</arg>
</method>
- <method name="GetPermissions">
- <tp:docstring>
- Returns a bitfield indicating certain operations the caller is permitted to perform. Some of these operations may require authorization by the user.
- </tp:docstring>
- <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_settings_get_permissions"/>
- <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
- <arg name="permissions" type="u" direction="out" tp:type="NM_SETTINGS_PERMISSIONS">
- <tp:docstring>
- A bitfield of permitted operations. Some of these operations may require the user to authorize via password entry or other means.
- </tp:docstring>
- </arg>
- </method>
-
<property name="Hostname" type="s" access="read">
<tp:docstring>
The machine hostname stored in persistent configuration.
</arg>
</signal>
- <signal name="CheckPermissions">
- <tp:docstring>
- Emitted when system authorization details change, indicating that clients may wish to recheck permissions with GetPermissions.
- </tp:docstring>
- </signal>
-
<signal name="NewConnection">
<tp:docstring>
Emitted when a new connection has been added.
</arg>
</signal>
- <tp:flags name="NM_SETTINGS_PERMISSIONS" value-prefix="NM_SETTINGS_PERMISSION" type="u">
- <tp:flag suffix="NONE" value="0x0">
- <tp:docstring>No permissions.</tp:docstring>
- </tp:flag>
- <tp:flag suffix="CONNECTION_MODIFY" value="0x1">
- <tp:docstring>Can modify/add/delete connections.</tp:docstring>
- </tp:flag>
- <tp:flag suffix="WIFI_SHARING_PROTECTED" value="0x2">
- <tp:docstring>Can share connections via a encrypted user-created WiFi network.</tp:docstring>
- </tp:flag>
- <tp:flag suffix="WIFI_SHARING_OPEN" value="0x4">
- <tp:docstring>Can share connections via a open/unencrypted user-created WiFi network.</tp:docstring>
- </tp:flag>
- <tp:flag suffix="HOSTNAME_MODIFY" value="0x8">
- <tp:docstring>Can modify the persistent system hostname.</tp:docstring>
- </tp:flag>
- </tp:flags>
-
</interface>
</node>
property_changed_info);
}
-#define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network"
-#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI "org.freedesktop.NetworkManager.enable-disable-wifi"
-#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN "org.freedesktop.NetworkManager.enable-disable-wwan"
+#define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network"
+#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI "org.freedesktop.NetworkManager.enable-disable-wifi"
+#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN "org.freedesktop.NetworkManager.enable-disable-wwan"
+#define NM_AUTH_PERMISSION_SLEEP_WAKE "org.freedesktop.NetworkManager.sleep-wake"
+#define NM_AUTH_PERMISSION_NETWORK_CONTROL "org.freedesktop.NetworkManager.network-control"
+#define NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED "org.freedesktop.NetworkManager.wifi.share.protected"
+#define NM_AUTH_PERMISSION_WIFI_SHARE_OPEN "org.freedesktop.NetworkManager.wifi.share.open"
+#define NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY "org.freedesktop.NetworkManager.settings.modify"
+#define NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY "org.freedesktop.NetworkManager.settings.hostname.modify"
static NMClientPermission
nm_permission_to_client (const char *nm)
return NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIFI;
else if (!strcmp (nm, NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN))
return NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN;
+ else if (!strcmp (nm, NM_AUTH_PERMISSION_SLEEP_WAKE))
+ return NM_CLIENT_PERMISSION_SLEEP_WAKE;
+ else if (!strcmp (nm, NM_AUTH_PERMISSION_NETWORK_CONTROL))
+ return NM_CLIENT_PERMISSION_NETWORK_CONTROL;
+ else if (!strcmp (nm, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED))
+ return NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED;
+ else if (!strcmp (nm, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN))
+ return NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN;
+ else if (!strcmp (nm, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY))
+ return NM_CLIENT_PERMISSION_SETTINGS_CONNECTION_MODIFY;
+ else if (!strcmp (nm, NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY))
+ return NM_CLIENT_PERMISSION_SETTINGS_HOSTNAME_MODIFY;
+
return NM_CLIENT_PERMISSION_NONE;
}
get_permissions_sync (NM_CLIENT (object));
priv->bus_proxy = dbus_g_proxy_new_for_name (connection,
- "org.freedesktop.DBus",
- "/org/freedesktop/DBus",
- "org.freedesktop.DBus");
+ DBUS_SERVICE_DBUS,
+ DBUS_PATH_DBUS,
+ DBUS_INTERFACE_DBUS);
dbus_g_proxy_add_signal (priv->bus_proxy, "NameOwnerChanged",
G_TYPE_STRING, G_TYPE_STRING, G_TYPE_STRING,
NM_CLIENT_PERMISSION_ENABLE_DISABLE_NETWORK = 1,
NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIFI = 2,
NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN = 3,
-
- NM_CLIENT_PERMISSION_LAST = NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN
+ NM_CLIENT_PERMISSION_SLEEP_WAKE = 4,
+ NM_CLIENT_PERMISSION_NETWORK_CONTROL = 5,
+ NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED = 6,
+ NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN = 7,
+ NM_CLIENT_PERMISSION_SETTINGS_CONNECTION_MODIFY = 8,
+ NM_CLIENT_PERMISSION_SETTINGS_HOSTNAME_MODIFY = 9,
+
+ NM_CLIENT_PERMISSION_LAST = NM_CLIENT_PERMISSION_SETTINGS_HOSTNAME_MODIFY
} NMClientPermission;
typedef enum {
gboolean service_running;
DBusGProxy *props_proxy;
- NMSettingsPermissions permissions;
- gboolean have_permissions;
char *hostname;
gboolean can_modify;
enum {
NEW_CONNECTION,
CONNECTIONS_READ,
- CHECK_PERMISSIONS,
LAST_SIGNAL
};
return TRUE;
}
-typedef struct {
- NMRemoteSettings *settings;
- NMRemoteSettingsGetPermissionsFunc callback;
- gpointer callback_data;
-} GetPermissionsInfo;
-
-static void
-get_permissions_cb (DBusGProxy *proxy,
- DBusGProxyCall *call,
- gpointer user_data)
-{
- GetPermissionsInfo *info = user_data;
- NMRemoteSettings *self = NM_REMOTE_SETTINGS (info->settings);
- NMRemoteSettingsPrivate *priv = NM_REMOTE_SETTINGS_GET_PRIVATE (self);
- NMSettingsPermissions permissions = NM_SETTINGS_PERMISSION_NONE;
- GError *error = NULL;
-
- dbus_g_proxy_end_call (proxy, call, &error,
- G_TYPE_UINT, &permissions,
- G_TYPE_INVALID);
- priv->permissions = permissions;
- priv->have_permissions = !error;
- info->callback (info->settings, permissions, error, info->callback_data);
- g_clear_error (&error);
-}
-
-/**
- * nm_remote_settings_get_permissions:
- * @settings: the %NMRemoteSettings
- * @callback: callback to be called when the permissions operation completes
- * @user_data: caller-specific data passed to @callback
- *
- * Requests an indication of the operations the caller is permitted to perform
- * including those that may require authorization.
- *
- * Returns: TRUE if the request was successful, FALSE if it failed
- **/
-gboolean
-nm_remote_settings_get_permissions (NMRemoteSettings *settings,
- NMRemoteSettingsGetPermissionsFunc callback,
- gpointer user_data)
-{
- NMRemoteSettingsPrivate *priv;
- GetPermissionsInfo *info;
-
- g_return_val_if_fail (settings != NULL, FALSE);
- g_return_val_if_fail (NM_IS_REMOTE_SETTINGS (settings), FALSE);
- g_return_val_if_fail (callback != NULL, FALSE);
-
- priv = NM_REMOTE_SETTINGS_GET_PRIVATE (settings);
-
- /* Skip D-Bus if we already have permissions */
- if (priv->have_permissions) {
- callback (settings, priv->permissions, NULL, user_data);
- return TRUE;
- }
-
- /* Otherwise fetch them from NM */
- info = g_malloc0 (sizeof (GetPermissionsInfo));
- info->settings = settings;
- info->callback = callback;
- info->callback_data = user_data;
-
- dbus_g_proxy_begin_call (priv->proxy, "GetPermissions",
- get_permissions_cb,
- info,
- g_free,
- G_TYPE_INVALID);
- return TRUE;
-}
-
static void
name_owner_changed (DBusGProxy *proxy,
const char *name,
}
}
-static void
-check_permissions_cb (DBusGProxy *proxy, gpointer user_data)
-{
- NMRemoteSettings *self = NM_REMOTE_SETTINGS (user_data);
- NMRemoteSettingsPrivate *priv = NM_REMOTE_SETTINGS_GET_PRIVATE (self);
-
- /* Permissions need to be re-fetched */
- priv->have_permissions = FALSE;
- g_signal_emit (self, signals[CHECK_PERMISSIONS], 0);
-}
-
static void
properties_changed_cb (DBusGProxy *proxy,
GHashTable *properties,
object,
NULL);
- /* Monitor for permissions changes */
- dbus_g_proxy_add_signal (priv->proxy, "CheckPermissions", G_TYPE_INVALID);
- dbus_g_proxy_connect_signal (priv->proxy, "CheckPermissions",
- G_CALLBACK (check_permissions_cb),
- object,
- NULL);
-
/* Get properties */
dbus_g_proxy_begin_call (priv->props_proxy, "GetAll",
get_all_cb,
NULL, NULL,
g_cclosure_marshal_VOID__VOID,
G_TYPE_NONE, 0);
-
- signals[CHECK_PERMISSIONS] =
- g_signal_new (NM_REMOTE_SETTINGS_CHECK_PERMISSIONS,
- G_OBJECT_CLASS_TYPE (object_class),
- G_SIGNAL_RUN_FIRST,
- G_STRUCT_OFFSET (NMRemoteSettingsClass, check_permissions),
- NULL, NULL,
- g_cclosure_marshal_VOID__VOID,
- G_TYPE_NONE, 0);
}
G_BEGIN_DECLS
-// FIXME this is temporary, permissions format to be improved
-typedef enum {
- NM_SETTINGS_PERMISSION_NONE = 0x0,
- NM_SETTINGS_PERMISSION_CONNECTION_MODIFY = 0x1,
- NM_SETTINGS_PERMISSION_WIFI_SHARE_PROTECTED = 0x2,
- NM_SETTINGS_PERMISSION_WIFI_SHARE_OPEN = 0x4,
- NM_SETTINGS_PERMISSION_HOSTNAME_MODIFY = 0x8
-} NMSettingsPermissions;
-
#define NM_TYPE_REMOTE_SETTINGS (nm_remote_settings_get_type ())
#define NM_REMOTE_SETTINGS(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_REMOTE_SETTINGS, NMRemoteSettings))
#define NM_REMOTE_SETTINGS_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_REMOTE_SETTINGS, NMRemoteSettingsClass))
#define NM_REMOTE_SETTINGS_NEW_CONNECTION "new-connection"
#define NM_REMOTE_SETTINGS_CONNECTIONS_READ "connections-read"
-#define NM_REMOTE_SETTINGS_CHECK_PERMISSIONS "check-permissions"
typedef struct _NMRemoteSettings NMRemoteSettings;
typedef struct _NMRemoteSettingsClass NMRemoteSettingsClass;
GError *error,
gpointer user_data);
-typedef void (*NMRemoteSettingsGetPermissionsFunc) (NMRemoteSettings *settings,
- NMSettingsPermissions permissions,
- GError *error,
- gpointer user_data);
-
struct _NMRemoteSettings {
GObject parent;
void (*connections_read) (NMRemoteSettings *settings);
- void (*check_permissions) (NMRemoteSettings *settings);
-
/* Padding for future expansion */
void (*_reserved1) (void);
void (*_reserved2) (void);
NMRemoteSettingsSaveHostnameFunc callback,
gpointer user_data);
-gboolean nm_remote_settings_get_permissions (NMRemoteSettings *settings,
- NMRemoteSettingsGetPermissionsFunc callback,
- gpointer user_data);
-
G_END_DECLS
#endif /* NM_REMOTE_SETTINGS_H */
</defaults>
</action>
- <action id="org.freedesktop.NetworkManager.settings.modify">
- <_description>Modify system connections</_description>
- <_message>System policy prevents modification of system settings</_message>
+ <action id="org.freedesktop.NetworkManager.wifi.share.protected">
+ <_description>Connection sharing via a protected WiFi network</_description>
+ <_message>System policy prevents sharing connections via a protected WiFi network</_message>
<defaults>
<allow_inactive>no</allow_inactive>
