colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

core: pass NMAuthSubject around activation paths instead of uid + dbus sender

Browse Source
This commit is contained in:
Dan Williams
2013-07-29 13:11:47 -05:00
parent bcef423174
commit 0e595abcf3
9 changed files with 88 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
src/nm-activation-request.c
View File

@@ -52,7 +52,6 @@ typedef struct {
typedef struct { typedef struct {
guint device_state_id; guint device_state_id;
char *dbus_sender;
GSList *secrets_calls; GSList *secrets_calls;
gboolean shared; gboolean shared;
GSList *share_rules; GSList *share_rules;
@@ -68,14 +67,6 @@ nm_act_request_get_connection (NMActRequest *req)
return nm_active_connection_get_connection (NM_ACTIVE_CONNECTION (req)); return nm_active_connection_get_connection (NM_ACTIVE_CONNECTION (req));
} }
const char *
nm_act_request_get_dbus_sender (NMActRequest *req)
{
g_return_val_if_fail (NM_IS_ACT_REQUEST (req), NULL);
return NM_ACT_REQUEST_GET_PRIVATE (req)->dbus_sender;
}
/*******************************************************************/ /*******************************************************************/
typedef struct { typedef struct {
@@ -351,11 +342,7 @@ device_state_changed (NMDevice *device, GParamSpec *pspec, NMActRequest *self)
* @connection: the connection to activate @device with * @connection: the connection to activate @device with
* @specific_object: the object path of the specific object (ie, WiFi access point, * @specific_object: the object path of the specific object (ie, WiFi access point,
* etc) that will be used to activate @connection and @device * etc) that will be used to activate @connection and @device
* @user_requested: pass %TRUE if the activation was requested via D-Bus, * @subject: the #NMAuthSubject representing the requestor of the activation
* otherwise %FALSE if requested internally by NM (ie, autoconnect)
* @user_uid: if @user_requested is %TRUE, the Unix UID of the user that requested
* @dbus_sender: if @user_requested is %TRUE, the D-BUS sender that requested
* the activation
* @device: the device/interface to configure according to @connection * @device: the device/interface to configure according to @connection
* @master: if the activation depends on another device (ie, bond or bridge * @master: if the activation depends on another device (ie, bond or bridge
* or team master to which this device will be enslaved) pass the #NMDevice * or team master to which this device will be enslaved) pass the #NMDevice
@@ -368,29 +355,21 @@ device_state_changed (NMDevice *device, GParamSpec *pspec, NMActRequest *self)
NMActRequest * NMActRequest *
nm_act_request_new (NMConnection *connection, nm_act_request_new (NMConnection *connection,
const char *specific_object, const char *specific_object,
gboolean user_requested, NMAuthSubject *subject,
gulong user_uid,
const char *dbus_sender,
NMDevice *device, NMDevice *device,
NMDevice *master) NMDevice *master)
{ {
GObject *object;
g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL); g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL);
g_return_val_if_fail (NM_IS_DEVICE (device), NULL); g_return_val_if_fail (NM_IS_DEVICE (device), NULL);
g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), NULL);
object = g_object_new (NM_TYPE_ACT_REQUEST, return (NMActRequest *) g_object_new (NM_TYPE_ACT_REQUEST,
NM_ACTIVE_CONNECTION_INT_CONNECTION, connection, NM_ACTIVE_CONNECTION_INT_CONNECTION, connection,
NM_ACTIVE_CONNECTION_INT_DEVICE, device, NM_ACTIVE_CONNECTION_INT_DEVICE, device,
NM_ACTIVE_CONNECTION_SPECIFIC_OBJECT, specific_object, NM_ACTIVE_CONNECTION_SPECIFIC_OBJECT, specific_object,
NM_ACTIVE_CONNECTION_INT_USER_REQUESTED, user_requested, NM_ACTIVE_CONNECTION_INT_SUBJECT, subject,
NM_ACTIVE_CONNECTION_INT_USER_UID, user_uid, NM_ACTIVE_CONNECTION_INT_MASTER, master,
NM_ACTIVE_CONNECTION_INT_MASTER, master, NULL);
NULL);
if (object)
NM_ACT_REQUEST_GET_PRIVATE (object)->dbus_sender = g_strdup (dbus_sender);
return (NMActRequest *) object;
} }
static void static void
@@ -445,9 +424,6 @@ dispose (GObject *object)
g_slist_free (priv->secrets_calls); g_slist_free (priv->secrets_calls);
priv->secrets_calls = NULL; priv->secrets_calls = NULL;
g_free (priv->dbus_sender);
priv->dbus_sender = NULL;
G_OBJECT_CLASS (nm_act_request_parent_class)->dispose (object); G_OBJECT_CLASS (nm_act_request_parent_class)->dispose (object);
} }

8
src/nm-activation-request.h
View File

@@ -48,18 +48,12 @@ GType nm_act_request_get_type (void);
NMActRequest *nm_act_request_new (NMConnection *connection, NMActRequest *nm_act_request_new (NMConnection *connection,
const char *specific_object, const char *specific_object,
gboolean user_requested, NMAuthSubject *subject,
gulong user_uid,
const char *dbus_sender,
NMDevice *device, NMDevice *device,
NMDevice *master); NMDevice *master);
NMConnection *nm_act_request_get_connection (NMActRequest *req); NMConnection *nm_act_request_get_connection (NMActRequest *req);
gulong nm_act_request_get_user_uid (NMActRequest *req);
const char *nm_act_request_get_dbus_sender (NMActRequest *req);
gboolean nm_act_request_get_shared (NMActRequest *req); gboolean nm_act_request_get_shared (NMActRequest *req);
void nm_act_request_set_shared (NMActRequest *req, gboolean shared); void nm_act_request_set_shared (NMActRequest *req, gboolean shared);

61
src/nm-active-connection.c
View File

@@ -48,8 +48,7 @@ typedef struct {
NMActiveConnectionState state; NMActiveConnectionState state;
gboolean vpn; gboolean vpn;
gboolean user_requested; NMAuthSubject *subject;
gulong user_uid;
NMDevice *master; NMDevice *master;
} NMActiveConnectionPrivate; } NMActiveConnectionPrivate;
@@ -67,8 +66,7 @@ enum {
PROP_INT_CONNECTION, PROP_INT_CONNECTION,
PROP_INT_DEVICE, PROP_INT_DEVICE,
PROP_INT_USER_REQUESTED, PROP_INT_SUBJECT,
PROP_INT_USER_UID,
PROP_INT_MASTER, PROP_INT_MASTER,
LAST_PROP LAST_PROP
@@ -216,20 +214,31 @@ nm_active_connection_export (NMActiveConnection *self)
nm_dbus_manager_register_object (nm_dbus_manager_get (), priv->path, self); nm_dbus_manager_register_object (nm_dbus_manager_get (), priv->path, self);
} }
NMAuthSubject *
nm_active_connection_get_subject (NMActiveConnection *self)
{
g_return_val_if_fail (NM_IS_ACTIVE_CONNECTION (self), NULL);
return NM_ACTIVE_CONNECTION_GET_PRIVATE (self)->subject;
}
gboolean gboolean
nm_active_connection_get_user_requested (NMActiveConnection *self) nm_active_connection_get_user_requested (NMActiveConnection *self)
{ {
g_return_val_if_fail (NM_IS_ACTIVE_CONNECTION (self), FALSE); g_return_val_if_fail (NM_IS_ACTIVE_CONNECTION (self), FALSE);
return NM_ACTIVE_CONNECTION_GET_PRIVATE (self)->user_requested; return !nm_auth_subject_get_internal (NM_ACTIVE_CONNECTION_GET_PRIVATE (self)->subject);
} }
gulong gulong
nm_active_connection_get_user_uid (NMActiveConnection *self) nm_active_connection_get_user_uid (NMActiveConnection *self)
{ {
g_return_val_if_fail (NM_IS_ACTIVE_CONNECTION (self), G_MAXULONG); NMActiveConnectionPrivate *priv;
return NM_ACTIVE_CONNECTION_GET_PRIVATE (self)->user_uid; g_return_val_if_fail (NM_IS_ACTIVE_CONNECTION (self), G_MAXULONG);
priv = NM_ACTIVE_CONNECTION_GET_PRIVATE (self);
return nm_auth_subject_get_uid (priv->subject);
} }
NMDevice * NMDevice *
@@ -255,6 +264,13 @@ nm_active_connection_init (NMActiveConnection *self)
{ {
} }
static void
constructed (GObject *object)
{
G_OBJECT_CLASS (nm_active_connection_parent_class)->constructed (object);
g_assert (NM_ACTIVE_CONNECTION_GET_PRIVATE (object)->subject);
}
static void static void
set_property (GObject *object, guint prop_id, set_property (GObject *object, guint prop_id,
const GValue *value, GParamSpec *pspec) const GValue *value, GParamSpec *pspec)
@@ -273,11 +289,8 @@ set_property (GObject *object, guint prop_id,
if (priv->device) if (priv->device)
g_warn_if_fail (priv->device != priv->master); g_warn_if_fail (priv->device != priv->master);
break; break;
case PROP_INT_USER_REQUESTED: case PROP_INT_SUBJECT:
priv->user_requested = g_value_get_boolean (value); priv->subject = g_value_dup_object (value);
break;
case PROP_INT_USER_UID:
priv->user_uid = g_value_get_ulong (value);
break; break;
case PROP_INT_MASTER: case PROP_INT_MASTER:
g_warn_if_fail (priv->master == NULL); g_warn_if_fail (priv->master == NULL);
@@ -346,6 +359,9 @@ get_property (GObject *object, guint prop_id,
case PROP_MASTER: case PROP_MASTER:
g_value_set_boxed (value, priv->master ? nm_device_get_path (priv->master) : "/"); g_value_set_boxed (value, priv->master ? nm_device_get_path (priv->master) : "/");
break; break;
case PROP_INT_SUBJECT:
g_value_set_object (value, priv->subject);
break;
default: default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break; break;
@@ -365,6 +381,7 @@ dispose (GObject *object)
g_clear_object (&priv->connection); g_clear_object (&priv->connection);
g_clear_object (&priv->device); g_clear_object (&priv->device);
g_clear_object (&priv->master); g_clear_object (&priv->master);
g_clear_object (&priv->subject);
G_OBJECT_CLASS (nm_active_connection_parent_class)->dispose (object); G_OBJECT_CLASS (nm_active_connection_parent_class)->dispose (object);
} }
@@ -379,6 +396,7 @@ nm_active_connection_class_init (NMActiveConnectionClass *ac_class)
/* virtual methods */ /* virtual methods */
object_class->get_property = get_property; object_class->get_property = get_property;
object_class->set_property = set_property; object_class->set_property = set_property;
object_class->constructed = constructed;
object_class->dispose = dispose; object_class->dispose = dispose;
/* D-Bus exported properties */ /* D-Bus exported properties */
@@ -462,19 +480,12 @@ nm_active_connection_class_init (NMActiveConnectionClass *ac_class)
NM_TYPE_DEVICE, NM_TYPE_DEVICE,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property (object_class, PROP_INT_USER_REQUESTED, g_object_class_install_property (object_class, PROP_INT_SUBJECT,
g_param_spec_boolean (NM_ACTIVE_CONNECTION_INT_USER_REQUESTED, g_param_spec_object (NM_ACTIVE_CONNECTION_INT_SUBJECT,
"User requested", "Subject",
"User requested", "Subject",
FALSE, NM_TYPE_AUTH_SUBJECT,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property (object_class, PROP_INT_USER_UID,
g_param_spec_ulong (NM_ACTIVE_CONNECTION_INT_USER_UID,
"User UID",
"User UID (if user requested)",
0, G_MAXULONG, 0,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property (object_class, PROP_INT_MASTER, g_object_class_install_property (object_class, PROP_INT_MASTER,
g_param_spec_object (NM_ACTIVE_CONNECTION_INT_MASTER, g_param_spec_object (NM_ACTIVE_CONNECTION_INT_MASTER,

6
src/nm-active-connection.h
View File

@@ -24,6 +24,7 @@
#include <glib-object.h> #include <glib-object.h>
#include "nm-types.h" #include "nm-types.h"
#include "nm-connection.h" #include "nm-connection.h"
#include "nm-auth-subject.h"
#define NM_TYPE_ACTIVE_CONNECTION (nm_active_connection_get_type ()) #define NM_TYPE_ACTIVE_CONNECTION (nm_active_connection_get_type ())
#define NM_ACTIVE_CONNECTION(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_ACTIVE_CONNECTION, NMActiveConnection)) #define NM_ACTIVE_CONNECTION(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_ACTIVE_CONNECTION, NMActiveConnection))
@@ -46,8 +47,7 @@
/* Internal non-exported construct-time properties */ /* Internal non-exported construct-time properties */
#define NM_ACTIVE_CONNECTION_INT_CONNECTION "int-connection" #define NM_ACTIVE_CONNECTION_INT_CONNECTION "int-connection"
#define NM_ACTIVE_CONNECTION_INT_DEVICE "int-device" #define NM_ACTIVE_CONNECTION_INT_DEVICE "int-device"
#define NM_ACTIVE_CONNECTION_INT_USER_REQUESTED "int-user-requested" #define NM_ACTIVE_CONNECTION_INT_SUBJECT "int-subject"
#define NM_ACTIVE_CONNECTION_INT_USER_UID "int-user-uid"
#define NM_ACTIVE_CONNECTION_INT_MASTER "int-master" #define NM_ACTIVE_CONNECTION_INT_MASTER "int-master"
@@ -91,6 +91,8 @@ void nm_active_connection_set_state (NMActiveConnection *self,
NMDevice * nm_active_connection_get_device (NMActiveConnection *self); NMDevice * nm_active_connection_get_device (NMActiveConnection *self);
NMAuthSubject *nm_active_connection_get_subject (NMActiveConnection *self);
gboolean nm_active_connection_get_user_requested (NMActiveConnection *self); gboolean nm_active_connection_get_user_requested (NMActiveConnection *self);
gulong nm_active_connection_get_user_uid (NMActiveConnection *self); gulong nm_active_connection_get_user_uid (NMActiveConnection *self);

71
src/nm-manager.c
View File

@@ -160,9 +160,7 @@ static NMActiveConnection *internal_activate_device (NMManager *manager,
NMDevice *device, NMDevice *device,
NMConnection *connection, NMConnection *connection,
const char *specific_object, const char *specific_object,
gboolean user_requested, NMAuthSubject *subject,
gulong sender_uid,
const char *dbus_sender,
gboolean assumed, gboolean assumed,
NMActiveConnection *master, NMActiveConnection *master,
GError **error); GError **error);
@@ -2049,12 +2047,14 @@ add_device (NMManager *self, NMDevice *device)
/* If the device has a connection it can assume, do that now */ /* If the device has a connection it can assume, do that now */
if (connection && nm_device_can_activate (device, connection)) { if (connection && nm_device_can_activate (device, connection)) {
NMActiveConnection *ac; NMActiveConnection *ac;
NMAuthSubject *subject;
GError *error = NULL; GError *error = NULL;
nm_log_dbg (LOGD_DEVICE, "(%s): will attempt to assume connection", nm_log_dbg (LOGD_DEVICE, "(%s): will attempt to assume connection",
nm_device_get_iface (device)); nm_device_get_iface (device));
ac = internal_activate_device (self, device, connection, NULL, FALSE, 0, NULL, TRUE, NULL, &error); subject = nm_auth_subject_new_internal ();
ac = internal_activate_device (self, device, connection, NULL, subject, TRUE, NULL, &error);
if (ac) if (ac)
active_connection_add (self, ac); active_connection_add (self, ac);
else { else {
@@ -2064,6 +2064,7 @@ add_device (NMManager *self, NMDevice *device)
error && error->message ? error->message : "(unknown)"); error && error->message ? error->message : "(unknown)");
g_error_free (error); g_error_free (error);
} }
g_object_unref (subject);
} }
} }
@@ -2526,9 +2527,7 @@ internal_activate_device (NMManager *manager,
NMDevice *device, NMDevice *device,
NMConnection *connection, NMConnection *connection,
const char *specific_object, const char *specific_object,
gboolean user_requested, NMAuthSubject *subject,
gulong sender_uid,
const char *dbus_sender,
gboolean assumed, gboolean assumed,
NMActiveConnection *master, NMActiveConnection *master,
GError **error) GError **error)
@@ -2539,6 +2538,7 @@ internal_activate_device (NMManager *manager,
g_return_val_if_fail (NM_IS_MANAGER (manager), NULL); g_return_val_if_fail (NM_IS_MANAGER (manager), NULL);
g_return_val_if_fail (NM_IS_DEVICE (device), NULL); g_return_val_if_fail (NM_IS_DEVICE (device), NULL);
g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL); g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL);
g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), NULL);
/* Ensure the requested connection is compatible with the device */ /* Ensure the requested connection is compatible with the device */
if (!nm_device_check_connection_compatible (device, connection, error)) if (!nm_device_check_connection_compatible (device, connection, error))
@@ -2558,9 +2558,7 @@ internal_activate_device (NMManager *manager,
req = nm_act_request_new (connection, req = nm_act_request_new (connection,
specific_object, specific_object,
user_requested, subject,
sender_uid,
dbus_sender,
device, device,
master_device); master_device);
g_assert (req); g_assert (req);
@@ -2681,9 +2679,7 @@ is_compatible_with_slave (NMConnection *master, NMConnection *slave)
* ensure_master_active_connection: * ensure_master_active_connection:
* *
* @self: the #NMManager * @self: the #NMManager
* @dbus_sender: if the request was initiated by a user via D-Bus, the * @subject: the #NMAuthSubject representing the requestor of this activation
* dbus sender name of the client that requested the activation; for auto
* activated connections use %NULL
* @connection: the connection that should depend on @master_connection * @connection: the connection that should depend on @master_connection
* @device: the #NMDevice, if any, which will activate @connection * @device: the #NMDevice, if any, which will activate @connection
* @master_connection: the master connection * @master_connection: the master connection
@@ -2698,7 +2694,7 @@ is_compatible_with_slave (NMConnection *master, NMConnection *slave)
*/ */
static NMActiveConnection * static NMActiveConnection *
ensure_master_active_connection (NMManager *self, ensure_master_active_connection (NMManager *self,
const char *dbus_sender, NMAuthSubject *subject,
NMConnection *connection, NMConnection *connection,
NMDevice *device, NMDevice *device,
NMConnection *master_connection, NMConnection *master_connection,
@@ -2754,7 +2750,7 @@ ensure_master_active_connection (NMManager *self,
candidate, candidate,
NULL, NULL,
master_device, master_device,
dbus_sender, subject,
error); error);
if (!master_ac) if (!master_ac)
g_prefix_error (error, "%s", "Master device activation failed: "); g_prefix_error (error, "%s", "Master device activation failed: ");
@@ -2802,7 +2798,7 @@ ensure_master_active_connection (NMManager *self,
master_connection, master_connection,
NULL, NULL,
candidate, candidate,
dbus_sender, subject,
error); error);
if (!master_ac) if (!master_ac)
g_prefix_error (error, "%s", "Master device activation failed: "); g_prefix_error (error, "%s", "Master device activation failed: ");
@@ -2817,7 +2813,7 @@ ensure_master_active_connection (NMManager *self,
master_connection, master_connection,
NULL, NULL,
NULL, NULL,
dbus_sender, subject,
error); error);
if (!master_ac) if (!master_ac)
g_prefix_error (error, "%s", "Master device activation failed: "); g_prefix_error (error, "%s", "Master device activation failed: ");
@@ -2839,8 +2835,7 @@ static NMActiveConnection *
activate_vpn_connection (NMManager *self, activate_vpn_connection (NMManager *self,
NMConnection *connection, NMConnection *connection,
const char *specific_object, const char *specific_object,
gboolean user_requested, NMAuthSubject *subject,
gulong sender_uid,
GError **error) GError **error)
{ {
NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self); NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self);
@@ -2885,8 +2880,7 @@ activate_vpn_connection (NMManager *self,
vpn = nm_vpn_connection_new (connection, vpn = nm_vpn_connection_new (connection,
device, device,
nm_active_connection_get_path (parent), nm_active_connection_get_path (parent),
user_requested, subject);
sender_uid);
g_assert (vpn); g_assert (vpn);
success = nm_vpn_manager_activate_connection (priv->vpn_manager, vpn, error); success = nm_vpn_manager_activate_connection (priv->vpn_manager, vpn, error);
if (!success) if (!success)
@@ -2900,48 +2894,37 @@ nm_manager_activate_connection (NMManager *manager,
NMConnection *connection, NMConnection *connection,
const char *specific_object, const char *specific_object,
NMDevice *device, NMDevice *device,
const char *dbus_sender, NMAuthSubject *subject,
GError **error) GError **error)
{ {
NMManagerPrivate *priv; NMManagerPrivate *priv;
gulong sender_uid = G_MAXULONG;
char *iface; char *iface;
NMDevice *master_device = NULL; NMDevice *master_device = NULL;
NMConnection *master_connection = NULL; NMConnection *master_connection = NULL;
NMActiveConnection *master_ac = NULL, *ac = NULL; NMActiveConnection *master_ac = NULL, *ac = NULL;
gboolean matched; gboolean matched;
gboolean user_requested;
g_return_val_if_fail (manager != NULL, NULL); g_return_val_if_fail (manager != NULL, NULL);
g_return_val_if_fail (connection != NULL, NULL); g_return_val_if_fail (connection != NULL, NULL);
g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), NULL);
g_return_val_if_fail (error != NULL, NULL); g_return_val_if_fail (error != NULL, NULL);
g_return_val_if_fail (*error == NULL, NULL); g_return_val_if_fail (*error == NULL, NULL);
priv = NM_MANAGER_GET_PRIVATE (manager); priv = NM_MANAGER_GET_PRIVATE (manager);
/* Get the UID of the user that originated the request, if any */
if (dbus_sender) {
if (!nm_dbus_manager_get_unix_user (priv->dbus_mgr, dbus_sender, &sender_uid)) {
g_set_error_literal (error,
NM_MANAGER_ERROR, NM_MANAGER_ERROR_PERMISSION_DENIED,
"Failed to get unix user for dbus sender");
return NULL;
}
} else {
/* No sender means an internal/automatic activation request */
sender_uid = 0;
}
/* VPN ? */ /* VPN ? */
if (nm_connection_is_type (connection, NM_SETTING_VPN_SETTING_NAME)) { if (nm_connection_is_type (connection, NM_SETTING_VPN_SETTING_NAME)) {
ac = activate_vpn_connection (manager, ac = activate_vpn_connection (manager,
connection, connection,
specific_object, specific_object,
!!dbus_sender, subject,
sender_uid,
error); error);
goto activated; goto activated;
} }
user_requested = !nm_auth_subject_get_internal (subject);
/* Device-based connection */ /* Device-based connection */
if (device) { if (device) {
/* If it's a virtual interface make sure the device given by the /* If it's a virtual interface make sure the device given by the
@@ -2990,7 +2973,7 @@ nm_manager_activate_connection (NMManager *manager,
* at this time (the device was manually disconnected/deleted before) * at this time (the device was manually disconnected/deleted before)
*/ */
if (!nm_manager_can_device_auto_connect (manager, iface)) { if (!nm_manager_can_device_auto_connect (manager, iface)) {
if (dbus_sender) { if (user_requested) {
/* Manual activation - allow device auto-activation again */ /* Manual activation - allow device auto-activation again */
nm_manager_prevent_device_auto_connect (manager, iface, FALSE); nm_manager_prevent_device_auto_connect (manager, iface, FALSE);
} else { } else {
@@ -3034,7 +3017,7 @@ nm_manager_activate_connection (NMManager *manager,
/* If this is an autoconnect request, but the device isn't allowing autoconnect /* If this is an autoconnect request, but the device isn't allowing autoconnect
* right now, we reject it. * right now, we reject it.
*/ */
if (!dbus_sender && !nm_device_autoconnect_allowed (device)) { if (!user_requested && !nm_device_autoconnect_allowed (device)) {
g_set_error (error, NM_MANAGER_ERROR, NM_MANAGER_ERROR_AUTOCONNECT_NOT_ALLOWED, g_set_error (error, NM_MANAGER_ERROR, NM_MANAGER_ERROR_AUTOCONNECT_NOT_ALLOWED,
"%s does not allow automatic connections at this time", "%s does not allow automatic connections at this time",
nm_device_get_iface (device)); nm_device_get_iface (device));
@@ -3073,7 +3056,7 @@ nm_manager_activate_connection (NMManager *manager,
} }
master_ac = ensure_master_active_connection (manager, master_ac = ensure_master_active_connection (manager,
dbus_sender, subject,
connection, connection,
device, device,
master_connection, master_connection,
@@ -3094,9 +3077,7 @@ nm_manager_activate_connection (NMManager *manager,
device, device,
connection, connection,
specific_object, specific_object,
dbus_sender ? TRUE : FALSE, subject,
dbus_sender ? sender_uid : 0,
dbus_sender,
FALSE, FALSE,
master_ac, master_ac,
error); error);
@@ -3126,7 +3107,7 @@ pending_activate (PendingActivation *pending,
NM_CONNECTION (new_connection) : pending->connection, NM_CONNECTION (new_connection) : pending->connection,
pending->specific_object_path, pending->specific_object_path,
pending->device, pending->device,
nm_auth_subject_get_dbus_sender (pending->subject), pending->subject,
&local); &local);
if (!ac) { if (!ac) {
nm_log_warn (LOGD_CORE, "connection %s failed to activate: (%d) %s", nm_log_warn (LOGD_CORE, "connection %s failed to activate: (%d) %s",

3
src/nm-manager.h
View File

@@ -27,6 +27,7 @@
#include <dbus/dbus-glib.h> #include <dbus/dbus-glib.h>
#include "nm-device.h" #include "nm-device.h"
#include "nm-settings.h" #include "nm-settings.h"
#include "nm-auth-subject.h"
#define NM_TYPE_MANAGER (nm_manager_get_type ()) #define NM_TYPE_MANAGER (nm_manager_get_type ())
#define NM_MANAGER(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_MANAGER, NMManager)) #define NM_MANAGER(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_MANAGER, NMManager))
@@ -117,7 +118,7 @@ NMActiveConnection *nm_manager_activate_connection (NMManager *manager,
NMConnection *connection, NMConnection *connection,
const char *specific_object, const char *specific_object,
NMDevice *device, NMDevice *device,
const char *dbus_sender, /* NULL if automatic */ NMAuthSubject *subject,
GError **error); GError **error);
gboolean nm_manager_deactivate_connection (NMManager *manager, gboolean nm_manager_deactivate_connection (NMManager *manager,

7
src/nm-policy.c
View File

@@ -1034,14 +1034,16 @@ auto_activate_device (gpointer user_data)
best_connection = nm_device_get_best_auto_connection (data->device, connections, &specific_object); best_connection = nm_device_get_best_auto_connection (data->device, connections, &specific_object);
if (best_connection) { if (best_connection) {
GError *error = NULL; GError *error = NULL;
NMAuthSubject *subject;
nm_log_info (LOGD_DEVICE, "Auto-activating connection '%s'.", nm_log_info (LOGD_DEVICE, "Auto-activating connection '%s'.",
nm_connection_get_id (best_connection)); nm_connection_get_id (best_connection));
subject = nm_auth_subject_new_internal ();
if (!nm_manager_activate_connection (priv->manager, if (!nm_manager_activate_connection (priv->manager,
best_connection, best_connection,
specific_object, specific_object,
data->device, data->device,
NULL, subject,
&error)) { &error)) {
nm_log_info (LOGD_DEVICE, "Connection '%s' auto-activation failed: (%d) %s", nm_log_info (LOGD_DEVICE, "Connection '%s' auto-activation failed: (%d) %s",
nm_connection_get_id (best_connection), nm_connection_get_id (best_connection),
@@ -1049,6 +1051,7 @@ auto_activate_device (gpointer user_data)
error ? error->message : "(none)"); error ? error->message : "(none)");
g_error_free (error); g_error_free (error);
} }
g_object_unref (subject);
} }
g_slist_free (connections); g_slist_free (connections);
@@ -1358,7 +1361,7 @@ activate_secondary_connections (NMPolicy *policy,
NM_CONNECTION (settings_con), NM_CONNECTION (settings_con),
nm_active_connection_get_path (NM_ACTIVE_CONNECTION (req)), nm_active_connection_get_path (NM_ACTIVE_CONNECTION (req)),
device, device,
nm_act_request_get_dbus_sender (req), nm_active_connection_get_subject (NM_ACTIVE_CONNECTION (req)),
&error); &error);
if (ac) { if (ac) {
secondary_ac_list = g_slist_append (secondary_ac_list, secondary_ac_list = g_slist_append (secondary_ac_list,

6
src/vpn-manager/nm-vpn-connection.c
View File

@@ -400,8 +400,7 @@ NMVPNConnection *
nm_vpn_connection_new (NMConnection *connection, nm_vpn_connection_new (NMConnection *connection,
NMDevice *parent_device, NMDevice *parent_device,
const char *specific_object, const char *specific_object,
gboolean user_requested, NMAuthSubject *subject)
gulong user_uid)
{ {
g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL); g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL);
g_return_val_if_fail (NM_IS_DEVICE (parent_device), NULL); g_return_val_if_fail (NM_IS_DEVICE (parent_device), NULL);
@@ -410,8 +409,7 @@ nm_vpn_connection_new (NMConnection *connection,
NM_ACTIVE_CONNECTION_INT_CONNECTION, connection, NM_ACTIVE_CONNECTION_INT_CONNECTION, connection,
NM_ACTIVE_CONNECTION_INT_DEVICE, parent_device, NM_ACTIVE_CONNECTION_INT_DEVICE, parent_device,
NM_ACTIVE_CONNECTION_SPECIFIC_OBJECT, specific_object, NM_ACTIVE_CONNECTION_SPECIFIC_OBJECT, specific_object,
NM_ACTIVE_CONNECTION_INT_USER_REQUESTED, user_requested, NM_ACTIVE_CONNECTION_INT_SUBJECT, subject,
NM_ACTIVE_CONNECTION_INT_USER_UID, user_uid,
NM_ACTIVE_CONNECTION_VPN, TRUE, NM_ACTIVE_CONNECTION_VPN, TRUE,
NULL); NULL);
} }

4
src/vpn-manager/nm-vpn-connection.h
View File

@@ -26,6 +26,7 @@
#include <glib-object.h> #include <glib-object.h>
#include "NetworkManagerVPN.h" #include "NetworkManagerVPN.h"
#include "nm-device.h" #include "nm-device.h"
#include "nm-auth-subject.h"
#define NM_TYPE_VPN_CONNECTION (nm_vpn_connection_get_type ()) #define NM_TYPE_VPN_CONNECTION (nm_vpn_connection_get_type ())
#define NM_VPN_CONNECTION(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_VPN_CONNECTION, NMVPNConnection)) #define NM_VPN_CONNECTION(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_VPN_CONNECTION, NMVPNConnection))
@@ -67,8 +68,7 @@ GType nm_vpn_connection_get_type (void);
NMVPNConnection * nm_vpn_connection_new (NMConnection *connection, NMVPNConnection * nm_vpn_connection_new (NMConnection *connection,
NMDevice *parent_device, NMDevice *parent_device,
const char *specific_object, const char *specific_object,
gboolean user_requested, NMAuthSubject *subject);
gulong user_uid);
void nm_vpn_connection_activate (NMVPNConnection *connection); void nm_vpn_connection_activate (NMVPNConnection *connection);
NMConnection * nm_vpn_connection_get_connection (NMVPNConnection *connection); NMConnection * nm_vpn_connection_get_connection (NMVPNConnection *connection);