delta/NetworkManager.git/src/nm-auth-utils.h, branch th/fix-python-test gitlab.freedesktop.org: NetworkManager/NetworkManager.git all: SPDX header conversion 2019-09-10T09:19:56+00:00 Lubomir Rintel lkundrak@v3.sk 2019-09-10T09:19:01+00:00 24028a22467275671df71cc6a8054036b37d8f03 $ find * -type f |xargs perl contrib/scripts/spdx.pl $ git rm contrib/scripts/spdx.pl 
  $ find * -type f |xargs perl contrib/scripts/spdx.pl
  $ git rm contrib/scripts/spdx.pl
auth-chain: track auth-chains in embedded CList 2019-06-13T14:10:53+00:00 Thomas Haller thaller@redhat.com 2019-05-26T16:49:55+00:00 142c1215ee1b8423e7739175a0382a91924629c6 NMManager and NMSettings both may have multiple authorization requests ongoing. They need to keep track of them, at the very least to be able to cancel them on shutdown. Since NMAuthChain is not ref-countable, it always has only one clear user/owner. It makes little sense otherwise. Since most callers already want to track their NMAuthChain instances, let NMAuthChain help with that. Embed a "parent" CList field inside NMAuthChain. This avoids requiring an additional GSList allocation to track the element. Also, it allows to link and append an element without iterating the list. This ties the caller and the NMAuthChain a bit tighter together (making them less indepdendent). Generally that is not desirable. But here it seems the logic (of tracking the NMAuthChain) is still trivial and well separated. It's just that NMAuthChain instances now can be linked in a CList. 
NMManager and NMSettings both may have multiple authorization requests
ongoing. They need to keep track of them, at the very least to be able
to cancel them on shutdown.

Since NMAuthChain is not ref-countable, it always has only one clear
user/owner. It makes little sense otherwise. Since most callers already
want to track their NMAuthChain instances, let NMAuthChain help with that.

Embed a "parent" CList field inside NMAuthChain. This avoids requiring
an additional GSList allocation to track the element. Also, it allows to
link and append an element without iterating the list.

This ties the caller and the NMAuthChain a bit tighter together (making them
less indepdendent). Generally that is not desirable. But here it seems the
logic (of tracking the NMAuthChain) is still trivial and well separated.
It's just that NMAuthChain instances now can be linked in a CList.
all: drop emacs file variables from source files 2019-06-11T08:04:00+00:00 Thomas Haller thaller@redhat.com 2019-06-02T12:32:30+00:00 c0e075c90263150bd00ea033dbbd2d8e6b05300e We no longer add these. If you use Emacs, configure it yourself. Also, due to our "smart-tab" usage the editor anyway does a subpar job handling our tabs. However, on the upside every user can choose whatever tab-width he/she prefers. If "smart-tabs" are used properly (like we do), every tab-width will work. No manual changes, just ran commands: F=($(git grep -l -e '-\*-')) sed '1 { /\/\* *-\*- *[mM]ode.*\*\/$/d }' -i "${F[@]}" sed '1,4 { /^\(#\|--\|dnl\) *-\*- [mM]ode/d }' -i "${F[@]}" Check remaining lines with: git grep -e '-\*-' The ultimate purpose of this is to cleanup our files and eventually use SPDX license identifiers. For that, first get rid of the boilerplate lines. 
We no longer add these. If you use Emacs, configure it yourself.

Also, due to our "smart-tab" usage the editor anyway does a subpar
job handling our tabs. However, on the upside every user can choose
whatever tab-width he/she prefers. If "smart-tabs" are used properly
(like we do), every tab-width will work.

No manual changes, just ran commands:

    F=($(git grep -l -e '-\*-'))
    sed '1 { /\/\* *-\*-  *[mM]ode.*\*\/$/d }'     -i "${F[@]}"
    sed '1,4 { /^\(#\|--\|dnl\) *-\*- [mM]ode/d }' -i "${F[@]}"

Check remaining lines with:

    git grep -e '-\*-'

The ultimate purpose of this is to cleanup our files and eventually use
SPDX license identifiers. For that, first get rid of the boilerplate lines.
auth-chain: don't copy ChainData tag 2019-05-12T07:56:36+00:00 Thomas Haller thaller@redhat.com 2019-05-06T08:04:16+00:00 5a3ffffe7453bf0fcde97e14f0cc7a2d85e8bce8 All callers pass a C string literal as the user-data tag of NMAuthChain. It makes little sense otherwise because you usually know which user data you need in advance. So don't bother with copying the string. Just reference the defacto static string. Rename nm_auth_chain_set_data() to nm_auth_chain_set_data_unsafe() to indicate that the lifetime of the tag string is now the caller's responsibility. The nm_auth_chain_set_data() macro now ensures that the tag argument is a C string literal. In fact, all callers that we had did that already. 
All callers pass a C string literal as the user-data tag of NMAuthChain.
It makes little sense otherwise because you usually know which user data
you need in advance.

So don't bother with copying the string. Just reference the defacto
static string.

Rename nm_auth_chain_set_data() to nm_auth_chain_set_data_unsafe() to indicate
that the lifetime of the tag string is now the caller's responsibility.

The nm_auth_chain_set_data() macro now ensures that the tag argument is
a C string literal. In fact, all callers that we had did that already.
auth-chain: don't clone the permission string for AuthChain 2019-05-12T07:56:36+00:00 Thomas Haller thaller@redhat.com 2019-05-04T08:31:18+00:00 9df2abea53065c88878f00a467811cd635d3c6a8 Out of the 33 callers of nm_auth_chain_add_call(), the permission argument is: - 29 times a C string literal like NM_AUTH_PERMISSION_NETWORK_CONTROL. - 3 times assign a string that is in fact a static string (it's just not a string literal) - only NMManager's device_auth_request_cb() passes a permission of (possibly) non static origin. But it already duplicates the string for it's own purposes and attaches it as user-data to the NMAuthChain. There really is no need to duplicate the string. Replace nm_auth_chain_add_call() by a macro that ensures that the permission string is a C literal. Rename nm_auth_chain_add_call() to nm_auth_chain_add_call_unsafe() to indicate that the lifetime of the permission argument is now the responsibility of the caller. 
Out of the 33 callers of nm_auth_chain_add_call(), the permission
argument is:

 - 29 times a C string literal like NM_AUTH_PERMISSION_NETWORK_CONTROL.

 - 3 times assign a string that is in fact a static string (it's just
   not a string literal)

 - only NMManager's device_auth_request_cb() passes a permission of
   (possibly) non static origin. But it already duplicates the string
   for it's own purposes and attaches it as user-data to the
   NMAuthChain.

There really is no need to duplicate the string.

Replace nm_auth_chain_add_call() by a macro that ensures that the
permission string is a C literal.

Rename nm_auth_chain_add_call() to nm_auth_chain_add_call_unsafe() to
indicate that the lifetime of the permission argument is now the
responsibility of the caller.
core: remove unused error argument from NMAuthChainResultFunc 2019-05-12T07:56:36+00:00 Thomas Haller thaller@redhat.com 2019-05-04T07:37:54+00:00 d460ec8e674107b2245a47cfe721fa84399a9bb9 NMAuthChain usually requests several permissions at once. Hence, an error argument in the overall callback does not make sense, because you wouldn't know which request failed. If at all, it could only mean that the overall request failed (like an D-Bus failure communicating to D-Bus *for all permisssions*), but we don't need to handle that specially. In fact, we don't really care why permission was not granted, whether it's due to an error or legitimate reasons. The error in the callback was always set to %NULL. Remove it. 
NMAuthChain usually requests several permissions at once. Hence, an error
argument in the overall callback does not make sense, because you
wouldn't know which request failed.

If at all, it could only mean that the overall request failed (like an
D-Bus failure communicating to D-Bus *for all permisssions*),
but we don't need to handle that specially. In fact, we don't really care
why permission was not granted, whether it's due to an error or legitimate
reasons.

The error in the callback was always set to %NULL. Remove it.
core: add nm_auth_is_subject_in_acl_set_error() helper 2018-04-18T05:55:15+00:00 Thomas Haller thaller@redhat.com 2018-04-12T07:34:40+00:00 f94167d8b1f94e59fb04f711cb999f380b083314 






auth-manager: add helper function nm_auth_call_result_eval()
2018-04-13T07:09:46+00:00

Thomas Haller
thaller@redhat.com

2018-04-09T15:03:58+00:00

f0bddb44e03aed9d9ca8be0bf63d46dd7ebda15c

This makes NMAuthCallResult not only usable from within a NMAuthChain.
It makes sense to just call nm-auth-manager directly, but then we need
a way to convert the more detailed result into an NMAuthCallResult
value.





This makes NMAuthCallResult not only usable from within a NMAuthChain.
It makes sense to just call nm-auth-manager directly, but then we need
a way to convert the more detailed result into an NMAuthCallResult
value.







auth-chain/trivial: rename nm_auth_chain_unref() to nm_auth_chain_destroy()
2018-04-13T07:09:46+00:00

Thomas Haller
thaller@redhat.com

2018-04-09T09:52:55+00:00

50b74731f668067d445a28d7e545a169bf9d25c8

NMAuthChain is not really ref-counted. True, we have an internal ref-counter
to ensure that the instance stays alive while the callback is invoked. However,
the user cannot take additional references as there is no nm_auth_chain_ref().

When the user wants to get rid of the auth-chain, with the current API it
is important that the callback won't be called after that point. From the
name nm_auth_chain_unref(), it sounds like that there could be multiple references
to the auth-chain, and merely unreferencing the object might not guarantee that
the callback is canceled. However, that is luckily not the case, because
there is no real ref-counting involved here.

Just rename the destroy function to make this clearer.





NMAuthChain is not really ref-counted. True, we have an internal ref-counter
to ensure that the instance stays alive while the callback is invoked. However,
the user cannot take additional references as there is no nm_auth_chain_ref().

When the user wants to get rid of the auth-chain, with the current API it
is important that the callback won't be called after that point. From the
name nm_auth_chain_unref(), it sounds like that there could be multiple references
to the auth-chain, and merely unreferencing the object might not guarantee that
the callback is canceled. However, that is luckily not the case, because
there is no real ref-counting involved here.

Just rename the destroy function to make this clearer.







auth-chain: drop unused nm_auth_chain_get_data_ulong()
2018-04-05T15:45:30+00:00

Thomas Haller
thaller@redhat.com

2018-04-04T19:54:44+00:00

6335627e77fa1ccff9d1b81cd83c26bd86cb45f4