Commit fee318ab authored by Dan Williams's avatar Dan Williams

settings: remove groups checking

See "libnm-util: simplify permissions somewhat; remove groups"
for more rationale.  Might come back later.
parent 82772191
......@@ -27,7 +27,6 @@ G_DEFINE_TYPE (NMSessionInfo, nm_session_info, G_TYPE_OBJECT);
typedef struct {
char *id;
char *user;
GSList *groups;
gboolean is_default;
} NMSessionInfoPrivate;
......@@ -37,7 +36,6 @@ enum {
PROP_0,
PROP_ID,
PROP_USER,
PROP_GROUPS,
PROP_IS_DEFAULT
};
......@@ -57,14 +55,6 @@ nm_session_info_get_unix_user (NMSessionInfo *self)
return NM_SESSION_INFO_GET_PRIVATE (self)->user;
}
GSList *
nm_session_info_get_unix_groups (NMSessionInfo *self)
{
g_return_val_if_fail (NM_IS_SESSION_INFO (self), NULL);
return NM_SESSION_INFO_GET_PRIVATE (self)->groups;
}
gboolean
nm_session_info_is_default_session (NMSessionInfo *self)
{
......@@ -90,10 +80,6 @@ set_property (GObject *object,
g_free (priv->user);
priv->user = g_value_dup_string (value);
break;
case PROP_GROUPS:
nm_utils_slist_free (priv->groups, g_free);
priv->groups = g_value_dup_boxed (value);
break;
case PROP_IS_DEFAULT:
priv->is_default = g_value_get_boolean (value);
break;
......@@ -119,9 +105,6 @@ get_property (GObject *object,
case PROP_USER:
g_value_set_string (value, priv->user);
break;
case PROP_GROUPS:
g_value_set_boxed (value, priv->groups);
break;
case PROP_IS_DEFAULT:
g_value_set_boolean (value, priv->is_default);
break;
......@@ -151,11 +134,6 @@ dispose (GObject *object)
priv->user = NULL;
}
if (priv->groups) {
nm_utils_slist_free (priv->groups, g_free);
priv->groups = NULL;
}
G_OBJECT_CLASS (nm_session_info_parent_class)->dispose (object);
}
......@@ -188,18 +166,6 @@ nm_session_info_class_init (NMSessionInfoClass *info_class) {
NULL,
G_PARAM_READABLE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property
(g_class, PROP_GROUPS,
g_param_spec_boxed (
NM_SESSION_INFO_UNIX_GROUPS,
"UnixGroups",
"List of strings representing the groups that this session's user "
"belonged to at login time. This represents our best guess as to "
"what groups the session's processes belong to. If this is the "
"default session, this is NULL.",
DBUS_TYPE_G_LIST_OF_STRING,
G_PARAM_READABLE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property
(g_class, PROP_IS_DEFAULT,
g_param_spec_boolean (
......
......@@ -34,7 +34,6 @@ G_BEGIN_DECLS
#define NM_SESSION_INFO_ID "session-id"
#define NM_SESSION_INFO_UNIX_USER "unix-user"
#define NM_SESSION_INFO_UNIX_GROUPS "unix-groups"
#define NM_SESSION_INFO_IS_DEFAULT "is-default"
#define NM_SESSION_INFO_REMOVED "removed"
......@@ -53,7 +52,6 @@ GType nm_session_info_get_type (void);
char * nm_session_info_get_id (NMSessionInfo *self);
char * nm_session_info_get_unix_user (NMSessionInfo *self);
GSList * nm_session_info_get_unix_groups (NMSessionInfo *self);
gboolean nm_session_info_is_default_session (NMSessionInfo *self);
G_END_DECLS
......
......@@ -164,13 +164,8 @@ get_unix_user_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data
NMSessionManagerPrivate *priv = NM_SESSION_MANAGER_GET_PRIVATE (pending->manager);
guint user_id;
struct passwd *pw_info = NULL;
int ngroups;
guint group_ids_size = 0;
gid_t *group_ids = NULL;
GSList *group_names = NULL;
NMSessionInfo *session = NULL;
GError *error = NULL;
int i;
if (!dbus_g_proxy_end_call (proxy, call_id, NULL,
G_TYPE_UINT, &user_id, G_TYPE_NONE)) {
......@@ -190,34 +185,9 @@ get_unix_user_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data
goto out;
}
// Figure out how many groups the user is in
group_ids = g_slice_alloc (0);
ngroups = 0;
getgrouplist (pw_info->pw_name, pw_info->pw_gid, group_ids, &ngroups);
g_slice_free1 (0, group_ids);
// Get the list of group IDs
// FIXME what happens if the group list changes in the window between the
// two getgrouplist calls?
group_ids_size = ngroups * sizeof (gid_t);
group_ids = g_slice_alloc (group_ids_size);
if (getgrouplist (pw_info->pw_name, pw_info->pw_gid, group_ids, &ngroups) == -1) {
error = g_error_new (NM_SESSION_MANAGER_ERROR,
NM_SESSION_MANAGER_ERROR_INFO_GATHERING_FAILED,
"session %s: failed to get groups for user %s",
pending->session_id, pw_info->pw_name);
goto out;
}
for (i = 0; i < ngroups; i++) {
struct group *gr_info = getgrgid (group_ids[i]);
group_names = g_slist_prepend (group_names, g_strdup (gr_info->gr_name));
}
session = g_object_new (NM_TYPE_SESSION_INFO,
NM_SESSION_INFO_ID, pending->session_id,
NM_SESSION_INFO_UNIX_USER, pw_info->pw_name,
NM_SESSION_INFO_UNIX_GROUPS, group_names,
NULL);
g_assert (session);
......@@ -225,11 +195,6 @@ get_unix_user_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data
g_signal_emit (pending->manager, signals[ADDED], 0, session);
out:
if (group_names)
nm_utils_slist_free (group_names, g_free);
if (group_ids)
g_slice_free1 (group_ids_size, group_ids);
pending_session_finish (pending, session, error);
g_clear_error (&error);
......
......@@ -87,7 +87,6 @@ session_allowed (NMSysconfigConnection *connection,
NMSettingConnection *setting_connection = (NMSettingConnection *) nm_connection_get_setting (NM_CONNECTION (connection), NM_TYPE_SETTING_CONNECTION);
GSList *permissions_entries;
char *session_user;
GSList *session_groups;
GSList *p_iter;
gboolean allowed = FALSE;
......@@ -106,7 +105,6 @@ session_allowed (NMSysconfigConnection *connection,
}
session_user = nm_session_info_get_unix_user (session);
session_groups = nm_session_info_get_unix_groups (session);
for (p_iter = permissions_entries; p_iter != NULL; p_iter = p_iter->next) {
char **p_comps = g_strsplit ((char *)p_iter->data, ":", 3);
......@@ -118,19 +116,7 @@ session_allowed (NMSysconfigConnection *connection,
allowed = TRUE;
goto out;
}
}
else if (g_str_equal (type, "group")) {
GSList *g_iter;
for (g_iter = session_groups; g_iter != NULL; g_iter = g_iter->next ) {
char *group_name = (char *) g_iter->data;
if (g_str_equal (group_name, name)) {
allowed = TRUE;
goto out;
}
}
}
else {
} else {
nm_log_err (LOGD_SYS_SET,
"connection %s: failed to parse permissions entry '%s'",
nm_setting_connection_get_id (setting_connection),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment