settings: convert more hand-rolled polkit to NMAuthChain
This commit is contained in:
Dan Williams
@@ -73,7 +73,7 @@ static guint signals[LAST_SIGNAL] = { 0 };
|
|||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
PolkitAuthority *authority;
|
PolkitAuthority *authority;
|
||||||
GSList *pending_auths; /* List of PendingAuth structs*/
|
GSList *pending_auths; /* List of pending authentication requests */
|
||||||
NMConnection *secrets;
|
NMConnection *secrets;
|
||||||
gboolean visible; /* Is this connection is visible by some session? */
|
gboolean visible; /* Is this connection is visible by some session? */
|
||||||
|
|
||||||
@@ -508,64 +508,44 @@ typedef void (*AuthCallback) (NMSysconfigConnection *connection,
|
|||||||
GError *error,
|
GError *error,
|
||||||
gpointer data);
|
gpointer data);
|
||||||
|
|
||||||
typedef struct {
|
static void
|
||||||
NMSysconfigConnection *self;
|
pk_auth_cb (NMAuthChain *chain,
|
||||||
DBusGMethodInvocation *context;
|
GError *chain_error,
|
||||||
GCancellable *cancellable;
|
DBusGMethodInvocation *context,
|
||||||
gboolean disposed;
|
gpointer user_data)
|
||||||
|
{
|
||||||
|
NMSysconfigConnection *self = NM_SYSCONFIG_CONNECTION (user_data);
|
||||||
|
NMSysconfigConnectionPrivate *priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (self);
|
||||||
|
GError *error = NULL;
|
||||||
|
NMAuthCallResult result;
|
||||||
AuthCallback callback;
|
AuthCallback callback;
|
||||||
gpointer callback_data;
|
gpointer callback_data;
|
||||||
} PendingAuth;
|
|
||||||
|
|
||||||
static void
|
priv->pending_auths = g_slist_remove (priv->pending_auths, chain);
|
||||||
auth_finish (PendingAuth *info, GError *error)
|
|
||||||
{
|
|
||||||
NMSysconfigConnectionPrivate *priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (info->self);
|
|
||||||
priv->pending_auths = g_slist_remove (priv->pending_auths, info);
|
|
||||||
|
|
||||||
info->callback (info->self, info->context, error, info->callback_data);
|
/* If our NMSysconfigConnection is already gone, do nothing */
|
||||||
|
if (chain_error) {
|
||||||
|
error = g_error_new (NM_SETTINGS_ERROR,
|
||||||
|
NM_SETTINGS_ERROR_GENERAL,
|
||||||
|
"Error checking authorization: %s",
|
||||||
|
chain_error->message ? chain_error->message : "(unknown)");
|
||||||
|
} else {
|
||||||
|
result = nm_auth_chain_get_result (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY);
|
||||||
|
|
||||||
g_object_unref (info->cancellable);
|
/* Caller didn't successfully authenticate */
|
||||||
memset (info, 0, sizeof (PendingAuth));
|
if (result != NM_AUTH_CALL_RESULT_YES) {
|
||||||
g_slice_free (PendingAuth, info);
|
error = g_error_new_literal (NM_SETTINGS_ERROR,
|
||||||
}
|
NM_SETTINGS_ERROR_NOT_PRIVILEGED,
|
||||||
|
"Insufficient privileges.");
|
||||||
static void
|
}
|
||||||
auth_pk_cb (GObject *object, GAsyncResult *result, gpointer user_data)
|
|
||||||
{
|
|
||||||
PendingAuth *info = user_data;
|
|
||||||
NMSysconfigConnectionPrivate *priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (info->self);
|
|
||||||
PolkitAuthorizationResult *pk_result = NULL;
|
|
||||||
GError *error = NULL;
|
|
||||||
|
|
||||||
if (info->disposed) {
|
|
||||||
error = g_error_new_literal (NM_SETTINGS_ERROR,
|
|
||||||
NM_SETTINGS_ERROR_GENERAL,
|
|
||||||
"Request was canceled.");
|
|
||||||
goto out;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pk_result = polkit_authority_check_authorization_finish (priv->authority,
|
callback = nm_auth_chain_get_data (chain, "callback");
|
||||||
result,
|
callback_data = nm_auth_chain_get_data (chain, "callback-data");
|
||||||
&error);
|
callback (self, context, error, callback_data);
|
||||||
if (error)
|
|
||||||
goto out;
|
|
||||||
|
|
||||||
if (!polkit_authorization_result_get_is_authorized (pk_result)) {
|
g_clear_error (&error);
|
||||||
error = g_error_new_literal (NM_SETTINGS_ERROR,
