Commit 8627880e authored by Dan Williams's avatar Dan Williams

editor: prevent any registration of objects on the system bus

D-Bus access-control is name-based; so requests for a specific name
are allowed/denied based on the rules in /etc/dbus-1/system.d.  But
apparently apps still get a non-named service on the bus, and if we
register *any* object even though we don't have a named service,
dbus and dbus-glib will happily proxy signals.  Since the connection
editor shouldn't ever expose anything having to do with connections
on any bus, make sure that's the case.
parent db17e112
......@@ -2666,15 +2666,11 @@ constructor (GType type,
applet->dbus_settings = (NMDBusSettings *) nm_dbus_settings_system_new (applet_dbus_manager_get_connection (dbus_mgr));
applet->gconf_settings = nma_gconf_settings_new ();
applet->gconf_settings = nma_gconf_settings_new (applet_dbus_manager_get_connection (dbus_mgr));
g_signal_connect (applet->gconf_settings, "new-secrets-requested",
G_CALLBACK (applet_settings_new_secrets_requested_cb),
applet);
dbus_g_connection_register_g_object (applet_dbus_manager_get_connection (dbus_mgr),
NM_DBUS_PATH_SETTINGS,
G_OBJECT (applet->gconf_settings));
/* Start our DBus service */
if (!applet_dbus_manager_start_service (dbus_mgr)) {
g_object_unref (applet);
......
......@@ -1781,7 +1781,7 @@ nm_connection_list_new (GType def_type)
G_CALLBACK (connection_added),
list);
list->gconf_settings = nma_gconf_settings_new ();
list->gconf_settings = nma_gconf_settings_new (NULL);
g_signal_connect (list->gconf_settings, "new-connection",
G_CALLBACK (connection_added),
list);
......
......@@ -494,7 +494,6 @@ constructor (GType type,
GObject *object;
NMAGConfConnectionPrivate *priv;
NMConnection *connection;
DBusGConnection *bus;
GError *error = NULL;
object = G_OBJECT_CLASS (nma_gconf_connection_parent_class)->constructor (type, n_construct_params, construct_params);
......@@ -529,18 +528,6 @@ constructor (GType type,
fill_vpn_user_name (connection);
bus = dbus_g_bus_get (DBUS_BUS_SYSTEM, &error);
if (!bus) {
nm_warning ("Could not get the system bus: %s", error->message);
g_error_free (error);
goto err;
}
nm_exported_connection_register_object (NM_EXPORTED_CONNECTION (object),
NM_CONNECTION_SCOPE_USER,
bus);
dbus_g_connection_unref (bus);
return object;
err:
......
......@@ -24,6 +24,7 @@
#include "gconf-helpers.h"
#include "nma-marshal.h"
#include "nm-utils.h"
#include <NetworkManager.h>
G_DEFINE_TYPE (NMAGConfSettings, nma_gconf_settings, NM_TYPE_SETTINGS)
......@@ -36,6 +37,8 @@ typedef struct {
guint read_connections_id;
GHashTable *pending_changes;
DBusGConnection *bus;
gboolean disposed;
} NMAGConfSettingsPrivate;
......@@ -49,9 +52,22 @@ static guint signals[LAST_SIGNAL] = { 0 };
NMAGConfSettings *
nma_gconf_settings_new (void)
nma_gconf_settings_new (DBusGConnection *bus)
{
return (NMAGConfSettings *) g_object_new (NMA_TYPE_GCONF_SETTINGS, NULL);
NMAGConfSettings *self;
NMAGConfSettingsPrivate *priv;
self = (NMAGConfSettings *) g_object_new (NMA_TYPE_GCONF_SETTINGS, NULL);
if (!self)
return NULL;
priv = NMA_GCONF_SETTINGS_GET_PRIVATE (self);
if (bus) {
priv->bus = dbus_g_connection_ref (bus);
dbus_g_connection_register_g_object (bus, NM_DBUS_PATH_SETTINGS, G_OBJECT (self));
}
return self;
}
static void
......@@ -91,16 +107,24 @@ add_connection_real (NMAGConfSettings *self, NMAGConfConnection *connection)
{
NMAGConfSettingsPrivate *priv = NMA_GCONF_SETTINGS_GET_PRIVATE (self);
if (connection) {
priv->connections = g_slist_prepend (priv->connections, connection);
g_signal_connect (connection, "new-secrets-requested",
G_CALLBACK (connection_new_secrets_requested_cb),
self);
g_return_if_fail (connection != NULL);
priv->connections = g_slist_prepend (priv->connections, connection);
g_signal_connect (connection, "new-secrets-requested",
G_CALLBACK (connection_new_secrets_requested_cb),
self);
g_signal_connect (connection, "removed", G_CALLBACK (connection_removed), self);
nm_settings_signal_new_connection (NM_SETTINGS (self),
NM_EXPORTED_CONNECTION (connection));
g_signal_connect (connection, "removed", G_CALLBACK (connection_removed), self);
/* Export the connection over dbus if requested */
if (priv->bus) {
nm_exported_connection_register_object (NM_EXPORTED_CONNECTION (connection),
NM_CONNECTION_SCOPE_USER,
priv->bus);
dbus_g_connection_unref (priv->bus);
}
nm_settings_signal_new_connection (NM_SETTINGS (self), NM_EXPORTED_CONNECTION (connection));
}
NMAGConfConnection *
......@@ -231,8 +255,11 @@ read_connections (NMAGConfSettings *settings)
for (iter = dir_list; iter; iter = iter->next) {
char *dir = (char *) iter->data;
NMAGConfConnection *connection;
add_connection_real (settings, nma_gconf_connection_new (priv->client, dir));
connection = nma_gconf_connection_new (priv->client, dir);
if (connection)
add_connection_real (settings, connection);
g_free (dir);
}
......@@ -289,7 +316,8 @@ connection_changes_done (gpointer data)
if (!connection) {
/* New connection */
connection = nma_gconf_connection_new (priv->client, info->path);
add_connection_real (info->settings, connection);
if (connection)
add_connection_real (info->settings, connection);
} else {
if (gconf_client_dir_exists (priv->client, info->path, NULL)) {
/* Updated connection */
......
......@@ -53,7 +53,7 @@ typedef struct {
GType nma_gconf_settings_get_type (void);
NMAGConfSettings *nma_gconf_settings_new (void);
NMAGConfSettings *nma_gconf_settings_new (DBusGConnection *bus);
NMAGConfConnection *nma_gconf_settings_add_connection (NMAGConfSettings *self,
NMConnection *connection);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment