colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2007-10-19 Dan Williams <dcbw@redhat.com>

Browse Source 
Split the GetSecrets() call off to a separate D-Bus interface so that it
	can be more easily locked down with D-Bus policy.  Only 'root' (ie, NM)
	should be able to call GetSecrets().

	* include/NetworkManager.h
		- Define the connection secrets D-Bus interface

	* src/vpn-manager/nm-vpn-connection.c
		- (clear_need_auth): get the right proxy object for the connection
			secrets interface
		- (get_connection_secrets): use the connection secrets proxy; send
			empty hints in get secrets request

	* src/nm-activation-request.c
		- (nm_act_request_request_connection_secrets): use the connection
			secrets proxy; send empty hints in get secrets request

	* src/nm-manager.c
	  src/nm-manager.h
		- (connection_get_settings_cb): set the connection secrets proxy on
			the connection object too
		- (internal_new_connection_cb): create the connection secrets proxy

	* introspection/nm-settings-connection.xml
		- Define Connection.Secrets interface and move GetSecrets there
		- Add a 'hints' argument to GetSecrets

	* libnm-glib/nm-settings.c
	  libnm-glib/nm-settings.h
		- (impl_connection_settings_get_secrets): add 'hints' argument



git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2989 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
This commit is contained in:
Dan Williams
2007-10-19 04:55:05 +00:00
parent c2f361392f
commit 42a732d9b9
9 changed files with 98 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
ChangeLog
View File

@@ -1,3 +1,36 @@
2007-10-19 Dan Williams <dcbw@redhat.com>
Split the GetSecrets() call off to a separate D-Bus interface so that it
can be more easily locked down with D-Bus policy. Only 'root' (ie, NM)
should be able to call GetSecrets().
* include/NetworkManager.h
- Define the connection secrets D-Bus interface
* src/vpn-manager/nm-vpn-connection.c
- (clear_need_auth): get the right proxy object for the connection
secrets interface
- (get_connection_secrets): use the connection secrets proxy; send
empty hints in get secrets request
* src/nm-activation-request.c
- (nm_act_request_request_connection_secrets): use the connection
secrets proxy; send empty hints in get secrets request
* src/nm-manager.c
src/nm-manager.h
- (connection_get_settings_cb): set the connection secrets proxy on
the connection object too
- (internal_new_connection_cb): create the connection secrets proxy
* introspection/nm-settings-connection.xml
- Define Connection.Secrets interface and move GetSecrets there
- Add a 'hints' argument to GetSecrets
* libnm-glib/nm-settings.c
libnm-glib/nm-settings.h
- (impl_connection_settings_get_secrets): add 'hints' argument
2007-10-19 Dan Williams <dcbw@redhat.com>
* src/nm-device.c

1
include/NetworkManager.h
View File

@@ -43,6 +43,7 @@
#define NM_DBUS_IFACE_SETTINGS_CONNECTION "org.freedesktop.NetworkManagerSettings.Connection"
#define NM_DBUS_PATH_SETTINGS_CONNECTION "/org/freedesktop/NetworkManagerSettings/Connection"
#define NM_DBUS_IFACE_SETTINGS_CONNECTION_SECRETS "org.freedesktop.NetworkManagerSettings.Connection.Secrets"
#define NMI_DBUS_USER_KEY_CANCELED_ERROR "org.freedesktop.NetworkManagerInfo.CanceledError"

24
introspection/nm-settings-connection.xml
View File

@@ -14,14 +14,6 @@
<arg name="settings" type="a{sa{sv}}" direction="out"/>
</method>
<method name="GetSecrets">
<annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_connection_settings_get_secrets"/>
<annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
<arg name="setting_name" type="s" direction="in"/>
<arg name="request_new" type="b" direction="in"/>
<arg name="secrets" type="a{sv}" direction="out"/>
</method>
<signal name="Updated">
<arg name="settings" type="a{sa{sv}}"/>
</signal>
@@ -31,4 +23,20 @@
</interface>
<!-- Secrets have a separate interface so that they can be locked down -->
<interface name="org.freedesktop.NetworkManagerSettings.Connection.Secrets">
<method name="GetSecrets">
<annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_connection_settings_get_secrets"/>
<annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
<arg name="setting_name" type="s" direction="in"/>
<!-- Array of strings of key names in the Setting for which NM thinks
a secrets may be required. -->
<arg name="hints" type="as" direction="in"/>
<arg name="request_new" type="b" direction="in"/>
<arg name="secrets" type="a{sv}" direction="out"/>
</method>
</interface>
</node>

4
libnm-glib/nm-settings.c
View File

@@ -119,6 +119,7 @@ static gboolean impl_connection_settings_get_settings (NMConnectionSettings *con
GError **error);
static void impl_connection_settings_get_secrets (NMConnectionSettings *connection,
const gchar *setting_name,
const gchar **hints,
gboolean request_new,
DBusGMethodInvocation *context);
@@ -178,6 +179,7 @@ impl_connection_settings_get_settings (NMConnectionSettings *connection,
static void
impl_connection_settings_get_secrets (NMConnectionSettings *connection,
const gchar *setting_name,
const gchar **hints,
gboolean request_new,
DBusGMethodInvocation *context)
{
@@ -201,7 +203,7 @@ impl_connection_settings_get_secrets (NMConnectionSettings *connection,
return;
}
CONNECTION_SETTINGS_CLASS (connection)->get_secrets (connection, setting_name, request_new, context);
CONNECTION_SETTINGS_CLASS (connection)->get_secrets (connection, setting_name, hints, request_new, context);
}
static void

1
libnm-glib/nm-settings.h
View File

@@ -29,6 +29,7 @@ typedef struct {
GHashTable * (* get_settings) (NMConnectionSettings *connection);
void (* get_secrets) (NMConnectionSettings *connection,
const gchar *setting_name,
const gchar **hints,
gboolean request_new,
DBusGMethodInvocation *context);

10
src/nm-activation-request.c
View File

@@ -201,6 +201,8 @@ get_secrets_cb (DBusGProxy *proxy, DBusGProxyCall *call, gpointer user_data)
g_hash_table_destroy (secrets);
}
#define DBUS_TYPE_STRING_ARRAY (dbus_g_type_get_collection ("GPtrArray", G_TYPE_STRING))
gboolean
nm_act_request_request_connection_secrets (NMActRequest *req,
const char *setting_name,
@@ -210,12 +212,13 @@ nm_act_request_request_connection_secrets (NMActRequest *req,
DBusGProxyCall *call;
GetSecretsInfo *info = NULL;
NMActRequestPrivate *priv = NULL;
GPtrArray *hints = NULL;
g_return_val_if_fail (NM_IS_ACT_REQUEST (req), FALSE);
g_return_val_if_fail (setting_name != NULL, FALSE);
priv = NM_ACT_REQUEST_GET_PRIVATE (req);
proxy = g_object_get_data (G_OBJECT (priv->connection), NM_MANAGER_CONNECTION_PROXY_TAG);
proxy = g_object_get_data (G_OBJECT (priv->connection), NM_MANAGER_CONNECTION_SECRETS_PROXY_TAG);
if (!DBUS_IS_G_PROXY (proxy)) {
nm_warning ("Couldn't get dbus proxy for connection.");
goto error;
@@ -233,6 +236,9 @@ nm_act_request_request_connection_secrets (NMActRequest *req,
goto error;
}
/* Empty for now */
hints = g_ptr_array_new ();
info->req = req;
call = dbus_g_proxy_begin_call_with_timeout (proxy, "GetSecrets",
get_secrets_cb,
@@ -240,8 +246,10 @@ nm_act_request_request_connection_secrets (NMActRequest *req,
free_get_secrets_info,
G_MAXINT32,
G_TYPE_STRING, setting_name,
DBUS_TYPE_STRING_ARRAY, hints,
G_TYPE_BOOLEAN, request_new,
G_TYPE_INVALID);
g_ptr_array_free (hints, TRUE);
if (!call) {
nm_warning ("Could not call GetSecrets");
goto error;

21
src/nm-manager.c
View File

@@ -378,6 +378,7 @@ typedef struct GetSettingsInfo {
NMConnection *connection;
DBusGProxy *proxy;
DBusGProxyCall *call;
DBusGProxy *secrets_proxy;
GSList **calls;
} GetSettingsInfo;
@@ -449,6 +450,11 @@ connection_get_settings_cb (DBusGProxy *proxy,
proxy,
(GDestroyNotify) g_object_unref);
g_object_set_data_full (G_OBJECT (connection),
NM_MANAGER_CONNECTION_SECRETS_PROXY_TAG,
info->secrets_proxy,
(GDestroyNotify) g_object_unref);
priv = NM_MANAGER_GET_PRIVATE (manager);
type = get_type_for_proxy (proxy);
switch (type) {
@@ -595,6 +601,7 @@ internal_new_connection_cb (DBusGProxy *proxy,
NMDBusManager * dbus_mgr;
DBusGConnection * g_connection;
DBusGProxyCall *call;
DBusGProxy *secrets_proxy;
dbus_mgr = nm_dbus_manager_get ();
g_connection = nm_dbus_manager_get_connection (dbus_mgr);
@@ -602,9 +609,20 @@ internal_new_connection_cb (DBusGProxy *proxy,
dbus_g_proxy_get_bus_name (proxy),
path,
NM_DBUS_IFACE_SETTINGS_CONNECTION);
g_object_unref (dbus_mgr);
if (!con_proxy) {
nm_warning ("Error: could not init user connection proxy");
g_object_unref (dbus_mgr);
return;
}
secrets_proxy = dbus_g_proxy_new_for_name (g_connection,
dbus_g_proxy_get_bus_name (proxy),
path,
NM_DBUS_IFACE_SETTINGS_CONNECTION_SECRETS);
g_object_unref (dbus_mgr);
if (!secrets_proxy) {
nm_warning ("Error: could not init user connection secrets proxy");
g_object_unref (con_proxy);
return;
}
@@ -632,6 +650,7 @@ internal_new_connection_cb (DBusGProxy *proxy,
G_TYPE_INVALID);
info->call = call;
info->proxy = con_proxy;
info->secrets_proxy = secrets_proxy;
if (info->calls)
*(info->calls) = g_slist_prepend (*(info->calls), call);
}

