core: add nm_auth_is_subject_in_acl_set_error() helper

This commit is contained in:
Thomas Haller
2018-04-12 09:34:40 +02:00
parent 1a33ab17de
commit f94167d8b1
2 changed files with 32 additions and 5 deletions

View File

@@ -410,8 +410,8 @@ nm_auth_is_subject_in_acl (NMConnection *connection,
return TRUE;
if (!nm_session_monitor_uid_to_user (uid, &user)) {
if (out_error_desc)
*out_error_desc = g_strdup_printf ("Could not determine username for uid %lu", uid);
NM_SET_OUT (out_error_desc,
g_strdup_printf ("Could not determine username for uid %lu", uid));
return FALSE;
}
@@ -425,10 +425,31 @@ nm_auth_is_subject_in_acl (NMConnection *connection,
/* Match the username returned by the session check to a user in the ACL */
if (!nm_setting_connection_permissions_user_allowed (s_con, user)) {
if (out_error_desc)
*out_error_desc = g_strdup_printf ("uid %lu has no permission to perform this operation", uid);
NM_SET_OUT (out_error_desc,
g_strdup_printf ("uid %lu has no permission to perform this operation", uid));
return FALSE;
}
return TRUE;
}
gboolean
nm_auth_is_subject_in_acl_set_error (NMConnection *connection,
NMAuthSubject *subject,
GQuark err_domain,
int err_code,
GError **error)
{
char *error_desc = NULL;
nm_assert (!error || !*error);
if (nm_auth_is_subject_in_acl (connection,
subject,
error ? &error_desc : NULL))
return TRUE;
g_set_error_literal (error, err_domain, err_code, error_desc);
g_free (error_desc);
return FALSE;
}

View File

@@ -59,12 +59,18 @@ void nm_auth_chain_add_call (NMAuthChain *chain,
void nm_auth_chain_destroy (NMAuthChain *chain);
NMAuthSubject *nm_auth_chain_get_subject (NMAuthChain *self);
/* Caller must free returned error description */
gboolean nm_auth_is_subject_in_acl (NMConnection *connection,
NMAuthSubject *subect,
char **out_error_desc);
NMAuthSubject *nm_auth_chain_get_subject (NMAuthChain *self);
gboolean nm_auth_is_subject_in_acl_set_error (NMConnection *connection,
NMAuthSubject *subject,
GQuark err_domain,
int err_code,
GError **error);
#endif /* __NETWORKMANAGER_MANAGER_AUTH_H__ */