rpms / NetworkManager

Clone
Source Code
GIT

Blame nm-sleep-wake-no-auth.patch

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f20-gnome-3-12 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f7 f8 f9 main olpc2 olpc3 rawhide
  1.   6d98f635bc295f620ec96776287f0c2ac7c54d77
  2.   nm-sleep-wake-no-auth.patch
Blob History Raw
f02b5dc 
commit 878f6c4074acfdee42c320680f5529e01b909ba2
f02b5dc 
Author: Dan Williams <dcbw@redhat.com>
f02b5dc 
Date:   Fri Oct 15 10:28:38 2010 -0500
f02b5dc
f02b5dc 
    core: ignore authorization for sleep/wake requests (but restrict to root) (rh #638640)
f02b5dc
f02b5dc 
    Everyone uses pm-utils still for sleep/wake support, and that's
f02b5dc 
    traditionally how NM was put to sleep and woken up.  But pm-utils
f02b5dc 
    uses dbus-send without --print-reply so dbus-send quits immediately
f02b5dc 
    after sending the message.  That doesn't give NM enough time to
f02b5dc 
    get the senders UID and thus validate the request, so the request
f02b5dc 
    gets denied, and sometimes NM stays asleep after the machine is
f02b5dc 
    woken up.
f02b5dc
f02b5dc 
    Instead, don't get the sender's UID and try to authorize it, but
f02b5dc 
    just let the request go through.  Rely on D-Bus permissions to
f02b5dc 
    make sure that only root can call sleep/wake methods.
f02b5dc
f02b5dc 
diff --git a/src/NetworkManager.conf b/src/NetworkManager.conf
f02b5dc 
index 8d08314..1f1ed49 100644
f02b5dc 
--- a/src/NetworkManager.conf
f02b5dc 
+++ b/src/NetworkManager.conf
f02b5dc 
@@ -60,6 +60,18 @@
f02b5dc
f02b5dc 
                        send_interface="org.freedesktop.NetworkManager"
f02b5dc 
                        send_member="SetLogging"/>
f02b5dc 
+
f02b5dc 
+
f02b5dc 
+                       send_interface="org.freedesktop.NetworkManager"
f02b5dc 
+                       send_member="Sleep"/>
f02b5dc 
+
f02b5dc 
+
f02b5dc 
+                       send_interface="org.freedesktop.NetworkManager"
f02b5dc 
+                       send_member="sleep"/>
f02b5dc 
+
f02b5dc 
+
f02b5dc 
+                       send_interface="org.freedesktop.NetworkManager"
f02b5dc 
+                       send_member="wake"/>
f02b5dc 
         </policy>
f02b5dc 
         <policy context="default">
f02b5dc 
                 <deny own="org.freedesktop.NetworkManager"/>
f02b5dc 
@@ -72,6 +84,18 @@
f02b5dc 
                        send_interface="org.freedesktop.NetworkManager"
f02b5dc 
                        send_member="SetLogging"/>
f02b5dc
f02b5dc 
+
f02b5dc 
+                       send_interface="org.freedesktop.NetworkManager"
f02b5dc 
+                       send_member="Sleep"/>
f02b5dc 
+
f02b5dc 
+
f02b5dc 
+                       send_interface="org.freedesktop.NetworkManager"
f02b5dc 
+                       send_member="sleep"/>
f02b5dc 
+
f02b5dc 
+
f02b5dc 
+                       send_interface="org.freedesktop.NetworkManager"
f02b5dc 
+                       send_member="wake"/>
f02b5dc 
+
f02b5dc
f02b5dc 
                      interface is secured via PolicyKit.
f02b5dc 
                   -->
f02b5dc 
diff --git a/src/nm-manager.c b/src/nm-manager.c
f02b5dc 
index 758a082..4a3e499 100644
f02b5dc 
--- a/src/nm-manager.c
f02b5dc 
+++ b/src/nm-manager.c
f02b5dc 
@@ -3369,6 +3369,7 @@ _internal_sleep (NMManager *self, gboolean do_sleep)
f02b5dc 
 	g_object_notify (G_OBJECT (self), NM_MANAGER_SLEEPING);
f02b5dc 
 }
f02b5dc
f02b5dc 
+#if 0
f02b5dc 
 static void
f02b5dc 
 sleep_auth_done_cb (NMAuthChain *chain,
f02b5dc 
                     GError *error,
f02b5dc 
@@ -3407,6 +3408,7 @@ sleep_auth_done_cb (NMAuthChain *chain,
f02b5dc
f02b5dc 
 	nm_auth_chain_unref (chain);
f02b5dc 
 }
f02b5dc 
+#endif
f02b5dc
f02b5dc 
 static void
f02b5dc 
 impl_manager_sleep (NMManager *self,
f02b5dc 
@@ -3414,10 +3416,12 @@ impl_manager_sleep (NMManager *self,
f02b5dc 
                     DBusGMethodInvocation *context)
f02b5dc 
 {
f02b5dc 
 	NMManagerPrivate *priv;
f02b5dc 
-	NMAuthChain *chain;
f02b5dc 
 	GError *error = NULL;
f02b5dc 
+#if 0
f02b5dc 
+	NMAuthChain *chain;
f02b5dc 
 	gulong sender_uid = G_MAXULONG;
f02b5dc 
 	const char *error_desc = NULL;
f02b5dc 
+#endif
f02b5dc
f02b5dc 
 	g_return_if_fail (NM_IS_MANAGER (self));
f02b5dc
f02b5dc 
@@ -3432,6 +3436,19 @@ impl_manager_sleep (NMManager *self,
f02b5dc 
 		return;
f02b5dc 
 	}
f02b5dc
f02b5dc 
+	/* Unconditionally allow the request.  Previously it was polkit protected
f02b5dc 
+	 * but unfortunately that doesn't work for short-lived processes like
f02b5dc 
+	 * pm-utils.  It uses dbus-send without --print-reply, which quits
f02b5dc 
+	 * immediately after sending the request, and NM is unable to obtain the
f02b5dc 
+	 * sender's UID as dbus-send has already dropped off the bus.  Thus NM
f02b5dc 
+	 * fails the request.  Instead, don't validate the request, but rely on
f02b5dc 
+	 * D-Bus permissions to restrict the call to root.
f02b5dc 
+	 */
f02b5dc 
+	_internal_sleep (self, do_sleep);
f02b5dc 
+	dbus_g_method_return (context);
f02b5dc 
+	return;
f02b5dc 
+
f02b5dc 
+#if 0
f02b5dc 
 	if (!nm_auth_get_caller_uid (context, priv->dbus_mgr, &sender_uid, &error_desc)) {
f02b5dc 
 		error = g_error_new_literal (NM_MANAGER_ERROR,
f02b5dc 
 		                             NM_MANAGER_ERROR_PERMISSION_DENIED,
f02b5dc 
@@ -3457,6 +3474,7 @@ impl_manager_sleep (NMManager *self,
f02b5dc
f02b5dc 
 	nm_auth_chain_set_data (chain, "sleep", GUINT_TO_POINTER (do_sleep), NULL);
f02b5dc 
 	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SLEEP_WAKE, TRUE);
f02b5dc 
+#endif
f02b5dc 
 }
f02b5dc
f02b5dc 
 static void
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.