Commit 1bf2ffb6 authored by Dan Williams's avatar Dan Williams
Browse files

core: ensure activation does not disconnect private connections

If two users had the ability to control networking, and user1 started
a private connection which user2 cannot see, user2 could start their
own connection and disconnect user1's connection.  This is not
consistent with device disconnection.  A user who cannot see a
connection should not be able to start/stop it, even if they are
allowed to control networking in general.
parent 4209f170
......@@ -2669,6 +2669,31 @@ _internal_activate_device (NMManager *self, NMActiveConnection *active, GError *
NM_DEVICE_STATE_DISCONNECTED,
NM_DEVICE_STATE_REASON_NONE);
}
} else {
NMConnection *existing_connection = NULL;
NMAuthSubject *subject;
char *error_desc = NULL;
/* If the device is active and its connection is not visible to the
* user that's requesting this new activation, fail, since other users
* should not be allowed to implicitly deactivate private connections
* by activating a connection of their own.
*/
existing_connection = nm_device_get_connection (device);
subject = nm_active_connection_get_subject (active);
if (existing_connection &&
!nm_auth_uid_in_acl (existing_connection,
nm_session_monitor_get (),
nm_auth_subject_get_uid (subject),
&error_desc)) {
g_set_error (error,
NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
"Private connection already active on the device: %s",
error_desc);
g_free (error_desc);
return FALSE;
}
}
/* Final connection must be available on device */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment