diff options
Diffstat (limited to 'src/system-settings/nm-sysconfig-connection.c')
-rw-r--r-- | src/system-settings/nm-sysconfig-connection.c | 662 |
1 files changed, 662 insertions, 0 deletions
diff --git a/src/system-settings/nm-sysconfig-connection.c b/src/system-settings/nm-sysconfig-connection.c new file mode 100644 index 000000000..73906d20a --- /dev/null +++ b/src/system-settings/nm-sysconfig-connection.c @@ -0,0 +1,662 @@ +/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ +/* NetworkManager system settings service + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * (C) Copyright 2008 Novell, Inc. + * (C) Copyright 2008 - 2010 Red Hat, Inc. + */ + +#include <NetworkManager.h> +#include <dbus/dbus-glib-lowlevel.h> + +#include "nm-sysconfig-connection.h" +#include "nm-system-config-error.h" +#include "nm-dbus-glib-types.h" +#include "nm-settings-connection-interface.h" +#include "nm-settings-interface.h" +#include "nm-polkit-helpers.h" +#include "nm-logging.h" + + +static void settings_connection_interface_init (NMSettingsConnectionInterface *klass); + +G_DEFINE_TYPE_EXTENDED (NMSysconfigConnection, nm_sysconfig_connection, NM_TYPE_EXPORTED_CONNECTION, 0, + G_IMPLEMENT_INTERFACE (NM_TYPE_SETTINGS_CONNECTION_INTERFACE, + settings_connection_interface_init)) + +#define NM_SYSCONFIG_CONNECTION_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), \ + NM_TYPE_SYSCONFIG_CONNECTION, \ + NMSysconfigConnectionPrivate)) + +typedef struct { + PolkitAuthority *authority; + GSList *pk_calls; + NMConnection *secrets; +} NMSysconfigConnectionPrivate; + +/**************************************************************/ + +static void +ignore_cb (NMSettingsConnectionInterface *connection, + GError *error, + gpointer user_data) +{ +} + +gboolean +nm_sysconfig_connection_update (NMSysconfigConnection *self, + NMConnection *new, + gboolean signal_update, + GError **error) +{ + NMSysconfigConnectionPrivate *priv; + GHashTable *new_settings; + gboolean success = FALSE; + + g_return_val_if_fail (self != NULL, FALSE); + g_return_val_if_fail (NM_IS_SYSCONFIG_CONNECTION (self), FALSE); + g_return_val_if_fail (new != NULL, FALSE); + g_return_val_if_fail (NM_IS_CONNECTION (new), FALSE); + + priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (self); + + /* Do nothing if there's nothing to update */ + if (nm_connection_compare (NM_CONNECTION (self), + NM_CONNECTION (new), + NM_SETTING_COMPARE_FLAG_EXACT)) + return TRUE; + + new_settings = nm_connection_to_hash (new); + g_assert (new_settings); + if (nm_connection_replace_settings (NM_CONNECTION (self), new_settings, error)) { + /* Copy the connection to keep its secrets around even if NM + * calls nm_connection_clear_secrets(). + */ + if (priv->secrets) + g_object_unref (priv->secrets); + priv->secrets = nm_connection_duplicate (NM_CONNECTION (self)); + + if (signal_update) { + nm_settings_connection_interface_update (NM_SETTINGS_CONNECTION_INTERFACE (self), + ignore_cb, + NULL); + } + success = TRUE; + } + g_hash_table_destroy (new_settings); + return success; +} + +/**************************************************************/ + +static GValue * +string_to_gvalue (const char *str) +{ + GValue *val = g_slice_new0 (GValue); + + g_value_init (val, G_TYPE_STRING); + g_value_set_string (val, str); + return val; +} + +static GValue * +byte_array_to_gvalue (const GByteArray *array) +{ + GValue *val; + + val = g_slice_new0 (GValue); + g_value_init (val, DBUS_TYPE_G_UCHAR_ARRAY); + g_value_set_boxed (val, array); + + return val; +} + +static void +copy_one_secret (gpointer key, gpointer value, gpointer user_data) +{ + const char *value_str = (const char *) value; + + if (value_str) { + g_hash_table_insert ((GHashTable *) user_data, + g_strdup ((char *) key), + string_to_gvalue (value_str)); + } +} + +static void +add_secrets (NMSetting *setting, + const char *key, + const GValue *value, + GParamFlags flags, + gpointer user_data) +{ + GHashTable *secrets = user_data; + + if (!(flags & NM_SETTING_PARAM_SECRET)) + return; + + /* Copy secrets into the returned hash table */ + if (G_VALUE_HOLDS_STRING (value)) { + const char *tmp; + + tmp = g_value_get_string (value); + if (tmp) + g_hash_table_insert (secrets, g_strdup (key), string_to_gvalue (tmp)); + } else if (G_VALUE_HOLDS (value, DBUS_TYPE_G_MAP_OF_STRING)) { + /* Flatten the string hash by pulling its keys/values out */ + g_hash_table_foreach (g_value_get_boxed (value), copy_one_secret, secrets); + } else if (G_VALUE_TYPE (value) == DBUS_TYPE_G_UCHAR_ARRAY) { + GByteArray *array; + + array = g_value_get_boxed (value); + if (array) + g_hash_table_insert (secrets, g_strdup (key), byte_array_to_gvalue (array)); + } +} + +static void +destroy_gvalue (gpointer data) +{ + GValue *value = (GValue *) data; + + g_value_unset (value); + g_slice_free (GValue, value); +} + +static gboolean +get_secrets (NMSettingsConnectionInterface *connection, + const char *setting_name, + const char **hints, + gboolean request_new, + NMSettingsConnectionInterfaceGetSecretsFunc callback, + gpointer user_data) +{ + NMSysconfigConnection *self = NM_SYSCONFIG_CONNECTION (connection); + NMSysconfigConnectionPrivate *priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (self); + GHashTable *settings = NULL; + GHashTable *secrets = NULL; + NMSetting *setting; + GError *error = NULL; + + /* Use priv->secrets to work around the fact that nm_connection_clear_secrets() + * will clear secrets on this object's settings. priv->secrets should be + * a complete copy of this object and kept in sync by + * nm_sysconfig_connection_update(). + */ + if (!priv->secrets) { + error = g_error_new (NM_SETTINGS_INTERFACE_ERROR, + NM_SETTINGS_INTERFACE_ERROR_INVALID_CONNECTION, + "%s.%d - Internal error; secrets cache invalid.", + __FILE__, __LINE__); + (*callback) (connection, NULL, error, user_data); + g_error_free (error); + return TRUE; + } + + setting = nm_connection_get_setting_by_name (priv->secrets, setting_name); + if (!setting) { + error = g_error_new (NM_SETTINGS_INTERFACE_ERROR, + NM_SETTINGS_INTERFACE_ERROR_INVALID_SETTING, + "%s.%d - Connection didn't have requested setting '%s'.", + __FILE__, __LINE__, setting_name); + (*callback) (connection, NULL, error, user_data); + g_error_free (error); + return TRUE; + } + + /* Returned secrets are a{sa{sv}}; this is the outer a{s...} hash that + * will contain all the individual settings hashes. + */ + settings = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, (GDestroyNotify) g_hash_table_destroy); + + /* Add the secrets from this setting to the inner secrets hash for this setting */ + secrets = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, destroy_gvalue); + nm_setting_enumerate_values (setting, add_secrets, secrets); + + g_hash_table_insert (settings, g_strdup (setting_name), secrets); + callback (connection, settings, NULL, user_data); + g_hash_table_destroy (settings); + return TRUE; +} + +/**************************************************************/ + +typedef struct { + NMSysconfigConnection *self; + DBusGMethodInvocation *context; + PolkitSubject *subject; + GCancellable *cancellable; + gboolean disposed; + + /* Update */ + NMConnection *connection; + + /* Secrets */ + char *setting_name; + char **hints; + gboolean request_new; +} PolkitCall; + +static PolkitCall * +polkit_call_new (NMSysconfigConnection *self, + DBusGMethodInvocation *context, + NMConnection *connection, + const char *setting_name, + const char **hints, + gboolean request_new) +{ + PolkitCall *call; + char *sender; + + g_return_val_if_fail (self != NULL, NULL); + g_return_val_if_fail (context != NULL, NULL); + + call = g_malloc0 (sizeof (PolkitCall)); + call->self = self; + call->context = context; + call->cancellable = g_cancellable_new (); + call->connection = connection; + call->setting_name = g_strdup (setting_name); + if (hints) + call->hints = g_strdupv ((char **) hints); + call->request_new = request_new; + + sender = dbus_g_method_get_sender (context); + call->subject = polkit_system_bus_name_new (sender); + g_free (sender); + + return call; +} + +static void +polkit_call_free (PolkitCall *call) +{ + if (call->connection) + g_object_unref (call->connection); + g_free (call->setting_name); + if (call->hints) + g_strfreev (call->hints); + + g_object_unref (call->subject); + g_object_unref (call->cancellable); + g_free (call); +} + +static void +con_update_cb (NMSettingsConnectionInterface *connection, + GError *error, + gpointer user_data) +{ + PolkitCall *call = user_data; + + if (error) + dbus_g_method_return_error (call->context, error); + else + dbus_g_method_return (call->context); + + polkit_call_free (call); +} + +static void +pk_update_cb (GObject *object, GAsyncResult *result, gpointer user_data) +{ + PolkitCall *call = user_data; + NMSysconfigConnection *self = call->self; + NMSysconfigConnectionPrivate *priv; + PolkitAuthorizationResult *pk_result; + GError *error = NULL; + + /* If our NMSysconfigConnection is already gone, do nothing */ + if (call->disposed) { + error = g_error_new_literal (NM_SYSCONFIG_SETTINGS_ERROR, + NM_SYSCONFIG_SETTINGS_ERROR_GENERAL, + "Request was canceled."); + dbus_g_method_return_error (call->context, error); + g_error_free (error); + polkit_call_free (call); + return; + } + + priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (self); + + priv->pk_calls = g_slist_remove (priv->pk_calls, call); + + pk_result = polkit_authority_check_authorization_finish (priv->authority, + result, + &error); + /* Some random error happened */ + if (error) { + dbus_g_method_return_error (call->context, error); + g_error_free (error); + polkit_call_free (call); + return; + } + + /* Caller didn't successfully authenticate */ + if (!polkit_authorization_result_get_is_authorized (pk_result)) { + error = g_error_new_literal (NM_SYSCONFIG_SETTINGS_ERROR, + NM_SYSCONFIG_SETTINGS_ERROR_NOT_PRIVILEGED, + "Insufficient privileges."); + dbus_g_method_return_error (call->context, error); + g_error_free (error); + polkit_call_free (call); + goto out; + } + + /* Update our settings internally so the update() call will save the new + * ones. We don't let nm_sysconfig_connection_update() handle the update + * signal since we need our own callback after the update is done. + */ + if (!nm_sysconfig_connection_update (self, call->connection, FALSE, &error)) { + /* Shouldn't really happen since we've already validated the settings */ + dbus_g_method_return_error (call->context, error); + g_error_free (error); + polkit_call_free (call); + goto out; + } + + /* Caller is authenticated, now we can finally try to commit the update */ + nm_settings_connection_interface_update (NM_SETTINGS_CONNECTION_INTERFACE (self), + con_update_cb, + call); + +out: + g_object_unref (pk_result); +} + +static void +dbus_update (NMExportedConnection *exported, + GHashTable *new_settings, + DBusGMethodInvocation *context) +{ + NMSysconfigConnection *self = NM_SYSCONFIG_CONNECTION (exported); + NMSysconfigConnectionPrivate *priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (self); + PolkitCall *call; + NMConnection *tmp; + GError *error = NULL; + + /* Check if the settings are valid first */ + tmp = nm_connection_new_from_hash (new_settings, &error); + if (!tmp) { + g_assert (error); + dbus_g_method_return_error (context, error); + g_error_free (error); + return; + } + + call = polkit_call_new (self, context, tmp, NULL, NULL, FALSE); + g_assert (call); + polkit_authority_check_authorization (priv->authority, + call->subject, + NM_SYSCONFIG_POLICY_ACTION_CONNECTION_MODIFY, + NULL, + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, + call->cancellable, + pk_update_cb, + call); + priv->pk_calls = g_slist_prepend (priv->pk_calls, call); +} + +static void +con_delete_cb (NMSettingsConnectionInterface *connection, + GError *error, + gpointer user_data) +{ + PolkitCall *call = user_data; + + if (error) + dbus_g_method_return_error (call->context, error); + else + dbus_g_method_return (call->context); + + polkit_call_free (call); +} + +static void +pk_delete_cb (GObject *object, GAsyncResult *result, gpointer user_data) +{ + PolkitCall *call = user_data; + NMSysconfigConnection *self = call->self; + NMSysconfigConnectionPrivate *priv; + PolkitAuthorizationResult *pk_result; + GError *error = NULL; + + /* If our NMSysconfigConnection is already gone, do nothing */ + if (call->disposed) { + error = g_error_new_literal (NM_SYSCONFIG_SETTINGS_ERROR, + NM_SYSCONFIG_SETTINGS_ERROR_GENERAL, + "Request was canceled."); + dbus_g_method_return_error (call->context, error); + g_error_free (error); + polkit_call_free (call); + return; + } + + priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (self); + + priv->pk_calls = g_slist_remove (priv->pk_calls, call); + + pk_result = polkit_authority_check_authorization_finish (priv->authority, + result, + &error); + /* Some random error happened */ + if (error) { + dbus_g_method_return_error (call->context, error); + g_error_free (error); + polkit_call_free (call); + return; + } + + /* Caller didn't successfully authenticate */ + if (!polkit_authorization_result_get_is_authorized (pk_result)) { + error = g_error_new_literal (NM_SYSCONFIG_SETTINGS_ERROR, + NM_SYSCONFIG_SETTINGS_ERROR_NOT_PRIVILEGED, + "Insufficient privileges."); + dbus_g_method_return_error (call->context, error); + g_error_free (error); + polkit_call_free (call); + goto out; + } + + /* Caller is authenticated, now we can finally try to delete */ + nm_settings_connection_interface_delete (NM_SETTINGS_CONNECTION_INTERFACE (self), + con_delete_cb, + call); + +out: + g_object_unref (pk_result); +} + +static void +dbus_delete (NMExportedConnection *exported, + DBusGMethodInvocation *context) +{ + NMSysconfigConnection *self = NM_SYSCONFIG_CONNECTION (exported); + NMSysconfigConnectionPrivate *priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (self); + PolkitCall *call; + + call = polkit_call_new (self, context, NULL, NULL, NULL, FALSE); + g_assert (call); + polkit_authority_check_authorization (priv->authority, + call->subject, + NM_SYSCONFIG_POLICY_ACTION_CONNECTION_MODIFY, + NULL, + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, + call->cancellable, + pk_delete_cb, + call); + priv->pk_calls = g_slist_prepend (priv->pk_calls, call); +} + +static void +con_secrets_cb (NMSettingsConnectionInterface *connection, + GHashTable *secrets, + GError *error, + gpointer user_data) +{ + PolkitCall *call = user_data; + + if (error) + dbus_g_method_return_error (call->context, error); + else + dbus_g_method_return (call->context, secrets); + + polkit_call_free (call); +} + +static void +pk_secrets_cb (GObject *object, GAsyncResult *result, gpointer user_data) +{ + PolkitCall *call = user_data; + NMSysconfigConnection *self = call->self; + NMSysconfigConnectionPrivate *priv; + PolkitAuthorizationResult *pk_result; + GError *error = NULL; + + /* If our NMSysconfigConnection is already gone, do nothing */ + if (call->disposed) { + error = g_error_new_literal (NM_SYSCONFIG_SETTINGS_ERROR, + NM_SYSCONFIG_SETTINGS_ERROR_GENERAL, + "Request was canceled."); + dbus_g_method_return_error (call->context, error); + g_error_free (error); + polkit_call_free (call); + return; + } + + priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (self); + + priv->pk_calls = g_slist_remove (priv->pk_calls, call); + + pk_result = polkit_authority_check_authorization_finish (priv->authority, + result, + &error); + /* Some random error happened */ + if (error) { + dbus_g_method_return_error (call->context, error); + g_error_free (error); + polkit_call_free (call); + return; + } + + /* Caller didn't successfully authenticate */ + if (!polkit_authorization_result_get_is_authorized (pk_result)) { + error = g_error_new_literal (NM_SYSCONFIG_SETTINGS_ERROR, + NM_SYSCONFIG_SETTINGS_ERROR_NOT_PRIVILEGED, + "Insufficient privileges."); + dbus_g_method_return_error (call->context, error); + g_error_free (error); + polkit_call_free (call); + goto out; + } + + /* Caller is authenticated, now we can finally try to update */ + nm_settings_connection_interface_get_secrets (NM_SETTINGS_CONNECTION_INTERFACE (self), + call->setting_name, + (const char **) call->hints, + call->request_new, + con_secrets_cb, + call); + +out: + g_object_unref (pk_result); +} + +static void +dbus_get_secrets (NMExportedConnection *exported, + const gchar *setting_name, + const gchar **hints, + gboolean request_new, + DBusGMethodInvocation *context) +{ + NMSysconfigConnection *self = NM_SYSCONFIG_CONNECTION (exported); + NMSysconfigConnectionPrivate *priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (self); + PolkitCall *call; + + call = polkit_call_new (self, context, NULL, setting_name, hints, request_new); + g_assert (call); + polkit_authority_check_authorization (priv->authority, + call->subject, + NM_SYSCONFIG_POLICY_ACTION_CONNECTION_MODIFY, + NULL, + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, + call->cancellable, + pk_secrets_cb, + call); + priv->pk_calls = g_slist_prepend (priv->pk_calls, call); +} + +/**************************************************************/ + +static void +settings_connection_interface_init (NMSettingsConnectionInterface *iface) +{ + iface->get_secrets = get_secrets; +} + +static void +nm_sysconfig_connection_init (NMSysconfigConnection *self) +{ + NMSysconfigConnectionPrivate *priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (self); + GError *error = NULL; + + priv->authority = polkit_authority_get_sync (NULL, NULL); + if (!priv->authority) { + nm_log_warn (LOGD_SYS_SET, "failed to create PolicyKit authority: (%d) %s", + error ? error->code : -1, + error && error->message ? error->message : "(unknown)"); + g_clear_error (&error); + } +} + +static void +dispose (GObject *object) +{ + NMSysconfigConnection *self = NM_SYSCONFIG_CONNECTION (object); + NMSysconfigConnectionPrivate *priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (self); + GSList *iter; + + if (priv->secrets) + g_object_unref (priv->secrets); + + /* Cancel PolicyKit requests */ + for (iter = priv->pk_calls; iter; iter = g_slist_next (iter)) { + PolkitCall *call = iter->data; + + call->disposed = TRUE; + g_cancellable_cancel (call->cancellable); + } + g_slist_free (priv->pk_calls); + priv->pk_calls = NULL; + + G_OBJECT_CLASS (nm_sysconfig_connection_parent_class)->dispose (object); +} + +static void +nm_sysconfig_connection_class_init (NMSysconfigConnectionClass *class) +{ + GObjectClass *object_class = G_OBJECT_CLASS (class); + NMExportedConnectionClass *ec_class = NM_EXPORTED_CONNECTION_CLASS (class); + + g_type_class_add_private (class, sizeof (NMSysconfigConnectionPrivate)); + + /* Virtual methods */ + object_class->dispose = dispose; + ec_class->update = dbus_update; + ec_class->delete = dbus_delete; + ec_class->get_secrets = dbus_get_secrets; +} |