summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan Williams <dcbw@redhat.com>2014-01-23 16:49:05 -0600
committerDan Williams <dcbw@redhat.com>2014-01-23 16:49:05 -0600
commit4b39267b9df394f8fb802073206899004cc84c69 (patch)
treece92593c4af1a6c4f8c2462a5b7a8e19f18a7634
parent32a001f526c182fa70ede92ffc360112eb7fe9c6 (diff)
parentd000d1223fe33141d3df6dc49d9880ed0f29f729 (diff)
downloadNetworkManager-4b39267b9df394f8fb802073206899004cc84c69.tar.gz
merge: remove at_console from D-Bus permissions (bgo #707983) (rh #979416)
Remove at_console, ensuring that all necessary calls are protected by PolicyKit authorization (which at_console is redundant with). Allows sessions that are not necessarily local (like SSH or remote desktop) to talk to NetworkManager, subject to administrator PolicyKit rules.
Diffstat
-rw-r--r--introspection/nm-ip4-config.xml8
-rw-r--r--introspection/nm-ip6-config.xml8
-rw-r--r--introspection/nm-manager.xml1
-rw-r--r--introspection/nm-settings.xml1
-rw-r--r--policy/org.freedesktop.NetworkManager.policy.in.in9
-rw-r--r--src/nm-ip4-config.c4
-rw-r--r--src/nm-ip6-config.c5
-rw-r--r--src/nm-manager.c39
-rw-r--r--src/nm-session-monitor-systemd.c22
-rw-r--r--src/org.freedesktop.NetworkManager.conf114
-rw-r--r--src/settings/nm-settings.c56
11 files changed, 171 insertions, 96 deletions
diff --git a/introspection/nm-ip4-config.xml b/introspection/nm-ip4-config.xml
index f21a2e4a0e..6a8750b7f6 100644
--- a/introspection/nm-ip4-config.xml
+++ b/introspection/nm-ip4-config.xml
@@ -30,6 +30,14 @@
<property name="WinsServers" type="au" access="read">
<tp:docstring>The Windows Internet Name Service servers associated with the connection. Each address is in network byte order.</tp:docstring>
</property>
+
+ <signal name="PropertiesChanged">
+ <arg name="properties" type="a{sv}" tp:type="String_Variant_Map">
+ <tp:docstring>
+ A dictionary mapping property names to variant boxed values
+ </tp:docstring>
+ </arg>
+ </signal>
</interface>
</node>
diff --git a/introspection/nm-ip6-config.xml b/introspection/nm-ip6-config.xml
index dcec871391..55c519e701 100644
--- a/introspection/nm-ip6-config.xml
+++ b/introspection/nm-ip6-config.xml
@@ -20,6 +20,14 @@
<property name="Searches" type="as" access="read">
<tp:docstring>A list of dns searches.</tp:docstring>
</property>
+
+ <signal name="PropertiesChanged">
+ <arg name="properties" type="a{sv}" tp:type="String_Variant_Map">
+ <tp:docstring>
+ A dictionary mapping property names to variant boxed values
+ </tp:docstring>
+ </arg>
+ </signal>
</interface>
</node>
diff --git a/introspection/nm-manager.xml b/introspection/nm-manager.xml
index 2d4cbf8269..27610cfc9b 100644
--- a/introspection/nm-manager.xml
+++ b/introspection/nm-manager.xml
@@ -209,6 +209,7 @@
<method name="SetLogging">
<annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_manager_set_logging"/>
+ <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
<tp:docstring>
Set logging verbosity and which operations are logged.
</tp:docstring>
diff --git a/introspection/nm-settings.xml b/introspection/nm-settings.xml
index 7e02db7216..e36f206db9 100644
--- a/introspection/nm-settings.xml
+++ b/introspection/nm-settings.xml
@@ -23,6 +23,7 @@
Retrieve the object path of a connection, given that connection's UUID.
