From b72c423a344f2e455c17978bab76eb29912d0b5b Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 14 Feb 2012 18:41:51 +0800 Subject: [PATCH] network: create private connections if the user if not authorized This commit checks whether the polkit policy allows the user to create a system connection without authentication. If not, create private connections. https://bugzilla.gnome.org/show_bug.cgi?id=646187 --- configure.ac | 3 ++- panels/network/cc-network-panel.c | 40 ++++++++++++++++++++++++++++++++++++-- panels/network/cc-network-panel.h | 2 ++ panels/network/net-device-mobile.c | 5 ++++- panels/network/net-device-wifi.c | 25 +++++++++++++++++++++++- panels/network/network-dialogs.c | 22 +++++++++++++++++++-- panels/network/network-dialogs.h | 6 ++++-- 7 files changed, 94 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac index b0b492d..4453123 100644 --- a/configure.ac +++ b/configure.ac @@ -134,7 +134,8 @@ PKG_CHECK_MODULES(KEYBOARD_PANEL, $COMMON_MODULES PKG_CHECK_MODULES(MEDIA_PANEL, $COMMON_MODULES) PKG_CHECK_MODULES(MOUSE_PANEL, $COMMON_MODULES xi >= 1.2 gnome-settings-daemon >= $GSD_REQUIRED_VERSION x11) -PKG_CHECK_MODULES(NETWORK_PANEL, $COMMON_MODULES gmodule-2.0) +PKG_CHECK_MODULES(NETWORK_PANEL, $COMMON_MODULES gmodule-2.0 + polkit-gobject-1 >= $POLKIT_REQUIRED_VERSION) PKG_CHECK_MODULES(NOTIFICATIONS_PANEL, $COMMON_MODULES libgnome-menu-3.0) PKG_CHECK_MODULES(ONLINE_ACCOUNTS_PANEL, $COMMON_MODULES goa-1.0 goa-backend-1.0 >= $GOA_REQUIRED_VERSION) PKG_CHECK_MODULES(POWER_PANEL, $COMMON_MODULES upower-glib >= 0.9.1 diff --git a/panels/network/cc-network-panel.c b/panels/network/cc-network-panel.c index 4fa3706..7bae539 100644 --- a/panels/network/cc-network-panel.c +++ b/panels/network/cc-network-panel.c @@ -24,6 +24,8 @@ #include #include +#include + #include "cc-network-panel.h" #include "cc-network-resources.h" @@ -87,6 +89,9 @@ struct _CcNetworkPanelPrivate gchar *arg_device; gchar *arg_access_point; gboolean operation_done; + + /* polkit authentication check */ + gboolean default_private; }; enum { @@ -574,13 +579,13 @@ handle_argv_for_device (CcNetworkPanel *panel, return TRUE; } else if (g_strcmp0 (nm_object_get_path (NM_OBJECT (device)), priv->arg_device) == 0) { if (priv->arg_operation == OPERATION_CONNECT_MOBILE) { - cc_network_panel_connect_to_3g_network (toplevel, priv->client, priv->remote_settings, device); + cc_network_panel_connect_to_3g_network (toplevel, priv->client, priv->remote_settings, device, priv->default_private); reset_command_line_args (panel); /* done */ select_tree_iter (panel, iter); return TRUE; } else if (priv->arg_operation == OPERATION_CONNECT_8021X) { - cc_network_panel_connect_to_8021x_network (toplevel, priv->client, priv->remote_settings, device, priv->arg_access_point); + cc_network_panel_connect_to_8021x_network (toplevel, priv->client, priv->remote_settings, device, priv->arg_access_point, priv->default_private); reset_command_line_args (panel); /* done */ select_tree_iter (panel, iter); return TRUE; @@ -1355,6 +1360,9 @@ cc_network_panel_init (CcNetworkPanel *panel) GtkWidget *widget; GtkWidget *toplevel; GDBusConnection *system_bus; + PolkitSubject *subject; + PolkitAuthority *authority; + PolkitAuthorizationResult *result; panel->priv = NETWORK_PANEL_PRIVATE (panel); g_resources_register (cc_network_get_resource ()); @@ -1458,4 +1466,32 @@ cc_network_panel_init (CcNetworkPanel *panel) widget = GTK_WIDGET (gtk_builder_get_object (panel->priv->builder, "vbox1")); gtk_container_add (GTK_CONTAINER (panel), widget); + + /* check the polkit authentication */ + panel->priv->default_private = TRUE; + authority = polkit_authority_get_sync (NULL, NULL); + subject = polkit_unix_process_new_for_owner (getpid (), 0, -1); + result = polkit_authority_check_authorization_sync (authority, + subject, + "org.freedesktop.NetworkManager.settings.modify.system", + NULL, + POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, + NULL, + &error); + if (error || !result) { + g_warning ("Failed to check polkit authorization! %s", + error->message); + g_clear_error (&error); + } else if (polkit_authorization_result_get_is_authorized (result)) { + panel->priv->default_private = FALSE; + } + g_object_unref (result); + g_object_unref (authority); + g_object_unref (subject); +} + +gboolean +cc_network_panel_get_default_private (CcNetworkPanel *panel) +{ + return panel->priv->default_private; } diff --git a/panels/network/cc-network-panel.h b/panels/network/cc-network-panel.h index f869c3f..d3773b2 100644 --- a/panels/network/cc-network-panel.h +++ b/panels/network/cc-network-panel.h @@ -67,6 +67,8 @@ GType cc_network_panel_get_type (void) G_GNUC_CONST; GPtrArray *cc_network_panel_get_devices (CcNetworkPanel *panel); +gboolean cc_network_panel_get_default_private (CcNetworkPanel *panel); + G_END_DECLS #endif /* _CC_NETWORK_PANEL_H */ diff --git a/panels/network/net-device-mobile.c b/panels/network/net-device-mobile.c index dad3a4a..c671637 100644 --- a/panels/network/net-device-mobile.c +++ b/panels/network/net-device-mobile.c @@ -141,12 +141,15 @@ mobile_connection_changed_cb (GtkComboBox *combo_box, NetDeviceMobile *device_mo COLUMN_ID, &object_path, -1); if (g_strcmp0 (object_path, NULL) == 0) { + gboolean default_private; panel = net_object_get_panel (NET_OBJECT (device_mobile)); toplevel = cc_shell_get_toplevel (cc_panel_get_shell (CC_PANEL (panel))); + default_private = cc_network_panel_get_default_private (panel); cc_network_panel_connect_to_3g_network (toplevel, client, remote_settings, - device); + device, + default_private); goto out; } diff --git a/panels/network/net-device-wifi.c b/panels/network/net-device-wifi.c index 49a79a8..da488c5 100644 --- a/panels/network/net-device-wifi.c +++ b/panels/network/net-device-wifi.c @@ -696,6 +696,9 @@ wireless_try_to_connect (NetDeviceWifi *device_wifi, NMDevice *device; NMSettingWireless *setting_wireless; NMClient *client; + CcNetworkPanel *panel; + NMConnection *partial = NULL; + NMSettingConnection *setting_con; if (device_wifi->priv->updating_device) goto out; @@ -747,10 +750,21 @@ wireless_try_to_connect (NetDeviceWifi *device_wifi, /* create one, as it's missing */ g_debug ("no existing connection found for %s, creating", ssid_target); + panel = net_object_get_panel (NET_OBJECT (device_wifi)); + if (cc_network_panel_get_default_private (panel)) { + partial = nm_connection_new (); + setting_con = (NMSettingConnection *)nm_setting_connection_new (); + nm_connection_add_setting (partial, NM_SETTING (setting_con)); + nm_setting_connection_add_permission (setting_con, + "user", + g_get_user_name(), + NULL); + } + if (!is_8021x (device, ap_object_path)) { g_debug ("no existing connection found for %s, creating and activating one", ssid_target); nm_client_add_and_activate_connection (client, - NULL, + partial, device, ap_object_path, connection_add_activate_cb, device_wifi); } else { @@ -965,6 +979,7 @@ start_shared_connection (NetDeviceWifi *device_wifi) GSList *l; NMClient *client; const char *mode; + CcNetworkPanel *panel; device = net_device_get_nm_device (NET_DEVICE (device_wifi)); g_assert (nm_device_get_device_type (device) == NM_DEVICE_TYPE_WIFI); @@ -1001,6 +1016,14 @@ start_shared_connection (NetDeviceWifi *device_wifi) "id", "Hotspot", "autoconnect", FALSE, NULL); + + panel = net_object_get_panel (NET_OBJECT (device_wifi)); + if (cc_network_panel_get_default_private (panel)) + nm_setting_connection_add_permission (sc, + "user", + g_get_user_name(), + NULL); + nm_connection_add_setting (c, (NMSetting *)sc); sw = (NMSettingWireless *)nm_setting_wireless_new (); diff --git a/panels/network/network-dialogs.c b/panels/network/network-dialogs.c index b2f8376..24053cb 100644 --- a/panels/network/network-dialogs.c +++ b/panels/network/network-dialogs.c @@ -41,6 +41,7 @@ typedef struct { NMClient *client; NMRemoteSettings *settings; NMDevice *device; + gboolean default_private; } MobileDialogClosure; static void @@ -262,7 +263,8 @@ cc_network_panel_connect_to_8021x_network (GtkWidget *toplevel, NMClient *client, NMRemoteSettings *settings, NMDevice *device, - const gchar *arg_access_point) + const gchar *arg_access_point, + gboolean default_private) { NMConnection *connection; NMSettingConnection *s_con; @@ -300,6 +302,8 @@ cc_network_panel_connect_to_8021x_network (GtkWidget *toplevel, uuid = nm_utils_uuid_generate (); g_object_set (s_con, NM_SETTING_CONNECTION_UUID, uuid, NULL); g_free (uuid); + if (default_private) + nm_setting_connection_add_permission (s_con, "user", g_get_user_name(), NULL); nm_connection_add_setting (connection, NM_SETTING (s_con)); s_wifi = (NMSettingWireless *) nm_setting_wireless_new (); @@ -357,6 +361,7 @@ cdma_mobile_wizard_done (NMAMobileWizard *wizard, if (!canceled && method) { NMSetting *setting; char *uuid, *id; + MobileDialogClosure *closure = user_data; if (method->devtype != NM_DEVICE_MODEM_CAPABILITY_CDMA_EVDO) { g_warning ("Unexpected device type (not CDMA)."); @@ -400,6 +405,11 @@ cdma_mobile_wizard_done (NMAMobileWizard *wizard, NULL); g_free (uuid); g_free (id); + if (closure->default_private) + nm_setting_connection_add_permission ((NMSettingConnection *)setting, + "user", + g_get_user_name(), + NULL); nm_connection_add_setting (connection, setting); } @@ -419,6 +429,7 @@ gsm_mobile_wizard_done (NMAMobileWizard *wizard, if (!canceled && method) { NMSetting *setting; char *uuid, *id; + MobileDialogClosure *closure = user_data; if (method->devtype != NM_DEVICE_MODEM_CAPABILITY_GSM_UMTS) { g_warning ("Unexpected device type (not GSM)."); @@ -463,6 +474,11 @@ gsm_mobile_wizard_done (NMAMobileWizard *wizard, NULL); g_free (uuid); g_free (id); + if (closure->default_private) + nm_setting_connection_add_permission ((NMSettingConnection *)setting, + "user", + g_get_user_name(), + NULL); nm_connection_add_setting (connection, setting); } @@ -494,7 +510,8 @@ void cc_network_panel_connect_to_3g_network (GtkWidget *toplevel, NMClient *client, NMRemoteSettings *settings, - NMDevice *device) + NMDevice *device, + gboolean default_private) { MobileDialogClosure *closure; NMAMobileWizard *wizard; @@ -512,6 +529,7 @@ cc_network_panel_connect_to_3g_network (GtkWidget *toplevel, closure->client = g_object_ref (client); closure->settings = g_object_ref (settings); closure->device = g_object_ref (device); + closure->default_private = default_private; caps = nm_device_modem_get_current_capabilities (NM_DEVICE_MODEM (device)); if (caps & NM_DEVICE_MODEM_CAPABILITY_GSM_UMTS) { diff --git a/panels/network/network-dialogs.h b/panels/network/network-dialogs.h index ddbf392..953fc2b 100644 --- a/panels/network/network-dialogs.h +++ b/panels/network/network-dialogs.h @@ -38,11 +38,13 @@ void cc_network_panel_connect_to_8021x_network (GtkWidget *toplevel, NMClient *client, NMRemoteSettings *settings, NMDevice *device, - const gchar *arg_access_point); + const gchar *arg_access_point, + gboolean default_private); void cc_network_panel_connect_to_3g_network (GtkWidget *toplevel, NMClient *client, NMRemoteSettings *settings, - NMDevice *device); + NMDevice *device, + gboolean default_private); #endif /* _NETWORK_DIALOGS_H */ -- 1.8.1.4