system/NetworkManager
system/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager synced 2024-07-21 10:14:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

nm-sudo: rename to nm-priv-helper

Browse source 
The name "nm-sudo" reminds of the "sudo" tool, and this is a bit
confusing because it's not related. Rename the service to
"nm-priv-helper", which stands for "NM privileged helper".

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/938
(cherry picked from commit d68ab6b8f0)
This commit is contained in:
Beniamino Galvani 2021-12-13 16:06:16 +01:00
parent 94215cdb07
commit 6074ab1e00
27 changed files with 271 additions and 250 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.gitignore vendored
View file

@ -71,8 +71,8 @@ test-*.trs
/src/nm-dispatcher/org.freedesktop.nm_dispatcher.service
/src/nm-dispatcher/tests/test-dispatcher-envp
/src/nm-sudo/nm-sudo
/src/nm-sudo/org.freedesktop.nm.sudo.service
/src/nm-priv-helper/nm-priv-helper
/src/nm-priv-helper/org.freedesktop.nm-priv-helper.service
/data/NetworkManager.service
/data/NetworkManager-wait-online.service
@ -82,6 +82,7 @@ test-*.trs
/data/org.freedesktop.NetworkManager.policy
/data/org.freedesktop.NetworkManager.policy.in
/data/nm-sudo.service
/data/nm-priv-helper.service
/docs/api/version.xml
/docs/api/settings-spec.html
@ -436,6 +437,8 @@ test-*.trs
/src/ndisc/tests/test-ndisc-linux
/src/nm-daemon-helper/nm-daemon-helper
/src/nm-iface-helper
/src/nm-sudo/nm-sudo
/src/nm-sudo/org.freedesktop.nm.sudo.service
/src/platform/tests/dump
/src/platform/tests/monitor
/src/platform/tests/platform

44
Makefile.am
View file

@ -505,8 +505,8 @@ src_libnm_base_libnm_base_la_SOURCES = \
src/libnm-base/nm-ethtool-utils-base.h \
src/libnm-base/nm-net-aux.c \
src/libnm-base/nm-net-aux.h \
src/libnm-base/nm-sudo-utils.c \
src/libnm-base/nm-sudo-utils.h \
src/libnm-base/nm-priv-helper-utils.c \
src/libnm-base/nm-priv-helper-utils.h \
$(NULL)
src_libnm_base_libnm_base_la_LDFLAGS = \
@ -2602,8 +2602,8 @@ src_core_libNetworkManager_la_SOURCES = \
src/core/nm-rfkill-manager.h \
src/core/nm-session-monitor.c \
src/core/nm-session-monitor.h \
src/core/nm-sudo-call.c \
src/core/nm-sudo-call.h \
src/core/nm-priv-helper-call.c \
src/core/nm-priv-helper-call.h \
src/core/nm-keep-alive.c \
src/core/nm-keep-alive.h \
src/core/nm-sleep-monitor.c \
@ -4623,16 +4623,16 @@ EXTRA_DIST += \
$(NULL)
###############################################################################
# src/nm-sudo
# src/nm-priv-helper
###############################################################################
libexec_PROGRAMS += src/nm-sudo/nm-sudo
libexec_PROGRAMS += src/nm-priv-helper/nm-priv-helper
src_nm_sudo_nm_sudo_SOURCES = \
src/nm-sudo/nm-sudo.c \
src_nm_priv_helper_nm_priv_helper_SOURCES = \
src/nm-priv-helper/nm-priv-helper.c \
$(NULL)
src_nm_sudo_nm_sudo_CPPFLAGS = \
src_nm_priv_helper_nm_priv_helper_CPPFLAGS = \
$(dflt_cppflags) \
-I$(builddir)/src/libnm-core-public \
-I$(srcdir)/src/libnm-core-public \
@ -4643,12 +4643,12 @@ src_nm_sudo_nm_sudo_CPPFLAGS = \
$(GLIB_CFLAGS) \
$(NULL)
src_nm_sudo_nm_sudo_LDFLAGS = \
src_nm_priv_helper_nm_priv_helper_LDFLAGS = \
-Wl,--version-script="$(srcdir)/linker-script-binary.ver" \
$(SANITIZER_EXEC_LDFLAGS) \
$(NULL)
src_nm_sudo_nm_sudo_LDADD = \
src_nm_priv_helper_nm_priv_helper_LDADD = \
src/libnm-base/libnm-base.la \
src/libnm-glib-aux/libnm-glib-aux.la \
src/libnm-std-aux/libnm-std-aux.la \
@ -4656,20 +4656,20 @@ src_nm_sudo_nm_sudo_LDADD = \
$(GLIB_LIBS) \
$(NULL)
src/nm-sudo/org.freedesktop.nm.sudo.service: $(srcdir)/src/nm-sudo/org.freedesktop.nm.sudo.service.in
src/nm-priv-helper/org.freedesktop.nm-priv-helper.service: $(srcdir)/src/nm-priv-helper/org.freedesktop.nm-priv-helper.service.in
@sed \
-e 's|@libexecdir[@]|$(libexecdir)|g' \
$< >$@
dbusactivation_DATA += src/nm-sudo/org.freedesktop.nm.sudo.service
CLEANFILES += src/nm-sudo/org.freedesktop.nm.sudo.service
dbusactivation_DATA += src/nm-priv-helper/org.freedesktop.nm-priv-helper.service
CLEANFILES += src/nm-priv-helper/org.freedesktop.nm-priv-helper.service
dbusservice_DATA += src/nm-sudo/nm-sudo.conf
dbusservice_DATA += src/nm-priv-helper/nm-priv-helper.conf
EXTRA_DIST += \
src/nm-sudo/nm-sudo.conf \
src/nm-sudo/org.freedesktop.nm.sudo.service.in \
src/nm-sudo/meson.build \
src/nm-priv-helper/nm-priv-helper.conf \
src/nm-priv-helper/org.freedesktop.nm-priv-helper.service.in \
src/nm-priv-helper/meson.build \
$(NULL)
###############################################################################
@ -5362,7 +5362,7 @@ systemdsystemunit_DATA += \
data/NetworkManager.service \
data/NetworkManager-wait-online.service \
data/NetworkManager-dispatcher.service \
data/nm-sudo.service \
data/nm-priv-helper.service \
$(NULL)
data/NetworkManager.service: $(srcdir)/data/NetworkManager.service.in
@ -5379,7 +5379,7 @@ endif
data/NetworkManager-dispatcher.service: $(srcdir)/data/NetworkManager-dispatcher.service.in
$(AM_V_GEN) $(data_edit) $< >$@
data/nm-sudo.service: $(srcdir)/data/nm-sudo.service.in
data/nm-priv-helper.service: $(srcdir)/data/nm-priv-helper.service.in
$(AM_V_GEN) $(data_edit) $< >$@
endif
@ -5411,7 +5411,7 @@ EXTRA_DIST += \
data/NetworkManager-wait-online-systemd-pre200.service.in \
data/NetworkManager-wait-online.service.in \
data/NetworkManager.service.in \
data/nm-sudo.service.in \
data/nm-priv-helper.service.in \
data/meson.build \
data/nm-shared.xml \
data/server.conf.in \
@ -5421,7 +5421,7 @@ CLEANFILES += \
data/NetworkManager-dispatcher.service \
data/NetworkManager-wait-online.service \
data/NetworkManager.service \
data/nm-sudo.service \
data/nm-priv-helper.service \
data/server.conf \
$(NULL)

4
NEWS
View file

@ -20,8 +20,8 @@ USE AT YOUR OWN RISK. NOT RECOMMENDED FOR PRODUCTION USE!
Adjust the "dns-priority" to your liking after import yourself.
* NetworkManager no longer listens for netlink events for traffic
control objects (qdiscs and filters).
* core: add internal nm-sudo service for separating privileges and have
a way to drop capabilities from NetworkManager daemon.
* core: add internal nm-priv-helper service for separating privileges
and have a way to drop capabilities from NetworkManager daemon.
* bond: add support for setting queue-id of bond port.
* dns: support configuring DNS over TLS (DoT) with systemd-resolved.
* nmtui: add support for WireGuard profiles.

12
contrib/fedora/rpm/NetworkManager.spec
View file

@ -40,7 +40,7 @@
%global real_version_major %(printf '%s' '%{real_version}' | sed -n 's/^\\([1-9][0-9]*\\.[0-9][0-9]*\\)\\.[0-9][0-9]*$/\\1/p')
%global systemd_units NetworkManager.service NetworkManager-wait-online.service NetworkManager-dispatcher.service nm-sudo.service
%global systemd_units NetworkManager.service NetworkManager-wait-online.service NetworkManager-dispatcher.service nm-priv-helper.service
%global systemd_units_cloud_setup nm-cloud-setup.service nm-cloud-setup.timer
@ -943,7 +943,7 @@ if [ $1 -eq 0 ]; then
/usr/sbin/update-alternatives --remove ifup %{_libexecdir}/nm-ifup >/dev/null 2>&1 || :
fi
%systemd_preun NetworkManager-wait-online.service NetworkManager-dispatcher.service nm-sudo.service
%systemd_preun NetworkManager-wait-online.service NetworkManager-dispatcher.service nm-priv-helper.service
%if %{with nm_cloud_setup}
@ -977,7 +977,7 @@ fi
%files
%{dbus_sys_dir}/org.freedesktop.NetworkManager.conf
%{dbus_sys_dir}/nm-dispatcher.conf
%{dbus_sys_dir}/nm-sudo.conf
%{dbus_sys_dir}/nm-priv-helper.conf
%{dbus_sys_dir}/nm-ifcfg-rh.conf
%{_sbindir}/%{name}
%{_bindir}/nmcli
@ -1003,7 +1003,7 @@ fi
%{_libexecdir}/nm-iface-helper
%{_libexecdir}/nm-initrd-generator
%{_libexecdir}/nm-daemon-helper
%{_libexecdir}/nm-sudo
%{_libexecdir}/nm-priv-helper
%dir %{_libdir}/%{name}
%dir %{nmplugindir}
%{nmplugindir}/libnm-settings-plugin*.so
@ -1027,7 +1027,7 @@ fi
%dir %{_localstatedir}/lib/NetworkManager
%dir %{_sysconfdir}/sysconfig/network-scripts
%{_datadir}/dbus-1/system-services/org.freedesktop.nm_dispatcher.service
%{_datadir}/dbus-1/system-services/org.freedesktop.nm.sudo.service
%{_datadir}/dbus-1/system-services/org.freedesktop.nm-priv-helper.service
%{_datadir}/polkit-1/actions/*.policy
%{_prefix}/lib/udev/rules.d/*.rules
%if %{with firewalld_zone}
@ -1037,7 +1037,7 @@ fi
%{systemd_dir}/NetworkManager.service
%{systemd_dir}/NetworkManager-wait-online.service
%{systemd_dir}/NetworkManager-dispatcher.service
%{systemd_dir}/nm-sudo.service
%{systemd_dir}/nm-priv-helper.service
%dir %{_datadir}/doc/NetworkManager/examples
%{_datadir}/doc/NetworkManager/examples/server.conf
%doc NEWS AUTHORS README CONTRIBUTING.md TODO

2
data/meson.build
View file

@ -11,7 +11,7 @@ if install_systemdunitdir
services = [
'NetworkManager-dispatcher.service.in',
'NetworkManager.service.in',
'nm-sudo.service.in',
'nm-priv-helper.service.in',
]
if have_systemd_200

79
data/nm-priv-helper.service.in Normal file
View file

@ -0,0 +1,79 @@
[Unit]
Description=NetworkManager Privileged Helper
#
# nm-priv-helper exists for privilege separation. It allows to run
# NetworkManager without certain capabilities, and ask nm-priv-helper
# for special operations where more privileges are required.
#
# While nm-priv-helper has privileges that NetworkManager has not, it
# does not mean that itself should run totally unconstrained. On the
# contrary, it also should only have permissions it requires.
#
# nm-priv-helper rejects all requests that come from any other than the
# name owner of "org.freedesktop.NetworkManager" (that is,
# NetworkManager process itself). It is thus only an implementation
# detail and provides no public API to the user.
[Service]
Type=dbus
BusName=org.freedesktop.nm-priv-helper
ExecStart=@libexecdir@/nm-priv-helper
NotifyAccess=main
# Extra configuration options. Set via `systemctl edit
# nm-priv-helper.service`:
#
# FOR TESTING ONLY: disable authentication to allow requests from
# everybody. Don't set this outside of testing!
#Environment=NM_PRIV_HELPER_NO_AUTH_FOR_TESTING=1
#
# The logging level for debug messages (to stdout).
#Environment=NM_PRIV_HELPER_LOG=TRACE
#
# nm-priv-helper will exit on idle after timeout. Set timeout here or
# set to 2147483647 for infinity.
#Environment=NM_PRIV_HELPER_IDLE_TIMEOUT_MSEC=10000
# Restrict:
AmbientCapabilities=
CapabilityBoundingSet=
PrivateDevices=true
PrivateMounts=true
PrivateNetwork=true
PrivateTmp=true
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
RestrictAddressFamilies=
RestrictNamespaces=true
SystemCallFilter=~@clock
SystemCallFilter=~@cpu-emulation
SystemCallFilter=~@debug
SystemCallFilter=~@module
SystemCallFilter=~@mount
SystemCallFilter=~@obsolete
SystemCallFilter=~@privileged
SystemCallFilter=~@raw-io
SystemCallFilter=~@reboot
SystemCallFilter=~@swap
NoNewPrivileges=true
SupplementaryGroups=
# Grant:
CapabilityBoundingSet=CAP_DAC_OVERRIDE
PrivateUsers=no
RestrictAddressFamilies=AF_UNIX
SystemCallFilter=@resources
[Install]
Alias=dbus-org.freedesktop.nm-priv-helper.service

75
data/nm-sudo.service.in
View file

@ -1,75 +0,0 @@
[Unit]
Description=NetworkManager Sudo Helper
#
# nm-sudo exists for privilege separation. It allows to run NetworkManager
# without certain capabilities, and ask nm-sudo for special operations
# where more privileges are required.
#
# While nm-sudo has privileges that NetworkManager has not, it does not
# mean that itself should run totally unconstrained. On the contrary, it
# also should only have permissions it requires.
#
# nm-sudo rejects all requests that come from any other than the name
# owner of "org.freedesktop.NetworkManager" (that is, NetworkManager process
# itself). It is thus only an implementation detail and provides no public
# API to the user.
[Service]
Type=dbus
BusName=org.freedesktop.nm.sudo
ExecStart=@libexecdir@/nm-sudo
NotifyAccess=main
# Extra configuration options. Set via `systemctl edit nm-sudo.service`:
#
# FOR TESTING ONLY: disable authentication to allow requests from
# everybody. Don't set this outside of testing!
#Environment=NM_SUDO_NO_AUTH_FOR_TESTING=1
#
# The logging level for debug messages (to stdout).
#Environment=NM_SUDO_LOG=TRACE
#
# nm-sudo will exit on idle after timeout. Set timeout here
# or set to 2147483647 for infinity.
#Environment=NM_SUDO_IDLE_TIMEOUT_MSEC=10000
# Restrict:
AmbientCapabilities=
CapabilityBoundingSet=
PrivateDevices=true
PrivateMounts=true
PrivateNetwork=true
PrivateTmp=true
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
RestrictAddressFamilies=
RestrictNamespaces=true
SystemCallFilter=~@clock
SystemCallFilter=~@cpu-emulation
SystemCallFilter=~@debug
SystemCallFilter=~@module
SystemCallFilter=~@mount
SystemCallFilter=~@obsolete
SystemCallFilter=~@privileged
SystemCallFilter=~@raw-io
SystemCallFilter=~@reboot
SystemCallFilter=~@swap
NoNewPrivileges=true
SupplementaryGroups=
# Grant:
CapabilityBoundingSet=CAP_DAC_OVERRIDE
PrivateUsers=no
RestrictAddressFamilies=AF_UNIX
SystemCallFilter=@resources
[Install]
Alias=dbus-org.freedesktop.nm.sudo.service

2
po/POTFILES.skip
View file

@ -2,7 +2,7 @@ contrib/fedora/rpm/
data/NetworkManager-dispatcher.service.in
data/NetworkManager-wait-online.service.in
data/NetworkManager.service.in
data/nm-sudo.service.in
data/nm-priv-helper.service.in
data/org.freedesktop.NetworkManager.policy.in
examples/python/NetworkManager.py
examples/python/systray/eggtrayicon.c

2
src/README.md
View file

@ -27,7 +27,7 @@ Read the individual README.md files in the subdirectories for details:
| [nm-initrd-generator/](nm-initrd-generator/) | generates NetworkManager configuration by parsing kernel command line options for dracut/initrd |
| [nm-dispatcher/](nm-dispatcher/) | NetworkManager-dispatcher service to run user scripts |
| [nm-online/](nm-online/) | application which checks whether NetworkManager is done, for implementing NetworkManager-wait-online.service |
| [nm-sudo/](nm-sudo/) | internal service for privileged operations |
| [nm-priv-helper/](nm-priv-helper/) | internal service for privileged operations |
| [nm-daemon-helper/](nm-daemon-helper/) | internal helper binary spawned by NetworkManager |
| | |
| [libnm-std-aux/](libnm-std-aux/) | internal helper library for standard C |

20
src/core/devices/ovs/nm-ovsdb.c
View file

@ -17,7 +17,7 @@
#include "devices/nm-device.h"
#include "nm-manager.h"
#include "nm-setting-ovs-external-ids.h"
#include "nm-sudo-call.h"
#include "nm-priv-helper-call.h"
/*****************************************************************************/
@ -2368,7 +2368,7 @@ _ovsdb_connect_complete_with_fd(NMOvsdb *self, int fd_take)
}
static void
_ovsdb_connect_sudo_cb(int fd_take, GError *error, gpointer user_data)
_ovsdb_connect_priv_helper_cb(int fd_take, GError *error, gpointer user_data)
{
nm_auto_close int fd = fd_take;
NMOvsdb * self;
@ -2379,12 +2379,12 @@ _ovsdb_connect_sudo_cb(int fd_take, GError *error, gpointer user_data)
self = user_data;
if (error) {
_LOGT("connect: failure to get FD from nm-sudo: %s", error->message);
_LOGT("connect: failure to get FD from nm-priv-helper: %s", error->message);
ovsdb_disconnect(self, FALSE, FALSE);
return;
}
_LOGT("connect: connected successfully with FD from nm-sudo");
_LOGT("connect: connected successfully with FD from nm-priv-helper");
_ovsdb_connect_complete_with_fd(self, nm_steal_fd(&fd));
}
@ -2402,20 +2402,20 @@ _ovsdb_connect_idle(gpointer user_data, GCancellable *cancellable)
self = user_data;
priv = NM_OVSDB_GET_PRIVATE(self);
fd = nm_sudo_utils_open_fd(NM_SUDO_GET_FD_TYPE_OVSDB_SOCKET, &error);
fd = nm_priv_helper_utils_open_fd(NM_PRIV_HELPER_GET_FD_TYPE_OVSDB_SOCKET, &error);
if (fd == -ENOENT) {
_LOGT("connect: opening %s failed (\"%s\")", NM_OVSDB_SOCKET, error->message);
ovsdb_disconnect(self, FALSE, FALSE);
return;
}
if (fd < 0) {
_LOGT("connect: opening %s failed (\"%s\"). Retry with nm-sudo",
_LOGT("connect: opening %s failed (\"%s\"). Retry with nm-priv-helper",
NM_OVSDB_SOCKET,
error->message);
nm_sudo_call_get_fd(NM_SUDO_GET_FD_TYPE_OVSDB_SOCKET,
priv->conn_cancellable,
_ovsdb_connect_sudo_cb,
self);
nm_priv_helper_call_get_fd(NM_PRIV_HELPER_GET_FD_TYPE_OVSDB_SOCKET,
priv->conn_cancellable,
_ovsdb_connect_priv_helper_cb,
self);
return;
}

2
src/core/meson.build
View file

@ -173,7 +173,7 @@ libNetworkManager = static_library(
'nm-rfkill-manager.c',
'nm-session-monitor.c',
'nm-sleep-monitor.c',
'nm-sudo-call.c',
'nm-priv-helper-call.c',
),
dependencies: nm_deps,
link_with: [

12
src/core/nm-manager.c
View file

@ -41,10 +41,10 @@
#include "nm-hostname-manager.h"
#include "nm-keep-alive.h"
#include "nm-policy.h"
#include "nm-priv-helper-call.h"
#include "nm-rfkill-manager.h"
#include "nm-session-monitor.h"
#include "nm-sleep-monitor.h"
#include "nm-sudo-call.h"
#include "settings/nm-settings-connection.h"
#include "settings/nm-settings.h"
#include "vpn/nm-vpn-manager.h"
@ -216,8 +216,8 @@ typedef struct {
#if WITH_OPENVSWITCH
/* these fields only serve the purpose to use the symbols.*/
void (*_use_symbol_nm_sudo_call_get_fd)(void);
void (*_use_symbol_nm_sudo_utils_open_fd)(void);
void (*_use_symbol_nm_priv_helper_call_get_fd)(void);
void (*_use_symbol_nm_priv_helper_utils_open_fd)(void);
#endif
} NMManagerClass;
@ -8542,8 +8542,10 @@ nm_manager_class_init(NMManagerClass *manager_class)
/* Use the symbols. These symbols are in NetworkManager binary but will be
* used by the OVS device plugin. If we don't use the symbol here, it will
* be wrongly dropped. */
manager_class->_use_symbol_nm_sudo_call_get_fd = (void (*)(void)) nm_sudo_call_get_fd;
manager_class->_use_symbol_nm_sudo_utils_open_fd = (void (*)(void)) nm_sudo_utils_open_fd;
manager_class->_use_symbol_nm_priv_helper_call_get_fd =
(void (*)(void)) nm_priv_helper_call_get_fd;
manager_class->_use_symbol_nm_priv_helper_utils_open_fd =
(void (*)(void)) nm_priv_helper_utils_open_fd;
#endif
dbus_object_class->export_path = NM_DBUS_EXPORT_PATH_STATIC(NM_DBUS_PATH);

38
src/core/nm-sudo-call.c → src/core/nm-priv-helper-call.c
View file

@ -2,7 +2,7 @@
#include "src/core/nm-default-daemon.h"
#include "nm-sudo-call.h"
#include "nm-priv-helper-call.h"
#include <gio/gunixfdlist.h>
@ -11,10 +11,10 @@
/*****************************************************************************/
static void
_nm_sudo_call_get_fd_cb(GObject *source, GAsyncResult *res, gpointer user_data)
_nm_priv_helper_call_get_fd_cb(GObject *source, GAsyncResult *res, gpointer user_data)
{
NMSudoCallGetFDCallback callback;
gpointer callback_data;
NMPrivHelperCallGetFDCallback callback;
gpointer callback_data;
gs_unref_variant GVariant *ret = NULL;
gs_free_error GError *error = NULL;
gs_unref_object GUnixFDList *fd_list = NULL;
@ -35,7 +35,7 @@ _nm_sudo_call_get_fd_cb(GObject *source, GAsyncResult *res, gpointer user_data)
if (!fd_list || g_unix_fd_list_get_length(fd_list) != 1) {
nm_utils_error_set(&error,
NM_UTILS_ERROR_UNKNOWN,
"Unexpectedly not one FD is returned by nm-sudo GetFD()");
"Unexpectedly not one FD is returned by nm-priv-helper GetFD()");
callback(-1, error, callback_data);
return;
}
@ -47,46 +47,48 @@ _nm_sudo_call_get_fd_cb(GObject *source, GAsyncResult *res, gpointer user_data)
}
static gboolean
_nm_sudo_call_get_fd_fail_on_idle(gpointer user_data)
_nm_priv_helper_call_get_fd_fail_on_idle(gpointer user_data)
{
gs_unref_object GCancellable *cancellable = NULL;
NMSudoCallGetFDCallback callback;
NMPrivHelperCallGetFDCallback callback;
gpointer callback_data;
gs_free_error GError *error = NULL;
nm_utils_user_data_unpack(user_data, &cancellable, &callback, &callback_data);
if (!g_cancellable_set_error_if_cancelled(cancellable, &error))
nm_utils_error_set(&error, NM_UTILS_ERROR_UNKNOWN, "Cannot talk to nm-sudo without D-Bus");
nm_utils_error_set(&error,
NM_UTILS_ERROR_UNKNOWN,
"Cannot talk to nm-priv-helper without D-Bus");
callback(-1, error, callback_data);
return G_SOURCE_REMOVE;
}
void
nm_sudo_call_get_fd(NMSudoGetFDType fd_type,
GCancellable * cancellable,
NMSudoCallGetFDCallback callback,
gpointer user_data)
nm_priv_helper_call_get_fd(NMPrivHelperGetFDType fd_type,
GCancellable * cancellable,
NMPrivHelperCallGetFDCallback callback,
gpointer user_data)
{
GDBusConnection *dbus_connection;
nm_assert(NM_IN_SET(fd_type, NM_SUDO_GET_FD_TYPE_OVSDB_SOCKET));
nm_assert(NM_IN_SET(fd_type, NM_PRIV_HELPER_GET_FD_TYPE_OVSDB_SOCKET));
nm_assert(!cancellable || G_IS_CANCELLABLE(cancellable));
nm_assert(callback);
dbus_connection = NM_MAIN_DBUS_CONNECTION_GET;
if (!dbus_connection) {
nm_g_idle_add(_nm_sudo_call_get_fd_fail_on_idle,
nm_g_idle_add(_nm_priv_helper_call_get_fd_fail_on_idle,
nm_utils_user_data_pack(g_object_ref(cancellable), callback, user_data));
return;
}
g_dbus_connection_call_with_unix_fd_list(dbus_connection,
NM_SUDO_DBUS_BUS_NAME,
NM_SUDO_DBUS_OBJECT_PATH,
NM_SUDO_DBUS_IFACE_NAME,
NM_PRIV_HELPER_DBUS_BUS_NAME,
NM_PRIV_HELPER_DBUS_OBJECT_PATH,
NM_PRIV_HELPER_DBUS_IFACE_NAME,
"GetFD",
g_variant_new("(u)", fd_type),
G_VARIANT_TYPE("()"),
@ -94,6 +96,6 @@ nm_sudo_call_get_fd(NMSudoGetFDType fd_type,
10000,
NULL,
cancellable,
_nm_sudo_call_get_fd_cb,
_nm_priv_helper_call_get_fd_cb,
nm_utils_user_data_pack(callback, user_data));
}

15
src/core/nm-priv-helper-call.h Normal file
View file

@ -0,0 +1,15 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#ifndef __NM_PRIV_HELPER_CALL_H__
#define __NM_PRIV_HELPER_CALL_H__
#include "../libnm-base/nm-priv-helper-utils.h"
typedef void (*NMPrivHelperCallGetFDCallback)(int fd_take, GError *error, gpointer user_data);
void nm_priv_helper_call_get_fd(NMPrivHelperGetFDType fd_type,
GCancellable * cancellable,
NMPrivHelperCallGetFDCallback callback,
gpointer user_data);
#endif /* __NM_PRIV_HELPER_CALL_H__ */

15
src/core/nm-sudo-call.h
View file

@ -1,15 +0,0 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#ifndef __NM_SUDO_CALL_H__
#define __NM_SUDO_CALL_H__
#include "libnm-base/nm-sudo-utils.h"
typedef void (*NMSudoCallGetFDCallback)(int fd_take, GError *error, gpointer user_data);
void nm_sudo_call_get_fd(NMSudoGetFDType fd_type,
GCancellable * cancellable,
NMSudoCallGetFDCallback callback,
gpointer user_data);
#endif /* __NM_SUDO_CALL_H__ */

2
src/libnm-base/meson.build
View file

@ -5,7 +5,7 @@ libnm_base = static_library(
sources: files(
'nm-ethtool-base.c',
'nm-net-aux.c',
'nm-sudo-utils.c',
'nm-priv-helper-utils.c',
),
include_directories: [
src_inc,

8
src/libnm-base/nm-sudo-utils.c → src/libnm-base/nm-priv-helper-utils.c
View file

@ -2,7 +2,7 @@
#include "libnm-glib-aux/nm-default-glib-i18n-lib.h"
#include "nm-sudo-utils.h"
#include "nm-priv-helper-utils.h"
#include <sys/socket.h>
#include <sys/un.h>
@ -12,14 +12,14 @@
/*****************************************************************************/
int
nm_sudo_utils_open_fd(NMSudoGetFDType fd_type, GError **error)
nm_priv_helper_utils_open_fd(NMPrivHelperGetFDType fd_type, GError **error)
{
nm_auto_close int fd = -1;
int r;
int errsv;
switch (fd_type) {
case NM_SUDO_GET_FD_TYPE_OVSDB_SOCKET:
case NM_PRIV_HELPER_GET_FD_TYPE_OVSDB_SOCKET:
{
struct sockaddr_un sock;
int sock_len;
@ -48,7 +48,7 @@ nm_sudo_utils_open_fd(NMSudoGetFDType fd_type, GError **error)
return nm_steal_fd(&fd);
}
case NM_SUDO_GET_FD_TYPE_NONE:
case NM_PRIV_HELPER_GET_FD_TYPE_NONE:
default:
nm_utils_error_set(error, NM_UTILS_ERROR_UNKNOWN, "invalid fd_type");
return -EINVAL;

23
src/libnm-base/nm-priv-helper-utils.h Normal file
View file

@ -0,0 +1,23 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#ifndef __NM_PRIV_HELPER_UTILS_H__
#define __NM_PRIV_HELPER_UTILS_H__
/*****************************************************************************/
#define NM_PRIV_HELPER_DBUS_BUS_NAME "org.freedesktop.nm-priv-helper"
#define NM_PRIV_HELPER_DBUS_OBJECT_PATH "/org/freedesktop/nm-priv-helper"
#define NM_PRIV_HELPER_DBUS_IFACE_NAME "org.freedesktop.nm-priv-helper"
/*****************************************************************************/
#define NM_OVSDB_SOCKET RUNSTATEDIR "/openvswitch/db.sock"
typedef enum {
NM_PRIV_HELPER_GET_FD_TYPE_NONE = 0,
NM_PRIV_HELPER_GET_FD_TYPE_OVSDB_SOCKET = 1,
} NMPrivHelperGetFDType;
int nm_priv_helper_utils_open_fd(NMPrivHelperGetFDType fd_type, GError **error);
#endif /* __NM_PRIV_HELPER_UTILS_H__ */

23
src/libnm-base/nm-sudo-utils.h
View file

@ -1,23 +0,0 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#ifndef __NM_SUDO_UTILS_H__
#define __NM_SUDO_UTILS_H__
/*****************************************************************************/
#define NM_SUDO_DBUS_BUS_NAME "org.freedesktop.nm.sudo"
#define NM_SUDO_DBUS_OBJECT_PATH "/org/freedesktop/nm/sudo"
#define NM_SUDO_DBUS_IFACE_NAME "org.freedesktop.nm.sudo"
/*****************************************************************************/
#define NM_OVSDB_SOCKET RUNSTATEDIR "/openvswitch/db.sock"
typedef enum {
NM_SUDO_GET_FD_TYPE_NONE = 0,
NM_SUDO_GET_FD_TYPE_OVSDB_SOCKET = 1,
} NMSudoGetFDType;
int nm_sudo_utils_open_fd(NMSudoGetFDType fd_type, GError **error);
#endif /* __NM_SUDO_UTILS_H__ */

2
src/meson.build
View file

@ -93,7 +93,7 @@ if enable_nmtui
endif
subdir('nmcli')
subdir('nm-dispatcher')
subdir('nm-sudo')
subdir('nm-priv-helper')
subdir('nm-daemon-helper')
subdir('nm-online')
if enable_nmtui

24
src/nm-priv-helper/README.md Normal file
View file

@ -0,0 +1,24 @@
nm-priv-helper
==============
This is a D-Bus activatable, exit-on-idle service, which
provides an internal API to NetworkManager daemon.
This has no purpose for the user, it is an implementation detail
of the daemon.
The purpose is that `nm-priv-helper` can execute certain
privileged operations which NetworkManager process is not
allowed to. We want to sandbox NetworkManager as much as
possible, and nm-priv-helper provides a controlled way to
perform some very specific operations.
As such, nm-priv-helper should still be sandboxed too to only
being able to execute the operations that are necessary for
NetworkManager.
nm-priv-helper will reject all D-Bus requests that are not
originating from the current name owner of
"org.freedesktop.NetworkManager". That is, it is supposed to
only reply to NetworkManager daemon and as such is not useful to
the user directly.

8
src/nm-sudo/meson.build → src/nm-priv-helper/meson.build
View file

@ -1,20 +1,20 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
configure_file(
input: 'org.freedesktop.nm.sudo.service.in',
input: 'org.freedesktop.nm-priv-helper.service.in',
output: '@BASENAME@',
install_dir: dbus_system_bus_services_dir,
configuration: data_conf,
)
install_data(
'nm-sudo.conf',
'nm-priv-helper.conf',
install_dir: dbus_conf_dir,
)
executable(
'nm-sudo',
'nm-sudo.c',
'nm-priv-helper',
'nm-priv-helper.c',
include_directories : [
src_inc,
top_inc,

63
src/nm-sudo/nm-sudo.c → src/nm-priv-helper/nm-priv-helper.c
View file

@ -5,15 +5,15 @@
#include <gio/gunixfdlist.h>
#include "c-list/src/c-list.h"
#include "libnm-base/nm-sudo-utils.h"
#include "libnm-base/nm-priv-helper-utils.h"
#include "libnm-glib-aux/nm-dbus-aux.h"
#include "libnm-glib-aux/nm-io-utils.h"
#include "libnm-glib-aux/nm-logging-base.h"
#include "libnm-glib-aux/nm-shared-utils.h"
#include "libnm-glib-aux/nm-time-utils.h"
/* nm-sudo doesn't link with libnm-core nor libnm-base, but these headers
* can be used independently. */
/* nm-priv-helper doesn't link with libnm-core nor libnm-base, but these
* headers can be used independently. */
#include "libnm-core-public/nm-dbus-interface.h"
/*****************************************************************************/
@ -57,7 +57,7 @@ struct _GlobalData {
bool name_owner_initialized;
/* This is controlled by $NM_SUDO_NO_AUTH_FOR_TESTING. It disables authentication
/* This is controlled by $NM_PRIV_HELPER_NO_AUTH_FOR_TESTING. It disables authentication
* of the request, so it is ONLY for testing. */
bool no_auth_for_testing;
@ -116,10 +116,10 @@ _handle_get_fd(GlobalData *gl, GDBusMethodInvocation *invocation, guint32 fd_typ
gs_unref_object GUnixFDList *fd_list = NULL;
gs_free_error GError *error = NULL;
if (fd_type != (NMSudoGetFDType) fd_type)
fd_type = NM_SUDO_GET_FD_TYPE_NONE;
if (fd_type != (NMPrivHelperGetFDType) fd_type)
fd_type = NM_PRIV_HELPER_GET_FD_TYPE_NONE;
fd = nm_sudo_utils_open_fd(fd_type, &error);
fd = nm_priv_helper_utils_open_fd(fd_type, &error);
if (fd < 0) {
g_dbus_method_invocation_take_error(invocation, g_steal_pointer(&error));
return;
@ -275,8 +275,8 @@ _bus_method_call(GDBusConnection * connection,
const char *arg_s;
guint32 arg_u;
nm_assert(nm_streq(object_path, NM_SUDO_DBUS_OBJECT_PATH));
nm_assert(nm_streq(interface_name, NM_SUDO_DBUS_IFACE_NAME));
nm_assert(nm_streq(object_path, NM_PRIV_HELPER_DBUS_OBJECT_PATH));
nm_assert(nm_streq(interface_name, NM_PRIV_HELPER_DBUS_IFACE_NAME));
if (!gl->no_auth_for_testing && !nm_streq0(sender, gl->name_owner)) {
_LOGT("dbus: request sender=%s, %s%s, ACCESS DENIED",
@ -312,7 +312,7 @@ _bus_method_call(GDBusConnection * connection,
method_name,
g_variant_get_type_string(parameters));
if (!nm_streq(interface_name, NM_SUDO_DBUS_IFACE_NAME))
if (!nm_streq(interface_name, NM_PRIV_HELPER_DBUS_IFACE_NAME))
goto out_unknown_method;
if (nm_streq(method_name, "GetFD")) {
@ -335,7 +335,7 @@ out_unknown_method:
}
static GDBusInterfaceInfo *const interface_info = NM_DEFINE_GDBUS_INTERFACE_INFO(
NM_SUDO_DBUS_IFACE_NAME,
NM_PRIV_HELPER_DBUS_IFACE_NAME,
.methods = NM_DEFINE_GDBUS_METHOD_INFOS(
NM_DEFINE_GDBUS_METHOD_INFO(
"Ping",
@ -360,25 +360,27 @@ _bus_register_service(GlobalData *gl)
gl->service_regist_id =
g_dbus_connection_register_object(gl->dbus_connection,
NM_SUDO_DBUS_OBJECT_PATH,
NM_PRIV_HELPER_DBUS_OBJECT_PATH,
interface_info,
NM_UNCONST_PTR(GDBusInterfaceVTable, &interface_vtable),
gl,
NULL,
&error);
if (gl->service_regist_id == 0) {
_LOGE("dbus: error registering object %s: %s", NM_SUDO_DBUS_OBJECT_PATH, error->message);
_LOGE("dbus: error registering object %s: %s",
NM_PRIV_HELPER_DBUS_OBJECT_PATH,
error->message);
return FALSE;
}
_LOGD("dbus: object %s registered", NM_SUDO_DBUS_OBJECT_PATH);
_LOGD("dbus: object %s registered", NM_PRIV_HELPER_DBUS_OBJECT_PATH);
/* regardless whether the request is successful, after we start calling
* RequestName, we remember that we need to ReleaseName it. */
gl->name_requested = TRUE;
nm_dbus_connection_call_request_name(gl->dbus_connection,
NM_SUDO_DBUS_BUS_NAME,
NM_PRIV_HELPER_DBUS_BUS_NAME,
DBUS_NAME_FLAG_ALLOW_REPLACEMENT
| DBUS_NAME_FLAG_REPLACE_EXISTING,
10000,
@ -396,7 +398,7 @@ _bus_register_service(GlobalData *gl)
return FALSE;
if (error) {
_LOGE("d-bus: failed to request name %s: %s", NM_SUDO_DBUS_BUS_NAME, error->message);
_LOGE("d-bus: failed to request name %s: %s", NM_PRIV_HELPER_DBUS_BUS_NAME, error->message);
return FALSE;
}
@ -404,12 +406,12 @@ _bus_register_service(GlobalData *gl)
if (ret_val != DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER) {
_LOGW("dbus: request name for %s failed to take name (response %u)",
NM_SUDO_DBUS_BUS_NAME,
NM_PRIV_HELPER_DBUS_BUS_NAME,
ret_val);
return FALSE;
}
_LOGD("dbus: request name for %s succeeded", NM_SUDO_DBUS_BUS_NAME);
_LOGD("dbus: request name for %s succeeded", NM_PRIV_HELPER_DBUS_BUS_NAME);
return TRUE;
}
@ -538,7 +540,7 @@ _bus_release_name(GlobalData *gl)
DBUS_PATH_DBUS,
DBUS_INTERFACE_DBUS,
"ReleaseName",
g_variant_new("(s)", NM_SUDO_DBUS_BUS_NAME),
g_variant_new("(s)", NM_PRIV_HELPER_DBUS_BUS_NAME),
G_VARIANT_TYPE("(u)"),
G_DBUS_CALL_FLAGS_NONE,
10000,
@ -554,12 +556,17 @@ static void
_initial_setup(GlobalData *gl)
{
gl->no_auth_for_testing =
_nm_utils_ascii_str_to_int64(g_getenv(_ENV("NM_SUDO_NO_AUTH_FOR_TESTING")), 0, 0, 1, 0);
gl->timeout_msec = _nm_utils_ascii_str_to_int64(g_getenv(_ENV("NM_SUDO_IDLE_TIMEOUT_MSEC")),
0,
0,
G_MAXINT32,
IDLE_TIMEOUT_MSEC);
_nm_utils_ascii_str_to_int64(g_getenv(_ENV("NM_PRIV_HELPER_NO_AUTH_FOR_TESTING")),
0,
0,
1,
0);
gl->timeout_msec =
_nm_utils_ascii_str_to_int64(g_getenv(_ENV("NM_PRIV_HELPER_IDLE_TIMEOUT_MSEC")),
0,
0,
G_MAXINT32,
IDLE_TIMEOUT_MSEC);
gl->quit_cancellable = g_cancellable_new();
@ -580,17 +587,17 @@ main(int argc, char **argv)
int exit_code;
int r = 0;
_nm_logging_enabled_init(g_getenv(_ENV("NM_SUDO_LOG")));
_nm_logging_enabled_init(g_getenv(_ENV("NM_PRIV_HELPER_LOG")));
gl->start_timestamp_msec = nm_utils_clock_gettime_msec(CLOCK_BOOTTIME);
_LOGD("starting nm-sudo (%s)", NM_DIST_VERSION);
_LOGD("starting nm-priv-helper (%s)", NM_DIST_VERSION);
_initial_setup(gl);
if (gl->no_auth_for_testing) {
_LOGW("WARNING: running in debug mode without authentication "
"(NM_SUDO_NO_AUTH_FOR_TESTING). ");
"(NM_PRIV_HELPER_NO_AUTH_FOR_TESTING). ");
}
if (gl->timeout_msec != IDLE_TIMEOUT_INFINITY)

8
src/nm-sudo/nm-sudo.conf → src/nm-priv-helper/nm-priv-helper.conf
View file

@ -3,11 +3,11 @@
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
<allow own="org.freedesktop.nm.sudo"/>
<allow send_destination="org.freedesktop.nm.sudo"/>
<allow own="org.freedesktop.nm.priv-helper"/>
<allow send_destination="org.freedesktop.nm.priv-helper"/>
</policy>
<policy context="default">
<deny own="org.freedesktop.nm.sudo"/>
<deny send_destination="org.freedesktop.nm.sudo"/>
<deny own="org.freedesktop.nm.priv-helper"/>
<deny send_destination="org.freedesktop.nm.priv-helper"/>
</policy>
</busconfig>

5
src/nm-priv-helper/org.freedesktop.nm-priv-helper.service.in Normal file
View file

@ -0,0 +1,5 @@
[D-BUS Service]
Name=org.freedesktop.nm-priv-helper
Exec=@libexecdir@/nm-priv-helper
User=root
SystemdService=dbus-org.freedesktop.nm-priv-helper.service

21
src/nm-sudo/README.md
View file

@ -1,21 +0,0 @@
nm-sudo
=======
This is a D-Bus activatable, exit-on-idle service, which
provides an internal API to NetworkManager daemon.
This has no purpose for the user, it is an implementation detail
of the daemon.
The purpose is that `nm-sudo` can execute certain operations,
which NetworkManager process is not allowed to. We want to
sandbox NetworkManager as much as possible, and nm-sudo provides
a controlled way to perform some very specific operations.
As such, nm-sudo should still be sandboxed too to only being
able to execute the operations that are necessary for NetworkManager.
nm-sudo will reject all D-Bus requests that are not originating
from the current name owner of "org.freedesktop.NetworkManager".
That is, it is supposed to only reply to NetworkManager daemon
and as such is not useful to the user directly.

5
src/nm-sudo/org.freedesktop.nm.sudo.service.in
View file

@ -1,5 +0,0 @@
[D-BUS Service]
Name=org.freedesktop.nm.sudo
Exec=@libexecdir@/nm-sudo
User=root
SystemdService=dbus-org.freedesktop.nm.sudo.service