summaryrefslogtreecommitdiff
path: root/src/nm-manager.c
diff options
context:
space:
mode:
authorDan Williams <dcbw@redhat.com>2014-01-21 13:41:18 -0600
committerDan Williams <dcbw@redhat.com>2014-01-21 13:41:18 -0600
commitefd0e2a589866de0b9fc71253325fcde33a847ac (patch)
tree92042e305552a3c6abc5089867a9d6f8b406fa57 /src/nm-manager.c
parenteb8bc5396e0f41b9ebcba5e45916de8b523168c3 (diff)
downloadNetworkManager-efd0e2a589866de0b9fc71253325fcde33a847ac.tar.gz
core: respect connection permissions for internal activation requests
Similar to "core: respect connection user permissions for activation/deactivation", if a master connection is being activated because a slave connection requested it, ensure that the user requesting the master connection is allowed to activate it.
Diffstat (limited to 'src/nm-manager.c')
-rw-r--r--src/nm-manager.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/src/nm-manager.c b/src/nm-manager.c
index 96c42fe6a4..2f4785257d 100644
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@@ -3010,12 +3010,26 @@ nm_manager_activate_connection (NMManager *self,
GError **error)
{
NMActiveConnection *active;
+ char *error_desc = NULL;
g_return_val_if_fail (self != NULL, NULL);
g_return_val_if_fail (connection != NULL, NULL);
g_return_val_if_fail (error != NULL, NULL);
g_return_val_if_fail (*error == NULL, NULL);
+ /* Ensure the subject has permissions for this connection */
+ if (!nm_auth_uid_in_acl (connection,
+ nm_session_monitor_get (),
+ nm_auth_subject_get_uid (subject),
+ &error_desc)) {
+ g_set_error_literal (error,
+ NM_MANAGER_ERROR,
+ NM_MANAGER_ERROR_PERMISSION_DENIED,
+ error_desc);
+ g_free (error_desc);
+ return NULL;
+ }
+
active = _new_active_connection (self,
connection,
specific_object,
View Lorry Controller Status