|
Packit Service |
87a54e |
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
|
Packit |
5756e2 |
/*
|
|
Packit |
5756e2 |
* Copyright (C) 2013 - 2014 Red Hat, Inc.
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/**
|
|
Packit |
5756e2 |
* SECTION:nm-auth-subject
|
|
Packit |
5756e2 |
* @short_description: Encapsulates authentication information about a requestor
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* #NMAuthSubject encpasulates identifying information about an entity that
|
|
Packit |
5756e2 |
* makes requests, like process identifier and user UID.
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#include "nm-default.h"
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#include "nm-auth-subject.h"
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#include <stdlib.h>
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
enum {
|
|
Packit Service |
a1bd4f |
PROP_0,
|
|
Packit Service |
a1bd4f |
PROP_SUBJECT_TYPE,
|
|
Packit Service |
a1bd4f |
PROP_UNIX_PROCESS_DBUS_SENDER,
|
|
Packit Service |
a1bd4f |
PROP_UNIX_PROCESS_PID,
|
|
Packit Service |
a1bd4f |
PROP_UNIX_PROCESS_UID,
|
|
Packit Service |
a1bd4f |
PROP_UNIX_SESSION_ID,
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
PROP_LAST,
|
|
Packit |
5756e2 |
};
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
typedef struct {
|
|
Packit Service |
a1bd4f |
NMAuthSubjectType subject_type;
|
|
Packit Service |
a1bd4f |
struct {
|
|
Packit Service |
a1bd4f |
gulong pid;
|
|
Packit Service |
a1bd4f |
gulong uid;
|
|
Packit Service |
a1bd4f |
guint64 start_time;
|
|
Packit Service |
a1bd4f |
char * dbus_sender;
|
|
Packit Service |
a1bd4f |
} unix_process;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
struct {
|
|
Packit Service |
a1bd4f |
char *id;
|
|
Packit Service |
a1bd4f |
} unix_session;
|
|
Packit |
5756e2 |
} NMAuthSubjectPrivate;
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
struct _NMAuthSubject {
|
|
Packit Service |
a1bd4f |
GObject parent;
|
|
Packit Service |
a1bd4f |
NMAuthSubjectPrivate _priv;
|
|
Packit |
5756e2 |
};
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
struct _NMAuthSubjectClass {
|
|
Packit Service |
a1bd4f |
GObjectClass parent;
|
|
Packit |
5756e2 |
};
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
G_DEFINE_TYPE(NMAuthSubject, nm_auth_subject, G_TYPE_OBJECT)
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#define NM_AUTH_SUBJECT_GET_PRIVATE(self) _NM_GET_PRIVATE(self, NMAuthSubject, NM_IS_AUTH_SUBJECT)
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
#define CHECK_SUBJECT(self, error_value) \
|
|
Packit Service |
a1bd4f |
NMAuthSubjectPrivate *priv; \
|
|
Packit Service |
a1bd4f |
g_return_val_if_fail(NM_IS_AUTH_SUBJECT(self), error_value); \
|
|
Packit Service |
a1bd4f |
priv = NM_AUTH_SUBJECT_GET_PRIVATE(self);
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#define CHECK_SUBJECT_TYPED(self, expected_subject_type, error_value) \
|
|
Packit Service |
a1bd4f |
CHECK_SUBJECT(self, error_value); \
|
|
Packit Service |
a1bd4f |
g_return_val_if_fail(priv->subject_type == (expected_subject_type), error_value);
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
const char *
|
|
Packit Service |
a1bd4f |
nm_auth_subject_to_string(NMAuthSubject *self, char *buf, gsize buf_len)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
CHECK_SUBJECT(self, NULL);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
switch (priv->subject_type) {
|
|
Packit Service |
a1bd4f |
case NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS:
|
|
Packit Service |
a1bd4f |
g_snprintf(buf,
|
|
Packit Service |
a1bd4f |
buf_len,
|
|
Packit Service |
a1bd4f |
"unix-process[pid=%lu, uid=%lu, start=%llu]",
|
|
Packit Service |
a1bd4f |
(unsigned long) priv->unix_process.pid,
|
|
Packit Service |
a1bd4f |
(unsigned long) priv->unix_process.uid,
|
|
Packit Service |
a1bd4f |
(unsigned long long) priv->unix_process.start_time);
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
case NM_AUTH_SUBJECT_TYPE_INTERNAL:
|
|
Packit Service |
a1bd4f |
g_strlcpy(buf, "internal", buf_len);
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
case NM_AUTH_SUBJECT_TYPE_UNIX_SESSION:
|
|
Packit Service |
a1bd4f |
g_snprintf(buf, buf_len, "unix-session[id=%s]", priv->unix_session.id);
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
default:
|
|
Packit Service |
a1bd4f |
g_strlcpy(buf, "invalid", buf_len);
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
return buf;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/* returns a floating variant */
|
|
Packit |
5756e2 |
GVariant *
|
|
Packit Service |
a1bd4f |
nm_auth_subject_unix_to_polkit_gvariant(NMAuthSubject *self)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
GVariantBuilder builder;
|
|
Packit Service |
a1bd4f |
CHECK_SUBJECT(self, NULL);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
switch (priv->subject_type) {
|
|
Packit Service |
a1bd4f |
case NM_AUTH_SUBJECT_TYPE_UNIX_SESSION:
|
|
Packit Service |
a1bd4f |
g_variant_builder_init(&builder, G_VARIANT_TYPE("a{sv}"));
|
|
Packit Service |
a1bd4f |
g_variant_builder_add(&builder,
|
|
Packit Service |
a1bd4f |
"{sv}",
|
|
Packit Service |
a1bd4f |
"session-id",
|
|
Packit Service |
a1bd4f |
g_variant_new_string(priv->unix_session.id));
|
|
Packit Service |
a1bd4f |
return g_variant_new("(sa{sv})", "unix-session", &builder);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
case NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS:
|
|
Packit Service |
a1bd4f |
g_variant_builder_init(&builder, G_VARIANT_TYPE("a{sv}"));
|
|
Packit Service |
a1bd4f |
g_variant_builder_add(&builder,
|
|
Packit Service |
a1bd4f |
"{sv}",
|
|
Packit Service |
a1bd4f |
"pid",
|
|
Packit Service |
a1bd4f |
g_variant_new_uint32(priv->unix_process.pid));
|
|
Packit Service |
a1bd4f |
g_variant_builder_add(&builder,
|
|
Packit Service |
a1bd4f |
"{sv}",
|
|
Packit Service |
a1bd4f |
"start-time",
|
|
Packit Service |
a1bd4f |
g_variant_new_uint64(priv->unix_process.start_time));
|
|
Packit Service |
a1bd4f |
g_variant_builder_add(&builder, "{sv}", "uid", g_variant_new_int32(priv->unix_process.uid));
|
|
Packit Service |
a1bd4f |
return g_variant_new("(sa{sv})", "unix-process", &builder);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
default:
|
|
Packit Service |
a1bd4f |
g_return_val_if_reached(NULL);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
NMAuthSubjectType
|
|
Packit Service |
a1bd4f |
nm_auth_subject_get_subject_type(NMAuthSubject *subject)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
CHECK_SUBJECT(subject, NM_AUTH_SUBJECT_TYPE_INVALID);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
return priv->subject_type;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
gulong
|
|
Packit Service |
a1bd4f |
nm_auth_subject_get_unix_process_pid(NMAuthSubject *subject)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
CHECK_SUBJECT_TYPED(subject, NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS, G_MAXULONG);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
return priv->unix_process.pid;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
gulong
|
|
Packit Service |
a1bd4f |
nm_auth_subject_get_unix_process_uid(NMAuthSubject *subject)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
CHECK_SUBJECT_TYPED(subject, NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS, G_MAXULONG);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
return priv->unix_process.uid;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
const char *
|
|
Packit Service |
a1bd4f |
nm_auth_subject_get_unix_process_dbus_sender(NMAuthSubject *subject)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
CHECK_SUBJECT_TYPED(subject, NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS, NULL);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
return priv->unix_process.dbus_sender;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
const char *
|
|
Packit Service |
a1bd4f |
nm_auth_subject_get_unix_session_id(NMAuthSubject *subject)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
CHECK_SUBJECT_TYPED(subject, NM_AUTH_SUBJECT_TYPE_UNIX_SESSION, NULL);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
return priv->unix_session.id;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/**
|
|
Packit |
5756e2 |
* nm_auth_subject_new_internal():
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* Creates a new auth subject representing the NetworkManager process itself.
