system/NetworkManager
system/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager synced 2024-07-22 10:46:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

shared: move nm-dbus-auth-subject to shared/nm-libnm-core-intern

Browse source 
Move it to shared as it's useful for clients as well.

Move and rename nm_dbus_manager_new_auth_subject_from_context() and
nm_dbus_manager_new_auth_subject_from_message() in nm-dbus-manager.c
as they're needed there.
This commit is contained in:
Antonio Cardace 2019-12-19 11:30:38 +01:00
parent c0f1a657c3
commit 0f7994328d
21 changed files with 134 additions and 102 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Makefile.am
View file

@ -476,6 +476,8 @@ shared_nm_libnm_core_intern_libnm_libnm_core_intern_la_SOURCES = \
shared/nm-libnm-core-intern/nm-ethtool-utils.h \
shared/nm-libnm-core-intern/nm-libnm-core-utils.c \
shared/nm-libnm-core-intern/nm-libnm-core-utils.h \
shared/nm-libnm-core-intern/nm-auth-subject.c \
shared/nm-libnm-core-intern/nm-auth-subject.h \
$(NULL)
shared_nm_libnm_core_intern_libnm_libnm_core_intern_la_LDFLAGS = \
@ -2244,8 +2246,6 @@ src_libNetworkManager_la_SOURCES = \
src/nm-proxy-config.h \
src/nm-auth-manager.c \
src/nm-auth-manager.h \
src/nm-auth-subject.c \
src/nm-auth-subject.h \
src/nm-auth-utils.c \
src/nm-auth-utils.h \
src/nm-manager.c \

2
libnm-core/meson.build
View file

@ -85,7 +85,7 @@ libnm_core_enum_sources = gnome.mkenums_simple(
libnm_libnm_core_intern = static_library(
'nm-libnm-core-intern',
sources: nm_ethtool_utils_source + nm_libnm_core_utils_source + [libnm_core_enum_sources[1]],
sources: nm_ethtool_utils_source + nm_libnm_core_utils_source + nm_auth_subject_source + [libnm_core_enum_sources[1]],
dependencies: libnm_core_nm_default_dep,
c_args: common_c_flags,
)

2
shared/meson.build
View file

@ -119,6 +119,8 @@ nm_test_utils_impl_source = files('nm-test-utils-impl.c')
nm_vpn_plugin_utils_source = files('nm-utils/nm-vpn-plugin-utils.c')
nm_auth_subject_source = files('nm-libnm-core-intern/nm-auth-subject.c')
c_flags = [
'-DG_LOG_DOMAIN="@0@"'.format(libnm_name),
'-DNETWORKMANAGER_COMPILATION=0',

107
src/nm-auth-subject.c → shared/nm-libnm-core-intern/nm-auth-subject.c
View file

@ -17,8 +17,6 @@
#include <stdlib.h>
#include "nm-dbus-manager.h"
enum {
PROP_0,
PROP_SUBJECT_TYPE,
@ -152,74 +150,6 @@ nm_auth_subject_get_unix_process_dbus_sender (NMAuthSubject *subject)
/*****************************************************************************/
static NMAuthSubject *
_new_unix_process (GDBusMethodInvocation *context,
GDBusConnection *connection,
GDBusMessage *message)
{
NMAuthSubject *self;
const char *dbus_sender = NULL;
gulong uid = 0;
gulong pid = 0;
gboolean success;
g_return_val_if_fail (context || (connection && message), NULL);
if (context) {
success = nm_dbus_manager_get_caller_info (nm_dbus_manager_get (),
context,
&dbus_sender,
&uid,
&pid);
} else {
nm_assert (message);
success = nm_dbus_manager_get_caller_info_from_message (nm_dbus_manager_get (),
connection,
message,
&dbus_sender,
&uid,
&pid);
}
if (!success)
return NULL;
g_return_val_if_fail (dbus_sender && *dbus_sender, NULL);
/* polkit glib library stores uid and pid as int. There might be some
* pitfalls if the id ever happens to be larger then that. Just assert against
* it here. */
g_return_val_if_fail (uid <= MIN (G_MAXINT, G_MAXINT32), NULL);
g_return_val_if_fail (pid > 0 && pid <= MIN (G_MAXINT, G_MAXINT32), NULL);
self = NM_AUTH_SUBJECT (g_object_new (NM_TYPE_AUTH_SUBJECT,
NM_AUTH_SUBJECT_SUBJECT_TYPE, (int) NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS,
NM_AUTH_SUBJECT_UNIX_PROCESS_DBUS_SENDER, dbus_sender,
NM_AUTH_SUBJECT_UNIX_PROCESS_PID, (gulong) pid,
NM_AUTH_SUBJECT_UNIX_PROCESS_UID, (gulong) uid,
NULL));
if (NM_AUTH_SUBJECT_GET_PRIVATE (self)->subject_type != NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS) {
/* this most likely happened because the process is gone (start_time==0).
* Either that is not assert-worthy, or constructed() already asserted.
* Just return NULL. */
g_clear_object (&self);
}
return self;
}
NMAuthSubject *
nm_auth_subject_new_unix_process_from_context (GDBusMethodInvocation *context)
{
return _new_unix_process (context, NULL, NULL);
}
NMAuthSubject *
nm_auth_subject_new_unix_process_from_message (GDBusConnection *connection,
GDBusMessage *message)
{
return _new_unix_process (NULL, connection, message);
}
/**
* nm_auth_subject_new_internal():
*
@ -231,8 +161,39 @@ NMAuthSubject *
nm_auth_subject_new_internal (void)
{
return NM_AUTH_SUBJECT (g_object_new (NM_TYPE_AUTH_SUBJECT,
NM_AUTH_SUBJECT_SUBJECT_TYPE, (int) NM_AUTH_SUBJECT_TYPE_INTERNAL,
NULL));
NM_AUTH_SUBJECT_SUBJECT_TYPE, (int) NM_AUTH_SUBJECT_TYPE_INTERNAL,
NULL));
}
/**
* nm_auth_subject_new_unix_process():
*
* Creates a new auth subject representing a give unix process.
*
* Returns: the new #NMAuthSubject
*/
NMAuthSubject *
nm_auth_subject_new_unix_process (const char *dbus_sender, gulong pid, gulong uid)
{
return NM_AUTH_SUBJECT (g_object_new (NM_TYPE_AUTH_SUBJECT,
NM_AUTH_SUBJECT_SUBJECT_TYPE, (int) NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS,
NM_AUTH_SUBJECT_UNIX_PROCESS_DBUS_SENDER, dbus_sender,
NM_AUTH_SUBJECT_UNIX_PROCESS_PID, pid,
NM_AUTH_SUBJECT_UNIX_PROCESS_UID, uid,
NULL));
}
/**
* nm_auth_subject_new_unix_process_self():
*
* Creates a new auth subject representing the current executing process.
*
* Returns: the new #NMAuthSubject
*/
NMAuthSubject *
nm_auth_subject_new_unix_process_self (void)
{
return nm_auth_subject_new_unix_process (NULL, getpid(), getuid());
}
/*****************************************************************************/
@ -349,8 +310,6 @@ constructed (GObject *object)
* Don't bother and require the user id as parameter. */
break;
}
if (!priv->unix_process.dbus_sender || !*priv->unix_process.dbus_sender)
break;
priv->unix_process.start_time = nm_utils_get_start_time_for_pid (priv->unix_process.pid, NULL, NULL);

5
src/nm-auth-subject.h → shared/nm-libnm-core-intern/nm-auth-subject.h
View file

@ -25,14 +25,15 @@ typedef enum {
#define NM_AUTH_SUBJECT_UNIX_PROCESS_UID "unix-process-uid"
typedef struct _NMAuthSubjectClass NMAuthSubjectClass;
typedef struct _NMAuthSubject NMAuthSubject;
GType nm_auth_subject_get_type (void);
NMAuthSubject *nm_auth_subject_new_internal (void);
NMAuthSubject *nm_auth_subject_new_unix_process_from_context (GDBusMethodInvocation *context);
NMAuthSubject *nm_auth_subject_new_unix_process (const char *dbus_sender, gulong pid, gulong uid);
NMAuthSubject *nm_auth_subject_new_unix_process_from_message (GDBusConnection *connection, GDBusMessage *message);
NMAuthSubject *nm_auth_subject_new_unix_process_self (void);
NMAuthSubjectType nm_auth_subject_get_subject_type (NMAuthSubject *subject);

1
src/meson.build
View file

@ -125,7 +125,6 @@ sources = files(
'nm-act-request.c',
'nm-audit-manager.c',
'nm-auth-manager.c',
'nm-auth-subject.c',
'nm-auth-utils.c',
'nm-dbus-manager.c',
'nm-checkpoint.c',

2
src/nm-act-request.c
View file

@ -19,7 +19,7 @@
#include "devices/nm-device.h"
#include "nm-active-connection.h"
#include "settings/nm-settings-connection.h"
#include "nm-auth-subject.h"
#include "nm-libnm-core-intern/nm-auth-subject.h"
typedef struct {
char *table;

2
src/nm-active-connection.c
View file

@ -14,7 +14,7 @@
#include "nm-simple-connection.h"
#include "nm-auth-utils.h"
#include "nm-auth-manager.h"
#include "nm-auth-subject.h"
#include "nm-libnm-core-intern/nm-auth-subject.h"
#include "nm-keep-alive.h"
#include "NetworkManagerUtils.h"
#include "nm-core-internal.h"

5
src/nm-audit-manager.c
View file

@ -11,8 +11,9 @@
#include <libaudit.h>
#endif
#include "nm-auth-subject.h"
#include "nm-libnm-core-intern/nm-auth-subject.h"
#include "nm-config.h"
#include "nm-dbus-manager.h"
#include "settings/nm-settings-connection.h"
/*****************************************************************************/
@ -195,7 +196,7 @@ _audit_log_helper (NMAuditManager *self,
else if (G_IS_DBUS_METHOD_INVOCATION (subject_context)) {
GDBusMethodInvocation *context = subject_context;
subject = subject_free = nm_auth_subject_new_unix_process_from_context (context);
subject = subject_free = nm_dbus_manager_new_auth_subject_from_context (context);
} else
g_warn_if_reached ();
}

2
src/nm-auth-manager.h
View file

@ -6,7 +6,7 @@
#ifndef NM_AUTH_MANAGER_H
#define NM_AUTH_MANAGER_H
#include "nm-auth-subject.h"
#include "nm-libnm-core-intern/nm-auth-subject.h"
#include "nm-config-data.h"
/*****************************************************************************/

5
src/nm-auth-utils.c
View file

@ -9,9 +9,10 @@
#include "nm-glib-aux/nm-c-list.h"
#include "nm-setting-connection.h"
#include "nm-auth-subject.h"
#include "nm-libnm-core-intern/nm-auth-subject.h"
#include "nm-auth-manager.h"
#include "nm-session-monitor.h"
#include "nm-dbus-manager.h"
/*****************************************************************************/
@ -395,7 +396,7 @@ nm_auth_chain_new_context (GDBusMethodInvocation *context,
g_return_val_if_fail (context, NULL);
nm_assert (done_func);
subject = nm_auth_subject_new_unix_process_from_context (context);
subject = nm_dbus_manager_new_auth_subject_from_context (context);
if (!subject)
return NULL;

2
src/nm-checkpoint.c
View file

@ -9,7 +9,7 @@
#include "nm-active-connection.h"
#include "nm-act-request.h"
#include "nm-auth-subject.h"
#include "nm-libnm-core-intern/nm-auth-subject.h"
#include "nm-core-utils.h"
#include "nm-dbus-interface.h"
#include "devices/nm-device.h"

64
src/nm-dbus-manager.c
View file

@ -19,6 +19,7 @@
#include "nm-std-aux/nm-dbus-compat.h"
#include "nm-dbus-object.h"
#include "NetworkManagerUtils.h"
#include "nm-libnm-core-intern/nm-auth-subject.h"
/* The base path for our GDBusObjectManagerServers. They do not contain
* "NetworkManager" because GDBusObjectManagerServer requires that all
@ -1669,3 +1670,66 @@ nm_dbus_manager_class_init (NMDBusManagerClass *klass)
0, NULL, NULL, NULL,
G_TYPE_NONE, 1, G_TYPE_POINTER);
}
static NMAuthSubject *
_new_unix_process (GDBusMethodInvocation *context,
GDBusConnection *connection,
GDBusMessage *message)
{
NMAuthSubject *self;
const char *dbus_sender = NULL;
gulong uid = 0;
gulong pid = 0;
gboolean success;
g_return_val_if_fail (context || (connection && message), NULL);
if (context) {
success = nm_dbus_manager_get_caller_info (nm_dbus_manager_get (),
context,
&dbus_sender,
&uid,
&pid);
} else {
nm_assert (message);
success = nm_dbus_manager_get_caller_info_from_message (nm_dbus_manager_get (),
connection,
message,
&dbus_sender,
&uid,
&pid);
}
if (!success)
return NULL;
g_return_val_if_fail (dbus_sender && *dbus_sender, NULL);
/* polkit glib library stores uid and pid as int. There might be some
* pitfalls if the id ever happens to be larger then that. Just assert against
* it here. */
g_return_val_if_fail (uid <= MIN (G_MAXINT, G_MAXINT32), NULL);
g_return_val_if_fail (pid > 0 && pid <= MIN (G_MAXINT, G_MAXINT32), NULL);
self = nm_auth_subject_new_unix_process (dbus_sender, pid, uid);
if (nm_auth_subject_get_subject_type (self) != NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS) {
/* this most likely happened because the process is gone (start_time==0).
* Either that is not assert-worthy, or constructed() already asserted.
* Just return NULL. */
g_clear_object (&self);
}
return self;
}
NMAuthSubject *
nm_dbus_manager_new_auth_subject_from_context (GDBusMethodInvocation *context)
{
return _new_unix_process (context, NULL, NULL);
}
NMAuthSubject *
nm_dbus_manager_new_auth_subject_from_message (GDBusConnection *connection,
GDBusMessage *message)
{
return _new_unix_process (NULL, connection, message);
}

5
src/nm-dbus-manager.h
View file

@ -88,4 +88,9 @@ void nm_dbus_manager_private_server_register (NMDBusManager *self,
const char *path,
const char *tag);
NMAuthSubject *nm_dbus_manager_new_auth_subject_from_context (GDBusMethodInvocation *context);
NMAuthSubject *nm_dbus_manager_new_auth_subject_from_message (GDBusConnection *connection,
GDBusMessage *message);
#endif /* __NM_DBUS_MANAGER_H__ */

10
src/nm-manager.c
View file

@ -2437,7 +2437,7 @@ device_auth_request_cb (NMDevice *device,
char *permission_dup;
/* Validate the caller */
subject = nm_auth_subject_new_unix_process_from_context (context);
subject = nm_dbus_manager_new_auth_subject_from_context (context);
if (!subject) {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
@ -5174,7 +5174,7 @@ validate_activation_request (NMManager *self,
connection = nm_settings_connection_get_connection (sett_conn);
/* Validate the caller */
subject = nm_auth_subject_new_unix_process_from_context (context);
subject = nm_dbus_manager_new_auth_subject_from_context (context);
if (!subject) {
g_set_error_literal (error,
NM_MANAGER_ERROR,
@ -5824,7 +5824,7 @@ impl_manager_deactivate_connection (NMDBusObject *obj,
}
/* Validate the caller */
subject = nm_auth_subject_new_unix_process_from_context (invocation);
subject = nm_dbus_manager_new_auth_subject_from_context (invocation);
if (!subject) {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
@ -6108,7 +6108,7 @@ impl_manager_sleep (NMDBusObject *obj,
g_variant_get (parameters, "(b)", &do_sleep);
subject = nm_auth_subject_new_unix_process_from_context (invocation);
subject = nm_dbus_manager_new_auth_subject_from_context (invocation);
if (priv->sleeping == do_sleep) {
error = g_error_new (NM_MANAGER_ERROR,
@ -6935,7 +6935,7 @@ nm_manager_dbus_set_property_handle (NMDBusObject *obj,
gs_unref_object NMAuthSubject *subject = NULL;
DBusSetPropertyHandle *handle_data;
subject = nm_auth_subject_new_unix_process_from_context (invocation);
subject = nm_dbus_manager_new_auth_subject_from_context (invocation);
if (!subject) {
error_message = NM_UTILS_ERROR_MSG_REQ_UID_UKNOWN;
goto err;

2
src/settings/nm-agent-manager.c
View file

@ -374,7 +374,7 @@ agent_manager_register_with_capabilities (NMAgentManager *self,
NMSecretAgent *agent;
NMAuthChain *chain;
subject = nm_auth_subject_new_unix_process_from_context (context);
subject = nm_dbus_manager_new_auth_subject_from_context (context);
if (!subject) {
error = g_error_new_literal (NM_AGENT_MANAGER_ERROR,
NM_AGENT_MANAGER_ERROR_PERMISSION_DENIED,

2
src/settings/nm-secret-agent.c
View file

@ -14,7 +14,7 @@
#include "nm-glib-aux/nm-dbus-aux.h"
#include "nm-dbus-interface.h"
#include "nm-core-internal.h"
#include "nm-auth-subject.h"
#include "nm-libnm-core-intern/nm-auth-subject.h"
#include "nm-simple-connection.h"
#include "NetworkManagerUtils.h"
#include "c-list/src/c-list.h"

4
src/settings/nm-settings-connection.c
View file

@ -18,12 +18,12 @@
#include "nm-session-monitor.h"
#include "nm-auth-manager.h"
#include "nm-auth-utils.h"
#include "nm-auth-subject.h"
#include "nm-agent-manager.h"
#include "NetworkManagerUtils.h"
#include "nm-core-internal.h"
#include "nm-audit-manager.h"
#include "nm-settings.h"
#include "nm-dbus-manager.h"
#include "settings/plugins/keyfile/nms-keyfile-storage.h"
#define AUTOCONNECT_RETRIES_UNSET -2
@ -1249,7 +1249,7 @@ _new_auth_subject (GDBusMethodInvocation *context, GError **error)
{
NMAuthSubject *subject;
subject = nm_auth_subject_new_unix_process_from_context (context);
subject = nm_dbus_manager_new_auth_subject_from_context (context);
if (!subject) {
g_set_error_literal (error,
NM_SETTINGS_ERROR,

6
src/settings/nm-settings.c
View file

@ -54,7 +54,7 @@
#include "nm-settings-plugin.h"
#include "nm-dbus-manager.h"
#include "nm-auth-utils.h"
#include "nm-auth-subject.h"
#include "nm-libnm-core-intern/nm-auth-subject.h"
#include "nm-session-monitor.h"
#include "plugins/keyfile/nms-keyfile-plugin.h"
#include "plugins/keyfile/nms-keyfile-storage.h"
@ -2574,7 +2574,7 @@ settings_add_connection_helper (NMSettings *self,
return;
}
subject = nm_auth_subject_new_unix_process_from_context (context);
subject = nm_dbus_manager_new_auth_subject_from_context (context);
if (!subject) {
g_dbus_method_invocation_return_error_literal (context,
NM_SETTINGS_ERROR,
@ -2918,7 +2918,7 @@ impl_settings_get_connection_by_uuid (NMDBusObject *obj,
goto error;
}
subject = nm_auth_subject_new_unix_process_from_context (invocation);
subject = nm_dbus_manager_new_auth_subject_from_context (invocation);
if (!subject) {
error = g_error_new_literal (NM_SETTINGS_ERROR,
NM_SETTINGS_ERROR_PERMISSION_DENIED,

2
src/supplicant/nm-supplicant-config.c
View file

@ -14,7 +14,7 @@
#include "nm-supplicant-settings-verify.h"
#include "nm-setting.h"
#include "nm-auth-subject.h"
#include "nm-libnm-core-intern/nm-auth-subject.h"
#include "NetworkManagerUtils.h"
#include "nm-utils.h"
#include "nm-setting-ip4-config.h"

2
src/vpn/nm-vpn-connection.h
View file

@ -9,7 +9,7 @@
#include "nm-vpn-dbus-interface.h"
#include "devices/nm-device.h"
#include "nm-auth-subject.h"
#include "nm-libnm-core-intern/nm-auth-subject.h"
#include "nm-active-connection.h"
#include "nm-vpn-plugin-info.h"