From 4c7fa8dfdcbf13f3633b565af53896ac79366912 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Fri, 19 Aug 2016 11:51:00 +0200 Subject: [PATCH] core: drop root requirement for load_connection(s)/set_logging D-Bus calls The D-Bus configuration already ensures that only root can do that; enforcing the permission at policy level seems better than doing it in the daemon itself because it allows users to change the policy and also because callers can exit immediately after issuing the request. --- src/nm-manager.c | 17 ----------------- src/settings/nm-settings.c | 8 -------- 2 files changed, 25 deletions(-) diff --git a/src/nm-manager.c b/src/nm-manager.c index 89dc73604..237a45537 100644 --- a/src/nm-manager.c +++ b/src/nm-manager.c @@ -4474,30 +4474,13 @@ impl_manager_set_logging (NMManager *self, const char *level, const char *domains) { - NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self); GError *error = NULL; - gulong caller_uid = G_MAXULONG; - - if (!nm_bus_manager_get_caller_info (priv->dbus_mgr, context, NULL, &caller_uid, NULL)) { - error = g_error_new_literal (NM_MANAGER_ERROR, - NM_MANAGER_ERROR_PERMISSION_DENIED, - "Failed to get request UID."); - goto done; - } - - if (0 != caller_uid) { - error = g_error_new_literal (NM_MANAGER_ERROR, - NM_MANAGER_ERROR_PERMISSION_DENIED, - "Permission denied"); - goto done; - } if (nm_logging_setup (level, domains, NULL, &error)) { _LOGI (LOGD_CORE, "logging: level '%s' domains '%s'", nm_logging_level_to_string (), nm_logging_domains_to_string ()); } -done: if (error) g_dbus_method_invocation_take_error (context, error); else diff --git a/src/settings/nm-settings.c b/src/settings/nm-settings.c index 529d7581d..59a4aa07e 100644 --- a/src/settings/nm-settings.c +++ b/src/settings/nm-settings.c @@ -1522,10 +1522,6 @@ impl_settings_load_connections (NMSettings *self, GSList *iter; int i; - if (!nm_bus_manager_ensure_root (nm_bus_manager_get (), context, - NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_PERMISSION_DENIED)) - return; - failures = g_ptr_array_new (); for (i = 0; filenames[i]; i++) { @@ -1559,10 +1555,6 @@ impl_settings_reload_connections (NMSettings *self, NMSettingsPrivate *priv = NM_SETTINGS_GET_PRIVATE (self); GSList *iter; - if (!nm_bus_manager_ensure_root (nm_bus_manager_get (), context, - NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_PERMISSION_DENIED)) - return; - for (iter = priv->plugins; iter; iter = g_slist_next (iter)) { NMSettingsPlugin *plugin = NM_SETTINGS_PLUGIN (iter->data);