nm-secret-agent.c 26 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
/* NetworkManager -- Network link manager
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
18
 * Copyright (C) 2010 - 2011 Red Hat, Inc.
19 20
 */

21
#include "nm-default.h"
22

23 24
#include "nm-secret-agent.h"

25 26 27
#include <sys/types.h>
#include <pwd.h>

28
#include "nm-dbus-interface.h"
29
#include "nm-dbus-manager.h"
30
#include "nm-core-internal.h"
31
#include "nm-auth-subject.h"
32
#include "nm-simple-connection.h"
33
#include "NetworkManagerUtils.h"
34
#include "c-list/src/c-list.h"
Dan Winship's avatar
Dan Winship committed
35

36
/*****************************************************************************/
37

38 39
enum {
	DISCONNECTED,
40

41 42 43
	LAST_SIGNAL
};
static guint signals[LAST_SIGNAL] = { 0 };
44 45

typedef struct {
46
	char *description;
Dan Williams's avatar
Dan Williams committed
47
	NMAuthSubject *subject;
48
	char *identifier;
49
	char *owner_username;
50
	char *dbus_owner;
51
	NMSecretAgentCapabilities capabilities;
52
	GSList *permissions;
53
	GDBusProxy *proxy;
54
	NMDBusManager *bus_mgr;
55
	GDBusConnection *connection;
56
	CList requests;
57 58
	gulong on_disconnected_id;
	bool connection_is_private:1;
59 60
} NMSecretAgentPrivate;

61 62 63 64
struct _NMSecretAgent {
	GObject parent;
	NMSecretAgentPrivate _priv;
};
65

66 67
struct _NMSecretAgentClass {
	GObjectClass parent;
68
};
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86

G_DEFINE_TYPE (NMSecretAgent, nm_secret_agent, G_TYPE_OBJECT)

#define NM_SECRET_AGENT_GET_PRIVATE(self) _NM_GET_PRIVATE (self, NMSecretAgent, NM_IS_SECRET_AGENT)

/*****************************************************************************/

#define _NMLOG_PREFIX_NAME    "secret-agent"
#define _NMLOG_DOMAIN         LOGD_AGENTS
#define _NMLOG(level, ...) \
    G_STMT_START { \
        if (nm_logging_enabled ((level), (_NMLOG_DOMAIN))) { \
            char __prefix[32]; \
            \
            if ((self)) \
                g_snprintf (__prefix, sizeof (__prefix), "%s[%p]", ""_NMLOG_PREFIX_NAME"", (self)); \
            else \
                g_strlcpy (__prefix, _NMLOG_PREFIX_NAME, sizeof (__prefix)); \
87
            _nm_log ((level), (_NMLOG_DOMAIN), 0, NULL, NULL, \
88 89 90 91 92 93 94
                     "%s: " _NM_UTILS_MACRO_FIRST(__VA_ARGS__), \
                     __prefix _NM_UTILS_MACRO_REST(__VA_ARGS__)); \
        } \
    } G_STMT_END

#define LOG_REQ_FMT          "req[%p,%s,%s%s%s%s]"
#define LOG_REQ_ARG(req)     (req), (req)->dbus_command, NM_PRINT_FMT_QUOTE_STRING ((req)->path), ((req)->cancellable ? "" : " (cancelled)")
95

96
/*****************************************************************************/
97

98 99 100 101 102 103 104
NM_UTILS_FLAGS2STR_DEFINE_STATIC (_capabilities_to_string, NMSecretAgentCapabilities,
	NM_UTILS_FLAGS2STR (NM_SECRET_AGENT_CAPABILITY_NONE, "none"),
	NM_UTILS_FLAGS2STR (NM_SECRET_AGENT_CAPABILITY_VPN_HINTS, "vpn-hints"),
);

/*****************************************************************************/

105
struct _NMSecretAgentCallId {
106
	CList lst;
107
	NMSecretAgent *agent;
Dan Winship's avatar
Dan Winship committed
108
	GCancellable *cancellable;
109
	char *path;
110
	const char *dbus_command;
111
	char *setting_name;
112
	gboolean is_get_secrets;
113 114
	NMSecretAgentCallback callback;
	gpointer callback_data;
115 116
};

