colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

core: add function to create auth chains from a subjects or contexts

Browse Source 
The subject already contains all the information we need.
This commit is contained in:
Dan Williams
2013-07-29 10:39:23 -05:00
parent 49d098f29d
commit 7fe84e0ec7
2 changed files with 78 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
src/nm-manager-auth.c
View File

@@ -31,6 +31,7 @@
#include "nm-manager-auth.h" #include "nm-manager-auth.h"
#include "nm-logging.h" #include "nm-logging.h"
#include "nm-dbus-manager.h" #include "nm-dbus-manager.h"
#include "nm-auth-subject.h"
struct NMAuthChain { struct NMAuthChain {
guint32 refcount; guint32 refcount;
@@ -43,6 +44,7 @@ struct NMAuthChain {
DBusGMethodInvocation *context; DBusGMethodInvocation *context;
char *owner; char *owner;
gulong user_uid; gulong user_uid;
NMAuthSubject *subject;
GError *error; GError *error;
guint idle_id; guint idle_id;
@@ -109,6 +111,7 @@ _auth_chain_new (DBusGMethodInvocation *context,
DBusMessage *message, DBusMessage *message,
const char *dbus_sender, const char *dbus_sender,
gulong user_uid, gulong user_uid,
NMAuthSubject *subject,
NMAuthChainResultFunc done_func, NMAuthChainResultFunc done_func,
gpointer user_data) gpointer user_data)
{ {
@@ -125,18 +128,24 @@ _auth_chain_new (DBusGMethodInvocation *context,
self->done_func = done_func; self->done_func = done_func;
self->user_data = user_data; self->user_data = user_data;
self->context = context; self->context = context;
self->user_uid = user_uid;
if (subject) {
self->user_uid = nm_auth_subject_get_uid (subject);
self->subject = g_object_ref (subject);
return self;
}
if (message) if (message)
self->owner = g_strdup (dbus_message_get_sender (message)); self->owner = g_strdup (dbus_message_get_sender (message));
else if (dbus_sender) else if (dbus_sender)
self->owner = g_strdup (dbus_sender); self->owner = g_strdup (dbus_sender);
self->user_uid = user_uid;
if (user_uid > 0 && !self->owner) { if (user_uid > 0 && !self->owner) {
/* Need an owner */ /* Need an owner */
g_warn_if_fail (self->owner); g_warn_if_fail (self->owner);
nm_auth_chain_unref (self); nm_auth_chain_unref (self);
self = NULL; return NULL;
} }
return self; return self;
@@ -159,7 +168,7 @@ nm_auth_chain_new (DBusGMethodInvocation *context,
&sender, &sender,
&sender_uid, &sender_uid,
NULL)) { NULL)) {
chain = _auth_chain_new (context, NULL, sender, sender_uid, done_func, user_data); chain = _auth_chain_new (context, NULL, sender, sender_uid, NULL, done_func, user_data);
} }
if (!chain && out_error_desc) if (!chain && out_error_desc)
@@ -175,7 +184,7 @@ nm_auth_chain_new_raw_message (DBusMessage *message,
NMAuthChainResultFunc done_func, NMAuthChainResultFunc done_func,
gpointer user_data) gpointer user_data)
{ {
return _auth_chain_new (NULL, message, NULL, user_uid, done_func, user_data); return _auth_chain_new (NULL, message, NULL, user_uid, NULL, done_func, user_data);
} }
NMAuthChain * NMAuthChain *
@@ -184,7 +193,49 @@ nm_auth_chain_new_dbus_sender (const char *dbus_sender,
NMAuthChainResultFunc done_func, NMAuthChainResultFunc done_func,
gpointer user_data) gpointer user_data)
{ {
return _auth_chain_new (NULL, NULL, dbus_sender, user_uid, done_func, user_data); return _auth_chain_new (NULL, NULL, dbus_sender, user_uid, NULL, done_func, user_data);
}
/* Creates the NMAuthSubject automatically */
NMAuthChain *
nm_auth_chain_new_context (DBusGMethodInvocation *context,
NMAuthChainResultFunc done_func,
gpointer user_data)
{
NMAuthSubject *subject;
NMAuthChain *chain;
g_return_val_if_fail (context != NULL, NULL);
subject = nm_auth_subject_new_from_context (context);
if (!subject)
return NULL;
chain = nm_auth_chain_new_subject (subject,
context,
done_func,
user_data);
g_object_unref (subject);
return chain;
}
/* Requires an NMAuthSubject */
NMAuthChain *
nm_auth_chain_new_subject (NMAuthSubject *subject,
DBusGMethodInvocation *context,
NMAuthChainResultFunc done_func,
gpointer user_data)
{
NMAuthChain *chain;
g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), NULL);
chain = _auth_chain_new (context, NULL, NULL, G_MAXULONG, subject, done_func, user_data);
/* Chains creation from a valid NMAuthSubject cannot fail since the
* subject already has all the necessary auth info.
*/
g_assert (chain);
return chain;
} }
gpointer gpointer
@@ -423,7 +474,7 @@ _add_call_polkit (NMAuthChain *self,
AuthCall *call; AuthCall *call;
g_return_val_if_fail (self != NULL, FALSE); g_return_val_if_fail (self != NULL, FALSE);
g_return_val_if_fail (self->owner != NULL, FALSE); g_return_val_if_fail (self->owner || self->subject, FALSE);
g_return_val_if_fail (permission != NULL, FALSE); g_return_val_if_fail (permission != NULL, FALSE);
call = auth_call_new (self, permission); call = auth_call_new (self, permission);
@@ -434,11 +485,17 @@ _add_call_polkit (NMAuthChain *self,
return FALSE; return FALSE;
} }
if (self->subject) {
subject = g_object_ref (nm_auth_subject_get_polkit_subject (self->subject));
g_assert (subject);
} else {
g_assert (self->owner);
subject = polkit_system_bus_name_new (self->owner); subject = polkit_system_bus_name_new (self->owner);
if (!subject) { if (!subject) {
auth_call_schedule_complete_with_error (call, "Failed to create polkit subject"); auth_call_schedule_complete_with_error (call, "Failed to create polkit subject");
return FALSE; return FALSE;
} }
}
if (allow_interaction) if (allow_interaction)
flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION; flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION;
@@ -497,6 +554,7 @@ nm_auth_chain_unref (NMAuthChain *self)
g_object_unref (self->authority); g_object_unref (self->authority);
#endif #endif
g_free (self->owner); g_free (self->owner);
g_object_unref (self->subject);
for (iter = self->calls; iter; iter = g_slist_next (iter)) for (iter = self->calls; iter; iter = g_slist_next (iter))
auth_call_cancel ((AuthCall *) iter->data); auth_call_cancel ((AuthCall *) iter->data);

10
src/nm-manager-auth.h
View File

@@ -27,6 +27,7 @@
#include <nm-connection.h> #include <nm-connection.h>
#include "nm-dbus-manager.h" #include "nm-dbus-manager.h"
#include "nm-session-monitor.h" #include "nm-session-monitor.h"
#include "nm-auth-subject.h"
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network" #define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network"
#define NM_AUTH_PERMISSION_SLEEP_WAKE "org.freedesktop.NetworkManager.sleep-wake" #define NM_AUTH_PERMISSION_SLEEP_WAKE "org.freedesktop.NetworkManager.sleep-wake"
@@ -70,6 +71,15 @@ NMAuthChain *nm_auth_chain_new_dbus_sender (const char *dbus_sender,
NMAuthChainResultFunc done_func, NMAuthChainResultFunc done_func,
gpointer user_data); gpointer user_data);
NMAuthChain *nm_auth_chain_new_context (DBusGMethodInvocation *context,
NMAuthChainResultFunc done_func,
gpointer user_data);
NMAuthChain *nm_auth_chain_new_subject (NMAuthSubject *subject,
DBusGMethodInvocation *context,
NMAuthChainResultFunc done_func,
gpointer user_data);
gpointer nm_auth_chain_get_data (NMAuthChain *chain, const char *tag); gpointer nm_auth_chain_get_data (NMAuthChain *chain, const char *tag);
gpointer nm_auth_chain_steal_data (NMAuthChain *chain, const char *tag); gpointer nm_auth_chain_steal_data (NMAuthChain *chain, const char *tag);