diff options
| author | Pavel Šimerda <psimerda@redhat.com> | 2015-01-02 21:20:38 +0100 |
|---|---|---|
| committer | Pavel Šimerda <psimerda@redhat.com> | 2015-01-05 18:38:22 +0100 |
| commit | 5fb31ba5d1c54ae9bf723e20fb1e4a83cf2a0496 (patch) | |
| tree | 5191dfdd4b1b6a80a906e257a950c9fe1e901795 | |
| parent | 335bbc63357cc963628ad97f465433d1936fe0ba (diff) | |
session: switch code to nm_session_monitor_session_exists()
Acked-By: Thomas Haller <thaller@redhat.com>
| -rw-r--r-- | src/nm-auth-utils.c | 13 | ||||
| -rw-r--r-- | src/nm-session-monitor.c | 22 | ||||
| -rw-r--r-- | src/nm-session-monitor.h | 1 | ||||
| -rw-r--r-- | src/settings/nm-agent-manager.c | 18 | ||||
| -rw-r--r-- | src/settings/nm-settings-connection.c | 18 |
5 files changed, 43 insertions, 29 deletions
diff --git a/src/nm-auth-utils.c b/src/nm-auth-utils.c index 9ace16292..1c20622ad 100644 --- a/src/nm-auth-utils.c +++ b/src/nm-auth-utils.c @@ -425,7 +425,6 @@ nm_auth_is_subject_in_acl (NMConnection *connection, { NMSettingConnection *s_con; const char *user = NULL; - GError *local = NULL; gulong uid; g_return_val_if_fail (connection != NULL, FALSE); @@ -443,17 +442,13 @@ nm_auth_is_subject_in_acl (NMConnection *connection, return TRUE; /* Reject the request if the request comes from no session at all */ - if (!nm_session_monitor_uid_has_session (smon, uid, &user, &local)) { - if (out_error_desc) { - *out_error_desc = g_strdup_printf ("No session found for uid %lu (%s)", - uid, - local && local->message ? local->message : "unknown"); - } - g_clear_error (&local); + if (!nm_session_monitor_session_exists (uid, FALSE)) { + if (out_error_desc) + *out_error_desc = g_strdup_printf ("No session found for uid %lu", uid); return FALSE; } - if (!user) { + if (!nm_session_monitor_uid_to_user (uid, &user)) { if (out_error_desc) *out_error_desc = g_strdup_printf ("Could not determine username for uid %lu", uid); return FALSE; diff --git a/src/nm-session-monitor.c b/src/nm-session-monitor.c index d398056e6..c9ee3426f 100644 --- a/src/nm-session-monitor.c +++ b/src/nm-session-monitor.c @@ -65,3 +65,25 @@ nm_session_monitor_user_to_uid (const char *user, uid_t *out_uid) return TRUE; } + +/** + * nm_session_monitor_session_exists: + * @uid: A user ID. + * @active: Ignore inactive sessions. + * + * Checks whether the given @uid is logged into an active session. Don't + * use this feature for security purposes. It is there just to allow you + * to prefer an agent from an active session over an agent from an + * inactive one. + * + * Returns: %FALSE if @error is set otherwise %TRUE if the given @uid is + * logged into an active session. + */ +gboolean +nm_session_monitor_session_exists (uid_t uid, gboolean active) +{ + if (active) + return nm_session_monitor_uid_active (nm_session_monitor_get (), uid, NULL); + else + return nm_session_monitor_uid_has_session (nm_session_monitor_get (), uid, NULL, NULL); +} diff --git a/src/nm-session-monitor.h b/src/nm-session-monitor.h index d05ee3451..818941ef7 100644 --- a/src/nm-session-monitor.h +++ b/src/nm-session-monitor.h @@ -43,6 +43,7 @@ NMSessionMonitor *nm_session_monitor_get (void); gboolean nm_session_monitor_uid_to_user (uid_t uid, const char **out_user); gboolean nm_session_monitor_user_to_uid (const char *user, uid_t *out_uid); +gboolean nm_session_monitor_session_exists (uid_t uid, gboolean active); gboolean nm_session_monitor_user_has_session (NMSessionMonitor *monitor, const char *username, diff --git a/src/settings/nm-agent-manager.c b/src/settings/nm-agent-manager.c index cc4b1943c..37ed42bdb 100644 --- a/src/settings/nm-agent-manager.c +++ b/src/settings/nm-agent-manager.c @@ -273,7 +273,7 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self, NMAgentManagerPrivate *priv = NM_AGENT_MANAGER_GET_PRIVATE (self); NMAuthSubject *subject; gulong sender_uid = G_MAXULONG; - GError *error = NULL, *local = NULL; + GError *error = NULL; NMSecretAgent *agent; NMAuthChain *chain; @@ -287,13 +287,10 @@ impl_agent_manager_register_with_capabilities (NMAgentManager *self, sender_uid = nm_auth_subject_get_unix_process_uid (subject); if ( 0 != sender_uid - && !nm_session_monitor_uid_has_session (nm_session_monitor_get (), - sender_uid, - NULL, - &local)) { + && !nm_session_monitor_session_exists (sender_uid, FALSE)) { error = g_error_new_literal (NM_AGENT_MANAGER_ERROR, NM_AGENT_MANAGER_ERROR_PERMISSION_DENIED, - local && local->message ? local->message : "Session not found"); + "Session not found"); goto done; } @@ -339,7 +336,6 @@ done: if (error) dbus_g_method_return_error (context, error); g_clear_error (&error); - g_clear_error (&local); g_clear_object (&subject); } @@ -530,12 +526,8 @@ agent_compare_func (gconstpointer aa, gconstpointer bb, gpointer user_data) } /* Prefer agents in active sessions */ - a_active = nm_session_monitor_uid_active (nm_session_monitor_get (), - nm_secret_agent_get_owner_uid (a), - NULL); - b_active = nm_session_monitor_uid_active (nm_session_monitor_get (), - nm_secret_agent_get_owner_uid (b), - NULL); + a_active = nm_session_monitor_session_exists (nm_secret_agent_get_owner_uid (a), TRUE); + b_active = nm_session_monitor_session_exists (nm_secret_agent_get_owner_uid (b), TRUE); if (a_active && !b_active) return -1; else if (a_active == b_active) diff --git a/src/settings/nm-settings-connection.c b/src/settings/nm-settings-connection.c index 529f4d8f4..0e8b0fafb 100644 --- a/src/settings/nm-settings-connection.c +++ b/src/settings/nm-settings-connection.c @@ -262,14 +262,18 @@ nm_settings_connection_recheck_visibility (NMSettingsConnection *self) } for (i = 0; i < num; i++) { - const char *puser; + const char *user; + uid_t uid; - if (nm_setting_connection_get_permission (s_con, i, NULL, &puser, NULL)) { - if (nm_session_monitor_user_has_session (priv->session_monitor, puser, NULL, NULL)) { - set_visible (self, TRUE); - return; - } - } + if (!nm_setting_connection_get_permission (s_con, i, NULL, &user, NULL)) + continue; + if (!nm_session_monitor_user_to_uid (user, &uid)) + continue; + if (!nm_session_monitor_session_exists (uid, FALSE)) + continue; + + set_visible (self, TRUE); + return; } set_visible (self, FALSE); |