diff options
author | Marcel Holtmann <marcel@holtmann.org> | 2010-09-09 18:53:57 +0200 |
---|---|---|
committer | Marcel Holtmann <marcel@holtmann.org> | 2010-09-09 18:53:57 +0200 |
commit | d14cf2b39d6e2438f2435cd3c89c3b864cec8734 (patch) | |
tree | 1919b9ef26b3c57c63cc327652d816b78517cbfb | |
parent | bf54810e3f36c0397fa71c6319c76fe76257b9f5 (diff) | |
download | connman-d14cf2b39d6e2438f2435cd3c89c3b864cec8734.tar.gz connman-d14cf2b39d6e2438f2435cd3c89c3b864cec8734.tar.bz2 connman-d14cf2b39d6e2438f2435cd3c89c3b864cec8734.zip |
Remove the no longer needed security framework
D-Bus security policies can now be set directly via the method tables.
-rw-r--r-- | Makefile.am | 4 | ||||
-rw-r--r-- | include/security.h | 59 | ||||
-rw-r--r-- | src/connman.h | 5 | ||||
-rw-r--r-- | src/device.c | 8 | ||||
-rw-r--r-- | src/manager.c | 32 | ||||
-rw-r--r-- | src/network.c | 8 | ||||
-rw-r--r-- | src/profile.c | 4 | ||||
-rw-r--r-- | src/security.c | 92 | ||||
-rw-r--r-- | src/service.c | 19 |
9 files changed, 4 insertions, 227 deletions
diff --git a/Makefile.am b/Makefile.am index 2f0f2c33..397822ea 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,7 +4,7 @@ AM_MAKEFLAGS = --no-print-directory includedir = @includedir@/connman include_HEADERS = include/types.h include/log.h include/plugin.h \ - include/security.h include/notifier.h \ + include/notifier.h \ include/storage.h include/service.h \ include/resolver.h include/ipconfig.h \ include/device.h include/network.h include/inet.h \ @@ -58,7 +58,7 @@ src_connmand_SOURCES = $(gdbus_sources) $(gdhcp_sources) $(gresolv_sources) \ src/device.c src/network.c src/connection.c \ src/manager.c src/profile.c src/service.c \ src/agent.c src/notifier.c src/provider.c \ - src/security.c src/resolver.c src/ipconfig.c \ + src/resolver.c src/ipconfig.c \ src/ipv4.c src/dhcp.c src/rtnl.c src/inet.c \ src/utsname.c src/timeserver.c src/rfkill.c \ src/wifi.c src/storage.c src/dbus.c src/config.c \ diff --git a/include/security.h b/include/security.h deleted file mode 100644 index 829c0081..00000000 --- a/include/security.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * - * Connection Manager - * - * Copyright (C) 2007-2010 Intel Corporation. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#ifndef __CONNMAN_SECURITY_H -#define __CONNMAN_SECURITY_H - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * SECTION:security - * @title: Security premitives - * @short_description: Functions for registering security modules - */ - -enum connman_security_privilege { - CONNMAN_SECURITY_PRIVILEGE_PUBLIC = 0, - CONNMAN_SECURITY_PRIVILEGE_MODIFY = 1, - CONNMAN_SECURITY_PRIVILEGE_SECRET = 2, -}; - -#define CONNMAN_SECURITY_PRIORITY_LOW -100 -#define CONNMAN_SECURITY_PRIORITY_DEFAULT 0 -#define CONNMAN_SECURITY_PRIORITY_HIGH 100 - -struct connman_security { - const char *name; - int priority; - int (*authorize_sender) (const char *sender, - enum connman_security_privilege privilege); -}; - -int connman_security_register(struct connman_security *security); -void connman_security_unregister(struct connman_security *security); - -#ifdef __cplusplus -} -#endif - -#endif /* __CONNMAN_SECURITY_H */ diff --git a/src/connman.h b/src/connman.h index f5b03c8d..74f57460 100644 --- a/src/connman.h +++ b/src/connman.h @@ -112,11 +112,6 @@ void __connman_plugin_cleanup(void); int __connman_task_init(void); void __connman_task_cleanup(void); -#include <connman/security.h> - -int __connman_security_check_privilege(DBusMessage *message, - enum connman_security_privilege privilege); - #include <connman/inet.h> enum connman_device_type __connman_inet_get_device_type(int index); diff --git a/src/device.c b/src/device.c index 89762364..3ee6925e 100644 --- a/src/device.c +++ b/src/device.c @@ -315,10 +315,6 @@ static DBusMessage *get_properties(DBusConnection *conn, DBG("conn %p", conn); - if (__connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_PUBLIC) < 0) - return __connman_error_permission_denied(msg); - reply = dbus_message_new_method_return(msg); if (reply == NULL) return NULL; @@ -412,10 +408,6 @@ static DBusMessage *set_property(DBusConnection *conn, dbus_message_iter_next(&iter); dbus_message_iter_recurse(&iter, &value); - if (__connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0) - return __connman_error_permission_denied(msg); - type = dbus_message_iter_get_arg_type(&value); if (g_str_equal(name, "Powered") == TRUE) { diff --git a/src/manager.c b/src/manager.c index e9b980b5..e2c27d0a 100644 --- a/src/manager.c +++ b/src/manager.c @@ -37,10 +37,6 @@ static DBusMessage *get_properties(DBusConnection *conn, DBG("conn %p", conn); - if (__connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_PUBLIC) < 0) - return __connman_error_permission_denied(msg); - reply = dbus_message_new_method_return(msg); if (reply == NULL) return NULL; @@ -111,10 +107,6 @@ static DBusMessage *set_property(DBusConnection *conn, dbus_message_iter_next(&iter); dbus_message_iter_recurse(&iter, &value); - if (__connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0) - return __connman_error_permission_denied(msg); - type = dbus_message_iter_get_arg_type(&value); if (g_str_equal(name, "OfflineMode") == TRUE) { @@ -161,10 +153,6 @@ static DBusMessage *get_state(DBusConnection *conn, DBG("conn %p", conn); - if (__connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_PUBLIC) < 0) - return __connman_error_permission_denied(msg); - str = __connman_notifier_get_state(); return g_dbus_create_reply(msg, DBUS_TYPE_STRING, &str, @@ -182,10 +170,6 @@ static DBusMessage *create_profile(DBusConnection *conn, dbus_message_get_args(msg, NULL, DBUS_TYPE_STRING, &name, DBUS_TYPE_INVALID); - if (__connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0) - return __connman_error_permission_denied(msg); - err = __connman_profile_create(name, &path); if (err < 0) return __connman_error_failed(msg, -err); @@ -205,10 +189,6 @@ static DBusMessage *remove_profile(DBusConnection *conn, dbus_message_get_args(msg, NULL, DBUS_TYPE_OBJECT_PATH, &path, DBUS_TYPE_INVALID); - if (__connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0) - return __connman_error_permission_denied(msg); - err = __connman_profile_remove(path); if (err < 0) return __connman_error_failed(msg, -err); @@ -227,10 +207,6 @@ static DBusMessage *remove_provider(DBusConnection *conn, dbus_message_get_args(msg, NULL, DBUS_TYPE_STRING, &path, DBUS_TYPE_INVALID); - if (__connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0) - return __connman_error_permission_denied(msg); - err = __connman_provider_remove(path); if (err < 0) return __connman_error_failed(msg, -err); @@ -484,10 +460,6 @@ static DBusMessage *connect_service(DBusConnection *conn, DBG("conn %p", conn); - if (__connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0) - return __connman_error_permission_denied(msg); - err = __connman_service_create_and_connect(msg); if (err < 0) { if (err == -EINPROGRESS) { @@ -509,10 +481,6 @@ static DBusMessage *connect_provider(DBusConnection *conn, DBG("conn %p", conn); - if (__connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0) - return __connman_error_permission_denied(msg); - err = __connman_provider_create_and_connect(msg); if (err < 0) { if (err == -EINPROGRESS) { diff --git a/src/network.c b/src/network.c index 01f7a2ff..509fb42d 100644 --- a/src/network.c +++ b/src/network.c @@ -106,10 +106,6 @@ static DBusMessage *get_properties(DBusConnection *conn, DBG("conn %p", conn); - if (__connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_PUBLIC) < 0) - return __connman_error_permission_denied(msg); - reply = dbus_message_new_method_return(msg); if (reply == NULL) return NULL; @@ -168,9 +164,7 @@ static DBusMessage *get_properties(DBusConnection *conn, } - if (network->wifi.passphrase != NULL && - __connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_SECRET) == 0) + if (network->wifi.passphrase != NULL) connman_dbus_dict_append_basic(&dict, "WiFi.Passphrase", DBUS_TYPE_STRING, &network->wifi.passphrase); diff --git a/src/profile.c b/src/profile.c index a74d8707..3018fdc1 100644 --- a/src/profile.c +++ b/src/profile.c @@ -272,10 +272,6 @@ static DBusMessage *set_property(DBusConnection *conn, dbus_message_iter_next(&iter); dbus_message_iter_recurse(&iter, &value); - if (__connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0) - return __connman_error_permission_denied(msg); - type = dbus_message_iter_get_arg_type(&value); if (g_str_equal(name, "Name") == TRUE) { diff --git a/src/security.c b/src/security.c deleted file mode 100644 index 88f4b0ed..00000000 --- a/src/security.c +++ /dev/null @@ -1,92 +0,0 @@ -/* - * - * Connection Manager - * - * Copyright (C) 2007-2010 Intel Corporation. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif - -#include "connman.h" - -static GSList *security_list = NULL; - -static gint compare_priority(gconstpointer a, gconstpointer b) -{ - const struct connman_security *security1 = a; - const struct connman_security *security2 = b; - - return security2->priority - security1->priority; -} - -/** - * connman_security_register: - * @security: security module - * - * Register a new security module - * - * Returns: %0 on success - */ -int connman_security_register(struct connman_security *security) -{ - DBG("security %p name %s", security, security->name); - - security_list = g_slist_insert_sorted(security_list, security, - compare_priority); - - return 0; -} - -/** - * connman_security_unregister: - * @security: security module - * - * Remove a previously registered security module - */ -void connman_security_unregister(struct connman_security *security) -{ - DBG("security %p name %s", security, security->name); - - security_list = g_slist_remove(security_list, security); -} - -int __connman_security_check_privilege(DBusMessage *message, - enum connman_security_privilege privilege) -{ - GSList *list; - const char *sender; - int err = 0; - - DBG("message %p", message); - - sender = dbus_message_get_sender(message); - - for (list = security_list; list; list = list->next) { - struct connman_security *security = list->data; - - DBG("%s", security->name); - - if (security->authorize_sender) { - err = security->authorize_sender(sender, privilege); - break; - } - } - - return err; -} diff --git a/src/service.c b/src/service.c index 119e4cd0..8ea721b5 100644 --- a/src/service.c +++ b/src/service.c @@ -1375,14 +1375,9 @@ static DBusMessage *get_properties(DBusConnection *conn, struct connman_service *service = user_data; DBusMessage *reply; DBusMessageIter array, dict; - dbus_bool_t limited = TRUE; DBG("service %p", service); - if (__connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_SECRET) == 0) - limited = FALSE; - reply = dbus_message_new_method_return(msg); if (reply == NULL) return NULL; @@ -1390,7 +1385,7 @@ static DBusMessage *get_properties(DBusConnection *conn, dbus_message_iter_init_append(reply, &array); connman_dbus_dict_open(&array, &dict); - append_properties(&dict, limited, service); + append_properties(&dict, FALSE, service); connman_dbus_dict_close(&array, &dict); return reply; @@ -1413,10 +1408,6 @@ static DBusMessage *set_property(DBusConnection *conn, dbus_message_iter_next(&iter); dbus_message_iter_recurse(&iter, &value); - if (__connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0) - return __connman_error_permission_denied(msg); - type = dbus_message_iter_get_arg_type(&value); if (g_str_has_prefix(name, "AutoConnect") == TRUE) { @@ -1447,10 +1438,6 @@ static DBusMessage *set_property(DBusConnection *conn, if (service->immutable == TRUE) return __connman_error_not_supported(msg); - if (__connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_SECRET) < 0) - return __connman_error_permission_denied(msg); - dbus_message_iter_get_basic(&value, &passphrase); g_free(service->passphrase); @@ -1690,10 +1677,6 @@ static DBusMessage *clear_property(DBusConnection *conn, dbus_message_get_args(msg, NULL, DBUS_TYPE_STRING, &name, DBUS_TYPE_INVALID); - if (__connman_security_check_privilege(msg, - CONNMAN_SECURITY_PRIVILEGE_MODIFY) < 0) - return __connman_error_permission_denied(msg); - if (g_str_equal(name, "Error") == TRUE) { set_idle(service); |