diff options
author | Dan Williams <dcbw@redhat.com> | 2014-09-10 14:14:04 -0500 |
---|---|---|
committer | Dan Williams <dcbw@redhat.com> | 2014-09-10 14:23:20 -0500 |
commit | 8fc10da2528bc361933e11ee3e70e7964e38e27f (patch) | |
tree | b55068465c910f1917ea6030c051cbd11e0c8211 | |
parent | 9ce5244b73fd822b316d3619dc5c9ed0c12bcaf0 (diff) | |
download | NetworkManager-th/bgo734146_polkit-1.tar.gz |
fixup! auth: rework polkit autorization to use DBUS interface directlyth/bgo734146_polkit-1
-rw-r--r-- | src/nm-auth-subject.c | 159 | ||||
-rw-r--r-- | src/nm-auth-subject.h | 10 |
2 files changed, 67 insertions, 102 deletions
diff --git a/src/nm-auth-subject.c b/src/nm-auth-subject.c index 737519f7ac..27a0767ebf 100644 --- a/src/nm-auth-subject.c +++ b/src/nm-auth-subject.c @@ -26,28 +26,21 @@ * makes requests, like process identifier and user UID. */ -#include "nm-auth-subject.h" - #include <string.h> #include <stdlib.h> #include <gio/gio.h> #include "nm-dbus-manager.h" +#include "nm-auth-subject.h" +#include "nm-enum-types.h" G_DEFINE_TYPE (NMAuthSubject, nm_auth_subject, G_TYPE_OBJECT) #define NM_AUTH_SUBJECT_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_AUTH_SUBJECT, NMAuthSubjectPrivate)) -typedef enum { - SUBJECT_TYPE_INVALID = 0, - SUBJECT_TYPE_INTERNAL = 0x1, - SUBJECT_TYPE_UNIX_PROCESS = 0x2, -} SubjectType; - enum { PROP_0, - PROP_IS_INTERNAL, - PROP_IS_UNIX_PROCESS, + PROP_SUBJECT_TYPE, PROP_UNIX_PROCESS_DBUS_SENDER, PROP_UNIX_PROCESS_PID, PROP_UID, @@ -56,7 +49,7 @@ enum { }; typedef struct { - SubjectType subject_type; + NMAuthSubjectType subject_type; struct { gulong pid; gulong uid; @@ -125,30 +118,33 @@ get_start_time_for_pid (pid_t pid) /**************************************************************/ -#define CHECK_SUBJECT(self, expected_subject_type, error_value) \ - NMAuthSubjectPrivate *priv; \ - g_return_val_if_fail (NM_IS_AUTH_SUBJECT (self), error_value); \ - priv = NM_AUTH_SUBJECT_GET_PRIVATE (self); \ - g_return_val_if_fail ((expected_subject_type) == SUBJECT_TYPE_INVALID || priv->subject_type == (expected_subject_type), error_value); +#define CHECK_SUBJECT(self, type_func, error_value) \ + NMAuthSubjectPrivate *priv; \ + g_return_val_if_fail (NM_IS_AUTH_SUBJECT (self), error_value); \ + priv = NM_AUTH_SUBJECT_GET_PRIVATE (self); \ + g_return_val_if_fail (nm_auth_subject_is_##type_func (self), error_value); const char * nm_auth_subject_to_string (NMAuthSubject *self, char *buf, gsize buf_len) { - CHECK_SUBJECT (self, SUBJECT_TYPE_INVALID, NULL); + NMAuthSubjectPrivate *priv; + + g_return_val_if_fail (NM_IS_AUTH_SUBJECT (self), NULL); + priv = NM_AUTH_SUBJECT_GET_PRIVATE (self); switch (priv->subject_type) { - case SUBJECT_TYPE_UNIX_PROCESS: + case NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS: g_snprintf (buf, buf_len, "unix-process[pid=%lu, uid=%lu, start=%llu", (long unsigned) priv->unix_process.pid, (long unsigned) priv->unix_process.uid, (long long unsigned) priv->unix_process.start_time); break; - case SUBJECT_TYPE_INTERNAL: + case NM_AUTH_SUBJECT_TYPE_INTERNAL: g_strlcat (buf, "internal", buf_len); break; default: g_strlcat (buf, "invalid", buf_len); - break; + g_assert_not_reached (); } return buf; } @@ -162,7 +158,7 @@ nm_auth_subject_unix_process_to_polkit_gvariant (NMAuthSubject *self) GVariantBuilder builder; GVariant *dict; GVariant *ret; - CHECK_SUBJECT (self, SUBJECT_TYPE_UNIX_PROCESS, NULL); + CHECK_SUBJECT (self, unix_process, NULL); g_variant_builder_init (&builder, G_VARIANT_TYPE ("a{sv}")); g_variant_builder_add (&builder, "{sv}", "pid", @@ -181,23 +177,23 @@ nm_auth_subject_unix_process_to_polkit_gvariant (NMAuthSubject *self) gboolean nm_auth_subject_is_internal (NMAuthSubject *subject) { - CHECK_SUBJECT (subject, SUBJECT_TYPE_INVALID, FALSE); + g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), FALSE); - return priv->subject_type == SUBJECT_TYPE_INTERNAL; + return NM_AUTH_SUBJECT_GET_PRIVATE (subject)->subject_type == NM_AUTH_SUBJECT_TYPE_INTERNAL; } gboolean nm_auth_subject_is_unix_process (NMAuthSubject *subject) { - CHECK_SUBJECT (subject, SUBJECT_TYPE_INVALID, FALSE); + g_return_val_if_fail (NM_IS_AUTH_SUBJECT (subject), FALSE); - return priv->subject_type == SUBJECT_TYPE_UNIX_PROCESS; + return NM_AUTH_SUBJECT_GET_PRIVATE (subject)->subject_type == NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS; } gulong nm_auth_subject_get_unix_process_pid (NMAuthSubject *subject) { - CHECK_SUBJECT (subject, SUBJECT_TYPE_UNIX_PROCESS, G_MAXULONG); + CHECK_SUBJECT (subject, unix_process, G_MAXULONG); return priv->unix_process.pid; } @@ -205,7 +201,7 @@ nm_auth_subject_get_unix_process_pid (NMAuthSubject *subject) gulong nm_auth_subject_get_unix_process_uid (NMAuthSubject *subject) { - CHECK_SUBJECT (subject, SUBJECT_TYPE_UNIX_PROCESS, G_MAXULONG); + CHECK_SUBJECT (subject, unix_process, G_MAXULONG); return priv->unix_process.uid; } @@ -213,7 +209,7 @@ nm_auth_subject_get_unix_process_uid (NMAuthSubject *subject) const char * nm_auth_subject_get_unix_process_dbus_sender (NMAuthSubject *subject) { - CHECK_SUBJECT (subject, SUBJECT_TYPE_UNIX_PROCESS, NULL); + CHECK_SUBJECT (subject, unix_process, NULL); return priv->unix_process.dbus_sender; } @@ -226,7 +222,7 @@ _new_unix_process (DBusGMethodInvocation *context, DBusMessage *message) { NMAuthSubject *self; - gboolean success; + gboolean success = FALSE; gulong pid = 0, uid = 0; char *dbus_sender = NULL; @@ -259,18 +255,17 @@ _new_unix_process (DBusGMethodInvocation *context, g_return_val_if_fail (pid > 0 && pid <= MIN (G_MAXINT, G_MAXINT32), NULL); self = NM_AUTH_SUBJECT (g_object_new (NM_TYPE_AUTH_SUBJECT, - NM_AUTH_SUBJECT_IS_UNIX_PROCESS, (gboolean) TRUE, + NM_AUTH_SUBJECT_SUBJECT_TYPE, NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS, NM_AUTH_SUBJECT_UNIX_PROCESS_DBUS_SENDER, dbus_sender, NM_AUTH_SUBJECT_UNIX_PROCESS_PID, (gulong) pid, NM_AUTH_SUBJECT_UID, (gulong) uid, NULL)); - if (NM_AUTH_SUBJECT_GET_PRIVATE (self)->subject_type != SUBJECT_TYPE_UNIX_PROCESS) { + if (!nm_auth_subject_is_unix_process (self)) { /* this most likely happened because the process is gone (start_time==0). * Either that is not assert-worthy, or constructed() already asserted. * Just return NULL. */ - g_object_unref (self); - return NULL; + g_clear_object (&self); } return self; } @@ -298,9 +293,15 @@ nm_auth_subject_new_unix_process_from_message (DBusConnection *connection, NMAuthSubject * nm_auth_subject_new_internal (void) { - return NM_AUTH_SUBJECT (g_object_new (NM_TYPE_AUTH_SUBJECT, - NM_AUTH_SUBJECT_IS_INTERNAL, (gboolean) TRUE, + NMAuthSubject *self; + + self = NM_AUTH_SUBJECT (g_object_new (NM_TYPE_AUTH_SUBJECT, + NM_AUTH_SUBJECT_SUBJECT_TYPE, NM_AUTH_SUBJECT_TYPE_INTERNAL, NULL)); + if (!nm_auth_subject_is_internal (self)) + g_clear_object (&self); + + return self; } /**************************************************************/ @@ -312,12 +313,8 @@ get_property (GObject *object, guint prop_id, GValue *value, GParamSpec *pspec) switch (prop_id) { - case PROP_IS_INTERNAL: - g_value_set_boolean (value, priv->subject_type == SUBJECT_TYPE_INTERNAL); - break; - - case PROP_IS_UNIX_PROCESS: - g_value_set_boolean (value, priv->subject_type == SUBJECT_TYPE_UNIX_PROCESS); + case PROP_SUBJECT_TYPE: + g_value_set_enum (value, priv->subject_type); break; case PROP_UNIX_PROCESS_DBUS_SENDER: g_value_set_string (value, priv->unix_process.dbus_sender); @@ -339,52 +336,23 @@ static void set_property (GObject *object, guint prop_id, const GValue *value, GParamSpec *pspec) { NMAuthSubjectPrivate *priv = NM_AUTH_SUBJECT_GET_PRIVATE (object); - const char *str; - gulong id; + NMAuthSubjectType subject_type; /* all properties are construct-only */ switch (prop_id) { - - case PROP_IS_INTERNAL: - if (g_value_get_boolean (value)) { - priv->subject_type |= SUBJECT_TYPE_INTERNAL; - g_return_if_fail (priv->subject_type == SUBJECT_TYPE_INTERNAL); - } - break; - - case PROP_IS_UNIX_PROCESS: - if (g_value_get_boolean (value)) { - priv->subject_type |= SUBJECT_TYPE_UNIX_PROCESS; - g_return_if_fail (priv->subject_type == SUBJECT_TYPE_UNIX_PROCESS); - } + case PROP_SUBJECT_TYPE: + subject_type = g_value_get_enum (value); + g_return_if_fail (subject_type > NM_AUTH_SUBJECT_TYPE_INVALID); + priv->subject_type = subject_type; break; case PROP_UNIX_PROCESS_DBUS_SENDER: - if ((str = g_value_get_string (value))) { - priv->subject_type |= SUBJECT_TYPE_UNIX_PROCESS; - if (priv->subject_type == SUBJECT_TYPE_UNIX_PROCESS) - priv->unix_process.dbus_sender = g_strdup (str); - else - g_return_if_reached (); - } + priv->unix_process.dbus_sender = g_value_dup_string (value); break; case PROP_UNIX_PROCESS_PID: - if ((id = g_value_get_ulong (value)) != G_MAXULONG) { - priv->subject_type |= SUBJECT_TYPE_UNIX_PROCESS; - if (priv->subject_type == SUBJECT_TYPE_UNIX_PROCESS) - priv->unix_process.pid = id; - else - g_return_if_reached (); - } + priv->unix_process.pid = g_value_get_ulong (value); break; - case PROP_UID: - if ((id = g_value_get_ulong (value)) != G_MAXULONG) { - priv->subject_type |= SUBJECT_TYPE_UNIX_PROCESS; - if (priv->subject_type == SUBJECT_TYPE_UNIX_PROCESS) - priv->unix_process.uid = id; - else - g_return_if_reached (); - } + priv->unix_process.uid = g_value_get_ulong (value); break; default: @@ -396,7 +364,7 @@ set_property (GObject *object, guint prop_id, const GValue *value, GParamSpec *p static void _clear_private (NMAuthSubjectPrivate *priv) { - priv->subject_type = SUBJECT_TYPE_INVALID; + priv->subject_type = NM_AUTH_SUBJECT_TYPE_INVALID; priv->unix_process.pid = G_MAXULONG; priv->unix_process.uid = G_MAXULONG; g_clear_pointer (&priv->unix_process.dbus_sender, g_free); @@ -417,11 +385,13 @@ constructed (GObject *object) /* validate that the created instance. */ switch (priv->subject_type) { - case SUBJECT_TYPE_INTERNAL: + case NM_AUTH_SUBJECT_TYPE_INTERNAL: + g_warn_if_fail (priv->unix_process.pid == G_MAXULONG); priv->unix_process.pid = G_MAXULONG; - priv->unix_process.uid = 0; + g_warn_if_fail (priv->unix_process.uid == G_MAXULONG); + priv->unix_process.uid = 0; /* internal uses 'root' user */ return; - case SUBJECT_TYPE_UNIX_PROCESS: + case NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS: /* Ensure pid and uid to be representably be int32. * DBUS treats them as uint32, polkit library as gint. */ if (priv->unix_process.pid > MIN (G_MAXINT, G_MAXINT32)) @@ -442,7 +412,7 @@ constructed (GObject *object) } return; default: - break; + g_assert_not_reached (); } _clear_private (priv); @@ -472,23 +442,14 @@ nm_auth_subject_class_init (NMAuthSubjectClass *config_class) object_class->constructed = constructed; object_class->finalize = finalize; - - g_object_class_install_property - (object_class, PROP_IS_INTERNAL, - g_param_spec_boolean (NM_AUTH_SUBJECT_IS_INTERNAL, "", "", - FALSE, - G_PARAM_READWRITE | - G_PARAM_CONSTRUCT_ONLY | - G_PARAM_STATIC_STRINGS)); - - g_object_class_install_property - (object_class, PROP_IS_UNIX_PROCESS, - g_param_spec_boolean (NM_AUTH_SUBJECT_IS_UNIX_PROCESS, "", "", - FALSE, - G_PARAM_READWRITE | - G_PARAM_CONSTRUCT_ONLY | - G_PARAM_STATIC_STRINGS)); + (object_class, PROP_SUBJECT_TYPE, + g_param_spec_enum (NM_AUTH_SUBJECT_SUBJECT_TYPE, "", "", + NM_TYPE_AUTH_SUBJECT_TYPE, + NM_AUTH_SUBJECT_TYPE_INVALID, + G_PARAM_READWRITE | + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_STATIC_STRINGS)); g_object_class_install_property (object_class, PROP_UNIX_PROCESS_DBUS_SENDER, diff --git a/src/nm-auth-subject.h b/src/nm-auth-subject.h index 05aadda11b..687d39b35a 100644 --- a/src/nm-auth-subject.h +++ b/src/nm-auth-subject.h @@ -36,8 +36,13 @@ #define NM_IS_AUTH_SUBJECT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_AUTH_SUBJECT)) #define NM_AUTH_SUBJECT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_AUTH_SUBJECT, NMAuthSubjectClass)) -#define NM_AUTH_SUBJECT_IS_INTERNAL "is-internal" -#define NM_AUTH_SUBJECT_IS_UNIX_PROCESS "is-unix-process" +typedef enum { + NM_AUTH_SUBJECT_TYPE_INVALID = 0, + NM_AUTH_SUBJECT_TYPE_INTERNAL = 1, + NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS = 2, +} NMAuthSubjectType; + +#define NM_AUTH_SUBJECT_SUBJECT_TYPE "subject-type" #define NM_AUTH_SUBJECT_UNIX_PROCESS_DBUS_SENDER "unix-process-dbus-sender" #define NM_AUTH_SUBJECT_UNIX_PROCESS_PID "unix-process-pid" #define NM_AUTH_SUBJECT_UID "uid" @@ -61,7 +66,6 @@ NMAuthSubject *nm_auth_subject_new_unix_process_from_message (DBusConnection *co gboolean nm_auth_subject_is_internal (NMAuthSubject *subject); - gboolean nm_auth_subject_is_unix_process (NMAuthSubject *subject); gulong nm_auth_subject_get_unix_process_pid (NMAuthSubject *subject); |