colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

core: pass NMAuthSubject around activation paths instead of uid + dbus sender

Browse Source
This commit is contained in:
Dan Williams
2013-07-29 13:11:47 -05:00
parent bcef423174
commit 0e595abcf3
9 changed files with 88 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/nm-activation-request.c
View File

@@ -52,7 +52,6 @@ typedef struct {
typedef struct {
guint device_state_id;
char *dbus_sender;
GSList *secrets_calls;
gboolean shared;
GSList *share_rules;
@@ -68,14 +67,6 @@ nm_act_request_get_connection (NMActRequest *req)
return nm_active_connection_get_connection (NM_ACTIVE_CONNECTION (req));
}
const char *
nm_act_request_get_dbus_sender (NMActRequest *req)
{
g_return_val_if_fail (NM_IS_ACT_REQUEST (req), NULL);
return NM_ACT_REQUEST_GET_PRIVATE (req)->dbus_sender;
}
/*******************************************************************/
typedef struct {
@@ -351,11 +342,7 @@ device_state_changed (NMDevice *device, GParamSpec *pspec, NMActRequest *self)
* @connection: the connection to activate @device with
* @specific_object: the object path of the specific object (ie, WiFi access point,
* etc) that will be used to activate @connection and @device
* @user_requested: pass %TRUE if the activation was requested via D-Bus,
* otherwise %FALSE if requested internally by NM (ie, autoconnect)
* @user_uid: if @user_requested is %TRUE, the Unix UID of the user that requested
* @dbus_sender: if @user_requested is %TRUE, the D-BUS sender that requested
* the activation
* @subject: the #NMAuthSubject representing the requestor of the activation
* @device: the device/interface to configure according to @connection
* @master: if the activation depends on another device (ie, bond or bridge
* or team master to which this device will be enslaved) pass the #NMDevice
@@ -368,29 +355,21 @@ device_state_changed (NMDevice *device, GParamSpec *pspec, NMActRequest *self)
NMActRequest *
nm_act_request_new (NMConnection *connection,
const char *specific_object,
gboolean user_requested,
gulong user_uid,
const char *dbus_sender,
NMAuthSubject *subject,
NMDevice *device,
NMDevice *master)
{
GObject *object;
g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL);
g_return_val_if_fail (NM_IS_DEVICE (device), NULL);
g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), NULL);
object = g_object_new (NM_TYPE_ACT_REQUEST,
return (NMActRequest *) g_object_new (NM_TYPE_ACT_REQUEST,
NM_ACTIVE_CONNECTION_INT_CONNECTION, connection,
NM_ACTIVE_CONNECTION_INT_DEVICE, device,
NM_ACTIVE_CONNECTION_SPECIFIC_OBJECT, specific_object,
NM_ACTIVE_CONNECTION_INT_USER_REQUESTED, user_requested,
NM_ACTIVE_CONNECTION_INT_USER_UID, user_uid,
NM_ACTIVE_CONNECTION_INT_SUBJECT, subject,
NM_ACTIVE_CONNECTION_INT_MASTER, master,
NULL);
if (object)
NM_ACT_REQUEST_GET_PRIVATE (object)->dbus_sender = g_strdup (dbus_sender);
return (NMActRequest *) object;
}
static void
@@ -445,9 +424,6 @@ dispose (GObject *object)
g_slist_free (priv->secrets_calls);
priv->secrets_calls = NULL;
g_free (priv->dbus_sender);
priv->dbus_sender = NULL;
G_OBJECT_CLASS (nm_act_request_parent_class)->dispose (object);
}

8
src/nm-activation-request.h
View File

@@ -48,18 +48,12 @@ GType nm_act_request_get_type (void);
NMActRequest *nm_act_request_new (NMConnection *connection,
const char *specific_object,
gboolean user_requested,
gulong user_uid,
const char *dbus_sender,
NMAuthSubject *subject,
NMDevice *device,
NMDevice *master);
NMConnection *nm_act_request_get_connection (NMActRequest *req);
gulong nm_act_request_get_user_uid (NMActRequest *req);
const char *nm_act_request_get_dbus_sender (NMActRequest *req);
gboolean nm_act_request_get_shared (NMActRequest *req);
void nm_act_request_set_shared (NMActRequest *req, gboolean shared);

59
src/nm-active-connection.c
View File

@@ -48,8 +48,7 @@ typedef struct {
NMActiveConnectionState state;
gboolean vpn;
gboolean user_requested;
gulong user_uid;
NMAuthSubject *subject;
NMDevice *master;
} NMActiveConnectionPrivate;
@@ -67,8 +66,7 @@ enum {
PROP_INT_CONNECTION,
PROP_INT_DEVICE,
PROP_INT_USER_REQUESTED,
PROP_INT_USER_UID,
PROP_INT_SUBJECT,
PROP_INT_MASTER,
LAST_PROP
@@ -216,20 +214,31 @@ nm_active_connection_export (NMActiveConnection *self)
nm_dbus_manager_register_object (nm_dbus_manager_get (), priv->path, self);
}
NMAuthSubject *
nm_active_connection_get_subject (NMActiveConnection *self)
{
g_return_val_if_fail (NM_IS_ACTIVE_CONNECTION (self), NULL);
return NM_ACTIVE_CONNECTION_GET_PRIVATE (self)->subject;
}
gboolean
nm_active_connection_get_user_requested (NMActiveConnection *self)
{
g_return_val_if_fail (NM_IS_ACTIVE_CONNECTION (self), FALSE);
return NM_ACTIVE_CONNECTION_GET_PRIVATE (self)->user_requested;
return !nm_auth_subject_get_internal (NM_ACTIVE_CONNECTION_GET_PRIVATE (self)->subject);
}
gulong
nm_active_connection_get_user_uid (NMActiveConnection *self)
{
g_return_val_if_fail (NM_IS_ACTIVE_CONNECTION (self), G_MAXULONG);
NMActiveConnectionPrivate *priv;
return NM_ACTIVE_CONNECTION_GET_PRIVATE (self)->user_uid;
g_return_val_if_fail (NM_IS_ACTIVE_CONNECTION (self), G_MAXULONG);
priv = NM_ACTIVE_CONNECTION_GET_PRIVATE (self);
return nm_auth_subject_get_uid (priv->subject);
}
NMDevice *
@@ -255,6 +264,13 @@ nm_active_connection_init (NMActiveConnection *self)
{
}
static void
constructed (GObject *object)
{
G_OBJECT_CLASS (nm_active_connection_parent_class)->constructed (object);
g_assert (NM_ACTIVE_CONNECTION_GET_PRIVATE (object)->subject);
}
static void
set_property (GObject *object, guint prop_id,
const GValue *value, GParamSpec *pspec)
@@ -273,11 +289,8 @@ set_property (GObject *object, guint prop_id,
if (priv->device)
g_warn_if_fail (priv->device != priv->master);
break;
case PROP_INT_USER_REQUESTED:
priv->user_requested = g_value_get_boolean (value);
break;
case PROP_INT_USER_UID:
priv->user_uid = g_value_get_ulong (value);
case PROP_INT_SUBJECT:
priv->subject = g_value_dup_object (value);
break;
case PROP_INT_MASTER:
g_warn_if_fail (priv->master == NULL);
@@ -346,6 +359,9 @@ get_property (GObject *object, guint prop_id,
case PROP_MASTER:
g_value_set_boxed (value, priv->master ? nm_device_get_path (priv->master) : "/");
break;
case PROP_INT_SUBJECT:
g_value_set_object (value, priv->subject);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -365,6 +381,7 @@ dispose (GObject *object)
g_clear_object (&priv->connection);
g_clear_object (&priv->device);
g_clear_object (&priv->master);
g_clear_object (&priv->subject);
G_OBJECT_CLASS (nm_active_connection_parent_class)->dispose (object);
}
@@ -379,6 +396,7 @@ nm_active_connection_class_init (NMActiveConnectionClass *ac_class)
/* virtual methods */
object_class->get_property = get_property;
object_class->set_property = set_property;
object_class->constructed = constructed;
object_class->dispose = dispose;
/* D-Bus exported properties */
@@ -462,18 +480,11 @@ nm_active_connection_class_init (NMActiveConnectionClass *ac_class)
NM_TYPE_DEVICE,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property (object_class, PROP_INT_USER_REQUESTED,
g_param_spec_boolean (NM_ACTIVE_CONNECTION_INT_USER_REQUESTED,
"User requested",
"User requested",
FALSE,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property (object_class, PROP_INT_USER_UID,
g_param_spec_ulong (NM_ACTIVE_CONNECTION_INT_USER_UID,
"User UID",
"User UID (if user requested)",
0, G_MAXULONG, 0,
g_object_class_install_property (object_class, PROP_INT_SUBJECT,
g_param_spec_object (NM_ACTIVE_CONNECTION_INT_SUBJECT,
"Subject",
"Subject",
NM_TYPE_AUTH_SUBJECT,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property (object_class, PROP_INT_MASTER,

6
src/nm-active-connection.h
View File

@@ -24,6 +24,7 @@
#include <glib-object.h>
#include "nm-types.h"
#include "nm-connection.h"
#include "nm-auth-subject.h"
#define NM_TYPE_ACTIVE_CONNECTION (nm_active_connection_get_type ())
#define NM_ACTIVE_CONNECTION(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_ACTIVE_CONNECTION, NMActiveConnection))
@@ -46,8 +47,7 @@
/* Internal non-exported construct-time properties */
#define NM_ACTIVE_CONNECTION_INT_CONNECTION "int-connection"
#define NM_ACTIVE_CONNECTION_INT_DEVICE "int-device"
#define NM_ACTIVE_CONNECTION_INT_USER_REQUESTED "int-user-requested"
#define NM_ACTIVE_CONNECTION_INT_USER_UID "int-user-uid"
#define NM_ACTIVE_CONNECTION_INT_SUBJECT "int-subject"
#define NM_ACTIVE_CONNECTION_INT_MASTER "int-master"
@@ -91,6 +91,8 @@ void nm_active_connection_set_state (NMActiveConnection *self,
NMDevice * nm_active_connection_get_device (NMActiveConnection *self);
NMAuthSubject *nm_active_connection_get_subject (NMActiveConnection *self);
gboolean nm_active_connection_get_user_requested (NMActiveConnection *self);
gulong nm_active_connection_get_user_uid (NMActiveConnection *self);

71
src/nm-manager.c
View File

@@ -160,9 +160,7 @@ static NMActiveConnection *internal_activate_device (NMManager *manager,
NMDevice *device,
NMConnection *connection,
const char *specific_object,
gboolean user_requested,
gulong sender_uid,
const char *dbus_sender,
NMAuthSubject *subject,
gboolean assumed,
NMActiveConnection *master,
GError **error);
@@ -2049,12 +2047,14 @@ add_device (NMManager *self, NMDevice *device)
/* If the device has a connection it can assume, do that now */
if (connection && nm_device_can_activate (device, connection)) {
NMActiveConnection *ac;
NMAuthSubject *subject;
GError *error = NULL;
nm_log_dbg (LOGD_DEVICE, "(%s): will attempt to assume connection",
nm_device_get_iface (device));
ac = internal_activate_device (self, device, connection, NULL, FALSE, 0, NULL, TRUE, NULL, &error);
subject = nm_auth_subject_new_internal ();
ac = internal_activate_device (self, device, connection, NULL, subject, TRUE, NULL, &error);
if (ac)
active_connection_add (self, ac);
else {
@@ -2064,6 +2064,7 @@ add_device (NMManager *self, NMDevice *device)
error && error->message ? error->message : "(unknown)");
g_error_free (error);
}
g_object_unref (subject);
}
}
@@ -2526,9 +2527,7 @@ internal_activate_device (NMManager *manager,
NMDevice *device,
NMConnection *connection,
const char *specific_object,
gboolean user_requested,
gulong sender_uid,
const char *dbus_sender,
NMAuthSubject *subject,
gboolean assumed,
NMActiveConnection *master,
GError **error)
@@ -2539,6 +2538,7 @@ internal_activate_device (NMManager *manager,
g_return_val_if_fail (NM_IS_MANAGER (manager), NULL);
g_return_val_if_fail (NM_IS_DEVICE (device), NULL);
g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL);
g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), NULL);
/* Ensure the requested connection is compatible with the device */
if (!nm_device_check_connection_compatible (device, connection, error))
@@ -2558,9 +2558,7 @@ internal_activate_device (NMManager *manager,
req = nm_act_request_new (connection,
specific_object,
user_requested,
sender_uid,
dbus_sender,
subject,
device,
master_device);
g_assert (req);
@@ -2681,9 +2679,7 @@ is_compatible_with_slave (NMConnection *master, NMConnection *slave)
* ensure_master_active_connection:
*
* @self: the #NMManager
* @dbus_sender: if the request was initiated by a user via D-Bus, the
* dbus sender name of the client that requested the activation; for auto
* activated connections use %NULL
* @subject: the #NMAuthSubject representing the requestor of this activation
* @connection: the connection that should depend on @master_connection
* @device: the #NMDevice, if any, which will activate @connection
* @master_connection: the master connection
@@ -2698,7 +2694,7 @@ is_compatible_with_slave (NMConnection *master, NMConnection *slave)
*/
static NMActiveConnection *
ensure_master_active_connection (NMManager *self,
const char *dbus_sender,
NMAuthSubject *subject,
NMConnection *connection,
NMDevice *device,
NMConnection *master_connection,
@@ -2754,7 +2750,7 @@ ensure_master_active_connection (NMManager *self,
candidate,
NULL,
master_device,
dbus_sender,
subject,
error);
if (!master_ac)
g_prefix_error (error, "%s", "Master device activation failed: ");
@@ -2802,7 +2798,7 @@ ensure_master_active_connection (NMManager *self,
master_connection,
NULL,
candidate,
dbus_sender,
subject,
error);
if (!master_ac)
g_prefix_error (error, "%s", "Master device activation failed: ");
@@ -2817,7 +2813,7 @@ ensure_master_active_connection (NMManager *self,
master_connection,
NULL,
NULL,
dbus_sender,
subject,
error);
if (!master_ac)
g_prefix_error (error, "%s", "Master device activation failed: ");
@@ -2839,8 +2835,7 @@ static NMActiveConnection *
activate_vpn_connection (NMManager *self,
NMConnection *connection,
const char *specific_object,
gboolean user_requested,
gulong sender_uid,
NMAuthSubject *subject,
GError **error)
{
NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self);
@@ -2885,8 +2880,7 @@ activate_vpn_connection (NMManager *self,
vpn = nm_vpn_connection_new (connection,
device,
nm_active_connection_get_path (parent),
user_requested,
sender_uid);
subject);
g_assert (vpn);
success = nm_vpn_manager_activate_connection (priv->vpn_manager, vpn, error);
if (!success)
@@ -2900,48 +2894,37 @@ nm_manager_activate_connection (NMManager *manager,
NMConnection *connection,
const char *specific_object,
NMDevice *device,
const char *dbus_sender,
NMAuthSubject *subject,
GError **error)
{
NMManagerPrivate *priv;
gulong sender_uid = G_MAXULONG;
char *iface;
NMDevice *master_device = NULL;
NMConnection *master_connection = NULL;
NMActiveConnection *master_ac = NULL, *ac = NULL;
gboolean matched;
gboolean user_requested;
g_return_val_if_fail (manager != NULL, NULL);
g_return_val_if_fail (connection != NULL, NULL);
g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), NULL);
g_return_val_if_fail (error != NULL, NULL);
g_return_val_if_fail (*error == NULL, NULL);
priv = NM_MANAGER_GET_PRIVATE (manager);
/* Get the UID of the user that originated the request, if any */
if (dbus_sender) {
if (!nm_dbus_manager_get_unix_user (priv->dbus_mgr, dbus_sender, &sender_uid)) {
g_set_error_literal (error,
NM_MANAGER_ERROR, NM_MANAGER_ERROR_PERMISSION_DENIED,
"Failed to get unix user for dbus sender");
return NULL;
}
} else {
/* No sender means an internal/automatic activation request */
sender_uid = 0;
}
/* VPN ? */
if (nm_connection_is_type (connection, NM_SETTING_VPN_SETTING_NAME)) {
ac = activate_vpn_connection (manager,
connection,
specific_object,
!!dbus_sender,
sender_uid,
subject,
error);
goto activated;
}
user_requested = !nm_auth_subject_get_internal (subject);
/* Device-based connection */
if (device) {
/* If it's a virtual interface make sure the device given by the
@@ -2990,7 +2973,7 @@ nm_manager_activate_connection (NMManager *manager,
* at this time (the device was manually disconnected/deleted before)
*/
if (!nm_manager_can_device_auto_connect (manager, iface)) {
if (dbus_sender) {
if (user_requested) {
/* Manual activation - allow device auto-activation again */
nm_manager_prevent_device_auto_connect (manager, iface, FALSE);
} else {
@@ -3034,7 +3017,7 @@ nm_manager_activate_connection (NMManager *manager,
/* If this is an autoconnect request, but the device isn't allowing autoconnect
* right now, we reject it.
*/
if (!dbus_sender && !nm_device_autoconnect_allowed (device)) {
if (!user_requested && !nm_device_autoconnect_allowed (device)) {
g_set_error (error, NM_MANAGER_ERROR, NM_MANAGER_ERROR_AUTOCONNECT_NOT_ALLOWED,
"%s does not allow automatic connections at this time",
nm_device_get_iface (device));
@@ -3073,7 +3056,7 @@ nm_manager_activate_connection (NMManager *manager,
}
master_ac = ensure_master_active_connection (manager,
dbus_sender,
subject,
connection,
device,
master_connection,
@@ -3094,9 +3077,7 @@ nm_manager_activate_connection (NMManager *manager,
device,
connection,
specific_object,
dbus_sender ? TRUE : FALSE,
dbus_sender ? sender_uid : 0,
dbus_sender,
subject,
FALSE,
master_ac,
error);
@@ -3126,7 +3107,7 @@ pending_activate (PendingActivation *pending,
NM_CONNECTION (new_connection) : pending->connection,
pending->specific_object_path,
pending->device,
nm_auth_subject_get_dbus_sender (pending->subject),
pending->subject,
&local);
if (!ac) {
nm_log_warn (LOGD_CORE, "connection %s failed to activate: (%d) %s",

3
src/nm-manager.h
View File

@@ -27,6 +27,7 @@
#include <dbus/dbus-glib.h>
#include "nm-device.h"
#include "nm-settings.h"
#include "nm-auth-subject.h"
#define NM_TYPE_MANAGER (nm_manager_get_type ())
#define NM_MANAGER(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_MANAGER, NMManager))
@@ -117,7 +118,7 @@ NMActiveConnection *nm_manager_activate_connection (NMManager *manager,
NMConnection *connection,
const char *specific_object,
NMDevice *device,
const char *dbus_sender, /* NULL if automatic */
NMAuthSubject *subject,
GError **error);
gboolean nm_manager_deactivate_connection (NMManager *manager,

7
src/nm-policy.c
View File

@@ -1034,14 +1034,16 @@ auto_activate_device (gpointer user_data)
best_connection = nm_device_get_best_auto_connection (data->device, connections, &specific_object);
if (best_connection) {
GError *error = NULL;
NMAuthSubject *subject;
nm_log_info (LOGD_DEVICE, "Auto-activating connection '%s'.",
nm_connection_get_id (best_connection));
subject = nm_auth_subject_new_internal ();
if (!nm_manager_activate_connection (priv->manager,
best_connection,
specific_object,
data->device,
NULL,
subject,
&error)) {
nm_log_info (LOGD_DEVICE, "Connection '%s' auto-activation failed: (%d) %s",
nm_connection_get_id (best_connection),
@@ -1049,6 +1051,7 @@ auto_activate_device (gpointer user_data)
error ? error->message : "(none)");
g_error_free (error);
}
g_object_unref (subject);
}
g_slist_free (connections);
@@ -1358,7 +1361,7 @@ activate_secondary_connections (NMPolicy *policy,
NM_CONNECTION (settings_con),
nm_active_connection_get_path (NM_ACTIVE_CONNECTION (req)),
device,
nm_act_request_get_dbus_sender (req),
nm_active_connection_get_subject (NM_ACTIVE_CONNECTION (req)),
&error);
if (ac) {
secondary_ac_list = g_slist_append (secondary_ac_list,

6
src/vpn-manager/nm-vpn-connection.c
View File

@@ -400,8 +400,7 @@ NMVPNConnection *
nm_vpn_connection_new (NMConnection *connection,
NMDevice *parent_device,
const char *specific_object,
gboolean user_requested,
gulong user_uid)
NMAuthSubject *subject)
{
g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL);
g_return_val_if_fail (NM_IS_DEVICE (parent_device), NULL);
@@ -410,8 +409,7 @@ nm_vpn_connection_new (NMConnection *connection,
NM_ACTIVE_CONNECTION_INT_CONNECTION, connection,
NM_ACTIVE_CONNECTION_INT_DEVICE, parent_device,
NM_ACTIVE_CONNECTION_SPECIFIC_OBJECT, specific_object,
NM_ACTIVE_CONNECTION_INT_USER_REQUESTED, user_requested,
NM_ACTIVE_CONNECTION_INT_USER_UID, user_uid,
NM_ACTIVE_CONNECTION_INT_SUBJECT, subject,
NM_ACTIVE_CONNECTION_VPN, TRUE,
NULL);
}

4
src/vpn-manager/nm-vpn-connection.h
View File

@@ -26,6 +26,7 @@
#include <glib-object.h>
#include "NetworkManagerVPN.h"
#include "nm-device.h"
#include "nm-auth-subject.h"
#define NM_TYPE_VPN_CONNECTION (nm_vpn_connection_get_type ())
#define NM_VPN_CONNECTION(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_VPN_CONNECTION, NMVPNConnection))
@@ -67,8 +68,7 @@ GType nm_vpn_connection_get_type (void);
NMVPNConnection * nm_vpn_connection_new (NMConnection *connection,
NMDevice *parent_device,
const char *specific_object,
gboolean user_requested,
gulong user_uid);
NMAuthSubject *subject);
void nm_vpn_connection_activate (NMVPNConnection *connection);
NMConnection * nm_vpn_connection_get_connection (NMVPNConnection *connection);