core: consolidate PolicyKit code
Use one global PolkitAuthority object; we only really need to use it in one place anyway. So consolidate the code that uses polkit into nm-manager-auth.c.
This commit is contained in:
Dan Williams
@@ -337,13 +337,9 @@ else
|
||||
fi
|
||||
AM_CONDITIONAL(WITH_WIMAX, test "${enable_wimax}" = "yes")
|
||||
|
||||
PKG_CHECK_MODULES(POLKIT, polkit-gobject-1)
|
||||
PKG_CHECK_MODULES(POLKIT, polkit-gobject-1 >= 0.97)
|
||||
AC_SUBST(POLKIT_CFLAGS)
|
||||
|
||||
# Check for polkit_authority_get_sync()
|
||||
AC_CHECK_LIB([polkit-gobject-1], [polkit_authority_get_sync], ac_have_pk_auth_get_sync="1", ac_have_pk_auth_get_sync="0")
|
||||
AC_DEFINE_UNQUOTED(HAVE_POLKIT_AUTHORITY_GET_SYNC, $ac_have_pk_auth_get_sync, [Define if you have a polkit with polkit_authority_get_sync()])
|
||||
|
||||
AC_ARG_WITH(crypto, AS_HELP_STRING([--with-crypto=nss | gnutls], [Cryptography library to use for certificate and key operations]),ac_crypto=$withval, ac_crypto=nss)
|
||||
|
||||
with_nss=no
|
||||
|
||||
@@ -20,8 +20,9 @@
|
||||
|
||||
#include <string.h>
|
||||
#include <dbus/dbus-glib-lowlevel.h>
|
||||
#include <polkit/polkit.h>
|
||||
|
||||
#include <nm-setting-connection.h>
|
||||
#include "nm-setting-connection.h"
|
||||
#include "nm-manager-auth.h"
|
||||
#include "nm-logging.h"
|
||||
#include "nm-dbus-manager.h"
|
||||
@@ -37,7 +38,6 @@ struct NMAuthChain {
|
||||
GError *error;
|
||||
|
||||
NMAuthChainResultFunc done_func;
|
||||
NMAuthChainCallFunc call_func;
|
||||
gpointer user_data;
|
||||
};
|
||||
|
||||
@@ -45,6 +45,7 @@ typedef struct {
|
||||
NMAuthChain *chain;
|
||||
GCancellable *cancellable;
|
||||
char *permission;
|
||||
guint idle_id;
|
||||
gboolean disposed;
|
||||
} PolkitCall;
|
||||
|
||||
@@ -64,20 +65,29 @@ free_data (gpointer data)
|
||||
g_free (tmp);
|
||||
}
|
||||
|
||||
static void
|
||||
default_call_func (NMAuthChain *chain,
|
||||
const char *permission,
|
||||
GError *error,
|
||||
NMAuthCallResult result,
|
||||
gpointer user_data)
|
||||
static PolkitAuthority *
|
||||
pk_authority_get (void)
|
||||
{
|
||||
if (!error)
|
||||
nm_auth_chain_set_data (chain, permission, GUINT_TO_POINTER (result), NULL);
|
||||
static PolkitAuthority *authority = NULL;
|
||||
GError *error = NULL;
|
||||
|
||||
if (authority == NULL) {
|
||||
authority = polkit_authority_get_sync (NULL, &error);
|
||||
if (authority == NULL) {
|
||||
nm_log_err (LOGD_CORE, "Failed to initialize PolicyKit: (%d) %s",
|
||||
error ? error->code : -1,
|
||||
(error && error->message) ? error->message : "(unknown)");
|
||||
g_clear_error (&error);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/* Yes, ref every time; we want to keep the object alive */
|
||||
return g_object_ref (authority);
|
||||
}
|
||||
|
||||
static NMAuthChain *
|
||||
_auth_chain_new (PolkitAuthority *authority,
|
||||
DBusGMethodInvocation *context,
|
||||
_auth_chain_new (DBusGMethodInvocation *context,
|
||||
DBusGProxy *proxy,
|
||||
DBusMessage *message,
|
||||
const char *dbus_sender,
|
||||
@@ -90,10 +100,9 @@ _auth_chain_new (PolkitAuthority *authority,
|
||||
|
||||
self = g_malloc0 (sizeof (NMAuthChain));
|
||||
self->refcount = 1;
|
||||
self->authority = g_object_ref (authority);
|
||||
self->authority = pk_authority_get ();
|
||||
self->data = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, free_data);
|
||||
self->done_func = done_func;
|
||||
self->call_func = /* call_func ? call_func : */ default_call_func;
|
||||
self->user_data = user_data;
|
||||
self->context = context;
|
||||
|
||||
@@ -117,31 +126,28 @@ _auth_chain_new (PolkitAuthority *authority,
|
||||
}
|
||||
|
||||
NMAuthChain *
|
||||
nm_auth_chain_new (PolkitAuthority *authority,
|
||||
DBusGMethodInvocation *context,
|
||||
nm_auth_chain_new (DBusGMethodInvocation *context,
|
||||
DBusGProxy *proxy,
|
||||
NMAuthChainResultFunc done_func,
|
||||
gpointer user_data)
|
||||
{
|
||||
return _auth_chain_new (authority, context, proxy, NULL, NULL, done_func, user_data);
|
||||
return _auth_chain_new (context, proxy, NULL, NULL, done_func, user_data);
|
||||
}
|
||||
|
||||
NMAuthChain *
|
||||
nm_auth_chain_new_raw_message (PolkitAuthority *authority,
|
||||
DBusMessage *message,
|
||||
nm_auth_chain_new_raw_message (DBusMessage *message,
|
||||
NMAuthChainResultFunc done_func,
|
||||
gpointer user_data)
|
||||
{
|
||||
return _auth_chain_new (authority, NULL, NULL, message, NULL, done_func, user_data);
|
||||
return _auth_chain_new (NULL, NULL, message, NULL, done_func, user_data);
|
||||
}
|
||||
|
||||
NMAuthChain *
|
||||
nm_auth_chain_new_dbus_sender (PolkitAuthority *authority,
|
||||
const char *dbus_sender,
|
||||
nm_auth_chain_new_dbus_sender (const char *dbus_sender,
|
||||
NMAuthChainResultFunc done_func,
|
||||
gpointer user_data)
|
||||
{
|
||||
return _auth_chain_new (authority, NULL, NULL, NULL, dbus_sender, done_func, user_data);
|
||||
return _auth_chain_new (NULL, NULL, NULL, dbus_sender, done_func, user_data);
|
||||
}
|
||||
|
||||
gpointer
|
||||
@@ -228,6 +234,15 @@ nm_auth_chain_check_done (NMAuthChain *self)
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
nm_auth_chain_remove_call (NMAuthChain *self, PolkitCall *call)
|
||||
{
|
||||
g_return_if_fail (self != NULL);
|
||||
g_return_if_fail (call != NULL);
|
||||
|
||||
self->calls = g_slist_remove (self->calls, call);
|
||||
}
|
||||
|
||||
static void
|
||||
polkit_call_cancel (PolkitCall *call)
|
||||
{
|
||||
@@ -246,6 +261,9 @@ polkit_call_free (PolkitCall *call)
|
||||
call->chain = NULL;
|
||||
g_object_unref (call->cancellable);
|
||||
call->cancellable = NULL;
|
||||
if (call->idle_id)
|
||||
g_source_remove (call->idle_id);
|
||||
memset (call, 0, sizeof (*call));
|
||||
g_free (call);
|
||||
}
|
||||
|
||||
@@ -265,7 +283,7 @@ pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data)
|
||||
}
|
||||
|
||||
chain = call->chain;
|
||||
chain->calls = g_slist_remove (chain->calls, call);
|
||||
nm_auth_chain_remove_call (chain, call);
|
||||
|
||||
pk_result = polkit_authority_check_authorization_finish (chain->authority,
|
||||
result,
|
||||
@@ -287,9 +305,11 @@ pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data)
|
||||
call_result = NM_AUTH_CALL_RESULT_AUTH;
|
||||
} else
|
||||
call_result = NM_AUTH_CALL_RESULT_NO;
|
||||
|
||||
nm_auth_chain_set_data (chain, call->permission, GUINT_TO_POINTER (call_result), NULL);
|
||||
}
|
||||
|
||||
chain->call_func (chain, call->permission, error, call_result, chain->user_data);
|
||||
/* Check if all calls in the chain are complete */
|
||||
nm_auth_chain_check_done (chain);
|
||||
|
||||
g_clear_error (&error);
|
||||
@@ -298,6 +318,26 @@ pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data)
|
||||
g_object_unref (pk_result);
|
||||
}
|
||||
|
||||
static gboolean
|
||||
polkit_call_error_idle_cb (gpointer user_data)
|
||||
{
|
||||
PolkitCall *call = user_data;
|
||||
|
||||
call->idle_id = 0;
|
||||
nm_auth_chain_remove_call (call->chain, call);
|
||||
nm_auth_chain_check_done (call->chain);
|
||||
polkit_call_free (call);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
static void
|
||||
polkit_call_schedule_error (PolkitCall *call)
|
||||
{
|
||||
if (!call->chain->error)
|
||||
call->chain->error = g_error_new_literal (0, 0, "PolicyKit unavailable");
|
||||
call->idle_id = g_idle_add (polkit_call_error_idle_cb, call);
|
||||
}
|
||||
|
||||
gboolean
|
||||
nm_auth_chain_add_call (NMAuthChain *self,
|
||||
const char *permission,
|
||||
@@ -322,6 +362,13 @@ nm_auth_chain_add_call (NMAuthChain *self,
|
||||
|
||||
self->calls = g_slist_append (self->calls, call);
|
||||
|
||||
if (self->authority == NULL) {
|
||||
/* No polkit, no authorization */
|
||||
polkit_call_schedule_error (call);
|
||||
g_object_unref (subject);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (allow_interaction)
|
||||
flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION;
|
||||
|
||||
@@ -348,6 +395,7 @@ nm_auth_chain_unref (NMAuthChain *self)
|
||||
if (self->refcount > 0)
|
||||
return;
|
||||
|
||||
if (self->authority)
|
||||
g_object_unref (self->authority);
|
||||
g_free (self->owner);
|
||||
|
||||
@@ -460,3 +508,46 @@ nm_auth_uid_in_acl (NMConnection *connection,
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
typedef struct {
|
||||
GDestroyNotify changed_callback;
|
||||
gpointer changed_data;
|
||||
} PkChangedInfo;
|
||||
|
||||
static void
|
||||
pk_authority_changed_cb (GObject *object, PkChangedInfo *info)
|
||||
{
|
||||
info->changed_callback (info->changed_data);
|
||||
}
|
||||
|
||||
void
|
||||
nm_auth_set_changed_func (GDestroyNotify callback, gpointer callback_data)
|
||||
{
|
||||
static PkChangedInfo info = { NULL, NULL };
|
||||
static guint32 changed_id = 0;
|
||||
PolkitAuthority *authority;
|
||||
|
||||
authority = pk_authority_get ();
|
||||
if (!authority)
|
||||
return;
|
||||
|
||||
if (callback == NULL) {
|
||||
/* Clearing the callback */
|
||||
info.changed_callback = NULL;
|
||||
info.changed_data = NULL;
|
||||
g_signal_handler_disconnect (authority, changed_id);
|
||||
changed_id = 0;
|
||||
} else {
|
||||
info.changed_callback = callback;
|
||||
info.changed_data= callback_data;
|
||||
|
||||
if (changed_id == 0) {
|
||||
changed_id = g_signal_connect (authority,
|
||||
"changed",
|
||||
G_CALLBACK (pk_authority_changed_cb),
|
||||
&info);
|
||||
}
|
||||
}
|
||||
|
||||
g_object_unref (authority);
|
||||
}
|
||||
|
||||
|
||||
@@ -21,7 +21,6 @@
|
||||
#ifndef NM_MANAGER_AUTH_H
|
||||
#define NM_MANAGER_AUTH_H
|
||||
|
||||
#include <polkit/polkit.h>
|
||||
#include <glib.h>
|
||||
#include <dbus/dbus-glib.h>
|
||||
|
||||
@@ -56,25 +55,16 @@ typedef void (*NMAuthChainResultFunc) (NMAuthChain *chain,
|
||||
DBusGMethodInvocation *context,
|
||||
gpointer user_data);
|
||||
|
||||
typedef void (*NMAuthChainCallFunc) (NMAuthChain *chain,
|
||||
const char *permission,
|
||||
GError *error,
|
||||
NMAuthCallResult result,
|
||||
gpointer user_data);
|
||||
|
||||
NMAuthChain *nm_auth_chain_new (PolkitAuthority *authority,
|
||||
DBusGMethodInvocation *context,
|
||||
NMAuthChain *nm_auth_chain_new (DBusGMethodInvocation *context,
|
||||
DBusGProxy *proxy,
|
||||
NMAuthChainResultFunc done_func,
|
||||
gpointer user_data);
|
||||
|
||||
NMAuthChain *nm_auth_chain_new_raw_message (PolkitAuthority *authority,
|
||||
DBusMessage *message,
|
||||
NMAuthChain *nm_auth_chain_new_raw_message (DBusMessage *message,
|
||||
NMAuthChainResultFunc done_func,
|
||||
gpointer user_data);
|
||||
|
||||
NMAuthChain *nm_auth_chain_new_dbus_sender (PolkitAuthority *authority,
|
||||
const char *dbus_sender,
|
||||
NMAuthChain *nm_auth_chain_new_dbus_sender (const char *dbus_sender,
|
||||
NMAuthChainResultFunc done_func,
|
||||
gpointer user_data);
|
||||
|
||||
@@ -112,5 +102,7 @@ gboolean nm_auth_uid_in_acl (NMConnection *connection,
|
||||
gulong uid,
|
||||
char **out_error_desc);
|
||||
|
||||
void nm_auth_set_changed_func (GDestroyNotify callback, gpointer callback_data);
|
||||
|
||||
#endif /* NM_MANAGER_AUTH_H */
|
||||
|
||||
|
||||
140
src/nm-manager.c
140
src/nm-manager.c
@@ -28,6 +28,7 @@
|
||||
#include <string.h>
|
||||
#include <dbus/dbus-glib-lowlevel.h>
|
||||
#include <dbus/dbus-glib.h>
|
||||
#include <gio/gio.h>
|
||||
#include <glib/gi18n.h>
|
||||
|
||||
#include "nm-glib-compat.h"
|
||||
@@ -158,20 +159,6 @@ static GSList * remove_one_device (NMManager *manager,
|
||||
NMDevice *device,
|
||||
gboolean quitting);
|
||||
|
||||
/* Fix for polkit 0.97 and later */
|
||||
#if !HAVE_POLKIT_AUTHORITY_GET_SYNC
|
||||
static inline PolkitAuthority *
|
||||
polkit_authority_get_sync (GCancellable *cancellable, GError **error)
|
||||
{
|
||||
PolkitAuthority *authority;
|
||||
|
||||
authority = polkit_authority_get ();
|
||||
if (!authority)
|
||||
g_set_error (error, 0, 0, "failed to get the PolicyKit authority");
|
||||
return authority;
|
||||
}
|
||||
#endif
|
||||
|
||||
#define SSD_POKE_INTERVAL 120
|
||||
#define ORIGDEV_TAG "originating-device"
|
||||
|
||||
@@ -183,7 +170,6 @@ struct PendingActivation {
|
||||
NMManager *manager;
|
||||
|
||||
DBusGMethodInvocation *context;
|
||||
PolkitAuthority *authority;
|
||||
PendingActivationFunc callback;
|
||||
NMAuthChain *chain;
|
||||
|
||||
@@ -235,8 +221,6 @@ typedef struct {
|
||||
DBusGProxy *aipd_proxy;
|
||||
DBusGProxy *upower_proxy;
|
||||
|
||||
PolkitAuthority *authority;
|
||||
guint auth_changed_id;
|
||||
GSList *auth_chains;
|
||||
|
||||
/* Firmware dir monitor */
|
||||
@@ -677,7 +661,6 @@ try_complete_vpn (NMConnection *connection, GSList *existing, GError **error)
|
||||
|
||||
static PendingActivation *
|
||||
pending_activation_new (NMManager *manager,
|
||||
PolkitAuthority *authority,
|
||||
DBusGMethodInvocation *context,
|
||||
const char *device_path,
|
||||
const char *connection_path,
|
||||
@@ -694,7 +677,6 @@ pending_activation_new (NMManager *manager,
|
||||
gboolean success;
|
||||
|
||||
g_return_val_if_fail (manager != NULL, NULL);
|
||||
g_return_val_if_fail (authority != NULL, NULL);
|
||||
g_return_val_if_fail (context != NULL, NULL);
|
||||
g_return_val_if_fail (device_path != NULL, NULL);
|
||||
|
||||
@@ -742,7 +724,6 @@ pending_activation_new (NMManager *manager,
|
||||
|
||||
pending = g_slice_new0 (PendingActivation);
|
||||
pending->manager = manager;
|
||||
pending->authority = authority;
|
||||
pending->context = context;
|
||||
pending->callback = callback;
|
||||
|
||||
@@ -765,31 +746,23 @@ pending_auth_net_done (NMAuthChain *chain,
|
||||
{
|
||||
PendingActivation *pending = user_data;
|
||||
NMAuthCallResult result;
|
||||
GError *tmp_error = NULL;
|
||||
|
||||
pending->chain = NULL;
|
||||
|
||||
if (error) {
|
||||
pending->callback (pending, error);
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* Caller has had a chance to obtain authorization, so we only need to
|
||||
* check for 'yes' here.
|
||||
*/
|
||||
result = GPOINTER_TO_UINT (nm_auth_chain_get_data (chain, NM_AUTH_PERMISSION_NETWORK_CONTROL));
|
||||
if (result != NM_AUTH_CALL_RESULT_YES) {
|
||||
error = g_error_new_literal (NM_MANAGER_ERROR,
|
||||
tmp_error = g_error_new_literal (NM_MANAGER_ERROR,
|
||||
NM_MANAGER_ERROR_PERMISSION_DENIED,
|
||||
"Not authorized to control networking.");
|
||||
pending->callback (pending, error);
|
||||
g_error_free (error);
|
||||
goto out;
|
||||
}
|
||||
|
||||
pending->callback (pending, NULL);
|
||||
|
||||
out:
|
||||
pending->callback (pending, tmp_error);
|
||||
nm_auth_chain_unref (chain);
|
||||
g_clear_error (&tmp_error);
|
||||
}
|
||||
|
||||
static void
|
||||
@@ -825,8 +798,7 @@ pending_activation_check_authorized (PendingActivation *pending,
|
||||
/* First check if the user is allowed to use networking at all, giving
|
||||
* the user a chance to authenticate to gain the permission.
|
||||
*/
|
||||
pending->chain = nm_auth_chain_new (pending->authority,
|
||||
pending->context,
|
||||
pending->chain = nm_auth_chain_new (pending->context,
|
||||
NULL,
|
||||
pending_auth_net_done,
|
||||
pending);
|
||||
@@ -1386,7 +1358,7 @@ manager_device_disconnect_request (NMDevice *device,
|
||||
NMAuthChain *chain;
|
||||
|
||||
/* Otherwise validate the user request */
|
||||
chain = nm_auth_chain_new (priv->authority, context, NULL, disconnect_net_auth_done_cb, self);
|
||||
chain = nm_auth_chain_new (context, NULL, disconnect_net_auth_done_cb, self);
|
||||
g_assert (chain);
|
||||
priv->auth_chains = g_slist_append (priv->auth_chains, chain);
|
||||
|
||||
@@ -2101,7 +2073,6 @@ impl_manager_activate_connection (NMManager *self,
|
||||
* activate the connection.
|
||||
*/
|
||||
pending = pending_activation_new (self,
|
||||
priv->authority,
|
||||
context,
|
||||
device_path,
|
||||
connection_path,
|
||||
@@ -2170,7 +2141,6 @@ impl_manager_add_and_activate_connection (NMManager *self,
|
||||
* activate the connection.
|
||||
*/
|
||||
pending = pending_activation_new (self,
|
||||
priv->authority,
|
||||
context,
|
||||
device_path,
|
||||
NULL,
|
||||
@@ -2234,37 +2204,35 @@ done:
|
||||
|
||||
static void
|
||||
deactivate_net_auth_done_cb (NMAuthChain *chain,
|
||||
GError *error,
|
||||
GError *auth_error,
|
||||
DBusGMethodInvocation *context,
|
||||
gpointer user_data)
|
||||
{
|
||||
NMManager *self = NM_MANAGER (user_data);
|
||||
NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self);
|
||||
GError *ret_error = NULL;
|
||||
GError *error = NULL;
|
||||
NMAuthCallResult result;
|
||||
const char *active_path;
|
||||
|
||||
priv->auth_chains = g_slist_remove (priv->auth_chains, chain);
|
||||
|
||||
result = GPOINTER_TO_UINT (nm_auth_chain_get_data (chain, NM_AUTH_PERMISSION_NETWORK_CONTROL));
|
||||
ret_error = deactivate_disconnect_check_error (error, result, "Deactivate");
|
||||
if (ret_error) {
|
||||
dbus_g_method_return_error (context, ret_error);
|
||||
g_error_free (ret_error);
|
||||
goto done;
|
||||
}
|
||||
|
||||
error = deactivate_disconnect_check_error (auth_error, result, "Deactivate");
|
||||
if (!error) {
|
||||
active_path = nm_auth_chain_get_data (chain, "path");
|
||||
if (!nm_manager_deactivate_connection (self,
|
||||
active_path,
|
||||
NM_DEVICE_STATE_REASON_USER_REQUESTED,
|
||||
&ret_error)) {
|
||||
dbus_g_method_return_error (context, ret_error);
|
||||
g_clear_error (&ret_error);
|
||||
} else
|
||||
&error))
|
||||
g_assert (error);
|
||||
}
|
||||
|
||||
if (error)
|
||||
dbus_g_method_return_error (context, error);
|
||||
else
|
||||
dbus_g_method_return (context);
|
||||
|
||||
done:
|
||||
g_clear_error (&error);
|
||||
nm_auth_chain_unref (chain);
|
||||
}
|
||||
|
||||
@@ -2340,7 +2308,7 @@ impl_manager_deactivate_connection (NMManager *self,
|
||||
}
|
||||
|
||||
/* Otherwise validate the user request */
|
||||
chain = nm_auth_chain_new (priv->authority, context, NULL, deactivate_net_auth_done_cb, self);
|
||||
chain = nm_auth_chain_new (context, NULL, deactivate_net_auth_done_cb, self);
|
||||
g_assert (chain);
|
||||
priv->auth_chains = g_slist_append (priv->auth_chains, chain);
|
||||
|
||||
@@ -2413,25 +2381,6 @@ do_sleep_wake (NMManager *self)
|
||||
nm_manager_update_state (self);
|
||||
}
|
||||
|
||||
static gboolean
|
||||
return_no_pk_error (PolkitAuthority *authority,
|
||||
const char *detail,
|
||||
DBusGMethodInvocation *context)
|
||||
{
|
||||
GError *error;
|
||||
|
||||
if (!authority) {
|
||||
error = g_error_new (NM_MANAGER_ERROR,
|
||||
NM_MANAGER_ERROR_PERMISSION_DENIED,
|
||||
"%s request failed: PolicyKit not initialized",
|
||||
detail);
|
||||
dbus_g_method_return_error (context, error);
|
||||
g_error_free (error);
|
||||
return FALSE;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
static void
|
||||
_internal_sleep (NMManager *self, gboolean do_sleep)
|
||||
{
|
||||
@@ -2548,10 +2497,7 @@ impl_manager_sleep (NMManager *self,
|
||||
return;
|
||||
}
|
||||
|
||||
if (!return_no_pk_error (priv->authority, "Sleep/wake", context))
|
||||
return;
|
||||
|
||||
chain = nm_auth_chain_new (priv->authority, context, NULL, sleep_auth_done_cb, self);
|
||||
chain = nm_auth_chain_new (context, NULL, sleep_auth_done_cb, self);
|
||||
g_assert (chain);
|
||||
priv->auth_chains = g_slist_append (priv->auth_chains, chain);
|
||||
|
||||
@@ -2686,10 +2632,7 @@ impl_manager_enable (NMManager *self,
|
||||
return;
|
||||
}
|
||||
|
||||
if (!return_no_pk_error (priv->authority, "Enable/disable", context))
|
||||
return;
|
||||
|
||||
chain = nm_auth_chain_new (priv->authority, context, NULL, enable_net_done_cb, self);
|
||||
chain = nm_auth_chain_new (context, NULL, enable_net_done_cb, self);
|
||||
g_assert (chain);
|
||||
priv->auth_chains = g_slist_append (priv->auth_chains, chain);
|
||||
|
||||
@@ -2699,13 +2642,6 @@ impl_manager_enable (NMManager *self,
|
||||
|
||||
/* Permissions */
|
||||
|
||||
static void
|
||||
pk_authority_changed_cb (GObject *object, gpointer user_data)
|
||||
{
|
||||
/* Let clients know they should re-check their authorization */
|
||||
g_signal_emit (NM_MANAGER (user_data), signals[CHECK_PERMISSIONS], 0);
|
||||
}
|
||||
|
||||
static void
|
||||
get_perm_add_result (NMAuthChain *chain, GHashTable *results, const char *permission)
|
||||
{
|
||||
@@ -2770,10 +2706,7 @@ impl_manager_get_permissions (NMManager *self,
|
||||
NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self);
|
||||
NMAuthChain *chain;
|
||||
|
||||
if (!return_no_pk_error (priv->authority, "Permissions", context))
|
||||
return;
|
||||
|
||||
chain = nm_auth_chain_new (priv->authority, context, NULL, get_permissions_done_cb, self);
|
||||
chain = nm_auth_chain_new (context, NULL, get_permissions_done_cb, self);
|
||||
g_assert (chain);
|
||||
priv->auth_chains = g_slist_append (priv->auth_chains, chain);
|
||||
|
||||
@@ -3057,7 +2990,7 @@ prop_filter (DBusConnection *connection,
|
||||
|
||||
if (uid > 0) {
|
||||
/* Otherwise validate the user request */
|
||||
chain = nm_auth_chain_new_raw_message (priv->authority, message, prop_set_auth_done_cb, self);
|
||||
chain = nm_auth_chain_new_raw_message (message, prop_set_auth_done_cb, self);
|
||||
g_assert (chain);
|
||||
priv->auth_chains = g_slist_append (priv->auth_chains, chain);
|
||||
nm_auth_chain_set_data (chain, "prop", g_strdup (glib_propname), g_free);
|
||||
@@ -3187,7 +3120,8 @@ dispose (GObject *object)
|
||||
|
||||
g_slist_foreach (priv->auth_chains, (GFunc) nm_auth_chain_unref, NULL);
|
||||
g_slist_free (priv->auth_chains);
|
||||
g_object_unref (priv->authority);
|
||||
|
||||
nm_auth_set_changed_func (NULL, NULL);
|
||||
|
||||
while (g_slist_length (priv->devices)) {
|
||||
priv->devices = remove_one_device (manager,
|
||||
@@ -3463,6 +3397,13 @@ periodic_update_active_connection_timestamps (gpointer user_data)
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
static void
|
||||
authority_changed_cb (gpointer user_data)
|
||||
{
|
||||
/* Let clients know they should re-check their authorization */
|
||||
g_signal_emit (NM_MANAGER (user_data), signals[CHECK_PERMISSIONS], 0);
|
||||
}
|
||||
|
||||
static void
|
||||
nm_manager_init (NMManager *manager)
|
||||
{
|
||||
@@ -3470,7 +3411,6 @@ nm_manager_init (NMManager *manager)
|
||||
DBusGConnection *g_connection;
|
||||
guint id, i;
|
||||
GFile *file;
|
||||
GError *error = NULL;
|
||||
|
||||
/* Initialize rfkill structures and states */
|
||||
memset (priv->radio_states, 0, sizeof (priv->radio_states));
|
||||
@@ -3561,18 +3501,8 @@ nm_manager_init (NMManager *manager)
|
||||
} else
|
||||
nm_log_warn (LOGD_SUSPEND, "could not initialize UPower D-Bus proxy");
|
||||
|
||||
priv->authority = polkit_authority_get_sync (NULL, &error);
|
||||
if (priv->authority) {
|
||||
priv->auth_changed_id = g_signal_connect (priv->authority,
|
||||
"changed",
|
||||
G_CALLBACK (pk_authority_changed_cb),
|
||||
manager);
|
||||
} else {
|
||||
nm_log_warn (LOGD_CORE, "failed to create PolicyKit authority: (%d) %s",
|
||||
error ? error->code : -1,
|
||||
error && error->message ? error->message : "(unknown)");
|
||||
g_clear_error (&error);
|
||||
}
|
||||
/* Listen for authorization changes */
|
||||
nm_auth_set_changed_func (authority_changed_cb, manager);
|
||||
|
||||
/* Monitor the firmware directory */
|
||||
if (strlen (KERNEL_FIRMWARE_DIR)) {
|
||||
|
||||
@@ -32,7 +32,6 @@ libsettings_la_SOURCES = \
|
||||
nm-settings.h \
|
||||
nm-inotify-helper.c \
|
||||
nm-inotify-helper.h \
|
||||
nm-polkit-helpers.h \
|
||||
nm-settings-error.c \
|
||||
nm-settings-error.h \
|
||||
nm-system-config-interface.c \
|
||||
|
||||
@@ -33,7 +33,6 @@
|
||||
#include "nm-secret-agent.h"
|
||||
#include "nm-manager-auth.h"
|
||||
#include "nm-dbus-glib-types.h"
|
||||
#include "nm-polkit-helpers.h"
|
||||
#include "nm-manager-auth.h"
|
||||
#include "nm-setting-vpn.h"
|
||||
#include "nm-setting-connection.h"
|
||||
@@ -49,7 +48,6 @@ typedef struct {
|
||||
|
||||
NMDBusManager *dbus_mgr;
|
||||
NMSessionMonitor *session_monitor;
|
||||
PolkitAuthority *authority;
|
||||
|
||||
/* Hashed by owner name, not identifier, since two agents in different
|
||||
* sessions can use the same identifier.
|
||||
@@ -338,7 +336,6 @@ typedef void (*RequestCancelFunc) (Request *req);
|
||||
|
||||
struct _Request {
|
||||
guint32 reqid;
|
||||
PolkitAuthority *authority;
|
||||
NMAuthChain *chain;
|
||||
|
||||
NMConnection *connection;
|
||||
@@ -381,7 +378,6 @@ static guint32 next_req_id = 1;
|
||||
|
||||
static Request *
|
||||
request_new_get (NMConnection *connection,
|
||||
PolkitAuthority *authority,
|
||||
gboolean filter_by_uid,
|
||||
gulong uid_filter,
|
||||
GHashTable *existing_secrets,
|
||||
@@ -402,7 +398,6 @@ request_new_get (NMConnection *connection,
|
||||
req = g_malloc0 (sizeof (Request));
|
||||
req->reqid = next_req_id++;
|
||||
req->connection = g_object_ref (connection);
|
||||
req->authority = g_object_ref (authority);
|
||||
req->filter_by_uid = filter_by_uid;
|
||||
req->uid_filter = uid_filter;
|
||||
if (existing_secrets)
|
||||
@@ -462,8 +457,6 @@ request_free (Request *req)
|
||||
g_hash_table_unref (req->existing_secrets);
|
||||
if (req->chain)
|
||||
nm_auth_chain_unref (req->chain);
|
||||
if (req->authority)
|
||||
g_object_unref (req->authority);
|
||||
memset (req, 0, sizeof (Request));
|
||||
g_free (req);
|
||||
}
|
||||
@@ -896,8 +889,7 @@ get_next_cb (Request *req)
|
||||
nm_log_dbg (LOGD_AGENTS, "(%p/%s) request has system secrets; checking agent %s for MODIFY",
|
||||
req, req->setting_name, agent_dbus_owner);
|
||||
|
||||
req->chain = nm_auth_chain_new_dbus_sender (req->authority,
|
||||
agent_dbus_owner,
|
||||
req->chain = nm_auth_chain_new_dbus_sender (agent_dbus_owner,
|
||||
get_agent_modify_auth_cb,
|
||||
req);
|
||||
g_assert (req->chain);
|
||||
@@ -1050,7 +1042,6 @@ nm_agent_manager_get_secrets (NMAgentManager *self,
|
||||
*/
|
||||
|
||||
req = request_new_get (connection,
|
||||
priv->authority,
|
||||
filter_by_uid,
|
||||
uid_filter,
|
||||
existing_secrets,
|
||||
@@ -1335,15 +1326,6 @@ static void
|
||||
nm_agent_manager_init (NMAgentManager *self)
|
||||
{
|
||||
NMAgentManagerPrivate *priv = NM_AGENT_MANAGER_GET_PRIVATE (self);
|
||||
GError *error = NULL;
|
||||
|
||||
priv->authority = polkit_authority_get_sync (NULL, &error);
|
||||
if (!priv->authority) {
|
||||
nm_log_warn (LOGD_SETTINGS, "failed to create PolicyKit authority: (%d) %s",
|
||||
error ? error->code : -1,
|
||||
error && error->message ? error->message : "(unknown)");
|
||||
g_clear_error (&error);
|
||||
}
|
||||
|
||||
priv->agents = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_object_unref);
|
||||
priv->requests = g_hash_table_new_full (g_direct_hash,
|
||||
@@ -1365,7 +1347,6 @@ dispose (GObject *object)
|
||||
|
||||
g_object_unref (priv->session_monitor);
|
||||
g_object_unref (priv->dbus_mgr);
|
||||
g_object_unref (priv->authority);
|
||||
}
|
||||
|
||||
G_OBJECT_CLASS (nm_agent_manager_parent_class)->dispose (object);
|
||||
|
||||
@@ -1,41 +0,0 @@
|
||||
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
|
||||
/* NetworkManager system settings service
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* (C) Copyright 2008 Novell, Inc.
|
||||
* (C) Copyright 2008 - 2010 Red Hat, Inc.
|
||||
*/
|
||||
|
||||
#ifndef NM_POLKIT_HELPERS_H
|
||||
#define NM_POLKIT_HELPERS_H
|
||||
|
||||
#include <polkit/polkit.h>
|
||||
|
||||
/* Fix for polkit 0.97 and later */
|
||||
#if !HAVE_POLKIT_AUTHORITY_GET_SYNC
|
||||
static inline PolkitAuthority *
|
||||
polkit_authority_get_sync (GCancellable *cancellable, GError **error)
|
||||
{
|
||||
PolkitAuthority *authority;
|
||||
|
||||
authority = polkit_authority_get ();
|
||||
if (!authority)
|
||||
g_set_error (error, 0, 0, "failed to get the PolicyKit authority");
|
||||
return authority;
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* NM_POLKIT_HELPERS_H */
|
||||
@@ -34,7 +34,6 @@
|
||||
#include "nm-dbus-manager.h"
|
||||
#include "nm-settings-error.h"
|
||||
#include "nm-dbus-glib-types.h"
|
||||
#include "nm-polkit-helpers.h"
|
||||
#include "nm-logging.h"
|
||||
#include "nm-manager-auth.h"
|
||||
#include "nm-marshal.h"
|
||||
@@ -83,7 +82,6 @@ typedef struct {
|
||||
NMDBusManager *dbus_mgr;
|
||||
NMAgentManager *agent_mgr;
|
||||
|
||||
PolkitAuthority *authority;
|
||||
GSList *pending_auths; /* List of pending authentication requests */
|
||||
NMConnection *secrets;
|
||||
gboolean visible; /* Is this connection is visible by some session? */
|
||||
