Commit 3b6917f7 authored by Dan Williams's avatar Dan Williams

core: make nm_auth_is_caller_root() more generic

parent 41faf87b
......@@ -267,22 +267,21 @@ nm_auth_chain_unref (NMAuthChain *self)
/************ utils **************/
gboolean
nm_auth_is_caller_root (DBusGMethodInvocation *context,
nm_auth_get_caller_uid (DBusGMethodInvocation *context,
NMDBusManager *dbus_mgr,
gboolean *out_is_root,
gulong *out_uid,
const char **out_error_desc)
{
DBusConnection *connection;
char *sender = NULL;
gulong sender_uid = G_MAXULONG;
gboolean success = FALSE;
DBusError dbus_error;
g_return_val_if_fail (context != NULL, FALSE);
g_return_val_if_fail (dbus_mgr != NULL, FALSE);
g_return_val_if_fail (out_is_root != NULL, FALSE);
g_return_val_if_fail (out_uid != NULL, FALSE);
*out_is_root = FALSE;
*out_uid = G_MAXULONG;
sender = dbus_g_method_get_sender (context);
if (!sender) {
......@@ -300,19 +299,17 @@ nm_auth_is_caller_root (DBusGMethodInvocation *context,
dbus_error_init (&dbus_error);
/* FIXME: do this async */
sender_uid = dbus_bus_get_unix_user (connection, sender, &dbus_error);
*out_uid = dbus_bus_get_unix_user (connection, sender, &dbus_error);
if (dbus_error_is_set (&dbus_error)) {
if (out_error_desc)
*out_error_desc = "Could not determine the Unix user ID of the requestor";
*out_error_desc = "Could not determine the user ID of the requestor";
dbus_error_free (&dbus_error);
goto out;
}
success = TRUE;
if (0 == sender_uid)
*out_is_root = TRUE;
*out_uid = G_MAXULONG;
} else
success = TRUE;
out:
g_free (sender);
return success;
}
......@@ -74,9 +74,9 @@ gboolean nm_auth_chain_add_call (NMAuthChain *chain,
void nm_auth_chain_unref (NMAuthChain *chain);
/* Utils */
gboolean nm_auth_is_caller_root (DBusGMethodInvocation *context,
gboolean nm_auth_get_caller_uid (DBusGMethodInvocation *context,
NMDBusManager *dbus_mgr,
gboolean *out_is_root,
gulong *out_uid,
const char **out_error_desc);
#endif /* NM_MANAGER_AUTH_H */
......
......@@ -2430,13 +2430,13 @@ is_user_request_authorized (NMManager *manager,
{
NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (manager);
DBusConnection *connection;
char *sender = NULL;
gulong sender_uid = G_MAXULONG;
DBusError dbus_error;
char *service_owner = NULL;
const char *service_name;
gulong service_uid = G_MAXULONG;
gboolean success = FALSE;
const char *error_desc = NULL;
/* Ensure the request to activate the user connection came from the
* same session as the user settings service. FIXME: use ConsoleKit
......@@ -2449,36 +2449,15 @@ is_user_request_authorized (NMManager *manager,
goto out;
}
sender = dbus_g_method_get_sender (context);
if (!sender) {
g_set_error (error, NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
"%s", "Could not determine D-Bus requestor");
goto out;
}
connection = nm_dbus_manager_get_dbus_connection (priv->dbus_mgr);
if (!connection) {
g_set_error (error, NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
"%s", "Could not get the D-Bus system bus");
goto out;
}
dbus_error_init (&dbus_error);
/* FIXME: do this async */
sender_uid = dbus_bus_get_unix_user (connection, sender, &dbus_error);
if (dbus_error_is_set (&dbus_error)) {
dbus_error_free (&dbus_error);
g_set_error (error, NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
"%s", "Could not determine the Unix user ID of the requestor");
if (!nm_auth_get_caller_uid (context, priv->dbus_mgr, &sender_uid, &error_desc)) {
g_set_error_literal (error,
NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
error_desc);
goto out;
}
/* Let root activate anything.
* FIXME: use a PolicyKit permission instead
*/
/* Let root activate anything */
if (0 == sender_uid) {
success = TRUE;
goto out;
......@@ -2489,8 +2468,8 @@ is_user_request_authorized (NMManager *manager,
g_set_error (error, NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
"%s", "Could not determine user settings service name");
goto out;
}
goto out;
service_owner = nm_dbus_manager_get_name_owner (priv->dbus_mgr, service_name, NULL);
if (!service_owner) {
......@@ -2522,11 +2501,12 @@ is_user_request_authorized (NMManager *manager,
success = TRUE;
out:
g_free (sender);
g_free (service_owner);
return success;
}
static void
impl_manager_activate_connection (NMManager *manager,
const char *service_name,
......@@ -2826,7 +2806,7 @@ impl_manager_sleep (NMManager *self,
NMManagerPrivate *priv;
NMAuthChain *chain;
GError *error = NULL;
gboolean is_root = FALSE;
gulong sender_uid = G_MAXULONG;
const char *error_desc = NULL;
g_return_if_fail (NM_IS_MANAGER (self));
......@@ -2842,7 +2822,7 @@ impl_manager_sleep (NMManager *self,
return;
}
if (!nm_auth_is_caller_root (context, priv->dbus_mgr, &is_root, &error_desc)) {
if (!nm_auth_get_caller_uid (context, priv->dbus_mgr, &sender_uid, &error_desc)) {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
error_desc);
......@@ -2852,7 +2832,7 @@ impl_manager_sleep (NMManager *self,
}
/* Root doesn't need PK authentication */
if (is_root) {
if (0 == sender_uid) {
_internal_sleep (self, do_sleep);
dbus_g_method_return (context);
return;
......@@ -2962,7 +2942,7 @@ impl_manager_enable (NMManager *self,
NMManagerPrivate *priv;
NMAuthChain *chain;
GError *error = NULL;
gboolean is_root = FALSE;
gulong sender_uid = G_MAXULONG;
const char *error_desc = NULL;
g_return_if_fail (NM_IS_MANAGER (self));
......@@ -2978,7 +2958,7 @@ impl_manager_enable (NMManager *self,
return;
}
if (!nm_auth_is_caller_root (context, priv->dbus_mgr, &is_root, &error_desc)) {
if (!nm_auth_get_caller_uid (context, priv->dbus_mgr, &sender_uid, &error_desc)) {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
error_desc);
......@@ -2988,7 +2968,7 @@ impl_manager_enable (NMManager *self,
}
/* Root doesn't need PK authentication */
if (is_root) {
if (0 == sender_uid) {
_internal_enable (self, enable);
dbus_g_method_return (context);
return;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment