agents: filter agents by UID for user-requested connections
When a user makes an explicit request for secrets via GetSecrets or activates a device, don't ask other users' agents for secrets. Restrict secrets request to agents owned by the user that made the initial activate or GetSecrets request. Automatic activations still request secrets from any available agent.
This commit is contained in:
Dan Williams
@@ -26,5 +26,5 @@ BOOLEAN:VOID
|
|||||||
VOID:STRING,BOOLEAN
|
VOID:STRING,BOOLEAN
|
||||||
VOID:STRING,OBJECT,POINTER
|
VOID:STRING,OBJECT,POINTER
|
||||||
VOID:BOOLEAN,UINT
|
VOID:BOOLEAN,UINT
|
||||||
UINT:STRING,POINTER,POINTER
|
UINT:STRING,STRING,POINTER,POINTER
|
||||||
|
|
||||||
|
|||||||
@@ -523,7 +523,6 @@ nm_modem_get_secrets (NMModem *self,
|
|||||||
if (request_new)
|
if (request_new)
|
||||||
flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW;
|
flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW;
|
||||||
priv->secrets_id = nm_act_request_get_secrets (priv->act_request,
|
priv->secrets_id = nm_act_request_get_secrets (priv->act_request,
|
||||||
NULL,
|
|
||||||
setting_name,
|
setting_name,
|
||||||
flags,
|
flags,
|
||||||
hint,
|
hint,
|
||||||
@@ -571,7 +570,6 @@ nm_modem_act_stage1_prepare (NMModem *self,
|
|||||||
flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW;
|
flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW;
|
||||||
|
|
||||||
priv->secrets_id = nm_act_request_get_secrets (req,
|
priv->secrets_id = nm_act_request_get_secrets (req,
|
||||||
NULL,
|
|
||||||
setting_name,
|
setting_name,
|
||||||
flags,
|
flags,
|
||||||
hints ? g_ptr_array_index (hints, 0) : NULL,
|
hints ? g_ptr_array_index (hints, 0) : NULL,
|
||||||
|
|||||||
@@ -15,7 +15,7 @@
|
|||||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
*
|
*
|
||||||
* Copyright (C) 2005 - 2010 Red Hat, Inc.
|
* Copyright (C) 2005 - 2011 Red Hat, Inc.
|
||||||
* Copyright (C) 2007 - 2008 Novell, Inc.
|
* Copyright (C) 2007 - 2008 Novell, Inc.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@@ -66,6 +66,7 @@ typedef struct {
|
|||||||
char *specific_object;
|
char *specific_object;
|
||||||
NMDevice *device;
|
NMDevice *device;
|
||||||
gboolean user_requested;
|
gboolean user_requested;
|
||||||
|
gulong user_uid;
|
||||||
|
|
||||||
NMActiveConnectionState state;
|
NMActiveConnectionState state;
|
||||||
gboolean is_default;
|
gboolean is_default;
|
||||||
@@ -112,9 +113,11 @@ get_secrets_cb (NMAgentManager *manager,
|
|||||||
callback (self, call_id, connection, error, user_data3);
|
callback (self, call_id, connection, error, user_data3);
|
||||||
}
|
}
|
||||||
|
|
||||||
guint32
|
static guint32
|
||||||
nm_act_request_get_secrets (NMActRequest *self,
|
_internal_get_secrets (NMActRequest *self,
|
||||||
NMConnection *connection,
|
NMConnection *connection,
|
||||||
|
gboolean filter_by_uid,
|
||||||
|
gulong uid,
|
||||||
const char *setting_name,
|
const char *setting_name,
|
||||||
guint32 flags,
|
guint32 flags,
|
||||||
const char *hint,
|
const char *hint,
|
||||||
@@ -137,7 +140,9 @@ nm_act_request_get_secrets (NMActRequest *self,
|
|||||||
* itself.
|
* itself.
|
||||||
*/
|
*/
|
||||||
call_id = nm_agent_manager_get_secrets (priv->agent_mgr,
|
call_id = nm_agent_manager_get_secrets (priv->agent_mgr,
|
||||||
connection ? connection : priv->connection,
|
connection,
|
||||||
|
filter_by_uid,
|
||||||
|
uid,
|
||||||
setting_name,
|
setting_name,
|
||||||
flags,
|
flags,
|
||||||
hint,
|
hint,
|
||||||
@@ -151,6 +156,45 @@ nm_act_request_get_secrets (NMActRequest *self,
|
|||||||
return call_id;
|
return call_id;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
guint32
|
||||||
|
nm_act_request_get_secrets (NMActRequest *self,
|
||||||
|
const char *setting_name,
|
||||||
|
guint32 flags,
|
||||||
|
const char *hint,
|
||||||
|
NMActRequestSecretsFunc callback,
|
||||||
|
gpointer callback_data)
|
||||||
|
{
|
||||||
|
NMActRequestPrivate *priv = NM_ACT_REQUEST_GET_PRIVATE (self);
|
||||||
|
|
||||||
|
/* non-VPN requests use the activation request's internal connection, and
|
||||||
|
* also the user-requested status and user_uid if the activation was
|
||||||
|
* requested by a user.
|
||||||
|
*/
|
||||||
|
return _internal_get_secrets (self, priv->connection, priv->user_requested,
|
||||||
|
priv->user_uid, setting_name, flags, hint,
|
||||||
|
callback, callback_data);
|
||||||
|
}
|
||||||
|
|
||||||
|
guint32
|
||||||
|
nm_act_request_get_secrets_vpn (NMActRequest *self,
|
||||||
|
NMConnection *connection,
|
||||||
|
gboolean user_requested,
|
||||||
|
gulong user_uid,
|
||||||
|
const char *setting_name,
|
||||||
|
guint32 flags,
|
||||||
|
const char *hint,
|
||||||
|
NMActRequestSecretsFunc callback,
|
||||||
|
gpointer callback_data)
|
||||||
|
{
|
||||||
|
g_return_val_if_fail (connection != NULL, 0);
|
||||||
|
|
||||||
|
/* VPN requests use the VPN's connection, and also the VPN's user-requested
|
||||||
|
* status and user_uid if the activation was requested by a user.
|
||||||
|
*/
|
||||||
|
return _internal_get_secrets (self, connection, user_requested, user_uid,
|
||||||
|
setting_name, flags, hint, callback, callback_data);
|
||||||
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
nm_act_request_cancel_secrets (NMActRequest *self, guint32 call_id)
|
nm_act_request_cancel_secrets (NMActRequest *self, guint32 call_id)
|
||||||
{
|
{
|
||||||
@@ -448,6 +492,7 @@ nm_act_request_new (NMConnection *connection,
|
|||||||
const char *specific_object,
|
const char *specific_object,
|
||||||
NMAgentManager *agent_mgr,
|
NMAgentManager *agent_mgr,
|
||||||
gboolean user_requested,
|
gboolean user_requested,
|
||||||
|
gulong user_uid,
|
||||||
gboolean assumed,
|
gboolean assumed,
|
||||||
gpointer *device)
|
gpointer *device)
|
||||||
{
|
{
|
||||||
@@ -475,6 +520,7 @@ nm_act_request_new (NMConnection *connection,
|
|||||||
G_CALLBACK (device_state_changed),
|
G_CALLBACK (device_state_changed),
|
||||||
NM_ACT_REQUEST (object));
|
NM_ACT_REQUEST (object));
|
||||||
|
|
||||||
|
priv->user_uid = user_uid;
|
||||||
priv->user_requested = user_requested;
|
priv->user_requested = user_requested;
|
||||||
priv->assumed = assumed;
|
priv->assumed = assumed;
|
||||||
|
|
||||||
|
|||||||
@@ -51,6 +51,7 @@ NMActRequest *nm_act_request_new (NMConnection *connection,
|
|||||||
const char *specific_object,
|
const char *specific_object,
|
||||||
NMAgentManager *agent_mgr,
|
NMAgentManager *agent_mgr,
|
||||||
gboolean user_requested,
|
gboolean user_requested,
|
||||||
|
gulong user_uid,
|
||||||
gboolean assumed,
|
gboolean assumed,
|
||||||
gpointer *device); /* An NMDevice */
|
gpointer *device); /* An NMDevice */
|
||||||
|
|
||||||
@@ -93,7 +94,16 @@ typedef void (*NMActRequestSecretsFunc) (NMActRequest *req,
|
|||||||
gpointer user_data);
|
gpointer user_data);
|
||||||
|
|
||||||
guint32 nm_act_request_get_secrets (NMActRequest *req,
|
guint32 nm_act_request_get_secrets (NMActRequest *req,
|
||||||
NMConnection *connection, /* NULL == use activation request's connection */
|
const char *setting_name,
|
||||||
|
guint32 flags,
|
||||||
|
const char *hint,
|
||||||
|
NMActRequestSecretsFunc callback,
|
||||||
|
gpointer callback_data);
|
||||||
|
|
||||||
|
guint32 nm_act_request_get_secrets_vpn (NMActRequest *req,
|
||||||
|
NMConnection *connection,
|
||||||
|
gboolean user_requested,
|
||||||
|
gulong user_uid,
|
||||||
const char *setting_name,
|
const char *setting_name,
|
||||||
guint32 flags,
|
guint32 flags,
|
||||||
const char *hint,
|
const char *hint,
|
||||||
|
|||||||
@@ -330,6 +330,8 @@ struct _Request {
|
|||||||
guint32 reqid;
|
guint32 reqid;
|
||||||
|
|
||||||
NMConnection *connection;
|
NMConnection *connection;
|
||||||
|
gboolean filter_by_uid;
|
||||||
|
gulong uid_filter;
|
||||||
char *setting_name;
|
char *setting_name;
|
||||||
guint32 flags;
|
guint32 flags;
|
||||||
char *hint;
|
char *hint;
|
||||||
@@ -364,6 +366,8 @@ struct _Request {
|
|||||||
|
|
||||||
static Request *
|
static Request *
|
||||||
request_new (NMConnection *connection,
|
request_new (NMConnection *connection,
|
||||||
|
gboolean filter_by_uid,
|
||||||
|
gulong uid_filter,
|
||||||
const char *setting_name,
|
const char *setting_name,
|
||||||
guint32 flags,
|
guint32 flags,
|
||||||
const char *hint,
|
const char *hint,
|
||||||
@@ -380,6 +384,8 @@ request_new (NMConnection *connection,
|
|||||||
req = g_malloc0 (sizeof (Request));
|
req = g_malloc0 (sizeof (Request));
|
||||||
req->reqid = next_id++;
|
req->reqid = next_id++;
|
||||||
req->connection = g_object_ref (connection);
|
req->connection = g_object_ref (connection);
|
||||||
|
req->filter_by_uid = filter_by_uid;
|
||||||
|
req->uid_filter = uid_filter;
|
||||||
req->setting_name = g_strdup (setting_name);
|
req->setting_name = g_strdup (setting_name);
|
||||||
req->flags = flags;
|
req->flags = flags;
|
||||||
req->hint = g_strdup (hint);
|
req->hint = g_strdup (hint);
|
||||||
@@ -682,7 +688,7 @@ request_add_agent (Request *req,
|
|||||||
agent_uid = nm_secret_agent_get_owner_uid (agent);
|
agent_uid = nm_secret_agent_get_owner_uid (agent);
|
||||||
if (0 != agent_uid) {
|
if (0 != agent_uid) {
|
||||||
if (!nm_auth_uid_in_acl (req->connection, session_monitor, agent_uid, NULL)) {
|
if (!nm_auth_uid_in_acl (req->connection, session_monitor, agent_uid, NULL)) {
|
||||||
nm_log_dbg (LOGD_AGENTS, "(%s) agent ignored for secrets request %p/%s",
|
nm_log_dbg (LOGD_AGENTS, "(%s) agent ignored for secrets request %p/%s (not in ACL)",
|
||||||
nm_secret_agent_get_description (agent),
|
nm_secret_agent_get_description (agent),
|
||||||
req, req->setting_name);
|
req, req->setting_name);
|
||||||
/* Connection not visible to this agent's user */
|
/* Connection not visible to this agent's user */
|
||||||
@@ -691,6 +697,15 @@ request_add_agent (Request *req,
|
|||||||
/* Caller is allowed to add this connection */
|
/* Caller is allowed to add this connection */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* If the request should filter agents by UID, do that now */
|
||||||
|
if (req->filter_by_uid && (agent_uid != req->uid_filter)) {
|
||||||
|
nm_log_dbg (LOGD_AGENTS, "(%s) agent ignored for secrets request %p/%s "
|
||||||
|
"(uid %ld not required %ld)",
|
||||||
|
nm_secret_agent_get_description (agent),
|
||||||
|
req, req->setting_name, agent_uid, req->uid_filter);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
nm_log_dbg (LOGD_AGENTS, "(%s) agent allowed for secrets request %p/%s",
|
nm_log_dbg (LOGD_AGENTS, "(%s) agent allowed for secrets request %p/%s",
|
||||||
nm_secret_agent_get_description (agent),
|
nm_secret_agent_get_description (agent),
|
||||||
req, req->setting_name);
|
req, req->setting_name);
|
||||||
@@ -781,6 +796,8 @@ mgr_req_complete_cb (Request *req,
|
|||||||
guint32
|
guint32
|
||||||
nm_agent_manager_get_secrets (NMAgentManager *self,
|
nm_agent_manager_get_secrets (NMAgentManager *self,
|
||||||
NMConnection *connection,
|
NMConnection *connection,
|
||||||
|
gboolean filter_by_uid,
|
||||||
|
gulong uid_filter,
|
||||||
const char *setting_name,
|
const char *setting_name,
|
||||||
guint32 flags,
|
guint32 flags,
|
||||||
const char *hint,
|
const char *hint,
|
||||||
@@ -805,6 +822,8 @@ nm_agent_manager_get_secrets (NMAgentManager *self,
|
|||||||
setting_name);
|
setting_name);
|
||||||
|
|
||||||
req = request_new (connection,
|
req = request_new (connection,
|
||||||
|
filter_by_uid,
|
||||||
|
uid_filter,
|
||||||
setting_name,
|
setting_name,
|
||||||
flags,
|
flags,
|
||||||
hint,
|
hint,
|
||||||
|
|||||||
@@ -15,7 +15,7 @@
|
|||||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
*
|
*
|
||||||
* Copyright (C) 2010 Red Hat, Inc.
|
* Copyright (C) 2010 - 2011 Red Hat, Inc.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef NM_AGENT_MANAGER_H
|
#ifndef NM_AGENT_MANAGER_H
|
||||||
@@ -59,6 +59,8 @@ typedef void (*NMAgentSecretsResultFunc) (NMAgentManager *manager,
|
|||||||
|
|
||||||
guint32 nm_agent_manager_get_secrets (NMAgentManager *manager,
|
guint32 nm_agent_manager_get_secrets (NMAgentManager *manager,
|
||||||
NMConnection *connection,
|
NMConnection *connection,
|
||||||
|
gboolean filter_by_uid,
|
||||||
|
gulong uid,
|
||||||
const char *setting_name,
|
const char *setting_name,
|
||||||
guint32 flags,
|
guint32 flags,
|
||||||
const char *hint,
|
const char *hint,
|
||||||
|
|||||||
@@ -1055,7 +1055,6 @@ link_timeout_cb (gpointer user_data)
|
|||||||
|
|
||||||
nm_device_state_changed (dev, NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_SUPPLICANT_DISCONNECT);
|
nm_device_state_changed (dev, NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_SUPPLICANT_DISCONNECT);
|
||||||
nm_act_request_get_secrets (req,
|
nm_act_request_get_secrets (req,
|
||||||
NULL,
|
|
||||||
setting_name,
|
setting_name,
|
||||||
NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW,
|
NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW,
|
||||||
NULL,
|
NULL,
|
||||||
@@ -1245,14 +1244,7 @@ handle_auth_or_fail (NMDeviceEthernet *self,
|
|||||||
*/
|
*/
|
||||||
if (new_secrets || tries)
|
if (new_secrets || tries)
|
||||||
flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW;
|
flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW;
|
||||||
|
nm_act_request_get_secrets (req, setting_name, flags, NULL, wired_secrets_cb, self);
|
||||||
nm_act_request_get_secrets (req,
|
|
||||||
NULL,
|
|
||||||
setting_name,
|
|
||||||
flags,
|
|
||||||
NULL,
|
|
||||||
wired_secrets_cb,
|
|
||||||
self);
|
|
||||||
|
|
||||||
g_object_set_data (G_OBJECT (connection), WIRED_SECRETS_TRIES, GUINT_TO_POINTER (++tries));
|
g_object_set_data (G_OBJECT (connection), WIRED_SECRETS_TRIES, GUINT_TO_POINTER (++tries));
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@@ -2495,7 +2495,6 @@ link_timeout_cb (gpointer user_data)
|
|||||||
cleanup_association_attempt (self, TRUE);
|
cleanup_association_attempt (self, TRUE);
|
||||||
nm_device_state_changed (dev, NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_SUPPLICANT_DISCONNECT);
|
nm_device_state_changed (dev, NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_SUPPLICANT_DISCONNECT);
|
||||||
nm_act_request_get_secrets (req,
|
nm_act_request_get_secrets (req,
|
||||||
NULL,
|
|
||||||
setting_name,
|
setting_name,
|
||||||
NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW,
|
NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW,
|
||||||
NULL,
|
NULL,
|
||||||
@@ -2742,14 +2741,7 @@ handle_auth_or_fail (NMDeviceWifi *self,
|
|||||||
*/
|
*/
|
||||||
if (new_secrets || tries)
|
if (new_secrets || tries)
|
||||||
flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW;
|
flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW;
|
||||||
|
nm_act_request_get_secrets (req, setting_name, flags, NULL, wifi_secrets_cb, self);
|
||||||
nm_act_request_get_secrets (req,
|
|
||||||
NULL,
|
|
||||||
setting_name,
|
|
||||||
flags,
|
|
||||||
NULL,
|
|
||||||
wifi_secrets_cb,
|
|
||||||
self);
|
|
||||||
|
|
||||||
g_object_set_data (G_OBJECT (connection), WIRELESS_SECRETS_TRIES, GUINT_TO_POINTER (++tries));
|
g_object_set_data (G_OBJECT (connection), WIRELESS_SECRETS_TRIES, GUINT_TO_POINTER (++tries));
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@@ -140,6 +140,7 @@ static const char *internal_activate_device (NMManager *manager,
|
|||||||
NMConnection *connection,
|
NMConnection *connection,
|
||||||
const char *specific_object,
|
const char *specific_object,
|
||||||
gboolean user_requested,
|
gboolean user_requested,
|
||||||
|
gulong sender_uid,
|
||||||
gboolean assumed,
|
gboolean assumed,
|
||||||
GError **error);
|
GError **error);
|
||||||
|
|
||||||
@@ -942,6 +943,7 @@ secrets_result_cb (NMAgentManager *manager,
|
|||||||
|
|
||||||
static guint32
|
static guint32
|
||||||
system_connection_get_secrets_cb (NMSettingsConnection *connection,
|
system_connection_get_secrets_cb (NMSettingsConnection *connection,
|
||||||
|
const char *sender,
|
||||||
const char *setting_name,
|
const char *setting_name,
|
||||||
NMSettingsConnectionSecretsUpdatedFunc callback,
|
NMSettingsConnectionSecretsUpdatedFunc callback,
|
||||||
gpointer callback_data,
|
gpointer callback_data,
|
||||||
@@ -949,10 +951,22 @@ system_connection_get_secrets_cb (NMSettingsConnection *connection,
|
|||||||
{
|
{
|
||||||
NMManager *self = NM_MANAGER (user_data);
|
NMManager *self = NM_MANAGER (user_data);
|
||||||
NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self);
|
NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self);
|
||||||
gboolean call_id;
|
gboolean call_id = 0;
|
||||||
|
DBusError error;
|
||||||
|
gulong sender_uid;
|
||||||
|
|
||||||
|
/* Get the unix user of the requestor */
|
||||||
|
dbus_error_init (&error);
|
||||||
|
sender_uid = dbus_bus_get_unix_user (nm_dbus_manager_get_dbus_connection (priv->dbus_mgr),
|
||||||
|
sender,
|
||||||
|
&error);
|
||||||
|
if (dbus_error_is_set (&error))
|
||||||
|
dbus_error_free (&error);
|
||||||
|
else {
|
||||||
call_id = nm_agent_manager_get_secrets (priv->agent_mgr,
|
call_id = nm_agent_manager_get_secrets (priv->agent_mgr,
|
||||||
NM_CONNECTION (connection),
|
NM_CONNECTION (connection),
|
||||||
|
TRUE,
|
||||||
|
sender_uid,
|
||||||
setting_name,
|
setting_name,
|
||||||
NM_SECRET_AGENT_GET_SECRETS_FLAG_NONE,
|
NM_SECRET_AGENT_GET_SECRETS_FLAG_NONE,
|
||||||
NULL,
|
NULL,
|
||||||
@@ -960,6 +974,8 @@ system_connection_get_secrets_cb (NMSettingsConnection *connection,
|
|||||||
self,
|
self,
|
||||||
callback,
|
callback,
|
||||||
callback_data);
|
callback_data);
|
||||||
|
}
|
||||||
|
|
||||||
return call_id;
|
return call_id;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1576,7 +1592,7 @@ add_device (NMManager *self, NMDevice *device)
|
|||||||
nm_log_dbg (LOGD_DEVICE, "(%s): will attempt to assume existing connection",
|
nm_log_dbg (LOGD_DEVICE, "(%s): will attempt to assume existing connection",
|
||||||
nm_device_get_iface (device));
|
nm_device_get_iface (device));
|
||||||
|
|
||||||
ac_path = internal_activate_device (self, device, existing, NULL, FALSE, TRUE, &error);
|
ac_path = internal_activate_device (self, device, existing, NULL, FALSE, 0, TRUE, &error);
|
||||||
if (ac_path)
|
if (ac_path)
|
||||||
g_object_notify (G_OBJECT (self), NM_MANAGER_ACTIVE_CONNECTIONS);
|
g_object_notify (G_OBJECT (self), NM_MANAGER_ACTIVE_CONNECTIONS);
|
||||||
else {
|
else {
|
||||||
@@ -1910,6 +1926,7 @@ internal_activate_device (NMManager *manager,
|
|||||||
NMConnection *connection,
|
NMConnection *connection,
|
||||||
const char *specific_object,
|
const char *specific_object,
|
||||||
gboolean user_requested,
|
gboolean user_requested,
|
||||||
|
gulong sender_uid,
|
||||||
gboolean assumed,
|
gboolean assumed,
|
||||||
GError **error)
|
GError **error)
|
||||||
{
|
{
|
||||||
@@ -1938,6 +1955,7 @@ internal_activate_device (NMManager *manager,
|
|||||||
specific_object,
|
specific_object,
|
||||||
NM_MANAGER_GET_PRIVATE (manager)->agent_mgr,
|
NM_MANAGER_GET_PRIVATE (manager)->agent_mgr,
|
||||||
user_requested,
|
user_requested,
|
||||||
|
sender_uid,
|
||||||
assumed,
|
assumed,
|
||||||
(gpointer) device);
|
(gpointer) device);
|
||||||
success = nm_device_interface_activate (dev_iface, req, error);
|
success = nm_device_interface_activate (dev_iface, req, error);
|
||||||
@@ -1951,7 +1969,7 @@ nm_manager_activate_connection (NMManager *manager,
|
|||||||
NMConnection *connection,
|
NMConnection *connection,
|
||||||
const char *specific_object,
|
const char *specific_object,
|
||||||
const char *device_path,
|
const char *device_path,
|
||||||
gboolean user_requested,
|
const char *dbus_sender,
|
||||||
GError **error)
|
GError **error)
|
||||||
{
|
{
|
||||||
NMManagerPrivate *priv;
|
NMManagerPrivate *priv;
|
||||||
@@ -1959,6 +1977,8 @@ nm_manager_activate_connection (NMManager *manager,
|
|||||||
NMSettingConnection *s_con;
|
NMSettingConnection *s_con;
|
||||||
NMVPNConnection *vpn_connection;
|
NMVPNConnection *vpn_connection;
|
||||||
const char *path = NULL;
|
const char *path = NULL;
|
||||||
|
gulong sender_uid = 0;
|
||||||
|
DBusError dbus_error;
|
||||||
|
|
||||||
g_return_val_if_fail (manager != NULL, NULL);
|
g_return_val_if_fail (manager != NULL, NULL);
|
||||||
g_return_val_if_fail (connection != NULL, NULL);
|
g_return_val_if_fail (connection != NULL, NULL);
|
||||||
@@ -1967,6 +1987,21 @@ nm_manager_activate_connection (NMManager *manager,
|
|||||||
|
|
||||||
priv = NM_MANAGER_GET_PRIVATE (manager);
|
priv = NM_MANAGER_GET_PRIVATE (manager);
|
||||||
|
|
||||||
|
/* Get the UID of the user that originated the request, if any */
|
||||||
|
if (dbus_sender) {
|
||||||
|
dbus_error_init (&dbus_error);
|
||||||
|
sender_uid = dbus_bus_get_unix_user (nm_dbus_manager_get_dbus_connection (priv->dbus_mgr),
|
||||||
|
dbus_sender,
|
||||||
|
&dbus_error);
|
||||||
|
if (dbus_error_is_set (&dbus_error)) {
|
||||||
|
g_set_error_literal (error,
|
||||||
|
NM_MANAGER_ERROR, NM_MANAGER_ERROR_PERMISSION_DENIED,
|
||||||
|
"Failed to get unix user for dbus sender");
|
||||||
|
dbus_error_free (&dbus_error);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION));
|
s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION));
|
||||||
g_assert (s_con);
|
g_assert (s_con);
|
||||||
|
|
||||||
@@ -2014,6 +2049,8 @@ nm_manager_activate_connection (NMManager *manager,
|
|||||||
connection,
|
connection,
|
||||||
parent_req,
|
parent_req,
|
||||||
device,
|
device,
|
||||||
|
TRUE,
|
||||||
|
sender_uid,
|
||||||
error);
|
error);
|
||||||
if (vpn_connection)
|
if (vpn_connection)
|
||||||
path = nm_vpn_connection_get_active_connection_path (vpn_connection);
|
path = nm_vpn_connection_get_active_connection_path (vpn_connection);
|
||||||
@@ -2042,7 +2079,8 @@ nm_manager_activate_connection (NMManager *manager,
|
|||||||
device,
|
device,
|
||||||
connection,
|
connection,
|
||||||
specific_object,
|
specific_object,
|
||||||
user_requested,
|
dbus_sender ? TRUE : FALSE,
|
||||||
|
dbus_sender ? sender_uid : 0,
|
||||||
FALSE,
|
FALSE,
|
||||||
error);
|
error);
|
||||||
}
|
}
|
||||||
@@ -2063,6 +2101,7 @@ pending_activate (NMManager *self, PendingActivation *pending)
|
|||||||
NMSettingsConnection *connection;
|
NMSettingsConnection *connection;
|
||||||
const char *path = NULL;
|
const char *path = NULL;
|
||||||
GError *error = NULL;
|
GError *error = NULL;
|
||||||
|
char *sender;
|
||||||
|
|
||||||
/* Ok, we're authorized */
|
/* Ok, we're authorized */
|
||||||
|
|
||||||
@@ -2074,12 +2113,16 @@ pending_activate (NMManager *self, PendingActivation *pending)
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sender = dbus_g_method_get_sender (pending->context);
|
||||||
|
g_assert (sender);
|
||||||
path = nm_manager_activate_connection (self,
|
path = nm_manager_activate_connection (self,
|
||||||
NM_CONNECTION (connection),
|
NM_CONNECTION (connection),
|
||||||
pending->specific_object_path,
|
pending->specific_object_path,
|
||||||
pending->device_path,
|
pending->device_path,
|
||||||
TRUE,
|
sender,
|
||||||
&error);
|
&error);
|
||||||
|
g_free (sender);
|
||||||
|
|
||||||
if (!path) {
|
if (!path) {
|
||||||
nm_log_warn (LOGD_CORE, "connection %s failed to activate: (%d) %s",
|
nm_log_warn (LOGD_CORE, "connection %s failed to activate: (%d) %s",
|
||||||
pending->connection_path, error->code, error->message);
|
pending->connection_path, error->code, error->message);
|
||||||
|
|||||||
@@ -87,7 +87,7 @@ const char * nm_manager_activate_connection (NMManager *manager,
|
|||||||
NMConnection *connection,
|
NMConnection *connection,
|
||||||
const char *specific_object,
|
const char *specific_object,
|
||||||
const char *device_path,
|
const char *device_path,
|
||||||
gboolean user_requested,
|
const char *dbus_sender, /* NULL if automatic */
|
||||||
GError **error);
|
GError **error);
|
||||||
|
|
||||||
gboolean nm_manager_deactivate_connection (NMManager *manager,
|
gboolean nm_manager_deactivate_connection (NMManager *manager,
|
||||||
|
|||||||
@@ -758,7 +758,7 @@ auto_activate_device (gpointer user_data)
|
|||||||
best_connection,
|
best_connection,
|
||||||
specific_object,
|
specific_object,
|
||||||
nm_device_get_path (data->device),
|
nm_device_get_path (data->device),
|
||||||
FALSE,
|
NULL,
|
||||||
&error)) {
|
&error)) {
|
||||||
NMSettingConnection *s_con;
|
NMSettingConnection *s_con;
|
||||||
|
|
||||||
|
|||||||
@@ -471,7 +471,6 @@ impl_ppp_manager_need_secrets (NMPPPManager *manager,
|
|||||||
flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW;
|
flags |= NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW;
|
||||||
|
|
||||||
priv->secrets_id = nm_act_request_get_secrets (priv->act_req,
|
priv->secrets_id = nm_act_request_get_secrets (priv->act_req,
|
||||||
NULL,
|
|
||||||
setting_name,
|
setting_name,
|
||||||
flags,
|
flags,
|
||||||
hints ? g_ptr_array_index (hints, 0) : NULL,
|
hints ? g_ptr_array_index (hints, 0) : NULL,
|
||||||
|
|||||||
@@ -711,14 +711,22 @@ dbus_secrets_auth_cb (NMSettingsConnection *self,
|
|||||||
gpointer user_data)
|
gpointer user_data)
|
||||||
{
|
{
|
||||||
NMSettingsConnectionPrivate *priv = NM_SETTINGS_CONNECTION_GET_PRIVATE (self);
|
NMSettingsConnectionPrivate *priv = NM_SETTINGS_CONNECTION_GET_PRIVATE (self);
|
||||||
char *setting_name = user_data;
|
char *sender, *setting_name = user_data;
|
||||||
guint32 call_id = 0;
|
guint32 call_id = 0;
|
||||||
GError *local = NULL;
|
GError *local = NULL;
|
||||||
|
|
||||||
if (error)
|
sender = dbus_g_method_get_sender (context);
|
||||||
dbus_g_method_return_error (context, error);
|
if (!sender) {
|
||||||
else {
|
local = g_error_new_literal (NM_SETTINGS_ERROR,
|
||||||
g_signal_emit (self, signals[GET_SECRETS], 0, setting_name, dbus_get_agent_secrets_cb, context, &call_id);
|
NM_SETTINGS_ERROR_PERMISSION_DENIED,
|
||||||
|
"Unable to get request D-Bus sender");
|
||||||
|
} else if (!error) {
|
||||||
|
g_signal_emit (self, signals[GET_SECRETS], 0,
|
||||||
|
sender,
|
||||||
|
setting_name,
|
||||||
|
dbus_get_agent_secrets_cb,
|
||||||
|
context,
|
||||||
|
&call_id);
|
||||||
if (call_id > 0) {
|
if (call_id > 0) {
|
||||||
/* track the request and wait for the callback */
|
/* track the request and wait for the callback */
|
||||||
priv->reqs = g_slist_append (priv->reqs, GUINT_TO_POINTER (call_id));
|
priv->reqs = g_slist_append (priv->reqs, GUINT_TO_POINTER (call_id));
|
||||||
@@ -726,12 +734,15 @@ dbus_secrets_auth_cb (NMSettingsConnection *self,
|
|||||||
local = g_error_new_literal (NM_SETTINGS_ERROR,
|
local = g_error_new_literal (NM_SETTINGS_ERROR,
|
||||||
NM_SETTINGS_ERROR_SECRETS_UNAVAILABLE,
|
NM_SETTINGS_ERROR_SECRETS_UNAVAILABLE,
|
||||||
"No secrets were available");
|
"No secrets were available");
|
||||||
dbus_g_method_return_error (context, local);
|
|
||||||
g_error_free (local);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (error || local)
|
||||||
|
dbus_g_method_return_error (context, error ? error : local);
|
||||||
|
|
||||||
g_free (setting_name);
|
g_free (setting_name);
|
||||||
|
g_free (sender);
|
||||||
|
g_clear_error (&local);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
@@ -877,8 +888,8 @@ nm_settings_connection_class_init (NMSettingsConnectionClass *class)
|
|||||||
G_SIGNAL_RUN_FIRST,
|
G_SIGNAL_RUN_FIRST,
|
||||||
G_STRUCT_OFFSET (NMSettingsConnectionClass, get_secrets),
|
G_STRUCT_OFFSET (NMSettingsConnectionClass, get_secrets),
|
||||||
get_secrets_accumulator, NULL,
|
get_secrets_accumulator, NULL,
|
||||||
_nm_marshal_UINT__STRING_POINTER_POINTER,
|
_nm_marshal_UINT__STRING_STRING_POINTER_POINTER,
|
||||||
G_TYPE_UINT, 3, G_TYPE_STRING, G_TYPE_POINTER, G_TYPE_POINTER);
|
G_TYPE_UINT, 4, G_TYPE_STRING, G_TYPE_STRING, G_TYPE_POINTER, G_TYPE_POINTER);
|
||||||
|
|
||||||
signals[CANCEL_SECRETS] =
|
signals[CANCEL_SECRETS] =
|
||||||
g_signal_new (NM_SETTINGS_CONNECTION_CANCEL_SECRETS,
|
g_signal_new (NM_SETTINGS_CONNECTION_CANCEL_SECRETS,
|
||||||
|
|||||||
@@ -80,6 +80,7 @@ struct _NMSettingsConnectionClass {
|
|||||||
|
|
||||||
/* signals */
|
/* signals */
|
||||||
guint32 (*get_secrets) (NMSettingsConnection *connection,
|
guint32 (*get_secrets) (NMSettingsConnection *connection,
|
||||||
|
const char *sender, /* dbus bus name of requestor */
|
||||||
const char *setting_name,
|
const char *setting_name,
|
||||||
NMSettingsConnectionSecretsUpdatedFunc callback,
|
NMSettingsConnectionSecretsUpdatedFunc callback,
|
||||||
gpointer callback_data);
|
gpointer callback_data);
|
||||||
|
|||||||
@@ -57,6 +57,8 @@ typedef struct {
|
|||||||
|
|
||||||
NMConnection *connection;
|
NMConnection *connection;
|
||||||
|
|
||||||
|
gboolean user_requested;
|
||||||
|
gulong user_uid;
|
||||||
NMActRequest *act_request;
|
NMActRequest *act_request;
|
||||||
guint32 secrets_id;
|
guint32 secrets_id;
|
||||||
|
|
||||||
@@ -198,7 +200,9 @@ device_ip4_config_changed (NMDevice *device,
|
|||||||
NMVPNConnection *
|
NMVPNConnection *
|
||||||
nm_vpn_connection_new (NMConnection *connection,
|
nm_vpn_connection_new (NMConnection *connection,
|
||||||
NMActRequest *act_request,
|
NMActRequest *act_request,
|
||||||
NMDevice *parent_device)
|
NMDevice *parent_device,
|
||||||
|
gboolean user_requested,
|
||||||
|
gulong user_uid)
|
||||||
{
|
{
|
||||||
NMVPNConnection *self;
|
NMVPNConnection *self;
|
||||||
NMVPNConnectionPrivate *priv;
|
NMVPNConnectionPrivate *priv;
|
||||||
@@ -213,6 +217,8 @@ nm_vpn_connection_new (NMConnection *connection,
|
|||||||
|
|
||||||
priv = NM_VPN_CONNECTION_GET_PRIVATE (self);
|
priv = NM_VPN_CONNECTION_GET_PRIVATE (self);
|
||||||
|
|
||||||
|
priv->user_requested = user_requested;
|
||||||
|
priv->user_uid = user_uid;
|
||||||
priv->connection = g_object_ref (connection);
|
priv->connection = g_object_ref (connection);
|
||||||
priv->parent_dev = g_object_ref (parent_device);
|
priv->parent_dev = g_object_ref (parent_device);
|
||||||
priv->act_request = g_object_ref (act_request);
|
priv->act_request = g_object_ref (act_request);
|
||||||
@@ -811,8 +817,10 @@ connection_need_secrets_cb (DBusGProxy *proxy,
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
priv->secrets_id = nm_act_request_get_secrets (priv->act_request,
|
priv->secrets_id = nm_act_request_get_secrets_vpn (priv->act_request,
|
||||||
priv->connection,
|
priv->connection,
|
||||||
|
priv->user_requested,
|
||||||
|
priv->user_uid,
|
||||||
setting_name,
|
setting_name,
|
||||||
NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION,
|
NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION,
|
||||||
NULL,
|
NULL,
|
||||||
|
|||||||
@@ -15,7 +15,7 @@
|
|||||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
*
|
*
|
||||||
* Copyright (C) 2005 - 2010 Red Hat, Inc.
|
* Copyright (C) 2005 - 2011 Red Hat, Inc.
|
||||||
* Copyright (C) 2006 - 2008 Novell, Inc.
|
* Copyright (C) 2006 - 2008 Novell, Inc.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@@ -58,7 +58,9 @@ GType nm_vpn_connection_get_type (void);
|
|||||||
|
|
||||||
NMVPNConnection * nm_vpn_connection_new (NMConnection *connection,
|
NMVPNConnection * nm_vpn_connection_new (NMConnection *connection,
|
||||||
NMActRequest *act_request,
|
NMActRequest *act_request,
|
||||||
NMDevice *parent_device);
|
NMDevice *parent_device,
|
||||||
|
gboolean user_requested,
|
||||||
|
gulong user_uid);
|
||||||
|
|
||||||
void nm_vpn_connection_activate (NMVPNConnection *connection);
|
void nm_vpn_connection_activate (NMVPNConnection *connection);
|
||||||
NMConnection * nm_vpn_connection_get_connection (NMVPNConnection *connection);
|
NMConnection * nm_vpn_connection_get_connection (NMVPNConnection *connection);
|
||||||
|
|||||||
@@ -159,6 +159,8 @@ nm_vpn_manager_activate_connection (NMVPNManager *manager,
|
|||||||
NMConnection *connection,
|
NMConnection *connection,
|
||||||
NMActRequest *act_request,
|
NMActRequest *act_request,
|
||||||
NMDevice *device,
|
NMDevice *device,
|
||||||
|
gboolean user_requested,
|
||||||
|
gulong user_uid,
|
||||||
GError **error)
|
GError **error)
|
||||||
{
|
{
|
||||||
NMSettingVPN *vpn_setting;
|
NMSettingVPN *vpn_setting;
|
||||||
@@ -205,7 +207,7 @@ nm_vpn_manager_activate_connection (NMVPNManager *manager,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
vpn = nm_vpn_service_activate (service, connection, act_request, device, error);
|
vpn = nm_vpn_service_activate (service, connection, act_request, device, user_requested, user_uid, error);
|
||||||
if (vpn) {
|
if (vpn) {
|
||||||
g_signal_connect (vpn, "vpn-state-changed",
|
g_signal_connect (vpn, "vpn-state-changed",
|
||||||
G_CALLBACK (connection_vpn_state_changed),
|
G_CALLBACK (connection_vpn_state_changed),
|
||||||
|
|||||||
@@ -71,6 +71,8 @@ NMVPNConnection *nm_vpn_manager_activate_connection (NMVPNManager *manager,
|
|||||||
NMConnection *connection,
|
NMConnection *connection,
|
||||||
NMActRequest *act_request,
|
NMActRequest *act_request,
|
||||||
NMDevice *device,
|
NMDevice *device,
|
||||||
|
gboolean user_requested,
|
||||||
|
gulong user_uid,
|
||||||
GError **error);
|
GError **error);
|
||||||
|
|
||||||
gboolean nm_vpn_manager_deactivate_connection (NMVPNManager *manager,
|
gboolean nm_vpn_manager_deactivate_connection (NMVPNManager *manager,
|
||||||
|
|||||||
@@ -325,6 +325,8 @@ nm_vpn_service_activate (NMVPNService *service,
|
|||||||
NMConnection *connection,
|
NMConnection *connection,
|
||||||
NMActRequest *act_request,
|
NMActRequest *act_request,
|
||||||
NMDevice *device,
|
NMDevice *device,
|
||||||
|
gboolean user_requested,
|
||||||
|
gulong user_uid,
|
||||||
GError **error)
|
GError **error)
|
||||||
{
|
{
|
||||||
NMVPNConnection *vpn;
|
NMVPNConnection *vpn;
|
||||||
@@ -341,7 +343,7 @@ nm_vpn_service_activate (NMVPNService *service,
|
|||||||
|
|
||||||
clear_quit_timeout (service);
|
clear_quit_timeout (service);
|
||||||
|
|
||||||
vpn = nm_vpn_connection_new (connection, act_request, device);
|
vpn = nm_vpn_connection_new (connection, act_request, device, user_requested, user_uid);
|
||||||
g_signal_connect (vpn, "vpn-state-changed",
|
g_signal_connect (vpn, "vpn-state-changed",
|
||||||
G_CALLBACK (connection_vpn_state_changed),
|
G_CALLBACK (connection_vpn_state_changed),
|
||||||
service);
|
service);
|
||||||
|
|||||||
@@ -59,6 +59,8 @@ NMVPNConnection * nm_vpn_service_activate (NMVPNService *service,
|
|||||||
NMConnection *connection,
|
NMConnection *connection,
|
||||||
NMActRequest *act_request,
|
NMActRequest *act_request,
|
||||||
NMDevice *device,
|
NMDevice *device,
|
||||||
|
gboolean user_requested,
|
||||||
|
gulong user_uid,
|
||||||
GError **error);
|
GError **error);
|
||||||
|
|
||||||
GSList * nm_vpn_service_get_active_connections (NMVPNService *service);
|
GSList * nm_vpn_service_get_active_connections (NMVPNService *service);
|
||||||
|
|||||||
Reference in New Issue
Block a user