||
G_TYPE_INVALID,
|
||||
G_TYPE_UINT, &unix_pid,
|
||||
G_TYPE_INVALID)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
*out_pid = (gulong) unix_pid;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* _get_caller_info_from_context():
|
||||
*
|
||||
|
|
@ -279,7 +300,8 @@ _get_caller_info (NMDBusManager *self,
|
|||
DBusConnection *connection,
|
||||
DBusMessage *message,
|
||||
char **out_sender,
|
||||
gulong *out_uid)
|
||||
gulong *out_uid,
|
||||
gulong *out_pid)
|
||||
{
|
||||
NMDBusManagerPrivate *priv = NM_DBUS_MANAGER_GET_PRIVATE (self);
|
||||
DBusGConnection *gconn;
|
||||
|
|
@ -312,6 +334,10 @@ _get_caller_info (NMDBusManager *self,
|
|||
*out_uid = 0;
|
||||
if (out_sender)
|
||||
*out_sender = g_strdup (priv_sender);
|
||||
if (out_pid) {
|
||||
if (!dbus_connection_get_unix_process_id (connection, out_pid))
|
||||
*out_pid = G_MAXULONG;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
|
|
@ -331,6 +357,14 @@ _get_caller_info (NMDBusManager *self,
|
|||
}
|
||||
}
|
||||
|
||||
if (out_pid) {
|
||||
if (!_bus_get_unix_pid (self, sender, out_pid, NULL)) {
|
||||
*out_pid = G_MAXULONG;
|
||||
g_free (sender);
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
if (out_sender)
|
||||
*out_sender = g_strdup (sender);
|
||||
|
||||
|
|
@ -342,9 +376,10 @@ gboolean
|
|||
nm_dbus_manager_get_caller_info (NMDBusManager *self,
|
||||
DBusGMethodInvocation *context,
|
||||
char **out_sender,
|
||||
gulong *out_uid)
|
||||
gulong *out_uid,
|
||||
gulong *out_pid)
|
||||
{
|
||||
return _get_caller_info (self, context, NULL, NULL, out_sender, out_uid);
|
||||
return _get_caller_info (self, context, NULL, NULL, out_sender, out_uid, out_pid);
|
||||
}
|
||||
|
||||
gboolean
|
||||
|
|
@ -352,9 +387,10 @@ nm_dbus_manager_get_caller_info_from_message (NMDBusManager *self,
|
|||
DBusConnection *connection,
|
||||
DBusMessage *message,
|
||||
char **out_sender,
|
||||
gulong *out_uid)
|
||||
gulong *out_uid,
|
||||
gulong *out_pid)
|
||||
{
|
||||
return _get_caller_info (self, NULL, connection, message, out_sender, out_uid);
|
||||
return _get_caller_info (self, NULL, connection, message, out_sender, out_uid, out_pid);
|
||||
}
|
||||
|
||||
gboolean
|
||||
|
|
|
|||
|
|
@ -87,7 +87,8 @@ DBusGConnection * nm_dbus_manager_get_connection (NMDBusManager *self);
|
|||
gboolean nm_dbus_manager_get_caller_info (NMDBusManager *self,
|
||||
DBusGMethodInvocation *context,
|
||||
char **out_sender,
|
||||
gulong *out_uid);
|
||||
gulong *out_uid,
|
||||
gulong *out_pid);
|
||||
|
||||
gboolean nm_dbus_manager_get_unix_user (NMDBusManager *self,
|
||||
const char *sender,
|
||||
|
|
@ -97,7 +98,8 @@ gboolean nm_dbus_manager_get_caller_info_from_message (NMDBusManager *self,
|
|||
DBusConnection *connection,
|
||||
DBusMessage *message,
|
||||
char **out_sender,
|
||||
gulong *out_uid);
|
||||
gulong *out_uid,
|
||||
gulong *out_pid);
|
||||
|
||||
void nm_dbus_manager_register_exported_type (NMDBusManager *self,
|
||||
GType object_type,
|
||||
|
|
|
|||
|
|
@ -157,7 +157,8 @@ nm_auth_chain_new (DBusGMethodInvocation *context,
|
|||
if (nm_dbus_manager_get_caller_info (nm_dbus_manager_get (),
|
||||
context,
|
||||
&sender,
|
||||
&sender_uid)) {
|
||||
&sender_uid,
|
||||
NULL)) {
|
||||
chain = _auth_chain_new (context, NULL, sender, sender_uid, done_func, user_data);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3157,7 +3157,7 @@ validate_activation_request (NMManager *self,
|
|||
g_assert (connection);
|
||||
|
||||
/* Get caller's UID */
|
||||
if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr, context, NULL, out_sender_uid)) {
|
||||
if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr, context, NULL, out_sender_uid, NULL)) {
|
||||
g_set_error_literal (error,
|
||||
NM_MANAGER_ERROR, NM_MANAGER_ERROR_PERMISSION_DENIED,
|
||||
"Failed to get request UID.");
|
||||
|
|
@ -4410,7 +4410,8 @@ prop_filter (DBusConnection *connection,
|
|||
connection,
|
||||
message,
|
||||
NULL,
|
||||
&caller_uid)) {
|
||||
&caller_uid,
|
||||
NULL)) {
|
||||
reply = dbus_message_new_error (message, NM_PERM_DENIED_ERROR,
|
||||
"Could not determine request UID.");
|
||||
goto out;
|
||||
|
|
|
|||
|
|
@ -280,7 +280,8 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self,
|
|||
if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr,
|
||||
context,
|
||||
&sender,
|
||||
&sender_uid)) {
|
||||
&sender_uid,
|
||||
NULL)) {
|
||||
error = g_error_new_literal (NM_AGENT_MANAGER_ERROR,
|
||||
NM_AGENT_MANAGER_ERROR_SENDER_UNKNOWN,
|
||||
"Unable to determine request sender and UID.");
|
||||
|
|
@ -363,6 +364,7 @@ impl_agent_manager_unregister (NMAgentManager *self,
|
|||
if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr,
|
||||
context,
|
||||
&sender,
|
||||
NULL,
|
||||
NULL)) {
|
||||
error = g_error_new_literal (NM_AGENT_MANAGER_ERROR,
|
||||
NM_AGENT_MANAGER_ERROR_SENDER_UNKNOWN,
|
||||
|
|
|
|||
|
|
@ -1009,7 +1009,7 @@ check_user_in_acl (NMConnection *connection,
|
|||
g_return_val_if_fail (session_monitor != NULL, FALSE);
|
||||
|
||||
/* Get the caller's UID */
|
||||
if (!nm_dbus_manager_get_caller_info (nm_dbus_manager_get (), context, NULL, &sender_uid)) {
|
||||
if (!nm_dbus_manager_get_caller_info (nm_dbus_manager_get (), context, NULL, &sender_uid, NULL)) {
|
||||
g_set_error_literal (error,
|
||||
NM_SETTINGS_ERROR,
|
||||
NM_SETTINGS_ERROR_PERMISSION_DENIED,
|
||||
|
|
|
|||
|
|
@ -1135,7 +1135,7 @@ nm_settings_add_connection_dbus (NMSettings *self,
|
|||
}
|
||||
|
||||
/* Get the caller's UID */
|
||||
if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr, context, NULL, &caller_uid)) {
|
||||
if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr, context, NULL, &caller_uid, NULL)) {
|
||||
error = g_error_new_literal (NM_SETTINGS_ERROR,
|
||||
NM_SETTINGS_ERROR_PERMISSION_DENIED,
|
||||
"Unable to determine request UID.");
|
||||
|
|
@ -1251,7 +1251,7 @@ impl_settings_reload_connections (NMSettings *self,
|
|||
gulong caller_uid;
|
||||
GError *error = NULL;
|
||||
|
||||
if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr, context, NULL, &caller_uid)) {
|
||||
if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr, context, NULL, &caller_uid, NULL)) {
|
||||
error = g_error_new_literal (NM_SETTINGS_ERROR,
|
||||
NM_SETTINGS_ERROR_PERMISSION_DENIED,
|
||||
"Unable to determine request UID.");
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue