colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wifi: require wifi.scan permission to start/stop P2P scan

Browse Source 
Users should not be allowed to start or stop a wifi-p2p scan unless
they have some kind of permission. Since we already have the
"org.freedesktop.NetworkManager.wifi.scan" permission for wifi scans,
check that.

Fixes: dd0c59c468 ('core/devices: Add DBus methods to start/stop a P2P find')

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1795
This commit is contained in:
Beniamino Galvani
2023-11-17 10:34:30 +01:00
parent 54f963ee5b
commit 94fa05aa9f
2 changed files with 68 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@@ -14,6 +14,9 @@ Overview of changes since NetworkManager-1.44
link local addresses on default wired connection. link local addresses on default wired connection.
* Honor udev property ID_NET_MANAGED_BY to only manage an interface * Honor udev property ID_NET_MANAGED_BY to only manage an interface
when set to "org.freedesktop.NetworkManager". when set to "org.freedesktop.NetworkManager".
* D-Bus methods StartFind() and StopFind() on interface
"org.freedesktop.NetworkManager.Device.WifiP2P" now require the
"org.freedesktop.NetworkManager.wifi.scan" Polkit permission.
* Drop build support with Python2. Python3 is now required. * Drop build support with Python2. Python3 is now required.
* nmcli: limit number of printed addresses/routes in `nmcli` overview to 10. * nmcli: limit number of printed addresses/routes in `nmcli` overview to 10.
* Limit number of exported IP addresses/routes on D-Bus to 100 to reduce * Limit number of exported IP addresses/routes on D-Bus to 100 to reduce

69
src/core/devices/wifi/nm-device-wifi-p2p.c
View File

@@ -15,6 +15,7 @@
#include "NetworkManagerUtils.h" #include "NetworkManagerUtils.h"
#include "devices/nm-device-private.h" #include "devices/nm-device-private.h"
#include "libnm-core-aux-intern/nm-libnm-core-utils.h" #include "libnm-core-aux-intern/nm-libnm-core-utils.h"
#include "libnm-core-aux-intern/nm-common-macros.h"
#include "libnm-core-intern/nm-core-internal.h" #include "libnm-core-intern/nm-core-internal.h"
#include "libnm-glib-aux/nm-ref-string.h" #include "libnm-glib-aux/nm-ref-string.h"
#include "libnm-platform/nm-platform.h" #include "libnm-platform/nm-platform.h"
@@ -982,23 +983,24 @@ device_state_changed(NMDevice *device,
} }
static void static void
impl_device_wifi_p2p_start_find(NMDBusObject *obj, p2p_start_find_auth_cb(NMDevice *device,
const NMDBusInterfaceInfoExtended *interface_info,
const NMDBusMethodInfoExtended *method_info,
GDBusConnection *connection,
const char *sender,
GDBusMethodInvocation *invocation, GDBusMethodInvocation *invocation,
GVariant *parameters) NMAuthSubject *subject,
GError *error,
gpointer user_data)
{ {
NMDeviceWifiP2P *self = NM_DEVICE_WIFI_P2P(obj); NMDeviceWifiP2P *self = NM_DEVICE_WIFI_P2P(device);
NMDeviceWifiP2PPrivate *priv = NM_DEVICE_WIFI_P2P_GET_PRIVATE(self); NMDeviceWifiP2PPrivate *priv = NM_DEVICE_WIFI_P2P_GET_PRIVATE(self);
gs_unref_variant GVariant *options = NULL; gs_unref_variant GVariant *options = user_data;
const char *opts_key; const char *opts_key;
GVariant *opts_val; GVariant *opts_val;
GVariantIter iter; GVariantIter iter;
gint32 timeout = 30; gint32 timeout = 30;
g_variant_get(parameters, "(@a{sv})", &options); if (error) {
g_dbus_method_invocation_return_gerror(invocation, error);
return;
}
g_variant_iter_init(&iter, options); g_variant_iter_init(&iter, options);
while (g_variant_iter_next(&iter, "{&sv}", &opts_key, &opts_val)) { while (g_variant_iter_next(&iter, "{&sv}", &opts_key, &opts_val)) {
@@ -1050,7 +1052,7 @@ impl_device_wifi_p2p_start_find(NMDBusObject *obj,
} }
static void static void
impl_device_wifi_p2p_stop_find(NMDBusObject *obj, impl_device_wifi_p2p_start_find(NMDBusObject *obj,
const NMDBusInterfaceInfoExtended *interface_info, const NMDBusInterfaceInfoExtended *interface_info,
const NMDBusMethodInfoExtended *method_info, const NMDBusMethodInfoExtended *method_info,
GDBusConnection *connection, GDBusConnection *connection,
@@ -1058,9 +1060,35 @@ impl_device_wifi_p2p_stop_find(NMDBusObject *obj,
GDBusMethodInvocation *invocation, GDBusMethodInvocation *invocation,
GVariant *parameters) GVariant *parameters)
{ {
NMDeviceWifiP2P *self = NM_DEVICE_WIFI_P2P(obj); gs_unref_variant GVariant *options = NULL;
g_variant_get(parameters, "(@a{sv})", &options);
nm_device_auth_request(NM_DEVICE(obj),
invocation,
NULL,
NM_AUTH_PERMISSION_WIFI_SCAN,
TRUE,
NULL,
p2p_start_find_auth_cb,
g_steal_pointer(&options));
}
static void
p2p_stop_find_auth_cb(NMDevice *device,
GDBusMethodInvocation *invocation,
NMAuthSubject *subject,
GError *error,
gpointer user_data)
{
NMDeviceWifiP2P *self = NM_DEVICE_WIFI_P2P(device);
NMDeviceWifiP2PPrivate *priv = NM_DEVICE_WIFI_P2P_GET_PRIVATE(self); NMDeviceWifiP2PPrivate *priv = NM_DEVICE_WIFI_P2P_GET_PRIVATE(self);
if (error) {
g_dbus_method_invocation_return_gerror(invocation, error);
return;
}
if (!priv->mgmt_iface) { if (!priv->mgmt_iface) {
g_dbus_method_invocation_return_error_literal( g_dbus_method_invocation_return_error_literal(
invocation, invocation,
@@ -1075,6 +1103,25 @@ impl_device_wifi_p2p_stop_find(NMDBusObject *obj,
g_dbus_method_invocation_return_value(invocation, NULL); g_dbus_method_invocation_return_value(invocation, NULL);
} }
static void
impl_device_wifi_p2p_stop_find(NMDBusObject *obj,
const NMDBusInterfaceInfoExtended *interface_info,
const NMDBusMethodInfoExtended *method_info,
GDBusConnection *connection,
const char *sender,
GDBusMethodInvocation *invocation,
GVariant *parameters)
{
nm_device_auth_request(NM_DEVICE(obj),
invocation,
NULL,
NM_AUTH_PERMISSION_WIFI_SCAN,
TRUE,
NULL,
p2p_stop_find_auth_cb,
NULL);
}
/*****************************************************************************/ /*****************************************************************************/
NMSupplicantInterface * NMSupplicantInterface *