colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

core: add nm_auth_uid_in_acl()

Browse Source 
For checking whether a specific user ID is:
  1) in a known session
  2) allowed by the connection's permissions ACL
This commit is contained in:
Dan Williams
2010-11-18 13:49:47 -06:00
parent eccca738aa
commit 47eaf97d67
2 changed files with 55 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
src/nm-manager-auth.c
View File

@@ -18,13 +18,14 @@
* Copyright (C) 2010 Red Hat, Inc. * Copyright (C) 2010 Red Hat, Inc.
*/ */
#include <string.h>
#include <dbus/dbus-glib-lowlevel.h>
#include <nm-setting-connection.h>
#include "nm-manager-auth.h" #include "nm-manager-auth.h"
#include "nm-logging.h" #include "nm-logging.h"
#include "nm-dbus-manager.h" #include "nm-dbus-manager.h"
#include <dbus/dbus-glib-lowlevel.h>
#include <string.h>
struct NMAuthChain { struct NMAuthChain {
guint32 refcount; guint32 refcount;
PolkitAuthority *authority; PolkitAuthority *authority;
@@ -375,3 +376,46 @@ out:
g_free (sender); g_free (sender);
return success; return success;
} }
gboolean
nm_auth_uid_in_acl (NMConnection *connection,
NMSessionMonitor *smon,
gulong uid,
char **out_error_desc)
{
NMSettingConnection *s_con;
const char *user = NULL;
GError *local = NULL;
g_return_val_if_fail (connection != NULL, FALSE);
g_return_val_if_fail (smon != NULL, FALSE);
s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION));
g_assert (s_con);
/* Reject the request if the request comes from no session at all */
if (!nm_session_monitor_uid_has_session (smon, uid, &user, &local)) {
if (out_error_desc) {
*out_error_desc = g_strdup_printf ("No session found for uid %lu (%s)",
uid,
local && local->message ? local->message : "unknown");
}
return FALSE;
}
if (!user) {
if (out_error_desc)
*out_error_desc = g_strdup_printf ("Could not determine username for uid %lu", uid);
return FALSE;
}
/* Match the username returned by the session check to a user in the ACL */
if (!nm_setting_connection_permissions_user_allowed (s_con, user)) {
if (out_error_desc)
*out_error_desc = g_strdup_printf ("uid %lu has no permission to perform this operation", uid);
return FALSE;
}
return TRUE;
}

8
src/nm-manager-auth.h
View File

@@ -25,7 +25,9 @@
#include <glib.h> #include <glib.h>
#include <dbus/dbus-glib.h> #include <dbus/dbus-glib.h>
#include <nm-connection.h>
#include "nm-dbus-manager.h" #include "nm-dbus-manager.h"
#include "nm-session-monitor.h"
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network" #define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network"
#define NM_AUTH_PERMISSION_SLEEP_WAKE "org.freedesktop.NetworkManager.sleep-wake" #define NM_AUTH_PERMISSION_SLEEP_WAKE "org.freedesktop.NetworkManager.sleep-wake"
@@ -91,5 +93,11 @@ gboolean nm_auth_get_caller_uid (DBusGMethodInvocation *context,
gulong *out_uid, gulong *out_uid,
char **out_error_desc); char **out_error_desc);
/* Caller must free returned error description */
gboolean nm_auth_uid_in_acl (NMConnection *connection,
NMSessionMonitor *smon,
gulong uid,
char **out_error_desc);
#endif /* NM_MANAGER_AUTH_H */ #endif /* NM_MANAGER_AUTH_H */