Commit 8310593c authored by Dan Williams's avatar Dan Williams

core: ignore authorization for sleep/wake requests (but restrict to root) (rh #638640)

Everyone uses pm-utils still for sleep/wake support, and that's
traditionally how NM was put to sleep and woken up.  But pm-utils
uses dbus-send without --print-reply so dbus-send quits immediately
after sending the message.  That doesn't give NM enough time to
get the senders UID and thus validate the request, so the request
gets denied, and sometimes NM stays asleep after the machine is
woken up.

Instead, don't get the sender's UID and try to authorize it, but
just let the request go through.  Rely on D-Bus permissions to
make sure that only root can call sleep/wake methods.
parent 9f2b48ef
......@@ -60,6 +60,18 @@
<deny send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager"
send_member="SetLogging"/>
<deny send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager"
send_member="Sleep"/>
<deny send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager"
send_member="sleep"/>
<deny send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager"
send_member="wake"/>
</policy>
<policy context="default">
<deny own="org.freedesktop.NetworkManager"/>
......@@ -72,6 +84,18 @@
send_interface="org.freedesktop.NetworkManager"
send_member="SetLogging"/>
<deny send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager"
send_member="Sleep"/>
<deny send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager"
send_member="sleep"/>
<deny send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager"
send_member="wake"/>
<!-- The org.freedesktop.NetworkManagerSettings.Connection.Secrets
interface is secured via PolicyKit.
-->
......
......@@ -3369,6 +3369,7 @@ _internal_sleep (NMManager *self, gboolean do_sleep)
g_object_notify (G_OBJECT (self), NM_MANAGER_SLEEPING);
}
#if 0
static void
sleep_auth_done_cb (NMAuthChain *chain,
GError *error,
......@@ -3407,6 +3408,7 @@ sleep_auth_done_cb (NMAuthChain *chain,
nm_auth_chain_unref (chain);
}
#endif
static void
impl_manager_sleep (NMManager *self,
......@@ -3414,10 +3416,12 @@ impl_manager_sleep (NMManager *self,
DBusGMethodInvocation *context)
{
NMManagerPrivate *priv;
NMAuthChain *chain;
GError *error = NULL;
#if 0
NMAuthChain *chain;
gulong sender_uid = G_MAXULONG;
const char *error_desc = NULL;
#endif
g_return_if_fail (NM_IS_MANAGER (self));
......@@ -3432,6 +3436,19 @@ impl_manager_sleep (NMManager *self,
return;
}
/* Unconditionally allow the request. Previously it was polkit protected
* but unfortunately that doesn't work for short-lived processes like
* pm-utils. It uses dbus-send without --print-reply, which quits
* immediately after sending the request, and NM is unable to obtain the
* sender's UID as dbus-send has already dropped off the bus. Thus NM
* fails the request. Instead, don't validate the request, but rely on
* D-Bus permissions to restrict the call to root.
*/
_internal_sleep (self, do_sleep);
dbus_g_method_return (context);
return;
#if 0
if (!nm_auth_get_caller_uid (context, priv->dbus_mgr, &sender_uid, &error_desc)) {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
......@@ -3457,6 +3474,7 @@ impl_manager_sleep (NMManager *self,
nm_auth_chain_set_data (chain, "sleep", GUINT_TO_POINTER (do_sleep), NULL);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SLEEP_WAKE, TRUE);
#endif
}
static void
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment