priv->access_list is allocated during object initialization and
only destroyed when the object is destroyed, so it will always
be valid over the lifetime of the object. Thus no need to check
if it exists or not.
The GSList returned by nm_session_manager_get_sessions() must be
freed by the caller. s/connection/self to make it clear what
object is actually being handled here too.
Moves the system settings permissions checking into the core service's
permissions checking, which at the same time enables 3-way permission
reporting (yes, no, auth) instead of the old yes/no that we had for
system settings permissions before. This allows UI to show a lock
icon or such when the user could authenticate to gain the permission.
It also moves the wifi-create permissions' namespace to the main
namespace (not .settings) since they really should be checked before
starting a shared wifi connection, rather than having anything to do
with the settings service.
NMSettingsConnectionInterface was created to allow the daemon and NM
clients to have common code that handled both system and user
connections. It's no longer needed now that user settings services are
gone.
This concludes the flattening of libnm-glib.
The various "update" functions implemented by NMSysconfigConnection have
become confusing. Depending on how you count, we've wound up with about
4 functions that all share the name "update" but nonetheless do
different things. These functions used to be distributed over several
interfaces implemented by NMSysconfigConnection, but now that we've
removed NMExportedConnection and are about to remove
NMSettingsConnectionInterface, they will be all crammed into a single
interface and will be even more confusing than before. It's time to
give better names to these guys.
The renames planned are:
- nm_settings_connection_interface_update() -->
nm_sysconfig_connection_commit_changes()
- nm_sysconfig_connection_update() with signal_update==FALSE -->
nm_sysconfig_connection_replace_settings()
- nm_sysconfig_connection_update() with signal_update==TRUE -->
nm_sysconfig_connection_replace_and_commit()
This commit performs the last two renames. The first will be performed
when removing NMSettingsConnectionInterface.
We also have nm_sysconfig_connection_replace_and_commit() have an
async-ish API that accepts a callback. This fits nicely with the
async-ish API of nm_settings_connection_interface_update(), and it lets
us clean up pk_update_cb() a bit.
NMExportedConnection originally implemented its DBus method call
handlers as virtual functions, primarily so that system and user
settings services could implement them differently.
NMIfupdownConnection also depended on GetSecrets being virtual, so this
was retained when NMExportedConnection was flattened into
NMSysconfigConnection.
However, it turns out that NMIfupdownConnection doesn't really need
these functions to be virtual; it's more appropriate to override the
methods of NMSettingsConnectionInterface (which are used by the DBus
handlers). Indeed, we really don't want settings plugins to override
the DBus handlers, as we must authorize the caller before doing anything
else. So we can save a bunch of code and devirtualize these handlers.
NMSettingsInterface was created to allow code to operate on a settings
service without caring about what kind of settings service it was. Now
that we have just one settings service, this is no longer needed.
More work needs to be done in order to handle errors and permission
settings in an appropriate manner.
In continuation of the theme, the removal of user settings services
means that the distinction between NMSysconfigConnection and
NMExportedConnection is no longer needed. Merge NMExportedConnection
into NMSysconfigConnection.
3rd patch in a series with:
0bbdc6b0fcb135fa3265
With NM 0.8 the system settings service was integrated into NM and
thus nm_connection_clear_secrets() acts directly on the system
settings plugins' NMConnection objects. So when NM cleared secrets
(for example after determining that they might be bad in a device's
stage2 handler), we completely lost the secrets forever.
With this commit, the secrets are now cached and updated whenever
the connection is updated, and thus are again available to send to
NetworkManager when needed.
nm_connection_replace_settings() replaces the connection's settings
but doesn't allow interception of the new settings. Plugins would then
send out the update signal, but secrets are scrubbed out of them to
ensure secrets aren't leaked out into D-Bus signals.
With NM 0.8 the system settings service was integrated into NM and
thus nm_connection_clear_secrets() acts directly on the system
settings plugins' NMConnection objects. So when NM cleared secrets
(for example after determining that they might be bad in a device's
stage2 handler), we completely lost the secrets forever.
Adding this function allows the system settings service to hook into
the connection updates when the plugin connection's backing storage
(like config files or whatever) changes and cache the secrets for
use in NMSettingsConnectionInterface get_secrets() requestes.
It's a singleton, but PolicyKit didn't increment the reference count
when returning from polkit_authority_get() like we expected (which has
since been fixed upstream). So for now, just don't unref the authority
at all.
Since we don't do that, there's a chance that some PolicyKit calls could
be outstanding when either the NMSysconfigSettings object or one of the
NMSysconfigConnection objects are around, so we make sure we cancel any
PolicyKit calls when the object gets disposed. This is tricky, because
canceling them from the dispose may mean that the callback gets called
after the object is actually destroyed, so we have to be careful not to
access any private object data from the callbacks in that situation.
Since the new PolicyKit does away with easy checking of authorizations,
we get to implement it by ourselves, but that's OK since we can actually
use it for a lot more stuff. So add the GetPermissions call which returns
the permissions the caller actually has, and a signal informing callers
that their permissions might have changed. Hook this all up to
PolicyKit so it's useful.
Make NMSettingsService implement most of the NMSettingsInterface
API to make subclasses simpler, and consolidate exporting of
NMExportedConnection subclasses in NMSettingsService instead of
in 3 places. Make NMSysconfigSettings a subclass of
NMSettingsService and save a ton of code.
The old NMExportedConnection was used for both client and server-side classes,
which was a mistake and made the code very complicated to follow. Additionally,
all PolicyKit operations were synchronous, and PK operations can block for a
long time (ie for user input) before returning, so they need to be async. But
NMExportedConnection and NMSysconfigConnection didn't allow for async PK ops
at all.
Use this opportunity to clean up the mess and create GInterfaces that both
server and client objects implement, so that the connection editor and applet
can operate on generic objects like they did before (using the interfaces) but
can perform specific operations (like async PK verification of callers) depending
on whether they are local or remote or whatever.
The only thing that doesn't work yet is the system-settings service's
"auto eth" connections for ethernet devices that don't have an existing
connection. Might also have issues with unmanaged devices that can't
provide a MAC address until they are brought up, but we'll see.
2009-06-11 00:39:12 -04:00
Renamed from system-settings/src/nm-sysconfig-connection.c (Browse further)
