summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarcel Holtmann <marcel@holtmann.org>2010-09-09 18:53:57 +0200
committerMarcel Holtmann <marcel@holtmann.org>2010-09-09 18:53:57 +0200
commitd14cf2b39d6e2438f2435cd3c89c3b864cec8734 (patch)
tree1919b9ef26b3c57c63cc327652d816b78517cbfb
parentbf54810e3f36c0397fa71c6319c76fe76257b9f5 (diff)
downloadconnman-d14cf2b39d6e2438f2435cd3c89c3b864cec8734.tar.gz
connman-d14cf2b39d6e2438f2435cd3c89c3b864cec8734.tar.bz2
connman-d14cf2b39d6e2438f2435cd3c89c3b864cec8734.zip
Remove the no longer needed security framework
D-Bus security policies can now be set directly via the method tables.
-rw-r--r--Makefile.am4
-rw-r--r--include/security.h59
-rw-r--r--src/connman.h5
-rw-r--r--src/device.c8
-rw-r--r--src/manager.c32
-rw-r--r--src/network.c8
-rw-r--r--src/profile.c4
-rw-r--r--src/security.c92
-rw-r--r--src/service.c19
9 files changed, 4 insertions, 227 deletions
diff --git a/Makefile.am b/Makefile.am
index 2f0f2c33..397822ea 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4,7 +4,7 @@ AM_MAKEFLAGS = --no-print-directory
includedir = @includedir@/connman
include_HEADERS = include/types.h include/log.h include/plugin.h \
- include/security.h include/notifier.h \
+ include/notifier.h \
include/storage.h include/service.h \
include/resolver.h include/ipconfig.h \
include/device.h include/network.h include/inet.h \
@@ -58,7 +58,7 @@ src_connmand_SOURCES = $(gdbus_sources) $(gdhcp_sources) $(gresolv_sources) \
src/device.c src/network.c src/connection.c \
src/manager.c src/profile.c src/service.c \
src/agent.c src/notifier.c src/provider.c \
- src/security.c src/resolver.c src/ipconfig.c \
+ src/resolver.c src/ipconfig.c \
src/ipv4.c src/dhcp.c src/rtnl.c src/inet.c \
src/utsname.c src/timeserver.c src/rfkill.c \
src/wifi.c src/storage.c src/dbus.c src/config.c \
diff --git a/include/security.h b/include/security.h
deleted file mode 100644
index 829c0081..00000000
--- a/include/security.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- *
- * Connection Manager
- *
- * Copyright (C) 2007-2010 Intel Corporation. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- */
-
-#ifndef __CONNMAN_SECURITY_H
-#define __CONNMAN_SECURITY_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * SECTION:security
- * @title: Security premitives
- * @short_description: Functions for registering security modules
- */
-
-enum connman_security_privilege {
- CONNMAN_SECURITY_PRIVILEGE_PUBLIC = 0,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY = 1,
- CONNMAN_SECURITY_PRIVILEGE_SECRET = 2,
-};
-
-#define CONNMAN_SECURITY_PRIORITY_LOW -100
-#define CONNMAN_SECURITY_PRIORITY_DEFAULT 0
-#define CONNMAN_SECURITY_PRIORITY_HIGH 100
-
-struct connman_security {
- const char *name;
- int priority;
- int (*authorize_sender) (const char *sender,
- enum connman_security_privilege privilege);
-};
-
-int connman_security_register(struct connman_security *security);
-void connman_security_unregister(struct connman_security *security);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __CONNMAN_SECURITY_H */
diff --git a/src/connman.h b/src/connman.h
index f5b03c8d..74f57460 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -112,11 +112,6 @@ void __connman_plugin_cleanup(void);
int __connman_task_init(void);
void __connman_task_cleanup(void);
-#include <connman/security.h>
-
-int __connman_security_check_privilege(DBusMessage *message,
- enum connman_security_privilege privilege);
-
#include <connman/inet.h>
enum connman_device_type __connman_inet_get_device_type(int index);
diff --git a/src/device.c b/src/device.c
index 89762364..3ee6925e 100644
--- a/src/device.c
+++ b/src/device.c
@@ -315,10 +315,6 @@ static DBusMessage *get_properties(DBusConnection *conn,
DBG("conn %p", conn);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_PUBLIC) < 0)
- return __connman_error_permission_denied(msg);
-
reply = dbus_message_new_method_return(msg);
if (reply == NULL)
return NULL;
@@ -412,10 +408,6 @@ static DBusMessage *set_property(DBusConnection *conn,
dbus_message_iter_next(&iter);
dbus_message_iter_recurse(&iter, &value);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
type = dbus_message_iter_get_arg_type(&value);
if (g_str_equal(name, "Powered") == TRUE) {
diff --git a/src/manager.c b/src/manager.c
index e9b980b5..e2c27d0a 100644
--- a/src/manager.c
+++ b/src/manager.c
@@ -37,10 +37,6 @@ static DBusMessage *get_properties(DBusConnection *conn,
DBG("conn %p", conn);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_PUBLIC) < 0)
- return __connman_error_permission_denied(msg);
-
reply = dbus_message_new_method_return(msg);
if (reply == NULL)
return NULL;
@@ -111,10 +107,6 @@ static DBusMessage *set_property(DBusConnection *conn,
dbus_message_iter_next(&iter);
dbus_message_iter_recurse(&iter, &value);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
type = dbus_message_iter_get_arg_type(&value);
if (g_str_equal(name, "OfflineMode") == TRUE) {
@@ -161,10 +153,6 @@ static DBusMessage *get_state(DBusConnection *conn,
DBG("conn %p", conn);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_PUBLIC) < 0)
- return __connman_error_permission_denied(msg);
-
str = __connman_notifier_get_state();
return g_dbus_create_reply(msg, DBUS_TYPE_STRING, &str,
@@ -182,10 +170,6 @@ static DBusMessage *create_profile(DBusConnection *conn,
dbus_message_get_args(msg, NULL, DBUS_TYPE_STRING, &name,
DBUS_TYPE_INVALID);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
err = __connman_profile_create(name, &path);
if (err < 0)
return __connman_error_failed(msg, -err);
@@ -205,10 +189,6 @@ static DBusMessage *remove_profile(DBusConnection *conn,
dbus_message_get_args(msg, NULL, DBUS_TYPE_OBJECT_PATH, &path,
DBUS_TYPE_INVALID);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
err = __connman_profile_remove(path);
if (err < 0)
return __connman_error_failed(msg, -err);
@@ -227,10 +207,6 @@ static DBusMessage *remove_provider(DBusConnection *conn,
dbus_message_get_args(msg, NULL, DBUS_TYPE_STRING, &path,
DBUS_TYPE_INVALID);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
err = __connman_provider_remove(path);
if (err < 0)
return __connman_error_failed(msg, -err);
@@ -484,10 +460,6 @@ static DBusMessage *connect_service(DBusConnection *conn,
DBG("conn %p", conn);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
err = __connman_service_create_and_connect(msg);
if (err < 0) {
if (err == -EINPROGRESS) {
@@ -509,10 +481,6 @@ static DBusMessage *connect_provider(DBusConnection *conn,
DBG("conn %p", conn);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
err = __connman_provider_create_and_connect(msg);
if (err < 0) {
if (err == -EINPROGRESS) {
diff --git a/src/network.c b/src/network.c
index 01f7a2ff..509fb42d 100644
--- a/src/network.c
+++ b/src/network.c
@@ -106,10 +106,6 @@ static DBusMessage *get_properties(DBusConnection *conn,
DBG("conn %p", conn);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_PUBLIC) < 0)
- return __connman_error_permission_denied(msg);
-
reply = dbus_message_new_method_return(msg);
if (reply == NULL)
return NULL;
@@ -168,9 +164,7 @@ static DBusMessage *get_properties(DBusConnection *conn,
}
- if (network->wifi.passphrase != NULL &&
- __connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_SECRET) == 0)
+ if (network->wifi.passphrase != NULL)
connman_dbus_dict_append_basic(&dict, "WiFi.Passphrase",
DBUS_TYPE_STRING, &network->wifi.passphrase);
diff --git a/src/profile.c b/src/profile.c
index a74d8707..3018fdc1 100644
--- a/src/profile.c
+++ b/src/profile.c
@@ -272,10 +272,6 @@ static DBusMessage *set_property(DBusConnection *conn,
dbus_message_iter_next(&iter);
dbus_message_iter_recurse(&iter, &value);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
type = dbus_message_iter_get_arg_type(&value);
if (g_str_equal(name, "Name") == TRUE) {
diff --git a/src/security.c b/src/security.c
deleted file mode 100644
index 88f4b0ed..00000000
--- a/src/security.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- *
- * Connection Manager
- *
- * Copyright (C) 2007-2010 Intel Corporation. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include "connman.h"
-
-static GSList *security_list = NULL;
-
-static gint compare_priority(gconstpointer a, gconstpointer b)
-{
- const struct connman_security *security1 = a;
- const struct connman_security *security2 = b;
-
- return security2->priority - security1->priority;
-}
-
-/**
- * connman_security_register:
- * @security: security module
- *
- * Register a new security module
- *
- * Returns: %0 on success
- */
-int connman_security_register(struct connman_security *security)
-{
- DBG("security %p name %s", security, security->name);
-
- security_list = g_slist_insert_sorted(security_list, security,
- compare_priority);
-
- return 0;
-}
-
-/**
- * connman_security_unregister:
- * @security: security module
- *
- * Remove a previously registered security module
- */
-void connman_security_unregister(struct connman_security *security)
-{
- DBG("security %p name %s", security, security->name);
-
- security_list = g_slist_remove(security_list, security);
-}
-
-int __connman_security_check_privilege(DBusMessage *message,
- enum connman_security_privilege privilege)
-{
- GSList *list;
- const char *sender;
- int err = 0;
-
- DBG("message %p", message);
-
- sender = dbus_message_get_sender(message);
-
- for (list = security_list; list; list = list->next) {
- struct connman_security *security = list->data;
-
- DBG("%s", security->name);
-
- if (security->authorize_sender) {
- err = security->authorize_sender(sender, privilege);
- break;
- }
- }
-
- return err;
-}
diff --git a/src/service.c b/src/service.c
index 119e4cd0..8ea721b5 100644
--- a/src/service.c
+++ b/src/service.c
@@ -1375,14 +1375,9 @@ static DBusMessage *get_properties(DBusConnection *conn,
struct connman_service *service = user_data;
DBusMessage *reply;
DBusMessageIter array, dict;
- dbus_bool_t limited = TRUE;
DBG("service %p", service);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_SECRET) == 0)
- limited = FALSE;
-
reply = dbus_message_new_method_return(msg);
if (reply == NULL)
return NULL;
@@ -1390,7 +1385,7 @@ static DBusMessage *get_properties(DBusConnection *conn,
dbus_message_iter_init_append(reply, &array);
connman_dbus_dict_open(&array, &dict);
- append_properties(&dict, limited, service);
+ append_properties(&dict, FALSE, service);
connman_dbus_dict_close(&array, &dict);
return reply;
@@ -1413,10 +1408,6 @@ static DBusMessage *set_property(DBusConnection *conn,
dbus_message_iter_next(&iter);
dbus_message_iter_recurse(&iter, &value);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
type = dbus_message_iter_get_arg_type(&value);
if (g_str_has_prefix(name, "AutoConnect") == TRUE) {
@@ -1447,10 +1438,6 @@ static DBusMessage *set_property(DBusConnection *conn,
if (service->immutable == TRUE)
return __connman_error_not_supported(msg);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_SECRET) < 0)
- return __connman_error_permission_denied(msg);
-
dbus_message_iter_get_basic(&value, &passphrase);
g_free(service->passphrase);
@@ -1690,10 +1677,6 @@ static DBusMessage *clear_property(DBusConnection *conn,
dbus_message_get_args(msg, NULL, DBUS_TYPE_STRING, &name,
DBUS_TYPE_INVALID);
- if (__connman_security_check_privilege(msg,
- CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0)
- return __connman_error_permission_denied(msg);
-
if (g_str_equal(name, "Error") == TRUE) {
set_idle(service);