diff options
| author | Thomas Haller <thaller@redhat.com> | 2018-04-09 16:04:46 +0200 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2018-04-13 09:09:46 +0200 |
| commit | 798b2a7527bddadcec37b48183da313fbc961e45 (patch) | |
| tree | a8511cd7685eb37694be96a00cade2a0fdd5e8b2 /src/nm-auth-utils.c | |
| parent | 41abf9f8e81423eff0ef888d17a5454d0b5750bf (diff) | |
| download | NetworkManager-798b2a7527bddadcec37b48183da313fbc961e45.tar.gz | |
auth-manager: let NMAuthChain always call to NMAuthManager for dummy requests
NMAuthChain's nm_auth_chain_add_call() used to add special handling for
the NMAuthSubject. This handling really belongs to NMAuthManager for two
reasons:
- NMAuthManager already goes through the effort of scheduling an idle
handler to handle the case where no GDBusProxy is present. It can
just as well handle the special cases where polkit-auth is disabled
or when we have internal requests.
- by NMAuthChain doing special handling, it makes it more complicated
to call nm_auth_manager_check_authorization() directly. Previously,
the NMAuthChain had additional logic, which means you either were
forced to create an NMAuthChain, or you had to reimplement special
handling like nm_auth_chain_add_call().
Diffstat (limited to 'src/nm-auth-utils.c')
| -rw-r--r-- | src/nm-auth-utils.c | 37 |
1 files changed, 6 insertions, 31 deletions
diff --git a/src/nm-auth-utils.c b/src/nm-auth-utils.c index d641621bf2..83206352cd 100644 --- a/src/nm-auth-utils.c +++ b/src/nm-auth-utils.c @@ -54,7 +54,6 @@ typedef struct { NMAuthChain *chain; NMAuthManagerCallId *call_id; char *permission; - guint call_idle_id; } AuthCall; /*****************************************************************************/ @@ -74,8 +73,6 @@ auth_call_free (AuthCall *call) { if (call->call_id) nm_auth_manager_check_authorization_cancel (call->call_id); - - nm_clear_g_source (&call->call_idle_id); c_list_unlink_stale (&call->auth_call_lst); g_free (call->permission); g_slice_free (AuthCall, call); @@ -241,18 +238,6 @@ auth_call_complete (AuthCall *call) } } -static gboolean -auth_call_complete_idle_cb (gpointer user_data) -{ - AuthCall *call = user_data; - - _ASSERT_call (call); - - call->call_idle_id = 0; - auth_call_complete (call); - return G_SOURCE_REMOVE; -} - static void pk_call_cb (NMAuthManager *auth_manager, NMAuthManagerCallId *call_id, @@ -311,22 +296,12 @@ nm_auth_chain_add_call (NMAuthChain *self, call->chain = self; call->permission = g_strdup (permission); c_list_link_tail (&self->auth_call_lst_head, &call->auth_call_lst); - - if ( nm_auth_subject_is_internal (self->subject) - || nm_auth_subject_get_unix_process_uid (self->subject) == 0 - || !nm_auth_manager_get_polkit_enabled (auth_manager)) { - /* Root user or non-polkit always gets the permission */ - nm_auth_chain_set_data (self, permission, GUINT_TO_POINTER (NM_AUTH_CALL_RESULT_YES), NULL); - call->call_idle_id = g_idle_add (auth_call_complete_idle_cb, call); - } else { - /* Non-root always gets authenticated when using polkit */ - call->call_id = nm_auth_manager_check_authorization (auth_manager, - self->subject, - permission, - allow_interaction, - pk_call_cb, - call); - } + call->call_id = nm_auth_manager_check_authorization (auth_manager, + self->subject, + permission, + allow_interaction, + pk_call_cb, + call); } /*****************************************************************************/ |