session: switch code to nm_session_monitor_session_exists()
Acked-By: Thomas Haller <thaller@redhat.com>
This commit is contained in:
Pavel Šimerda
@@ -425,7 +425,6 @@ nm_auth_is_subject_in_acl (NMConnection *connection,
|
||||
{
|
||||
NMSettingConnection *s_con;
|
||||
const char *user = NULL;
|
||||
GError *local = NULL;
|
||||
gulong uid;
|
||||
|
||||
g_return_val_if_fail (connection != NULL, FALSE);
|
||||
@@ -443,17 +442,13 @@ nm_auth_is_subject_in_acl (NMConnection *connection,
|
||||
return TRUE;
|
||||
|
||||
/* Reject the request if the request comes from no session at all */
|
||||
if (!nm_session_monitor_uid_has_session (smon, uid, &user, &local)) {
|
||||
if (out_error_desc) {
|
||||
*out_error_desc = g_strdup_printf ("No session found for uid %lu (%s)",
|
||||
uid,
|
||||
local && local->message ? local->message : "unknown");
|
||||
}
|
||||
g_clear_error (&local);
|
||||
if (!nm_session_monitor_session_exists (uid, FALSE)) {
|
||||
if (out_error_desc)
|
||||
*out_error_desc = g_strdup_printf ("No session found for uid %lu", uid);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (!user) {
|
||||
if (!nm_session_monitor_uid_to_user (uid, &user)) {
|
||||
if (out_error_desc)
|
||||
*out_error_desc = g_strdup_printf ("Could not determine username for uid %lu", uid);
|
||||
return FALSE;
|
||||
|
||||
@@ -65,3 +65,25 @@ nm_session_monitor_user_to_uid (const char *user, uid_t *out_uid)
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* nm_session_monitor_session_exists:
|
||||
* @uid: A user ID.
|
||||
* @active: Ignore inactive sessions.
|
||||
*
|
||||
* Checks whether the given @uid is logged into an active session. Don't
|
||||
* use this feature for security purposes. It is there just to allow you
|
||||
* to prefer an agent from an active session over an agent from an
|
||||
* inactive one.
|
||||
*
|
||||
* Returns: %FALSE if @error is set otherwise %TRUE if the given @uid is
|
||||
* logged into an active session.
|
||||
*/
|
||||
gboolean
|
||||
nm_session_monitor_session_exists (uid_t uid, gboolean active)
|
||||
{
|
||||
if (active)
|
||||
return nm_session_monitor_uid_active (nm_session_monitor_get (), uid, NULL);
|
||||
else
|
||||
return nm_session_monitor_uid_has_session (nm_session_monitor_get (), uid, NULL, NULL);
|
||||
}
|
||||
|
||||
@@ -43,6 +43,7 @@ NMSessionMonitor *nm_session_monitor_get (void);
|
||||
|
||||
gboolean nm_session_monitor_uid_to_user (uid_t uid, const char **out_user);
|
||||
gboolean nm_session_monitor_user_to_uid (const char *user, uid_t *out_uid);
|
||||
gboolean nm_session_monitor_session_exists (uid_t uid, gboolean active);
|
||||
|
||||
gboolean nm_session_monitor_user_has_session (NMSessionMonitor *monitor,
|
||||
const char *username,
|
||||
|
||||
@@ -273,7 +273,7 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self,
|
||||
NMAgentManagerPrivate *priv = NM_AGENT_MANAGER_GET_PRIVATE (self);
|
||||
NMAuthSubject *subject;
|
||||
gulong sender_uid = G_MAXULONG;
|
||||
GError *error = NULL, *local = NULL;
|
||||
GError *error = NULL;
|
||||
NMSecretAgent *agent;
|
||||
NMAuthChain *chain;
|
||||
|
||||
@@ -287,13 +287,10 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self,
|
||||
sender_uid = nm_auth_subject_get_unix_process_uid (subject);
|
||||
|
||||
if ( 0 != sender_uid
|
||||
&& !nm_session_monitor_uid_has_session (nm_session_monitor_get (),
|
||||
sender_uid,
|
||||
NULL,
|
||||
&local)) {
|
||||
&& !nm_session_monitor_session_exists (sender_uid, FALSE)) {
|
||||
error = g_error_new_literal (NM_AGENT_MANAGER_ERROR,
|
||||
NM_AGENT_MANAGER_ERROR_PERMISSION_DENIED,
|
||||
local && local->message ? local->message : "Session not found");
|
||||
"Session not found");
|
||||
goto done;
|
||||
}
|
||||
|
||||
@@ -339,7 +336,6 @@ done:
|
||||
if (error)
|
||||
dbus_g_method_return_error (context, error);
|
||||
g_clear_error (&error);
|
||||
g_clear_error (&local);
|
||||
g_clear_object (&subject);
|
||||
}
|
||||
|
||||
@@ -530,12 +526,8 @@ agent_compare_func (gconstpointer aa, gconstpointer bb, gpointer user_data)
|
||||
}
|
||||
|
||||
/* Prefer agents in active sessions */
|
||||
a_active = nm_session_monitor_uid_active (nm_session_monitor_get (),
|
||||
nm_secret_agent_get_owner_uid (a),
|
||||
NULL);
|
||||
b_active = nm_session_monitor_uid_active (nm_session_monitor_get (),
|
||||
nm_secret_agent_get_owner_uid (b),
|
||||
NULL);
|
||||
a_active = nm_session_monitor_session_exists (nm_secret_agent_get_owner_uid (a), TRUE);
|
||||
b_active = nm_session_monitor_session_exists (nm_secret_agent_get_owner_uid (b), TRUE);
|
||||
if (a_active && !b_active)
|
||||
return -1;
|
||||
else if (a_active == b_active)
|
||||
|
||||
@@ -262,15 +262,19 @@ nm_settings_connection_recheck_visibility (NMSettingsConnection *self)
|
||||
}
|
||||
|
||||
for (i = 0; i < num; i++) {
|
||||
const char *puser;
|
||||
const char *user;
|
||||
uid_t uid;
|
||||
|
||||
if (!nm_setting_connection_get_permission (s_con, i, NULL, &user, NULL))
|
||||
continue;
|
||||
if (!nm_session_monitor_user_to_uid (user, &uid))
|
||||
continue;
|
||||
if (!nm_session_monitor_session_exists (uid, FALSE))
|
||||
continue;
|
||||
|
||||
if (nm_setting_connection_get_permission (s_con, i, NULL, &puser, NULL)) {
|
||||
if (nm_session_monitor_user_has_session (priv->session_monitor, puser, NULL, NULL)) {
|
||||
set_visible (self, TRUE);
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
set_visible (self, FALSE);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user