Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE12
NetworkManager-gnome
nm-applet-private-connection.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nm-applet-private-connection.patch of Package NetworkManager-gnome
From 1a06498ed24c3580acb286a539aba0c99a544b0f Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <chingpang@gmail.com> Date: Thu, 2 Feb 2012 18:08:56 +0800 Subject: [PATCH] Create private connections if the user is not authorized Some distributions do not allow the normal user to create a system connection without the polkit authentication. This commit checks the polkit policy and creates private connections if the user is not authorized. https://bugzilla.gnome.org/show_bug.cgi?id=646187 --- configure.ac | 4 +++ src/applet-device-ethernet.c | 7 +++++ src/applet-device-wifi.c | 12 ++++++++ src/applet-device-wimax.c | 7 +++++ src/connection-editor/Makefile.am | 2 ++ src/connection-editor/ce-page.c | 47 ++++++++++++++++++++++++++++++ src/gnome-bluetooth/Makefile.am | 2 ++ src/gnome-bluetooth/nma-bt-device.c | 58 +++++++++++++++++++++++++++++++++++++ src/mobile-helpers.c | 6 ++++ src/utils/Makefile.am | 3 +- src/utils/utils.c | 40 +++++++++++++++++++++++++ src/utils/utils.h | 2 ++ 12 files changed, 189 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 7db3018..c5ea4c6 100644 --- a/configure.ac +++ b/configure.ac @@ -104,6 +104,10 @@ PKG_CHECK_MODULES(NMA, libnm-glib-vpn >= 0.9.8 gmodule-export-2.0]) +PKG_CHECK_MODULES(POLKIT, [polkit-gobject-1]) +AC_SUBST(POLKIT_CFLAGS) +AC_SUBST(POLKIT_LIBS) + # With recent glib, defining GLIB_VERSION_MIN_REQUIRED avoids # deprecation warnings for recently-deprecated functions (eg, # GValueArray stuff). We say GLIB_VERSION_2_26 because there diff --git a/src/applet-device-ethernet.c b/src/applet-device-ethernet.c index 6e63dcb..d9176c8 100644 --- a/src/applet-device-ethernet.c +++ b/src/applet-device-ethernet.c @@ -40,6 +40,7 @@ #include "applet-device-ethernet.h" #include "ethernet-dialog.h" #include "nm-ui-utils.h" +#include "utils.h" typedef struct { NMApplet *applet; @@ -86,6 +87,12 @@ ethernet_new_auto_connection (NMDevice *device, NM_SETTING_CONNECTION_UUID, uuid, NULL); g_free (uuid); + if (!utils_system_connection_authorized ()) { + nm_setting_connection_add_permission (s_con, + "user", + g_get_user_name(), + NULL); + } nm_connection_add_setting (connection, NM_SETTING (s_con)); diff --git a/src/applet-device-wifi.c b/src/applet-device-wifi.c index fa3d618..edf9053 100644 --- a/src/applet-device-wifi.c +++ b/src/applet-device-wifi.c @@ -461,6 +461,18 @@ _do_new_auto_connection (NMApplet *applet, nm_connection_add_setting (connection, NM_SETTING (s_8021x)); } + if (!utils_system_connection_authorized ()) { + s_con = nm_connection_get_setting_connection (connection); + if (!s_con) { + s_con = (NMSettingConnection *) nm_setting_connection_new (); + nm_connection_add_setting (connection, NM_SETTING (s_con)); + } + nm_setting_connection_add_permission (s_con, + "user", + g_get_user_name(), + NULL); + } + /* If it's an 802.1x connection, we need more information, so pop up the * Dialog Of Doom. */ diff --git a/src/applet-device-wimax.c b/src/applet-device-wimax.c index a870c48..f2a5642 100644 --- a/src/applet-device-wimax.c +++ b/src/applet-device-wimax.c @@ -39,6 +39,7 @@ #include "nma-marshal.h" #include "mb-menu-item.h" #include "nm-ui-utils.h" +#include "utils.h" #define ACTIVE_NSP_TAG "active-nsp" @@ -94,6 +95,12 @@ wimax_new_auto_connection (NMDevice *device, NM_SETTING_CONNECTION_UUID, uuid, NULL); g_free (uuid); + if (!utils_system_connection_authorized ()) { + nm_setting_connection_add_permission (s_con, + "user", + g_get_user_name(), + NULL); + } nm_connection_add_setting (connection, NM_SETTING (s_con)); diff --git a/src/connection-editor/Makefile.am b/src/connection-editor/Makefile.am index 4cc9005..3b6d121 100644 --- a/src/connection-editor/Makefile.am +++ b/src/connection-editor/Makefile.am @@ -11,6 +11,7 @@ nm_connection_editor_CPPFLAGS = \ -DDATADIR=\""$(datadir)"\" \ -DNMALOCALEDIR=\"$(datadir)/locale\" \ $(DBUS_CFLAGS) \ + $(POLKIT_CFLAGS) \ $(DISABLE_DEPRECATED) \ -I${top_srcdir}/src/utils \ -I${top_srcdir}/src/wireless-security \ @@ -84,6 +85,7 @@ nm_connection_editor_LDADD = \ ${top_builddir}/src/libnm-gtk/libnm-gtk.la \ $(GTK_LIBS) \ $(NMA_LIBS) \ + $(POLKIT_LIBS) \ -lm uidir = $(datadir)/nm-applet diff --git a/src/connection-editor/ce-page.c b/src/connection-editor/ce-page.c index 1dbee85..9b533be 100644 --- a/src/connection-editor/ce-page.c +++ b/src/connection-editor/ce-page.c @@ -29,6 +29,8 @@ #include <glib/gi18n.h> +#include <polkit/polkit.h> + #include <nm-setting-connection.h> #include <nm-utils.h> @@ -534,6 +536,44 @@ ce_page_class_init (CEPageClass *page_class) G_TYPE_NONE, 1, G_TYPE_POINTER); } +static gboolean +polkit_system_connection_authorized (void) +{ + PolkitSubject *subject; + PolkitAuthority *authority; + PolkitAuthorizationResult *result; + GError *error = NULL; + static gboolean is_checked = FALSE; + static gboolean is_authorized = FALSE; + + if (is_checked) + return is_authorized; + + /* Check the polkit authorization */ + authority = polkit_authority_get_sync (NULL, NULL); + subject = polkit_unix_process_new_for_owner (getpid (), 0, -1); + result = polkit_authority_check_authorization_sync (authority, + subject, + "org.freedesktop.NetworkManager.settings.modify.system", + NULL, + POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, + NULL, + &error); + if (error || !result) { + g_warning ("%s: failed to check polkit authorization! %s", __func__, + error ? error->message : "(unknown)"); + g_clear_error (&error); + } else if (polkit_authorization_result_get_is_authorized (result)) { + is_authorized = TRUE; + } + g_object_unref (result); + g_object_unref (authority); + g_object_unref (subject); + + is_checked = TRUE; + + return is_authorized; +} NMConnection * ce_page_new_connection (const char *format, @@ -568,6 +608,13 @@ ce_page_new_connection (const char *format, g_free (uuid); g_free (id); + if (!polkit_system_connection_authorized ()) { + nm_setting_connection_add_permission (s_con, + "user", + g_get_user_name(), + NULL); + } + return connection; } diff --git a/src/gnome-bluetooth/Makefile.am b/src/gnome-bluetooth/Makefile.am index dbf5373..b25070c 100644 --- a/src/gnome-bluetooth/Makefile.am +++ b/src/gnome-bluetooth/Makefile.am @@ -7,6 +7,7 @@ INCLUDES = \ -I${top_srcdir}/src/utils \ -I${top_srcdir}/src/libnm-gtk \ $(GNOME_BLUETOOTH_CFLAGS) \ + $(POLKIT_CFLAGS) \ $(DISABLE_DEPRECATED) \ $(WARN_CFLAGS) @@ -32,6 +33,7 @@ libnma_la_LIBADD = \ $(top_builddir)/src/marshallers/libmarshallers.la \ $(top_builddir)/src/utils/libutils.la \ $(top_builddir)/src/libnm-gtk/libnm-gtk.la \ + $(POLKIT_LIBS) \ $(GNOME_BLUETOOTH_LIBS) if WITH_MODEM_MANAGER_1 diff --git a/src/gnome-bluetooth/nma-bt-device.c b/src/gnome-bluetooth/nma-bt-device.c index 512c5cc..a1d86b1 100644 --- a/src/gnome-bluetooth/nma-bt-device.c +++ b/src/gnome-bluetooth/nma-bt-device.c @@ -34,6 +34,8 @@ #include <glib.h> #include <glib/gi18n-lib.h> +#include <polkit/polkit.h> + #include <nm-remote-settings.h> #include <nm-remote-connection.h> @@ -239,6 +241,44 @@ recheck_services_enabled (NmaBtDevice *self) } /*********************************************************************/ +static gboolean +polkit_system_connection_authorized (void) +{ + PolkitSubject *subject; + PolkitAuthority *authority; + PolkitAuthorizationResult *result; + GError *error = NULL; + static gboolean is_checked = FALSE; + static gboolean is_authorized = FALSE; + + if (is_checked) + return is_authorized; + + /* Check the polkit authorization */ + authority = polkit_authority_get_sync (NULL, NULL); + subject = polkit_unix_process_new_for_owner (getpid (), 0, -1); + result = polkit_authority_check_authorization_sync (authority, + subject, + "org.freedesktop.NetworkManager.settings.modify.system", + NULL, + POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, + NULL, + &error); + if (error || !result) { + g_warning ("%s: failed to check polkit