|
nm_auth_chain_unref (chain);
|
||||||
NM_SETTINGS_ERROR_NOT_PRIVILEGED,
|
|
||||||
"Insufficient privileges.");
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
out:
|
|
||||||
auth_finish (info, error);
|
|
||||||
|
|
||||||
if (error)
|
|
||||||
g_error_free (error);
|
|
||||||
if (pk_result)
|
|
||||||
g_object_unref (pk_result);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
@@ -576,12 +556,10 @@ auth_start (NMSysconfigConnection *self,
|
|||||||
gpointer callback_data)
|
gpointer callback_data)
|
||||||
{
|
{
|
||||||
NMSysconfigConnectionPrivate *priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (self);
|
NMSysconfigConnectionPrivate *priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (self);
|
||||||
PendingAuth *info;
|
NMAuthChain *chain;
|
||||||
gulong sender_uid = G_MAXULONG;
|
gulong sender_uid = G_MAXULONG;
|
||||||
GError *error = NULL;
|
GError *error = NULL;
|
||||||
char *sender;
|
|
||||||
char *error_desc = NULL;
|
char *error_desc = NULL;
|
||||||
PolkitSubject *subject;
|
|
||||||
|
|
||||||
/* Get the caller's UID */
|
/* Get the caller's UID */
|
||||||
if (!nm_auth_get_caller_uid (context, NULL, &sender_uid, &error_desc)) {
|
if (!nm_auth_get_caller_uid (context, NULL, &sender_uid, &error_desc)) {
|
||||||
@@ -606,35 +584,18 @@ auth_start (NMSysconfigConnection *self,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!check_modify) {
|
if (check_modify) {
|
||||||
|
chain = nm_auth_chain_new (priv->authority, context, NULL, pk_auth_cb, self);
|
||||||
|
g_assert (chain);
|
||||||
|
priv->pending_auths = g_slist_append (priv->pending_auths, chain);
|
||||||
|
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY, TRUE);
|
||||||
|
nm_auth_chain_set_data (chain, "callback", callback, NULL);
|
||||||
|
nm_auth_chain_set_data (chain, "callback-data", callback_data, NULL);
|
||||||
|
} else {
|
||||||
|
/* Don't need polkit auth, automatic success */
|
||||||
callback (self, context, NULL, callback_data);
|
callback (self, context, NULL, callback_data);
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
info = g_slice_new (PendingAuth);
|
|
||||||
info->self = self;
|
|
||||||
info->context = context;
|
|
||||||
info->cancellable = NULL;
|
|
||||||
info->disposed = FALSE;
|
|
||||||
info->callback_data = callback_data;
|
|
||||||
info->cancellable = g_cancellable_new();
|
|
||||||
|
|
||||||
sender = dbus_g_method_get_sender (info->context);
|
|
||||||
subject = polkit_system_bus_name_new (sender);
|
|
||||||
g_free (sender);
|
|
||||||
|
|
||||||
priv->pending_auths = g_slist_prepend (priv->pending_auths, info);
|
|
||||||
|
|
||||||
/* Kick off the PolicyKit request */
|
|
||||||
polkit_authority_check_authorization (priv->authority,
|
|
||||||
subject,
|
|
||||||
NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY,
|
|
||||||
NULL,
|
|
||||||
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
|
|
||||||
info->cancellable,
|
|
||||||
auth_pk_cb,
|
|
||||||
info);
|
|
||||||
g_object_unref (subject);
|
|
||||||
return;
|
return;
|
||||||
|
|
||||||
error:
|
error:
|
||||||
@@ -924,12 +885,8 @@ dispose (GObject *object)
|
|||||||
g_object_unref (priv->secrets);
|
g_object_unref (priv->secrets);
|
||||||
|
|
||||||
/* Cancel PolicyKit requests */
|
/* Cancel PolicyKit requests */
|
||||||
for (iter = priv->pending_auths; iter; iter = g_slist_next (iter)) {
|
for (iter = priv->pending_auths; iter; iter = g_slist_next (iter))
|
||||||
PendingAuth *call = iter->data;
|
nm_auth_chain_unref ((NMAuthChain *) iter->data);
|
||||||
|
|
||||||
call->disposed = TRUE;
|
|
||||||
g_cancellable_cancel (call->cancellable);
|
|
||||||
}
|
|
||||||
g_slist_free (priv->pending_auths);
|
g_slist_free (priv->pending_auths);
|
||||||
priv->pending_auths = NULL;
|
priv->pending_auths = NULL;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user