core: add nm_auth_is_subject_in_acl_set_error() helper

author: Thomas Haller <thaller@redhat.com> 2018-04-12 09:34:40 +0200
committer: Thomas Haller <thaller@redhat.com> 2018-04-18 07:55:15 +0200
commit: f94167d8b1f94e59fb04f711cb999f380b083314 (patch)
tree: 87e9e63ac90a00732656a257760517696ac00d35
parent: 1a33ab17de3ad2d9afe409295b7fd393c013f863 (diff)
download: NetworkManager-f94167d8b1f94e59fb04f711cb999f380b083314.tar.gz
2 files changed, 32 insertions, 5 deletions
diff --git a/src/nm-auth-utils.c b/src/nm-auth-utils.c
index cba118250f..b41f6efa16 100644
--- a/src/nm-auth-utils.c
+++ b/src/nm-auth-utils.c
@@ -410,8 +410,8 @@ nm_auth_is_subject_in_acl (NMConnection *connection,
 		return TRUE;
 
 	if (!nm_session_monitor_uid_to_user (uid, &user)) {
-		if (out_error_desc)
-			*out_error_desc = g_strdup_printf ("Could not determine username for uid %lu", uid);
+		NM_SET_OUT (out_error_desc,
+		            g_strdup_printf ("Could not determine username for uid %lu", uid));
 		return FALSE;
 	}
 
@@ -425,10 +425,31 @@ nm_auth_is_subject_in_acl (NMConnection *connection,
 
 	/* Match the username returned by the session check to a user in the ACL */
 	if (!nm_setting_connection_permissions_user_allowed (s_con, user)) {
-		if (out_error_desc)
-			*out_error_desc = g_strdup_printf ("uid %lu has no permission to perform this operation", uid);
+		NM_SET_OUT (out_error_desc,
+		            g_strdup_printf ("uid %lu has no permission to perform this operation", uid));
 		return FALSE;
 	}
 
 	return TRUE;
 }
+
+gboolean
+nm_auth_is_subject_in_acl_set_error (NMConnection *connection,
+                                     NMAuthSubject *subject,
+                                     GQuark err_domain,
+                                     int err_code,
+                                     GError **error)
+{
+	char *error_desc = NULL;
+
+	nm_assert (!error || !*error);
+
+	if (nm_auth_is_subject_in_acl (connection,
+	                               subject,
+	                               error ? &error_desc : NULL))
+		return TRUE;
+
+	g_set_error_literal (error, err_domain, err_code, error_desc);
+	g_free (error_desc);
+	return FALSE;
+}
diff --git a/src/nm-auth-utils.h b/src/nm-auth-utils.h
index a641c49dfe..5f9823b695 100644
--- a/src/nm-auth-utils.h
+++ b/src/nm-auth-utils.h
@@ -59,12 +59,18 @@ void nm_auth_chain_add_call (NMAuthChain *chain,
 
 void nm_auth_chain_destroy (NMAuthChain *chain);
 
+NMAuthSubject *nm_auth_chain_get_subject (NMAuthChain *self);
+
 /* Caller must free returned error description */
 gboolean nm_auth_is_subject_in_acl (NMConnection *connection,
                                     NMAuthSubject *subect,
                                     char **out_error_desc);
 
-NMAuthSubject *nm_auth_chain_get_subject (NMAuthChain *self);
+gboolean nm_auth_is_subject_in_acl_set_error (NMConnection *connection,
+                                              NMAuthSubject *subject,
+                                              GQuark err_domain,
+                                              int err_code,
+                                              GError **error);
 
 #endif /* __NETWORKMANAGER_MANAGER_AUTH_H__ */
author	Thomas Haller <thaller@redhat.com>	2018-04-12 09:34:40 +0200
committer	Thomas Haller <thaller@redhat.com>	2018-04-18 07:55:15 +0200
commit	f94167d8b1f94e59fb04f711cb999f380b083314 (patch)
tree	87e9e63ac90a00732656a257760517696ac00d35
parent	1a33ab17de3ad2d9afe409295b7fd393c013f863 (diff)
download	NetworkManager-f94167d8b1f94e59fb04f711cb999f380b083314.tar.gz