authorization! %s", __func__, + error ? error->message : "(unknown)"); + g_clear_error (&error); + } else if (polkit_authorization_result_get_is_authorized (result)) { + is_authorized = TRUE; + } + g_object_unref (result); + g_object_unref (authority); + g_object_unref (subject); + + is_checked = TRUE; + + return is_authorized; +} const char * nma_bt_device_get_bdaddr (NmaBtDevice *device) @@ -380,6 +420,12 @@ dun_new_cdma (NMAMobileWizardAccessMethod *method) NULL); g_free (uuid); g_free (id); + if (!polkit_system_connection_authorized ()) { + nm_setting_connection_add_permission ((NMSettingConnection *)setting, + "user", + g_get_user_name(), + NULL); + } nm_connection_add_setting (connection, setting); return connection; @@ -426,6 +472,12 @@ dun_new_gsm (NMAMobileWizardAccessMethod *method) NULL); g_free (uuid); g_free (id); + if (!polkit_system_connection_authorized ()) { + nm_setting_connection_add_permission ((NMSettingConnection *)setting, + "user", + g_get_user_name(), + NULL); + } nm_connection_add_setting (connection, setting); return connection; @@ -1011,6 +1063,12 @@ add_pan_connection (NmaBtDevice *self) NULL); g_free (id); g_free (uuid); + if (!polkit_system_connection_authorized ()) { + nm_setting_connection_add_permission ((NMSettingConnection *)setting, + "user", + g_get_user_name(), + NULL); + } nm_connection_add_setting (connection, setting); /* The Bluetooth settings */ diff --git a/src/mobile-helpers.c b/src/mobile-helpers.c index 4c1db5f..d1997ad 100644 --- a/src/mobile-helpers.c +++ b/src/mobile-helpers.c @@ -210,6 +210,12 @@ mobile_wizard_done (NMAMobileWizard *wizard, NULL); g_free (uuid); g_free (id); + if (!utils_system_connection_authorized ()) { + nm_setting_connection_add_permission ((NMSettingConnection *)setting, + "user", + g_get_user_name(), + NULL); + } nm_connection_add_setting (connection, setting); } diff --git a/src/utils/Makefile.am b/src/utils/Makefile.am index 1a3308c..bf028cc 100644 --- a/src/utils/Makefile.am +++ b/src/utils/Makefile.am @@ -9,7 +9,8 @@ libutils_la_SOURCES = \ libutils_la_CPPFLAGS = \ $(GTK_CFLAGS) \ $(NMA_CFLAGS) \ + $(POLKIT_CFLAGS) \ $(DISABLE_DEPRECATED) \ -I${top_srcdir}/src -libutils_la_LIBADD = $(GTK_LIBS) $(NMA_LIBS) +libutils_la_LIBADD = $(GTK_LIBS) $(NMA_LIBS) $(POLKIT_LIBS) diff --git a/src/utils/utils.c b/src/utils/utils.c index 00f8596..8b7e68c 100644 --- a/src/utils/utils.c +++ b/src/utils/utils.c @@ -27,6 +27,8 @@ #include <glib/gi18n.h> #include <gtk/gtk.h> +#include <polkit/polkit.h> + #include <nm-setting-connection.h> #include <nm-utils.h> @@ -209,3 +211,41 @@ utils_show_error_dialog (const char *title, } } +gboolean +utils_system_connection_authorized (void) +{ + PolkitSubject *subject; + PolkitAuthority *authority; + PolkitAuthorizationResult *result; + GError *error = NULL; + static gboolean is_checked = FALSE; + static gboolean is_authorized = FALSE; + + if (is_checked) + return is_authorized; + + /* Check the polkit authorization */ + authority = polkit_authority_get_sync (NULL, NULL); + subject = polkit_unix_process_new_for_owner (getpid (), 0, -1); + result = polkit_authority_check_authorization_sync (authority, + subject, + "org.freedesktop.NetworkManager.settings.modify.system", + NULL, + POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, + NULL, + &error); + if (error || !result) { + g_warning ("%s: failed to check polkit authorization! %s", __func__, + error ? error->message : "(unknown)"); + g_clear_error (&error); + } else if (polkit_authorization_result_get_is_authorized (result)) { + is_authorized = TRUE; + } + g_object_unref (result); + g_object_unref (authority); + g_object_unref (subject); + + is_checked = TRUE; + + return is_authorized; +} diff --git a/src/utils/utils.h b/src/utils/utils.h index 0da159a..f2d2beb 100644 --- a/src/utils/utils.h +++ b/src/utils/utils.h @@ -59,5 +59,7 @@ typedef enum { NMA_ERROR_GENERIC } NMAError; +gboolean utils_system_connection_authorized (void); + #endif /* UTILS_H */ -- 1.8.1.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
