From e39435a596f8a851329b95d4e9e844ec55ba5b9e Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Mon, 29 Jul 2013 10:40:11 -0500 Subject: [PATCH] agents: use NMAuthSubject --- src/settings/nm-agent-manager.c | 37 +++++++++--------- src/settings/nm-secret-agent.c | 67 ++++++++++++++++++--------------- src/settings/nm-secret-agent.h | 8 ++-- 3 files changed, 59 insertions(+), 53 deletions(-) diff --git a/src/settings/nm-agent-manager.c b/src/settings/nm-agent-manager.c index 980b1f1461..33fbbe7ff3 100644 --- a/src/settings/nm-agent-manager.c +++ b/src/settings/nm-agent-manager.c @@ -206,6 +206,8 @@ agent_register_permissions_done (NMAuthChain *chain, GHashTableIter iter; Request *req; + g_assert (context); + priv->chains = g_slist_remove (priv->chains, chain); if (error) { @@ -270,23 +272,20 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self, DBusGMethodInvocation *context) { NMAgentManagerPrivate *priv = NM_AGENT_MANAGER_GET_PRIVATE (self); - char *sender = NULL; + NMAuthSubject *subject; gulong sender_uid = G_MAXULONG; GError *error = NULL, *local = NULL; NMSecretAgent *agent; NMAuthChain *chain; - const char *error_desc = NULL; - if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr, - context, - &sender, - &sender_uid, - NULL)) { + subject = nm_auth_subject_new_from_context (context); + if (!subject) { error = g_error_new_literal (NM_AGENT_MANAGER_ERROR, NM_AGENT_MANAGER_ERROR_SENDER_UNKNOWN, "Unable to determine request sender and UID."); goto done; } + sender_uid = nm_auth_subject_get_uid (subject); if ( 0 != sender_uid && !nm_session_monitor_uid_has_session (priv->session_monitor, @@ -312,7 +311,7 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self, } /* Success, add the new agent */ - agent = nm_secret_agent_new (context, sender, identifier, sender_uid, capabilities); + agent = nm_secret_agent_new (context, subject, identifier, capabilities); if (!agent) { error = g_error_new_literal (NM_AGENT_MANAGER_ERROR, NM_AGENT_MANAGER_ERROR_INTERNAL_ERROR, @@ -324,7 +323,7 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self, nm_secret_agent_get_description (agent)); /* Kick off permissions requests for this agent */ - chain = nm_auth_chain_new (context, agent_register_permissions_done, self, &error_desc); + chain = nm_auth_chain_new_subject (subject, context, agent_register_permissions_done, self); if (chain) { nm_auth_chain_set_data (chain, "agent", agent, g_object_unref); nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED, FALSE); @@ -334,7 +333,7 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self, } else { error = g_error_new_literal (NM_AGENT_MANAGER_ERROR, NM_AGENT_MANAGER_ERROR_SENDER_UNKNOWN, - error_desc); + "Unable to start agent authentication."); } done: @@ -342,7 +341,7 @@ done: dbus_g_method_return_error (context, error); g_clear_error (&error); g_clear_error (&local); - g_free (sender); + g_clear_object (&subject); } static void @@ -1018,10 +1017,10 @@ get_next_cb (Request *parent) nm_log_dbg (LOGD_AGENTS, "(%p/%s/%s) request has system secrets; checking agent %s for MODIFY", req, parent->detail, req->setting_name, agent_dbus_owner); - req->chain = nm_auth_chain_new_dbus_sender (agent_dbus_owner, - nm_secret_agent_get_owner_uid (parent->current), - get_agent_modify_auth_cb, - req); + req->chain = nm_auth_chain_new_subject (nm_secret_agent_get_subject (parent->current), + NULL, + get_agent_modify_auth_cb, + req); g_assert (req->chain); /* If the caller is the only user in the connection's permissions, then @@ -1504,10 +1503,10 @@ authority_changed_cb (gpointer user_data) NMAuthChain *chain; /* Kick off permissions requests for this agent */ - chain = nm_auth_chain_new_dbus_sender (nm_secret_agent_get_dbus_owner (agent), - nm_secret_agent_get_owner_uid (agent), - agent_permissions_changed_done, - self); + chain = nm_auth_chain_new_subject (nm_secret_agent_get_subject (agent), + NULL, + agent_permissions_changed_done, + self); g_assert (chain); priv->chains = g_slist_append (priv->chains, chain); diff --git a/src/settings/nm-secret-agent.c b/src/settings/nm-secret-agent.c index 7f0e879a3a..66ddc36a2a 100644 --- a/src/settings/nm-secret-agent.c +++ b/src/settings/nm-secret-agent.c @@ -31,6 +31,7 @@ #include "nm-secret-agent.h" #include "nm-dbus-manager.h" #include "nm-dbus-glib-types.h" +#include "nm-glib-compat.h" #include "nm-logging.h" G_DEFINE_TYPE (NMSecretAgent, nm_secret_agent, G_TYPE_OBJECT) @@ -40,12 +41,9 @@ G_DEFINE_TYPE (NMSecretAgent, nm_secret_agent, G_TYPE_OBJECT) NMSecretAgentPrivate)) typedef struct { - gboolean disposed; - char *description; - char *owner; + NMAuthSubject *subject; char *identifier; - uid_t owner_uid; char *owner_username; NMSecretAgentCapabilities capabilities; guint32 hash; @@ -106,10 +104,10 @@ nm_secret_agent_get_description (NMSecretAgent *agent) priv = NM_SECRET_AGENT_GET_PRIVATE (agent); if (!priv->description) { - priv->description = g_strdup_printf ("%s/%s/%u", - priv->owner, + priv->description = g_strdup_printf ("%s/%s/%lu", + nm_auth_subject_get_dbus_sender (priv->subject), priv->identifier, - priv->owner_uid); + nm_auth_subject_get_uid (priv->subject)); } return priv->description; @@ -120,7 +118,7 @@ nm_secret_agent_get_dbus_owner (NMSecretAgent *agent) { g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NULL); - return NM_SECRET_AGENT_GET_PRIVATE (agent)->owner; + return nm_auth_subject_get_dbus_sender (NM_SECRET_AGENT_GET_PRIVATE (agent)->subject); } const char * @@ -131,16 +129,16 @@ nm_secret_agent_get_identifier (NMSecretAgent *agent) return NM_SECRET_AGENT_GET_PRIVATE (agent)->identifier; } -uid_t +gulong nm_secret_agent_get_owner_uid (NMSecretAgent *agent) { - g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), G_MAXUINT); + g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), G_MAXULONG); - return NM_SECRET_AGENT_GET_PRIVATE (agent)->owner_uid; + return nm_auth_subject_get_uid (NM_SECRET_AGENT_GET_PRIVATE (agent)->subject); } const char * -nm_secret_agent_get_owner_username(NMSecretAgent *agent) +nm_secret_agent_get_owner_username (NMSecretAgent *agent) { g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NULL); @@ -156,13 +154,21 @@ nm_secret_agent_get_capabilities (NMSecretAgent *agent) } guint32 -nm_secret_agent_get_hash (NMSecretAgent *agent) +nm_secret_agent_get_hash (NMSecretAgent *agent) { g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), 0); return NM_SECRET_AGENT_GET_PRIVATE (agent)->hash; } +NMAuthSubject * +nm_secret_agent_get_subject (NMSecretAgent *agent) +{ + g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NULL); + + return NM_SECRET_AGENT_GET_PRIVATE (agent)->subject; +} + /** * nm_secret_agent_add_permission: * @agent: A #NMSecretAgent. @@ -443,9 +449,8 @@ proxy_cleanup (NMSecretAgent *self) NMSecretAgent * nm_secret_agent_new (DBusGMethodInvocation *context, - const char *owner, + NMAuthSubject *subject, const char *identifier, - uid_t owner_uid, NMSecretAgentCapabilities capabilities) { NMSecretAgent *self; @@ -453,10 +458,11 @@ nm_secret_agent_new (DBusGMethodInvocation *context, char *hash_str, *username; struct passwd *pw; - g_return_val_if_fail (owner != NULL, NULL); + g_return_val_if_fail (context != NULL, NULL); + g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), NULL); g_return_val_if_fail (identifier != NULL, NULL); - pw = getpwuid (owner_uid); + pw = getpwuid (nm_auth_subject_get_uid (subject)); g_return_val_if_fail (pw != NULL, NULL); g_return_val_if_fail (pw->pw_name[0] != '\0', NULL); username = g_strdup (pw->pw_name); @@ -464,19 +470,18 @@ nm_secret_agent_new (DBusGMethodInvocation *context, self = (NMSecretAgent *) g_object_new (NM_TYPE_SECRET_AGENT, NULL); priv = NM_SECRET_AGENT_GET_PRIVATE (self); - priv->owner = g_strdup (owner); priv->identifier = g_strdup (identifier); - priv->owner_uid = owner_uid; priv->owner_username = g_strdup (username); priv->capabilities = capabilities; + priv->subject = g_object_ref (subject); - hash_str = g_strdup_printf ("%08u%s", owner_uid, identifier); + hash_str = g_strdup_printf ("%16lu%s", nm_auth_subject_get_uid (subject), identifier); priv->hash = g_str_hash (hash_str); g_free (hash_str); priv->proxy = nm_dbus_manager_new_proxy (nm_dbus_manager_get (), context, - owner, + nm_auth_subject_get_dbus_sender (subject), NM_DBUS_PATH_SECRET_AGENT, NM_DBUS_INTERFACE_SECRET_AGENT); g_assert (priv->proxy); @@ -501,21 +506,21 @@ dispose (GObject *object) { NMSecretAgentPrivate *priv = NM_SECRET_AGENT_GET_PRIVATE (object); - if (!priv->disposed) { - priv->disposed = TRUE; + g_clear_pointer (&priv->description, g_free); + g_clear_pointer (&priv->identifier, g_free); + g_clear_pointer (&priv->owner_username, g_free); - g_free (priv->description); - g_free (priv->owner); - g_free (priv->identifier); - g_free (priv->owner_username); - - g_slist_free_full (priv->permissions, g_free); + g_slist_free_full (priv->permissions, g_free); + priv->permissions = NULL; + if (priv->requests) { g_hash_table_destroy (priv->requests); - - proxy_cleanup (NM_SECRET_AGENT (object)); + priv->requests = NULL; } + proxy_cleanup (NM_SECRET_AGENT (object)); + g_clear_object (&priv->subject); + G_OBJECT_CLASS (nm_secret_agent_parent_class)->dispose (object); } diff --git a/src/settings/nm-secret-agent.h b/src/settings/nm-secret-agent.h index a59182e533..b75f7177db 100644 --- a/src/settings/nm-secret-agent.h +++ b/src/settings/nm-secret-agent.h @@ -29,6 +29,7 @@ #include #include "nm-dbus-manager.h" #include "nm-settings-flags.h" +#include "nm-auth-subject.h" /* NOTE: ensure these capabilities match those in introspection/nm-secret-agent.xml and * libnm-glib/nm-secret-agent.h. @@ -56,9 +57,8 @@ typedef struct { GType nm_secret_agent_get_type (void); NMSecretAgent *nm_secret_agent_new (DBusGMethodInvocation *context, - const char *owner, + NMAuthSubject *subject, const char *identifier, - uid_t owner_uid, NMSecretAgentCapabilities capabilities); const char *nm_secret_agent_get_description (NMSecretAgent *agent); @@ -67,7 +67,7 @@ const char *nm_secret_agent_get_dbus_owner (NMSecretAgent *agent); const char *nm_secret_agent_get_identifier (NMSecretAgent *agent); -uid_t nm_secret_agent_get_owner_uid (NMSecretAgent *agent); +gulong nm_secret_agent_get_owner_uid (NMSecretAgent *agent); const char *nm_secret_agent_get_owner_username (NMSecretAgent *agent); @@ -75,6 +75,8 @@ NMSecretAgentCapabilities nm_secret_agent_get_capabilities (NMSecretAgent *agent guint32 nm_secret_agent_get_hash (NMSecretAgent *agent); +NMAuthSubject *nm_secret_agent_get_subject (NMSecretAgent *agent); + void nm_secret_agent_add_permission (NMSecretAgent *agent, const char *permission, gboolean allowed);