[network-manager-applet/NETWORKMANAGER_APPLET_0_7] editor: prevent any registration of objects on the system bus

From: Dan Williams <dcbw src gnome org>
To: svn-commits-list gnome org
Cc:
Subject: [network-manager-applet/NETWORKMANAGER_APPLET_0_7] editor: prevent any registration of objects on the system bus
Date: Thu, 10 Dec 2009 01:48:53 +0000 (UTC)
commit 8627880e07c8345f69ed639325280c7f62a8f894
Author: Dan Williams <dcbw redhat com>
Date:   Wed Dec 9 17:42:36 2009 -0800

    editor: prevent any registration of objects on the system bus
    
    D-Bus access-control is name-based; so requests for a specific name
    are allowed/denied based on the rules in /etc/dbus-1/system.d.  But
    apparently apps still get a non-named service on the bus, and if we
    register *any* object even though we don't have a named service,
    dbus and dbus-glib will happily proxy signals.  Since the connection
    editor shouldn't ever expose anything having to do with connections
    on any bus, make sure that's the case.

 src/applet.c                               |    6 +---
 src/connection-editor/nm-connection-list.c |    2 +-
 src/gconf-helpers/nma-gconf-connection.c   |   13 -------
 src/gconf-helpers/nma-gconf-settings.c     |   52 +++++++++++++++++++++------
 src/gconf-helpers/nma-gconf-settings.h     |    2 +-
 5 files changed, 43 insertions(+), 32 deletions(-)
---
diff --git a/src/applet.c b/src/applet.c
index 810881b..e174ede 100644
--- a/src/applet.c
+++ b/src/applet.c
@@ -2666,15 +2666,11 @@ constructor (GType type,
 
 	applet->dbus_settings = (NMDBusSettings *) nm_dbus_settings_system_new (applet_dbus_manager_get_connection (dbus_mgr));
 
-	applet->gconf_settings = nma_gconf_settings_new ();
+	applet->gconf_settings = nma_gconf_settings_new (applet_dbus_manager_get_connection (dbus_mgr));
 	g_signal_connect (applet->gconf_settings, "new-secrets-requested",
 	                  G_CALLBACK (applet_settings_new_secrets_requested_cb),
 	                  applet);
 
-	dbus_g_connection_register_g_object (applet_dbus_manager_get_connection (dbus_mgr),
-	                                     NM_DBUS_PATH_SETTINGS,
-	                                     G_OBJECT (applet->gconf_settings));
-
 	/* Start our DBus service */
 	if (!applet_dbus_manager_start_service (dbus_mgr)) {
 		g_object_unref (applet);
diff --git a/src/connection-editor/nm-connection-list.c b/src/connection-editor/nm-connection-list.c
index cd3b252..cd4b375 100644
--- a/src/connection-editor/nm-connection-list.c
+++ b/src/connection-editor/nm-connection-list.c
@@ -1781,7 +1781,7 @@ nm_connection_list_new (GType def_type)
 				   G_CALLBACK (connection_added),
 				   list);
 
-	list->gconf_settings = nma_gconf_settings_new ();
+	list->gconf_settings = nma_gconf_settings_new (NULL);
 	g_signal_connect (list->gconf_settings, "new-connection",
 				   G_CALLBACK (connection_added),
 				   list);
diff --git a/src/gconf-helpers/nma-gconf-connection.c b/src/gconf-helpers/nma-gconf-connection.c
index c3c69d4..b7052e6 100644
--- a/src/gconf-helpers/nma-gconf-connection.c
+++ b/src/gconf-helpers/nma-gconf-connection.c
@@ -494,7 +494,6 @@ constructor (GType type,
 	GObject *object;
 	NMAGConfConnectionPrivate *priv;
 	NMConnection *connection;
-	DBusGConnection *bus;
 	GError *error = NULL;
 
 	object = G_OBJECT_CLASS (nma_gconf_connection_parent_class)->constructor (type, n_construct_params, construct_params);
@@ -529,18 +528,6 @@ constructor (GType type,
 
 	fill_vpn_user_name (connection);
 
-	bus = dbus_g_bus_get (DBUS_BUS_SYSTEM, &error);
-	if (!bus) {
-		nm_warning ("Could not get the system bus: %s", error->message);
-		g_error_free (error);
-		goto err;
-	}
-
-	nm_exported_connection_register_object (NM_EXPORTED_CONNECTION (object),
-	                                        NM_CONNECTION_SCOPE_USER,
-	                                        bus);
-	dbus_g_connection_unref (bus);
-
 	return object;
 
  err:
diff --git a/src/gconf-helpers/nma-gconf-settings.c b/src/gconf-helpers/nma-gconf-settings.c
index 895cf59..75bd36d 100644
--- a/src/gconf-helpers/nma-gconf-settings.c
+++ b/src/gconf-helpers/nma-gconf-settings.c
@@ -24,6 +24,7 @@
 #include "gconf-helpers.h"
 #include "nma-marshal.h"
 #include "nm-utils.h"
+#include <NetworkManager.h>
 