117
static NMSecretAgentCallId *
118 119
request_new (NMSecretAgent *self,
             const char *dbus_command, /* this must be a static string. */
120 121 122 123 124
             const char *path,
             const char *setting_name,
             NMSecretAgentCallback callback,
             gpointer callback_data)
{
125
	NMSecretAgentCallId *r;
126

127
	r = g_slice_new0 (NMSecretAgentCallId);
128
	r->agent = self;
129 130
	r->path = g_strdup (path);
	r->setting_name = g_strdup (setting_name);
131
	r->dbus_command = dbus_command,
132 133
	r->callback = callback;
	r->callback_data = callback_data;
Dan Winship's avatar
Dan Winship committed
134
	r->cancellable = g_cancellable_new ();
135 136
	c_list_link_tail (&NM_SECRET_AGENT_GET_PRIVATE (self)->requests,
	                  &r->lst);
137
	_LOGt ("request "LOG_REQ_FMT": created", LOG_REQ_ARG (r));
138 139
	return r;
}
140
#define request_new(self,dbus_command,path,setting_name,callback,callback_data) request_new(self,""dbus_command"",path,setting_name,callback,callback_data)
141 142

static void
143
request_free (NMSecretAgentCallId *r)
144
{
145 146
	NMSecretAgent *self = r->agent;

147
	_LOGt ("request "LOG_REQ_FMT": destroyed", LOG_REQ_ARG (r));
148
	c_list_unlink_stale (&r->lst);
149 150
	g_free (r->path);
	g_free (r->setting_name);
151 152
	if (r->cancellable)
		g_object_unref (r->cancellable);
153
	g_slice_free (NMSecretAgentCallId, r);
154 155
}

156
static gboolean
157
request_check_return (NMSecretAgentCallId *r)
158 159 160 161 162 163
{
	if (!r->cancellable)
		return FALSE;

	g_return_val_if_fail (NM_IS_SECRET_AGENT (r->agent), FALSE);

164 165
	nm_assert (c_list_contains (&NM_SECRET_AGENT_GET_PRIVATE (r->agent)->requests,
	                            &r->lst));
166

167
	c_list_unlink (&r->lst);
168 169 170 171

	return TRUE;
}

172
/*****************************************************************************/
173

174 175 176 177 178 179 180 181 182
static char *
_create_description (const char *dbus_owner, const char *identifier, gulong uid)
{
	return g_strdup_printf ("%s/%s/%lu",
	                        dbus_owner,
	                        identifier,
	                        uid);
}

183 184 185 186 187 188 189 190 191
const char *
nm_secret_agent_get_description (NMSecretAgent *agent)
{
	NMSecretAgentPrivate *priv;

	g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NULL);

	priv = NM_SECRET_AGENT_GET_PRIVATE (agent);
	if (!priv->description) {
192 193 194
		priv->description = _create_description (priv->dbus_owner,
		                                         priv->identifier,
		                                         nm_auth_subject_get_unix_process_uid (priv->subject));
195 196 197 198 199
	}

	return priv->description;
}

200 201 202 203 204
const char *
nm_secret_agent_get_dbus_owner (NMSecretAgent *agent)
{
	g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NULL);

205
	return NM_SECRET_AGENT_GET_PRIVATE (agent)->dbus_owner;
206 207 208 209 210 211 212 213 214 215
}

const char *
nm_secret_agent_get_identifier (NMSecretAgent *agent)
{
	g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NULL);

	return NM_SECRET_AGENT_GET_PRIVATE (agent)->identifier;
}

Dan Williams's avatar
Dan Williams committed
216
gulong
217 218
nm_secret_agent_get_owner_uid  (NMSecretAgent *agent)
{
Dan Williams's avatar
Dan Williams committed
219
	g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), G_MAXULONG);
220

221
	return nm_auth_subject_get_unix_process_uid (NM_SECRET_AGENT_GET_PRIVATE (agent)->subject);
222 223
}

224
const char *
Dan Williams's avatar
Dan Williams committed
225
nm_secret_agent_get_owner_username (NMSecretAgent *agent)
226 227 228 229 230 231
{
	g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NULL);

	return NM_SECRET_AGENT_GET_PRIVATE (agent)->owner_username;
}

232 233 234 235 236
gulong
nm_secret_agent_get_pid (NMSecretAgent *agent)
{
	g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), G_MAXULONG);

