[Moblin-Commits] Connection Manager: Changes to 'master'

Marcel Holtmann Wed, 13 Aug 2008 00:22:20 -0700

This email list is read-only.  Emails sent to this list will be discarded
----------------------------------
 plugins/Makefile.am    |    6 +++++
 plugins/connman.policy |   20 ++++++++++++++++++
 plugins/polkit.c       |   52 ++++++++++++++++++++++++++++++++++++++++-------
 src/Makefile.am        |    4 +-
 src/connman.h          |    4 +++
 src/error.c            |   34 +++++++++++++++++++++++++++++++
 src/security.c         |   28 +++++++++++++++++++++++++
 7 files changed, 138 insertions(+), 10 deletions(-)


New commits:
commit 4f1f10a796d17381a348631bd282828175252250
Author: Marcel Holtmann <[EMAIL PROTECTED]>
Date:   Wed Aug 13 07:47:50 2008 +0200

    Start consolidating D-Bus errors

commit 38ac39ac6d5a2407826f8de6442af4a2bc177c0b
Author: Marcel Holtmann <[EMAIL PROTECTED]>
Date:   Wed Aug 13 07:34:34 2008 +0200

    Include connman.policy even if PolicyKit is disabled

commit e25d3bebe018bfbb85cee46376e5e82325c2f4eb
Author: Marcel Holtmann <[EMAIL PROTECTED]>
Date:   Wed Aug 13 07:25:25 2008 +0200

    Remove shadow variable messing up the result

commit bea9c6088b3ad1ccc77fbdf7c73ff1e564b277e6
Author: Marcel Holtmann <[EMAIL PROTECTED]>
Date:   Wed Aug 13 07:21:09 2008 +0200

    Add authorization callback for privileges check

commit 3b967d36b32d6bfb156e82ac116c7881f69febd4
Author: Marcel Holtmann <[EMAIL PROTECTED]>
Date:   Wed Aug 13 07:18:47 2008 +0200

    Add PolicyKit policy configuration file

commit 50553d0bc4e0ad0a882440b816c64dfe6d0fdb71
Author: Marcel Holtmann <[EMAIL PROTECTED]>
Date:   Wed Aug 13 06:45:07 2008 +0200

    Add hook for privileges check


Diff in this email is a maximum of 400 lines.
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 03ac0f3..d210f46 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -37,6 +37,10 @@ plugin_LTLIBRARIES += polkit.la
 polkit_la_SOURCES = polkit.c
 polkit_la_LIBADD = @POLKIT_LIBS@ @GLIB_LIBS@
 polkit_la_CFLAGS = @GLIB_CFLAGS@ @POLKIT_CFLAGS@
+
+policydir = $(datadir)/PolicyKit/policy
+
+policy_DATA = connman.policy
 endif
 
 AM_LDFLAGS = -no-undefined -module -avoid-version \
@@ -54,4 +58,6 @@ AM_CFLAGS = @GLIB_CFLAGS@ @GDBUS_CFLAGS@
 
 INCLUDES = -I$(top_builddir)/include
 
+EXTRA_DIST = connman.policy
+
 MAINTAINERCLEANFILES = Makefile.in
diff --git a/plugins/connman.policy b/plugins/connman.policy
new file mode 100644
index 0000000..2dcc37c
--- /dev/null
+++ b/plugins/connman.policy
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd";>
+
+<policyconfig>
+
+  <vendor>Connection Manager</vendor>
+  <icon_name>stock_internet</icon_name>
+
+  <action id="org.moblin.connman.modify">
+    <description>Modify configuration</description>
+    <message>Policy prevents modification of settings</message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>auth_admin_keep_always</allow_active>
+    </defaults>
+  </action>
+
+</policyconfig>
diff --git a/plugins/polkit.c b/plugins/polkit.c
index bff357f..7bed0b1 100644
--- a/plugins/polkit.c
+++ b/plugins/polkit.c
@@ -32,13 +32,47 @@
 #include <connman/security.h>
 #include <connman/log.h>
 
-static PolKitContext *polkit_context = NULL;
+#define ACTION "org.moblin.connman.modify"
+
+static DBusConnection *connection;
+static PolKitContext *polkit_context;
 
 static int polkit_authorize(const char *sender)
 {
+       DBusError error;
+       PolKitCaller *caller;
+       PolKitAction *action;
+       PolKitResult result;
+
        DBG("sender %s", sender);
 
-       return -EPERM;
+       dbus_error_init(&error);
+
+       caller = polkit_caller_new_from_dbus_name(connection, sender, &error);
+       if (caller == NULL) {
+               if (dbus_error_is_set(&error) == TRUE) {
+                       connman_error("%s", error.message);
+                       dbus_error_free(&error);
+               } else
+                       connman_error("Failed to get caller information");
+               return -EIO;
+       }
+
+       action = polkit_action_new();
+       polkit_action_set_action_id(action, ACTION);
+
+       result = polkit_context_is_caller_authorized(polkit_context,
+                                               action, caller, TRUE, NULL);
+
+       polkit_action_unref(action);
+       polkit_caller_unref(caller);
+
+       DBG("result %s", polkit_result_to_string_representation(result));
+
+       if (result == POLKIT_RESULT_NO)
+               return -EPERM;
+
+       return 0;
 }
 
 static struct connman_security polkit_security = {
@@ -90,6 +124,10 @@ static int polkit_init(void)
 {
        int err;
 
+       connection = dbus_bus_get(DBUS_BUS_SYSTEM, NULL);
+       if (connection == NULL)
+               return -EIO;
+
        polkit_context = polkit_context_new();
 
        polkit_context_set_io_watch_functions(polkit_context,
@@ -98,14 +136,14 @@ static int polkit_init(void)
        if (polkit_context_init(polkit_context, NULL) == FALSE) {
                connman_error("Can't initialize PolicyKit");
                polkit_context_unref(polkit_context);
-               polkit_context = NULL;
+               dbus_connection_unref(connection);
                return -EIO;
        }
 
        err = connman_security_register(&polkit_security);
        if (err < 0) {
                polkit_context_unref(polkit_context);
-               polkit_context = NULL;
+               dbus_connection_unref(connection);
                return err;
        }
 
@@ -116,11 +154,9 @@ static void polkit_exit(void)
 {
        connman_security_unregister(&polkit_security);
 
-       if (polkit_context == NULL)
-               return;
-
        polkit_context_unref(polkit_context);
-       polkit_context = NULL;
+
+       dbus_connection_unref(connection);
 }
 
 CONNMAN_PLUGIN_DEFINE("polkit", "PolicyKit authorization plugin", VERSION,
diff --git a/src/Makefile.am b/src/Makefile.am
index ea4a21d..9c12a8b 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -11,8 +11,8 @@ DISTCLEANFILES = $(service_DATA)
 
 sbin_PROGRAMS = connmand
 
-connmand_SOURCES = main.c connman.h log.c plugin.c profile.c element.c \
-                               security.c storage.c manager.c agent.c rtnl.c
+connmand_SOURCES = main.c connman.h log.c error.c plugin.c profile.c \
+               element.c security.c storage.c manager.c agent.c rtnl.c
 
 connmand_LDADD = @GDBUS_LIBS@ @GLIB_LIBS@ @GMODULE_LIBS@ @GTHREAD_LIBS@
 
diff --git a/src/connman.h b/src/connman.h
index fde2bd3..7bde14e 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -27,6 +27,8 @@
 #define NM_PATH       "/org/freedesktop/NetworkManager"
 #define NM_INTERFACE  NM_SERVICE
 
+DBusMessage *__connman_error_permission_denied(DBusMessage *msg);
+
 int __connman_storage_init(void);
 void __connman_storage_cleanup(void);
 
@@ -56,6 +58,8 @@ void __connman_plugin_cleanup(void);
 
 #include <connman/security.h>
 
+int __connman_security_check_privileges(DBusMessage *message);
+
 #include <connman/driver.h>
 #include <connman/element.h>
 
diff --git a/src/error.c b/src/error.c
new file mode 100644
index 0000000..627cf3d
--- /dev/null
+++ b/src/error.c
@@ -0,0 +1,34 @@
+/*
+ *
+ *  Connection Manager
+ *
+ *  Copyright (C) 2007-2008  Intel Corporation. All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2 as
+ *  published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <gdbus.h>
+
+#include "connman.h"
+
+DBusMessage *__connman_error_permission_denied(DBusMessage *msg)
+{
+       return g_dbus_create_error(msg, CONNMAN_ERROR_INTERFACE
+                                               ".PermissionDenied", NULL);
+}
diff --git a/src/security.c b/src/security.c
index 4539ba1..f81fc46 100644
--- a/src/security.c
+++ b/src/security.c
@@ -60,3 +60,31 @@ void connman_security_unregister(struct connman_security 
*security)
 
        g_static_rw_lock_writer_unlock(&security_lock);
 }
+
+int __connman_security_check_privileges(DBusMessage *message)
+{
+       GSList *list;
+       const char *sender;
+       int err = -EPERM;
+
+       DBG("message %p", message);
+
+       sender = dbus_message_get_sender(message);
+
+       g_static_rw_lock_reader_lock(&security_lock);
+
+       for (list = security_list; list; list = list->next) {
+               struct connman_security *security = list->data;
+
+               DBG("%s", security->name);
+
+               if (security->authorize_sender) {
+                       err = security->authorize_sender(sender);
+                       break;
+               }
+       }
+
+       g_static_rw_lock_reader_unlock(&security_lock);
+
+       return err;
+}
_______________________________________________
Commits mailing list
[email protected]
https://www.moblin.org/mailman/listinfo/commits

[Moblin-Commits] Connection Manager: Changes to 'master'

Reply via email to