</tp:docstring>
<annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_settings_get_connection_by_uuid"/>
+ <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
<arg name="uuid" type="s" direction="in">
<tp:docstring>
The UUID to find the connection object path for.
diff --git a/policy/org.freedesktop.NetworkManager.policy.in.in b/policy/org.freedesktop.NetworkManager.policy.in.in
index ea3777a470..2de066c1e0 100644
--- a/policy/org.freedesktop.NetworkManager.policy.in.in
+++ b/policy/org.freedesktop.NetworkManager.policy.in.in
@@ -85,8 +85,7 @@
<_description>Modify personal network connections</_description>
<_message>System policy prevents modification of personal network settings</_message>
<defaults>
- <allow_inactive>no</allow_inactive>
- <allow_active>yes</allow_active>
+ <allow_any>yes</allow_any>
</defaults>
</action>
@@ -94,8 +93,7 @@
<_description>Modify network connections for all users</_description>
<_message>System policy prevents modification of network settings for all users</_message>
<defaults>
- <allow_inactive>no</allow_inactive>
- <allow_active>@NM_MODIFY_SYSTEM_POLICY@</allow_active>
+ <allow_any>@NM_MODIFY_SYSTEM_POLICY@</allow_any>
</defaults>
</action>
@@ -103,8 +101,7 @@
<_description>Modify persistent system hostname</_description>
<_message>System policy prevents modification of the persistent system hostname</_message>
<defaults>
- <allow_inactive>no</allow_inactive>
- <allow_active>auth_admin_keep</allow_active>
+ <allow_any>auth_admin_keep</allow_any>
</defaults>
</action>
diff --git a/src/nm-ip4-config.c b/src/nm-ip4-config.c
index c7c00a41d7..b9ce0cbadb 100644
--- a/src/nm-ip4-config.c
+++ b/src/nm-ip4-config.c
@@ -1688,5 +1688,7 @@ nm_ip4_config_class_init (NMIP4ConfigClass *config_class)
g_object_class_install_properties (object_class, LAST_PROP, obj_properties);
- dbus_g_object_type_install_info (G_TYPE_FROM_CLASS (config_class), &dbus_glib_nm_ip4_config_object_info);
+ nm_dbus_manager_register_exported_type (nm_dbus_manager_get (),
+ G_TYPE_FROM_CLASS (config_class),
+ &dbus_glib_nm_ip4_config_object_info);
}
diff --git a/src/nm-ip6-config.c b/src/nm-ip6-config.c
index 6e9f1f2558..178f0b51b1 100644
--- a/src/nm-ip6-config.c
+++ b/src/nm-ip6-config.c
@@ -1509,6 +1509,7 @@ nm_ip6_config_class_init (NMIP6ConfigClass *config_class)
g_object_class_install_properties (object_class, LAST_PROP, obj_properties);
- dbus_g_object_type_install_info (G_TYPE_FROM_CLASS (config_class),
- &dbus_glib_nm_ip6_config_object_info);
+ nm_dbus_manager_register_exported_type (nm_dbus_manager_get (),
+ G_TYPE_FROM_CLASS (config_class),
+ &dbus_glib_nm_ip6_config_object_info);
}
diff --git a/src/nm-manager.c b/src/nm-manager.c
index 4fa1991225..e5a9702966 100644
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@@ -123,10 +123,10 @@ static gboolean impl_manager_get_state (NMManager *manager,
guint32 *state,
GError **error);
-static gboolean impl_manager_set_logging (NMManager *manager,
- const char *level,
- const char *domains,
- GError **error);
+static void impl_manager_set_logging (NMManager *manager,
+ const char *level,
+ const char *domains,
+ DBusGMethodInvocation *context);
static void impl_manager_get_logging (NMManager *manager,
char **level,
@@ -4002,13 +4002,31 @@ impl_manager_get_state (NMManager *manager, guint32 *state, GError **error)
return TRUE;
}
-static gboolean
+static void
impl_manager_set_logging (NMManager *manager,
const char *level,
const char *domains,
- GError **error)
+ DBusGMethodInvocation *context)
{
- if (nm_logging_setup (level, domains, NULL, error)) {
+ NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (manager);
+ GError *error = NULL;
+ gulong caller_uid = G_MAXULONG;
+
+ if (!nm_dbus_manager_get_caller_info (priv->dbus_mgr, context, NULL, &caller_uid, NULL)) {
+ error = g_error_new_literal (NM_MANAGER_ERROR,
+ NM_MANAGER_ERROR_PERMISSION_DENIED,
+ "Failed to get request UID.");
+ goto done;
+ }
+
+ if (0 != caller_uid) {
+ error = g_error_new_literal (NM_MANAGER_ERROR,
+ NM_MANAGER_ERROR_PERMISSION_DENIED,
+ "Permission denied");
+ goto done;
+ }
+
+ if (nm_logging_setup (level, domains, NULL, &error)) {
char *new_level = nm_logging_level_to_string ();
char *new_domains = nm_logging_domains_to_string ();
@@ -4016,9 +4034,12 @@ impl_manager_set_logging (NMManager *manager,
new_level, new_domains);
g_free (new_level);
g_free (new_domains);
- return TRUE;
}
- return FALSE;
+
+done:
+ if (error)
+ dbus_g_method_return_error (context, error);
+ g_clear_error (&error);
}
static void
diff --git a/src/nm-session-monitor-systemd.c b/src/nm-session-monitor-systemd.c
index 4d8edab2d2..f195c1e775 100644
--- a/src/nm-session-monitor-systemd.c
+++ b/src/nm-session-monitor-systemd.c
@@ -234,18 +234,19 @@ nm_session_monitor_uid_has_session (NMSessionMonitor *monitor,
const char **out_user,
GError **error)
{
- int ret;
+ int num_sessions;
if (!nm_session_uid_to_user (uid, out_user, error))
return FALSE;
- ret = sd_uid_get_sessions (uid, FALSE, NULL) > 0;
- if (ret < 0) {
+ /* Get all sessions (including inactive ones) for the user */
+ num_sessions = sd_uid_get_sessions (uid, 0, NULL);
+ if (num_sessions < 0) {
nm_log_warn (LOGD_CORE, "Failed to get systemd sessions for uid %d: %d",
- uid, ret);
+ uid, num_sessions);
return FALSE;
}
- return ret > 0 ? TRUE : FALSE;
+ return num_sessions > 0;
}
gboolean
@@ -253,13 +254,14 @@ nm_session_monitor_uid_active (NMSessionMonitor *monitor,
uid_t uid,
GError **error)
{
- int ret;
+ int num_sessions;
- ret = sd_uid_get_sessions (uid, TRUE, NULL) > 0;
- if (ret < 0) {
+ /* Get active sessions for the user */
+ num_sessions = sd_uid_get_sessions (uid, 1, NULL);
+ if (num_sessions < 0) {
nm_log_warn (LOGD_CORE, "Failed to get active systemd sessions for uid %d: %d",
- uid, ret);
+ uid, num_sessions);
return FALSE;
}
- return ret > 0 ? TRUE : FALSE;
+ return num_sessions > 0;
}
diff --git a/src/org.freedesktop.NetworkManager.conf b/src/org.freedesktop.NetworkManager.conf
index db68374cc8..bdfe3e6773 100644
--- a/src/org.freedesktop.NetworkManager.conf
+++ b/src/org.freedesktop.NetworkManager.conf
@@ -26,93 +26,99 @@
<allow send_destination="org.freedesktop.NetworkManager.ssh"/>
<allow send_destination="org.freedesktop.NetworkManager.iodine"/>
</policy>
- <policy at_console="true">
- <allow send_destination="org.freedesktop.NetworkManager"/>
+ <policy context="default">
+ <deny own="org.freedesktop.NetworkManager"/>
+ <deny send_destination="org.freedesktop.NetworkManager"/>
+
+ <!-- Basic D-Bus API stuff -->
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.DBus.Introspectable"/>
-
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.DBus.Properties"/>
+ <!-- Devices (read-only properties, no methods) -->
<allow send_destination="org.freedesktop.NetworkManager"
- send_interface="org.freedesktop.NetworkManager"/>
-
+ send_interface="org.freedesktop.NetworkManager.Device.Adsl"/>
<allow send_destination="org.freedesktop.NetworkManager"
- send_interface="org.freedesktop.NetworkManager.AccessPoint"/>
-
+ send_interface="org.freedesktop.NetworkManager.Device.Bond"/>
<allow send_destination="org.freedesktop.NetworkManager"
- send_interface="org.freedesktop.NetworkManager.Connection.Active"/>
-
+ send_interface="org.freedesktop.NetworkManager.Device.Bridge"/>
<allow send_destination="org.freedesktop.NetworkManager"
- send_interface="org.freedesktop.NetworkManager.Device.Modem"/>
-
+ send_interface="org.freedesktop.NetworkManager.Device.Bluetooth"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Device.Wired"/>
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.Device.Generic"/>
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.Device.Gre"/>
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.Device.Infiniband"/>
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.Device.Macvlan"/>
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.Device.Modem"/>
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.Device.OlpcMesh"/>
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.Device.Team"/>
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.Device.Tun"/>
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.Device.Veth"/>
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.Device.Vlan"/>
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.WiMax.Nsp"/>
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.AccessPoint"/>
+ <!-- Devices (read-only, no security required) -->
<allow send_destination="org.freedesktop.NetworkManager"
- send_interface="org.freedesktop.NetworkManager.Device.Serial"/>
+ send_interface="org.freedesktop.NetworkManager.Device.WiMax"/>
+ <!-- Devices (read/write, secured with PolicyKit) -->
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Device.Wireless"/>
-
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Device"/>
+ <!-- Core stuff (read-only properties, no methods) -->
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.Connection.Active"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.DHCP4Config"/>
-
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.DHCP6Config"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.IP4Config"/>
-
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.IP6Config"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.VPN.Connection"/>
+ <!-- Core stuff (read/write, secured with PolicyKit) -->
<allow send_destination="org.freedesktop.NetworkManager"
- send_interface="org.freedesktop.NetworkManager.AgentManager"/>
-
- <deny send_destination="org.freedesktop.NetworkManager"
- send_interface="org.freedesktop.NetworkManager"
- send_member="SetLogging"/>
-
- <deny send_destination="org.freedesktop.NetworkManager"
- send_interface="org.freedesktop.NetworkManager"
- send_member="Sleep"/>
-
- <deny send_destination="org.freedesktop.NetworkManager"
- send_interface="org.freedesktop.NetworkManager"
- send_member="sleep"/>
-
- <deny send_destination="org.freedesktop.NetworkManager"
- send_interface="org.freedesktop.NetworkManager"
- send_member="wake"/>
- </policy>
- <policy context="default">
- <deny own="org.freedesktop.NetworkManager"/>
-
- <deny send_destination="org.freedesktop.NetworkManager"/>
-
+ send_interface="org.freedesktop.NetworkManager"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Settings"/>
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.Settings.Connection"/>
+ <!-- Agents; secured with PolicyKit. Any process can talk to
+ the AgentManager API, but only NetworkManager can talk
+ to the agents themselves. -->
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.AgentManager"/>
-
- <deny send_destination="org.freedesktop.NetworkManager"
- send_interface="org.freedesktop.NetworkManager"
- send_member="SetLogging"/>
-
- <deny send_destination="org.freedesktop.NetworkManager"
- send_interface="org.freedesktop.NetworkManager"
- send_member="Sleep"/>
-
- <deny send_destination="org.freedesktop.NetworkManager"
- send_interface="org.freedesktop.NetworkManager"
- send_member="sleep"/>
-
- <deny send_destination="org.freedesktop.NetworkManager"
- send_interface="org.freedesktop.NetworkManager"
- send_member="wake"/>
+ <deny send_interface="org.freedesktop.NetworkManager.SecretAgent"/>
+
+ <!-- Root-only functions -->
+ <deny send_interface="org.freedesktop.NetworkManager" send_member="SetLogging"/>
+ <deny send_interface="org.freedesktop.NetworkManager" send_member="Sleep"/>
+ <deny send_interface="org.freedesktop.NetworkManager.Settings" send_member="LoadConnections"/>
+ <deny send_interface="org.freedesktop.NetworkManager.Settings" send_member="ReloadConnections"/>
+ <deny send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/>
+ <deny send_interface="org.freedesktop.NetworkManager.PPP"/>
</policy>
</busconfig>
diff --git a/src/settings/nm-settings.c b/src/settings/nm-settings.c
index 42c8b95f68..a9bb90599a 100644
--- a/src/settings/nm-settings.c
+++ b/src/settings/nm-settings.c
@@ -91,10 +91,10 @@ static gboolean impl_settings_list_connections (NMSettings *self,
GPtrArray **connections,
GError **error);
-static gboolean impl_settings_get_connection_by_uuid (NMSettings *self,
- const char *uuid,
- char **out_object_path,
- GError **error);
+static void impl_settings_get_connection_by_uuid (NMSettings *self,
+ const char *uuid,
+ char **out_object_path,
+ DBusGMethodInvocation *context);
static void impl_settings_add_connection (NMSettings *self,
GHashTable *settings,
@@ -268,25 +268,53 @@ nm_settings_get_connection_by_uuid (NMSettings *self, const char *uuid)
return NULL;
}
-static gboolean
+static void
impl_settings_get_connection_by_uuid (NMSettings *self,
const char *uuid,
char **out_object_path,
- GError **error)
+ DBusGMethodInvocation *context)
{
NMSettingsConnection *connection = NULL;
+ NMAuthSubject *subject;
+ GError *error = NULL;
+ char *error_desc = NULL;
connection = nm_settings_get_connection_by_uuid (self, uuid);
- if (connection)
- *out_object_path = g_strdup (nm_connection_get_path (NM_CONNECTION (connection)));
- else {
- g_set_error_literal (error,
- NM_SETTINGS_ERROR,
- NM_SETTINGS_ERROR_INVALID_CONNECTION,
- "No connection with the UUID was found.");
+ if (!connection) {
+ error = g_error_new_literal (NM_SETTINGS_ERROR,
+ NM_SETTINGS_ERROR_INVALID_CONNECTION,
+ "No connection with the UUID was found.");
+ goto error;
}
- return !!connection;
+ subject = nm_auth_subject_new_from_context (context);
+ if (!subject) {
+ error = g_error_new_literal (NM_SETTINGS_ERROR,
+ NM_SETTINGS_ERROR_PERMISSION_DENIED,
+ "Unable to determine UID of request.");
+ goto error;
+ }
+
+ if (!nm_auth_uid_in_acl (NM_CONNECTION (connection),
+ nm_session_monitor_get (),
+ nm_auth_subject_get_uid (subject),
+ &error_desc)) {
+ error = g_error_new_literal (NM_SETTINGS_ERROR,
+ NM_SETTINGS_ERROR_PERMISSION_DENIED,
+ error_desc);
+ g_free (error_desc);
+ goto error;
+ }
+
+ g_clear_object (&subject);
+ dbus_g_method_return (context, nm_connection_get_path (NM_CONNECTION (connection)));
+ return;
+
+error:
+ g_assert (error);
+ dbus_g_method_return_error (context, error);
+ g_error_free (error);
+ g_clear_object (&subject);
}
static int
View Lorry Controller Status