237
	return nm_auth_subject_get_unix_process_pid (NM_SECRET_AGENT_GET_PRIVATE (agent)->subject);
238 239
}

240 241 242 243 244 245 246 247
NMSecretAgentCapabilities
nm_secret_agent_get_capabilities (NMSecretAgent *agent)
{
	g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NM_SECRET_AGENT_CAPABILITY_NONE);

	return NM_SECRET_AGENT_GET_PRIVATE (agent)->capabilities;
}

Dan Williams's avatar
Dan Williams committed
248 249 250 251 252 253 254 255
NMAuthSubject *
nm_secret_agent_get_subject (NMSecretAgent *agent)
{
	g_return_val_if_fail (NM_IS_SECRET_AGENT (agent), NULL);

	return NM_SECRET_AGENT_GET_PRIVATE (agent)->subject;
}

256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301
/**
 * nm_secret_agent_add_permission:
 * @agent: A #NMSecretAgent.
 * @permission: The name of the permission
 *
 * Records whether or not the agent has a given permission.
 */
void
nm_secret_agent_add_permission (NMSecretAgent *agent,
                                const char *permission,
                                gboolean allowed)
{
	NMSecretAgentPrivate *priv;
	GSList *iter;

	g_return_if_fail (agent != NULL);
	g_return_if_fail (permission != NULL);

	priv = NM_SECRET_AGENT_GET_PRIVATE (agent);

	/* Check if the permission is already in the list */
	for (iter = priv->permissions; iter; iter = g_slist_next (iter)) {
		if (g_strcmp0 (permission, iter->data) == 0) {
			/* If the permission is no longer allowed, remove it from the
			 * list.  If it is now allowed, do nothing since it's already
			 * in the list.
			 */
			if (allowed == FALSE) {
				g_free (iter->data);
				priv->permissions = g_slist_delete_link (priv->permissions, iter);
			}
			return;
		}
	}

	/* New permission that's allowed */
	if (allowed)
		priv->permissions = g_slist_prepend (priv->permissions, g_strdup (permission));
}

/**
 * nm_secret_agent_has_permission:
 * @agent: A #NMSecretAgent.
 * @permission: The name of the permission to check for
 *
 * Returns whether or not the agent has the given permission.
302
 *
303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325
 * Returns: %TRUE if the agent has the given permission, %FALSE if it does not
 * or if the permission was not previous recorded with
 * nm_secret_agent_add_permission().
 */
gboolean
nm_secret_agent_has_permission (NMSecretAgent *agent, const char *permission)
{
	NMSecretAgentPrivate *priv;
	GSList *iter;

	g_return_val_if_fail (agent != NULL, FALSE);
	g_return_val_if_fail (permission != NULL, FALSE);

	priv = NM_SECRET_AGENT_GET_PRIVATE (agent);

	/* Check if the permission is already in the list */
	for (iter = priv->permissions; iter; iter = g_slist_next (iter)) {
		if (g_strcmp0 (permission, iter->data) == 0)
			return TRUE;
	}
	return FALSE;
}

326
/*****************************************************************************/
327

328
static void
Dan Winship's avatar
Dan Winship committed
329 330 331
get_callback (GObject *proxy,
              GAsyncResult *result,
              gpointer user_data)
332
{
333
	NMSecretAgentCallId *r = user_data;
Dan Winship's avatar
Dan Winship committed
334

335 336 337
	if (request_check_return (r)) {
		NMSecretAgentPrivate *priv = NM_SECRET_AGENT_GET_PRIVATE (r->agent);
		gs_free_error GError *error = NULL;
338
		gs_unref_variant GVariant *ret = NULL;
339 340
		gs_unref_variant GVariant *secrets = NULL;

341 342
		ret = _nm_dbus_proxy_call_finish (priv->proxy, result, G_VARIANT_TYPE ("(a{sa{sv}})"), &error);
		if (!ret)
Dan Winship's avatar
Dan Winship committed
343
			g_dbus_error_strip_remote_error (error);
344 345 346 347 348
		else {
			g_variant_get (ret,
			               "(@a{sa{sv}})",
			               &secrets);
		}
Dan Winship's avatar
Dan Winship committed
349 350 351
		r->callback (r->agent, r, secrets, error, r->callback_data);
	}

352
	request_free (r);
353 354
}

355
NMSecretAgentCallId *
356
nm_secret_agent_get_secrets (NMSecretAgent *self,
357
                             const char *path,
358 359
                             NMConnection *connection,
                             const char *setting_name,
360
                             const char **hints,
361
                             NMSecretAgentGetSecretsFlags flags,
362 363
                             NMSecretAgentCallback callback,
                             gpointer callback_data)
364 365
{
	NMSecretAgentPrivate *priv;
366
	GVariant *dict;
367
	NMSecretAgentCallId *r;
368

369 370 371
	g_return_val_if_fail (NM_IS_SECRET_AGENT (self), NULL);
	g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL);
	g_return_val_if_fail (path && *path, NULL);
372 373 374
	g_return_val_if_fail (setting_name != NULL, NULL);

	priv = NM_SECRET_AGENT_GET_PRIVATE (self);
375
	g_return_val_if_fail (priv->proxy != NULL, NULL);
376

377
	dict = nm_connection_to_dbus (connection, NM_CONNECTION_SERIALIZE_ALL);
378

379
	/* Mask off the private flags if present */
380
	flags &= ~NM_SECRET_AGENT_GET_SECRETS_FLAG_ONLY_SYSTEM;
381
	flags &= ~NM_SECRET_AGENT_GET_SECRETS_FLAG_NO_ERRORS;
382

383
	r = request_new (self, "GetSecrets", path, setting_name, callback, callback_data);
384
	r->is_get_secrets = TRUE;
385

386 387 388 389 390 391 392 393 394 395 396 397 398 399
	g_dbus_proxy_call (priv->proxy,
	                   "GetSecrets",
	                   g_variant_new ("(@a{sa{sv}}os^asu)",
	                                  dict,
	                                  path,
	                                  setting_name,
	                                  hints ?: NM_PTRARRAY_EMPTY (const char *),
	                                  (guint32) flags),
	                   G_DBUS_CALL_FLAGS_NONE,
	                   120000,
	                   r->cancellable,
	                   get_callback,
	                   r);

400
	g_dbus_proxy_set_default_timeout (G_DBUS_PROXY (priv->proxy), -1);
Dan Winship's avatar
Dan Winship committed
401 402

	return r;
403 404
}

405
/*****************************************************************************/
406

407
static void
Dan Winship's avatar
Dan Winship committed
408
cancel_done (GObject *proxy, GAsyncResult *result, gpointer user_data)
409
{
410 411 412
	gs_free char *description = user_data;
	gs_free_error GError *error = NULL;
	gs_unref_variant GVariant *ret = NULL;
413

414 415
	ret = _nm_dbus_proxy_call_finish (G_DBUS_PROXY (proxy), result, G_VARIANT_TYPE ("()"), &error);
	if (!ret) {
416 417 418
		nm_log_dbg (LOGD_AGENTS, "%s%s%s: agent failed to cancel secrets: %s",
		            NM_PRINT_FMT_QUOTED (description, "(", description, ")", "???"),
		            error->message);
419 420 421
	}
}

422
static void
423
do_cancel_secrets (NMSecretAgent *self, NMSecretAgentCallId *r, gboolean disposing)
424 425 426 427 428 429 430 431 432 433 434 435
{
	NMSecretAgentPrivate *priv = NM_SECRET_AGENT_GET_PRIVATE (self);
	GCancellable *cancellable;
	NMSecretAgentCallback callback;
	gpointer callback_data;

	g_return_if_fail (r->agent == self);
	g_return_if_fail (r->cancellable);

	if (   r->is_get_secrets
	    && priv->proxy) {
		/* for GetSecrets call, we must cancel the request. */
436 437 438 439 440 441 442 443 444 445
		g_dbus_proxy_call (G_DBUS_PROXY (priv->proxy),
		                   "CancelGetSecrets",
		                   g_variant_new ("(os)",
		                                  r->path,
		                                  r->setting_name),
		                   G_DBUS_CALL_FLAGS_NONE,
		                   -1,
		                   NULL,
		                   cancel_done,
		                   g_strdup (nm_secret_agent_get_description (self)));
446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462
	}

	cancellable = r->cancellable;
	callback = r->callback;
	callback_data = r->callback_data;

	/* During g_cancellable_cancel() the d-bus method might return synchronously.
	 * Clear r->cancellable first, so that it doesn't actually do anything.
	 * After that, @r might be already freed. */
	r->cancellable = NULL;
	g_cancellable_cancel (cancellable);
	g_object_unref (cancellable);

	/* Don't free the request @r. It will be freed when the d-bus call returns.
	 * Only clear r->cancellable to indicate that the request was cancelled. */

	if (callback) {
463 464 465
		gs_free_error GError *error = NULL;

		nm_utils_error_set_cancelled (&error, disposing, "NMSecretAgent");
466 467 468 469 470 471
		/* @r might be a dangling pointer at this point. However, that is no problem
		 * to pass it as (opaque) call_id. */
		callback (self, r, NULL, error, callback_data);
	}
}

472 473 474 475 476 477 478 479 480 481 482
/**
 * nm_secret_agent_cancel_secrets:
 * @self: #NMSecretAgent instance
 * @call_id: the call id to cancel
 *
 * It is an error to pass an invalid @call_id or a @call_id for an operation
 * that already completed. NMSecretAgent will always invoke the callback,
 * also for cancel() and dispose().
 * In case of nm_secret_agent_cancel_secrets() this will synchronously invoke the
 * callback before nm_secret_agent_cancel_secrets() returns.
 */
483
void
484
nm_secret_agent_cancel_secrets (NMSecretAgent *self, NMSecretAgentCallId *call_id)
485
{
486
	NMSecretAgentCallId *r = call_id;
487

488 489
	g_return_if_fail (NM_IS_SECRET_AGENT (self));
	g_return_if_fail (r);
490

491 492 493
	nm_assert (c_list_contains (&NM_SECRET_AGENT_GET_PRIVATE (self)->requests,
	                            &r->lst));

494
	c_list_unlink (&r->lst);
Dan Winship's avatar
Dan Winship committed
495

496
	do_cancel_secrets (self, r, FALSE);
497 498
}

499
/*****************************************************************************/
500

501
static void
Dan Winship's avatar
Dan Winship committed
502 503 504
agent_save_cb (GObject *proxy,
               GAsyncResult *result,
               gpointer user_data)
505
{
506
	NMSecretAgentCallId *r = user_data;
507

508 509
	if (request_check_return (r)) {
		gs_free_error GError *error = NULL;
510
		gs_unref_variant GVariant *ret = NULL;
511

512 513
		ret = _nm_dbus_proxy_call_finish (G_DBUS_PROXY (proxy), result, G_VARIANT_TYPE ("()"), &error);
		if (!ret)
Dan Winship's avatar
Dan Winship committed
514 515 516
			g_dbus_error_strip_remote_error (error);
		r->callback (r->agent, r, NULL, error, r->callback_data);
	}
517

518
	request_free (r);
519 520
}

521
NMSecretAgentCallId *
522
nm_secret_agent_save_secrets (NMSecretAgent *self,
523
                              const char *path,
524 525 526 527
                              NMConnection *connection,
                              NMSecretAgentCallback callback,
                              gpointer callback_data)
{
Dan Winship's avatar
Dan Winship committed
528 529
	NMSecretAgentPrivate *priv;
	GVariant *dict;
530
	NMSecretAgentCallId *r;
Dan Winship's avatar
Dan Winship committed
531

532 533 534
	g_return_val_if_fail (NM_IS_SECRET_AGENT (self), NULL);
	g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL);
	g_return_val_if_fail (path && *path, NULL);
535

Dan Winship's avatar
Dan Winship committed
536 537
	priv = NM_SECRET_AGENT_GET_PRIVATE (self);

538
	/* Caller should have ensured that only agent-owned secrets exist in 'connection' */
Dan Winship's avatar
Dan Winship committed
539 540
	dict = nm_connection_to_dbus (connection, NM_CONNECTION_SERIALIZE_ALL);

541
	r = request_new (self, "SaveSecrets", path, NULL, callback, callback_data);
542 543 544 545 546 547 548 549 550 551
	g_dbus_proxy_call (priv->proxy,
	                   "SaveSecrets",
	                   g_variant_new ("(@a{sa{sv}}o)",
	                                  dict,
	                                  path),
	                   G_DBUS_CALL_FLAGS_NONE,
	                   -1,
	                   NULL, /* cancelling the request does *not* cancel the D-Bus call. */
	                   agent_save_cb,
	                   r);
Dan Winship's avatar
Dan Winship committed
552 553 554 555

	return r;
}

556
/*****************************************************************************/
557

Dan Winship's avatar
Dan Winship committed
558 559 560 561 562
static void
agent_delete_cb (GObject *proxy,
                 GAsyncResult *result,
                 gpointer user_data)
{
563
	NMSecretAgentCallId *r = user_data;
Dan Winship's avatar
Dan Winship committed
564

565 566
	if (request_check_return (r)) {
		gs_free_error GError *error = NULL;
567
		gs_unref_variant GVariant *ret = NULL;
568

569 570
		ret = _nm_dbus_proxy_call_finish (G_DBUS_PROXY (proxy), result, G_VARIANT_TYPE ("()"), &error);
		if (!ret)
571
			g_dbus_error_strip_remote_error (error);
Dan Winship's avatar
Dan Winship committed
572 573 574
		r->callback (r->agent, r, NULL, error, r->callback_data);
	}

575
	request_free (r);
576 577
}

578
NMSecretAgentCallId *
579
nm_secret_agent_delete_secrets (NMSecretAgent *self,
580
                                const char *path,
581 582 583 584
                                NMConnection *connection,
                                NMSecretAgentCallback callback,
                                gpointer callback_data)
{
Dan Winship's avatar
Dan Winship committed
585 586
	NMSecretAgentPrivate *priv;
	GVariant *dict;
587
	NMSecretAgentCallId *r;
Dan Winship's avatar
Dan Winship committed
588

589 590 591
	g_return_val_if_fail (NM_IS_SECRET_AGENT (self), NULL);
	g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL);
	g_return_val_if_fail (path && *path, NULL);
592

Dan Winship's avatar
Dan Winship committed
593
	priv = NM_SECRET_AGENT_GET_PRIVATE (self);
594

Dan Winship's avatar
Dan Winship committed
595 596
	/* No secrets sent; agents must be smart enough to track secrets using the UUID or something */
	dict = nm_connection_to_dbus (connection, NM_CONNECTION_SERIALIZE_NO_SECRETS);
597

598
	r = request_new (self, "DeleteSecrets", path, NULL, callback, callback_data);
599 600 601 602 603 604 605 606 607 608
	g_dbus_proxy_call (priv->proxy,
	                   "DeleteSecrets",
	                   g_variant_new ("(@a{sa{sv}}o)",
	                                  dict,
	                                  path),
	                   G_DBUS_CALL_FLAGS_NONE,
	                   -1,
	                   NULL, /* cancelling the request does *not* cancel the D-Bus call. */
	                   agent_delete_cb,
	                   r);
Dan Winship's avatar
Dan Winship committed
609
	return r;
610 611
}

612
/*****************************************************************************/
613

614
static void
615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633
_on_disconnected_cleanup (NMSecretAgentPrivate *priv)
{
	if (priv->on_disconnected_id) {
		if (priv->connection_is_private) {
			g_signal_handler_disconnect (priv->bus_mgr,
			                             priv->on_disconnected_id);
		} else {
			g_dbus_connection_signal_unsubscribe (priv->connection,
			                                      priv->on_disconnected_id);
		}
		priv->on_disconnected_id = 0;
	}

	g_clear_object (&priv->connection);
	g_clear_object (&priv->proxy);
	g_clear_object (&priv->bus_mgr);
}

static void
634
_on_disconnected_private_connection (NMDBusManager *mgr,
635 636 637 638 639 640 641 642
                                     GDBusConnection *connection,
                                     NMSecretAgent *self)
{
	NMSecretAgentPrivate *priv = NM_SECRET_AGENT_GET_PRIVATE (self);

	if (priv->connection != connection)
		return;

643
	_LOGt ("private connection disconnected");
644 645 646 647 648 649 650

	_on_disconnected_cleanup (priv);
	g_signal_emit (self, signals[DISCONNECTED], 0);
}

static void
_on_disconnected_name_owner_changed (GDBusConnection *connection,
651 652 653 654
                                     const char       *sender_name,
                                     const char       *object_path,
                                     const char       *interface_name,
                                     const char       *signal_name,
655 656
                                     GVariant         *parameters,
                                     gpointer          user_data)
657
{
Dan Winship's avatar
Dan Winship committed
658
	NMSecretAgent *self = NM_SECRET_AGENT (user_data);
659
	NMSecretAgentPrivate *priv = NM_SECRET_AGENT_GET_PRIVATE (self);
660
	const char *old_owner = NULL, *new_owner = NULL;
661 662 663 664 665 666 667

	g_variant_get (parameters,
	               "(&s&s&s)",
	               NULL,
	               &old_owner,
	               &new_owner);

668
	_LOGt ("name-owner-changed: %s%s%s => %s%s%s",
669 670 671 672 673
	       NM_PRINT_FMT_QUOTE_STRING (old_owner),
	       NM_PRINT_FMT_QUOTE_STRING (new_owner));

	if (!*new_owner) {
		_on_disconnected_cleanup (priv);
674
		g_signal_emit (self, signals[DISCONNECTED], 0);
675
	}
676 677
}

678
/*****************************************************************************/
679

680
NMSecretAgent *
Dan Winship's avatar
Dan Winship committed
681
nm_secret_agent_new (GDBusMethodInvocation *context,
Dan Williams's avatar
Dan Williams committed
682
                     NMAuthSubject *subject,
683
                     const char *identifier,
684
                     NMSecretAgentCapabilities capabilities)
685 686 687
{
	NMSecretAgent *self;
	NMSecretAgentPrivate *priv;
688
	const char *dbus_owner;
689
	struct passwd *pw;
690
	char *owner_username = NULL;
691 692
	char *description = NULL;
	char buf_subject[64];
693
	char buf_caps[150];
694
	gulong uid;
695
	GDBusConnection *connection;
696

Dan Williams's avatar
Dan Williams committed
697 698
	g_return_val_if_fail (context != NULL, NULL);
	g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), NULL);
699
	g_return_val_if_fail (nm_auth_subject_is_unix_process (subject), NULL);
700 701
	g_return_val_if_fail (identifier != NULL, NULL);

702 703 704 705
	connection = g_dbus_method_invocation_get_connection (context);

	g_return_val_if_fail (G_IS_DBUS_CONNECTION (connection), NULL);

706 707 708
	uid = nm_auth_subject_get_unix_process_uid (subject);

	pw = getpwuid (uid);
709 710
	if (pw && pw->pw_name && pw->pw_name[0])
		owner_username = g_strdup (pw->pw_name);
711

712 713
	dbus_owner = nm_auth_subject_get_unix_process_dbus_sender (subject);

714
	self = (NMSecretAgent *) g_object_new (NM_TYPE_SECRET_AGENT, NULL);
715

716 717
	priv = NM_SECRET_AGENT_GET_PRIVATE (self);

718
	priv->bus_mgr = g_object_ref (nm_dbus_manager_get ());
719
	priv->connection = g_object_ref (connection);
720
	priv->connection_is_private = !!nm_dbus_manager_connection_get_private_name (priv->bus_mgr, connection);
721

722
	_LOGt ("constructed: %s, owner=%s%s%s (%s), private-connection=%d, unique-name=%s%s%s, capabilities=%s",
723 724
	       (description = _create_description (dbus_owner, identifier, uid)),
	       NM_PRINT_FMT_QUOTE_STRING (owner_username),
725 726
	       nm_auth_subject_to_string (subject, buf_subject, sizeof (buf_subject)),
	       priv->connection_is_private,
727 728
	       NM_PRINT_FMT_QUOTE_STRING (g_dbus_connection_get_unique_name (priv->connection)),
	       _capabilities_to_string (capabilities, buf_caps, sizeof (buf_caps)));
729