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* Returns: the new #NMAuthSubject
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
NMAuthSubject *
|
|
Packit Service |
a1bd4f |
nm_auth_subject_new_internal(void)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
return NM_AUTH_SUBJECT(g_object_new(NM_TYPE_AUTH_SUBJECT,
|
|
Packit Service |
a1bd4f |
NM_AUTH_SUBJECT_SUBJECT_TYPE,
|
|
Packit Service |
a1bd4f |
(int) NM_AUTH_SUBJECT_TYPE_INTERNAL,
|
|
Packit Service |
a1bd4f |
NULL));
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/**
|
|
Packit |
5756e2 |
* nm_auth_subject_new_unix_session():
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* Creates a new auth subject representing a given unix session.
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* Returns: the new #NMAuthSubject
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
NMAuthSubject *
|
|
Packit Service |
a1bd4f |
nm_auth_subject_new_unix_session(const char *session_id)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
return NM_AUTH_SUBJECT(g_object_new(NM_TYPE_AUTH_SUBJECT,
|
|
Packit Service |
a1bd4f |
NM_AUTH_SUBJECT_SUBJECT_TYPE,
|
|
Packit Service |
a1bd4f |
(int) NM_AUTH_SUBJECT_TYPE_UNIX_SESSION,
|
|
Packit Service |
a1bd4f |
NM_AUTH_SUBJECT_UNIX_SESSION_ID,
|
|
Packit Service |
a1bd4f |
session_id,
|
|
Packit Service |
a1bd4f |
NULL));
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/**
|
|
Packit |
5756e2 |
* nm_auth_subject_new_unix_process():
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* Creates a new auth subject representing a given unix process.
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* Returns: the new #NMAuthSubject
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
NMAuthSubject *
|
|
Packit Service |
a1bd4f |
nm_auth_subject_new_unix_process(const char *dbus_sender, gulong pid, gulong uid)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
return NM_AUTH_SUBJECT(g_object_new(NM_TYPE_AUTH_SUBJECT,
|
|
Packit Service |
a1bd4f |
NM_AUTH_SUBJECT_SUBJECT_TYPE,
|
|
Packit Service |
a1bd4f |
(int) NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS,
|
|
Packit Service |
a1bd4f |
NM_AUTH_SUBJECT_UNIX_PROCESS_DBUS_SENDER,
|
|
Packit Service |
a1bd4f |
dbus_sender,
|
|
Packit Service |
a1bd4f |
NM_AUTH_SUBJECT_UNIX_PROCESS_PID,
|
|
Packit Service |
a1bd4f |
pid,
|
|
Packit Service |
a1bd4f |
NM_AUTH_SUBJECT_UNIX_PROCESS_UID,
|
|
Packit Service |
a1bd4f |
uid,
|
|
Packit Service |
a1bd4f |
NULL));
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/**
|
|
Packit |
5756e2 |
* nm_auth_subject_new_unix_process_self():
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* Creates a new auth subject representing the current executing process.
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* Returns: the new #NMAuthSubject
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
NMAuthSubject *
|
|
Packit Service |
a1bd4f |
nm_auth_subject_new_unix_process_self(void)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
return nm_auth_subject_new_unix_process(NULL, getpid(), getuid());
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
get_property(GObject *object, guint prop_id, GValue *value, GParamSpec *pspec)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMAuthSubjectPrivate *priv = NM_AUTH_SUBJECT_GET_PRIVATE(object);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
switch (prop_id) {
|
|
Packit Service |
a1bd4f |
case PROP_SUBJECT_TYPE:
|
|
Packit Service |
a1bd4f |
g_value_set_int(value, priv->subject_type);
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
case PROP_UNIX_PROCESS_DBUS_SENDER:
|
|
Packit Service |
a1bd4f |
g_value_set_string(value, priv->unix_process.dbus_sender);
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
case PROP_UNIX_PROCESS_PID:
|
|
Packit Service |
a1bd4f |
g_value_set_ulong(value, priv->unix_process.pid);
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
case PROP_UNIX_PROCESS_UID:
|
|
Packit Service |
a1bd4f |
g_value_set_ulong(value, priv->unix_process.uid);
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
case PROP_UNIX_SESSION_ID:
|
|
Packit Service |
a1bd4f |
g_value_set_string(value, priv->unix_session.id);
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
default:
|
|
Packit Service |
a1bd4f |
G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec);
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
set_property(GObject *object, guint prop_id, const GValue *value, GParamSpec *pspec)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMAuthSubjectPrivate *priv = NM_AUTH_SUBJECT_GET_PRIVATE(object);
|
|
Packit Service |
a1bd4f |
NMAuthSubjectType subject_type;
|
|
Packit Service |
a1bd4f |
int i;
|
|
Packit Service |
a1bd4f |
const char * str;
|
|
Packit Service |
a1bd4f |
gulong id;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
switch (prop_id) {
|
|
Packit Service |
a1bd4f |
case PROP_SUBJECT_TYPE:
|
|
Packit Service |
a1bd4f |
/* construct-only */
|
|
Packit Service |
a1bd4f |
i = g_value_get_int(value);
|
|
Packit Service |
a1bd4f |
g_return_if_fail(NM_IN_SET(i,
|
|
Packit Service |
a1bd4f |
(int) NM_AUTH_SUBJECT_TYPE_INTERNAL,
|
|
Packit Service |
a1bd4f |
(int) NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS,
|
|
Packit Service |
a1bd4f |
(int) NM_AUTH_SUBJECT_TYPE_UNIX_SESSION));
|
|
Packit Service |
a1bd4f |
subject_type = i;
|
|
Packit Service |
a1bd4f |
priv->subject_type |= subject_type;
|
|
Packit Service |
a1bd4f |
g_return_if_fail(priv->subject_type == subject_type);
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
case PROP_UNIX_PROCESS_DBUS_SENDER:
|
|
Packit Service |
a1bd4f |
/* construct-only */
|
|
Packit Service |
a1bd4f |
if ((str = g_value_get_string(value))) {
|
|
Packit Service |
a1bd4f |
priv->subject_type |= NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS;
|
|
Packit Service |
a1bd4f |
g_return_if_fail(priv->subject_type == NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS);
|
|
Packit Service |
a1bd4f |
priv->unix_process.dbus_sender = g_strdup(str);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
case PROP_UNIX_PROCESS_PID:
|
|
Packit Service |
a1bd4f |
/* construct-only */
|
|
Packit Service |
a1bd4f |
if ((id = g_value_get_ulong(value)) != G_MAXULONG) {
|
|
Packit Service |
a1bd4f |
priv->subject_type |= NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS;
|
|
Packit Service |
a1bd4f |
g_return_if_fail(priv->subject_type == NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS);
|
|
Packit Service |
a1bd4f |
priv->unix_process.pid = id;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
case PROP_UNIX_PROCESS_UID:
|
|
Packit Service |
a1bd4f |
/* construct-only */
|
|
Packit Service |
a1bd4f |
if ((id = g_value_get_ulong(value)) != G_MAXULONG) {
|
|
Packit Service |
a1bd4f |
priv->subject_type |= NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS;
|
|
Packit Service |
a1bd4f |
g_return_if_fail(priv->subject_type == NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS);
|
|
Packit Service |
a1bd4f |
priv->unix_process.uid = id;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
case PROP_UNIX_SESSION_ID:
|
|
Packit Service |
a1bd4f |
/* construct-only */
|
|
Packit Service |
a1bd4f |
if ((str = g_value_get_string(value))) {
|
|
Packit Service |
a1bd4f |
priv->subject_type |= NM_AUTH_SUBJECT_TYPE_UNIX_SESSION;
|
|
Packit Service |
a1bd4f |
g_return_if_fail(priv->subject_type == NM_AUTH_SUBJECT_TYPE_UNIX_SESSION);
|
|
Packit Service |
a1bd4f |
priv->unix_session.id = g_strdup(str);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
default:
|
|
Packit Service |
a1bd4f |
G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec);
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
_clear_private(NMAuthSubject *self)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMAuthSubjectPrivate *priv = NM_AUTH_SUBJECT_GET_PRIVATE(self);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
priv->subject_type = NM_AUTH_SUBJECT_TYPE_INVALID;
|
|
Packit Service |
a1bd4f |
priv->unix_process.pid = G_MAXULONG;
|
|
Packit Service |
a1bd4f |
priv->unix_process.uid = G_MAXULONG;
|
|
Packit Service |
a1bd4f |
nm_clear_g_free(&priv->unix_process.dbus_sender);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
nm_clear_g_free(&priv->unix_session.id);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
nm_auth_subject_init(NMAuthSubject *self)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
_clear_private(self);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
constructed(GObject *object)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMAuthSubject * self = NM_AUTH_SUBJECT(object);
|
|
Packit Service |
a1bd4f |
NMAuthSubjectPrivate *priv = NM_AUTH_SUBJECT_GET_PRIVATE(self);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
/* validate that the created instance. */
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
switch (priv->subject_type) {
|
|
Packit Service |
a1bd4f |
case NM_AUTH_SUBJECT_TYPE_INTERNAL:
|
|
Packit Service |
a1bd4f |
priv->unix_process.pid = G_MAXULONG;
|
|
Packit Service |
a1bd4f |
priv->unix_process.uid = 0; /* internal uses 'root' user */
|
|
Packit Service |
a1bd4f |
return;
|
|
Packit Service |
a1bd4f |
case NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS:
|
|
Packit Service |
a1bd4f |
/* Ensure pid and uid to be representable as int32.
|
|
Packit Service |
a1bd4f |
* DBUS treats them as uint32, polkit library as int. */
|
|
Packit Service |
a1bd4f |
if (priv->unix_process.pid > MIN(G_MAXINT, G_MAXINT32))
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
if (priv->unix_process.uid > MIN(G_MAXINT, G_MAXINT32)) {
|
|
Packit Service |
a1bd4f |
/* for uid==-1, libpolkit-gobject-1 detects the user based on the process id.
|
|
Packit Service |
a1bd4f |
* Don't bother and require the user id as parameter. */
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
priv->unix_process.start_time =
|
|
Packit Service |
a1bd4f |
nm_utils_get_start_time_for_pid(priv->unix_process.pid, NULL, NULL);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (!priv->unix_process.start_time) {
|
|
Packit Service |
a1bd4f |
/* Is the process already gone? Then fail creation of the auth subject
|
|
Packit Service |
a1bd4f |
* by clearing the type. */
|
|
Packit Service |
a1bd4f |
if (kill(priv->unix_process.pid, 0) != 0)
|
|
Packit Service |
a1bd4f |
_clear_private(self);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
/* Otherwise, although we didn't detect a start_time, the process is still around.
|
|
Packit Service |
a1bd4f |
* That could be due to procfs mounted with hidepid. So just accept the request.
|
|
Packit Service |
a1bd4f |
*
|
|
Packit Service |
a1bd4f |
* Polkit on the other side, will accept 0 and try to lookup /proc/$PID/stat
|
|
Packit Service |
a1bd4f |
* itself (and if it fails to do so, assume a start-time of 0 and proceed).
|
|
Packit Service |
a1bd4f |
* The only combination that would fail here, is when NM is able to read the
|
|
Packit Service |
a1bd4f |
* start-time, but polkit is not. */
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
return;
|
|
Packit Service |
a1bd4f |
case NM_AUTH_SUBJECT_TYPE_UNIX_SESSION:
|
|
Packit Service |
a1bd4f |
return;
|
|
Packit Service |
a1bd4f |
default:
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
_clear_private(self);
|
|
Packit Service |
a1bd4f |
g_return_if_reached();
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
finalize(GObject *object)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
_clear_private((NMAuthSubject *) object);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
G_OBJECT_CLASS(nm_auth_subject_parent_class)->finalize(object);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
nm_auth_subject_class_init(NMAuthSubjectClass *config_class)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
GObjectClass *object_class = G_OBJECT_CLASS(config_class);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
object_class->get_property = get_property;
|
|
Packit Service |
a1bd4f |
object_class->set_property = set_property;
|
|
Packit Service |
a1bd4f |
object_class->constructed = constructed;
|
|
Packit Service |
a1bd4f |
object_class->finalize = finalize;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_object_class_install_property(
|
|
Packit Service |
a1bd4f |
object_class,
|
|
Packit Service |
a1bd4f |
PROP_SUBJECT_TYPE,
|
|
Packit Service |
a1bd4f |
g_param_spec_int(NM_AUTH_SUBJECT_SUBJECT_TYPE,
|
|
Packit Service |
a1bd4f |
"",
|
|
Packit Service |
a1bd4f |
"",
|
|
Packit Service |
a1bd4f |
NM_AUTH_SUBJECT_TYPE_INVALID,
|
|
Packit Service |
a1bd4f |
NM_AUTH_SUBJECT_TYPE_UNIX_SESSION,
|
|
Packit Service |
a1bd4f |
NM_AUTH_SUBJECT_TYPE_INVALID,
|
|
Packit Service |
a1bd4f |
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_object_class_install_property(
|
|
Packit Service |
a1bd4f |
object_class,
|
|
Packit Service |
a1bd4f |
PROP_UNIX_PROCESS_DBUS_SENDER,
|
|
Packit Service |
a1bd4f |
g_param_spec_string(NM_AUTH_SUBJECT_UNIX_PROCESS_DBUS_SENDER,
|
|
Packit Service |
a1bd4f |
"",
|
|
Packit Service |
a1bd4f |
"",
|
|
Packit Service |
a1bd4f |
NULL,
|
|
Packit Service |
a1bd4f |
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_object_class_install_property(
|
|
Packit Service |
a1bd4f |
object_class,
|
|
Packit Service |
a1bd4f |
PROP_UNIX_PROCESS_PID,
|
|
Packit Service |
a1bd4f |
g_param_spec_ulong(NM_AUTH_SUBJECT_UNIX_PROCESS_PID,
|
|
Packit Service |
a1bd4f |
"",
|
|
Packit Service |
a1bd4f |
"",
|
|
Packit Service |
a1bd4f |
0,
|
|
Packit Service |
a1bd4f |
G_MAXULONG,
|
|
Packit Service |
a1bd4f |
G_MAXULONG,
|
|
Packit Service |
a1bd4f |
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_object_class_install_property(
|
|
Packit Service |
a1bd4f |
object_class,
|
|
Packit Service |
a1bd4f |
PROP_UNIX_PROCESS_UID,
|
|
Packit Service |
a1bd4f |
g_param_spec_ulong(NM_AUTH_SUBJECT_UNIX_PROCESS_UID,
|
|
Packit Service |
a1bd4f |
"",
|
|
Packit Service |
a1bd4f |
"",
|
|
Packit Service |
a1bd4f |
0,
|
|
Packit Service |
a1bd4f |
G_MAXULONG,
|
|
Packit Service |
a1bd4f |
G_MAXULONG,
|
|
Packit Service |
a1bd4f |
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_object_class_install_property(
|
|
Packit Service |
a1bd4f |
object_class,
|
|
Packit Service |
a1bd4f |
PROP_UNIX_SESSION_ID,
|
|
Packit Service |
a1bd4f |
g_param_spec_string(NM_AUTH_SUBJECT_UNIX_SESSION_ID,
|
|
Packit Service |
a1bd4f |
"",
|
|
Packit Service |
a1bd4f |
"",
|
|
Packit Service |
a1bd4f |
NULL,
|
|
Packit Service |
a1bd4f |
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS));
|
|
Packit |
5756e2 |
}
|