 G_DEFINE_TYPE (NMAGConfSettings, nma_gconf_settings, NM_TYPE_SETTINGS)
 
@@ -36,6 +37,8 @@ typedef struct {
 	guint read_connections_id;
 	GHashTable *pending_changes;
 
+	DBusGConnection *bus;
+
 	gboolean disposed;
 } NMAGConfSettingsPrivate;
 
@@ -49,9 +52,22 @@ static guint signals[LAST_SIGNAL] = { 0 };
 
 
 NMAGConfSettings *
-nma_gconf_settings_new (void)
+nma_gconf_settings_new (DBusGConnection *bus)
 {
-	return (NMAGConfSettings *) g_object_new (NMA_TYPE_GCONF_SETTINGS, NULL);
+	NMAGConfSettings *self;
+	NMAGConfSettingsPrivate *priv;
+
+	self = (NMAGConfSettings *) g_object_new (NMA_TYPE_GCONF_SETTINGS, NULL);
+	if (!self)
+		return NULL;
+
+	priv = NMA_GCONF_SETTINGS_GET_PRIVATE (self);
+	if (bus) {
+		priv->bus = dbus_g_connection_ref (bus);
+		dbus_g_connection_register_g_object (bus, NM_DBUS_PATH_SETTINGS, G_OBJECT (self));
+	}
+
+	return self;
 }
 
 static void
@@ -91,16 +107,24 @@ add_connection_real (NMAGConfSettings *self, NMAGConfConnection *connection)
 {
 	NMAGConfSettingsPrivate *priv = NMA_GCONF_SETTINGS_GET_PRIVATE (self);
 
-	if (connection) {
-		priv->connections = g_slist_prepend (priv->connections, connection);
-		g_signal_connect (connection, "new-secrets-requested",
-					   G_CALLBACK (connection_new_secrets_requested_cb),
-					   self);
+	g_return_if_fail (connection != NULL);
+
+	priv->connections = g_slist_prepend (priv->connections, connection);
+	g_signal_connect (connection, "new-secrets-requested",
+				   G_CALLBACK (connection_new_secrets_requested_cb),
+				   self);
 
-		g_signal_connect (connection, "removed", G_CALLBACK (connection_removed), self);
-		nm_settings_signal_new_connection (NM_SETTINGS (self),
-									NM_EXPORTED_CONNECTION (connection));
+	g_signal_connect (connection, "removed", G_CALLBACK (connection_removed), self);
+
+	/* Export the connection over dbus if requested */
+	if (priv->bus) {
+		nm_exported_connection_register_object (NM_EXPORTED_CONNECTION (connection),
+		                                        NM_CONNECTION_SCOPE_USER,
+		                                        priv->bus);
+		dbus_g_connection_unref (priv->bus);
 	}
+
+	nm_settings_signal_new_connection (NM_SETTINGS (self), NM_EXPORTED_CONNECTION (connection));
 }
 
 NMAGConfConnection *
@@ -231,8 +255,11 @@ read_connections (NMAGConfSettings *settings)
 
 	for (iter = dir_list; iter; iter = iter->next) {
 		char *dir = (char *) iter->data;
+		NMAGConfConnection *connection;
 
-		add_connection_real (settings, nma_gconf_connection_new (priv->client, dir));
+		connection = nma_gconf_connection_new (priv->client, dir);
+		if (connection)
+			add_connection_real (settings, connection);
 		g_free (dir);
 	}
 
@@ -289,7 +316,8 @@ connection_changes_done (gpointer data)
 	if (!connection) {
 		/* New connection */
 		connection = nma_gconf_connection_new (priv->client, info->path);
-		add_connection_real (info->settings, connection);
+		if (connection)
+			add_connection_real (info->settings, connection);
 	} else {
 		if (gconf_client_dir_exists (priv->client, info->path, NULL)) {
 			/* Updated connection */
diff --git a/src/gconf-helpers/nma-gconf-settings.h b/src/gconf-helpers/nma-gconf-settings.h
index 38c4f70..ad69987 100644
--- a/src/gconf-helpers/nma-gconf-settings.h
+++ b/src/gconf-helpers/nma-gconf-settings.h
@@ -53,7 +53,7 @@ typedef struct {
 
 GType nma_gconf_settings_get_type (void);
 
-NMAGConfSettings *nma_gconf_settings_new (void);
+NMAGConfSettings *nma_gconf_settings_new (DBusGConnection *bus);
 
 NMAGConfConnection *nma_gconf_settings_add_connection (NMAGConfSettings *self,
 											NMConnection *connection);
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]