1
src/nm-manager.h
View File

@@ -20,6 +20,7 @@
#define NM_MANAGER_CONNECTION_PROXY_TAG "dbus-proxy"
#define NM_MANAGER_CONNECTION_TYPE_TAG "service-type"
#define NM_MANAGER_CONNECTION_SECRETS_PROXY_TAG "dbus-secrets-proxy"
typedef enum {
NM_CONNECTION_TYPE_UNKNOWN = 0,

19
src/vpn-manager/nm-vpn-connection.c
View File

@@ -510,7 +510,7 @@ clear_need_auth (NMVPNConnection *vpn_connection)
priv = NM_VPN_CONNECTION_GET_PRIVATE (vpn_connection);
g_assert (priv->connection);
proxy = g_object_get_data (G_OBJECT (priv->connection), NM_MANAGER_CONNECTION_PROXY_TAG);
proxy = g_object_get_data (G_OBJECT (priv->connection), NM_MANAGER_CONNECTION_SECRETS_PROXY_TAG);
if (!proxy || !DBUS_IS_G_PROXY (proxy))
return;
@@ -576,15 +576,18 @@ error:
nm_vpn_connection_fail (info->vpn_connection, NM_VPN_CONNECTION_STATE_REASON_NO_SECRETS);
}
#define DBUS_TYPE_STRING_ARRAY (dbus_g_type_get_collection ("GPtrArray", G_TYPE_STRING))
static gboolean
get_connection_secrets (NMVPNConnection *vpn_connection,
const char *setting_name,
gboolean request_new)
{
NMVPNConnectionPrivate *priv;
DBusGProxy *con_proxy;
DBusGProxy *secrets_proxy;
GetSecretsInfo *info = NULL;
DBusGProxyCall *call;
GPtrArray *hints;
g_return_val_if_fail (vpn_connection != NULL, FALSE);
g_return_val_if_fail (NM_IS_VPN_CONNECTION (vpn_connection), FALSE);
@@ -593,8 +596,9 @@ get_connection_secrets (NMVPNConnection *vpn_connection,
priv = NM_VPN_CONNECTION_GET_PRIVATE (vpn_connection);
g_assert (priv->connection);
con_proxy = g_object_get_data (G_OBJECT (priv->connection), NM_MANAGER_CONNECTION_PROXY_TAG);
g_return_val_if_fail (con_proxy && DBUS_IS_G_PROXY (con_proxy), FALSE);
secrets_proxy = g_object_get_data (G_OBJECT (priv->connection),
NM_MANAGER_CONNECTION_SECRETS_PROXY_TAG);
g_return_val_if_fail (secrets_proxy && DBUS_IS_G_PROXY (secrets_proxy), FALSE);
info = g_slice_new0 (GetSecretsInfo);
g_return_val_if_fail (info != NULL, FALSE);
@@ -607,15 +611,20 @@ get_connection_secrets (NMVPNConnection *vpn_connection,
info->vpn_connection = g_object_ref (vpn_connection);
/* Empty for now... */
hints = g_ptr_array_new ();
/* use ..._with_timeout to give the user time to enter secrets */
call = dbus_g_proxy_begin_call_with_timeout (con_proxy, "GetSecrets",
call = dbus_g_proxy_begin_call_with_timeout (secrets_proxy, "GetSecrets",
get_secrets_cb,
info,
free_get_secrets_info,
G_MAXINT32,
G_TYPE_STRING, setting_name,
DBUS_TYPE_STRING_ARRAY, hints,
G_TYPE_BOOLEAN, request_new,
G_TYPE_INVALID);
g_ptr_array_free (hints, TRUE);
if (!call) {
nm_warning ("Could not call GetSecrets");
goto error;