File nm-applet-private-connection.patch of Package NetworkManager-gnome
From 1a06498ed24c3580acb286a539aba0c99a544b0f Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <chingpang@gmail.com>
Date: Thu, 2 Feb 2012 18:08:56 +0800
Subject: [PATCH] Create private connections if the user is not authorized
Some distributions do not allow the normal user to create a system
connection without the polkit authentication. This commit checks
the polkit policy and creates private connections if the user is
not authorized.
https://bugzilla.gnome.org/show_bug.cgi?id=646187
---
configure.ac | 4 +++
src/applet-device-ethernet.c | 7 +++++
src/applet-device-wifi.c | 12 ++++++++
src/applet-device-wimax.c | 7 +++++
src/connection-editor/Makefile.am | 2 ++
src/connection-editor/ce-page.c | 47 ++++++++++++++++++++++++++++++
src/gnome-bluetooth/Makefile.am | 2 ++
src/gnome-bluetooth/nma-bt-device.c | 58 +++++++++++++++++++++++++++++++++++++
src/mobile-helpers.c | 6 ++++
src/utils/Makefile.am | 3 +-
src/utils/utils.c | 40 +++++++++++++++++++++++++
src/utils/utils.h | 2 ++
12 files changed, 189 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 7db3018..c5ea4c6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -104,6 +104,10 @@ PKG_CHECK_MODULES(NMA,
libnm-glib-vpn >= 0.9.8
gmodule-export-2.0])
+PKG_CHECK_MODULES(POLKIT, [polkit-gobject-1])
+AC_SUBST(POLKIT_CFLAGS)
+AC_SUBST(POLKIT_LIBS)
+
# With recent glib, defining GLIB_VERSION_MIN_REQUIRED avoids
# deprecation warnings for recently-deprecated functions (eg,
# GValueArray stuff). We say GLIB_VERSION_2_26 because there
diff --git a/src/applet-device-ethernet.c b/src/applet-device-ethernet.c
index 6e63dcb..d9176c8 100644
--- a/src/applet-device-ethernet.c
+++ b/src/applet-device-ethernet.c
@@ -40,6 +40,7 @@
#include "applet-device-ethernet.h"
#include "ethernet-dialog.h"
#include "nm-ui-utils.h"
+#include "utils.h"
typedef struct {
NMApplet *applet;
@@ -86,6 +87,12 @@ ethernet_new_auto_connection (NMDevice *device,
NM_SETTING_CONNECTION_UUID, uuid,
NULL);
g_free (uuid);
+ if (!utils_system_connection_authorized ()) {
+ nm_setting_connection_add_permission (s_con,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
nm_connection_add_setting (connection, NM_SETTING (s_con));
diff --git a/src/applet-device-wifi.c b/src/applet-device-wifi.c
index fa3d618..edf9053 100644
--- a/src/applet-device-wifi.c
+++ b/src/applet-device-wifi.c
@@ -461,6 +461,18 @@ _do_new_auto_connection (NMApplet *applet,
nm_connection_add_setting (connection, NM_SETTING (s_8021x));
}
+ if (!utils_system_connection_authorized ()) {
+ s_con = nm_connection_get_setting_connection (connection);
+ if (!s_con) {
+ s_con = (NMSettingConnection *) nm_setting_connection_new ();
+ nm_connection_add_setting (connection, NM_SETTING (s_con));
+ }
+ nm_setting_connection_add_permission (s_con,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
+
/* If it's an 802.1x connection, we need more information, so pop up the
* Dialog Of Doom.
*/
diff --git a/src/applet-device-wimax.c b/src/applet-device-wimax.c
index a870c48..f2a5642 100644
--- a/src/applet-device-wimax.c
+++ b/src/applet-device-wimax.c
@@ -39,6 +39,7 @@
#include "nma-marshal.h"
#include "mb-menu-item.h"
#include "nm-ui-utils.h"
+#include "utils.h"
#define ACTIVE_NSP_TAG "active-nsp"
@@ -94,6 +95,12 @@ wimax_new_auto_connection (NMDevice *device,
NM_SETTING_CONNECTION_UUID, uuid,
NULL);
g_free (uuid);
+ if (!utils_system_connection_authorized ()) {
+ nm_setting_connection_add_permission (s_con,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
nm_connection_add_setting (connection, NM_SETTING (s_con));
diff --git a/src/connection-editor/Makefile.am b/src/connection-editor/Makefile.am
index 4cc9005..3b6d121 100644
--- a/src/connection-editor/Makefile.am
+++ b/src/connection-editor/Makefile.am
@@ -11,6 +11,7 @@ nm_connection_editor_CPPFLAGS = \
-DDATADIR=\""$(datadir)"\" \
-DNMALOCALEDIR=\"$(datadir)/locale\" \
$(DBUS_CFLAGS) \
+ $(POLKIT_CFLAGS) \
$(DISABLE_DEPRECATED) \
-I${top_srcdir}/src/utils \
-I${top_srcdir}/src/wireless-security \
@@ -84,6 +85,7 @@ nm_connection_editor_LDADD = \
${top_builddir}/src/libnm-gtk/libnm-gtk.la \
$(GTK_LIBS) \
$(NMA_LIBS) \
+ $(POLKIT_LIBS) \
-lm
uidir = $(datadir)/nm-applet
diff --git a/src/connection-editor/ce-page.c b/src/connection-editor/ce-page.c
index 1dbee85..9b533be 100644
--- a/src/connection-editor/ce-page.c
+++ b/src/connection-editor/ce-page.c
@@ -29,6 +29,8 @@
#include <glib/gi18n.h>
+#include <polkit/polkit.h>
+
#include <nm-setting-connection.h>
#include <nm-utils.h>
@@ -534,6 +536,44 @@ ce_page_class_init (CEPageClass *page_class)
G_TYPE_NONE, 1, G_TYPE_POINTER);
}
+static gboolean
+polkit_system_connection_authorized (void)
+{
+ PolkitSubject *subject;
+ PolkitAuthority *authority;
+ PolkitAuthorizationResult *result;
+ GError *error = NULL;
+ static gboolean is_checked = FALSE;
+ static gboolean is_authorized = FALSE;
+
+ if (is_checked)
+ return is_authorized;
+
+ /* Check the polkit authorization */
+ authority = polkit_authority_get_sync (NULL, NULL);
+ subject = polkit_unix_process_new_for_owner (getpid (), 0, -1);
+ result = polkit_authority_check_authorization_sync (authority,
+ subject,
+ "org.freedesktop.NetworkManager.settings.modify.system",
+ NULL,
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
+ NULL,
+ &error);
+ if (error || !result) {
+ g_warning ("%s: failed to check polkit authorization! %s", __func__,
+ error ? error->message : "(unknown)");
+ g_clear_error (&error);
+ } else if (polkit_authorization_result_get_is_authorized (result)) {
+ is_authorized = TRUE;
+ }
+ g_object_unref (result);
+ g_object_unref (authority);
+ g_object_unref (subject);
+
+ is_checked = TRUE;
+
+ return is_authorized;
+}
NMConnection *
ce_page_new_connection (const char *format,
@@ -568,6 +608,13 @@ ce_page_new_connection (const char *format,
g_free (uuid);
g_free (id);
+ if (!polkit_system_connection_authorized ()) {
+ nm_setting_connection_add_permission (s_con,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
+
return connection;
}
diff --git a/src/gnome-bluetooth/Makefile.am b/src/gnome-bluetooth/Makefile.am
index dbf5373..b25070c 100644
--- a/src/gnome-bluetooth/Makefile.am
+++ b/src/gnome-bluetooth/Makefile.am
@@ -7,6 +7,7 @@ INCLUDES = \
-I${top_srcdir}/src/utils \
-I${top_srcdir}/src/libnm-gtk \
$(GNOME_BLUETOOTH_CFLAGS) \
+ $(POLKIT_CFLAGS) \
$(DISABLE_DEPRECATED) \
$(WARN_CFLAGS)
@@ -32,6 +33,7 @@ libnma_la_LIBADD = \
$(top_builddir)/src/marshallers/libmarshallers.la \
$(top_builddir)/src/utils/libutils.la \
$(top_builddir)/src/libnm-gtk/libnm-gtk.la \
+ $(POLKIT_LIBS) \
$(GNOME_BLUETOOTH_LIBS)
if WITH_MODEM_MANAGER_1
diff --git a/src/gnome-bluetooth/nma-bt-device.c b/src/gnome-bluetooth/nma-bt-device.c
index 512c5cc..a1d86b1 100644
--- a/src/gnome-bluetooth/nma-bt-device.c
+++ b/src/gnome-bluetooth/nma-bt-device.c
@@ -34,6 +34,8 @@
#include <glib.h>
#include <glib/gi18n-lib.h>
+#include <polkit/polkit.h>
+
#include <nm-remote-settings.h>
#include <nm-remote-connection.h>
@@ -239,6 +241,44 @@ recheck_services_enabled (NmaBtDevice *self)
}
/*********************************************************************/
+static gboolean
+polkit_system_connection_authorized (void)
+{
+ PolkitSubject *subject;
+ PolkitAuthority *authority;
+ PolkitAuthorizationResult *result;
+ GError *error = NULL;
+ static gboolean is_checked = FALSE;
+ static gboolean is_authorized = FALSE;
+
+ if (is_checked)
+ return is_authorized;
+
+ /* Check the polkit authorization */
+ authority = polkit_authority_get_sync (NULL, NULL);
+ subject = polkit_unix_process_new_for_owner (getpid (), 0, -1);
+ result = polkit_authority_check_authorization_sync (authority,
+ subject,
+ "org.freedesktop.NetworkManager.settings.modify.system",
+ NULL,
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
+ NULL,
+ &error);
+ if (error || !result) {
+ g_warning ("%s: failed to check polkit authorization! %s", __func__,
+ error ? error->message : "(unknown)");
+ g_clear_error (&error);
+ } else if (polkit_authorization_result_get_is_authorized (result)) {
+ is_authorized = TRUE;
+ }
+ g_object_unref (result);
+ g_object_unref (authority);
+ g_object_unref (subject);
+
+ is_checked = TRUE;
+
+ return is_authorized;
+}
const char *
nma_bt_device_get_bdaddr (NmaBtDevice *device)
@@ -380,6 +420,12 @@ dun_new_cdma (NMAMobileWizardAccessMethod *method)
NULL);
g_free (uuid);
g_free (id);
+ if (!polkit_system_connection_authorized ()) {
+ nm_setting_connection_add_permission ((NMSettingConnection *)setting,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
nm_connection_add_setting (connection, setting);
return connection;
@@ -426,6 +472,12 @@ dun_new_gsm (NMAMobileWizardAccessMethod *method)
NULL);
g_free (uuid);
g_free (id);
+ if (!polkit_system_connection_authorized ()) {
+ nm_setting_connection_add_permission ((NMSettingConnection *)setting,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
nm_connection_add_setting (connection, setting);
return connection;
@@ -1011,6 +1063,12 @@ add_pan_connection (NmaBtDevice *self)
NULL);
g_free (id);
g_free (uuid);
+ if (!polkit_system_connection_authorized ()) {
+ nm_setting_connection_add_permission ((NMSettingConnection *)setting,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
nm_connection_add_setting (connection, setting);
/* The Bluetooth settings */
diff --git a/src/mobile-helpers.c b/src/mobile-helpers.c
index 4c1db5f..d1997ad 100644
--- a/src/mobile-helpers.c
+++ b/src/mobile-helpers.c
@@ -210,6 +210,12 @@ mobile_wizard_done (NMAMobileWizard *wizard,
NULL);
g_free (uuid);
g_free (id);
+ if (!utils_system_connection_authorized ()) {
+ nm_setting_connection_add_permission ((NMSettingConnection *)setting,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
nm_connection_add_setting (connection, setting);
}
diff --git a/src/utils/Makefile.am b/src/utils/Makefile.am
index 1a3308c..bf028cc 100644
--- a/src/utils/Makefile.am
+++ b/src/utils/Makefile.am
@@ -9,7 +9,8 @@ libutils_la_SOURCES = \
libutils_la_CPPFLAGS = \
$(GTK_CFLAGS) \
$(NMA_CFLAGS) \
+ $(POLKIT_CFLAGS) \
$(DISABLE_DEPRECATED) \
-I${top_srcdir}/src
-libutils_la_LIBADD = $(GTK_LIBS) $(NMA_LIBS)
+libutils_la_LIBADD = $(GTK_LIBS) $(NMA_LIBS) $(POLKIT_LIBS)
diff --git a/src/utils/utils.c b/src/utils/utils.c
index 00f8596..8b7e68c 100644
--- a/src/utils/utils.c
+++ b/src/utils/utils.c
@@ -27,6 +27,8 @@
#include <glib/gi18n.h>
#include <gtk/gtk.h>
+#include <polkit/polkit.h>
+
#include <nm-setting-connection.h>
#include <nm-utils.h>
@@ -209,3 +211,41 @@ utils_show_error_dialog (const char *title,
}
}
+gboolean
+utils_system_connection_authorized (void)
+{
+ PolkitSubject *subject;
+ PolkitAuthority *authority;
+ PolkitAuthorizationResult *result;
+ GError *error = NULL;
+ static gboolean is_checked = FALSE;
+ static gboolean is_authorized = FALSE;
+
+ if (is_checked)
+ return is_authorized;
+
+ /* Check the polkit authorization */
+ authority = polkit_authority_get_sync (NULL, NULL);
+ subject = polkit_unix_process_new_for_owner (getpid (), 0, -1);
+ result = polkit_authority_check_authorization_sync (authority,
+ subject,
+ "org.freedesktop.NetworkManager.settings.modify.system",
+ NULL,
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
+ NULL,
+ &error);
+ if (error || !result) {
+ g_warning ("%s: failed to check polkit authorization! %s", __func__,
+ error ? error->message : "(unknown)");
+ g_clear_error (&error);
+ } else if (polkit_authorization_result_get_is_authorized (result)) {
+ is_authorized = TRUE;
+ }
+ g_object_unref (result);
+ g_object_unref (authority);
+ g_object_unref (subject);
+
+ is_checked = TRUE;
+
+ return is_authorized;
+}
diff --git a/src/utils/utils.h b/src/utils/utils.h
index 0da159a..f2d2beb 100644
--- a/src/utils/utils.h
+++ b/src/utils/utils.h
@@ -59,5 +59,7 @@ typedef enum {
NMA_ERROR_GENERIC
} NMAError;
+gboolean utils_system_connection_authorized (void);
+
#endif /* UTILS_H */
--
1.8.1.4
