colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

settings: port NMAgentManager, etc, to use NMAuthSubject

Browse Source 
Rather than explicitly passing around a UID and a flag saying whether
or not it's relevant.

(This also fixes a bug where the wrong UID was being recorded in
nm-settings-connection.c::auth_start(), which caused problems such as
agent-owned secrets not getting saved because of a perceived UID
mismatch.)
This commit is contained in:
Dan Winship
2013-11-05 14:36:38 -05:00
parent 37b8983c39
commit f3c2851c2b
18 changed files with 89 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/nm-activation-request.c
View File

@@ -105,7 +105,6 @@ nm_act_request_get_secrets (NMActRequest *self,
GetSecretsInfo *info; GetSecretsInfo *info;
guint32 call_id; guint32 call_id;
NMConnection *connection; NMConnection *connection;
gboolean user_requested;
const char *hints[2] = { hint, NULL }; const char *hints[2] = { hint, NULL };
g_return_val_if_fail (self, 0); g_return_val_if_fail (self, 0);
@@ -118,14 +117,12 @@ nm_act_request_get_secrets (NMActRequest *self,
info->callback = callback; info->callback = callback;
info->callback_data = callback_data; info->callback_data = callback_data;
user_requested = nm_active_connection_get_user_requested (NM_ACTIVE_CONNECTION (self)); if (nm_active_connection_get_user_requested (NM_ACTIVE_CONNECTION (self)))
if (user_requested)
flags |= NM_SETTINGS_GET_SECRETS_FLAG_USER_REQUESTED; flags |= NM_SETTINGS_GET_SECRETS_FLAG_USER_REQUESTED;
connection = nm_active_connection_get_connection (NM_ACTIVE_CONNECTION (self)); connection = nm_active_connection_get_connection (NM_ACTIVE_CONNECTION (self));
call_id = nm_settings_connection_get_secrets (NM_SETTINGS_CONNECTION (connection), call_id = nm_settings_connection_get_secrets (NM_SETTINGS_CONNECTION (connection),
user_requested, nm_active_connection_get_subject (NM_ACTIVE_CONNECTION (self)),
nm_active_connection_get_user_uid (NM_ACTIVE_CONNECTION (self)),
setting_name, setting_name,
flags, flags,
hints, hints,

11
src/nm-active-connection.c
View File

@@ -282,17 +282,6 @@ nm_active_connection_get_user_requested (NMActiveConnection *self)
return !nm_auth_subject_get_internal (NM_ACTIVE_CONNECTION_GET_PRIVATE (self)->subject); return !nm_auth_subject_get_internal (NM_ACTIVE_CONNECTION_GET_PRIVATE (self)->subject);
} }
gulong
nm_active_connection_get_user_uid (NMActiveConnection *self)
{
NMActiveConnectionPrivate *priv;
g_return_val_if_fail (NM_IS_ACTIVE_CONNECTION (self), G_MAXULONG);
priv = NM_ACTIVE_CONNECTION_GET_PRIVATE (self);
return nm_auth_subject_get_uid (priv->subject);
}
NMDevice * NMDevice *
nm_active_connection_get_device (NMActiveConnection *self) nm_active_connection_get_device (NMActiveConnection *self)
{ {

2
src/nm-active-connection.h
View File

@@ -120,8 +120,6 @@ NMAuthSubject *nm_active_connection_get_subject (NMActiveConnection *self);
gboolean nm_active_connection_get_user_requested (NMActiveConnection *self); gboolean nm_active_connection_get_user_requested (NMActiveConnection *self);
gulong nm_active_connection_get_user_uid (NMActiveConnection *self);
NMActiveConnection *nm_active_connection_get_master (NMActiveConnection *self); NMActiveConnection *nm_active_connection_get_master (NMActiveConnection *self);
gboolean nm_active_connection_get_master_ready (NMActiveConnection *self); gboolean nm_active_connection_get_master_ready (NMActiveConnection *self);

73
src/settings/nm-agent-manager.c
View File

@@ -413,8 +413,7 @@ struct _Request {
char *detail; char *detail;
char *verb; char *verb;
gboolean filter_by_uid; NMAuthSubject *subject;
gulong uid_filter;
/* Current agent being asked for secrets */ /* Current agent being asked for secrets */
NMSecretAgent *current; NMSecretAgent *current;
@@ -447,8 +446,7 @@ static Request *
request_new (gsize struct_size, request_new (gsize struct_size,
const char *detail, const char *detail,
const char *verb, const char *verb,
gboolean filter_by_uid, NMAuthSubject *subject,
gulong uid_filter,
RequestCompleteFunc complete_callback, RequestCompleteFunc complete_callback,
gpointer complete_callback_data, gpointer complete_callback_data,
RequestAddAgentFunc add_agent_callback, RequestAddAgentFunc add_agent_callback,
@@ -462,8 +460,7 @@ request_new (gsize struct_size,
req->reqid = next_req_id++; req->reqid = next_req_id++;
req->detail = g_strdup (detail); req->detail = g_strdup (detail);
req->verb = g_strdup (verb); req->verb = g_strdup (verb);
req->filter_by_uid = filter_by_uid; req->subject = g_object_ref (subject);
req->uid_filter = uid_filter;
req->complete_callback = complete_callback; req->complete_callback = complete_callback;
req->complete_callback_data = complete_callback_data; req->complete_callback_data = complete_callback_data;
req->add_agent_callback = add_agent_callback, req->add_agent_callback = add_agent_callback,
@@ -485,6 +482,8 @@ request_free (Request *req)
if (!req->completed && req->cancel_callback) if (!req->completed && req->cancel_callback)
req->cancel_callback (req); req->cancel_callback (req);
g_object_unref (req->subject);
g_free (req->detail); g_free (req->detail);
g_free (req->verb); g_free (req->verb);
g_slist_free_full (req->pending, g_object_unref); g_slist_free_full (req->pending, g_object_unref);
@@ -547,8 +546,6 @@ agent_compare_func (NMSecretAgent *a, NMSecretAgent *b, gpointer user_data)
static void static void
request_add_agent (Request *req, NMSecretAgent *agent) request_add_agent (Request *req, NMSecretAgent *agent)
{ {
uid_t agent_uid;
g_return_if_fail (req != NULL); g_return_if_fail (req != NULL);
g_return_if_fail (agent != NULL); g_return_if_fail (agent != NULL);
@@ -559,13 +556,19 @@ request_add_agent (Request *req, NMSecretAgent *agent)
return; return;
/* If the request should filter agents by UID, do that now */ /* If the request should filter agents by UID, do that now */
agent_uid = nm_secret_agent_get_owner_uid (agent); if (!nm_auth_subject_get_internal (req->subject)) {
if (req->filter_by_uid && (agent_uid != req->uid_filter)) { uid_t agent_uid, subject_uid;
nm_log_dbg (LOGD_AGENTS, "(%s) agent ignored for secrets request %p/%s "
"(uid %d not required %ld)", agent_uid = nm_secret_agent_get_owner_uid (agent);
nm_secret_agent_get_description (agent), subject_uid = nm_auth_subject_get_uid (req->subject);
req, req->detail, agent_uid, req->uid_filter); if (agent_uid != subject_uid) {
return; nm_log_dbg (LOGD_AGENTS, "(%s) agent ignored for secrets request %p/%s "
"(uid %ld not required %ld)",
nm_secret_agent_get_description (agent),
req, req->detail,
(long)agent_uid, (long)subject_uid);
return;
}
} }
nm_log_dbg (LOGD_AGENTS, "(%s) agent allowed for secrets request %p/%s", nm_log_dbg (LOGD_AGENTS, "(%s) agent allowed for secrets request %p/%s",
@@ -712,8 +715,7 @@ connection_request_add_agent (Request *parent, NMSecretAgent *agent)
static ConnectionRequest * static ConnectionRequest *
connection_request_new_get (NMConnection *connection, connection_request_new_get (NMConnection *connection,
gboolean filter_by_uid, NMAuthSubject *subject,
gulong uid_filter,
GHashTable *existing_secrets, GHashTable *existing_secrets,
const char *setting_name, const char *setting_name,
const char *verb, const char *verb,
@@ -733,8 +735,7 @@ connection_request_new_get (NMConnection *connection,
req = (ConnectionRequest *) request_new (sizeof (ConnectionRequest), req = (ConnectionRequest *) request_new (sizeof (ConnectionRequest),
nm_connection_get_id (connection), nm_connection_get_id (connection),
verb, verb,
filter_by_uid, subject,
uid_filter,
complete_callback, complete_callback,
complete_callback_data, complete_callback_data,
connection_request_add_agent, connection_request_add_agent,
@@ -758,8 +759,7 @@ connection_request_new_get (NMConnection *connection,
static ConnectionRequest * static ConnectionRequest *
connection_request_new_other (NMConnection *connection, connection_request_new_other (NMConnection *connection,
gboolean filter_by_uid, NMAuthSubject *subject,
gulong uid_filter,
const char *verb, const char *verb,
RequestCompleteFunc complete_callback, RequestCompleteFunc complete_callback,
gpointer complete_callback_data, gpointer complete_callback_data,
@@ -770,8 +770,7 @@ connection_request_new_other (NMConnection *connection,
req = (ConnectionRequest *) request_new (sizeof (ConnectionRequest), req = (ConnectionRequest *) request_new (sizeof (ConnectionRequest),
nm_connection_get_id (connection), nm_connection_get_id (connection),
verb, verb,
filter_by_uid, subject,
uid_filter,
complete_callback, complete_callback,
complete_callback_data, complete_callback_data,
NULL, NULL,
@@ -1146,8 +1145,7 @@ get_cancel_cb (Request *parent)
guint32 guint32
nm_agent_manager_get_secrets (NMAgentManager *self, nm_agent_manager_get_secrets (NMAgentManager *self,
NMConnection *connection, NMConnection *connection,
gboolean filter_by_uid, NMAuthSubject *subject,
gulong uid_filter,
GHashTable *existing_secrets, GHashTable *existing_secrets,
const char *setting_name, const char *setting_name,
NMSettingsGetSecretsFlags flags, NMSettingsGetSecretsFlags flags,
@@ -1178,8 +1176,7 @@ nm_agent_manager_get_secrets (NMAgentManager *self,
*/ */
req = connection_request_new_get (connection, req = connection_request_new_get (connection,
filter_by_uid, subject,
uid_filter,
existing_secrets, existing_secrets,
setting_name, setting_name,
"getting", "getting",
@@ -1279,8 +1276,7 @@ save_complete_cb (Request *req,
guint32 guint32
nm_agent_manager_save_secrets (NMAgentManager *self, nm_agent_manager_save_secrets (NMAgentManager *self,
NMConnection *connection, NMConnection *connection,
gboolean filter_by_uid, NMAuthSubject *subject)
gulong uid_filter)
{ {
NMAgentManagerPrivate *priv = NM_AGENT_MANAGER_GET_PRIVATE (self); NMAgentManagerPrivate *priv = NM_AGENT_MANAGER_GET_PRIVATE (self);
ConnectionRequest *req; ConnectionRequest *req;
@@ -1295,8 +1291,7 @@ nm_agent_manager_save_secrets (NMAgentManager *self,
nm_connection_get_id (connection)); nm_connection_get_id (connection));
req = connection_request_new_other (connection, req = connection_request_new_other (connection,
filter_by_uid, subject,
uid_filter,
"saving", "saving",
save_complete_cb, save_complete_cb,
self, self,
@@ -1367,11 +1362,10 @@ delete_complete_cb (Request *req,
guint32 guint32
nm_agent_manager_delete_secrets (NMAgentManager *self, nm_agent_manager_delete_secrets (NMAgentManager *self,
NMConnection *connection, NMConnection *connection)
gboolean filter_by_uid,
gulong uid_filter)
{ {
NMAgentManagerPrivate *priv = NM_AGENT_MANAGER_GET_PRIVATE (self); NMAgentManagerPrivate *priv = NM_AGENT_MANAGER_GET_PRIVATE (self);
NMAuthSubject *subject;
ConnectionRequest *req; ConnectionRequest *req;
Request *parent; Request *parent;
@@ -1383,13 +1377,14 @@ nm_agent_manager_delete_secrets (NMAgentManager *self,
nm_connection_get_path (connection), nm_connection_get_path (connection),
nm_connection_get_id (connection)); nm_connection_get_id (connection));
subject = nm_auth_subject_new_internal ();
req = connection_request_new_other (connection, req = connection_request_new_other (connection,
filter_by_uid, subject,
uid_filter,
"deleting", "deleting",
delete_complete_cb, delete_complete_cb,
self, self,
delete_next_cb); delete_next_cb);
g_object_unref (subject);
parent = (Request *) req; parent = (Request *) req;
g_hash_table_insert (priv->requests, GUINT_TO_POINTER (parent->reqid), req); g_hash_table_insert (priv->requests, GUINT_TO_POINTER (parent->reqid), req);
@@ -1421,8 +1416,7 @@ nm_agent_manager_get_agent_by_user (NMAgentManager *self, const char *username)
gboolean gboolean
nm_agent_manager_all_agents_have_capability (NMAgentManager *manager, nm_agent_manager_all_agents_have_capability (NMAgentManager *manager,
gboolean filter_by_uid, NMAuthSubject *subject,
gulong owner_uid,
NMSecretAgentCapabilities capability) NMSecretAgentCapabilities capability)
{ {
NMAgentManagerPrivate *priv = NM_AGENT_MANAGER_GET_PRIVATE (manager); NMAgentManagerPrivate *priv = NM_AGENT_MANAGER_GET_PRIVATE (manager);
@@ -1431,7 +1425,8 @@ nm_agent_manager_all_agents_have_capability (NMAgentManager *manager,
g_hash_table_iter_init (&iter, priv->agents); g_hash_table_iter_init (&iter, priv->agents);
while (g_hash_table_iter_next (&iter, NULL, (gpointer) &agent)) { while (g_hash_table_iter_next (&iter, NULL, (gpointer) &agent)) {
if (filter_by_uid && nm_secret_agent_get_owner_uid (agent) != owner_uid) if ( !nm_auth_subject_get_internal (subject)
&& nm_secret_agent_get_owner_uid (agent) != nm_auth_subject_get_uid (subject))
continue; continue;
if (!(nm_secret_agent_get_capabilities (agent) & capability)) if (!(nm_secret_agent_get_capabilities (agent) & capability))

13
src/settings/nm-agent-manager.h
View File

@@ -75,8 +75,7 @@ typedef void (*NMAgentSecretsResultFunc) (NMAgentManager *manager,
guint32 nm_agent_manager_get_secrets (NMAgentManager *manager, guint32 nm_agent_manager_get_secrets (NMAgentManager *manager,
NMConnection *connection, NMConnection *connection,
gboolean filter_by_uid, NMAuthSubject *subject,
gulong uid,
GHashTable *existing_secrets, GHashTable *existing_secrets,
const char *setting_name, const char *setting_name,
NMSettingsGetSecretsFlags flags, NMSettingsGetSecretsFlags flags,
@@ -91,20 +90,16 @@ void nm_agent_manager_cancel_secrets (NMAgentManager *manager,
guint32 nm_agent_manager_save_secrets (NMAgentManager *manager, guint32 nm_agent_manager_save_secrets (NMAgentManager *manager,
NMConnection *connection, NMConnection *connection,
gboolean filter_by_uid, NMAuthSubject *subject);
gulong uid_filter);
guint32 nm_agent_manager_delete_secrets (NMAgentManager *manager, guint32 nm_agent_manager_delete_secrets (NMAgentManager *manager,
NMConnection *connection, NMConnection *connection);
gboolean filter_by_uid,
gulong uid_filter);
NMSecretAgent *nm_agent_manager_get_agent_by_user (NMAgentManager *manager, NMSecretAgent *nm_agent_manager_get_agent_by_user (NMAgentManager *manager,
const char *username); const char *username);
gboolean nm_agent_manager_all_agents_have_capability (NMAgentManager *manager, gboolean nm_agent_manager_all_agents_have_capability (NMAgentManager *manager,
gboolean filter_by_uid, NMAuthSubject *subject,
gulong owner_uid,
NMSecretAgentCapabilities capability); NMSecretAgentCapabilities capability);
#endif /* NM_AGENT_MANAGER_H */ #endif /* NM_AGENT_MANAGER_H */

51
src/settings/nm-settings-connection.c
View File

@@ -620,7 +620,7 @@ do_delete (NMSettingsConnection *connection,
/* Tell agents to remove secrets for this connection */ /* Tell agents to remove secrets for this connection */
for_agents = nm_connection_duplicate (NM_CONNECTION (connection)); for_agents = nm_connection_duplicate (NM_CONNECTION (connection));
nm_connection_clear_secrets (for_agents); nm_connection_clear_secrets (for_agents);
nm_agent_manager_delete_secrets (priv->agent_mgr, for_agents, FALSE, 0); nm_agent_manager_delete_secrets (priv->agent_mgr, for_agents);
g_object_unref (for_agents); g_object_unref (for_agents);
/* Remove timestamp from timestamps database file */ /* Remove timestamp from timestamps database file */
@@ -850,10 +850,7 @@ agent_secrets_done_cb (NMAgentManager *manager,
/** /**
* nm_settings_connection_get_secrets: * nm_settings_connection_get_secrets:
* @connection: the #NMSettingsConnection * @connection: the #NMSettingsConnection
* @filter_by_uid: if TRUE, only request secrets from agents registered by the * @subject: the #NMAuthSubject originating the request
* same UID as @uid.
* @uid: when @filter_by_uid is TRUE, only request secrets from agents belonging
* to this UID
* @setting_name: the setting to return secrets for * @setting_name: the setting to return secrets for
* @flags: flags to modify the secrets request * @flags: flags to modify the secrets request
* @hints: key names in @setting_name for which secrets may be required, or some * @hints: key names in @setting_name for which secrets may be required, or some
@@ -868,8 +865,7 @@ agent_secrets_done_cb (NMAgentManager *manager,
**/ **/
guint32 guint32
nm_settings_connection_get_secrets (NMSettingsConnection *self, nm_settings_connection_get_secrets (NMSettingsConnection *self,
gboolean filter_by_uid, NMAuthSubject *subject,
gulong uid,
const char *setting_name, const char *setting_name,
NMSettingsGetSecretsFlags flags, NMSettingsGetSecretsFlags flags,
const char **hints, const char **hints,
@@ -903,8 +899,7 @@ nm_settings_connection_get_secrets (NMSettingsConnection *self,
existing_secrets = nm_connection_to_hash (priv->system_secrets, NM_SETTING_HASH_FLAG_ONLY_SECRETS); existing_secrets = nm_connection_to_hash (priv->system_secrets, NM_SETTING_HASH_FLAG_ONLY_SECRETS);
call_id = nm_agent_manager_get_secrets (priv->agent_mgr, call_id = nm_agent_manager_get_secrets (priv->agent_mgr,
NM_CONNECTION (self), NM_CONNECTION (self),
filter_by_uid, subject,
uid,
existing_secrets, existing_secrets,
setting_name, setting_name,
flags, flags,
@@ -949,7 +944,7 @@ nm_settings_connection_cancel_secrets (NMSettingsConnection *self,
typedef void (*AuthCallback) (NMSettingsConnection *connection, typedef void (*AuthCallback) (NMSettingsConnection *connection,
DBusGMethodInvocation *context, DBusGMethodInvocation *context,
gulong sender_uid, NMAuthSubject *subject,
GError *error, GError *error,
gpointer data); gpointer data);
@@ -966,7 +961,7 @@ pk_auth_cb (NMAuthChain *chain,
const char *perm; const char *perm;
AuthCallback callback; AuthCallback callback;
gpointer callback_data; gpointer callback_data;
gulong sender_uid; NMAuthSubject *subject;
priv->pending_auths = g_slist_remove (priv->pending_auths, chain); priv->pending_auths = g_slist_remove (priv->pending_auths, chain);
@@ -988,8 +983,8 @@ pk_auth_cb (NMAuthChain *chain,
callback = nm_auth_chain_get_data (chain, "callback"); callback = nm_auth_chain_get_data (chain, "callback");
callback_data = nm_auth_chain_get_data (chain, "callback-data"); callback_data = nm_auth_chain_get_data (chain, "callback-data");
sender_uid = nm_auth_chain_get_data_ulong (chain, "sender-uid"); subject = nm_auth_chain_get_data (chain, "subject");
callback (self, context, sender_uid, error, callback_data); callback (self, context, subject, error, callback_data);
g_clear_error (&error); g_clear_error (&error);
nm_auth_chain_unref (chain); nm_auth_chain_unref (chain);
@@ -1030,7 +1025,6 @@ auth_start (NMSettingsConnection *self,
{ {
NMSettingsConnectionPrivate *priv = NM_SETTINGS_CONNECTION_GET_PRIVATE (self); NMSettingsConnectionPrivate *priv = NM_SETTINGS_CONNECTION_GET_PRIVATE (self);
NMAuthChain *chain; NMAuthChain *chain;
gulong sender_uid = G_MAXULONG;
GError *error = NULL; GError *error = NULL;
char *error_desc = NULL; char *error_desc = NULL;
@@ -1047,14 +1041,14 @@ auth_start (NMSettingsConnection *self,
error_desc); error_desc);
g_free (error_desc); g_free (error_desc);
callback (self, context, G_MAXULONG, error, callback_data); callback (self, context, subject, error, callback_data);
g_clear_error (&error); g_clear_error (&error);
return; return;
} }
if (!check_permission) { if (!check_permission) {
/* Don't need polkit auth, automatic success */ /* Don't need polkit auth, automatic success */
callback (self, context, nm_auth_subject_get_uid (subject), NULL, callback_data); callback (self, context, subject, NULL, callback_data);
return; return;
} }
@@ -1064,7 +1058,7 @@ auth_start (NMSettingsConnection *self,
NM_SETTINGS_ERROR, NM_SETTINGS_ERROR,
NM_SETTINGS_ERROR_PERMISSION_DENIED, NM_SETTINGS_ERROR_PERMISSION_DENIED,
"Unable to authenticate the request."); "Unable to authenticate the request.");
callback (self, context, G_MAXULONG, error, callback_data); callback (self, context, subject, error, callback_data);
g_clear_error (&error); g_clear_error (&error);
