fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-02-07 16:50:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

agents: use NMAuthSubject

Browse source
This commit is contained in:
Dan Williams 2013-07-29 10:40:11 -05:00
parent 7fe84e0ec7
commit e39435a596
3 changed files with 59 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
src/settings/nm-agent-manager.c
View file

@ -206,6 +206,8 @@ agent_register_permissions_done (NMAuthChain *chain,
GHashTableIter iter;
Request *req;
g_assert (context);
priv->chains = g_slist_remove (priv->chains, chain);
if (error) {
@ -270,23 +272,20 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self,
DBusGMethodInvocation *context)
{
NMAgentManagerPrivate *priv = NM_AGENT_MANAGER_GET_PRIVATE (self);
char *sender = NULL;
NMAuthSubject *subject;
gulong sender_uid = G_MAXULONG;
GError *error = NULL, *local = NULL;
NMSecretAgent *agent;
NMAuthChain *chain;
const char *error_desc = NULL;
if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr,
context,
&sender,
&sender_uid,
NULL)) {
subject = nm_auth_subject_new_from_context (context);
if (!subject) {
error = g_error_new_literal (NM_AGENT_MANAGER_ERROR,
NM_AGENT_MANAGER_ERROR_SENDER_UNKNOWN,
"Unable to determine request sender and UID.");
goto done;
}
sender_uid = nm_auth_subject_get_uid (subject);
if ( 0 != sender_uid
&& !nm_session_monitor_uid_has_session (priv->session_monitor,
@ -312,7 +311,7 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self,
}
/* Success, add the new agent */
agent = nm_secret_agent_new (context, sender, identifier, sender_uid, capabilities);
agent = nm_secret_agent_new (context, subject, identifier, capabilities);
if (!agent) {
error = g_error_new_literal (NM_AGENT_MANAGER_ERROR,
NM_AGENT_MANAGER_ERROR_INTERNAL_ERROR,
@ -324,7 +323,7 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self,
nm_secret_agent_get_description (agent));
/* Kick off permissions requests for this agent */
chain = nm_auth_chain_new (context, agent_register_permissions_done, self, &error_desc);
chain = nm_auth_chain_new_subject (subject, context, agent_register_permissions_done, self);
if (chain) {
nm_auth_chain_set_data (chain, "agent", agent, g_object_unref);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED, FALSE);
@ -334,7 +333,7 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self,
} else {
error = g_error_new_literal (NM_AGENT_MANAGER_ERROR,
NM_AGENT_MANAGER_ERROR_SENDER_UNKNOWN,
error_desc);
"Unable to start agent authentication.");
}
done:
@ -342,7 +341,7 @@ done:
dbus_g_method_return_error (context, error);
g_clear_error (&error);
g_clear_error (&local);
g_free (sender);
g_clear_object (&subject);
}
static void
@ -1018,10 +1017,10 @@ get_next_cb (Request *parent)
nm_log_dbg (LOGD_AGENTS, "(%p/%s/%s) request has system secrets; checking agent %s for MODIFY",
req, parent->detail, req->setting_name, agent_dbus_owner);
req->chain = nm_auth_chain_new_dbus_sender (agent_dbus_owner,
nm_secret_agent_get_owner_uid (parent->current),
get_agent_modify_auth_cb,
req);
req->chain = nm_auth_chain_new_subject (nm_secret_agent_get_subject (parent->current),
NULL,
get_agent_modify_auth_cb,
req);
g_assert (req->chain);
/* If the caller is the only user in the connection's permissions, then
@ -1504,10 +1503,10 @@ authority_changed_cb (gpointer user_data)
NMAuthChain *chain;
/* Kick off permissions requests for this agent */
chain = nm_auth_chain_new_dbus_sender (nm_secret_agent_get_dbus_owner (agent),
nm_secret_agent_get_owner_uid (agent),
agent_permissions_changed_done,
self);
chain = nm_auth_chain_new_subject (nm_secret_agent_get_subject (agent),
NULL,
agent_permissions_changed_done,
self);
g_assert (chain);
priv->chains = g_slist_append (priv->chains, chain);

67
src/settings/nm-secret-agent.c
View file

@ -31,6 +31,7 @@
#include "nm-secret-agent.h"
#include "nm-dbus-manager.h"
#include "nm-dbus-glib-types.h"
#include "nm-glib-compat.h"
#include "nm-logging.h"
G_DEFINE_TYPE (NMSecretAgent, nm_secret_agent, G_TYPE_OBJECT)
@ -40,12 +41,9 @@ G_DEFINE_TYPE (NMSecretAgent, nm_secret_agent, G_TYPE_OBJECT)
NMSecretAgentPrivate))
typedef struct {
gboolean disposed;
char *description;
char *owner;
NMAuthSubject *subject;
char *identifier;
uid_t owner_uid;
char *owner_username;
NMSecretAgentCapabilities capabilities;
guint32 hash;
@ -106,10 +104,10 @@ nm_secret_agent_get_description (NMSecretAgent *agent)
priv = NM_SECRET_AGENT_GET_PRIVATE (agent);
if (!priv->description) {
priv->description = g_strdup_printf ("%s/%s/%u",
priv->owner,
priv->description = g_strdup_printf ("%s/%s/%lu",
nm_auth_subject_get_dbus_sender (priv->subject),
priv->identifier,
priv->owner_uid);
nm_auth_subject_get_uid (priv->subject));
}
return priv->description;
@ -120,7 +118,7 @@ nm_secret_agent_get_dbus_owner (NMSecretAgent *agent)
{
g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NULL);
return NM_SECRET_AGENT_GET_PRIVATE (agent)->owner;
return nm_auth_subject_get_dbus_sender (NM_SECRET_AGENT_GET_PRIVATE (agent)->subject);
}
const char *
@ -131,16 +129,16 @@ nm_secret_agent_get_identifier (NMSecretAgent *agent)
return NM_SECRET_AGENT_GET_PRIVATE (agent)->identifier;
}
uid_t
gulong
nm_secret_agent_get_owner_uid (NMSecretAgent *agent)
{
g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), G_MAXUINT);
g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), G_MAXULONG);
return NM_SECRET_AGENT_GET_PRIVATE (agent)->owner_uid;
return nm_auth_subject_get_uid (NM_SECRET_AGENT_GET_PRIVATE (agent)->subject);
}
const char *
nm_secret_agent_get_owner_username(NMSecretAgent *agent)
nm_secret_agent_get_owner_username (NMSecretAgent *agent)
{
g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NULL);
@ -156,13 +154,21 @@ nm_secret_agent_get_capabilities (NMSecretAgent *agent)
}
guint32
nm_secret_agent_get_hash (NMSecretAgent *agent)
nm_secret_agent_get_hash (NMSecretAgent *agent)
{
g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), 0);
return NM_SECRET_AGENT_GET_PRIVATE (agent)->hash;
}
NMAuthSubject *
nm_secret_agent_get_subject (NMSecretAgent *agent)
{
g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NULL);
return NM_SECRET_AGENT_GET_PRIVATE (agent)->subject;
}
/**
* nm_secret_agent_add_permission:
* @agent: A #NMSecretAgent.
@ -443,9 +449,8 @@ proxy_cleanup (NMSecretAgent *self)
NMSecretAgent *
nm_secret_agent_new (DBusGMethodInvocation *context,
const char *owner,
NMAuthSubject *subject,
const char *identifier,
uid_t owner_uid,
NMSecretAgentCapabilities capabilities)
{
NMSecretAgent *self;
@ -453,10 +458,11 @@ nm_secret_agent_new (DBusGMethodInvocation *context,
char *hash_str, *username;
struct passwd *pw;
g_return_val_if_fail (owner != NULL, NULL);
g_return_val_if_fail (context != NULL, NULL);
g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), NULL);
g_return_val_if_fail (identifier != NULL, NULL);
pw = getpwuid (owner_uid);
pw = getpwuid (nm_auth_subject_get_uid (subject));
g_return_val_if_fail (pw != NULL, NULL);
g_return_val_if_fail (pw->pw_name[0] != '\0', NULL);
username = g_strdup (pw->pw_name);
@ -464,19 +470,18 @@ nm_secret_agent_new (DBusGMethodInvocation *context,
self = (NMSecretAgent *) g_object_new (NM_TYPE_SECRET_AGENT, NULL);
priv = NM_SECRET_AGENT_GET_PRIVATE (self);
priv->owner = g_strdup (owner);
priv->identifier = g_strdup (identifier);
priv->owner_uid = owner_uid;
priv->owner_username = g_strdup (username);
priv->capabilities = capabilities;
priv->subject = g_object_ref (subject);
hash_str = g_strdup_printf ("%08u%s", owner_uid, identifier);
hash_str = g_strdup_printf ("%16lu%s", nm_auth_subject_get_uid (subject), identifier);
priv->hash = g_str_hash (hash_str);
g_free (hash_str);
priv->proxy = nm_dbus_manager_new_proxy (nm_dbus_manager_get (),
context,
owner,
nm_auth_subject_get_dbus_sender (subject),
NM_DBUS_PATH_SECRET_AGENT,
NM_DBUS_INTERFACE_SECRET_AGENT);
g_assert (priv->proxy);
@ -501,21 +506,21 @@ dispose (GObject *object)
{
NMSecretAgentPrivate *priv = NM_SECRET_AGENT_GET_PRIVATE (object);
if (!priv->disposed) {
priv->disposed = TRUE;
g_clear_pointer (&priv->description, g_free);
g_clear_pointer (&priv->identifier, g_free);
g_clear_pointer (&priv->owner_username, g_free);
g_free (priv->description);
g_free (priv->owner);
g_free (priv->identifier);
g_free (priv->owner_username);
g_slist_free_full (priv->permissions, g_free);
g_slist_free_full (priv->permissions, g_free);
priv->permissions = NULL;
if (priv->requests) {
g_hash_table_destroy (priv->requests);
proxy_cleanup (NM_SECRET_AGENT (object));
priv->requests = NULL;
}
proxy_cleanup (NM_SECRET_AGENT (object));
g_clear_object (&priv->subject);
G_OBJECT_CLASS (nm_secret_agent_parent_class)->dispose (object);
}

8
src/settings/nm-secret-agent.h
View file

@ -29,6 +29,7 @@
#include <nm-connection.h>
#include "nm-dbus-manager.h"
#include "nm-settings-flags.h"
#include "nm-auth-subject.h"
/* NOTE: ensure these capabilities match those in introspection/nm-secret-agent.xml and
* libnm-glib/nm-secret-agent.h.
@ -56,9 +57,8 @@ typedef struct {
GType nm_secret_agent_get_type (void);
NMSecretAgent *nm_secret_agent_new (DBusGMethodInvocation *context,
const char *owner,
NMAuthSubject *subject,
const char *identifier,
uid_t owner_uid,
NMSecretAgentCapabilities capabilities);
const char *nm_secret_agent_get_description (NMSecretAgent *agent);
@ -67,7 +67,7 @@ const char *nm_secret_agent_get_dbus_owner (NMSecretAgent *agent);
const char *nm_secret_agent_get_identifier (NMSecretAgent *agent);
uid_t nm_secret_agent_get_owner_uid (NMSecretAgent *agent);
gulong nm_secret_agent_get_owner_uid (NMSecretAgent *agent);
const char *nm_secret_agent_get_owner_username (NMSecretAgent *agent);
@ -75,6 +75,8 @@ NMSecretAgentCapabilities nm_secret_agent_get_capabilities (NMSecretAgent *agent
guint32 nm_secret_agent_get_hash (NMSecretAgent *agent);
NMAuthSubject *nm_secret_agent_get_subject (NMSecretAgent *agent);
void nm_secret_agent_add_permission (NMSecretAgent *agent,
const char *permission,
gboolean allowed);