diff options
| author | Beniamino Galvani <bgalvani@redhat.com> | 2023-11-17 10:34:30 +0100 |
|---|---|---|
| committer | Beniamino Galvani <bgalvani@redhat.com> | 2023-12-04 09:37:26 +0100 |
| commit | 94fa05aa9fa8db1cde3a043f8c18661f32fcd04a (patch) | |
| tree | 85904843607edcc269adb532b112c0a9167ec200 | |
| parent | 54f963ee5bdf5a65067a0db2cd05991049e8e58f (diff) | |
wifi: require wifi.scan permission to start/stop P2P scanbg/wifi-p2p-dbus-auth
Users should not be allowed to start or stop a wifi-p2p scan unless
they have some kind of permission. Since we already have the
"org.freedesktop.NetworkManager.wifi.scan" permission for wifi scans,
check that.
Fixes: dd0c59c468fb ('core/devices: Add DBus methods to start/stop a P2P find')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1795
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | src/core/devices/wifi/nm-device-wifi-p2p.c | 83 |
2 files changed, 68 insertions, 18 deletions
@@ -14,6 +14,9 @@ Overview of changes since NetworkManager-1.44 link local addresses on default wired connection. * Honor udev property ID_NET_MANAGED_BY to only manage an interface when set to "org.freedesktop.NetworkManager". +* D-Bus methods StartFind() and StopFind() on interface + "org.freedesktop.NetworkManager.Device.WifiP2P" now require the + "org.freedesktop.NetworkManager.wifi.scan" Polkit permission. * Drop build support with Python2. Python3 is now required. * nmcli: limit number of printed addresses/routes in `nmcli` overview to 10. * Limit number of exported IP addresses/routes on D-Bus to 100 to reduce diff --git a/src/core/devices/wifi/nm-device-wifi-p2p.c b/src/core/devices/wifi/nm-device-wifi-p2p.c index fa8cb8faa5..cdba0beea4 100644 --- a/src/core/devices/wifi/nm-device-wifi-p2p.c +++ b/src/core/devices/wifi/nm-device-wifi-p2p.c @@ -15,6 +15,7 @@ #include "NetworkManagerUtils.h" #include "devices/nm-device-private.h" #include "libnm-core-aux-intern/nm-libnm-core-utils.h" +#include "libnm-core-aux-intern/nm-common-macros.h" #include "libnm-core-intern/nm-core-internal.h" #include "libnm-glib-aux/nm-ref-string.h" #include "libnm-platform/nm-platform.h" @@ -982,23 +983,24 @@ device_state_changed(NMDevice *device, } static void -impl_device_wifi_p2p_start_find(NMDBusObject *obj, - const NMDBusInterfaceInfoExtended *interface_info, - const NMDBusMethodInfoExtended *method_info, - GDBusConnection *connection, - const char *sender, - GDBusMethodInvocation *invocation, - GVariant *parameters) +p2p_start_find_auth_cb(NMDevice *device, + GDBusMethodInvocation *invocation, + NMAuthSubject *subject, + GError *error, + gpointer user_data) { - NMDeviceWifiP2P *self = NM_DEVICE_WIFI_P2P(obj); + NMDeviceWifiP2P *self = NM_DEVICE_WIFI_P2P(device); NMDeviceWifiP2PPrivate *priv = NM_DEVICE_WIFI_P2P_GET_PRIVATE(self); - gs_unref_variant GVariant *options = NULL; + gs_unref_variant GVariant *options = user_data; const char *opts_key; GVariant *opts_val; GVariantIter iter; gint32 timeout = 30; - g_variant_get(parameters, "(@a{sv})", &options); + if (error) { + g_dbus_method_invocation_return_gerror(invocation, error); + return; + } g_variant_iter_init(&iter, options); while (g_variant_iter_next(&iter, "{&sv}", &opts_key, &opts_val)) { @@ -1050,17 +1052,43 @@ impl_device_wifi_p2p_start_find(NMDBusObject *obj, } static void -impl_device_wifi_p2p_stop_find(NMDBusObject *obj, - const NMDBusInterfaceInfoExtended *interface_info, - const NMDBusMethodInfoExtended *method_info, - GDBusConnection *connection, - const char *sender, - GDBusMethodInvocation *invocation, - GVariant *parameters) +impl_device_wifi_p2p_start_find(NMDBusObject *obj, + const NMDBusInterfaceInfoExtended *interface_info, + const NMDBusMethodInfoExtended *method_info, + GDBusConnection *connection, + const char *sender, + GDBusMethodInvocation *invocation, + GVariant *parameters) +{ + gs_unref_variant GVariant *options = NULL; + + g_variant_get(parameters, "(@a{sv})", &options); + + nm_device_auth_request(NM_DEVICE(obj), + invocation, + NULL, + NM_AUTH_PERMISSION_WIFI_SCAN, + TRUE, + NULL, + p2p_start_find_auth_cb, + g_steal_pointer(&options)); +} + +static void +p2p_stop_find_auth_cb(NMDevice *device, + GDBusMethodInvocation *invocation, + NMAuthSubject *subject, + GError *error, + gpointer user_data) { - NMDeviceWifiP2P *self = NM_DEVICE_WIFI_P2P(obj); + NMDeviceWifiP2P *self = NM_DEVICE_WIFI_P2P(device); NMDeviceWifiP2PPrivate *priv = NM_DEVICE_WIFI_P2P_GET_PRIVATE(self); + if (error) { + g_dbus_method_invocation_return_gerror(invocation, error); + return; + } + if (!priv->mgmt_iface) { g_dbus_method_invocation_return_error_literal( invocation, @@ -1075,6 +1103,25 @@ impl_device_wifi_p2p_stop_find(NMDBusObject *obj, g_dbus_method_invocation_return_value(invocation, NULL); } +static void +impl_device_wifi_p2p_stop_find(NMDBusObject *obj, + const NMDBusInterfaceInfoExtended *interface_info, + const NMDBusMethodInfoExtended *method_info, + GDBusConnection *connection, + const char *sender, + GDBusMethodInvocation *invocation, + GVariant *parameters) +{ + nm_device_auth_request(NM_DEVICE(obj), + invocation, + NULL, + NM_AUTH_PERMISSION_WIFI_SCAN, + TRUE, + NULL, + p2p_stop_find_auth_cb, + NULL); +} + /*****************************************************************************/ NMSupplicantInterface * |