return; return;
} }
@@ -1073,7 +1067,7 @@ auth_start (NMSettingsConnection *self,
nm_auth_chain_set_data (chain, "perm", (gpointer) check_permission, NULL); nm_auth_chain_set_data (chain, "perm", (gpointer) check_permission, NULL);
nm_auth_chain_set_data (chain, "callback", callback, NULL); nm_auth_chain_set_data (chain, "callback", callback, NULL);
nm_auth_chain_set_data (chain, "callback-data", callback_data, NULL); nm_auth_chain_set_data (chain, "callback-data", callback_data, NULL);
nm_auth_chain_set_data_ulong (chain, "sender-uid", sender_uid); nm_auth_chain_set_data (chain, "subject", g_object_ref (subject), g_object_unref);
nm_auth_chain_add_call (chain, check_permission, TRUE); nm_auth_chain_add_call (chain, check_permission, TRUE);
} }
@@ -1113,7 +1107,7 @@ check_writable (NMConnection *connection, GError **error)
static void static void
get_settings_auth_cb (NMSettingsConnection *self, get_settings_auth_cb (NMSettingsConnection *self,
DBusGMethodInvocation *context, DBusGMethodInvocation *context,
gulong sender_uid, NMAuthSubject *subject,
GError *error, GError *error,
gpointer data) gpointer data)
{ {
@@ -1197,7 +1191,7 @@ impl_settings_connection_get_settings (NMSettingsConnection *self,
typedef struct { typedef struct {
DBusGMethodInvocation *context; DBusGMethodInvocation *context;
NMAgentManager *agent_mgr; NMAgentManager *agent_mgr;
gulong sender_uid; NMAuthSubject *subject;
NMConnection *new_settings; NMConnection *new_settings;
gboolean save_to_disk; gboolean save_to_disk;
} UpdateInfo; } UpdateInfo;
@@ -1212,6 +1206,7 @@ update_complete (NMSettingsConnection *self,
else else
dbus_g_method_return (info->context); dbus_g_method_return (info->context);
g_clear_object (&info->subject);
g_clear_object (&info->agent_mgr); g_clear_object (&info->agent_mgr);
g_clear_object (&info->new_settings); g_clear_object (&info->new_settings);
memset (info, 0, sizeof (*info)); memset (info, 0, sizeof (*info));
@@ -1235,7 +1230,7 @@ con_update_cb (NMSettingsConnection *self,
nm_connection_clear_secrets_with_flags (for_agent, nm_connection_clear_secrets_with_flags (for_agent,
secrets_filter_cb, secrets_filter_cb,
GUINT_TO_POINTER (NM_SETTING_SECRET_FLAG_AGENT_OWNED)); GUINT_TO_POINTER (NM_SETTING_SECRET_FLAG_AGENT_OWNED));
nm_agent_manager_save_secrets (info->agent_mgr, for_agent, TRUE, info->sender_uid); nm_agent_manager_save_secrets (info->agent_mgr, for_agent, info->subject);
g_object_unref (for_agent); g_object_unref (for_agent);
g_signal_emit (self, signals[DBUS_UPDATED], 0); g_signal_emit (self, signals[DBUS_UPDATED], 0);
@@ -1247,7 +1242,7 @@ con_update_cb (NMSettingsConnection *self,
static void static void
update_auth_cb (NMSettingsConnection *self, update_auth_cb (NMSettingsConnection *self,
DBusGMethodInvocation *context, DBusGMethodInvocation *context,
gulong sender_uid, NMAuthSubject *subject,
GError *error, GError *error,
gpointer data) gpointer data)
{ {
@@ -1259,8 +1254,6 @@ update_auth_cb (NMSettingsConnection *self,
return; return;
} }
info->sender_uid = sender_uid;
/* Cache the new secrets from the agent, as stuff like inotify-triggered /* Cache the new secrets from the agent, as stuff like inotify-triggered
* changes to connection's backing config files will blow them away if * changes to connection's backing config files will blow them away if
* they're in the main connection. * they're in the main connection.
@@ -1363,14 +1356,13 @@ impl_settings_connection_update_helper (NMSettingsConnection *self,
info = g_malloc0 (sizeof (*info)); info = g_malloc0 (sizeof (*info));
info->context = context; info->context = context;
info->agent_mgr = g_object_ref (priv->agent_mgr); info->agent_mgr = g_object_ref (priv->agent_mgr);
info->sender_uid = G_MAXULONG; info->subject = subject;
info->save_to_disk = save_to_disk; info->save_to_disk = save_to_disk;
info->new_settings = tmp; info->new_settings = tmp;
permission = get_update_modify_permission (NM_CONNECTION (self), permission = get_update_modify_permission (NM_CONNECTION (self),
tmp ? tmp : NM_CONNECTION (self)); tmp ? tmp : NM_CONNECTION (self));
auth_start (self, context, subject, permission, update_auth_cb, info); auth_start (self, context, subject, permission, update_auth_cb, info);
g_object_unref (subject);
return; return;
error: error:
@@ -1426,7 +1418,7 @@ con_delete_cb (NMSettingsConnection *connection,
static void static void
delete_auth_cb (NMSettingsConnection *self, delete_auth_cb (NMSettingsConnection *self,
DBusGMethodInvocation *context, DBusGMethodInvocation *context,
gulong sender_uid, NMAuthSubject *subject,
GError *error, GError *error,
gpointer data) gpointer data)
{ {
@@ -1513,7 +1505,7 @@ dbus_get_agent_secrets_cb (NMSettingsConnection *self,
static void static void
dbus_secrets_auth_cb (NMSettingsConnection *self, dbus_secrets_auth_cb (NMSettingsConnection *self,
DBusGMethodInvocation *context, DBusGMethodInvocation *context,
gulong sender_uid, NMAuthSubject *subject,
GError *error, GError *error,
gpointer user_data) gpointer user_data)
{ {
@@ -1524,8 +1516,7 @@ dbus_secrets_auth_cb (NMSettingsConnection *self,
if (!error) { if (!error) {
call_id = nm_settings_connection_get_secrets (self, call_id = nm_settings_connection_get_secrets (self,
TRUE, subject,
sender_uid,
setting_name, setting_name,
NM_SETTINGS_GET_SECRETS_FLAG_USER_REQUESTED, NM_SETTINGS_GET_SECRETS_FLAG_USER_REQUESTED,
NULL, NULL,

4
src/settings/nm-settings-connection.h
View File

@@ -24,6 +24,7 @@
#include <nm-connection.h> #include <nm-connection.h>
#include "nm-settings-flags.h" #include "nm-settings-flags.h"
#include "nm-auth-subject.h"
#include <net/ethernet.h> #include <net/ethernet.h>
G_BEGIN_DECLS G_BEGIN_DECLS
@@ -107,8 +108,7 @@ typedef void (*NMSettingsConnectionSecretsFunc) (NMSettingsConnection *connectio
gpointer user_data); gpointer user_data);
guint32 nm_settings_connection_get_secrets (NMSettingsConnection *connection, guint32 nm_settings_connection_get_secrets (NMSettingsConnection *connection,
gboolean filter_by_uid, NMAuthSubject *subject,
gulong uid,
const char *setting_name, const char *setting_name,
NMSettingsGetSecretsFlags flags, NMSettingsGetSecretsFlags flags,
const char **hints, const char **hints,

12
src/settings/nm-settings.c
View File

@@ -961,7 +961,7 @@ secrets_filter_cb (NMSetting *setting,
static void static void
send_agent_owned_secrets (NMSettings *self, send_agent_owned_secrets (NMSettings *self,
NMSettingsConnection *connection, NMSettingsConnection *connection,
gulong caller_uid) NMAuthSubject *subject)
{ {
NMSettingsPrivate *priv = NM_SETTINGS_GET_PRIVATE (self); NMSettingsPrivate *priv = NM_SETTINGS_GET_PRIVATE (self);
NMConnection *for_agent; NMConnection *for_agent;
@@ -974,7 +974,7 @@ send_agent_owned_secrets (NMSettings *self,
nm_connection_clear_secrets_with_flags (for_agent, nm_connection_clear_secrets_with_flags (for_agent,
secrets_filter_cb, secrets_filter_cb,
GUINT_TO_POINTER (NM_SETTING_SECRET_FLAG_AGENT_OWNED)); GUINT_TO_POINTER (NM_SETTING_SECRET_FLAG_AGENT_OWNED));
nm_agent_manager_save_secrets (priv->agent_mgr, for_agent, TRUE, caller_uid); nm_agent_manager_save_secrets (priv->agent_mgr, for_agent, subject);
g_object_unref (for_agent); g_object_unref (for_agent);
} }
@@ -992,7 +992,7 @@ pk_add_cb (NMAuthChain *chain,
NMSettingsConnection *added = NULL; NMSettingsConnection *added = NULL;
NMSettingsAddCallback callback; NMSettingsAddCallback callback;
gpointer callback_data; gpointer callback_data;
gulong caller_uid; NMAuthSubject *subject;
const char *perm; const char *perm;
gboolean save_to_disk; gboolean save_to_disk;
@@ -1023,13 +1023,13 @@ pk_add_cb (NMAuthChain *chain,
callback = nm_auth_chain_get_data (chain, "callback"); callback = nm_auth_chain_get_data (chain, "callback");
callback_data = nm_auth_chain_get_data (chain, "callback-data"); callback_data = nm_auth_chain_get_data (chain, "callback-data");
caller_uid = nm_auth_chain_get_data_ulong (chain, "caller-uid"); subject = nm_auth_chain_get_data (chain, "subject");
callback (self, added, error, context, callback_data); callback (self, added, error, context, callback_data);
/* Send agent-owned secrets to the agents */ /* Send agent-owned secrets to the agents */
if (!error && added) if (!error && added)
send_agent_owned_secrets (self, added, caller_uid); send_agent_owned_secrets (self, added, subject);
g_clear_error (&error); g_clear_error (&error);
nm_auth_chain_unref (chain); nm_auth_chain_unref (chain);
@@ -1163,7 +1163,7 @@ nm_settings_add_connection_dbus (NMSettings *self,
nm_auth_chain_set_data (chain, "connection", g_object_ref (connection), g_object_unref); nm_auth_chain_set_data (chain, "connection", g_object_ref (connection), g_object_unref);
nm_auth_chain_set_data (chain, "callback", callback, NULL); nm_auth_chain_set_data (chain, "callback", callback, NULL);
nm_auth_chain_set_data (chain, "callback-data", user_data, NULL); nm_auth_chain_set_data (chain, "callback-data", user_data, NULL);
nm_auth_chain_set_data_ulong (chain, "caller-uid", nm_auth_subject_get_uid (subject)); nm_auth_chain_set_data (chain, "subject", g_object_ref (subject), g_object_unref);
nm_auth_chain_set_data (chain, "save-to-disk", GUINT_TO_POINTER (save_to_disk), NULL); nm_auth_chain_set_data (chain, "save-to-disk", GUINT_TO_POINTER (save_to_disk), NULL);
done: done:

2
src/settings/plugins/example/Makefile.am
View File

@@ -1,4 +1,5 @@
AM_CPPFLAGS = \ AM_CPPFLAGS = \
-I$(top_srcdir)/src \
-I$(top_srcdir)/src/config \ -I$(top_srcdir)/src/config \
-I$(top_srcdir)/src/settings \ -I$(top_srcdir)/src/settings \
-I$(top_srcdir)/include \ -I$(top_srcdir)/include \
@@ -7,6 +8,7 @@ AM_CPPFLAGS = \
-I$(top_builddir)/libnm-util \ -I$(top_builddir)/libnm-util \
$(GLIB_CFLAGS) \ $(GLIB_CFLAGS) \
$(DBUS_CFLAGS) \ $(DBUS_CFLAGS) \
$(POLKIT_CFLAGS) \
-DNMCONFDIR=\"$(nmconfdir)\" -DNMCONFDIR=\"$(nmconfdir)\"
# 'noinst' here because this is an example plugin we don't want to install # 'noinst' here because this is an example plugin we don't want to install

1
src/settings/plugins/ifcfg-rh/Makefile.am
View File

@@ -38,6 +38,7 @@ AM_CPPFLAGS = \
-I$(top_builddir)/libnm-util \ -I$(top_builddir)/libnm-util \
$(GLIB_CFLAGS) \ $(GLIB_CFLAGS) \
$(DBUS_CFLAGS) \ $(DBUS_CFLAGS) \
$(POLKIT_CFLAGS) \
$(NSS_CFLAGS) \ $(NSS_CFLAGS) \
-DSYSCONFDIR=\"$(sysconfdir)\" \ -DSYSCONFDIR=\"$(sysconfdir)\" \
-DSBINDIR=\"$(sbindir)\" -DSBINDIR=\"$(sbindir)\"

2
src/settings/plugins/ifcfg-suse/Makefile.am
View File

@@ -1,6 +1,8 @@
AM_CPPFLAGS = \ AM_CPPFLAGS = \
$(GLIB_CFLAGS) \ $(GLIB_CFLAGS) \
$(DBUS_CFLAGS) \ $(DBUS_CFLAGS) \
$(POLKIT_CFLAGS) \
-I${top_srcdir}/src \
-I${top_srcdir}/src/settings \ -I${top_srcdir}/src/settings \
-I$(top_srcdir)/include \ -I$(top_srcdir)/include \
-I$(top_builddir)/include \ -I$(top_builddir)/include \

2
src/settings/plugins/ifnet/Makefile.am
View File

@@ -3,6 +3,7 @@ SUBDIRS = . tests
@GNOME_CODE_COVERAGE_RULES@ @GNOME_CODE_COVERAGE_RULES@
AM_CPPFLAGS = \ AM_CPPFLAGS = \
-I$(top_srcdir)/src \
-I$(top_srcdir)/src/config \ -I$(top_srcdir)/src/config \
-I$(top_srcdir)/src/wifi \ -I$(top_srcdir)/src/wifi \
-I$(top_srcdir)/src/settings \ -I$(top_srcdir)/src/settings \
@@ -13,6 +14,7 @@ AM_CPPFLAGS = \
-I$(top_builddir)/libnm-util \ -I$(top_builddir)/libnm-util \
$(GLIB_CFLAGS) \ $(GLIB_CFLAGS) \
$(DBUS_CFLAGS) \ $(DBUS_CFLAGS) \
$(POLKIT_CFLAGS) \
$(GUDEV_CFLAGS) \ $(GUDEV_CFLAGS) \
-DSYSCONFDIR=\"$(sysconfdir)\" -DSYSCONFDIR=\"$(sysconfdir)\"
-DSBINDIR=\"$(sbindir)\" -DSBINDIR=\"$(sbindir)\"

3
src/settings/plugins/ifnet/tests/Makefile.am
View File

@@ -9,11 +9,14 @@ AM_CPPFLAGS= \
-I$(top_builddir)/libnm-util \ -I$(top_builddir)/libnm-util \
-I$(top_srcdir)/include \ -I$(top_srcdir)/include \
-I$(top_builddir)/include \ -I$(top_builddir)/include \
-I$(top_srcdir)/src \
-I$(top_srcdir)/src/config \ -I$(top_srcdir)/src/config \
-I$(top_srcdir)/src/settings \ -I$(top_srcdir)/src/settings \
-I$(top_srcdir)/src/wifi \ -I$(top_srcdir)/src/wifi \
$(CHECK_CFLAGS) \ $(CHECK_CFLAGS) \
$(GLIB_CFLAGS) \ $(GLIB_CFLAGS) \
$(DBUS_CFLAGS) \
$(POLKIT_CFLAGS) \
$(CODE_COVERAGE_CFLAGS) \ $(CODE_COVERAGE_CFLAGS) \
-DTEST_WPA_SUPPLICANT_CONF='"$(srcdir)/wpa_supplicant.conf"' \ -DTEST_WPA_SUPPLICANT_CONF='"$(srcdir)/wpa_supplicant.conf"' \
-DSYSCONFDIR=\"nonexistent\" -DSYSCONFDIR=\"nonexistent\"

2
src/settings/plugins/ifupdown/Makefile.am
View File

@@ -3,6 +3,7 @@ SUBDIRS = . tests
@GNOME_CODE_COVERAGE_RULES@ @GNOME_CODE_COVERAGE_RULES@
AM_CPPFLAGS = \ AM_CPPFLAGS = \
-I$(top_srcdir)/src \
-I$(top_srcdir)/src/logging \ -I$(top_srcdir)/src/logging \
-I$(top_srcdir)/src/config \ -I$(top_srcdir)/src/config \
-I$(top_srcdir)/src/settings \ -I$(top_srcdir)/src/settings \
@@ -13,6 +14,7 @@ AM_CPPFLAGS = \
-I$(top_builddir)/libnm-util \ -I$(top_builddir)/libnm-util \
$(GLIB_CFLAGS) \ $(GLIB_CFLAGS) \
$(DBUS_CFLAGS) \ $(DBUS_CFLAGS) \
$(POLKIT_CFLAGS) \
$(GUDEV_CFLAGS) \ $(GUDEV_CFLAGS) \
-DSYSCONFDIR=\"$(sysconfdir)\" -DSYSCONFDIR=\"$(sysconfdir)\"

2
src/settings/plugins/ifupdown/tests/Makefile.am
View File

@@ -6,10 +6,12 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/libnm-util \ -I$(top_srcdir)/libnm-util \
-I$(top_builddir)/libnm-util \ -I$(top_builddir)/libnm-util \
-I$(top_srcdir)/libnm-glib \ -I$(top_srcdir)/libnm-glib \
-I$(top_srcdir)/src \
-I$(top_srcdir)/src/settings \ -I$(top_srcdir)/src/settings \
-I$(srcdir)/../ \ -I$(srcdir)/../ \
$(GLIB_CFLAGS) \ $(GLIB_CFLAGS) \
$(DBUS_CFLAGS) \ $(DBUS_CFLAGS) \
$(POLKIT_CFLAGS) \
-DTEST_ENI_DIR=\"$(abs_srcdir)\" -DTEST_ENI_DIR=\"$(abs_srcdir)\"
noinst_PROGRAMS = test-ifupdown noinst_PROGRAMS = test-ifupdown

2
src/settings/plugins/keyfile/Makefile.am
View File

@@ -3,6 +3,7 @@ SUBDIRS = . tests
@GNOME_CODE_COVERAGE_RULES@ @GNOME_CODE_COVERAGE_RULES@
AM_CPPFLAGS = \ AM_CPPFLAGS = \
-I$(top_srcdir)/src \
-I$(top_srcdir)/src/config \ -I$(top_srcdir)/src/config \
-I$(top_srcdir)/src/settings \ -I$(top_srcdir)/src/settings \
-I$(top_srcdir)/include \ -I$(top_srcdir)/include \
@@ -11,6 +12,7 @@ AM_CPPFLAGS = \
-I$(top_builddir)/libnm-util \ -I$(top_builddir)/libnm-util \
$(GLIB_CFLAGS) \ $(GLIB_CFLAGS) \
$(DBUS_CFLAGS) \ $(DBUS_CFLAGS) \
$(POLKIT_CFLAGS) \
-DNMCONFDIR=\"$(nmconfdir)\" -DNMCONFDIR=\"$(nmconfdir)\"
noinst_LTLIBRARIES = \ noinst_LTLIBRARIES = \

2
src/settings/plugins/keyfile/tests/Makefile.am
View File

@@ -10,10 +10,12 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/libnm-util \ -I$(top_srcdir)/libnm-util \
-I$(top_builddir)/libnm-util \ -I$(top_builddir)/libnm-util \
-I$(top_srcdir)/libnm-glib \ -I$(top_srcdir)/libnm-glib \
-I$(top_srcdir)/src \
-I$(top_srcdir)/src/settings \ -I$(top_srcdir)/src/settings \
-I$(srcdir)/../ \ -I$(srcdir)/../ \
$(GLIB_CFLAGS) \ $(GLIB_CFLAGS) \
$(DBUS_CFLAGS) \ $(DBUS_CFLAGS) \
$(POLKIT_CFLAGS) \
$(CODE_COVERAGE_CFLAGS) \ $(CODE_COVERAGE_CFLAGS) \
-DTEST_KEYFILES_DIR=\"$(abs_srcdir)/keyfiles\" \ -DTEST_KEYFILES_DIR=\"$(abs_srcdir)/keyfiles\" \
-DTEST_SCRATCH_DIR=\"$(abs_builddir)/keyfiles\" \ -DTEST_SCRATCH_DIR=\"$(abs_builddir)/keyfiles\" \

6
src/vpn-manager/nm-vpn-connection.c
View File

@@ -1271,8 +1271,7 @@ really_activate (NMVPNConnection *connection, const char *username)
*/ */
agent_mgr = nm_agent_manager_get (); agent_mgr = nm_agent_manager_get ();
if (nm_agent_manager_all_agents_have_capability (agent_mgr, if (nm_agent_manager_all_agents_have_capability (agent_mgr,
nm_active_connection_get_user_requested (NM_ACTIVE_CONNECTION (connection)), nm_active_connection_get_subject (NM_ACTIVE_CONNECTION (connection)),
nm_active_connection_get_user_uid (NM_ACTIVE_CONNECTION (connection)),
NM_SECRET_AGENT_CAPABILITY_VPN_HINTS)) { NM_SECRET_AGENT_CAPABILITY_VPN_HINTS)) {
nm_log_dbg (LOGD_VPN, "Allowing interactive secrets as all agents have that capability"); nm_log_dbg (LOGD_VPN, "Allowing interactive secrets as all agents have that capability");
dbus_g_proxy_begin_call (priv->proxy, "ConnectInteractive", dbus_g_proxy_begin_call (priv->proxy, "ConnectInteractive",
@@ -1601,8 +1600,7 @@ get_secrets (NMVPNConnection *self,
flags |= NM_SETTINGS_GET_SECRETS_FLAG_USER_REQUESTED; flags |= NM_SETTINGS_GET_SECRETS_FLAG_USER_REQUESTED;
priv->secrets_id = nm_settings_connection_get_secrets (NM_SETTINGS_CONNECTION (priv->connection), priv->secrets_id = nm_settings_connection_get_secrets (NM_SETTINGS_CONNECTION (priv->connection),
filter_by_uid, nm_active_connection_get_subject (NM_ACTIVE_CONNECTION (self)),
nm_active_connection_get_user_uid (NM_ACTIVE_CONNECTION (self)),
NM_SETTING_VPN_SETTING_NAME, NM_SETTING_VPN_SETTING_NAME,
flags, flags,
hints, hints,