ifupdown: get_secrets: don't override DBus handler

ifupdown only supports secrets for wireless connections, so attempts to get non-wireless secrets need to fail. Previously, this was accomplished by overriding NMSysconfigSettingsClass->get_secrets, the handler for DBus GetSecrets() method calls. This had some problems: - It created an information leak. The first thing the NMSysconfigConnection implementation does is verify that the caller is authorized to get secrets information, but nm-ifupdown-connection ends up performing its additional check before authorization happens. Thus, unauthorized users are able to determine that some connections don't have secrets. This will become more significant when secrets handling is revamped. - We'd really like to devirtualize these DBus method call handlers. They were inherited from from NMRemoteConnection, where we needed these functions to be virtual so that user and system settings services could implement them differently. That is no longer needed. ifupdown was the last place were we actually "needed" these functions to be virtual. With this commit, we fix these problems by overriding nm_settings_connection_interface_get_secrets instead.
2026-05-05 05:18:23 +02:00 · 2010-08-05 00:54:03 -04:00 · 2010-08-05 00:54:03 -04:00 · a4af7967c9
commit a4af7967c9
parent c2f4b10ab5
1 changed files with 26 additions and 10 deletions
--- a/system-settings/plugins/ifupdown/nm-ifupdown-connection.c
+++ b/system-settings/plugins/ifupdown/nm-ifupdown-connection.c
@ -32,7 +32,13 @@
 #include "nm-ifupdown-connection.h"
 #include "parser.h"

-G_DEFINE_TYPE (NMIfupdownConnection, nm_ifupdown_connection, NM_TYPE_SYSCONFIG_CONNECTION)
+static NMSettingsConnectionInterface *parent_settings_connection_iface;
+
+static void settings_connection_interface_init (NMSettingsConnectionInterface *klass);
+
+G_DEFINE_TYPE_EXTENDED (NMIfupdownConnection, nm_ifupdown_connection, NM_TYPE_SYSCONFIG_CONNECTION, 0, 
+                        G_IMPLEMENT_INTERFACE (NM_TYPE_SETTINGS_CONNECTION_INTERFACE,
+                                               settings_connection_interface_init))

 #define NM_IFUPDOWN_CONNECTION_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_IFUPDOWN_CONNECTION, NMIfupdownConnectionPrivate))

@ -57,12 +63,13 @@ nm_ifupdown_connection_new (if_block *block)
 										 NULL);
 }

-static void
-get_secrets (NMSysconfigConnection *exported,
+static gboolean
+get_secrets (NMSettingsConnectionInterface *connection,
             const gchar *setting_name,
             const gchar **hints,
             gboolean request_new,
-             DBusGMethodInvocation *context)
+             NMSettingsConnectionInterfaceGetSecretsFunc callback,
+             gpointer user_data)
 {
 	GError *error = NULL;

@ -76,12 +83,24 @@ get_secrets (NMSysconfigConnection *exported,
 		             "%s.%d - security setting name not supported '%s'.",
 		             __FILE__, __LINE__, setting_name);
 		PLUGIN_PRINT ("SCPlugin-Ifupdown", "%s", error->message);
-		dbus_g_method_return_error (context, error);
+		callback (connection, NULL, error, user_data);
 		g_error_free (error);
-		return;
+		return FALSE;
 	}

-	NM_SYSCONFIG_CONNECTION_CLASS (nm_ifupdown_connection_parent_class)->get_secrets (exported, setting_name, hints, request_new, context);
+	return parent_settings_connection_iface->get_secrets (connection,
+	                                                      setting_name,
+	                                                      hints,
+	                                                      request_new,
+	                                                      callback,
+	                                                      user_data);
+}
+
+static void
+settings_connection_interface_init (NMSettingsConnectionInterface *iface)
+{
+	parent_settings_connection_iface = g_type_interface_peek_parent (iface);
+	iface->get_secrets = get_secrets;
 }

 static void
@ -165,7 +184,6 @@ static void
 nm_ifupdown_connection_class_init (NMIfupdownConnectionClass *ifupdown_connection_class)
 {
 	GObjectClass *object_class = G_OBJECT_CLASS (ifupdown_connection_class);
-	NMSysconfigConnectionClass *connection_class = NM_SYSCONFIG_CONNECTION_CLASS (ifupdown_connection_class);

 	g_type_class_add_private (ifupdown_connection_class, sizeof (NMIfupdownConnectionPrivate));

@ -174,8 +192,6 @@ nm_ifupdown_connection_class_init (NMIfupdownConnectionClass *ifupdown_connectio
 	object_class->set_property = set_property;
 	object_class->get_property = get_property;

-	connection_class->get_secrets = get_secrets;
-
 	/* Properties */
 	g_object_class_install_property
 		(object_class, PROP_IFBLOCK,