colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

core: reject unsupported flags for CheckpointCreate D-Bus request

Browse Source
This commit is contained in:
Thomas Haller
2022-02-22 22:08:18 +01:00
parent 13caff572d
commit df6ee44fb2
1 changed files with 25 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/core/nm-manager.c
View File

@@ -7600,15 +7600,30 @@ impl_manager_checkpoint_create(NMDBusObject *obj,
GDBusMethodInvocation *invocation, GDBusMethodInvocation *invocation,
GVariant *parameters) GVariant *parameters)
{ {
NMManager *self = NM_MANAGER(obj); NMManager *self = NM_MANAGER(obj);
NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE(self); NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE(self);
NMAuthChain *chain; NMAuthChain *chain;
char **devices; gs_strfreev char **devices = NULL;
guint32 rollback_timeout; guint32 rollback_timeout;
guint32 flags; guint32 flags;
G_STATIC_ASSERT_EXPR(sizeof(flags) <= sizeof(NMCheckpointCreateFlags)); G_STATIC_ASSERT_EXPR(sizeof(flags) <= sizeof(NMCheckpointCreateFlags));
g_variant_get(parameters, "(^aouu)", &devices, &rollback_timeout, &flags);
if ((NMCheckpointCreateFlags) flags != flags
|| NM_FLAGS_ANY(flags,
~((guint32) (NM_CHECKPOINT_CREATE_FLAG_DESTROY_ALL
| NM_CHECKPOINT_CREATE_FLAG_DELETE_NEW_CONNECTIONS
| NM_CHECKPOINT_CREATE_FLAG_DISCONNECT_NEW_DEVICES
| NM_CHECKPOINT_CREATE_FLAG_ALLOW_OVERLAPPING)))) {
g_dbus_method_invocation_return_error_literal(invocation,
NM_MANAGER_ERROR,
NM_MANAGER_ERROR_INVALID_ARGUMENTS,
"Invalid flags");
return;
}
chain = nm_auth_chain_new_context(invocation, checkpoint_auth_done_cb, self); chain = nm_auth_chain_new_context(invocation, checkpoint_auth_done_cb, self);
if (!chain) { if (!chain) {
g_dbus_method_invocation_return_error_literal(invocation, g_dbus_method_invocation_return_error_literal(invocation,
@@ -7618,11 +7633,12 @@ impl_manager_checkpoint_create(NMDBusObject *obj,
return; return;
} }
g_variant_get(parameters, "(^aouu)", &devices, &rollback_timeout, &flags);
c_list_link_tail(&priv->auth_lst_head, nm_auth_chain_parent_lst_list(chain)); c_list_link_tail(&priv->auth_lst_head, nm_auth_chain_parent_lst_list(chain));
nm_auth_chain_set_data(chain, "audit-op", NM_AUDIT_OP_CHECKPOINT_CREATE, NULL); nm_auth_chain_set_data(chain, "audit-op", NM_AUDIT_OP_CHECKPOINT_CREATE, NULL);
nm_auth_chain_set_data(chain, "devices", devices, (GDestroyNotify) g_strfreev); nm_auth_chain_set_data(chain,
"devices",
g_steal_pointer(&devices),
(GDestroyNotify) g_strfreev);
nm_auth_chain_set_data(chain, "flags", GUINT_TO_POINTER(flags), NULL); nm_auth_chain_set_data(chain, "flags", GUINT_TO_POINTER(flags), NULL);
nm_auth_chain_set_data(chain, "timeout", GUINT_TO_POINTER(rollback_timeout), NULL); nm_auth_chain_set_data(chain, "timeout", GUINT_TO_POINTER(rollback_timeout), NULL);
nm_auth_chain_add_call(chain, NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK, TRUE); nm_auth_chain_add_call(chain, NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK, TRUE);