From 53b3dc5944c595e143fb0fb848c566d6aecb4bb9 Mon Sep 17 00:00:00 2001 From: Giovanni Campagna Date: Thu, 31 Mar 2011 15:56:13 +0200 Subject: [PATCH] NetworkMenu: create private connections if the user is not authorized Check polkit setting at startup and add, if needed, the "permissions" setting to the connections we create, so that polkit authentication is never needed. The connection is thus only available to other users if the system administrator decides so. https://bugzilla.gnome.org/show_bug.cgi?id=646187 --- js/ui/status/network.js | 59 +++++++++++++++++++++++++++++++++-------------- 1 file changed, 42 insertions(+), 17 deletions(-) Index: gnome-shell-3.7.3.1/js/ui/status/network.js =================================================================== --- gnome-shell-3.7.3.1.orig/js/ui/status/network.js +++ gnome-shell-3.7.3.1/js/ui/status/network.js @@ -5,8 +5,10 @@ const Gio = imports.gi.Gio; const Lang = imports.lang; const NetworkManager = imports.gi.NetworkManager; const NMClient = imports.gi.NMClient; +const Polkit = imports.gi.Polkit; const Signals = imports.signals; const St = imports.gi.St; +const System = imports.system; const Main = imports.ui.main; const PanelMenu = imports.ui.panelMenu; @@ -338,13 +340,14 @@ const NMDevice = new Lang.Class({ Abstract: true, Extends: NMConnectionBased, - _init: function(client, device, connections) { + _init: function(client, device, connections, privateConnections) { this.device = device; this.device._delegate = this; this._stateChangedId = this.device.connect('state-changed', Lang.bind(this, this._deviceStateChanged)); // protected this._client = client; + this._privateConnections = privateConnections; this.parent(connections); this._activeConnection = null; this._activeConnectionItem = null; @@ -691,23 +694,26 @@ const NMDeviceWired = new Lang.Class({ Name: 'NMDeviceWired', Extends: NMDeviceSimple, - _init: function(client, device, connections) { + _init: function(client, device, connections, privateConnections) { this._autoConnectionName = _("Auto Ethernet"); this.category = NMConnectionCategory.WIRED; - this.parent(client, device, connections); + this.parent(client, device, connections, privateConnections); }, _createAutomaticConnection: function() { let connection = new NetworkManager.Connection(); let uuid = NetworkManager.utils_uuid_generate(); connection.add_setting(new NetworkManager.SettingWired()); - connection.add_setting(new NetworkManager.SettingConnection({ + let connectionSetting = new NetworkManager.SettingConnection({ uuid: uuid, id: this._autoConnectionName, type: NetworkManager.SETTING_WIRED_SETTING_NAME, autoconnect: true - })); + }); + if (this._privateConnections) + connectionSetting.add_permission('user', GLib.get_user_name(), null); + connection.add_setting(connectionSetting); return connection; } }); @@ -716,7 +722,7 @@ const NMDeviceModem = new Lang.Class({ Name: 'NMDeviceModem', Extends: NMDevice, - _init: function(client, device, connections) { + _init: function(client, device, connections, privateConnections) { let is_wwan = false; this._enabled = true; @@ -763,7 +769,7 @@ const NMDeviceModem = new Lang.Class({ })); } - this.parent(client, device, connections); + this.parent(client, device, connections, privateConnections); }, setEnabled: function(enabled) { @@ -836,25 +842,28 @@ const NMDeviceBluetooth = new Lang.Class Name: 'NMDeviceBluetooth', Extends: NMDevice, - _init: function(client, device, connections) { + _init: function(client, device, connections, privateConnections) { this._autoConnectionName = this._makeConnectionName(device); device.connect('notify::name', Lang.bind(this, this._updateAutoConnectionName)); this.category = NMConnectionCategory.WWAN; - this.parent(client, device, connections); + this.parent(client, device, connections, privateConnections); }, _createAutomaticConnection: function() { let connection = new NetworkManager.Connection; let uuid = NetworkManager.utils_uuid_generate(); connection.add_setting(new NetworkManager.SettingBluetooth); - connection.add_setting(new NetworkManager.SettingConnection({ + let connectionSetting = new NetworkManager.SettingConnection({ uuid: uuid, id: this._autoConnectionName, type: NetworkManager.SETTING_BLUETOOTH_SETTING_NAME, autoconnect: false - })); + }); + if (this._privateConnections) + connectionSetting.add_permission('user', GLib.get_user_name(), null); + connection.add_setting(connectionSetting); return connection; }, @@ -893,7 +902,7 @@ const NMDeviceWireless = new Lang.Class( Name: 'NMDeviceWireless', Extends: NMDevice, - _init: function(client, device, connections) { + _init: function(client, device, connections, privateConnections) { this.category = NMConnectionCategory.WIRELESS; this._overflowItem = null; @@ -968,7 +977,7 @@ const NMDeviceWireless = new Lang.Class( this._apAddedId = device.connect('access-point-added', Lang.bind(this, this._accessPointAdded)); this._apRemovedId = device.connect('access-point-removed', Lang.bind(this, this._accessPointRemoved)); - this.parent(client, device, validConnections); + this.parent(client, device, validConnections, privateConnections); }, destroy: function() { @@ -1411,12 +1420,15 @@ const NMDeviceWireless = new Lang.Class( let connection = new NetworkManager.Connection(); connection.add_setting(new NetworkManager.SettingWireless()); - connection.add_setting(new NetworkManager.SettingConnection({ + let connectionSetting = new NetworkManager.SettingConnection({ id: name, autoconnect: true, // NetworkManager will know to ignore this if appropriate uuid: NetworkManager.utils_uuid_generate(), type: NetworkManager.SETTING_WIRELESS_SETTING_NAME - })); + }); + if (this._privateConnections) + connectionSetting.add_permission('user', GLib.get_user_name(), null); + connection.add_setting(connectionSetting); return connection; }, @@ -1647,6 +1659,18 @@ const NMApplet = new Lang.Class({ this._client = NMClient.Client.new(); + // Check if newly created connections should be private or not + this._privateConnections = true; + let authority = Polkit.Authority.get_sync(null); + let subject = new Polkit.UnixProcess({ pid: System.getpid(), uid: System.getuid() }); + let authResult = authority.check_authorization_sync(subject, + 'org.freedesktop.NetworkManager.settings.modify.system', + null /* details */, + Polkit.CheckAuthorizationFlags.NONE, + null /* cancellable */); + if (authResult) + this._privateConnections = !authResult.get_is_authorized(); + this._statusSection = new PopupMenu.PopupMenuSection(); this._statusItem = new PopupMenu.PopupMenuItem('', { reactive: false }); this._statusSection.addMenuItem(this._statusItem); @@ -1830,7 +1854,7 @@ const NMApplet = new Lang.Class({ }, _makeWrapperDevice: function(wrapperClass, device) { - let wrapper = new wrapperClass(this._client, device, this._connections); + let wrapper = new wrapperClass(this._client, device, this._connections, this._privateConnections); wrapper._activationFailedId = wrapper.connect('activation-failed', Lang.bind(this, this._onActivationFailed));