summaryrefslogtreecommitdiff
path: root/src/nm-manager.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/nm-manager.c')
-rw-r--r--src/nm-manager.c63
1 files changed, 35 insertions, 28 deletions
diff --git a/src/nm-manager.c b/src/nm-manager.c
index eb20ada399..db46bf5be8 100644
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@@ -49,7 +49,8 @@
#include "nm-dhcp-manager.h"
#include "nm-settings.h"
#include "nm-settings-connection.h"
-#include "nm-manager-auth.h"
+#include "nm-auth-utils.h"
+#include "nm-auth-manager.h"
#include "NetworkManagerUtils.h"
#include "nm-utils.h"
#include "nm-device-factory.h"
@@ -1452,7 +1453,7 @@ device_auth_request_cb (NMDevice *device,
NMAuthChain *chain;
/* Validate the caller */
- subject = nm_auth_subject_new_from_context (context);
+ subject = nm_auth_subject_new_unix_process_from_context (context);
if (!subject) {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
@@ -1461,10 +1462,10 @@ device_auth_request_cb (NMDevice *device,
}
/* Ensure the subject has permissions for this connection */
- if (connection && !nm_auth_uid_in_acl (connection,
- nm_session_monitor_get (),
- nm_auth_subject_get_uid (subject),
- &error_desc)) {
+ if (connection && !nm_auth_is_subject_in_acl (connection,
+ nm_session_monitor_get (),
+ subject,
+ &error_desc)) {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
error_desc);
@@ -2662,10 +2663,10 @@ _internal_activate_device (NMManager *self, NMActiveConnection *active, GError *
existing_connection = nm_device_get_connection (device);
subject = nm_active_connection_get_subject (active);
if (existing_connection &&
- !nm_auth_uid_in_acl (existing_connection,
- nm_session_monitor_get (),
- nm_auth_subject_get_uid (subject),
- &error_desc)) {
+ !nm_auth_is_subject_in_acl (existing_connection,
+ nm_session_monitor_get (),
+ subject,
+ &error_desc)) {
g_set_error (error,
NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
@@ -2954,10 +2955,10 @@ nm_manager_activate_connection (NMManager *self,
g_return_val_if_fail (*error == NULL, NULL);
/* Ensure the subject has permissions for this connection */
- if (!nm_auth_uid_in_acl (connection,
- nm_session_monitor_get (),
- nm_auth_subject_get_uid (subject),
- &error_desc)) {
+ if (!nm_auth_is_subject_in_acl (connection,
+ nm_session_monitor_get (),
+ subject,
+ &error_desc)) {
g_set_error_literal (error,
NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
@@ -2998,7 +2999,7 @@ validate_activation_request (NMManager *self,
g_assert (out_vpn);
/* Validate the caller */
- subject = nm_auth_subject_new_from_context (context);
+ subject = nm_auth_subject_new_unix_process_from_context (context);
if (!subject) {
g_set_error_literal (error,
NM_MANAGER_ERROR,
@@ -3008,10 +3009,10 @@ validate_activation_request (NMManager *self,
}
/* Ensure the subject has permissions for this connection */
- if (!nm_auth_uid_in_acl (connection,
- nm_session_monitor_get (),
- nm_auth_subject_get_uid (subject),
- &error_desc)) {
+ if (!nm_auth_is_subject_in_acl (connection,
+ nm_session_monitor_get (),
+ subject,
+ &error_desc)) {
g_set_error_literal (error,
NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
@@ -3528,7 +3529,7 @@ impl_manager_deactivate_connection (NMManager *self,
}
/* Validate the caller */
- subject = nm_auth_subject_new_from_context (context);
+ subject = nm_auth_subject_new_unix_process_from_context (context);
if (!subject) {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
@@ -3537,10 +3538,10 @@ impl_manager_deactivate_connection (NMManager *self,
}
/* Ensure the subject has permissions for this connection */
- if (!nm_auth_uid_in_acl (connection,
- nm_session_monitor_get (),
- nm_auth_subject_get_uid (subject),
- &error_desc)) {
+ if (!nm_auth_is_subject_in_acl (connection,
+ nm_session_monitor_get (),
+ subject,
+ &error_desc)) {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
error_desc);
@@ -4434,7 +4435,7 @@ prop_filter (DBusConnection *connection,
goto out;
}
- subject = nm_auth_subject_new_from_message (connection, message);
+ subject = nm_auth_subject_new_unix_process_from_message (connection, message);
if (!subject) {
reply = dbus_message_new_error (message, NM_PERM_DENIED_ERROR,
"Could not determine request UID.");
@@ -4469,7 +4470,7 @@ out:
}
static void
-authority_changed_cb (gpointer user_data)
+authority_changed_cb (NMAuthManager *auth_manager, gpointer user_data)
{
/* Let clients know they should re-check their authorization */
g_signal_emit (NM_MANAGER (user_data), signals[CHECK_PERMISSIONS], 0);
@@ -4834,7 +4835,11 @@ nm_manager_init (NMManager *manager)
G_CALLBACK (resuming_cb), manager);
/* Listen for authorization changes */
- nm_auth_changed_func_register (authority_changed_cb, manager);
+ g_signal_connect (nm_auth_manager_get (),
+ NM_AUTH_MANAGER_SIGNAL_CHANGED,
+ G_CALLBACK (authority_changed_cb),
+ manager);
+
/* Monitor the firmware directory */
if (strlen (KERNEL_FIRMWARE_DIR)) {
@@ -4986,7 +4991,9 @@ dispose (GObject *object)
g_slist_free_full (priv->auth_chains, (GDestroyNotify) nm_auth_chain_unref);
priv->auth_chains = NULL;
- nm_auth_changed_func_unregister (authority_changed_cb, manager);
+ g_signal_handlers_disconnect_by_func (nm_auth_manager_get (),
+ G_CALLBACK (authority_changed_cb),
+ manager);
/* Remove all devices */
while (priv->devices)
View Lorry Controller Status