From 92c236ea488f8d774a876f1e6ece410b5c920173 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 14 Feb 2012 18:41:51 +0800 Subject: [PATCH] network: create private connections if the user if not authorized This commit checks whether the polkit policy allows the user to create a system connection without authentication. If not, create private connections. https://bugzilla.gnome.org/show_bug.cgi?id=646187 --- configure.ac | 3 +- panels/network/cc-network-panel.c | 72 ++++++++++++++++++++++++++++++++++++- panels/network/cc-network-panel.h | 2 + panels/network/network-dialogs.c | 16 ++++++++ 4 files changed, 91 insertions(+), 2 deletions(-) Index: gnome-control-center-3.6.1/configure.ac =================================================================== --- gnome-control-center-3.6.1.orig/configure.ac +++ gnome-control-center-3.6.1/configure.ac @@ -136,7 +136,8 @@ PKG_CHECK_MODULES(KEYBOARD_PANEL, $COMMO PKG_CHECK_MODULES(MEDIA_PANEL, $COMMON_MODULES) PKG_CHECK_MODULES(MOUSE_PANEL, $COMMON_MODULES xi >= 1.2 gnome-settings-daemon >= $GSD_REQUIRED_VERSION x11) -PKG_CHECK_MODULES(NETWORK_PANEL, $COMMON_MODULES) +PKG_CHECK_MODULES(NETWORK_PANEL, $COMMON_MODULES + polkit-gobject-1 >= $POLKIT_REQUIRED_VERSION) PKG_CHECK_MODULES(ONLINE_ACCOUNTS_PANEL, $COMMON_MODULES goa-1.0 goa-backend-1.0 >= $GOA_REQUIRED_VERSION) PKG_CHECK_MODULES(POWER_PANEL, $COMMON_MODULES upower-glib >= 0.9.1 gnome-settings-daemon >= $GSD_REQUIRED_VERSION) Index: gnome-control-center-3.6.1/panels/network/cc-network-panel.c =================================================================== --- gnome-control-center-3.6.1.orig/panels/network/cc-network-panel.c +++ gnome-control-center-3.6.1/panels/network/cc-network-panel.c @@ -23,6 +23,8 @@ #include #include +#include + #include "cc-network-panel.h" #include "nm-remote-settings.h" @@ -74,6 +76,9 @@ struct _CcNetworkPanelPrivate gchar *arg_device; gchar *arg_access_point; gboolean operation_done; + + /* polkit authentication check */ + gboolean default_private; }; enum { @@ -1099,6 +1104,9 @@ cc_network_panel_init (CcNetworkPanel *p GtkTreeSelection *selection; GtkWidget *widget; GtkWidget *toplevel; + PolkitSubject *subject; + PolkitAuthority *authority; + PolkitAuthorizationResult *result; panel->priv = NETWORK_PANEL_PRIVATE (panel); @@ -1185,6 +1193,28 @@ cc_network_panel_init (CcNetworkPanel *p /* add kill switch widgets when dialog activated */ panel->priv->add_header_widgets_idle = g_idle_add (network_add_shell_header_widgets_cb, panel); + + /* check the polkit authentication */ + panel->priv->default_private = TRUE; + authority = polkit_authority_get_sync (NULL, NULL); + subject = polkit_unix_process_new (getpid ()); + result = polkit_authority_check_authorization_sync (authority, + subject, + "org.freedesktop.NetworkManager.settings.modify.system", + NULL, + POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, + NULL, + &error); + if (error || !result) { + g_warning ("Failed to check polkit authorization! %s", + error->message); + g_clear_error (&error); + } else if (polkit_authorization_result_get_is_authorized (result)) { + panel->priv->default_private = FALSE; + } + g_object_unref (result); + g_object_unref (authority); + g_object_unref (subject); } void @@ -1195,3 +1225,9 @@ cc_network_panel_register (GIOModule *mo CC_TYPE_NETWORK_PANEL, "network", 0); } + +gboolean +cc_network_panel_get_default_private (CcNetworkPanel *panel) +{ + return panel->priv->default_private; +} Index: gnome-control-center-3.6.1/panels/network/cc-network-panel.h =================================================================== --- gnome-control-center-3.6.1.orig/panels/network/cc-network-panel.h +++ gnome-control-center-3.6.1/panels/network/cc-network-panel.h @@ -67,6 +67,8 @@ GType cc_network_panel_get_type (void) G void cc_network_panel_register (GIOModule *module); +gboolean cc_network_panel_get_default_private (CcNetworkPanel *panel); + G_END_DECLS #endif /* _CC_NETWORK_PANEL_H */ Index: gnome-control-center-3.6.1/panels/network/network-dialogs.c =================================================================== --- gnome-control-center-3.6.1.orig/panels/network/network-dialogs.c +++ gnome-control-center-3.6.1/panels/network/network-dialogs.c @@ -42,6 +42,7 @@ typedef struct { NMClient *client; NMRemoteSettings *settings; NMDevice *device; + gboolean default_private; } MobileDialogClosure; static void @@ -302,6 +303,8 @@ cc_network_panel_connect_to_8021x_networ uuid = nm_utils_uuid_generate (); g_object_set (s_con, NM_SETTING_CONNECTION_UUID, uuid, NULL); g_free (uuid); + if (cc_network_panel_get_default_private (panel)) + nm_setting_connection_add_permission (s_con, "user", g_get_user_name(), NULL); nm_connection_add_setting (connection, NM_SETTING (s_con)); s_wifi = (NMSettingWireless *) nm_setting_wireless_new (); @@ -359,6 +362,7 @@ cdma_mobile_wizard_done (NMAMobileWizard if (!canceled && method) { NMSetting *setting; char *uuid, *id; + MobileDialogClosure *closure = user_data; if (method->devtype != NM_DEVICE_MODEM_CAPABILITY_CDMA_EVDO) { g_warning ("Unexpected device type (not CDMA)."); @@ -402,6 +406,11 @@ cdma_mobile_wizard_done (NMAMobileWizard NULL); g_free (uuid); g_free (id); + if (closure->default_private) + nm_setting_connection_add_permission ((NMSettingConnection *)setting, + "user", + g_get_user_name(), + NULL); nm_connection_add_setting (connection, setting); } @@ -421,6 +430,7 @@ gsm_mobile_wizard_done (NMAMobileWizard if (!canceled && method) { NMSetting *setting; char *uuid, *id; + MobileDialogClosure *closure = user_data; if (method->devtype != NM_DEVICE_MODEM_CAPABILITY_GSM_UMTS) { g_warning ("Unexpected device type (not GSM)."); @@ -465,6 +475,11 @@ gsm_mobile_wizard_done (NMAMobileWizard NULL); g_free (uuid); g_free (id); + if (closure->default_private) + nm_setting_connection_add_permission ((NMSettingConnection *)setting, + "user", + g_get_user_name(), + NULL); nm_connection_add_setting (connection, setting); } @@ -515,6 +530,7 @@ cc_network_panel_connect_to_3g_network ( closure->client = g_object_ref (client); closure->settings = g_object_ref (settings); closure->device = g_object_ref (device); + closure->default_private = cc_network_panel_get_default_private (panel); caps = nm_device_modem_get_current_capabilities (NM_DEVICE_MODEM (device)); if (caps & NM_DEVICE_MODEM_CAPABILITY_GSM_UMTS) { Index: gnome-control-center-3.6.1/panels/network/net-device-wifi.c =================================================================== --- gnome-control-center-3.6.1.orig/panels/network/net-device-wifi.c +++ gnome-control-center-3.6.1/panels/network/net-device-wifi.c @@ -1082,6 +1082,9 @@ wireless_try_to_connect (NetDeviceWifi * NMSettingWireless *setting_wireless; NMRemoteSettings *remote_settings; NMClient *client; + CcNetworkPanel *panel; + NMConnection *partial = NULL; + NMSettingConnection *setting_con; if (device_wifi->priv->updating_device) goto out; @@ -1137,10 +1140,21 @@ wireless_try_to_connect (NetDeviceWifi * /* create one, as it's missing */ g_debug ("no existing connection found for %s, creating", ssid_target); + panel = net_object_get_panel (NET_OBJECT (device_wifi)); + if (cc_network_panel_get_default_private (panel)) { + partial = nm_connection_new (); + setting_con = (NMSettingConnection *)nm_setting_connection_new (); + nm_connection_add_setting (partial, NM_SETTING (setting_con)); + nm_setting_connection_add_permission (setting_con, + "user", + g_get_user_name(), + NULL); + } + if (!is_8021x (device, ap_object_path)) { g_debug ("no existing connection found for %s, creating and activating one", ssid_target); nm_client_add_and_activate_connection (client, - NULL, + partial, device, ap_object_path, connection_add_activate_cb, device_wifi); } else { @@ -1413,6 +1427,7 @@ start_shared_connection (NetDeviceWifi * GSList *l; NMClient *client; NMRemoteSettings *remote_settings; + CcNetworkPanel *panel; device = net_device_get_nm_device (NET_DEVICE (device_wifi)); g_assert (nm_device_get_device_type (device) == NM_DEVICE_TYPE_WIFI); @@ -1452,6 +1467,14 @@ start_shared_connection (NetDeviceWifi * "id", "Hotspot", "autoconnect", FALSE, NULL); + + panel = net_object_get_panel (NET_OBJECT (device_wifi)); + if (cc_network_panel_get_default_private (panel)) + nm_setting_connection_add_permission (sc, + "user", + g_get_user_name(), + NULL); + nm_connection_add_setting (c, (NMSetting *)sc); sw = (NMSettingWireless *)nm_setting_wireless_new ();