D-Bus security policies can now be set directly via the method tables.
includedir = @includedir@/connman
include_HEADERS = include/types.h include/log.h include/plugin.h \
- include/security.h include/notifier.h \
+ include/notifier.h \
include/storage.h include/service.h \
include/resolver.h include/ipconfig.h \
include/device.h include/network.h include/inet.h \
src/device.c src/network.c src/connection.c \
src/manager.c src/profile.c src/service.c \
src/agent.c src/notifier.c src/provider.c \
- src/security.c src/resolver.c src/ipconfig.c \
+ src/resolver.c src/ipconfig.c \
src/ipv4.c src/dhcp.c src/rtnl.c src/inet.c \
src/utsname.c src/timeserver.c src/rfkill.c \
src/wifi.c src/storage.c src/dbus.c src/config.c \
+++ /dev/null
-/*
- *
- * Connection Manager
- *
- * Copyright (C) 2007-2010 Intel Corporation. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- */
-
-#ifndef __CONNMAN_SECURITY_H
-#define __CONNMAN_SECURITY_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * SECTION:security
- * @title: Security premitives
- * @short_description: Functions for registering security modules
- */
-
-enum connman_security_privilege {
- CONNMAN_SECURITY_PRIVILEGE_PUBLIC = 0,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY = 1,
- CONNMAN_SECURITY_PRIVILEGE_SECRET = 2,
-};
-
-#define CONNMAN_SECURITY_PRIORITY_LOW -100
-#define CONNMAN_SECURITY_PRIORITY_DEFAULT 0
-#define CONNMAN_SECURITY_PRIORITY_HIGH 100
-
-struct connman_security {
- const char *name;
- int priority;
- int (*authorize_sender) (const char *sender,
- enum connman_security_privilege privilege);
-};
-
-int connman_security_register(struct connman_security *security);
-void connman_security_unregister(struct connman_security *security);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __CONNMAN_SECURITY_H */
int __connman_task_init(void);
void __connman_task_cleanup(void);
-#include <connman/security.h>
-
-int __connman_security_check_privilege(DBusMessage *message,
- enum connman_security_privilege privilege);
-
#include <connman/inet.h>
enum connman_device_type __connman_inet_get_device_type(int index);
DBG("conn %p", conn);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_PUBLIC) < 0)
- return __connman_error_permission_denied(msg);
-
reply = dbus_message_new_method_return(msg);
if (reply == NULL)
return NULL;
dbus_message_iter_next(&iter);
dbus_message_iter_recurse(&iter, &value);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
type = dbus_message_iter_get_arg_type(&value);
if (g_str_equal(name, "Powered") == TRUE) {
DBG("conn %p", conn);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_PUBLIC) < 0)
- return __connman_error_permission_denied(msg);
-
reply = dbus_message_new_method_return(msg);
if (reply == NULL)
return NULL;
dbus_message_iter_next(&iter);
dbus_message_iter_recurse(&iter, &value);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
type = dbus_message_iter_get_arg_type(&value);
if (g_str_equal(name, "OfflineMode") == TRUE) {
DBG("conn %p", conn);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_PUBLIC) < 0)
- return __connman_error_permission_denied(msg);
-
str = __connman_notifier_get_state();
return g_dbus_create_reply(msg, DBUS_TYPE_STRING, &str,
dbus_message_get_args(msg, NULL, DBUS_TYPE_STRING, &name,
DBUS_TYPE_INVALID);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
err = __connman_profile_create(name, &path);
if (err < 0)
return __connman_error_failed(msg, -err);
dbus_message_get_args(msg, NULL, DBUS_TYPE_OBJECT_PATH, &path,
DBUS_TYPE_INVALID);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
err = __connman_profile_remove(path);
if (err < 0)
return __connman_error_failed(msg, -err);
dbus_message_get_args(msg, NULL, DBUS_TYPE_STRING, &path,
DBUS_TYPE_INVALID);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
err = __connman_provider_remove(path);
if (err < 0)
return __connman_error_failed(msg, -err);
DBG("conn %p", conn);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
err = __connman_service_create_and_connect(msg);
if (err < 0) {
if (err == -EINPROGRESS) {
DBG("conn %p", conn);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
err = __connman_provider_create_and_connect(msg);
if (err < 0) {
if (err == -EINPROGRESS) {
DBG("conn %p", conn);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_PUBLIC) < 0)
- return __connman_error_permission_denied(msg);
-
reply = dbus_message_new_method_return(msg);
if (reply == NULL)
return NULL;
}
- if (network->wifi.passphrase != NULL &&
- __connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_SECRET) == 0)
+ if (network->wifi.passphrase != NULL)
connman_dbus_dict_append_basic(&dict, "WiFi.Passphrase",
DBUS_TYPE_STRING, &network->wifi.passphrase);
dbus_message_iter_next(&iter);
dbus_message_iter_recurse(&iter, &value);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
type = dbus_message_iter_get_arg_type(&value);
if (g_str_equal(name, "Name") == TRUE) {
+++ /dev/null
-/*
- *
- * Connection Manager
- *
- * Copyright (C) 2007-2010 Intel Corporation. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include "connman.h"
-
-static GSList *security_list = NULL;
-
-static gint compare_priority(gconstpointer a, gconstpointer b)
-{
- const struct connman_security *security1 = a;
- const struct connman_security *security2 = b;
-
- return security2->priority - security1->priority;
-}
-
-/**
- * connman_security_register:
- * @security: security module
- *
- * Register a new security module
- *
- * Returns: %0 on success
- */
-int connman_security_register(struct connman_security *security)
-{
- DBG("security %p name %s", security, security->name);
-
- security_list = g_slist_insert_sorted(security_list, security,
- compare_priority);
-
- return 0;
-}
-
-/**
- * connman_security_unregister:
- * @security: security module
- *
- * Remove a previously registered security module
- */
-void connman_security_unregister(struct connman_security *security)
-{
- DBG("security %p name %s", security, security->name);
-
- security_list = g_slist_remove(security_list, security);
-}
-
-int __connman_security_check_privilege(DBusMessage *message,
- enum connman_security_privilege privilege)
-{
- GSList *list;
- const char *sender;
- int err = 0;
-
- DBG("message %p", message);
-
- sender = dbus_message_get_sender(message);
-
- for (list = security_list; list; list = list->next) {
- struct connman_security *security = list->data;
-
- DBG("%s", security->name);
-
- if (security->authorize_sender) {
- err = security->authorize_sender(sender, privilege);
- break;
- }
- }
-
- return err;
-}
struct connman_service *service = user_data;
DBusMessage *reply;
DBusMessageIter array, dict;
- dbus_bool_t limited = TRUE;
DBG("service %p", service);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_SECRET) == 0)
- limited = FALSE;
-
reply = dbus_message_new_method_return(msg);
if (reply == NULL)
return NULL;
dbus_message_iter_init_append(reply, &array);
connman_dbus_dict_open(&array, &dict);
- append_properties(&dict, limited, service);
+ append_properties(&dict, FALSE, service);
connman_dbus_dict_close(&array, &dict);
return reply;
dbus_message_iter_next(&iter);
dbus_message_iter_recurse(&iter, &value);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
type = dbus_message_iter_get_arg_type(&value);
if (g_str_has_prefix(name, "AutoConnect") == TRUE) {
if (service->immutable == TRUE)
return __connman_error_not_supported(msg);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_SECRET) < 0)
- return __connman_error_permission_denied(msg);
-
dbus_message_iter_get_basic(&value, &passphrase);
g_free(service->passphrase);
dbus_message_get_args(msg, NULL, DBUS_TYPE_STRING, &name,
DBUS_TYPE_INVALID);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
if (g_str_equal(name, "Error") == TRUE) {
set_idle(service);
projects / platform / upstream / connman.git / commitdiff