- <allow_active>auth_admin_keep</allow_active>
+ <allow_active>yes</allow_active>
</defaults>
</action>
- <action id="org.freedesktop.NetworkManager.settings.hostname.modify">
- <_description>Modify persistent system hostname</_description>
- <_message>System policy prevents modification of the persistent system hostname</_message>
+ <action id="org.freedesktop.NetworkManager.wifi.share.open">
+ <_description>Connection sharing via an open WiFi network</_description>
+ <_message>System policy prevents sharing connections via an open WiFi network</_message>
<defaults>
<allow_inactive>no</allow_inactive>
- <allow_active>auth_admin_keep</allow_active>
+ <allow_active>yes</allow_active>
</defaults>
</action>
- <action id="org.freedesktop.NetworkManager.settings.wifi.share.protected">
- <_description>Connection sharing via a protected WiFi network</_description>
- <_message>System policy prevents sharing connections via a protected WiFi network</_message>
+ <action id="org.freedesktop.NetworkManager.settings.modify">
+ <_description>Modify system connections</_description>
+ <_message>System policy prevents modification of system settings</_message>
<defaults>
<allow_inactive>no</allow_inactive>
- <allow_active>yes</allow_active>
+ <allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
- <action id="org.freedesktop.NetworkManager.settings.wifi.share.open">
- <_description>Connection sharing via an open WiFi network</_description>
- <_message>System policy prevents sharing connections via an open WiFi network</_message>
+ <action id="org.freedesktop.NetworkManager.settings.hostname.modify">
+ <_description>Modify persistent system hostname</_description>
+ <_message>System policy prevents modification of the persistent system hostname</_message>
<defaults>
<allow_inactive>no</allow_inactive>
- <allow_active>yes</allow_active>
+ <allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
#include "nm-dbus-manager.h"
-#define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network"
-#define NM_AUTH_PERMISSION_SLEEP_WAKE "org.freedesktop.NetworkManager.sleep-wake"
-#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI "org.freedesktop.NetworkManager.enable-disable-wifi"
-#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN "org.freedesktop.NetworkManager.enable-disable-wwan"
-#define NM_AUTH_PERMISSION_NETWORK_CONTROL "org.freedesktop.NetworkManager.network-control"
+#define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network"
+#define NM_AUTH_PERMISSION_SLEEP_WAKE "org.freedesktop.NetworkManager.sleep-wake"
+#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI "org.freedesktop.NetworkManager.enable-disable-wifi"
+#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN "org.freedesktop.NetworkManager.enable-disable-wwan"
+#define NM_AUTH_PERMISSION_NETWORK_CONTROL "org.freedesktop.NetworkManager.network-control"
+#define NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED "org.freedesktop.NetworkManager.wifi.share.protected"
+#define NM_AUTH_PERMISSION_WIFI_SHARE_OPEN "org.freedesktop.NetworkManager.wifi.share.open"
+#define NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY "org.freedesktop.NetworkManager.settings.modify"
+#define NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY "org.freedesktop.NetworkManager.settings.hostname.modify"
typedef struct NMAuthChain NMAuthChain;
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI);
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN);
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_NETWORK_CONTROL);
+ get_perm_add_result (chain, results, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED);
+ get_perm_add_result (chain, results, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN);
+ get_perm_add_result (chain, results, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY);
+ get_perm_add_result (chain, results, NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY);
dbus_g_method_return (context, results);
g_hash_table_destroy (results);
}
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI, FALSE);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN, FALSE);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_NETWORK_CONTROL, FALSE);
+ nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED, FALSE);
+ nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN, FALSE);
+ nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY, FALSE);
+ nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY, FALSE);
}
/* Legacy 0.6 compatibility interface */
#include <config.h>
#include <polkit/polkit.h>
-#define NM_SYSCONFIG_POLICY_ACTION_CONNECTION_MODIFY "org.freedesktop.NetworkManager.settings.modify"
-#define NM_SYSCONFIG_POLICY_ACTION_WIFI_SHARE_PROTECTED "org.freedesktop.NetworkManager.settings.wifi.share.protected"
-#define NM_SYSCONFIG_POLICY_ACTION_WIFI_SHARE_OPEN "org.freedesktop.NetworkManager.settings.wifi.share.open"
-#define NM_SYSCONFIG_POLICY_ACTION_HOSTNAME_MODIFY "org.freedesktop.NetworkManager.settings.hostname.modify"
-
/* Fix for polkit 0.97 and later */
#if !HAVE_POLKIT_AUTHORITY_GET_SYNC
static inline PolkitAuthority *
#include "nm-dbus-glib-types.h"
#include "nm-polkit-helpers.h"
#include "nm-logging.h"
+#include "nm-manager-auth.h"
static void impl_sysconfig_connection_get_settings (NMSysconfigConnection *connection,
DBusGMethodInvocation *context);
g_free (sender);
polkit_authority_check_authorization (priv->authority,
- info->subject,
- NM_SYSCONFIG_POLICY_ACTION_CONNECTION_MODIFY,
- NULL,
- POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
- info->cancellable,
- auth_pk_cb,
- info);
+ info->subject,
+ NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY,
+ NULL,
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
+ info->cancellable,
+ auth_pk_cb,
+ info);
}
}
#include "nm-default-wired-connection.h"
#include "nm-logging.h"
#include "nm-dbus-manager.h"
+#include "nm-manager-auth.h"
#define CONFIG_KEY_NO_AUTO_DEFAULT "no-auto-default"
const char *hostname,
DBusGMethodInvocation *context);
-static void impl_settings_get_permissions (NMSysconfigSettings *self,
- DBusGMethodInvocation *context);
-
#include "nm-settings-glue.h"
static void unmanaged_specs_changed (NMSystemConfigInterface *config, gpointer user_data);
char *config_file;
GSList *pk_calls;
- GSList *permissions_calls;
GSList *plugins;
gboolean connections_loaded;
enum {
PROPERTIES_CHANGED,
NEW_CONNECTION,
- CHECK_PERMISSIONS,
LAST_SIGNAL
};
gpointer callback_data;
char *hostname;
-
- NMSettingsPermissions permissions;
- guint32 permissions_calls;
} PolkitCall;
#include "nm-dbus-manager.h"
g_assert (call);
polkit_authority_check_authorization (priv->authority,
call->subject,
- NM_SYSCONFIG_POLICY_ACTION_CONNECTION_MODIFY,
+ NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY,
NULL,
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
call->cancellable,
g_assert (call);
polkit_authority_check_authorization (priv->authority,
call->subject,
- NM_SYSCONFIG_POLICY_ACTION_HOSTNAME_MODIFY,
+ NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY,
NULL,
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
call->cancellable,
priv->pk_calls = g_slist_append (priv->pk_calls, call);
}
-static void
-pk_authority_changed_cb (GObject *object, gpointer user_data)
-{
- /* Let clients know they should re-check their authorization */
- g_signal_emit (NM_SYSCONFIG_SETTINGS (user_data), signals[CHECK_PERMISSIONS], 0);
-}
-
-typedef struct {
- PolkitCall *pk_call;
- const char *pk_action;
- GCancellable *cancellable;
- NMSettingsPermissions permission;
- gboolean disposed;
-} PermissionsCall;
-
-static void
-permission_call_done (GObject *object, GAsyncResult *result, gpointer user_data)
-{
- PermissionsCall *call = user_data;
- PolkitCall *pk_call = call->pk_call;
- NMSysconfigSettings *self = pk_call->self;
- NMSysconfigSettingsPrivate *priv;
- PolkitAuthorizationResult *pk_result;
- GError *error = NULL;
-
- /* If NMSysconfigSettings is gone, just skip to the end */
- if (call->disposed)
- goto done;
-
- priv = NM_SYSCONFIG_SETTINGS_GET_PRIVATE (self);
-
- priv->permissions_calls = g_slist_remove (priv->permissions_calls, call);
-
- pk_result = polkit_authority_check_authorization_finish (priv->authority,
- result,
- &error);
- /* Some random error happened */
- if (error) {
- nm_log_err (LOGD_SYS_SET, "error checking '%s' permission: (%d) %s",
- __FILE__, __LINE__, __func__,
- call->pk_action,
- error ? error->code : -1,
- error && error->message ? error->message : "(unknown)");
- if (error)
- g_error_free (error);
- } else {
- /* If the caller is authorized, or the caller could authorize via a
- * challenge, then authorization is possible. Otherwise, caller is out of
- * luck.
- */
- if ( polkit_authorization_result_get_is_authorized (pk_result)
- || polkit_authorization_result_get_is_challenge (pk_result))
- pk_call->permissions |= call->permission;
- }
-
- g_object_unref (pk_result);
-
-done:
- pk_call->permissions_calls--;
- if (pk_call->permissions_calls == 0) {
- if (call->disposed) {
- error = g_error_new_literal (NM_SYSCONFIG_SETTINGS_ERROR,
- NM_SYSCONFIG_SETTINGS_ERROR_GENERAL,
- "Request was canceled.");
- dbus_g_method_return_error (pk_call->context, error);
- g_error_free (error);
- } else {
- /* All the permissions calls are done, return the full permissions
- * bitfield back to the user.
- */
- dbus_g_method_return (pk_call->context, pk_call->permissions);
- }
-
- polkit_call_free (pk_call);
- }
- memset (call, 0, sizeof (PermissionsCall));
- g_free (call);
-}
-
-static void
-start_permission_check (NMSysconfigSettings *self,
- PolkitCall *pk_call,
- const char *pk_action,
- NMSettingsPermissions permission)
-{
- NMSysconfigSettingsPrivate *priv = NM_SYSCONFIG_SETTINGS_GET_PRIVATE (self);
- PermissionsCall *call;
-
- g_return_if_fail (pk_call != NULL);
- g_return_if_fail (pk_action != NULL);
- g_return_if_fail (permission != NM_SETTINGS_PERMISSION_NONE);
-
- call = g_malloc0 (sizeof (PermissionsCall));
- call->pk_call = pk_call;
- call->pk_action = pk_action;
- call->permission = permission;
- call->cancellable = g_cancellable_new ();
-
- pk_call->permissions_calls++;
-
- polkit_authority_check_authorization (priv->authority,
- pk_call->subject,
- pk_action,
- NULL,
- 0,
- call->cancellable,
- permission_call_done,
- call);
- priv->permissions_calls = g_slist_append (priv->permissions_calls, call);
-}
-
-static void
-impl_settings_get_permissions (NMSysconfigSettings *self,
- DBusGMethodInvocation *context)
-{
- PolkitCall *call;
-
- call = polkit_call_new (self, context, NULL, FALSE);
- g_assert (call);
-
- /* Start checks for the various permissions */
-
- /* Only check for connection-modify if one of our plugins supports it. */
- if (get_plugin (self, NM_SYSTEM_CONFIG_INTERFACE_CAP_MODIFY_CONNECTIONS)) {
- start_permission_check (self, call,
- NM_SYSCONFIG_POLICY_ACTION_CONNECTION_MODIFY,
- NM_SETTINGS_PERMISSION_CONNECTION_MODIFY);
- }
-
- /* Only check for hostname-modify if one of our plugins supports it. */
- if (get_plugin (self, NM_SYSTEM_CONFIG_INTERFACE_CAP_MODIFY_HOSTNAME)) {
- start_permission_check (self, call,
- NM_SYSCONFIG_POLICY_ACTION_HOSTNAME_MODIFY,
- NM_SETTINGS_PERMISSION_HOSTNAME_MODIFY);
- }
-
- // FIXME: hook these into plugin permissions like the modify permissions */
- start_permission_check (self, call,
- NM_SYSCONFIG_POLICY_ACTION_WIFI_SHARE_OPEN,
- NM_SETTINGS_PERMISSION_WIFI_SHARE_OPEN);
- start_permission_check (self, call,
- NM_SYSCONFIG_POLICY_ACTION_WIFI_SHARE_PROTECTED,
- NM_SETTINGS_PERMISSION_WIFI_SHARE_PROTECTED);
-}
-
static gboolean
have_connection_for_device (NMSysconfigSettings *self, GByteArray *mac)
{
g_slist_free (priv->pk_calls);
priv->pk_calls = NULL;
- /* Cancel PolicyKit permissions requests */
- for (iter = priv->permissions_calls; iter; iter = g_slist_next (iter)) {
- PermissionsCall *call = iter->data;
-
- call->disposed = TRUE;
- g_cancellable_cancel (call->cancellable);
- }
- g_slist_free (priv->permissions_calls);
- priv->permissions_calls = NULL;
-
G_OBJECT_CLASS (nm_sysconfig_settings_parent_class)->dispose (object);
}
g_cclosure_marshal_VOID__OBJECT,
G_TYPE_NONE, 1, G_TYPE_OBJECT);
- signals[CHECK_PERMISSIONS] =
- g_signal_new (NM_SYSCONFIG_SETTINGS_CHECK_PERMISSIONS,
- G_OBJECT_CLASS_TYPE (object_class),
- G_SIGNAL_RUN_FIRST,
- 0,
- NULL, NULL,
- g_cclosure_marshal_VOID__VOID,
- G_TYPE_NONE, 0);
-
dbus_g_error_domain_register (NM_SYSCONFIG_SETTINGS_ERROR,
NM_DBUS_IFACE_SETTINGS,
NM_TYPE_SYSCONFIG_SETTINGS_ERROR);
priv->all_connections = g_hash_table_new_full (g_direct_hash, g_direct_equal, g_object_unref, NULL);
priv->authority = polkit_authority_get_sync (NULL, &error);
- if (priv->authority) {
- priv->auth_changed_id = g_signal_connect (priv->authority,
- "changed",
- G_CALLBACK (pk_authority_changed_cb),
- self);
- } else {
+ if (!priv->authority) {
nm_log_warn (LOGD_SYS_SET, "failed to create PolicyKit authority: (%d) %s",
error ? error->code : -1,
error && error->message ? error->message : "(unknown)");
#include "nm-system-config-interface.h"
#include "nm-device.h"
-// FIXME this is temporary, permissions format to be improved
-typedef enum {
- NM_SETTINGS_PERMISSION_NONE = 0x0,
- NM_SETTINGS_PERMISSION_CONNECTION_MODIFY = 0x1,
- NM_SETTINGS_PERMISSION_WIFI_SHARE_PROTECTED = 0x2,
- NM_SETTINGS_PERMISSION_WIFI_SHARE_OPEN = 0x4,
- NM_SETTINGS_PERMISSION_HOSTNAME_MODIFY = 0x8
-} NMSettingsPermissions;
-
#define NM_TYPE_SYSCONFIG_SETTINGS (nm_sysconfig_settings_get_type ())
#define NM_SYSCONFIG_SETTINGS(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_SYSCONFIG_SETTINGS, NMSysconfigSettings))
#define NM_SYSCONFIG_SETTINGS_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_SYSCONFIG_SETTINGS, NMSysconfigSettingsClass))
#define NM_SYSCONFIG_SETTINGS_CAN_MODIFY "can-modify"
#define NM_SYSCONFIG_SETTINGS_NEW_CONNECTION "new-connection"
-#define NM_SYSCONFIG_SETTINGS_CHECK_PERMISSIONS "check-permissions"
typedef struct {
GObject parent_instance;