From 92c236ea488f8d774a876f1e6ece410b5c920173 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <chingpang@gmail.com>
Date: Tue, 14 Feb 2012 18:41:51 +0800
Subject: [PATCH] network: create private connections if the user if not
authorized
This commit checks whether the polkit policy allows the user to
create a system connection without authentication. If not, create
private connections.
https://bugzilla.gnome.org/show_bug.cgi?id=646187
---
configure.ac | 3 +-
panels/network/cc-network-panel.c | 72 ++++++++++++++++++++++++++++++++++++-
panels/network/cc-network-panel.h | 2 +
panels/network/network-dialogs.c | 16 ++++++++
4 files changed, 91 insertions(+), 2 deletions(-)
Index: gnome-control-center-3.4.2/configure.ac
===================================================================
--- gnome-control-center-3.4.2.orig/configure.ac
+++ gnome-control-center-3.4.2/configure.ac
@@ -105,7 +105,8 @@ PKG_CHECK_MODULES(KEYBOARD_PANEL, $COMMO
PKG_CHECK_MODULES(MEDIA_PANEL, $COMMON_MODULES)
PKG_CHECK_MODULES(MOUSE_PANEL, $COMMON_MODULES xi >= 1.2
gnome-settings-daemon >= $GSD_REQUIRED_VERSION x11)
-PKG_CHECK_MODULES(NETWORK_PANEL, $COMMON_MODULES)
+PKG_CHECK_MODULES(NETWORK_PANEL, $COMMON_MODULES
+ polkit-gobject-1 >= $POLKIT_REQUIRED_VERSION)
PKG_CHECK_MODULES(ONLINE_ACCOUNTS_PANEL, $COMMON_MODULES goa-1.0 goa-backend-1.0)
PKG_CHECK_MODULES(POWER_PANEL, $COMMON_MODULES upower-glib >= 0.9.1
gnome-settings-daemon >= $GSD_REQUIRED_VERSION)
Index: gnome-control-center-3.4.2/panels/network/cc-network-panel.c
===================================================================
--- gnome-control-center-3.4.2.orig/panels/network/cc-network-panel.c
+++ gnome-control-center-3.4.2/panels/network/cc-network-panel.c
@@ -24,6 +24,8 @@
#include <netinet/ether.h>
#include <stdlib.h>
+#include <polkit/polkit.h>
+
#include "cc-network-panel.h"
#include "nm-remote-settings.h"
@@ -85,6 +87,9 @@ struct _CcNetworkPanelPrivate
gchar *arg_device;
gchar *arg_access_point;
gboolean operation_done;
+
+ /* polkit authentication check */
+ gboolean default_private;
};
enum {
@@ -2827,8 +2832,10 @@ wireless_ap_changed_cb (GtkComboBox *com
NetObject *object;
NMConnection *connection;
NMConnection *connection_activate = NULL;
+ NMConnection *partial = NULL;
NMDevice *device;
NMSettingWireless *setting_wireless;
+ NMSettingConnection *setting_con;
if (panel->priv->updating_device)
goto out;
@@ -2897,8 +2904,17 @@ wireless_ap_changed_cb (GtkComboBox *com
/* create one, as it's missing */
g_debug ("no existing connection found for %s, creating",
ssid_target);
+ if (panel->priv->default_private) {
+ partial = nm_connection_new ();
+ setting_con = nm_setting_connection_new ();
+ nm_connection_add_setting (partial, NM_SETTING (setting_con));
+ nm_setting_connection_add_permission (setting_con,
+ "user",
+ g_get_user_name(),
+ NULL);
+ }
nm_client_add_and_activate_connection (panel->priv->client,
- NULL,
+ partial,
device, object_path,
connection_add_activate_cb, panel);
out:
@@ -3150,6 +3166,11 @@ start_shared_connection (CcNetworkPanel
"id", "Hotspot",
"autoconnect", FALSE,
NULL);
+ if (panel->priv->default_private)
+ nm_setting_connection_add_permission (sc,
+ "user",
+ g_get_user_name(),
+ NULL);
nm_connection_add_setting (c, (NMSetting *)sc);
sw = (NMSettingWireless *)nm_setting_wireless_new ();
@@ -3373,6 +3394,24 @@ network_add_shell_header_widgets_cb (gpo
}
static void
+check_authorization_cb (PolkitAuthority *authority,
+ GAsyncResult *res,
+ gpointer user_data)
+{
+ PolkitAuthorizationResult *result;
+ CcNetworkPanel *panel = user_data;
+ GError *error = NULL;
+
+ result = polkit_authority_check_authorization_finish (authority, res, &error);
+ if (error != NULL) {
+ g_warning ("Failed to check authorization: %s", error->message);
+ g_error_free (error);
+ } else if (polkit_authorization_result_get_is_authorized (result)) {
+ panel->priv->default_private = FALSE;
+ }
+}
+
+static void
cc_network_panel_init (CcNetworkPanel *panel)
{
DBusGConnection *bus = NULL;
@@ -3387,6 +3426,9 @@ cc_network_panel_init (CcNetworkPanel *p
GtkTreeSortable *sortable;
GtkWidget *widget;
GtkWidget *toplevel;
+ PolkitSubject *subject;
+ PolkitAuthority *authority;
+ PolkitAuthorizationResult *result;
panel->priv = NETWORK_PANEL_PRIVATE (panel);
@@ -3666,6 +3708,28 @@ cc_network_panel_init (CcNetworkPanel *p
/* add kill switch widgets when dialog activated */
panel->priv->add_header_widgets_idle = g_idle_add (network_add_shell_header_widgets_cb, panel);
+
+ /* check the polkit authentication */
+ panel->priv->default_private = TRUE;
+ authority = polkit_authority_get_sync (NULL, NULL);
+ subject = polkit_unix_process_new (getpid ());
+ result = polkit_authority_check_authorization_sync (authority,
+ subject,
+ "org.freedesktop.NetworkManager.settings.modify.system",
+ NULL,
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
+ NULL,
+ &error);
+ if (error || !result) {
+ g_warning ("Failed to check polkit authorization! %s",
+ error->message);
+ g_clear_error (&error);
+ } else if (polkit_authorization_result_get_is_authorized (result)) {
+ panel->priv->default_private = FALSE;
+ }
+ g_object_unref (result);
+ g_object_unref (authority);
+ g_object_unref (subject);
}
void
@@ -3676,3 +3740,9 @@ cc_network_panel_register (GIOModule *mo
CC_TYPE_NETWORK_PANEL,
"network", 0);
}
+
+gboolean
+cc_network_panel_get_default_private (CcNetworkPanel *panel)
+{
+ return panel->priv->default_private;
+}
Index: gnome-control-center-3.4.2/panels/network/cc-network-panel.h
===================================================================
--- gnome-control-center-3.4.2.orig/panels/network/cc-network-panel.h
+++ gnome-control-center-3.4.2/panels/network/cc-network-panel.h
@@ -67,6 +67,8 @@ GType cc_network_panel_get_type (void) G
void cc_network_panel_register (GIOModule *module);
+gboolean cc_network_panel_get_default_private (CcNetworkPanel *panel);
+
G_END_DECLS
#endif /* _CC_NETWORK_PANEL_H */
Index: gnome-control-center-3.4.2/panels/network/network-dialogs.c
===================================================================
--- gnome-control-center-3.4.2.orig/panels/network/network-dialogs.c
+++ gnome-control-center-3.4.2/panels/network/network-dialogs.c
@@ -41,6 +41,7 @@ typedef struct {
NMClient *client;
NMRemoteSettings *settings;
NMDevice *device;
+ gboolean default_private;
} MobileDialogClosure;
static void
@@ -288,6 +289,8 @@ cc_network_panel_connect_to_8021x_networ
uuid = nm_utils_uuid_generate ();
g_object_set (s_con, NM_SETTING_CONNECTION_UUID, uuid, NULL);
g_free (uuid);
+ if (cc_network_panel_get_default_private (panel))
+ nm_setting_connection_add_permission (s_con, "user", g_get_user_name(), NULL);
nm_connection_add_setting (connection, NM_SETTING (s_con));
s_wifi = (NMSettingWireless *) nm_setting_wireless_new ();
@@ -345,6 +348,7 @@ cdma_mobile_wizard_done (NMAMobileWizard
if (!canceled && method) {
NMSetting *setting;
char *uuid, *id;
+ MobileDialogClosure *closure = user_data;
if (method->devtype != NM_DEVICE_MODEM_CAPABILITY_CDMA_EVDO) {
g_warning ("Unexpected device type (not CDMA).");
@@ -388,6 +392,11 @@ cdma_mobile_wizard_done (NMAMobileWizard
NULL);
g_free (uuid);
g_free (id);
+ if (closure->default_private)
+ nm_setting_connection_add_permission ((NMSettingConnection *)setting,
+ "user",
+ g_get_user_name(),
+ NULL);
nm_connection_add_setting (connection, setting);
}
@@ -407,6 +416,7 @@ gsm_mobile_wizard_done (NMAMobileWizard
if (!canceled && method) {
NMSetting *setting;
char *uuid, *id;
+ MobileDialogClosure *closure = user_data;
if (method->devtype != NM_DEVICE_MODEM_CAPABILITY_GSM_UMTS) {
g_warning ("Unexpected device type (not GSM).");
@@ -451,6 +461,11 @@ gsm_mobile_wizard_done (NMAMobileWizard
NULL);
g_free (uuid);
g_free (id);
+ if (closure->default_private)
+ nm_setting_connection_add_permission ((NMSettingConnection *)setting,
+ "user",
+ g_get_user_name(),
+ NULL);
nm_connection_add_setting (connection, setting);
}
@@ -480,6 +495,7 @@ cc_network_panel_connect_to_3g_network (
closure->client = g_object_ref (client);
closure->settings = g_object_ref (settings);
closure->device = g_object_ref (device);
+ closure->default_private = cc_network_panel_get_default_private (panel);
caps = nm_device_modem_get_current_capabilities (NM_DEVICE_MODEM (device));
if (caps & NM_DEVICE_MODEM_CAPABILITY_GSM_UMTS) {