fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-05-08 03:08:08 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

agents: use NMAuthSubject

Browse source
This commit is contained in:
Dan Williams 2013-07-29 10:40:11 -05:00
parent 7fe84e0ec7
commit e39435a596
3 changed files with 59 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
src/settings/nm-agent-manager.c
View file

@ -206,6 +206,8 @@ agent_register_permissions_done (NMAuthChain *chain,
GHashTableIter iter; GHashTableIter iter;
Request *req; Request *req;
g_assert (context);
priv->chains = g_slist_remove (priv->chains, chain); priv->chains = g_slist_remove (priv->chains, chain);
if (error) { if (error) {
@ -270,23 +272,20 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self,
DBusGMethodInvocation *context) DBusGMethodInvocation *context)
{ {
NMAgentManagerPrivate *priv = NM_AGENT_MANAGER_GET_PRIVATE (self); NMAgentManagerPrivate *priv = NM_AGENT_MANAGER_GET_PRIVATE (self);
char *sender = NULL; NMAuthSubject *subject;
gulong sender_uid = G_MAXULONG; gulong sender_uid = G_MAXULONG;
GError *error = NULL, *local = NULL; GError *error = NULL, *local = NULL;
NMSecretAgent *agent; NMSecretAgent *agent;
NMAuthChain *chain; NMAuthChain *chain;
const char *error_desc = NULL;
if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr, subject = nm_auth_subject_new_from_context (context);
context, if (!subject) {
&sender,
&sender_uid,
NULL)) {
error = g_error_new_literal (NM_AGENT_MANAGER_ERROR, error = g_error_new_literal (NM_AGENT_MANAGER_ERROR,
NM_AGENT_MANAGER_ERROR_SENDER_UNKNOWN, NM_AGENT_MANAGER_ERROR_SENDER_UNKNOWN,
"Unable to determine request sender and UID."); "Unable to determine request sender and UID.");
goto done; goto done;
} }
sender_uid = nm_auth_subject_get_uid (subject);
if ( 0 != sender_uid if ( 0 != sender_uid
&& !nm_session_monitor_uid_has_session (priv->session_monitor, && !nm_session_monitor_uid_has_session (priv->session_monitor,
@ -312,7 +311,7 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self,
} }
/* Success, add the new agent */ /* Success, add the new agent */
agent = nm_secret_agent_new (context, sender, identifier, sender_uid, capabilities); agent = nm_secret_agent_new (context, subject, identifier, capabilities);
if (!agent) { if (!agent) {
error = g_error_new_literal (NM_AGENT_MANAGER_ERROR, error = g_error_new_literal (NM_AGENT_MANAGER_ERROR,
NM_AGENT_MANAGER_ERROR_INTERNAL_ERROR, NM_AGENT_MANAGER_ERROR_INTERNAL_ERROR,
@ -324,7 +323,7 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self,
nm_secret_agent_get_description (agent)); nm_secret_agent_get_description (agent));
/* Kick off permissions requests for this agent */ /* Kick off permissions requests for this agent */
chain = nm_auth_chain_new (context, agent_register_permissions_done, self, &error_desc); chain = nm_auth_chain_new_subject (subject, context, agent_register_permissions_done, self);
if (chain) { if (chain) {
nm_auth_chain_set_data (chain, "agent", agent, g_object_unref); nm_auth_chain_set_data (chain, "agent", agent, g_object_unref);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED, FALSE); nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED, FALSE);
@ -334,7 +333,7 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self,
} else { } else {
error = g_error_new_literal (NM_AGENT_MANAGER_ERROR, error = g_error_new_literal (NM_AGENT_MANAGER_ERROR,
NM_AGENT_MANAGER_ERROR_SENDER_UNKNOWN, NM_AGENT_MANAGER_ERROR_SENDER_UNKNOWN,
error_desc); "Unable to start agent authentication.");
} }
done: done:
@ -342,7 +341,7 @@ done:
dbus_g_method_return_error (context, error); dbus_g_method_return_error (context, error);
g_clear_error (&error); g_clear_error (&error);
g_clear_error (&local); g_clear_error (&local);
g_free (sender); g_clear_object (&subject);
} }
static void static void
@ -1018,10 +1017,10 @@ get_next_cb (Request *parent)
nm_log_dbg (LOGD_AGENTS, "(%p/%s/%s) request has system secrets; checking agent %s for MODIFY", nm_log_dbg (LOGD_AGENTS, "(%p/%s/%s) request has system secrets; checking agent %s for MODIFY",
req, parent->detail, req->setting_name, agent_dbus_owner); req, parent->detail, req->setting_name, agent_dbus_owner);
req->chain = nm_auth_chain_new_dbus_sender (agent_dbus_owner, req->chain = nm_auth_chain_new_subject (nm_secret_agent_get_subject (parent->current),
nm_secret_agent_get_owner_uid (parent->current), NULL,
get_agent_modify_auth_cb, get_agent_modify_auth_cb,
req); req);
g_assert (req->chain); g_assert (req->chain);
/* If the caller is the only user in the connection's permissions, then /* If the caller is the only user in the connection's permissions, then
@ -1504,10 +1503,10 @@ authority_changed_cb (gpointer user_data)
NMAuthChain *chain; NMAuthChain *chain;
/* Kick off permissions requests for this agent */ /* Kick off permissions requests for this agent */
chain = nm_auth_chain_new_dbus_sender (nm_secret_agent_get_dbus_owner (agent), chain = nm_auth_chain_new_subject (nm_secret_agent_get_subject (agent),
nm_secret_agent_get_owner_uid (agent), NULL,
agent_permissions_changed_done, agent_permissions_changed_done,
self); self);
g_assert (chain); g_assert (chain);
priv->chains = g_slist_append (priv->chains, chain); priv->chains = g_slist_append (priv->chains, chain);

67
src/settings/nm-secret-agent.c
View file

@ -31,6 +31,7 @@
#include "nm-secret-agent.h" #include "nm-secret-agent.h"
#include "nm-dbus-manager.h" #include "nm-dbus-manager.h"
#include "nm-dbus-glib-types.h" #include "nm-dbus-glib-types.h"
#include "nm-glib-compat.h"
#include "nm-logging.h" #include "nm-logging.h"
G_DEFINE_TYPE (NMSecretAgent, nm_secret_agent, G_TYPE_OBJECT) G_DEFINE_TYPE (NMSecretAgent, nm_secret_agent, G_TYPE_OBJECT)
@ -40,12 +41,9 @@ G_DEFINE_TYPE (NMSecretAgent, nm_secret_agent, G_TYPE_OBJECT)
NMSecretAgentPrivate)) NMSecretAgentPrivate))
typedef struct { typedef struct {
gboolean disposed;
char *description; char *description;
char *owner; NMAuthSubject *subject;
char *identifier; char *identifier;
uid_t owner_uid;
char *owner_username; char *owner_username;
NMSecretAgentCapabilities capabilities; NMSecretAgentCapabilities capabilities;
guint32 hash; guint32 hash;
@ -106,10 +104,10 @@ nm_secret_agent_get_description (NMSecretAgent *agent)
priv = NM_SECRET_AGENT_GET_PRIVATE (agent); priv = NM_SECRET_AGENT_GET_PRIVATE (agent);
if (!priv->description) { if (!priv->description) {
priv->description = g_strdup_printf ("%s/%s/%u", priv->description = g_strdup_printf ("%s/%s/%lu",
priv->owner, nm_auth_subject_get_dbus_sender (priv->subject),
priv->identifier, priv->identifier,
priv->owner_uid); nm_auth_subject_get_uid (priv->subject));
} }
return priv->description; return priv->description;
@ -120,7 +118,7 @@ nm_secret_agent_get_dbus_owner (NMSecretAgent *agent)
{ {
g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NULL); g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NULL);
return NM_SECRET_AGENT_GET_PRIVATE (agent)->owner; return nm_auth_subject_get_dbus_sender (NM_SECRET_AGENT_GET_PRIVATE (agent)->subject);
} }
const char * const char *
@ -131,16 +129,16 @@ nm_secret_agent_get_identifier (NMSecretAgent *agent)
return NM_SECRET_AGENT_GET_PRIVATE (agent)->identifier; return NM_SECRET_AGENT_GET_PRIVATE (agent)->identifier;
} }
uid_t gulong
nm_secret_agent_get_owner_uid (NMSecretAgent *agent) nm_secret_agent_get_owner_uid (NMSecretAgent *agent)
{ {
g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), G_MAXUINT); g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), G_MAXULONG);
return NM_SECRET_AGENT_GET_PRIVATE (agent)->owner_uid; return nm_auth_subject_get_uid (NM_SECRET_AGENT_GET_PRIVATE (agent)->subject);
} }
const char * const char *
nm_secret_agent_get_owner_username(NMSecretAgent *agent) nm_secret_agent_get_owner_username (NMSecretAgent *agent)
{ {
g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NULL); g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NULL);
@ -156,13 +154,21 @@ nm_secret_agent_get_capabilities (NMSecretAgent *agent)
} }
guint32 guint32
nm_secret_agent_get_hash (NMSecretAgent *agent) nm_secret_agent_get_hash (NMSecretAgent *agent)
{ {
g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), 0); g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), 0);
return NM_SECRET_AGENT_GET_PRIVATE (agent)->hash; return NM_SECRET_AGENT_GET_PRIVATE (agent)->hash;
} }
NMAuthSubject *
nm_secret_agent_get_subject (NMSecretAgent *agent)
{
g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NULL);
return NM_SECRET_AGENT_GET_PRIVATE (agent)->subject;
}
/** /**
* nm_secret_agent_add_permission: * nm_secret_agent_add_permission:
* @agent: A #NMSecretAgent. * @agent: A #NMSecretAgent.
@ -443,9 +449,8 @@ proxy_cleanup (NMSecretAgent *self)
NMSecretAgent * NMSecretAgent *
nm_secret_agent_new (DBusGMethodInvocation *context, nm_secret_agent_new (DBusGMethodInvocation *context,
const char *owner, NMAuthSubject *subject,
const char *identifier, const char *identifier,
uid_t owner_uid,
NMSecretAgentCapabilities capabilities) NMSecretAgentCapabilities capabilities)
{ {
NMSecretAgent *self; NMSecretAgent *self;
@ -453,10 +458,11 @@ nm_secret_agent_new (DBusGMethodInvocation *context,
char *hash_str, *username; char *hash_str, *username;
struct passwd *pw; struct passwd *pw;
g_return_val_if_fail (owner != NULL, NULL); g_return_val_if_fail (context != NULL, NULL);
g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), NULL);
g_return_val_if_fail (identifier != NULL, NULL); g_return_val_if_fail (identifier != NULL, NULL);
pw = getpwuid (owner_uid); pw = getpwuid (nm_auth_subject_get_uid (subject));
g_return_val_if_fail (pw != NULL, NULL); g_return_val_if_fail (pw != NULL, NULL);
g_return_val_if_fail (pw->pw_name[0] != '\0', NULL); g_return_val_if_fail (pw->pw_name[0] != '\0', NULL);
username = g_strdup (pw->pw_name); username = g_strdup (pw->pw_name);
@ -464,19 +470,18 @@ nm_secret_agent_new (DBusGMethodInvocation *context,
self = (NMSecretAgent *) g_object_new (NM_TYPE_SECRET_AGENT, NULL); self = (NMSecretAgent *) g_object_new (NM_TYPE_SECRET_AGENT, NULL);
priv = NM_SECRET_AGENT_GET_PRIVATE (self); priv = NM_SECRET_AGENT_GET_PRIVATE (self);
priv->owner = g_strdup (owner);
priv->identifier = g_strdup (identifier); priv->identifier = g_strdup (identifier);
priv->owner_uid = owner_uid;
priv->owner_username = g_strdup (username); priv->owner_username = g_strdup (username);
priv->capabilities = capabilities; priv->capabilities = capabilities;
priv->subject = g_object_ref (subject);
hash_str = g_strdup_printf ("%08u%s", owner_uid, identifier); hash_str = g_strdup_printf ("%16lu%s", nm_auth_subject_get_uid (subject), identifier);
priv->hash = g_str_hash (hash_str); priv->hash = g_str_hash (hash_str);
g_free (hash_str); g_free (hash_str);
priv->proxy = nm_dbus_manager_new_proxy (nm_dbus_manager_get (), priv->proxy = nm_dbus_manager_new_proxy (nm_dbus_manager_get (),
context, context,
owner, nm_auth_subject_get_dbus_sender (subject),
NM_DBUS_PATH_SECRET_AGENT, NM_DBUS_PATH_SECRET_AGENT,
NM_DBUS_INTERFACE_SECRET_AGENT); NM_DBUS_INTERFACE_SECRET_AGENT);
g_assert (priv->proxy); g_assert (priv->proxy);
@ -501,21 +506,21 @@ dispose (GObject *object)
{ {
NMSecretAgentPrivate *priv = NM_SECRET_AGENT_GET_PRIVATE (object); NMSecretAgentPrivate *priv = NM_SECRET_AGENT_GET_PRIVATE (object);
if (!priv->disposed) { g_clear_pointer (&priv->description, g_free);
priv->disposed = TRUE; g_clear_pointer (&priv->identifier, g_free);
g_clear_pointer (&priv->owner_username, g_free);
g_free (priv->description); g_slist_free_full (priv->permissions, g_free);
g_free (priv->owner); priv->permissions = NULL;
g_free (priv->identifier);
g_free (priv->owner_username);
g_slist_free_full (priv->permissions, g_free);
if (priv->requests) {
g_hash_table_destroy (priv->requests); g_hash_table_destroy (priv->requests);
priv->requests = NULL;
proxy_cleanup (NM_SECRET_AGENT (object));
} }
proxy_cleanup (NM_SECRET_AGENT (object));
g_clear_object (&priv->subject);
G_OBJECT_CLASS (nm_secret_agent_parent_class)->dispose (object); G_OBJECT_CLASS (nm_secret_agent_parent_class)->dispose (object);
} }

8
src/settings/nm-secret-agent.h
View file

@ -29,6 +29,7 @@
#include <nm-connection.h> #include <nm-connection.h>
#include "nm-dbus-manager.h" #include "nm-dbus-manager.h"
#include "nm-settings-flags.h" #include "nm-settings-flags.h"
#include "nm-auth-subject.h"
/* NOTE: ensure these capabilities match those in introspection/nm-secret-agent.xml and /* NOTE: ensure these capabilities match those in introspection/nm-secret-agent.xml and
* libnm-glib/nm-secret-agent.h. * libnm-glib/nm-secret-agent.h.
@ -56,9 +57,8 @@ typedef struct {
GType nm_secret_agent_get_type (void); GType nm_secret_agent_get_type (void);
NMSecretAgent *nm_secret_agent_new (DBusGMethodInvocation *context, NMSecretAgent *nm_secret_agent_new (DBusGMethodInvocation *context,
const char *owner, NMAuthSubject *subject,
const char *identifier, const char *identifier,
uid_t owner_uid,
NMSecretAgentCapabilities capabilities); NMSecretAgentCapabilities capabilities);
const char *nm_secret_agent_get_description (NMSecretAgent *agent); const char *nm_secret_agent_get_description (NMSecretAgent *agent);
@ -67,7 +67,7 @@ const char *nm_secret_agent_get_dbus_owner (NMSecretAgent *agent);
const char *nm_secret_agent_get_identifier (NMSecretAgent *agent); const char *nm_secret_agent_get_identifier (NMSecretAgent *agent);
uid_t nm_secret_agent_get_owner_uid (NMSecretAgent *agent); gulong nm_secret_agent_get_owner_uid (NMSecretAgent *agent);
const char *nm_secret_agent_get_owner_username (NMSecretAgent *agent); const char *nm_secret_agent_get_owner_username (NMSecretAgent *agent);
@ -75,6 +75,8 @@ NMSecretAgentCapabilities nm_secret_agent_get_capabilities (NMSecretAgent *agent
guint32 nm_secret_agent_get_hash (NMSecretAgent *agent); guint32 nm_secret_agent_get_hash (NMSecretAgent *agent);
NMAuthSubject *nm_secret_agent_get_subject (NMSecretAgent *agent);
void nm_secret_agent_add_permission (NMSecretAgent *agent, void nm_secret_agent_add_permission (NMSecretAgent *agent,
const char *permission, const char *permission,
gboolean allowed); gboolean allowed);