Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:zhy20120210:failed_1
NetworkManager
nm-finer-policy-fate#305657.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nm-finer-policy-fate#305657.patch of Package NetworkManager
Index: NetworkManager-0.7.0/src/Makefile.am =================================================================== --- NetworkManager-0.7.0.orig/src/Makefile.am +++ NetworkManager-0.7.0/src/Makefile.am @@ -66,7 +66,9 @@ NetworkManager_SOURCES = \ nm-netlink.c \ nm-netlink.h \ nm-dhcp4-config.c \ - nm-dhcp4-config.h + nm-dhcp4-config.h \ + nm-polkit.c \ + nm-polkit.h nm-access-point-glue.h: $(top_srcdir)/introspection/nm-access-point.xml dbus-binding-tool --prefix=nm_access_point --mode=glib-server --output=$@ $< @@ -108,6 +110,7 @@ NetworkManager_CPPFLAGS = \ $(HAL_CFLAGS) \ $(OPENSSL_CFLAGS) \ $(LIBNL_CFLAGS) \ + $(POLKIT_CFLAGS) \ -DDBUS_API_SUBJECT_TO_CHANGE \ -DG_DISABLE_DEPRECATED \ -DBINDIR=\"$(bindir)\" \ @@ -125,6 +128,7 @@ NetworkManager_LDADD = \ $(GTHREAD_LIBS) \ $(HAL_LIBS) \ $(LIBNL_LIBS) \ + $(POLKIT_LIBS) \ $(top_builddir)/marshallers/libmarshallers.la \ ./named-manager/libnamed-manager.la \ ./vpn-manager/libvpn-manager.la \ Index: NetworkManager-0.7.0/src/NetworkManagerPolicy.c =================================================================== --- NetworkManager-0.7.0.orig/src/NetworkManagerPolicy.c +++ NetworkManager-0.7.0/src/NetworkManagerPolicy.c @@ -635,13 +635,14 @@ auto_activate_device (gpointer user_data if (best_connection) { GError *error = NULL; const char *device_path; - + device_path = nm_device_get_udi (data->device); if (!nm_manager_activate_connection (policy->manager, best_connection, specific_object, device_path, FALSE, + NULL, &error)) { NMSettingConnection *s_con; @@ -869,7 +870,6 @@ static void schedule_activate_all (NMPolicy *policy) { GSList *iter, *devices; - devices = nm_manager_get_devices (policy->manager); for (iter = devices; iter; iter = g_slist_next (iter)) schedule_activate_check (policy, NM_DEVICE (iter->data)); Index: NetworkManager-0.7.0/src/nm-manager.c =================================================================== --- NetworkManager-0.7.0.orig/src/nm-manager.c +++ NetworkManager-0.7.0/src/nm-manager.c @@ -23,6 +23,7 @@ #include <string.h> #include <dbus/dbus-glib-lowlevel.h> #include <dbus/dbus-glib.h> +#include <polkit-dbus/polkit-dbus.h> #include "nm-manager.h" #include "nm-utils.h" @@ -35,11 +36,18 @@ #include "NetworkManagerSystem.h" #include "nm-properties-changed-signal.h" #include "nm-setting-connection.h" +#include "nm-setting-cdma.h" +#include "nm-setting-wired.h" +#include "nm-setting-gsm.h" +#include "nm-setting-ppp.h" +#include "nm-setting-vpn.h" +#include "nm-setting-wireless.h" #include "nm-setting-wireless.h" #include "nm-setting-vpn.h" #include "nm-marshal.h" #include "nm-dbus-glib-types.h" #include "nm-hal-manager.h" +#include "nm-polkit.h" #define NM_AUTOIP_DBUS_SERVICE "org.freedesktop.nm_avahi_autoipd" #define NM_AUTOIP_DBUS_IFACE "org.freedesktop.nm_avahi_autoipd" @@ -127,6 +135,8 @@ typedef struct { GSList *unmanaged_udis; char *hostname; + NMPolKit * nm_polkit; + PendingConnectionInfo *pending_connection_info; gboolean wireless_enabled; gboolean wireless_hw_enabled; @@ -337,6 +347,8 @@ nm_manager_init (NMManager *manager) g_free, g_object_unref); + priv->nm_polkit = nm_polkit_get(); + priv->system_connections = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, @@ -529,6 +541,11 @@ dispose (GObject *object) g_free (priv->hostname); + if (priv->nm_polkit) { + g_object_unref(priv->nm_polkit); + priv->nm_polkit = NULL; + } + if (priv->system_props_proxy) { g_object_unref (priv->system_props_proxy); priv->system_props_proxy = NULL; @@ -1919,12 +1936,84 @@ wait_for_connection_expired (gpointer da return FALSE; } + +static gboolean +is_user_request_connection_type_authorized(NMManager *manager, const char *dbus_sender, NMConnection *connection, GError **error) +{ + const char *action_id = NULL; + DBusGConnection *dbus_connection; + NMSettingConnection *s_con; + const char *connection_type; + NMManagerPrivate *priv; + NMSettingIP4Config * s_ip4; + const char * ip4_method; + gboolean is_shared = FALSE; + + priv = NM_MANAGER_GET_PRIVATE(manager); + + s_con = NM_SETTING_CONNECTION(nm_connection_get_setting(connection, NM_TYPE_SETTING_CONNECTION)); + connection_type = s_con ? nm_setting_connection_get_connection_type(s_con) : NULL; + + s_ip4 = NM_SETTING_IP4_CONFIG (nm_connection_get_setting (connection, NM_TYPE_SETTING_IP4_CONFIG)); + + if (s_ip4) { + ip4_method = nm_setting_ip4_config_get_method (s_ip4); + if (!strcmp (ip4_method, "shared")) { + is_shared = TRUE; + } + } + + if (!strcmp(connection_type, NM_SETTING_WIRED_SETTING_NAME)) { + if (is_shared) { + action_id = NM_POLICY_ACTION_USER_WIRED_APPLY_WITH_SHARE; + } else { + action_id = NM_POLICY_ACTION_USER_WIRED_APPLY; + } + } else if (!strcmp(connection_type, NM_SETTING_WIRELESS_SETTING_NAME)) { + if (is_shared) { + action_id = NM_POLICY_ACTION_USER_WIRELESS_APPLY_WITH_SHARE; + } else { + action_id = NM_POLICY_ACTION_USER_WIRELESS_APPLY; + } + } else if (!strcmp(connection_type, NM_SETTING_VPN_SETTING_NAME)) { + if (is_shared) { + action_id = NM_POLICY_ACTION_USER_VPN_APPLY_WITH_SHARE; + } else { + action_id = NM_POLICY_ACTION_USER_VPN_APPLY; + } + } else if (!strcmp(connection_type, NM_SETTING_PPP_SETTING_NAME)) { + if (is_shared) { + action_id = NM_POLICY_ACTION_USER_DSL_APPLY_WITH_SHARE; + } else { + action_id = NM_POLICY_ACTION_USER_DSL_APPLY; + } + } else if (!strcmp(connection_type, NM_SETTING_CDMA_SETTING_NAME) + || !strcmp(connection_type, NM_SETTING_GSM_SETTING_NAME)) { + if (is_shared) { + action_id = NM_POLICY_ACTION_USER_MOBILE_APPLY_WITH_SHARE; + } else { + action_id = NM_POLICY_ACTION_USER_MOBILE_APPLY; + } + } else { + g_set_error(error, + NM_MANAGER_ERROR, + NM_MANAGER_ERROR_UNKNOWN_CONNECTION, + "%s", "Could not distinguish the type of connection to be actived."); + return FALSE; + } + + dbus_connection = nm_dbus_manager_get_connection(priv->dbus_mgr); + + return nm_polkit_check_privileges(priv->nm_polkit, dbus_connection, dbus_sender, action_id, error); +} + const char * nm_manager_activate_connection (NMManager *manager, NMConnection *connection, const char *specific_object, const char *device_path, gboolean user_requested, + const char *dbus_sender, GError **error) { NMDevice *device = NULL; @@ -1936,9 +2025,40 @@ nm_manager_activate_connection (NMManage g_return_val_if_fail (error != NULL, NULL); g_return_val_if_fail (*error == NULL, NULL); + /* polkit check */ + if (nm_connection_get_scope(connection) == NM_CONNECTION_SCOPE_USER) { + const char * service_name; + const char * service_owner; + NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (manager); + + if (dbus_sender == NULL) { + service_name = dbus_g_proxy_get_bus_name (priv->user_proxy); + if (!service_name) { + g_set_error (error, NM_MANAGER_ERROR, + NM_MANAGER_ERROR_PERMISSION_DENIED, + "%s", "Could not determine user settings service name"); + return NULL; + } + service_owner = nm_dbus_manager_get_name_owner (priv->dbus_mgr, service_name, NULL); + if (!service_owner) { + g_set_error (error, NM_MANAGER_ERROR, + NM_MANAGER_ERROR_PERMISSION_DENIED, + "%s", "Could not determine D-Bus owner of the user settings service"); + return NULL; + } + + } else { + service_owner = dbus_sender; + } + if (!is_user_request_connection_type_authorized(manager, service_owner, connection, error)) { + return NULL; + } + } + s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); g_assert (s_con); + if (!strcmp (nm_setting_connection_get_connection_type (s_con), NM_SETTING_VPN_SETTING_NAME)) { NMActRequest *req; NMVPNManager *vpn_manager; @@ -2024,6 +2144,7 @@ connection_added_default_handler (NMMana info->specific_object_path, info->device_path, TRUE, + NULL, &error); if (path) { dbus_g_method_return (info->context, path); @@ -2134,6 +2255,7 @@ out: return success; } + static void impl_manager_activate_connection (NMManager *manager, const char *service_name, @@ -2147,11 +2269,12 @@ impl_manager_activate_connection (NMMana GError *error = NULL; char *real_sop = NULL; char *path = NULL; + const char * dbus_sender = NULL; if (!strcmp (service_name, NM_DBUS_SERVICE_USER_SETTINGS)) { if (!is_user_request_authorized (manager, context, &error)) goto err; - + dbus_sender = dbus_g_method_get_sender (context); scope = NM_CONNECTION_SCOPE_USER; } else if (!strcmp (service_name, NM_DBUS_SERVICE_SYSTEM_SETTINGS)) scope = NM_CONNECTION_SCOPE_SYSTEM; @@ -2173,6 +2296,7 @@ impl_manager_activate_connection (NMMana real_sop, device_path, TRUE, + dbus_sender, &error); if (path) { dbus_g_method_return (context, path); Index: NetworkManager-0.7.0/src/nm-manager.h =================================================================== --- NetworkManager-0.7.0.orig/src/nm-manager.h +++ NetworkManager-0.7.0/src/nm-manager.h @@ -87,6 +87,7 @@ const char * nm_manager_activate_connect const char *specific_object, const char *device_path, gboolean user_requested, + const char *dbus_sender, GError **error); gboolean nm_manager_deactivate_connection (NMManager *manager, Index: NetworkManager-0.7.0/src/nm-polkit.c =================================================================== --- /dev/null +++ NetworkManager-0.7.0/src/nm-polkit.c @@ -0,0 +1,201 @@ +/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ +/* NetworkManager system settings service + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * (C) Copyright 2008 Novell, Inc. + * (C) Copyright 2008 Red Hat, Inc. + */ + + +#include <polkit-dbus/polkit-dbus.h> +#include "nm-polkit.h" + +G_DEFINE_TYPE(NMPolKit, nm_polkit, G_TYPE_OBJECT); + +struct NMPolKitPrivate { + PolKitContext *context; +}; + +GQuark +nm_polkit_error_quark(void) +{ + static GQuark error_quark = 0; + if (error_quark == 0) { + error_quark = g_quark_from_static_string("nm-polkit-error"); + } + return error_quark; +} + +static gboolean +pk_io_watch_have_data (GIOChannel *channel, GIOCondition condition, gpointer user_data) +{ + int fd; + PolKitContext *pk_context = (PolKitContext *) user_data; + + fd = g_io_channel_unix_get_fd (channel); + polkit_context_io_func (pk_context, fd); + + return TRUE; +} + +static int +pk_io_add_watch (PolKitContext *pk_context, int fd) +{ + guint id = 0; + GIOChannel *channel; + + channel = g_io_channel_unix_new (fd); + if (channel == NULL) + goto out; + id = g_io_add_watch (channel, G_IO_IN, pk_io_watch_have_data, pk_context); + if (id == 0) { + g_io_channel_unref (channel); + goto out; + } + g_io_channel_unref (channel); + + out: + return id; +} + +static void +pk_io_remove_watch (PolKitContext *pk_context, int watch_id) +{ + g_source_remove (watch_id); +} + +static PolKitContext * +create_polkit_context (void) +{ + PolKitContext *pk_context = NULL; + PolKitError *err; + + pk_context = polkit_context_new (); + polkit_context_set_io_watch_functions (pk_context, pk_io_add_watch, pk_io_remove_watch); + err = NULL; + if (!polkit_context_init (pk_context, &err)) { + g_warning ("Cannot initialize libpolkit: %s", + err ? polkit_error_get_error_message (err) : "unknown error"); + if (err) + polkit_error_free (err); + + /* PK 0.6's polkit_context_init() unrefs the global_context on failure */ +#if (POLKIT_VERSION_MAJOR == 0) && (POLKIT_VERSION_MINOR >= 7) + polkit_context_unref (pk_context); +#endif + pk_context = NULL; + } + + return pk_context; +} + +gboolean +nm_polkit_check_privileges (NMPolKit *polkit, + DBusGConnection *dbus_connection, + const char * dbus_sender, + const char * action_id, + GError **err) +{ + DBusError dbus_error; + PolKitCaller *pk_caller; + PolKitAction *pk_action; + PolKitResult pk_result; + PolKitContext *pol_ctx; + + g_return_val_if_fail (NM_IS_POLKIT(polkit), FALSE); + g_return_val_if_fail (dbus_connection != NULL, FALSE); + g_return_val_if_fail (dbus_sender != NULL, FALSE); + + pol_ctx = polkit->priv->context; + + dbus_error_init (&dbus_error); + pk_caller = polkit_caller_new_from_dbus_name (dbus_g_connection_get_connection (dbus_connection), + dbus_sender, + &dbus_error); + + if (dbus_error_is_set (&dbus_error)) { + *err = g_error_new (NM_POLKIT_ERROR, + NM_POLKIT_ERROR_NOT_PRIVILEGED, + "Error getting information about caller: %s: %s", + dbus_error.name, dbus_error.message); + dbus_error_free (&dbus_error); + + if (pk_caller) + polkit_caller_unref (pk_caller); + + return FALSE; + } + + pk_action = polkit_action_new (); + polkit_action_set_action_id (pk_action, action_id); + +#if (POLKIT_VERSION_MAJOR == 0) && (POLKIT_VERSION_MINOR < 7) + pk_result = polkit_context_can_caller_do_action (pol_ctx, pk_action, pk_caller); +#else + pk_result = polkit_context_is_caller_authorized (pol_ctx, pk_action, pk_caller, TRUE, NULL); +#endif + polkit_caller_unref (pk_caller); + polkit_action_unref (pk_action); + + if (pk_result != POLKIT_RESULT_YES) { + *err = g_error_new (NM_POLKIT_ERROR, + NM_POLKIT_ERROR_NOT_PRIVILEGED, + "%s %s", + action_id, + polkit_result_to_string_representation (pk_result)); + return FALSE; + } + + return TRUE; +} + + +static void +nm_polkit_init(NMPolKit *nm_polkit) +{ + nm_polkit->priv = G_TYPE_INSTANCE_GET_PRIVATE(nm_polkit, NM_TYPE_POLKIT, NMPolKitPrivate); + nm_polkit->priv->context = create_polkit_context(); +} + +static void +finalize(GObject *polkit_obj) +{ + NMPolKit *nm_polkit = (NMPolKit *)polkit_obj; + if (nm_polkit->priv->context) { + polkit_context_unref(nm_polkit->priv->context); + } + G_OBJECT_CLASS(nm_polkit_parent_class)->finalize(polkit_obj); +} + +static void +nm_polkit_class_init(NMPolKitClass * nm_polkit_class) +{ + GObjectClass *object_class = (GObjectClass *)nm_polkit_class; + object_class->finalize = finalize; + g_type_class_add_private (nm_polkit_class, sizeof(NMPolKitPrivate)); +} + +NMPolKit * +nm_polkit_get(void) +{ + static NMPolKit *singleton = NULL; + if (!singleton) { + singleton = NM_POLKIT(g_object_new(NM_TYPE_POLKIT, NULL)); + } else { + g_object_ref (singleton); + } + return singleton; +} Index: NetworkManager-0.7.0/src/nm-polkit.h =================================================================== --- /dev/null +++ NetworkManager-0.7.0/src/nm-polkit.h @@ -0,0 +1,78 @@ +/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ +/* NetworkManager system settings service + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * (C) Copyright 2008 Novell, Inc. + * (C) Copyright 2008 Red Hat, Inc. + */ + +#ifndef NM_POLKIT_H +#define NM_POLKIT_H + +#include <glib-object.h> +#include <dbus/dbus-glib.h> +#include <dbus/dbus-glib-lowlevel.h> + +#define NM_TYPE_POLKIT (nm_polkit_get_type()) +#define NM_POLKIT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), NM_TYPE_POLKIT, NMPolKit)) +#define NM_POLKIT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), NM_TYPE_POLKIT, NMPolKitClass)) +#define NM_IS_POLKIT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), NM_TYPE_POLKIT)) +#define NM_IS_POLKIT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), NM_TYPE_POLKIT)) +#define NM_POLKIT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), NM_TYPE_POLKIT, NMPolKitClass)) +#define NM_POLKIT_ERROR (nm_polkit_error_quark()) + +#define NM_POLICY_ACTION_USER_WIRED_APPLY "org.freedesktop.network-manager-settings.user.wired.apply" +#define NM_POLICY_ACTION_USER_WIRELESS_APPLY "org.freedesktop.network-manager-settings.user.wireless.apply" +#define NM_POLICY_ACTION_USER_MOBILE_APPLY "org.freedesktop.network-manager-settings.user.mobile.apply" +#define NM_POLICY_ACTION_USER_VPN_APPLY "org.freedesktop.network-manager-settings.user.vpn.apply" +#define NM_POLICY_ACTION_USER_DSL_APPLY "org.freedesktop.network-manager-settings.user.dsl.apply" + +#define NM_POLICY_ACTION_USER_WIRED_APPLY_WITH_SHARE "org.freedesktop.network-manager-settings.user.wired.apply-with-share" +#define NM_POLICY_ACTION_USER_WIRELESS_APPLY_WITH_SHARE "org.freedesktop.network-manager-settings.user.wireless.apply-with-share" +#define NM_POLICY_ACTION_USER_MOBILE_APPLY_WITH_SHARE "org.freedesktop.network-manager-settings.user.mobile.apply-with-share" +#define NM_POLICY_ACTION_USER_VPN_APPLY_WITH_SHARE "org.freedesktop.network-manager-settings.user.vpn.apply-with-share" +#define NM_POLICY_ACTION_USER_DSL_APPLY_WITH_SHARE "org.freedesktop.network-manager-settings.user.dsl.apply-with-share" + + + +typedef enum { + NM_POLKIT_ERROR_GERNERIC = 0, + NM_POLKIT_ERROR_NOT_PRIVILEGED, +} NMPolKitError; + +typedef struct { + GObjectClass parent; +}NMPolKitClass; + +typedef struct NMPolKitPrivate NMPolKitPrivate; + +typedef struct { + GObject parent; + NMPolKitPrivate *priv; +} NMPolKit; + +GType nm_polkit_get_type (void); +GQuark nm_polkit_error_quark (void); + +NMPolKit *nm_polkit_get(void); + +gboolean nm_polkit_check_privileges (NMPolKit *polkit, + DBusGConnection *dbus_connection, + const char * dbus_sender, + const char * action_id, + GError **err); + +#endif /* NM_POLKIT_H */ Index: NetworkManager-0.7.0/system-settings/src/dbus-settings.c =================================================================== --- NetworkManager-0.7.0.orig/system-settings/src/dbus-settings.c +++ NetworkManager-0.7.0/system-settings/src/dbus-settings.c @@ -36,6 +36,13 @@ #include "nm-polkit-helpers.h" #include "nm-system-config-error.h" #include "nm-utils.h" +#include "nm-setting-cdma.h" +#include "nm-setting-wired.h" +#include "nm-setting-gsm.h" +#include "nm-setting-ppp.h" +#include "nm-setting-vpn.h" +#include "nm-setting-wireless.h" + static gboolean impl_settings_add_connection (NMSysconfigSettings *self, GHashTable *hash, DBusGMethodInvocation *context); @@ -588,7 +595,11 @@ impl_settings_add_connection (NMSysconfi DBusGMethodInvocation *context) { NMSysconfigSettingsPrivate *priv = NM_SYSCONFIG_SETTINGS_GET_PRIVATE (self); + NMConnection *connection; + NMSettingConnection *s_con; GError *err = NULL; + const char *connection_type; + const char *action_id; /* Do any of the plugins support adding? */ if (!nm_sysconfig_settings_get_plugin (self, NM_SYSTEM_CONFIG_INTERFACE_CAP_MODIFY_CONNECTIONS)) { @@ -598,7 +609,51 @@ impl_settings_add_connection (NMSysconfi goto out; } - if (!check_polkit_privileges (priv->g_connection, priv->pol_ctx, context, &err)) + + connection = nm_connection_new_from_hash (hash, &err); + if (!connection) { + /* Invalid connection hash */ + goto out; + } + + s_con = NM_SETTING_CONNECTION(nm_connection_get_setting(connection, NM_TYPE_SETTING_CONNECTION)); + connection_type = s_con ? nm_setting_connection_get_connection_type(s_con) : NULL; + + if (connection_type == NULL) { + err = g_error_new(NM_SYSCONFIG_SETTINGS_ERROR, + NM_SYSCONFIG_SETTINGS_ERROR_ADD_REQUEST_CONFUSION, + "%s", "Could not distinguish the type to be added."); + goto out; + } + + if (!strcmp(connection_type, NM_SETTING_WIRED_SETTING_NAME)) { + action_id = NM_SYSCONFIG_POLICY_ACTION_SYSTEM_WIRED_MODIFY; + + } else if (!strcmp(connection_type, NM_SETTING_WIRELESS_SETTING_NAME)) { + action_id = NM_SYSCONFIG_POLICY_ACTION_SYSTEM_WIRELESS_MODIFY; + } else if (!strcmp(connection_type, NM_SETTING_VPN_SETTING_NAME)) { + action_id = NM_SYSCONFIG_POLICY_ACTION_SYSTEM_VPN_MODIFY; + } else if (!strcmp(connection_type, NM_SETTING_PPP_SETTING_NAME)) { + action_id = NM_SYSCONFIG_POLICY_ACTION_SYSTEM_DSL_MODIFY; + } else if (!strcmp(connection_type, NM_SETTING_CDMA_SETTING_NAME) + || !strcmp(connection_type, NM_SETTING_GSM_SETTING_NAME)) { + action_id = NM_SYSCONFIG_POLICY_ACTION_SYSTEM_MOBILE_MODIFY; + } else { + err = g_error_new(NM_SYSCONFIG_SETTINGS_ERROR, + NM_SYSCONFIG_SETTINGS_ERROR_ADD_NOT_SUPPORTED, + "%s", "Could not distinguish the type to be added."); + goto out; + } + + /* hope nm_connection_verify can detect mix settings */ + if (nm_connection_verify(connection, &err) == FALSE) { + err = g_error_new(NM_SYSCONFIG_SETTINGS_ERROR, + NM_SYSCONFIG_SETTINGS_ERROR_ADD_NOT_SUPPORTED, + "%s", "Connection settings is invalid"); + goto out; + } + + if (!check_polkit_privileges (priv->g_connection, priv->pol_ctx, context, action_id, &err)) goto out; nm_sysconfig_settings_add_new_connection (self, hash, &err); @@ -632,7 +687,8 @@ impl_settings_save_hostname (NMSysconfig goto out; } - if (!check_polkit_privileges (priv->g_connection, priv->pol_ctx, context, &err)) + // if (!check_polkit_privileges (priv->g_connection, priv->pol_ctx, context, NM_SYSCONFIG_POLICY_ACTION_SYSTEM_HOSTNAME_MODIFY, &err)) + if (!check_polkit_privileges (priv->g_connection, priv->pol_ctx, context, NM_SYSCONFIG_POLICY_ACTION, &err)) goto out; /* Set the hostname in all plugins */ Index: NetworkManager-0.7.0/system-settings/src/nm-polkit-helpers.c =================================================================== --- NetworkManager-0.7.0.orig/system-settings/src/nm-polkit-helpers.c +++ NetworkManager-0.7.0/system-settings/src/nm-polkit-helpers.c @@ -93,6 +93,7 @@ gboolean check_polkit_privileges (DBusGConnection *dbus_connection, PolKitContext *pol_ctx, DBusGMethodInvocation *context, + const char * action_id, GError **err) { DBusError dbus_error; @@ -122,7 +123,7 @@ check_polkit_privileges (DBusGConnection } pk_action = polkit_action_new (); - polkit_action_set_action_id (pk_action, NM_SYSCONFIG_POLICY_ACTION); + polkit_action_set_action_id (pk_action, action_id); #if (POLKIT_VERSION_MAJOR == 0) && (POLKIT_VERSION_MINOR < 7) pk_result = polkit_context_can_caller_do_action (pol_ctx, pk_action, pk_caller); @@ -136,7 +137,7 @@ check_polkit_privileges (DBusGConnection *err = g_error_new (NM_SYSCONFIG_SETTINGS_ERROR, NM_SYSCONFIG_SETTINGS_ERROR_NOT_PRIVILEGED, "%s %s", - NM_SYSCONFIG_POLICY_ACTION, + action_id, polkit_result_to_string_representation (pk_result)); return FALSE; } Index: NetworkManager-0.7.0/system-settings/src/nm-polkit-helpers.h =================================================================== --- NetworkManager-0.7.0.orig/system-settings/src/nm-polkit-helpers.h +++ NetworkManager-0.7.0/system-settings/src/nm-polkit-helpers.h @@ -28,10 +28,17 @@ #define NM_SYSCONFIG_POLICY_ACTION "org.freedesktop.network-manager-settings.system.modify" +#define NM_SYSCONFIG_POLICY_ACTION_SYSTEM_WIRED_MODIFY "org.freedesktop.network-manager-settings.system.wired.modify" +#define NM_SYSCONFIG_POLICY_ACTION_SYSTEM_WIRELESS_MODIFY "org.freedesktop.network-manager-settings.system.wireless.modify" +#define NM_SYSCONFIG_POLICY_ACTION_SYSTEM_MOBILE_MODIFY "org.freedesktop.network-manager-settings.system.mobile.modify" +#define NM_SYSCONFIG_POLICY_ACTION_SYSTEM_VPN_MODIFY "org.freedesktop.network-manager-settings.system.vpn.modify" +#define NM_SYSCONFIG_POLICY_ACTION_SYSTEM_DSL_MODIFY "org.freedesktop.network-manager-settings.system.dsl.modify" + PolKitContext *create_polkit_context (void); gboolean check_polkit_privileges (DBusGConnection *dbus_connection, PolKitContext *pol_ctx, DBusGMethodInvocation *context, + const char * action_id, GError **err); #endif /* NM_POLKIT_HELPERS_H */ Index: NetworkManager-0.7.0/system-settings/src/nm-sysconfig-connection.c =================================================================== --- NetworkManager-0.7.0.orig/system-settings/src/nm-sysconfig-connection.c +++ NetworkManager-0.7.0/system-settings/src/nm-sysconfig-connection.c @@ -18,9 +18,19 @@ * (C) Copyright 2008 Novell, Inc. */ +#include <string.h> #include <NetworkManager.h> +#include "nm-connection.h" #include "nm-sysconfig-connection.h" #include "nm-polkit-helpers.h" +#include "nm-setting-connection.h" + +#include "nm-setting-cdma.h" +#include "nm-setting-wired.h" +#include "nm-setting-gsm.h" +#include "nm-setting-ppp.h" +#include "nm-setting-vpn.h" +#include "nm-setting-wireless.h" G_DEFINE_ABSTRACT_TYPE (NMSysconfigConnection, nm_sysconfig_connection, NM_TYPE_EXPORTED_CONNECTION) @@ -31,30 +41,84 @@ typedef struct { PolKitContext *pol_ctx; } NMSysconfigConnectionPrivate; +static const char * get_action_id(NMConnection * con, GError **err) +{ + NMSettingConnection *s_con; + const char * connection_type = NULL; + const char * action_id = NULL; + s_con = (NMSettingConnection *) nm_connection_get_setting (con, NM_TYPE_SETTING_CONNECTION); + if (!s_con) { + return NULL; + } + + connection_type = nm_setting_connection_get_connection_type(s_con); + if (connection_type == NULL) { + return NULL; + } + + if (!strcmp(connection_type, NM_SETTING_WIRED_SETTING_NAME)) { + action_id = NM_SYSCONFIG_POLICY_ACTION_SYSTEM_WIRED_MODIFY; + } else if (!strcmp(connection_type, NM_SETTING_WIRELESS_SETTING_NAME)) { + action_id = NM_SYSCONFIG_POLICY_ACTION_SYSTEM_WIRELESS_MODIFY; + } else if (!strcmp(connection_type, NM_SETTING_VPN_SETTING_NAME)) { + action_id = NM_SYSCONFIG_POLICY_ACTION_SYSTEM_VPN_MODIFY; + } else if (!strcmp(connection_type, NM_SETTING_PPP_SETTING_NAME)) { + action_id = NM_SYSCONFIG_POLICY_ACTION_SYSTEM_DSL_MODIFY; + } else if (!strcmp(connection_type, NM_SETTING_CDMA_SETTING_NAME) + || !strcmp(connection_type, NM_SETTING_GSM_SETTING_NAME)) { + action_id = NM_SYSCONFIG_POLICY_ACTION_SYSTEM_MOBILE_MODIFY; + } else { + return NULL; + } + return action_id; +} + static gboolean update (NMExportedConnection *exported, GHashTable *new_settings, GError **err) { + + NMSysconfigConnectionPrivate *priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (exported); DBusGMethodInvocation *context; + NMConnection *wrapped; + const char * action_id; context = g_object_get_data (G_OBJECT (exported), NM_EXPORTED_CONNECTION_DBUS_METHOD_INVOCATION); g_return_val_if_fail (context != NULL, FALSE); - return check_polkit_privileges (priv->dbus_connection, priv->pol_ctx, context, err); + wrapped = nm_exported_connection_get_connection (exported); + + action_id = get_action_id(wrapped, err); + if (action_id == NULL) { + return FALSE; + } + + return check_polkit_privileges (priv->dbus_connection, priv->pol_ctx, context, action_id, err); } + static gboolean do_delete (NMExportedConnection *exported, GError **err) { + NMSysconfigConnectionPrivate *priv = NM_SYSCONFIG_CONNECTION_GET_PRIVATE (exported); DBusGMethodInvocation *context; + NMConnection *wrapped; + const char * action_id; context = g_object_get_data (G_OBJECT (exported), NM_EXPORTED_CONNECTION_DBUS_METHOD_INVOCATION); g_return_val_if_fail (context != NULL, FALSE); - return check_polkit_privileges (priv->dbus_connection, priv->pol_ctx, context, err); + wrapped = nm_exported_connection_get_connection (exported); + action_id = get_action_id(wrapped, err); + + if (action_id == NULL) { + return FALSE; + } + + return check_polkit_privileges (priv->dbus_connection, priv->pol_ctx, context, NM_SYSCONFIG_POLICY_ACTION, err); } /* GObject */ Index: NetworkManager-0.7.0/system-settings/src/nm-system-config-error.c =================================================================== --- NetworkManager-0.7.0.orig/system-settings/src/nm-system-config-error.c +++ NetworkManager-0.7.0/system-settings/src/nm-system-config-error.c @@ -49,6 +49,7 @@ nm_sysconfig_settings_error_get_type (vo ENUM_ENTRY (NM_SYSCONFIG_SETTINGS_ERROR_ADD_FAILED, "AddFailed"), ENUM_ENTRY (NM_SYSCONFIG_SETTINGS_ERROR_SAVE_HOSTNAME_NOT_SUPPORTED, "SaveHostnameNotSupported"), ENUM_ENTRY (NM_SYSCONFIG_SETTINGS_ERROR_SAVE_HOSTNAME_FAILED, "SaveHostnameFailed"), + ENUM_ENTRY (NM_SYSCONFIG_SETTINGS_ERROR_ADD_REQUEST_CONFUSION, "NotValidRequest"), { 0, 0, 0 } }; Index: NetworkManager-0.7.0/system-settings/src/nm-system-config-error.h =================================================================== --- NetworkManager-0.7.0.orig/system-settings/src/nm-system-config-error.h +++ NetworkManager-0.7.0/system-settings/src/nm-system-config-error.h @@ -34,6 +34,7 @@ enum { NM_SYSCONFIG_SETTINGS_ERROR_ADD_FAILED, NM_SYSCONFIG_SETTINGS_ERROR_SAVE_HOSTNAME_NOT_SUPPORTED, NM_SYSCONFIG_SETTINGS_ERROR_SAVE_HOSTNAME_FAILED, + NM_SYSCONFIG_SETTINGS_ERROR_ADD_REQUEST_CONFUSION, }; #define NM_SYSCONFIG_SETTINGS_ERROR (nm_sysconfig_settings_error_quark ())
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor