fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-09 21:40:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

core: merge branch 'th/device-get-applied-connection-no-privs'

Browse source 
https://bugzilla.redhat.com/show_bug.cgi?id=1882380

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/634
This commit is contained in:
Thomas Haller 2020-09-29 11:51:41 +02:00
commit 7c6a99eb40
No known key found for this signature in database
GPG key ID: 29C2366E4DFC5728
4 changed files with 61 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
NEWS
View file

@ -17,6 +17,8 @@ USE AT YOUR OWN RISK. NOT RECOMMENDED FOR PRODUCTION USE!
was built with the respective options enabled.
* The long deprecated D-Bus property "Ip4Address" on "org.freedesktop.NetworkManager.Device"
interface is not defunct and always returns zero.
* dbus: don't require policykit permission for GetAppliedConnection of
a device.
=============================================
NetworkManager-1.26

92
src/devices/nm-device.c
View file

@ -12876,62 +12876,6 @@ impl_device_reapply(NMDBusObject * obj,
/*****************************************************************************/
static void
get_applied_connection_cb(NMDevice * self,
GDBusMethodInvocation *context,
NMAuthSubject * subject,
GError * error,
gpointer user_data /* possibly dangling pointer */)
{
NMDevicePrivate *priv;
NMConnection * applied_connection;
GVariant * settings;
g_return_if_fail(NM_IS_DEVICE(self));
if (error) {
g_dbus_method_invocation_return_gerror(context, error);
return;
}
priv = NM_DEVICE_GET_PRIVATE(self);
applied_connection = nm_device_get_applied_connection(self);
if (!applied_connection) {
error = g_error_new_literal(NM_DEVICE_ERROR,
NM_DEVICE_ERROR_NOT_ACTIVE,
"Device is not activated");
g_dbus_method_invocation_take_error(context, error);
return;
}
if (applied_connection != user_data) {
/* The applied connection changed due to a race. Reauthenticate. */
nm_device_auth_request(
self,
context,
applied_connection,
NM_AUTH_PERMISSION_NETWORK_CONTROL,
TRUE,
NULL,
get_applied_connection_cb,
applied_connection /* no need take a ref. We will not dereference this pointer. */);
return;
}
settings = nm_connection_to_dbus(applied_connection, NM_CONNECTION_SERIALIZE_NO_SECRETS);
if (!settings)
settings = g_variant_new_array(G_VARIANT_TYPE("{sa{sv}}"), NULL, 0);
g_dbus_method_invocation_return_value(
context,
g_variant_new(
"(@a{sa{sv}}t)",
settings,
nm_active_connection_version_id_get((NMActiveConnection *) priv->act_request.obj)));
}
static void
impl_device_get_applied_connection(NMDBusObject * obj,
const NMDBusInterfaceInfoExtended *interface_info,
@ -12941,9 +12885,12 @@ impl_device_get_applied_connection(NMDBusObject * obj,
GDBusMethodInvocation * invocation,
GVariant * parameters)
{
NMDevice * self = NM_DEVICE(obj);
NMConnection *applied_connection;
guint32 flags;
NMDevice * self = NM_DEVICE(obj);
NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
gs_free_error GError *error = NULL;
NMConnection * applied_connection;
guint32 flags;
GVariant * var_settings;
g_variant_get(parameters, "(u)", &flags);
@ -12965,15 +12912,26 @@ impl_device_get_applied_connection(NMDBusObject * obj,
return;
}
nm_device_auth_request(
self,
if (!nm_auth_is_invocation_in_acl_set_error(applied_connection,
invocation,
NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
NULL,
&error)) {
g_dbus_method_invocation_take_error(invocation, g_steal_pointer(&error));
return;
}
var_settings = nm_connection_to_dbus(applied_connection, NM_CONNECTION_SERIALIZE_NO_SECRETS);
if (!var_settings)
var_settings = g_variant_new_array(G_VARIANT_TYPE("{sa{sv}}"), NULL, 0);
g_dbus_method_invocation_return_value(
invocation,
applied_connection,
NM_AUTH_PERMISSION_NETWORK_CONTROL,
TRUE,
NULL,
get_applied_connection_cb,
applied_connection /* no need take a ref. We will not dereference this pointer. */);
g_variant_new(
"(@a{sa{sv}}t)",
var_settings,
nm_active_connection_version_id_get((NMActiveConnection *) priv->act_request.obj)));
}
/*****************************************************************************/

27
src/nm-auth-utils.c
View file

@ -13,6 +13,7 @@
#include "nm-auth-manager.h"
#include "nm-session-monitor.h"
#include "nm-dbus-manager.h"
#include "nm-core-utils.h"
/*****************************************************************************/
@ -667,3 +668,29 @@ nm_auth_is_subject_in_acl_set_error(NMConnection * connection,
g_free(error_desc);
return FALSE;
}
gboolean
nm_auth_is_invocation_in_acl_set_error(NMConnection * connection,
GDBusMethodInvocation *invocation,
GQuark err_domain,
int err_code,
NMAuthSubject ** out_subject,
GError ** error)
{
gs_unref_object NMAuthSubject *subject = NULL;
gboolean success;
nm_assert(!out_subject || !*out_subject);
subject = nm_dbus_manager_new_auth_subject_from_context(invocation);
if (!subject) {
g_set_error_literal(error, err_domain, err_code, NM_UTILS_ERROR_MSG_REQ_UID_UKNOWN);
return FALSE;
}
success = nm_auth_is_subject_in_acl_set_error(connection, subject, err_domain, err_code, error);
NM_SET_OUT(out_subject, g_steal_pointer(&subject));
return success;
}

7
src/nm-auth-utils.h
View file

@ -85,4 +85,11 @@ gboolean nm_auth_is_subject_in_acl_set_error(NMConnection * connection,
int err_code,
GError ** error);
gboolean nm_auth_is_invocation_in_acl_set_error(NMConnection * connection,
GDBusMethodInvocation *invocation,
GQuark err_domain,
int err_code,
NMAuthSubject ** out_subject,
GError ** error);
#endif /* __NETWORKMANAGER_MANAGER_AUTH_H__ */