File nm-applet-private-connection.patch of Package NetworkManager-applet
From 1a06498ed24c3580acb286a539aba0c99a544b0f Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <chingpang@gmail.com>
Date: Thu, 2 Feb 2012 18:08:56 +0800
Subject: [PATCH] Create private connections if the user is not authorized
Some distributions do not allow the normal user to create a system
connection without the polkit authentication. This commit checks
the polkit policy and creates private connections if the user is
not authorized.
https://bugzilla.gnome.org/show_bug.cgi?id=646187
---
configure.ac | 4 +++
src/applet-device-ethernet.c | 7 +++++
src/applet-device-wifi.c | 12 ++++++++
src/applet-device-wimax.c | 7 +++++
src/connection-editor/Makefile.am | 2 ++
src/connection-editor/ce-page.c | 47 ++++++++++++++++++++++++++++++
src/gnome-bluetooth/Makefile.am | 2 ++
src/gnome-bluetooth/nma-bt-device.c | 58 +++++++++++++++++++++++++++++++++++++
src/mobile-helpers.c | 6 ++++
src/utils/Makefile.am | 3 +-
src/utils/utils.c | 40 +++++++++++++++++++++++++
src/utils/utils.h | 2 ++
12 files changed, 189 insertions(+), 1 deletion(-)
Index: network-manager-applet-1.0.10/configure.ac
===================================================================
--- network-manager-applet-1.0.10.orig/configure.ac
+++ network-manager-applet-1.0.10/configure.ac
@@ -86,6 +86,10 @@ PKG_CHECK_MODULES(NMA,
NMA_CFLAGS="$NMA_CFLAGS -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_32"
+PKG_CHECK_MODULES(POLKIT, [polkit-gobject-1])
+AC_SUBST(POLKIT_CFLAGS)
+AC_SUBST(POLKIT_LIBS)
+
AC_MSG_CHECKING([whether to build nm-applet-migration-tool])
AC_ARG_ENABLE([migration],
[AS_HELP_STRING([--disable-migration], [Don't build migration tool for NM <= 0.8 settings])],
Index: network-manager-applet-1.0.10/src/applet-device-ethernet.c
===================================================================
--- network-manager-applet-1.0.10.orig/src/applet-device-ethernet.c
+++ network-manager-applet-1.0.10/src/applet-device-ethernet.c
@@ -40,6 +40,7 @@
#include "applet-device-ethernet.h"
#include "ethernet-dialog.h"
#include "nm-ui-utils.h"
+#include "utils.h"
#define DEFAULT_ETHERNET_NAME _("Auto Ethernet")
@@ -68,6 +69,12 @@ ethernet_new_auto_connection (NMDevice *
NM_SETTING_CONNECTION_UUID, uuid,
NULL);
g_free (uuid);
+ if (!utils_system_connection_authorized ()) {
+ nm_setting_connection_add_permission (s_con,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
nm_connection_add_setting (connection, NM_SETTING (s_con));
Index: network-manager-applet-1.0.10/src/applet-device-wifi.c
===================================================================
--- network-manager-applet-1.0.10.orig/src/applet-device-wifi.c
+++ network-manager-applet-1.0.10/src/applet-device-wifi.c
@@ -445,6 +445,18 @@ _do_new_auto_connection (NMApplet *apple
nm_connection_add_setting (connection, NM_SETTING (s_8021x));
}
+ if (!utils_system_connection_authorized ()) {
+ s_con = nm_connection_get_setting_connection (connection);
+ if (!s_con) {
+ s_con = (NMSettingConnection *) nm_setting_connection_new ();
+ nm_connection_add_setting (connection, NM_SETTING (s_con));
+ }
+ nm_setting_connection_add_permission (s_con,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
+
/* If it's an 802.1x connection, we need more information, so pop up the
* Dialog Of Doom.
*/
Index: network-manager-applet-1.0.10/src/applet-device-wimax.c
===================================================================
--- network-manager-applet-1.0.10.orig/src/applet-device-wimax.c
+++ network-manager-applet-1.0.10/src/applet-device-wimax.c
@@ -39,6 +39,7 @@
#include "nma-marshal.h"
#include "mb-menu-item.h"
#include "nm-ui-utils.h"
+#include "utils.h"
#define ACTIVE_NSP_TAG "active-nsp"
@@ -94,6 +95,12 @@ wimax_new_auto_connection (NMDevice *dev
NM_SETTING_CONNECTION_UUID, uuid,
NULL);
g_free (uuid);
+ if (!utils_system_connection_authorized ()) {
+ nm_setting_connection_add_permission (s_con,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
nm_connection_add_setting (connection, NM_SETTING (s_con));
Index: network-manager-applet-1.0.10/src/connection-editor/Makefile.am
===================================================================
--- network-manager-applet-1.0.10.orig/src/connection-editor/Makefile.am
+++ network-manager-applet-1.0.10/src/connection-editor/Makefile.am
@@ -13,6 +13,7 @@ nm_connection_editor_CPPFLAGS = \
-DDATADIR=\""$(datadir)"\" \
-DNMALOCALEDIR=\"$(datadir)/locale\" \
$(DBUS_CFLAGS) \
+ $(POLKIT_CFLAGS) \
$(DISABLE_DEPRECATED) \
-I${top_srcdir}/src/utils \
-I${top_srcdir}/src/wireless-security \
@@ -94,6 +95,7 @@ nm_connection_editor_LDADD = \
${top_builddir}/src/libnm-gtk/libnm-gtk.la \
$(GTK_LIBS) \
$(NMA_LIBS) \
+ $(POLKIT_LIBS) \
-lm
uidir = $(datadir)/nm-applet
Index: network-manager-applet-1.0.10/src/connection-editor/ce-page.c
===================================================================
--- network-manager-applet-1.0.10.orig/src/connection-editor/ce-page.c
+++ network-manager-applet-1.0.10/src/connection-editor/ce-page.c
@@ -29,6 +29,8 @@
#include <glib/gi18n.h>
+#include <polkit/polkit.h>
+
#include <nm-setting-connection.h>
#include <nm-utils.h>
#include <nm-device-bt.h>
@@ -868,6 +870,44 @@ ce_page_class_init (CEPageClass *page_cl
G_TYPE_NONE, 1, G_TYPE_POINTER);
}
+static gboolean
+polkit_system_connection_authorized (void)
+{
+ PolkitSubject *subject;
+ PolkitAuthority *authority;
+ PolkitAuthorizationResult *result;
+ GError *error = NULL;
+ static gboolean is_checked = FALSE;
+ static gboolean is_authorized = FALSE;
+
+ if (is_checked)
+ return is_authorized;
+
+ /* Check the polkit authorization */
+ authority = polkit_authority_get_sync (NULL, NULL);
+ subject = polkit_unix_process_new_for_owner (getpid (), 0, -1);
+ result = polkit_authority_check_authorization_sync (authority,
+ subject,
+ "org.freedesktop.NetworkManager.settings.modify.system",
+ NULL,
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
+ NULL,
+ &error);
+ if (error || !result) {
+ g_warning ("%s: failed to check polkit authorization! %s", __func__,
+ error ? error->message : "(unknown)");
+ g_clear_error (&error);
+ } else if (polkit_authorization_result_get_is_authorized (result)) {
+ is_authorized = TRUE;
+ }
+ g_object_unref (result);
+ g_object_unref (authority);
+ g_object_unref (subject);
+
+ is_checked = TRUE;
+
+ return is_authorized;
+}
NMConnection *
ce_page_new_connection (const char *format,
@@ -902,6 +942,13 @@ ce_page_new_connection (const char *form
g_free (uuid);
g_free (id);
+ if (!polkit_system_connection_authorized ()) {
+ nm_setting_connection_add_permission (s_con,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
+
return connection;
}
Index: network-manager-applet-1.0.10/src/gnome-bluetooth/Makefile.am
===================================================================
--- network-manager-applet-1.0.10.orig/src/gnome-bluetooth/Makefile.am
+++ network-manager-applet-1.0.10/src/gnome-bluetooth/Makefile.am
@@ -7,6 +7,7 @@ AM_CPPFLAGS = \
-I${top_srcdir}/src/utils \
-I${top_srcdir}/src/libnm-gtk \
$(GNOME_BLUETOOTH_CFLAGS) \
+ $(POLKIT_CFLAGS) \
$(DISABLE_DEPRECATED) \
$(WARN_CFLAGS)
@@ -34,6 +35,7 @@ libnma_la_LIBADD = \
$(top_builddir)/src/marshallers/libmarshallers.la \
$(top_builddir)/src/utils/libutils.la \
$(top_builddir)/src/libnm-gtk/libnm-gtk.la \
+ $(POLKIT_LIBS) \
$(GNOME_BLUETOOTH_LIBS)
if WITH_MODEM_MANAGER_1
Index: network-manager-applet-1.0.10/src/gnome-bluetooth/nma-bt-device.c
===================================================================
--- network-manager-applet-1.0.10.orig/src/gnome-bluetooth/nma-bt-device.c
+++ network-manager-applet-1.0.10/src/gnome-bluetooth/nma-bt-device.c
@@ -34,6 +34,8 @@
#include <glib.h>
#include <glib/gi18n-lib.h>
+#include <polkit/polkit.h>
+
#include <nm-remote-settings.h>
#include <nm-remote-connection.h>
@@ -227,6 +229,44 @@ recheck_services_enabled (NmaBtDevice *s
}
/*********************************************************************/
+static gboolean
+polkit_system_connection_authorized (void)
+{
+ PolkitSubject *subject;
+ PolkitAuthority *authority;
+ PolkitAuthorizationResult *result;
+ GError *error = NULL;
+ static gboolean is_checked = FALSE;
+ static gboolean is_authorized = FALSE;
+
+ if (is_checked)
+ return is_authorized;
+
+ /* Check the polkit authorization */
+ authority = polkit_authority_get_sync (NULL, NULL);
+ subject = polkit_unix_process_new_for_owner (getpid (), 0, -1);
+ result = polkit_authority_check_authorization_sync (authority,
+ subject,
+ "org.freedesktop.NetworkManager.settings.modify.system",
+ NULL,
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
+ NULL,
+ &error);
+ if (error || !result) {
+ g_warning ("%s: failed to check polkit authorization! %s", __func__,
+ error ? error->message : "(unknown)");
+ g_clear_error (&error);
+ } else if (polkit_authorization_result_get_is_authorized (result)) {
+ is_authorized = TRUE;
+ }
+ g_object_unref (result);
+ g_object_unref (authority);
+ g_object_unref (subject);
+
+ is_checked = TRUE;
+
+ return is_authorized;
+}
const char *
nma_bt_device_get_bdaddr (NmaBtDevice *device)
@@ -368,6 +408,12 @@ dun_new_cdma (NMAMobileWizardAccessMetho
NULL);
g_free (uuid);
g_free (id);
+ if (!polkit_system_connection_authorized ()) {
+ nm_setting_connection_add_permission ((NMSettingConnection *)setting,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
nm_connection_add_setting (connection, setting);
return connection;
@@ -414,6 +460,12 @@ dun_new_gsm (NMAMobileWizardAccessMethod
NULL);
g_free (uuid);
g_free (id);
+ if (!polkit_system_connection_authorized ()) {
+ nm_setting_connection_add_permission ((NMSettingConnection *)setting,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
nm_connection_add_setting (connection, setting);
return connection;
@@ -978,6 +1030,12 @@ add_pan_connection (NmaBtDevice *self)
NULL);
g_free (id);
g_free (uuid);
+ if (!polkit_system_connection_authorized ()) {
+ nm_setting_connection_add_permission ((NMSettingConnection *)setting,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
nm_connection_add_setting (connection, setting);
/* The Bluetooth settings */
Index: network-manager-applet-1.0.10/src/mobile-helpers.c
===================================================================
--- network-manager-applet-1.0.10.orig/src/mobile-helpers.c
+++ network-manager-applet-1.0.10/src/mobile-helpers.c
@@ -219,6 +219,12 @@ mobile_wizard_done (NMAMobileWizard *wiz
"user", g_get_user_name (), NULL);
g_free (uuid);
g_free (id);
+ if (!utils_system_connection_authorized ()) {
+ nm_setting_connection_add_permission ((NMSettingConnection *)setting,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
nm_connection_add_setting (connection, setting);
}
Index: network-manager-applet-1.0.10/src/utils/Makefile.am
===================================================================
--- network-manager-applet-1.0.10.orig/src/utils/Makefile.am
+++ network-manager-applet-1.0.10/src/utils/Makefile.am
@@ -10,7 +10,8 @@ libutils_la_SOURCES = \
libutils_la_CPPFLAGS = \
$(GTK_CFLAGS) \
$(NMA_CFLAGS) \
+ $(POLKIT_CFLAGS) \
$(DISABLE_DEPRECATED) \
-I${top_srcdir}/src
-libutils_la_LIBADD = $(GTK_LIBS) $(NMA_LIBS)
+libutils_la_LIBADD = $(GTK_LIBS) $(NMA_LIBS) $(POLKIT_LIBS)
Index: network-manager-applet-1.0.10/src/utils/utils.c
===================================================================
--- network-manager-applet-1.0.10.orig/src/utils/utils.c
+++ network-manager-applet-1.0.10/src/utils/utils.c
@@ -27,6 +27,8 @@
#include <glib/gi18n.h>
#include <gtk/gtk.h>
+#include <polkit/polkit.h>
+
#include <nm-setting-connection.h>
#include <nm-utils.h>
@@ -286,3 +288,41 @@ utils_filter_editable_on_insert_text (Gt
return count > 0;
}
+gboolean
+utils_system_connection_authorized (void)
+{
+ PolkitSubject *subject;
+ PolkitAuthority *authority;
+ PolkitAuthorizationResult *result;
+ GError *error = NULL;
+ static gboolean is_checked = FALSE;
+ static gboolean is_authorized = FALSE;
+
+ if (is_checked)
+ return is_authorized;
+
+ /* Check the polkit authorization */
+ authority = polkit_authority_get_sync (NULL, NULL);
+ subject = polkit_unix_process_new_for_owner (getpid (), 0, -1);
+ result = polkit_authority_check_authorization_sync (authority,
+ subject,
+ "org.freedesktop.NetworkManager.settings.modify.system",
+ NULL,
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
+ NULL,
+ &error);
+ if (error || !result) {
+ g_warning ("%s: failed to check polkit authorization! %s", __func__,
+ error ? error->message : "(unknown)");
+ g_clear_error (&error);
+ } else if (polkit_authorization_result_get_is_authorized (result)) {
+ is_authorized = TRUE;
+ }
+ g_object_unref (result);
+ g_object_unref (authority);
+ g_object_unref (subject);
+
+ is_checked = TRUE;
+
+ return is_authorized;
+}
Index: network-manager-applet-1.0.10/src/utils/utils.h
===================================================================
--- network-manager-applet-1.0.10.orig/src/utils/utils.h
+++ network-manager-applet-1.0.10/src/utils/utils.h
@@ -107,5 +107,7 @@ gboolean utils_filter_editable_on_insert
UtilsFilterGtkEditableFunc validate_character,
gpointer block_func);
+gboolean utils_system_connection_authorized (void);
+
#endif /* UTILS_H */