730
	priv->identifier = g_strdup (identifier);
731
	priv->owner_username = owner_username;
732 733
	priv->dbus_owner = g_strdup (dbus_owner);
	priv->description = description;
734
	priv->capabilities = capabilities;
Dan Williams's avatar
Dan Williams committed
735
	priv->subject = g_object_ref (subject);
736

737 738 739 740 741 742
	priv->proxy = nm_dbus_manager_new_proxy (priv->bus_mgr,
	                                         priv->connection,
	                                         G_TYPE_DBUS_PROXY,
	                                         priv->dbus_owner,
	                                         NM_DBUS_PATH_SECRET_AGENT,
	                                         NM_DBUS_INTERFACE_SECRET_AGENT);
743

744 745 746 747
	/* we cannot subscribe to notify::g-name-owner because that doesn't work
	 * for unique names and it doesn't work for private connections. */
	if (priv->connection_is_private) {
		priv->on_disconnected_id = g_signal_connect (priv->bus_mgr,
748
		                                             NM_DBUS_MANAGER_PRIVATE_CONNECTION_DISCONNECTED,
749 750 751 752 753 754 755 756 757 758 759 760 761 762 763
		                                             G_CALLBACK (_on_disconnected_private_connection),
		                                             self);
	} else {
		priv->on_disconnected_id = g_dbus_connection_signal_subscribe (priv->connection,
		                                                               "org.freedesktop.DBus",  /* name */
		                                                               "org.freedesktop.DBus",  /* interface */
		                                                               "NameOwnerChanged",      /* signal name */
		                                                               "/org/freedesktop/DBus", /* path */
		                                                               priv->dbus_owner,        /* arg0 */
		                                                               G_DBUS_SIGNAL_FLAGS_NONE,
		                                                               _on_disconnected_name_owner_changed,
		                                                               self,
		                                                               NULL);
	}

764 765 766 767 768 769
	return self;
}

static void
nm_secret_agent_init (NMSecretAgent *self)
{
770 771
	NMSecretAgentPrivate *priv = NM_SECRET_AGENT_GET_PRIVATE (self);

772
	c_list_init (&priv->requests);
773 774 775 776 777
}

static void
dispose (GObject *object)
{
778 779
	NMSecretAgent *self = NM_SECRET_AGENT (object);
	NMSecretAgentPrivate *priv = NM_SECRET_AGENT_GET_PRIVATE (self);
780
	CList *iter;
781

782 783
again:
	c_list_for_each (iter, &priv->requests) {
784
		c_list_unlink (iter);
785
		do_cancel_secrets (self, c_list_entry (iter, NMSecretAgentCallId, lst), TRUE);
786
		goto again;
787
	}
788

789 790
	_on_disconnected_cleanup (priv);

Dan Williams's avatar
Dan Williams committed
791 792
	g_clear_object (&priv->subject);

793 794 795
	G_OBJECT_CLASS (nm_secret_agent_parent_class)->dispose (object);
}

796 797 798
static void
finalize (GObject *object)
{
799 800
	NMSecretAgent *self = NM_SECRET_AGENT (object);
	NMSecretAgentPrivate *priv = NM_SECRET_AGENT_GET_PRIVATE (self);
801 802 803 804

	g_free (priv->description);
	g_free (priv->identifier);
	g_free (priv->owner_username);
805
	g_free (priv->dbus_owner);
806 807 808 809

	g_slist_free_full (priv->permissions, g_free);

	G_OBJECT_CLASS (nm_secret_agent_parent_class)->finalize (object);
810

811
	_LOGt ("finalized");
812 813
}

814 815 816 817 818 819
static void
nm_secret_agent_class_init (NMSecretAgentClass *config_class)
{
	GObjectClass *object_class = G_OBJECT_CLASS (config_class);

	object_class->dispose = dispose;
820
	object_class->finalize = finalize;
821 822

	signals[DISCONNECTED] =
823 824 825 826 827 828 829
	    g_signal_new (NM_SECRET_AGENT_DISCONNECTED,
	                  G_OBJECT_CLASS_TYPE (object_class),
	                  G_SIGNAL_RUN_FIRST,
	                  0,
	                  NULL, NULL,
	                  g_cclosure_marshal_VOID__VOID,
	                  G_TYPE_NONE, 0);
830 831
}