@@ -852,7 +850,7 @@ auth_start (NMSettingsConnection *self,
|
||||
}
|
||||
|
||||
if (check_permission) {
|
||||
chain = nm_auth_chain_new (priv->authority, context, NULL, pk_auth_cb, self);
|
||||
chain = nm_auth_chain_new (context, NULL, pk_auth_cb, self);
|
||||
g_assert (chain);
|
||||
nm_auth_chain_set_data (chain, "perm", (gpointer) check_permission, NULL);
|
||||
nm_auth_chain_set_data (chain, "callback", callback, NULL);
|
||||
@@ -1371,18 +1369,9 @@ nm_settings_connection_init (NMSettingsConnection *self)
|
||||
NMSettingsConnectionPrivate *priv = NM_SETTINGS_CONNECTION_GET_PRIVATE (self);
|
||||
static guint32 dbus_counter = 0;
|
||||
char *dbus_path;
|
||||
GError *error = NULL;
|
||||
|
||||
priv->dbus_mgr = nm_dbus_manager_get ();
|
||||
|
||||
priv->authority = polkit_authority_get_sync (NULL, &error);
|
||||
if (!priv->authority) {
|
||||
nm_log_warn (LOGD_SETTINGS, "failed to create PolicyKit authority: (%d) %s",
|
||||
error ? error->code : -1,
|
||||
error && error->message ? error->message : "(unknown)");
|
||||
g_clear_error (&error);
|
||||
}
|
||||
|
||||
dbus_path = g_strdup_printf ("%s/%u", NM_DBUS_PATH_SETTINGS, dbus_counter++);
|
||||
nm_connection_set_path (NM_CONNECTION (self), dbus_path);
|
||||
g_free (dbus_path);
|
||||
@@ -1429,7 +1418,6 @@ dispose (GObject *object)
|
||||
g_object_unref (priv->session_monitor);
|
||||
g_object_unref (priv->agent_mgr);
|
||||
g_object_unref (priv->dbus_mgr);
|
||||
g_object_unref (priv->authority);
|
||||
|
||||
out:
|
||||
G_OBJECT_CLASS (nm_settings_connection_parent_class)->dispose (object);
|
||||
|
||||
@@ -56,7 +56,6 @@
|
||||
#include "nm-dbus-glib-types.h"
|
||||
#include "nm-settings.h"
|
||||
#include "nm-settings-connection.h"
|
||||
#include "nm-polkit-helpers.h"
|
||||
#include "nm-settings-error.h"
|
||||
#include "nm-default-wired-connection.h"
|
||||
#include "nm-logging.h"
|
||||
@@ -114,8 +113,6 @@ typedef struct {
|
||||
|
||||
NMAgentManager *agent_mgr;
|
||||
|
||||
PolkitAuthority *authority;
|
||||
guint auth_changed_id;
|
||||
char *config_file;
|
||||
|
||||
NMSessionMonitor *session_monitor;
|
||||
@@ -999,7 +996,7 @@ nm_settings_add_connection (NMSettings *self,
|
||||
perm = NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM;
|
||||
|
||||
/* Otherwise validate the user request */
|
||||
chain = nm_auth_chain_new (priv->authority, context, NULL, pk_add_cb, self);
|
||||
chain = nm_auth_chain_new (context, NULL, pk_add_cb, self);
|
||||
g_assert (chain);
|
||||
priv->auths = g_slist_append (priv->auths, chain);
|
||||
nm_auth_chain_add_call (chain, perm, TRUE);
|
||||
@@ -1111,7 +1108,7 @@ impl_settings_save_hostname (NMSettings *self,
|
||||
}
|
||||
|
||||
/* Otherwise validate the user request */
|
||||
chain = nm_auth_chain_new (priv->authority, context, NULL, pk_hostname_cb, self);
|
||||
chain = nm_auth_chain_new (context, NULL, pk_hostname_cb, self);
|
||||
g_assert (chain);
|
||||
priv->auths = g_slist_append (priv->auths, chain);
|
||||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME, TRUE);
|
||||
@@ -1476,18 +1473,9 @@ static void
|
||||
nm_settings_init (NMSettings *self)
|
||||
{
|
||||
NMSettingsPrivate *priv = NM_SETTINGS_GET_PRIVATE (self);
|
||||
GError *error = NULL;
|
||||
|
||||
priv->connections = g_hash_table_new_full (g_str_hash, g_str_equal, NULL, g_object_unref);
|
||||
|
||||
priv->authority = polkit_authority_get_sync (NULL, &error);
|
||||
if (!priv->authority) {
|
||||
nm_log_warn (LOGD_SETTINGS, "failed to create PolicyKit authority: (%d) %s",
|
||||
error ? error->code : -1,
|
||||
error && error->message ? error->message : "(unknown)");
|
||||
g_clear_error (&error);
|
||||
}
|
||||
|
||||
priv->session_monitor = nm_session_monitor_get ();
|
||||
|
||||
/* Hold a reference to the agent manager so it stays alive; the only
|
||||
@@ -1505,11 +1493,6 @@ dispose (GObject *object)
|
||||
NMSettingsPrivate *priv = NM_SETTINGS_GET_PRIVATE (self);
|
||||
GSList *iter;
|
||||
|
||||
if (priv->auth_changed_id) {
|
||||
g_signal_handler_disconnect (priv->authority, priv->auth_changed_id);
|
||||
priv->auth_changed_id = 0;
|
||||
}
|
||||
|
||||
for (iter = priv->auths; iter; iter = g_slist_next (iter))
|
||||
nm_auth_chain_unref ((NMAuthChain *) iter->data);
|
||||
g_slist_free (priv->auths);
|
||||
|
||||
Reference in New Issue
Block a user