From 92c236ea488f8d774a876f1e6ece410b5c920173 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 14 Feb 2012 18:41:51 +0800 Subject: [PATCH] network: create private connections if the user if not authorized This commit checks whether the polkit policy allows the user to create a system connection without authentication. If not, create private connections. https://bugzilla.gnome.org/show_bug.cgi?id=646187 --- configure.ac | 3 +- panels/network/cc-network-panel.c | 72 ++++++++++++++++++++++++++++++++++++- panels/network/cc-network-panel.h | 2 + panels/network/network-dialogs.c | 16 ++++++++ 4 files changed, 91 insertions(+), 2 deletions(-) Index: gnome-control-center-3.4.2/configure.ac =================================================================== --- gnome-control-center-3.4.2.orig/configure.ac +++ gnome-control-center-3.4.2/configure.ac @@ -105,7 +105,8 @@ PKG_CHECK_MODULES(KEYBOARD_PANEL, $COMMO PKG_CHECK_MODULES(MEDIA_PANEL, $COMMON_MODULES) PKG_CHECK_MODULES(MOUSE_PANEL, $COMMON_MODULES xi >= 1.2 gnome-settings-daemon >= $GSD_REQUIRED_VERSION x11) -PKG_CHECK_MODULES(NETWORK_PANEL, $COMMON_MODULES) +PKG_CHECK_MODULES(NETWORK_PANEL, $COMMON_MODULES + polkit-gobject-1 >= $POLKIT_REQUIRED_VERSION) PKG_CHECK_MODULES(ONLINE_ACCOUNTS_PANEL, $COMMON_MODULES goa-1.0 goa-backend-1.0) PKG_CHECK_MODULES(POWER_PANEL, $COMMON_MODULES upower-glib >= 0.9.1 gnome-settings-daemon >= $GSD_REQUIRED_VERSION) Index: gnome-control-center-3.4.2/panels/network/cc-network-panel.c =================================================================== --- gnome-control-center-3.4.2.orig/panels/network/cc-network-panel.c +++ gnome-control-center-3.4.2/panels/network/cc-network-panel.c @@ -24,6 +24,8 @@ #include #include +#include + #include "cc-network-panel.h" #include "nm-remote-settings.h" @@ -85,6 +87,9 @@ struct _CcNetworkPanelPrivate gchar *arg_device; gchar *arg_access_point; gboolean operation_done; + + /* polkit authentication check */ + gboolean default_private; }; enum { @@ -2827,8 +2832,10 @@ wireless_ap_changed_cb (GtkComboBox *com NetObject *object; NMConnection *connection; NMConnection *connection_activate = NULL; + NMConnection *partial = NULL; NMDevice *device; NMSettingWireless *setting_wireless; + NMSettingConnection *setting_con; if (panel->priv->updating_device) goto out; @@ -2897,8 +2904,17 @@ wireless_ap_changed_cb (GtkComboBox *com /* create one, as it's missing */ g_debug ("no existing connection found for %s, creating", ssid_target); + if (panel->priv->default_private) { + partial = nm_connection_new (); + setting_con = nm_setting_connection_new (); + nm_connection_add_setting (partial, NM_SETTING (setting_con)); + nm_setting_connection_add_permission (setting_con, + "user", + g_get_user_name(), + NULL); + } nm_client_add_and_activate_connection (panel->priv->client, - NULL, + partial, device, object_path, connection_add_activate_cb, panel); out: @@ -3150,6 +3166,11 @@ start_shared_connection (CcNetworkPanel "id", "Hotspot", "autoconnect", FALSE, NULL); + if (panel->priv->default_private) + nm_setting_connection_add_permission (sc, + "user", + g_get_user_name(), + NULL); nm_connection_add_setting (c, (NMSetting *)sc); sw = (NMSettingWireless *)nm_setting_wireless_new (); @@ -3373,6 +3394,24 @@ network_add_shell_header_widgets_cb (gpo } static void +check_authorization_cb (PolkitAuthority *authority, + GAsyncResult *res, + gpointer user_data) +{ + PolkitAuthorizationResult *result; + CcNetworkPanel *panel = user_data; + GError *error = NULL; + + result = polkit_authority_check_authorization_finish (authority, res, &error); + if (error != NULL) { + g_warning ("Failed to check authorization: %s", error->message); + g_error_free (error); + } else if (polkit_authorization_result_get_is_authorized (result)) { + panel->priv->default_private = FALSE; + } +} + +static void cc_network_panel_init (CcNetworkPanel *panel) { DBusGConnection *bus = NULL; @@ -3387,6 +3426,9 @@ cc_network_panel_init (CcNetworkPanel *p GtkTreeSortable *sortable; GtkWidget *widget; GtkWidget *toplevel; + PolkitSubject *subject; + PolkitAuthority *authority; + PolkitAuthorizationResult *result; panel->priv = NETWORK_PANEL_PRIVATE (panel); @@ -3666,6 +3708,28 @@ cc_network_panel_init (CcNetworkPanel *p /* add kill switch widgets when dialog activated */ panel->priv->add_header_widgets_idle = g_idle_add (network_add_shell_header_widgets_cb, panel); + + /* check the polkit authentication */ + panel->priv->default_private = TRUE; + authority = polkit_authority_get_sync (NULL, NULL); + subject = polkit_unix_process_new (getpid ()); + result = polkit_authority_check_authorization_sync (authority, + subject, + "org.freedesktop.NetworkManager.settings.modify.system", + NULL, + POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, + NULL, + &error); + if (error || !result) { + g_warning ("Failed to check polkit authorization! %s", + error->message); + g_clear_error (&error); + } else if (polkit_authorization_result_get_is_authorized (result)) { + panel->priv->default_private = FALSE; + } + g_object_unref (result); + g_object_unref (authority); + g_object_unref (subject); } void @@ -3676,3 +3740,9 @@ cc_network_panel_register (GIOModule *mo CC_TYPE_NETWORK_PANEL, "network", 0); } + +gboolean +cc_network_panel_get_default_private (CcNetworkPanel *panel) +{ + return panel->priv->default_private; +} Index: gnome-control-center-3.4.2/panels/network/cc-network-panel.h =================================================================== --- gnome-control-center-3.4.2.orig/panels/network/cc-network-panel.h +++ gnome-control-center-3.4.2/panels/network/cc-network-panel.h @@ -67,6 +67,8 @@ GType cc_network_panel_get_type (void) G void cc_network_panel_register (GIOModule *module); +gboolean cc_network_panel_get_default_private (CcNetworkPanel *panel); + G_END_DECLS #endif /* _CC_NETWORK_PANEL_H */ Index: gnome-control-center-3.4.2/panels/network/network-dialogs.c =================================================================== --- gnome-control-center-3.4.2.orig/panels/network/network-dialogs.c +++ gnome-control-center-3.4.2/panels/network/network-dialogs.c @@ -41,6 +41,7 @@ typedef struct { NMClient *client; NMRemoteSettings *settings; NMDevice *device; + gboolean default_private; } MobileDialogClosure; static void @@ -288,6 +289,8 @@ cc_network_panel_connect_to_8021x_networ uuid = nm_utils_uuid_generate (); g_object_set (s_con, NM_SETTING_CONNECTION_UUID, uuid, NULL); g_free (uuid); + if (cc_network_panel_get_default_private (panel)) + nm_setting_connection_add_permission (s_con, "user", g_get_user_name(), NULL); nm_connection_add_setting (connection, NM_SETTING (s_con)); s_wifi = (NMSettingWireless *) nm_setting_wireless_new (); @@ -345,6 +348,7 @@ cdma_mobile_wizard_done (NMAMobileWizard if (!canceled && method) { NMSetting *setting; char *uuid, *id; + MobileDialogClosure *closure = user_data; if (method->devtype != NM_DEVICE_MODEM_CAPABILITY_CDMA_EVDO) { g_warning ("Unexpected device type (not CDMA)."); @@ -388,6 +392,11 @@ cdma_mobile_wizard_done (NMAMobileWizard NULL); g_free (uuid); g_free (id); + if (closure->default_private) + nm_setting_connection_add_permission ((NMSettingConnection *)setting, + "user", + g_get_user_name(), + NULL); nm_connection_add_setting (connection, setting); } @@ -407,6 +416,7 @@ gsm_mobile_wizard_done (NMAMobileWizard if (!canceled && method) { NMSetting *setting; char *uuid, *id; + MobileDialogClosure *closure = user_data; if (method->devtype != NM_DEVICE_MODEM_CAPABILITY_GSM_UMTS) { g_warning ("Unexpected device type (not GSM)."); @@ -451,6 +461,11 @@ gsm_mobile_wizard_done (NMAMobileWizard NULL); g_free (uuid); g_free (id); + if (closure->default_private) + nm_setting_connection_add_permission ((NMSettingConnection *)setting, + "user", + g_get_user_name(), + NULL); nm_connection_add_setting (connection, setting); } @@ -480,6 +495,7 @@ cc_network_panel_connect_to_3g_network ( closure->client = g_object_ref (client); closure->settings = g_object_ref (settings); closure->device = g_object_ref (device); + closure->default_private = cc_network_panel_get_default_private (panel); caps = nm_device_modem_get_current_capabilities (NM_DEVICE_MODEM (device)); if (caps & NM_DEVICE_MODEM_CAPABILITY_GSM_UMTS) {