mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2026-01-03 15:10:14 +01:00
settings: remove groups checking
See "libnm-util: simplify permissions somewhat; remove groups" for more rationale. Might come back later.
This commit is contained in:
Dan Williams
parent
82772191a9
commit
fee318abdb
4 changed files with 1 additions and 86 deletions
|
|
@ -27,7 +27,6 @@ G_DEFINE_TYPE (NMSessionInfo, nm_session_info, G_TYPE_OBJECT);
|
|||
typedef struct {
|
||||
char *id;
|
||||
char *user;
|
||||
GSList *groups;
|
||||
gboolean is_default;
|
||||
} NMSessionInfoPrivate;
|
||||
|
||||
|
|
@ -37,7 +36,6 @@ enum {
|
|||
PROP_0,
|
||||
PROP_ID,
|
||||
PROP_USER,
|
||||
PROP_GROUPS,
|
||||
PROP_IS_DEFAULT
|
||||
};
|
||||
|
||||
|
|
@ -57,14 +55,6 @@ nm_session_info_get_unix_user (NMSessionInfo *self)
|
|||
return NM_SESSION_INFO_GET_PRIVATE (self)->user;
|
||||
}
|
||||
|
||||
GSList *
|
||||
nm_session_info_get_unix_groups (NMSessionInfo *self)
|
||||
{
|
||||
g_return_val_if_fail (NM_IS_SESSION_INFO (self), NULL);
|
||||
|
||||
return NM_SESSION_INFO_GET_PRIVATE (self)->groups;
|
||||
}
|
||||
|
||||
gboolean
|
||||
nm_session_info_is_default_session (NMSessionInfo *self)
|
||||
{
|
||||
|
|
@ -90,10 +80,6 @@ set_property (GObject *object,
|
|||
g_free (priv->user);
|
||||
priv->user = g_value_dup_string (value);
|
||||
break;
|
||||
case PROP_GROUPS:
|
||||
nm_utils_slist_free (priv->groups, g_free);
|
||||
priv->groups = g_value_dup_boxed (value);
|
||||
break;
|
||||
case PROP_IS_DEFAULT:
|
||||
priv->is_default = g_value_get_boolean (value);
|
||||
break;
|
||||
|
|
@ -119,9 +105,6 @@ get_property (GObject *object,
|
|||
case PROP_USER:
|
||||
g_value_set_string (value, priv->user);
|
||||
break;
|
||||
case PROP_GROUPS:
|
||||
g_value_set_boxed (value, priv->groups);
|
||||
break;
|
||||
case PROP_IS_DEFAULT:
|
||||
g_value_set_boolean (value, priv->is_default);
|
||||
break;
|
||||
|
|
@ -151,11 +134,6 @@ dispose (GObject *object)
|
|||
priv->user = NULL;
|
||||
}
|
||||
|
||||
if (priv->groups) {
|
||||
nm_utils_slist_free (priv->groups, g_free);
|
||||
priv->groups = NULL;
|
||||
}
|
||||
|
||||
G_OBJECT_CLASS (nm_session_info_parent_class)->dispose (object);
|
||||
}
|
||||
|
||||
|
|
@ -188,18 +166,6 @@ nm_session_info_class_init (NMSessionInfoClass *info_class) {
|
|||
NULL,
|
||||
G_PARAM_READABLE | G_PARAM_CONSTRUCT_ONLY));
|
||||
|
||||
g_object_class_install_property
|
||||
(g_class, PROP_GROUPS,
|
||||
g_param_spec_boxed (
|
||||
NM_SESSION_INFO_UNIX_GROUPS,
|
||||
"UnixGroups",
|
||||
"List of strings representing the groups that this session's user "
|
||||
"belonged to at login time. This represents our best guess as to "
|
||||
"what groups the session's processes belong to. If this is the "
|
||||
"default session, this is NULL.",
|
||||
DBUS_TYPE_G_LIST_OF_STRING,
|
||||
G_PARAM_READABLE | G_PARAM_CONSTRUCT_ONLY));
|
||||
|
||||
g_object_class_install_property
|
||||
(g_class, PROP_IS_DEFAULT,
|
||||
g_param_spec_boolean (
|
||||
|
|
|
|||
|
|
@ -34,7 +34,6 @@ G_BEGIN_DECLS
|
|||
|
||||
#define NM_SESSION_INFO_ID "session-id"
|
||||
#define NM_SESSION_INFO_UNIX_USER "unix-user"
|
||||
#define NM_SESSION_INFO_UNIX_GROUPS "unix-groups"
|
||||
#define NM_SESSION_INFO_IS_DEFAULT "is-default"
|
||||
|
||||
#define NM_SESSION_INFO_REMOVED "removed"
|
||||
|
|
@ -53,7 +52,6 @@ GType nm_session_info_get_type (void);
|
|||
|
||||
char * nm_session_info_get_id (NMSessionInfo *self);
|
||||
char * nm_session_info_get_unix_user (NMSessionInfo *self);
|
||||
GSList * nm_session_info_get_unix_groups (NMSessionInfo *self);
|
||||
gboolean nm_session_info_is_default_session (NMSessionInfo *self);
|
||||
|
||||
G_END_DECLS
|
||||
|
|
|
|||
|
|
@ -164,13 +164,8 @@ get_unix_user_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data
|
|||
NMSessionManagerPrivate *priv = NM_SESSION_MANAGER_GET_PRIVATE (pending->manager);
|
||||
guint user_id;
|
||||
struct passwd *pw_info = NULL;
|
||||
int ngroups;
|
||||
guint group_ids_size = 0;
|
||||
gid_t *group_ids = NULL;
|
||||
GSList *group_names = NULL;
|
||||
NMSessionInfo *session = NULL;
|
||||
GError *error = NULL;
|
||||
int i;
|
||||
|
||||
if (!dbus_g_proxy_end_call (proxy, call_id, NULL,
|
||||
G_TYPE_UINT, &user_id, G_TYPE_NONE)) {
|
||||
|
|
@ -190,34 +185,9 @@ get_unix_user_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data
|
|||
goto out;
|
||||
}
|
||||
|
||||
// Figure out how many groups the user is in
|
||||
group_ids = g_slice_alloc (0);
|
||||
ngroups = 0;
|
||||
getgrouplist (pw_info->pw_name, pw_info->pw_gid, group_ids, &ngroups);
|
||||
g_slice_free1 (0, group_ids);
|
||||
|
||||
// Get the list of group IDs
|
||||
// FIXME what happens if the group list changes in the window between the
|
||||
// two getgrouplist calls?
|
||||
group_ids_size = ngroups * sizeof (gid_t);
|
||||
group_ids = g_slice_alloc (group_ids_size);
|
||||
if (getgrouplist (pw_info->pw_name, pw_info->pw_gid, group_ids, &ngroups) == -1) {
|
||||
error = g_error_new (NM_SESSION_MANAGER_ERROR,
|
||||
NM_SESSION_MANAGER_ERROR_INFO_GATHERING_FAILED,
|
||||
"session %s: failed to get groups for user %s",
|
||||
pending->session_id, pw_info->pw_name);
|
||||
goto out;
|
||||
}
|
||||
|
||||
for (i = 0; i < ngroups; i++) {
|
||||
struct group *gr_info = getgrgid (group_ids[i]);
|
||||
group_names = g_slist_prepend (group_names, g_strdup (gr_info->gr_name));
|
||||
}
|
||||
|
||||
session = g_object_new (NM_TYPE_SESSION_INFO,
|
||||
NM_SESSION_INFO_ID, pending->session_id,
|
||||
NM_SESSION_INFO_UNIX_USER, pw_info->pw_name,
|
||||
NM_SESSION_INFO_UNIX_GROUPS, group_names,
|
||||
NULL);
|
||||
g_assert (session);
|
||||
|
||||
|
|
@ -225,11 +195,6 @@ get_unix_user_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data
|
|||
g_signal_emit (pending->manager, signals[ADDED], 0, session);
|
||||
|
||||
out:
|
||||
if (group_names)
|
||||
nm_utils_slist_free (group_names, g_free);
|
||||
if (group_ids)
|
||||
g_slice_free1 (group_ids_size, group_ids);
|
||||
|
||||
pending_session_finish (pending, session, error);
|
||||
|
||||
g_clear_error (&error);
|
||||
|
|
|
|||
|
|
@ -87,7 +87,6 @@ session_allowed (NMSysconfigConnection *connection,
|
|||
NMSettingConnection *setting_connection = (NMSettingConnection *) nm_connection_get_setting (NM_CONNECTION (connection), NM_TYPE_SETTING_CONNECTION);
|
||||
GSList *permissions_entries;
|
||||
char *session_user;
|
||||
GSList *session_groups;
|
||||
GSList *p_iter;
|
||||
gboolean allowed = FALSE;
|
||||
|
||||
|
|
@ -106,7 +105,6 @@ session_allowed (NMSysconfigConnection *connection,
|
|||
}
|
||||
|
||||
session_user = nm_session_info_get_unix_user (session);
|
||||
session_groups = nm_session_info_get_unix_groups (session);
|
||||
|
||||
for (p_iter = permissions_entries; p_iter != NULL; p_iter = p_iter->next) {
|
||||
char **p_comps = g_strsplit ((char *)p_iter->data, ":", 3);
|
||||
|
|
@ -118,19 +116,7 @@ session_allowed (NMSysconfigConnection *connection,
|
|||
allowed = TRUE;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
else if (g_str_equal (type, "group")) {
|
||||
GSList *g_iter;
|
||||
|
||||
for (g_iter = session_groups; g_iter != NULL; g_iter = g_iter->next ) {
|
||||
char *group_name = (char *) g_iter->data;
|
||||
if (g_str_equal (group_name, name)) {
|
||||
allowed = TRUE;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
nm_log_err (LOGD_SYS_SET,
|
||||
"connection %s: failed to parse permissions entry '%s'",
|
||||
nm_setting_connection_get_id (setting_connection),
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue