Commit 3945f75b authored by Dan Williams's avatar Dan Williams

core: consolidate all permissions checking into main D-Bus interface

Moves the system settings permissions checking into the core service's
permissions checking, which at the same time enables 3-way permission
reporting (yes, no, auth) instead of the old yes/no that we had for
system settings permissions before.  This allows UI to show a lock
icon or such when the user could authenticate to gain the permission.

It also moves the wifi-create permissions' namespace to the main
namespace (not .settings) since they really should be checked before
starting a shared wifi connection, rather than having anything to do
with the settings service.
parent 022d8e66
......@@ -44,19 +44,6 @@
</arg>
</method>
<method name="GetPermissions">
<tp:docstring>
Returns a bitfield indicating certain operations the caller is permitted to perform. Some of these operations may require authorization by the user.
</tp:docstring>
<annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_settings_get_permissions"/>
<annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
<arg name="permissions" type="u" direction="out" tp:type="NM_SETTINGS_PERMISSIONS">
<tp:docstring>
A bitfield of permitted operations. Some of these operations may require the user to authorize via password entry or other means.
</tp:docstring>
</arg>
</method>
<property name="Hostname" type="s" access="read">
<tp:docstring>
The machine hostname stored in persistent configuration.
......@@ -77,12 +64,6 @@
</arg>
</signal>
<signal name="CheckPermissions">
<tp:docstring>
Emitted when system authorization details change, indicating that clients may wish to recheck permissions with GetPermissions.
</tp:docstring>
</signal>
<signal name="NewConnection">
<tp:docstring>
Emitted when a new connection has been added.
......@@ -94,24 +75,6 @@
</arg>
</signal>
<tp:flags name="NM_SETTINGS_PERMISSIONS" value-prefix="NM_SETTINGS_PERMISSION" type="u">
<tp:flag suffix="NONE" value="0x0">
<tp:docstring>No permissions.</tp:docstring>
</tp:flag>
<tp:flag suffix="CONNECTION_MODIFY" value="0x1">
<tp:docstring>Can modify/add/delete connections.</tp:docstring>
</tp:flag>
<tp:flag suffix="WIFI_SHARING_PROTECTED" value="0x2">
<tp:docstring>Can share connections via a encrypted user-created WiFi network.</tp:docstring>
</tp:flag>
<tp:flag suffix="WIFI_SHARING_OPEN" value="0x4">
<tp:docstring>Can share connections via a open/unencrypted user-created WiFi network.</tp:docstring>
</tp:flag>
<tp:flag suffix="HOSTNAME_MODIFY" value="0x8">
<tp:docstring>Can modify the persistent system hostname.</tp:docstring>
</tp:flag>
</tp:flags>
</interface>
</node>
......@@ -290,9 +290,15 @@ register_for_property_changed (NMClient *client)
property_changed_info);
}
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network"
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI "org.freedesktop.NetworkManager.enable-disable-wifi"
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN "org.freedesktop.NetworkManager.enable-disable-wwan"
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network"
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI "org.freedesktop.NetworkManager.enable-disable-wifi"
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN "org.freedesktop.NetworkManager.enable-disable-wwan"
#define NM_AUTH_PERMISSION_SLEEP_WAKE "org.freedesktop.NetworkManager.sleep-wake"
#define NM_AUTH_PERMISSION_NETWORK_CONTROL "org.freedesktop.NetworkManager.network-control"
#define NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED "org.freedesktop.NetworkManager.wifi.share.protected"
#define NM_AUTH_PERMISSION_WIFI_SHARE_OPEN "org.freedesktop.NetworkManager.wifi.share.open"
#define NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY "org.freedesktop.NetworkManager.settings.modify"
#define NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY "org.freedesktop.NetworkManager.settings.hostname.modify"
static NMClientPermission
nm_permission_to_client (const char *nm)
......@@ -303,6 +309,19 @@ nm_permission_to_client (const char *nm)
return NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIFI;
else if (!strcmp (nm, NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN))
return NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN;
else if (!strcmp (nm, NM_AUTH_PERMISSION_SLEEP_WAKE))
return NM_CLIENT_PERMISSION_SLEEP_WAKE;
else if (!strcmp (nm, NM_AUTH_PERMISSION_NETWORK_CONTROL))
return NM_CLIENT_PERMISSION_NETWORK_CONTROL;
else if (!strcmp (nm, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED))
return NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED;
else if (!strcmp (nm, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN))
return NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN;
else if (!strcmp (nm, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY))
return NM_CLIENT_PERMISSION_SETTINGS_CONNECTION_MODIFY;
else if (!strcmp (nm, NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY))
return NM_CLIENT_PERMISSION_SETTINGS_HOSTNAME_MODIFY;
return NM_CLIENT_PERMISSION_NONE;
}
......@@ -461,9 +480,9 @@ constructor (GType type,
get_permissions_sync (NM_CLIENT (object));
priv->bus_proxy = dbus_g_proxy_new_for_name (connection,
"org.freedesktop.DBus",
"/org/freedesktop/DBus",
"org.freedesktop.DBus");
DBUS_SERVICE_DBUS,
DBUS_PATH_DBUS,
DBUS_INTERFACE_DBUS);
dbus_g_proxy_add_signal (priv->bus_proxy, "NameOwnerChanged",
G_TYPE_STRING, G_TYPE_STRING, G_TYPE_STRING,
......
......@@ -56,8 +56,14 @@ typedef enum {
NM_CLIENT_PERMISSION_ENABLE_DISABLE_NETWORK = 1,
NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIFI = 2,
NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN = 3,
NM_CLIENT_PERMISSION_LAST = NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN
NM_CLIENT_PERMISSION_SLEEP_WAKE = 4,
NM_CLIENT_PERMISSION_NETWORK_CONTROL = 5,
NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED = 6,
NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN = 7,
NM_CLIENT_PERMISSION_SETTINGS_CONNECTION_MODIFY = 8,
NM_CLIENT_PERMISSION_SETTINGS_HOSTNAME_MODIFY = 9,
NM_CLIENT_PERMISSION_LAST = NM_CLIENT_PERMISSION_SETTINGS_HOSTNAME_MODIFY
} NMClientPermission;
typedef enum {
......
......@@ -44,8 +44,6 @@ typedef struct {
gboolean service_running;
DBusGProxy *props_proxy;
NMSettingsPermissions permissions;
gboolean have_permissions;
char *hostname;
gboolean can_modify;
......@@ -70,7 +68,6 @@ enum {
enum {
NEW_CONNECTION,
CONNECTIONS_READ,
CHECK_PERMISSIONS,
LAST_SIGNAL
};
......@@ -412,77 +409,6 @@ nm_remote_settings_save_hostname (NMRemoteSettings *settings,
return TRUE;
}
typedef struct {
NMRemoteSettings *settings;
NMRemoteSettingsGetPermissionsFunc callback;
gpointer callback_data;
} GetPermissionsInfo;
static void
get_permissions_cb (DBusGProxy *proxy,
DBusGProxyCall *call,
gpointer user_data)
{
GetPermissionsInfo *info = user_data;
NMRemoteSettings *self = NM_REMOTE_SETTINGS (info->settings);
NMRemoteSettingsPrivate *priv = NM_REMOTE_SETTINGS_GET_PRIVATE (self);
NMSettingsPermissions permissions = NM_SETTINGS_PERMISSION_NONE;
GError *error = NULL;
dbus_g_proxy_end_call (proxy, call, &error,
G_TYPE_UINT, &permissions,
G_TYPE_INVALID);
priv->permissions = permissions;
priv->have_permissions = !error;
info->callback (info->settings, permissions, error, info->callback_data);
g_clear_error (&error);
}
/**
* nm_remote_settings_get_permissions:
* @settings: the %NMRemoteSettings
* @callback: callback to be called when the permissions operation completes
* @user_data: caller-specific data passed to @callback
*
* Requests an indication of the operations the caller is permitted to perform
* including those that may require authorization.
*
* Returns: TRUE if the request was successful, FALSE if it failed
**/
gboolean
nm_remote_settings_get_permissions (NMRemoteSettings *settings,
NMRemoteSettingsGetPermissionsFunc callback,
gpointer user_data)
{
NMRemoteSettingsPrivate *priv;
GetPermissionsInfo *info;
g_return_val_if_fail (settings != NULL, FALSE);
g_return_val_if_fail (NM_IS_REMOTE_SETTINGS (settings), FALSE);
g_return_val_if_fail (callback != NULL, FALSE);
priv = NM_REMOTE_SETTINGS_GET_PRIVATE (settings);
/* Skip D-Bus if we already have permissions */
if (priv->have_permissions) {
callback (settings, priv->permissions, NULL, user_data);
return TRUE;
}
/* Otherwise fetch them from NM */
info = g_malloc0 (sizeof (GetPermissionsInfo));
info->settings = settings;
info->callback = callback;
info->callback_data = user_data;
dbus_g_proxy_begin_call (priv->proxy, "GetPermissions",
get_permissions_cb,
info,
g_free,
G_TYPE_INVALID);
return TRUE;
}
static void
name_owner_changed (DBusGProxy *proxy,
const char *name,
......@@ -509,17 +435,6 @@ name_owner_changed (DBusGProxy *proxy,
}
}
static void
check_permissions_cb (DBusGProxy *proxy, gpointer user_data)
{
NMRemoteSettings *self = NM_REMOTE_SETTINGS (user_data);
NMRemoteSettingsPrivate *priv = NM_REMOTE_SETTINGS_GET_PRIVATE (self);
/* Permissions need to be re-fetched */
priv->have_permissions = FALSE;
g_signal_emit (self, signals[CHECK_PERMISSIONS], 0);
}
static void
properties_changed_cb (DBusGProxy *proxy,
GHashTable *properties,
......@@ -690,13 +605,6 @@ constructor (GType type,
object,
NULL);
/* Monitor for permissions changes */
dbus_g_proxy_add_signal (priv->proxy, "CheckPermissions", G_TYPE_INVALID);
dbus_g_proxy_connect_signal (priv->proxy, "CheckPermissions",
G_CALLBACK (check_permissions_cb),
object,
NULL);
/* Get properties */
dbus_g_proxy_begin_call (priv->props_proxy, "GetAll",
get_all_cb,
......@@ -843,14 +751,5 @@ nm_remote_settings_class_init (NMRemoteSettingsClass *class)
NULL, NULL,
g_cclosure_marshal_VOID__VOID,
G_TYPE_NONE, 0);
signals[CHECK_PERMISSIONS] =
g_signal_new (NM_REMOTE_SETTINGS_CHECK_PERMISSIONS,
G_OBJECT_CLASS_TYPE (object_class),
G_SIGNAL_RUN_FIRST,
G_STRUCT_OFFSET (NMRemoteSettingsClass, check_permissions),
NULL, NULL,
g_cclosure_marshal_VOID__VOID,
G_TYPE_NONE, 0);
}
......@@ -31,15 +31,6 @@
G_BEGIN_DECLS
// FIXME this is temporary, permissions format to be improved
typedef enum {
NM_SETTINGS_PERMISSION_NONE = 0x0,
NM_SETTINGS_PERMISSION_CONNECTION_MODIFY = 0x1,
NM_SETTINGS_PERMISSION_WIFI_SHARE_PROTECTED = 0x2,
NM_SETTINGS_PERMISSION_WIFI_SHARE_OPEN = 0x4,
NM_SETTINGS_PERMISSION_HOSTNAME_MODIFY = 0x8
} NMSettingsPermissions;
#define NM_TYPE_REMOTE_SETTINGS (nm_remote_settings_get_type ())
#define NM_REMOTE_SETTINGS(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_REMOTE_SETTINGS, NMRemoteSettings))
#define NM_REMOTE_SETTINGS_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_REMOTE_SETTINGS, NMRemoteSettingsClass))
......@@ -54,7 +45,6 @@ typedef enum {
#define NM_REMOTE_SETTINGS_NEW_CONNECTION "new-connection"
#define NM_REMOTE_SETTINGS_CONNECTIONS_READ "connections-read"
#define NM_REMOTE_SETTINGS_CHECK_PERMISSIONS "check-permissions"
typedef struct _NMRemoteSettings NMRemoteSettings;
typedef struct _NMRemoteSettingsClass NMRemoteSettingsClass;
......@@ -68,11 +58,6 @@ typedef void (*NMRemoteSettingsSaveHostnameFunc) (NMRemoteSettings *settings,
GError *error,
gpointer user_data);
typedef void (*NMRemoteSettingsGetPermissionsFunc) (NMRemoteSettings *settings,
NMSettingsPermissions permissions,
GError *error,
gpointer user_data);
struct _NMRemoteSettings {
GObject parent;
......@@ -87,8 +72,6 @@ struct _NMRemoteSettingsClass {
void (*connections_read) (NMRemoteSettings *settings);
void (*check_permissions) (NMRemoteSettings *settings);
/* Padding for future expansion */
void (*_reserved1) (void);
void (*_reserved2) (void);
......@@ -117,10 +100,6 @@ gboolean nm_remote_settings_save_hostname (NMRemoteSettings *settings,
NMRemoteSettingsSaveHostnameFunc callback,
gpointer user_data);
gboolean nm_remote_settings_get_permissions (NMRemoteSettings *settings,
NMRemoteSettingsGetPermissionsFunc callback,
gpointer user_data);
G_END_DECLS
#endif /* NM_REMOTE_SETTINGS_H */
......@@ -54,39 +54,39 @@
</defaults>
</action>
<action id="org.freedesktop.NetworkManager.settings.modify">
<_description>Modify system connections</_description>
<_message>System policy prevents modification of system settings</_message>
<action id="org.freedesktop.NetworkManager.wifi.share.protected">
<_description>Connection sharing via a protected WiFi network</_description>
<_message>System policy prevents sharing connections via a protected WiFi network</_message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
<allow_active>yes</allow_active>
</defaults>
</action>
<action id="org.freedesktop.NetworkManager.settings.hostname.modify">
<_description>Modify persistent system hostname</_description>
<_message>System policy prevents modification of the persistent system hostname</_message>
<action id="org.freedesktop.NetworkManager.wifi.share.open">
<_description>Connection sharing via an open WiFi network</_description>
<_message>System policy prevents sharing connections via an open WiFi network</_message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
<allow_active>yes</allow_active>
</defaults>
</action>
<action id="org.freedesktop.NetworkManager.settings.wifi.share.protected">
<_description>Connection sharing via a protected WiFi network</_description>
<_message>System policy prevents sharing connections via a protected WiFi network</_message>
<action id="org.freedesktop.NetworkManager.settings.modify">
<_description>Modify system connections</_description>
<_message>System policy prevents modification of system settings</_message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.NetworkManager.settings.wifi.share.open">
<_description>Connection sharing via an open WiFi network</_description>
<_message>System policy prevents sharing connections via an open WiFi network</_message>
<action id="org.freedesktop.NetworkManager.settings.hostname.modify">
<_description>Modify persistent system hostname</_description>
<_message>System policy prevents modification of the persistent system hostname</_message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
......
......@@ -27,11 +27,15 @@
#include "nm-dbus-manager.h"
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network"
#define NM_AUTH_PERMISSION_SLEEP_WAKE "org.freedesktop.NetworkManager.sleep-wake"
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI "org.freedesktop.NetworkManager.enable-disable-wifi"
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN "org.freedesktop.NetworkManager.enable-disable-wwan"
#define NM_AUTH_PERMISSION_NETWORK_CONTROL "org.freedesktop.NetworkManager.network-control"
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network"
#define NM_AUTH_PERMISSION_SLEEP_WAKE "org.freedesktop.NetworkManager.sleep-wake"
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI "org.freedesktop.NetworkManager.enable-disable-wifi"
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN "org.freedesktop.NetworkManager.enable-disable-wwan"
#define NM_AUTH_PERMISSION_NETWORK_CONTROL "org.freedesktop.NetworkManager.network-control"
#define NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED "org.freedesktop.NetworkManager.wifi.share.protected"
#define NM_AUTH_PERMISSION_WIFI_SHARE_OPEN "org.freedesktop.NetworkManager.wifi.share.open"
#define NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY "org.freedesktop.NetworkManager.settings.modify"
#define NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY "org.freedesktop.NetworkManager.settings.hostname.modify"
typedef struct NMAuthChain NMAuthChain;
......
......@@ -2735,6 +2735,10 @@ get_permissions_done_cb (NMAuthChain *chain,
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI);
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN);
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_NETWORK_CONTROL);
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED);
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN);
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY);
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY);
dbus_g_method_return (context, results);
g_hash_table_destroy (results);
}
......@@ -2761,6 +2765,10 @@ impl_manager_get_permissions (NMManager *self,
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI, FALSE);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN, FALSE);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_NETWORK_CONTROL, FALSE);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED, FALSE);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN, FALSE);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY, FALSE);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY, FALSE);
}
/* Legacy 0.6 compatibility interface */
......
......@@ -25,11 +25,6 @@
#include <config.h>
#include <polkit/polkit.h>
#define NM_SYSCONFIG_POLICY_ACTION_CONNECTION_MODIFY "org.freedesktop.NetworkManager.settings.modify"
#define NM_SYSCONFIG_POLICY_ACTION_WIFI_SHARE_PROTECTED "org.freedesktop.NetworkManager.settings.wifi.share.protected"
#define NM_SYSCONFIG_POLICY_ACTION_WIFI_SHARE_OPEN "org.freedesktop.NetworkManager.settings.wifi.share.open"
#define NM_SYSCONFIG_POLICY_ACTION_HOSTNAME_MODIFY "org.freedesktop.NetworkManager.settings.hostname.modify"
/* Fix for polkit 0.97 and later */
#if !HAVE_POLKIT_AUTHORITY_GET_SYNC
static inline PolkitAuthority *
......
......@@ -31,6 +31,7 @@
#include "nm-dbus-glib-types.h"
#include "nm-polkit-helpers.h"
#include "nm-logging.h"
#include "nm-manager-auth.h"
static void impl_sysconfig_connection_get_settings (NMSysconfigConnection *connection,
DBusGMethodInvocation *context);
......@@ -717,13 +718,13 @@ auth_get_session_cb (NMSessionInfo *session,
g_free (sender);
polkit_authority_check_authorization (priv->authority,
info->subject,
NM_SYSCONFIG_POLICY_ACTION_CONNECTION_MODIFY,
NULL,
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
info->cancellable,
auth_pk_cb,
info);
info->subject,
NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY,
NULL,
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
info->cancellable,
auth_pk_cb,
info);
}
}
......
......@@ -59,6 +59,7 @@
#include "nm-default-wired-connection.h"
#include "nm-logging.h"
#include "nm-dbus-manager.h"
#include "nm-manager-auth.h"
#define CONFIG_KEY_NO_AUTO_DEFAULT "no-auto-default"
......@@ -92,9 +93,6 @@ static void impl_settings_save_hostname (NMSysconfigSettings *self,
const char *hostname,
DBusGMethodInvocation *context);
static void impl_settings_get_permissions (NMSysconfigSettings *self,
DBusGMethodInvocation *context);
#include "nm-settings-glue.h"
static void unmanaged_specs_changed (NMSystemConfigInterface *config, gpointer user_data);
......@@ -108,7 +106,6 @@ typedef struct {
char *config_file;
GSList *pk_calls;
GSList *permissions_calls;
GSList *plugins;
gboolean connections_loaded;
......@@ -124,7 +121,6 @@ G_DEFINE_TYPE (NMSysconfigSettings, nm_sysconfig_settings, G_TYPE_OBJECT)
enum {
PROPERTIES_CHANGED,
NEW_CONNECTION,
CHECK_PERMISSIONS,
LAST_SIGNAL
};
......@@ -627,9 +623,6 @@ typedef struct {
gpointer callback_data;
char *hostname;
NMSettingsPermissions permissions;
guint32 permissions_calls;
} PolkitCall;
#include "nm-dbus-manager.h"
......@@ -799,7 +792,7 @@ impl_settings_add_connection (NMSysconfigSettings *self,
g_assert (call);
polkit_authority_check_authorization (priv->authority,
call->subject,
NM_SYSCONFIG_POLICY_ACTION_CONNECTION_MODIFY,
NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY,
NULL,
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
call->cancellable,
......@@ -904,7 +897,7 @@ impl_settings_save_hostname (NMSysconfigSettings *self,
g_assert (call);
polkit_authority_check_authorization (priv->authority,
call->subject,
NM_SYSCONFIG_POLICY_ACTION_HOSTNAME_MODIFY,
NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY,
NULL,
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
call->cancellable,
......@@ -913,151 +906,6 @@ impl_settings_save_hostname (NMSysconfigSettings *self,
priv->pk_calls = g_slist_append (priv->pk_calls, call);
}
static void
pk_authority_changed_cb (GObject *object, gpointer user_data)
{
/* Let clients know they should re-check their authorization */
g_signal_emit (NM_SYSCONFIG_SETTINGS (user_data), signals[CHECK_PERMISSIONS], 0);
}
typedef struct {
PolkitCall *pk_call;
const char *pk_action;
GCancellable *cancellable;
NMSettingsPermissions permission;
gboolean disposed;
} PermissionsCall;
static void
permission_call_done (GObject *object, GAsyncResult *result, gpointer user_data)
{
PermissionsCall *call = user_data;
PolkitCall *pk_call = call->pk_call;
NMSysconfigSettings *self = pk_call->self;
NMSysconfigSettingsPrivate *priv;
PolkitAuthorizationResult *pk_result;
GError *error = NULL;
/* If NMSysconfigSettings is gone, just skip to the end */
if (call->disposed)
goto done;
priv = NM_SYSCONFIG_SETTINGS_GET_PRIVATE (self);
priv->permissions_calls = g_slist_remove (priv->permissions_calls, call);
pk_result = polkit_authority_check_authorization_finish (priv->authority,
result,
&error);
/* Some random error happened */
if (error) {
nm_log_err (LOGD_SYS_SET, "error checking '%s' permission: (%d) %s",
__FILE__, __LINE__, __func__,
call->pk_action,
error ? error->code : -1,
error && error->message ? error->message : "(unknown)");
if (error)
g_error_free (error);
} else {
/* If the caller is authorized, or the caller could authorize via a
* challenge, then authorization is possible. Otherwise, caller is out of
* luck.
*/
if ( polkit_authorization_result_get_is_authorized (pk_result)
|| polkit_authorization_result_get_is_challenge (pk_result))
pk_call->permissions |= call->permission;
}
g_object_unref (pk_result);
done:
pk_call->permissions_calls--;
if (pk_call->permissions_calls == 0) {
if (call->disposed) {
error = g_error_new_literal (NM_SYSCONFIG_SETTINGS_ERROR,
NM_SYSCONFIG_SETTINGS_ERROR_GENERAL,
"Request was canceled.");
dbus_g_method_return_error (pk_call->context, error);
g_error_free (error);
} else {
/* All the permissions calls are done, return the full permissions
* bitfield back to the user.
*/
dbus_g_method_return (pk_call->context, pk_call->permissions);
}
polkit_call_free (pk_call);
}
memset (call, 0, sizeof (PermissionsCall));
g_free (call);
}
static void
start_permission_check (NMSysconfigSettings *self,
PolkitCall *pk_call,
const char *pk_action,
NMSettingsPermissions permission)
{
NMSysconfigSettingsPrivate *priv = NM_SYSCONFIG_SETTINGS_GET_PRIVATE (self);
PermissionsCall *call;
g_return_if_fail (pk_call != NULL);
g_return_if_fail (pk_action != NULL);
g_return_if_fail (permission != NM_SETTINGS_PERMISSION_NONE);
call = g_malloc0 (sizeof (PermissionsCall));
call->pk_call = pk_call;
call->pk_action = pk_action;
call->permission = permission;
call->cancellable = g_cancellable_new ();
pk_call->permissions_calls++;
polkit_authority_check_authorization (priv->authority,
pk_call->subject,
pk_action,
NULL,
0,
call->cancellable,
permission_call_done,
call);
priv->permissions_calls = g_slist_append (priv->permissions_calls, call);
}
static void
impl_settings_get_permissions (NMSysconfigSettings *self,
DBusGMethodInvocation *context)
{
PolkitCall *call;
call = polkit_call_new (self, context, NULL, FALSE);
g_assert (call);
/* Start checks for the various permissions */