colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

core: add nm_auth_is_subject_in_acl_set_error() helper

Browse Source
This commit is contained in:
Thomas Haller
2018-04-12 09:34:40 +02:00
parent 1a33ab17de
commit f94167d8b1
2 changed files with 32 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/nm-auth-utils.c
View File

@@ -410,8 +410,8 @@ nm_auth_is_subject_in_acl (NMConnection *connection,
return TRUE; return TRUE;
if (!nm_session_monitor_uid_to_user (uid, &user)) { if (!nm_session_monitor_uid_to_user (uid, &user)) {
if (out_error_desc) NM_SET_OUT (out_error_desc,
*out_error_desc = g_strdup_printf ("Could not determine username for uid %lu", uid); g_strdup_printf ("Could not determine username for uid %lu", uid));
return FALSE; return FALSE;
} }
@@ -425,10 +425,31 @@ nm_auth_is_subject_in_acl (NMConnection *connection,
/* Match the username returned by the session check to a user in the ACL */ /* Match the username returned by the session check to a user in the ACL */
if (!nm_setting_connection_permissions_user_allowed (s_con, user)) { if (!nm_setting_connection_permissions_user_allowed (s_con, user)) {
if (out_error_desc) NM_SET_OUT (out_error_desc,
*out_error_desc = g_strdup_printf ("uid %lu has no permission to perform this operation", uid); g_strdup_printf ("uid %lu has no permission to perform this operation", uid));
return FALSE; return FALSE;
} }
return TRUE; return TRUE;
} }
gboolean
nm_auth_is_subject_in_acl_set_error (NMConnection *connection,
NMAuthSubject *subject,
GQuark err_domain,
int err_code,
GError **error)
{
char *error_desc = NULL;
nm_assert (!error || !*error);
if (nm_auth_is_subject_in_acl (connection,
subject,
error ? &error_desc : NULL))
return TRUE;
g_set_error_literal (error, err_domain, err_code, error_desc);
g_free (error_desc);
return FALSE;
}

8
src/nm-auth-utils.h
View File

@@ -59,12 +59,18 @@ void nm_auth_chain_add_call (NMAuthChain *chain,
void nm_auth_chain_destroy (NMAuthChain *chain); void nm_auth_chain_destroy (NMAuthChain *chain);
NMAuthSubject *nm_auth_chain_get_subject (NMAuthChain *self);
/* Caller must free returned error description */ /* Caller must free returned error description */
gboolean nm_auth_is_subject_in_acl (NMConnection *connection, gboolean nm_auth_is_subject_in_acl (NMConnection *connection,
NMAuthSubject *subect, NMAuthSubject *subect,
char **out_error_desc); char **out_error_desc);
NMAuthSubject *nm_auth_chain_get_subject (NMAuthChain *self); gboolean nm_auth_is_subject_in_acl_set_error (NMConnection *connection,
NMAuthSubject *subject,
GQuark err_domain,
int err_code,
GError **error);
#endif /* __NETWORKMANAGER_MANAGER_AUTH_H__ */ #endif /* __NETWORKMANAGER_MANAGER_AUTH_H__ */