diff options
| author | Antonio Cardace <acardace@redhat.com> | 2019-12-17 20:36:18 +0100 |
|---|---|---|
| committer | Antonio Cardace <acardace@redhat.com> | 2019-12-17 20:55:43 +0100 |
| commit | 1d6b59c3f61386e9fcc858ed15dae5d8e7a005a4 (patch) | |
| tree | fd0d830e85e33fbd3213fef6ceab6a2ad9ce0b08 | |
| parent | cb778eb1d82ee89c6f9009ce9a8e73c7eef9c6ff (diff) | |
| download | NetworkManager-ac/polkit_session_agent.tar.gz | |
shared: nm-auth-subject: add unix-session typeac/polkit_session_agent
| -rw-r--r-- | clients/cli/polkit-agent.c | 5 | ||||
| -rw-r--r-- | shared/nm-libnm-core-intern/nm-auth-subject.c | 150 | ||||
| -rw-r--r-- | shared/nm-libnm-core-intern/nm-auth-subject.h | 19 |
3 files changed, 167 insertions, 7 deletions
diff --git a/clients/cli/polkit-agent.c b/clients/cli/polkit-agent.c index 44aa78721e..459714b2ca 100644 --- a/clients/cli/polkit-agent.c +++ b/clients/cli/polkit-agent.c @@ -13,6 +13,7 @@ #include "nm-polkit-listener.h" #include "common.h" +#include "shared/nm-libnm-core-intern/nm-auth-subject.h" #if WITH_POLKIT_AGENT static char * @@ -54,11 +55,15 @@ nmc_polkit_agent_init (NmCli* nmc, gboolean for_session, GError **error) if (nmc && nmc->client && NM_IS_CLIENT (nmc->client)) { dbus_connection = nm_client_get_dbus_connection (nmc->client); + NMAuthSubject *subject = nm_auth_subject_new_unix_session (dbus_connection, NULL); + g_print ("%s\n", nm_auth_subject_get_unix_session_id (subject)); listener = nm_polkit_listener_new (dbus_connection); } else { dbus_connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, error); + NMAuthSubject *subject = nm_auth_subject_new_unix_session (dbus_connection, NULL); + g_print ("%s\n", nm_auth_subject_get_unix_session_id (subject)); listener = nm_polkit_listener_new (dbus_connection); g_object_unref (dbus_connection); } diff --git a/shared/nm-libnm-core-intern/nm-auth-subject.c b/shared/nm-libnm-core-intern/nm-auth-subject.c index 2515ed8866..445bac0dee 100644 --- a/shared/nm-libnm-core-intern/nm-auth-subject.c +++ b/shared/nm-libnm-core-intern/nm-auth-subject.c @@ -23,6 +23,9 @@ enum { PROP_UNIX_PROCESS_DBUS_SENDER, PROP_UNIX_PROCESS_PID, PROP_UNIX_PROCESS_UID, + PROP_UNIX_SESSION_ID, + PROP_UNIX_SESSION_CANCELLABLE, + PROP_DBUS_CONNECTION, PROP_LAST, }; @@ -35,6 +38,13 @@ typedef struct { guint64 start_time; char *dbus_sender; } unix_process; + + struct { + char *id; + } unix_session; + + GDBusConnection *dbus_connection; + GCancellable *cancellable; } NMAuthSubjectPrivate; struct _NMAuthSubject { @@ -61,6 +71,10 @@ G_DEFINE_TYPE (NMAuthSubject, nm_auth_subject, G_TYPE_OBJECT) CHECK_SUBJECT (self, error_value); \ g_return_val_if_fail (priv->subject_type == (expected_subject_type), error_value); +#define LOGIND_BUS_NAME "org.freedesktop.login1" +#define LOGIND_OBJ_PATH "/org/freedesktop/login1" +#define LOGIND_MANAGER_INTERFACE "org.freedesktop.login1.Manager" + const char * nm_auth_subject_to_string (NMAuthSubject *self, char *buf, gsize buf_len) { @@ -76,6 +90,10 @@ nm_auth_subject_to_string (NMAuthSubject *self, char *buf, gsize buf_len) case NM_AUTH_SUBJECT_TYPE_INTERNAL: g_strlcpy (buf, "internal", buf_len); break; + case NM_AUTH_SUBJECT_TYPE_UNIX_SESSION: + g_snprintf (buf, buf_len, "unix-session[id=%s]", + priv->unix_session.id); + break; default: g_strlcpy (buf, "invalid", buf_len); break; @@ -124,6 +142,12 @@ nm_auth_subject_is_unix_process (NMAuthSubject *subject) return nm_auth_subject_get_subject_type (subject) == NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS; } +gboolean +nm_auth_subject_is_unix_session (NMAuthSubject *subject) +{ + return nm_auth_subject_get_subject_type (subject) == NM_AUTH_SUBJECT_TYPE_UNIX_SESSION; +} + gulong nm_auth_subject_get_unix_process_pid (NMAuthSubject *subject) { @@ -148,6 +172,14 @@ nm_auth_subject_get_unix_process_dbus_sender (NMAuthSubject *subject) return priv->unix_process.dbus_sender; } +const char * +nm_auth_subject_get_unix_session_id (NMAuthSubject *subject) +{ + CHECK_SUBJECT_TYPED (subject, NM_AUTH_SUBJECT_TYPE_UNIX_SESSION, NULL); + + return priv->unix_session.id; +} + /*****************************************************************************/ /** @@ -166,6 +198,26 @@ nm_auth_subject_new_internal (void) } /** + * nm_auth_subject_new_internal(): + * + * Creates a new auth subject representing the NetworkManager process itself. + * + * Returns: the new #NMAuthSubject + */ +NMAuthSubject * +nm_auth_subject_new_unix_session (GDBusConnection *dbus_connection, + GCancellable *cancellable) +{ + g_return_val_if_fail (G_DBUS_CONNECTION (dbus_connection), NULL); + + return NM_AUTH_SUBJECT (g_object_new (NM_TYPE_AUTH_SUBJECT, + NM_AUTH_SUBJECT_SUBJECT_TYPE, (int) NM_AUTH_SUBJECT_TYPE_UNIX_SESSION, + NM_AUTH_SUBJECT_DBUS_CONNECTION, dbus_connection, + NM_AUTH_SUBJECT_UNIX_SESSION_CANCELLABLE, cancellable, + NULL)); +} + +/** * nm_auth_subject_new_unix_process(): * * Creates a new auth subject representing a give unix process. @@ -220,6 +272,15 @@ get_property (GObject *object, guint prop_id, GValue *value, GParamSpec *pspec) case PROP_UNIX_PROCESS_UID: g_value_set_ulong (value, priv->unix_process.uid); break; + case PROP_UNIX_SESSION_ID: + g_value_set_string (value, priv->unix_session.id); + break; + case PROP_UNIX_SESSION_CANCELLABLE: + g_value_set_object (value, priv->cancellable); + break; + case PROP_DBUS_CONNECTION: + g_value_set_object (value, priv->dbus_connection); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -239,7 +300,10 @@ set_property (GObject *object, guint prop_id, const GValue *value, GParamSpec *p case PROP_SUBJECT_TYPE: /* construct-only */ i = g_value_get_int (value); - g_return_if_fail (NM_IN_SET (i, (int) NM_AUTH_SUBJECT_TYPE_INTERNAL, (int) NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS)); + g_return_if_fail (NM_IN_SET (i, + (int) NM_AUTH_SUBJECT_TYPE_INTERNAL, + (int) NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS, + (int) NM_AUTH_SUBJECT_TYPE_UNIX_SESSION)); subject_type = i; priv->subject_type |= subject_type; g_return_if_fail (priv->subject_type == subject_type); @@ -268,6 +332,17 @@ set_property (GObject *object, guint prop_id, const GValue *value, GParamSpec *p priv->unix_process.uid = id; } break; + case PROP_UNIX_SESSION_ID: + priv->unix_session.id = g_value_dup_string (value); + break; + case PROP_UNIX_SESSION_CANCELLABLE: + /* construct-only */ + priv->cancellable = g_value_dup_object (value); + break; + case PROP_DBUS_CONNECTION: + /* construct-only */ + priv->dbus_connection = g_value_dup_object (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -282,7 +357,11 @@ _clear_private (NMAuthSubject *self) priv->subject_type = NM_AUTH_SUBJECT_TYPE_INVALID; priv->unix_process.pid = G_MAXULONG; priv->unix_process.uid = G_MAXULONG; - g_clear_pointer (&priv->unix_process.dbus_sender, g_free); + nm_clear_g_free (&priv->unix_process.dbus_sender); + + nm_clear_g_cancellable (&priv->cancellable); + nm_clear_g_free (&priv->unix_session.id); + g_clear_object (&priv->dbus_connection); } static void @@ -292,6 +371,44 @@ nm_auth_subject_init (NMAuthSubject *self) } static void +retrieve_session_id (NMAuthSubject *self) +{ + NMAuthSubjectPrivate *priv = NM_AUTH_SUBJECT_GET_PRIVATE (self); + gs_unref_variant GVariant *ret_value = NULL; + GVariantIter iter; + char *session_id; + guint32 session_uid; + uid_t uid = getuid (); + gs_free_error GError *error = NULL; + + ret_value = g_dbus_connection_call_sync (priv->dbus_connection, + LOGIND_BUS_NAME, + LOGIND_OBJ_PATH, + LOGIND_MANAGER_INTERFACE, + "ListSessions", + NULL, + G_VARIANT_TYPE ("(a(susso))"), + G_DBUS_CALL_FLAGS_NONE, + -1, + priv->cancellable, + &error); + + if (ret_value) { + g_variant_iter_init (&iter, ret_value); + + while (g_variant_iter_next (&iter, "(&su@s@s@o)", + &session_id, + &session_uid, + NULL, NULL, NULL)) { + if (session_uid == uid) { + priv->unix_session.id = g_strdup (session_id); + break; + } + } + } +} + +static void constructed (GObject *object) { NMAuthSubject *self = NM_AUTH_SUBJECT (object); @@ -332,6 +449,9 @@ constructed (GObject *object) * start-time, but polkit is not. */ } return; + case NM_AUTH_SUBJECT_TYPE_UNIX_SESSION: + retrieve_session_id (self); + return; default: break; } @@ -362,7 +482,7 @@ nm_auth_subject_class_init (NMAuthSubjectClass *config_class) (object_class, PROP_SUBJECT_TYPE, g_param_spec_int (NM_AUTH_SUBJECT_SUBJECT_TYPE, "", "", NM_AUTH_SUBJECT_TYPE_INVALID, - NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS, + NM_AUTH_SUBJECT_TYPE_UNIX_SESSION, NM_AUTH_SUBJECT_TYPE_INVALID, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY | @@ -392,4 +512,28 @@ nm_auth_subject_class_init (NMAuthSubjectClass *config_class) G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS)); + g_object_class_install_property + (object_class, PROP_UNIX_SESSION_ID, + g_param_spec_string (NM_AUTH_SUBJECT_UNIX_SESSION_ID, + "", "", "", + G_PARAM_READABLE | + G_PARAM_STATIC_STRINGS)); + + g_object_class_install_property + (object_class, PROP_UNIX_SESSION_CANCELLABLE, + g_param_spec_object (NM_AUTH_SUBJECT_UNIX_SESSION_CANCELLABLE, + "", "", + G_TYPE_CANCELLABLE, + G_PARAM_WRITABLE | + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_STATIC_STRINGS)); + + g_object_class_install_property + (object_class, PROP_DBUS_CONNECTION, + g_param_spec_object (NM_AUTH_SUBJECT_DBUS_CONNECTION, + "", "", + G_TYPE_DBUS_CONNECTION, + G_PARAM_WRITABLE | + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_STATIC_STRINGS)); } diff --git a/shared/nm-libnm-core-intern/nm-auth-subject.h b/shared/nm-libnm-core-intern/nm-auth-subject.h index ece56828d4..d9d4f33cb1 100644 --- a/shared/nm-libnm-core-intern/nm-auth-subject.h +++ b/shared/nm-libnm-core-intern/nm-auth-subject.h @@ -17,12 +17,16 @@ typedef enum { NM_AUTH_SUBJECT_TYPE_INVALID = 0, NM_AUTH_SUBJECT_TYPE_INTERNAL = 1, NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS = 2, + NM_AUTH_SUBJECT_TYPE_UNIX_SESSION = 3, } NMAuthSubjectType; -#define NM_AUTH_SUBJECT_SUBJECT_TYPE "subject-type" -#define NM_AUTH_SUBJECT_UNIX_PROCESS_DBUS_SENDER "unix-process-dbus-sender" -#define NM_AUTH_SUBJECT_UNIX_PROCESS_PID "unix-process-pid" -#define NM_AUTH_SUBJECT_UNIX_PROCESS_UID "unix-process-uid" +#define NM_AUTH_SUBJECT_SUBJECT_TYPE "subject-type" +#define NM_AUTH_SUBJECT_UNIX_PROCESS_DBUS_SENDER "unix-process-dbus-sender" +#define NM_AUTH_SUBJECT_UNIX_PROCESS_PID "unix-process-pid" +#define NM_AUTH_SUBJECT_UNIX_PROCESS_UID "unix-process-uid" +#define NM_AUTH_SUBJECT_UNIX_SESSION_ID "unix-session-id" +#define NM_AUTH_SUBJECT_UNIX_SESSION_CANCELLABLE "unix-session-cancellable" +#define NM_AUTH_SUBJECT_DBUS_CONNECTION "dbus-connection" typedef struct _NMAuthSubjectClass NMAuthSubjectClass; typedef struct _NMAuthSubject NMAuthSubject; @@ -31,6 +35,9 @@ GType nm_auth_subject_get_type (void); NMAuthSubject *nm_auth_subject_new_internal (void); +NMAuthSubject * nm_auth_subject_new_unix_session (GDBusConnection *dbus_connection, + GCancellable *cancellable); + NMAuthSubject * nm_auth_subject_new_unix_process (const char *dbus_sender, gulong pid, gulong uid); NMAuthSubject *nm_auth_subject_new_unix_process_self (void); @@ -41,12 +48,16 @@ gboolean nm_auth_subject_is_internal (NMAuthSubject *subject); gboolean nm_auth_subject_is_unix_process (NMAuthSubject *subject); +gboolean nm_auth_subject_is_unix_session (NMAuthSubject *subject); + gulong nm_auth_subject_get_unix_process_pid (NMAuthSubject *subject); const char *nm_auth_subject_get_unix_process_dbus_sender (NMAuthSubject *subject); gulong nm_auth_subject_get_unix_process_uid (NMAuthSubject *subject); +const char * nm_auth_subject_get_unix_session_id (NMAuthSubject *subject); + const char *nm_auth_subject_to_string (NMAuthSubject *self, char *buf, gsize buf_len); GVariant * nm_auth_subject_unix_process_to_polkit_gvariant (NMAuthSubject *self); |