agent-manager: let nm_settings_connection_check_permission() check all secret-agents searching for permission

nm_agent_manager_get_agent_by_user() would only return the first matching secret agent for the user. This way, we might miss an agent that has permissions. Instead, add nm_agent_manager_has_agent_with_permission() and search all agents.
2026-01-05 03:20:18 +01:00 · 2019-12-23 11:02:30 +01:00 · 2019-12-23 11:02:30 +01:00 · d4a821d53e
commit d4a821d53e
parent 3e0094af77
3 changed files with 24 additions and 26 deletions
--- a/src/settings/nm-agent-manager.c
+++ b/src/settings/nm-agent-manager.c
@ -226,21 +226,6 @@ _agent_find_by_identifier_and_uid (NMAgentManagerPrivate *priv,
 	return NULL;
 }

-static NMSecretAgent *
-_agent_find_by_username (NMAgentManagerPrivate *priv,
-                         const char *username)
-{
-	NMSecretAgent *agent;
-
-	nm_assert (username);
-
-	c_list_for_each_entry (agent, &priv->agent_lst_head, agent_lst) {
-		if (nm_streq0 (nm_secret_agent_get_owner_username (agent), username))
-			return agent;
-	}
-	return NULL;
-}
-
 /*****************************************************************************/

 static void
@ -1402,13 +1387,28 @@ nm_agent_manager_delete_secrets (NMAgentManager *self,

 /*****************************************************************************/

-NMSecretAgent *
-nm_agent_manager_get_agent_by_user (NMAgentManager *self, const char *username)
+gboolean
+nm_agent_manager_has_agent_with_permission (NMAgentManager *self,
+                                            const char *username,
+                                            const char *permission)
 {
-	g_return_val_if_fail (NM_IS_AGENT_MANAGER (self), NULL);
-	g_return_val_if_fail (username, NULL);
+	NMAgentManagerPrivate *priv;
+	NMSecretAgent *agent;

-	return _agent_find_by_username (NM_AGENT_MANAGER_GET_PRIVATE (self), username);
+	g_return_val_if_fail (NM_IS_AGENT_MANAGER (self), FALSE);
+	g_return_val_if_fail (username, FALSE);
+	g_return_val_if_fail (permission, FALSE);
+
+	priv = NM_AGENT_MANAGER_GET_PRIVATE (self);
+
+	c_list_for_each_entry (agent, &priv->agent_lst_head, agent_lst) {
+		if (!nm_streq0 (nm_secret_agent_get_owner_username (agent), username))
+			continue;
+		if (nm_secret_agent_has_permission (agent, permission))
+			return TRUE;
+	}
+
+	return FALSE;
 }

 /*****************************************************************************/
--- a/src/settings/nm-agent-manager.h
+++ b/src/settings/nm-agent-manager.h
@ -65,8 +65,9 @@ void nm_agent_manager_delete_secrets (NMAgentManager *manager,
                                      const char *path,
                                      NMConnection *connection);

-NMSecretAgent *nm_agent_manager_get_agent_by_user (NMAgentManager *manager,
-                                                   const char *username);
+gboolean nm_agent_manager_has_agent_with_permission (NMAgentManager *self,
+                                                     const char *username,
+                                                     const char *permission);

 gboolean nm_agent_manager_all_agents_have_capability (NMAgentManager *manager,
                                                      NMAuthSubject *subject,
--- a/src/settings/nm-settings-connection.c
+++ b/src/settings/nm-settings-connection.c
@ -409,10 +409,7 @@ nm_settings_connection_check_permission (NMSettingsConnection *self,
 		 * either.
 		 */
 		if (nm_setting_connection_get_permission (s_con, i, NULL, &puser, NULL)) {
-			NMSecretAgent *agent = nm_agent_manager_get_agent_by_user (priv->agent_mgr, puser);
-
-			if (   agent
-			    && nm_secret_agent_has_permission (agent, permission))
+			if (nm_agent_manager_has_agent_with_permission (priv->agent_mgr, puser, permission))
 				return TRUE;
 		}
 	}