| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When doing nm_auth_chain_unref(), the code iterated over the ->calls and
cancelled them. However, some of these calls might not have passed on to
polkit_authority_check_authorization(), but instead being scheduled with
g_idle_add(). These calls have to be canceled too because the NMAuthChain
will already be destroyed when auth_call_complete() calls.
#0 0x00007f166efda359 in g_slist_remove () from /lib64/libglib-2.0.so.0
#1 0x00007f167311bcc1 in auth_call_complete ()
#2 0x00007f166efbde06 in g_main_context_dispatch ()
from /lib64/libglib-2.0.so.0
#3 0x00007f166efbe158 in g_main_context_iterate.isra.22 ()
from /lib64/libglib-2.0.so.0
#4 0x00007f166efbe55a in g_main_loop_run () from /lib64/libglib-2.0.so.0
#5 0x00007f16730d3c0d in main ()
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The cancellable is only needed when calling
polkit_authority_check_authorization(). AuthCall objects are either
passed on for cleanup to g_idle_add or to polkit. Not both at the same
time, so this also makes it clear, which type we have at hand.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
|
|
|
|
|
|
| |
Setting any variables of the struct before freeing it's memory is of no
use.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
|
|
|
|
|
|
| |
The name idle_id is used for two different cases, rename
the variable, so that it is easier to see what's going on.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
|
|
|
| |
No longer used by anything.
|
|
|
|
| |
The subject already contains all the information we need.
|
| |
|
|
|
|
|
| |
It's created very, very early and never needs to be unrefed
by anything except the main() function.
|
|
|
|
|
|
|
|
|
|
| |
nm_auth_chain_new()
Most callers of nm_auth_chain_new() call nm_dbus_manager_get_caller_info()
right before that, so just fold the get_caller_info() call into
nm_auth_chain_new() to reduce code complexity in callers. Yes, this
means sometimes we call nm_dbus_manager_get_caller_info() twice,
but that's not really a problem.
|
| |
|
|
|
|
|
|
|
|
| |
Normally, users which are not part of a login session can't access
connections. Root won't always be part of a login session, so
allow root to bypass visibility checks. The code already bypassed
the ACL checks for root, but in multiple places. Consolidate those
checks into one function.
|
|
|
|
| |
Functionality moved to NMDBusManager.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of doing something like
<get caller UID>
if (root) {
perform_operation()
other boilerplate stuff
return;
}
nm_auth_chain_new(perform_operation)
...
just have root also go through the auth chain, which is now
short circuited for root. This ensures we always use the same
code paths for root and non-root, and that fixes made in one path
are also executed for the other.
|
|
|
|
|
|
|
| |
The error is now pushed to things that request PK auth so that we don't
lose it, because we don't want to unconditionally log it from NM, but
still want things to know that their request couldn't be fulfilled
because PK wasn't running.
|
|
|
|
|
|
| |
Don't create a GError with a domain of 0, which causes a glib warning,
and make it clearer when we're early-finishing with an error and when
we're not.
|
|
|
|
|
|
| |
Leads to shorter, easier to read code and improves type casting safety.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
|
|
|
|
|
| |
New function for removing data from the auth chain without
destroying it.
|
|
|
|
|
| |
We'll need this later; just keep all registered callbacks
in a list and track them by func/data.
|
|
|
|
|
|
|
| |
If an error occurred, or PolicyKit is disabled, we don't want to
schedule two idle handlers to return the result of an authentication
request. We'll soon be queuing up multiple requests at the same
time so we don't want this to happen.
|
|
|
|
|
| |
Slash and burn the #ifdef jungle so that the flow and blocks are
cleaner and less confusing to follow.
|
| |
|
|
|
|
| |
When PK is turned off, everything is authorized.
|
|
|
|
|
|
| |
Use one global PolkitAuthority object; we only really need to use it
in one place anyway. So consolidate the code that uses polkit into
nm-manager-auth.c.
|
|
|
|
|
|
| |
Otherwise callers would have to do the work themselves to ensure that
the top 32 bits of the ulong didn't get chopped off on 32-bit
platorms.
|
| |
|
| |
|
|
|
|
|
|
| |
For checking whether a specific user ID is:
1) in a known session
2) allowed by the connection's permissions ACL
|
|
|
|
|
| |
For consistency with the next commit, so we don't need to remember
when to free the description or not.
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Since these were properties they are harder to validate the caller as
dbus-glib doesn't have any hooks before the property is set. So we
install a low-level dbus filter function to catch property Set
requests before they get to dbus-glib and handle the property access
there.
|
|/
|
|
|
|
| |
Remove all references to connection scope and user-settings services
from the various internal APIs of the daemon. The external DBus API
remains unchanged, albeit in stub form for scope stuff.
|
|
|
|
| |
Basically cleaned up is_user_request_authorized() from nm-manager.c.
|
|
|
|
|
| |
And if the permissions change, make sure we allow or deny user
settings connections as appropriate.
|
| |
|
| |
|
| |
|
| |
|
|
#619323)
|