diff -up NetworkManager-0.7.0/include/NetworkManager.h.system-permissions NetworkManager-0.7.0/include/NetworkManager.h --- NetworkManager-0.7.0/include/NetworkManager.h.system-permissions 2008-11-28 10:31:55.000000000 -0500 +++ NetworkManager-0.7.0/include/NetworkManager.h 2009-05-19 10:58:51.000000000 -0400 @@ -355,5 +355,14 @@ typedef enum { NM_ACTIVE_CONNECTION_STATE_ACTIVATED } NMActiveConnectionState; + +typedef enum { + NM_SYSTEM_PERMISSION_NONE = 0x00000000, + NM_SYSTEM_PERMISSION_WIFI_OPEN_SHARING_DENIED = 0x00000001, + NM_SYSTEM_PERMISSION_WIFI_SHARING_DENIED = 0x00000002, + + NM_SYSTEM_PERMISSION_LAST = NM_SYSTEM_PERMISSION_WIFI_SHARING_DENIED +} NMSystemPermissions; + #endif /* NETWORK_MANAGER_H */ diff -up NetworkManager-0.7.0/introspection/nm-settings-system.xml.system-permissions NetworkManager-0.7.0/introspection/nm-settings-system.xml --- NetworkManager-0.7.0/introspection/nm-settings-system.xml.system-permissions 2008-11-28 10:31:57.000000000 -0500 +++ NetworkManager-0.7.0/introspection/nm-settings-system.xml 2009-05-19 10:58:51.000000000 -0400 @@ -44,6 +44,12 @@ </tp:docstring> </property> + <property name="Permissions" type="u" access="read" tp:type="NM_SYSTEM_PERMISSIONS"> + <tp:docstring> + Flags describing permissions granted to unprivileged users, or restrictions on unprivileged users' requests. + </tp:docstring> + </property> + <property name="UnmanagedDevices" type="ao" access="read"> <tp:docstring> The list of HAL UDIs of devices that should not be managed by NetworkManager. @@ -58,6 +64,18 @@ </arg> </signal> + <tp:flags name="NM_SYSTEM_PERMISSIONS" value-prefix="NM_SYSTEM_PERMISSION" type="u"> + <tp:docstring> + Flags describing the permissions granted to unprivileged users, or restrictions on unprivileged users' requests. + </tp:docstring> + <tp:flag suffix="WIFI_OPEN_SHARING_DENIED" value="0x1"> + <tp:docstring>Activating shared insecure shared WiFi connections is not allowed.</tp:docstring> + </tp:flag> + <tp:flag suffix="WIFI_SHARING_DENIED" value="0x2"> + <tp:docstring>Activating shared WiFi connections is not allowed.</tp:docstring> + </tp:flag> + </tp:flags> + </interface> </node> diff -up NetworkManager-0.7.0/libnm-glib/libnm_glib.ver.system-permissions NetworkManager-0.7.0/libnm-glib/libnm_glib.ver --- NetworkManager-0.7.0/libnm-glib/libnm_glib.ver.system-permissions 2008-11-28 10:31:57.000000000 -0500 +++ NetworkManager-0.7.0/libnm-glib/libnm_glib.ver 2009-05-19 10:58:51.000000000 -0400 @@ -47,6 +47,7 @@ global: nm_dbus_settings_new; nm_dbus_settings_system_add_connection; nm_dbus_settings_system_get_can_modify; + nm_dbus_settings_system_get_permissions; nm_dbus_settings_system_get_type; nm_dbus_settings_system_get_unmanaged_devices; nm_dbus_settings_system_new; diff -up NetworkManager-0.7.0/libnm-glib/nm-dbus-settings-system.c.system-permissions NetworkManager-0.7.0/libnm-glib/nm-dbus-settings-system.c --- NetworkManager-0.7.0/libnm-glib/nm-dbus-settings-system.c.system-permissions 2008-11-28 10:31:57.000000000 -0500 +++ NetworkManager-0.7.0/libnm-glib/nm-dbus-settings-system.c 2009-05-19 10:58:51.000000000 -0400 @@ -43,6 +43,9 @@ typedef struct { gboolean got_can_modify; gboolean can_modify; + gboolean got_permissions; + NMSystemPermissions permissions; + gboolean disposed; } NMDBusSettingsSystemPrivate; @@ -51,6 +54,7 @@ enum { PROP_UNMANAGED_DEVICES, PROP_HOSTNAME, PROP_CAN_MODIFY, + PROP_PERMISSIONS, LAST_PROP }; @@ -236,6 +240,37 @@ nm_dbus_settings_system_get_can_modify ( return priv->can_modify; } +NMSystemPermissions +nm_dbus_settings_system_get_permissions (NMDBusSettingsSystem *self) +{ + NMDBusSettingsSystemPrivate *priv; + GValue value = { 0, }; + GError *err = NULL; + + g_return_val_if_fail (NM_IS_DBUS_SETTINGS_SYSTEM (self), NM_SYSTEM_PERMISSION_NONE); + + priv = NM_DBUS_SETTINGS_SYSTEM_GET_PRIVATE (self); + + if (priv->got_permissions) + return priv->permissions; + + if (!dbus_g_proxy_call (priv->props_proxy, "Get", &err, + G_TYPE_STRING, NM_DBUS_SERVICE_SYSTEM_SETTINGS, + G_TYPE_STRING, "Permissions", + G_TYPE_INVALID, + G_TYPE_VALUE, &value, + G_TYPE_INVALID)) { + g_warning ("Could not retrieve permissions: %s", err->message); + g_error_free (err); + return NM_SYSTEM_PERMISSION_NONE; + } + + priv->permissions = g_value_get_uint (&value); + g_value_unset (&value); + + return priv->permissions; +} + static void proxy_properties_changed (DBusGProxy *proxy, GHashTable *properties, @@ -262,6 +297,12 @@ proxy_properties_changed (DBusGProxy *pr priv->can_modify = g_value_get_boolean (value); g_object_notify (G_OBJECT (self), NM_DBUS_SETTINGS_SYSTEM_CAN_MODIFY); } + + value = (GValue *) g_hash_table_lookup (properties, "Permissions"); + if (value) { + priv->permissions = g_value_get_uint (value); + g_object_notify (G_OBJECT (self), NM_DBUS_SETTINGS_SYSTEM_PERMISSIONS); + } } static void @@ -290,22 +331,20 @@ constructor (GType type, NULL); priv->settings_proxy = dbus_g_proxy_new_for_name (dbus_connection, - NM_DBUS_SERVICE_SYSTEM_SETTINGS, - NM_DBUS_PATH_SETTINGS, - NM_DBUS_IFACE_SETTINGS_SYSTEM); + NM_DBUS_SERVICE_SYSTEM_SETTINGS, + NM_DBUS_PATH_SETTINGS, + NM_DBUS_IFACE_SETTINGS_SYSTEM); + dbus_g_proxy_add_signal (priv->settings_proxy, "PropertiesChanged", + DBUS_TYPE_G_MAP_OF_VARIANT, G_TYPE_INVALID); + dbus_g_proxy_connect_signal (priv->settings_proxy, "PropertiesChanged", + G_CALLBACK (proxy_properties_changed), + object, NULL); priv->props_proxy = dbus_g_proxy_new_for_name (dbus_connection, NM_DBUS_SERVICE_SYSTEM_SETTINGS, NM_DBUS_PATH_SETTINGS, "org.freedesktop.DBus.Properties"); - dbus_g_proxy_add_signal (priv->props_proxy, "PropertiesChanged", - DBUS_TYPE_G_MAP_OF_VARIANT, - G_TYPE_INVALID); - dbus_g_proxy_connect_signal (priv->props_proxy, "PropertiesChanged", - G_CALLBACK (proxy_properties_changed), - object, NULL); - return object; } @@ -348,6 +387,9 @@ get_property (GObject *object, guint pro case PROP_CAN_MODIFY: g_value_set_boolean (value, nm_dbus_settings_system_get_can_modify (self)); break; + case PROP_PERMISSIONS: + g_value_set_uint (value, nm_dbus_settings_system_get_permissions (self)); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -389,5 +431,15 @@ nm_dbus_settings_system_class_init (NMDB "Can modify", FALSE, G_PARAM_READABLE)); + + g_object_class_install_property + (object_class, PROP_PERMISSIONS, + g_param_spec_uint (NM_DBUS_SETTINGS_SYSTEM_PERMISSIONS, + "Permissions", + "Permissions", + NM_SYSTEM_PERMISSION_NONE, + NM_SYSTEM_PERMISSION_LAST, + NM_SYSTEM_PERMISSION_NONE, + G_PARAM_READABLE)); } diff -up NetworkManager-0.7.0/libnm-glib/nm-dbus-settings-system.h.system-permissions NetworkManager-0.7.0/libnm-glib/nm-dbus-settings-system.h --- NetworkManager-0.7.0/libnm-glib/nm-dbus-settings-system.h.system-permissions 2008-11-28 10:31:57.000000000 -0500 +++ NetworkManager-0.7.0/libnm-glib/nm-dbus-settings-system.h 2009-05-19 11:07:23.000000000 -0400 @@ -25,6 +25,7 @@ #define NM_DBUS_SETTINGS_SYSTEM_H #include <nm-dbus-settings.h> +#include <NetworkManager.h> G_BEGIN_DECLS @@ -38,6 +39,7 @@ G_BEGIN_DECLS #define NM_DBUS_SETTINGS_SYSTEM_UNMANAGED_DEVICES "unmanaged-devices" #define NM_DBUS_SETTINGS_SYSTEM_HOSTNAME "hostname" #define NM_DBUS_SETTINGS_SYSTEM_CAN_MODIFY "can-modify" +#define NM_DBUS_SETTINGS_SYSTEM_PERMISSIONS "permissions" typedef struct { NMDBusSettings parent; @@ -65,6 +67,8 @@ gboolean nm_dbus_settings_system_save_ho gboolean nm_dbus_settings_system_get_can_modify (NMDBusSettingsSystem *self); +NMSystemPermissions nm_dbus_settings_system_get_permissions (NMDBusSettingsSystem *self); + G_END_DECLS #endif /* NM_DBUS_SETTINGS_SYSTEM_H */ diff -up NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet.c.system-permissions NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet.c --- NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet.c.system-permissions 2009-05-19 10:58:51.000000000 -0400 +++ NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet.c 2009-05-19 10:58:51.000000000 -0400 @@ -2394,6 +2394,16 @@ notify_defer_cb (gpointer user_data) return FALSE; } +static void +system_settings_permissions_changed_cb (NMDBusSettingsSystem *settings, + GParamSpec *pspec, + gpointer user_data) +{ + NMApplet *applet = NM_APPLET (user_data); + + applet->permissions = nm_dbus_settings_system_get_permissions (settings); +} + static GObject * constructor (GType type, guint n_props, @@ -2437,6 +2447,12 @@ constructor (GType type, } applet->dbus_settings = (NMDBusSettings *) nm_dbus_settings_system_new (applet_dbus_manager_get_connection (dbus_mgr)); + if (applet->dbus_settings) { + applet->permissions = nm_dbus_settings_system_get_permissions (NM_DBUS_SETTINGS_SYSTEM (applet->dbus_settings)); + g_signal_connect (applet->dbus_settings, "notify::permissions", + G_CALLBACK (system_settings_permissions_changed_cb), + applet); + } applet->gconf_settings = nma_gconf_settings_new (); g_signal_connect (applet->gconf_settings, "new-secrets-requested", diff -up NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet-device-wifi.c.system-permissions NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet-device-wifi.c --- NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet-device-wifi.c.system-permissions 2009-05-19 10:58:51.000000000 -0400 +++ NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet-device-wifi.c 2009-05-19 10:58:51.000000000 -0400 @@ -128,6 +128,9 @@ nma_menu_add_create_network_item (GtkWid gtk_widget_show_all (menu_item); gtk_menu_shell_append (GTK_MENU_SHELL (menu), menu_item); g_signal_connect (menu_item, "activate", G_CALLBACK (new_network_activate_cb), applet); + + if (applet->permissions & NM_SYSTEM_PERMISSION_WIFI_SHARING_DENIED) + gtk_widget_set_sensitive (GTK_WIDGET (menu_item), FALSE); } diff -up NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet.h.system-permissions NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet.h --- NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet.h.system-permissions 2009-05-19 10:58:51.000000000 -0400 +++ NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet.h 2009-05-19 10:58:51.000000000 -0400 @@ -47,6 +47,7 @@ #include <NetworkManager.h> #include <nm-active-connection.h> #include <nm-dbus-settings.h> +#include <nm-dbus-settings-system.h> #include "applet-dbus-manager.h" #include "nma-gconf-settings.h" @@ -84,8 +85,9 @@ typedef struct NMClient *nm_client; NMDBusSettings *dbus_settings; - NMAGConfSettings *gconf_settings; + NMSystemPermissions permissions; + NMAGConfSettings *gconf_settings; GConfClient * gconf_client; char * glade_file; diff -up NetworkManager-0.7.0/network-manager-applet-0.7.0/src/wireless-dialog.c.system-permissions NetworkManager-0.7.0/network-manager-applet-0.7.0/src/wireless-dialog.c --- NetworkManager-0.7.0/network-manager-applet-0.7.0/src/wireless-dialog.c.system-permissions 2009-05-19 10:58:51.000000000 -0400 +++ NetworkManager-0.7.0/network-manager-applet-0.7.0/src/wireless-dialog.c 2009-05-19 11:05:47.000000000 -0400 @@ -425,6 +425,8 @@ connection_combo_init (NMAWirelessDialog const char *connection_type; const char *mode; const GByteArray *setting_mac; + NMSettingIP4Config *s_ip4; + const char *method = NULL; s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (candidate, NM_TYPE_SETTING_CONNECTION)); connection_type = s_con ? nm_setting_connection_get_connection_type (s_con) : NULL; @@ -438,15 +440,12 @@ connection_combo_init (NMAWirelessDialog if (!s_wireless) continue; + s_ip4 = (NMSettingIP4Config *) nm_connection_get_setting (candidate, NM_TYPE_SETTING_IP4_CONFIG); + if (s_ip4) + method = nm_setting_ip4_config_get_method (s_ip4); + /* If creating a new Ad-Hoc network, only show shared network connections */ if (priv->adhoc_create) { - NMSettingIP4Config *s_ip4; - const char *method = NULL; - - s_ip4 = (NMSettingIP4Config *) nm_connection_get_setting (candidate, NM_TYPE_SETTING_IP4_CONFIG); - if (s_ip4) - method = nm_setting_ip4_config_get_method (s_ip4); - if (!s_ip4 || strcmp (method, "shared")) continue; @@ -456,6 +455,16 @@ connection_combo_init (NMAWirelessDialog continue; } + /* Honor permissions for wifi sharing */ + if (method && !strcmp (method, NM_SETTING_IP4_CONFIG_METHOD_SHARED)) { + if (priv->applet->permissions & NM_SYSTEM_PERMISSION_WIFI_SHARING_DENIED) + continue; + + if ( (priv->applet->permissions & NM_SYSTEM_PERMISSION_WIFI_OPEN_SHARING_DENIED) + && !nm_setting_wireless_get_security (s_wireless)) + continue; + } + /* Ignore connections that don't apply to the selected device */ setting_mac = nm_setting_wireless_get_mac_address (s_wireless); if (setting_mac) { @@ -720,7 +729,7 @@ security_combo_init (NMAWirelessDialog * int active = -1; int item = 0; NMSettingWireless *s_wireless = NULL; - gboolean is_adhoc; + gboolean is_adhoc, allow_open = TRUE; g_return_val_if_fail (self != NULL, FALSE); @@ -765,11 +774,17 @@ security_combo_init (NMAWirelessDialog * if (wep_type == NM_WEP_KEY_TYPE_UNKNOWN) wep_type = NM_WEP_KEY_TYPE_KEY; } + } else if (is_adhoc) { + default_type = NMU_SEC_STATIC_WEP; + wep_type = NM_WEP_KEY_TYPE_PASSPHRASE; } sec_model = gtk_list_store_new (2, G_TYPE_STRING, wireless_security_get_g_type ()); - if (nm_utils_security_valid (NMU_SEC_NONE, dev_caps, !!priv->ap, is_adhoc, ap_flags, ap_wpa, ap_rsn)) { + if (is_adhoc && (priv->applet->permissions & NM_SYSTEM_PERMISSION_WIFI_OPEN_SHARING_DENIED)) + allow_open = FALSE; + + if (allow_open && nm_utils_security_valid (NMU_SEC_NONE, dev_caps, !!priv->ap, is_adhoc, ap_flags, ap_wpa, ap_rsn)) { gtk_list_store_append (sec_model, &iter); gtk_list_store_set (sec_model, &iter, S_NAME_COLUMN, _("None"), diff -up NetworkManager-0.7.0/src/NetworkManagerPolicy.c.system-permissions NetworkManager-0.7.0/src/NetworkManagerPolicy.c --- NetworkManager-0.7.0/src/NetworkManagerPolicy.c.system-permissions 2009-05-19 10:58:51.000000000 -0400 +++ NetworkManager-0.7.0/src/NetworkManagerPolicy.c 2009-05-19 10:58:51.000000000 -0400 @@ -40,6 +40,7 @@ #include "nm-dbus-manager.h" #include "nm-setting-ip4-config.h" #include "nm-setting-connection.h" +#include "nm-setting-wireless.h" #include "NetworkManagerSystem.h" #include "nm-named-manager.h" #include "nm-vpn-manager.h" @@ -610,6 +611,48 @@ out: policy->default_device = best; } +static gboolean +is_connection_allowed (NMConnection *connection, NMSystemPermissions permissions) +{ + NMSettingConnection *s_con; + NMSettingIP4Config *s_ip4; + NMSettingWireless *s_wifi; + const char *method, *ctype; + + s_ip4 = (NMSettingIP4Config *) nm_connection_get_setting (connection, NM_TYPE_SETTING_IP4_CONFIG); + if (!s_ip4) + return TRUE; + + /* All non-shared connections are allowed */ + method = nm_setting_ip4_config_get_method (s_ip4); + g_assert (method); + if (strcmp (method, NM_SETTING_IP4_CONFIG_METHOD_SHARED)) + return TRUE; + + s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION); + g_assert (s_con); + + /* All non-wifi connections are allowed */ + ctype = nm_setting_connection_get_connection_type (s_con); + g_assert (ctype); + if (strcmp (ctype, NM_SETTING_WIRELESS_SETTING_NAME)) + return TRUE; + + s_wifi = (NMSettingWireless *) nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS); + g_assert (s_wifi); + + /* Check for wifi sharing completely disabled */ + if (permissions & NM_SYSTEM_PERMISSION_WIFI_SHARING_DENIED) + return FALSE; + + /* Check for disabled open wifi sharing */ + if ( (permissions & NM_SYSTEM_PERMISSION_WIFI_OPEN_SHARING_DENIED) + && !nm_setting_wireless_get_security (s_wifi)) + return FALSE; + + return TRUE; +} + typedef struct { NMPolicy *policy; NMDevice *device; @@ -639,13 +682,15 @@ auto_activate_device (gpointer user_data connections = nm_manager_get_connections (policy->manager, NM_CONNECTION_SCOPE_SYSTEM); connections = g_slist_concat (connections, nm_manager_get_connections (policy->manager, NM_CONNECTION_SCOPE_USER)); - /* Remove connections that are in the invalid list. */ + /* Remove connections that are in the invalid list or are not permitted. */ iter = connections; while (iter) { NMConnection *iter_connection = NM_CONNECTION (iter->data); GSList *next = g_slist_next (iter); + NMSystemPermissions permissions = nm_manager_get_system_permissions (policy->manager); - if (g_object_get_data (G_OBJECT (iter_connection), INVALID_TAG)) { + if ( g_object_get_data (G_OBJECT (iter_connection), INVALID_TAG) + || !is_connection_allowed (iter_connection, permissions)) { connections = g_slist_remove_link (connections, iter); g_object_unref (iter_connection); g_slist_free (iter); diff -up NetworkManager-0.7.0/src/nm-manager.c.system-permissions NetworkManager-0.7.0/src/nm-manager.c --- NetworkManager-0.7.0/src/nm-manager.c.system-permissions 2008-11-28 10:31:41.000000000 -0500 +++ NetworkManager-0.7.0/src/nm-manager.c 2009-05-19 10:58:51.000000000 -0400 @@ -121,6 +121,7 @@ typedef struct { DBusGProxy *system_props_proxy; GSList *unmanaged_udis; char *hostname; + NMSystemPermissions permissions; PendingConnectionInfo *pending_connection_info; gboolean wireless_enabled; @@ -1227,6 +1228,7 @@ system_settings_properties_changed_cb (D gpointer user_data) { NMManager *manager = NM_MANAGER (user_data); + NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (manager); GValue *value; value = g_hash_table_lookup (properties, "UnmanagedDevices"); @@ -1236,6 +1238,10 @@ system_settings_properties_changed_cb (D value = g_hash_table_lookup (properties, "Hostname"); if (value && G_VALUE_HOLDS (value, G_TYPE_STRING)) handle_hostname (manager, g_value_get_string (value)); + + value = g_hash_table_lookup (properties, "Permissions"); + if (value && G_VALUE_HOLDS (value, G_TYPE_UINT)) + priv->permissions = g_value_get_uint (value); } static void @@ -1292,6 +1298,33 @@ system_settings_get_hostname_cb (DBusGPr } static void +system_settings_get_permissions_cb (DBusGProxy *proxy, + DBusGProxyCall *call_id, + gpointer user_data) +{ + NMManager *manager = NM_MANAGER (user_data); + NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (manager); + GError *error = NULL; + GValue value = { 0, }; + + if (!dbus_g_proxy_end_call (proxy, call_id, &error, + G_TYPE_VALUE, &value, + G_TYPE_INVALID)) { + nm_warning ("%s: Error getting permissions from the system settings service: (%d) %s", + __func__, error->code, error->message); + g_error_free (error); + g_object_unref (proxy); + return; + } + + if (G_VALUE_HOLDS (&value, G_TYPE_UINT)) + priv->permissions = g_value_get_uint (&value); + + g_value_unset (&value); + g_object_unref (proxy); +} + +static void query_system_settings_property (NMManager *manager, const char *property, DBusGProxyCallNotify callback) @@ -1344,6 +1377,7 @@ nm_manager_name_owner_changed (NMDBusMan /* System Settings service appeared, update stuff */ query_system_settings_property (manager, "UnmanagedDevices", system_settings_get_unmanaged_devices_cb); query_system_settings_property (manager, "Hostname", system_settings_get_hostname_cb); + query_system_settings_property (manager, "Permissions", system_settings_get_permissions_cb); query_connections (manager, NM_CONNECTION_SCOPE_SYSTEM); } else { /* System Settings service disappeared, throw them away (?) */ @@ -1404,6 +1438,7 @@ initial_get_connections (gpointer user_d NM_DBUS_SERVICE_SYSTEM_SETTINGS)) { query_system_settings_property (manager, "UnmanagedDevices", system_settings_get_unmanaged_devices_cb); query_system_settings_property (manager, "Hostname", system_settings_get_hostname_cb); + query_system_settings_property (manager, "Permissions", system_settings_get_permissions_cb); query_connections (manager, NM_CONNECTION_SCOPE_SYSTEM); } else { /* Try to activate the system settings daemon */ @@ -1795,6 +1830,56 @@ nm_manager_get_act_request_by_path (NMMa return NULL; } +static gboolean +check_permissions (NMManager *manager, NMConnection *connection, GError **error) +{ + NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (manager); + NMSettingConnection *s_con; + NMSettingIP4Config *s_ip4; + NMSettingWireless *s_wifi; + const char *security; + + /* Check whether this is a shared connection or not */ + s_ip4 = (NMSettingIP4Config *) nm_connection_get_setting (connection, NM_TYPE_SETTING_IP4_CONFIG); + if (!s_ip4) + return TRUE; + g_assert (nm_setting_ip4_config_get_method (s_ip4)); + + /* If it's not a shared connection, it's OK */ + if (strcmp (nm_setting_ip4_config_get_method (s_ip4), NM_SETTING_IP4_CONFIG_METHOD_SHARED)) + return TRUE; + + s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION); + g_assert (s_con); + g_assert (nm_setting_connection_get_connection_type (s_con)); + + /* Only care about wifi permissions for now */ + if (strcmp (nm_setting_connection_get_connection_type (s_con), NM_SETTING_WIRELESS_SETTING_NAME)) + return TRUE; + + if (priv->permissions & NM_SYSTEM_PERMISSION_WIFI_SHARING_DENIED) { + g_set_error (error, NM_MANAGER_ERROR, + NM_MANAGER_ERROR_PERMISSION_DENIED, + "%s", "Permission to create shared WiFi networks was denied by system settings."); + return FALSE; + } + + s_wifi = (NMSettingWireless *) nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS); + g_assert (s_wifi); + security = nm_setting_wireless_get_security (s_wifi); + + if (!security || strcmp (security, NM_SETTING_WIRELESS_SECURITY_SETTING_NAME)) { + if (priv->permissions & NM_SYSTEM_PERMISSION_WIFI_OPEN_SHARING_DENIED) { + g_set_error (error, NM_MANAGER_ERROR, + NM_MANAGER_ERROR_PERMISSION_DENIED, + "%s", "Permission to create unprotected shared WiFi networks was denied by system settings."); + return FALSE; + } + } + + return TRUE; +} + static const char * internal_activate_device (NMManager *manager, NMDevice *device, @@ -1813,6 +1898,9 @@ internal_activate_device (NMManager *man dev_iface = NM_DEVICE_INTERFACE (device); + if (!check_permissions (manager, connection, error)) + return NULL; + /* Ensure the requested connection is compatible with the device */ if (!nm_device_interface_check_connection_compatible (dev_iface, connection, error)) return NULL; @@ -2363,3 +2451,11 @@ nm_manager_get_active_connections_by_con return get_active_connections (manager, connection); } +NMSystemPermissions +nm_manager_get_system_permissions (NMManager *manager) +{ + g_return_val_if_fail (NM_IS_MANAGER (manager), NM_SYSTEM_PERMISSION_NONE); + + return NM_MANAGER_GET_PRIVATE (manager)->permissions; +} + diff -up NetworkManager-0.7.0/src/nm-manager.h.system-permissions NetworkManager-0.7.0/src/nm-manager.h --- NetworkManager-0.7.0/src/nm-manager.h.system-permissions 2008-11-28 10:31:41.000000000 -0500 +++ NetworkManager-0.7.0/src/nm-manager.h 2009-05-19 10:58:51.000000000 -0400 @@ -78,6 +78,8 @@ GType nm_manager_get_type (void); NMManager *nm_manager_get (void); +NMSystemPermissions nm_manager_get_system_permissions (NMManager *manager); + /* Device handling */ GSList *nm_manager_get_devices (NMManager *manager); diff -up NetworkManager-0.7.0/system-settings/plugins/ifcfg-rh/plugin.c.system-permissions NetworkManager-0.7.0/system-settings/plugins/ifcfg-rh/plugin.c --- NetworkManager-0.7.0/system-settings/plugins/ifcfg-rh/plugin.c.system-permissions 2009-05-19 10:58:51.000000000 -0400 +++ NetworkManager-0.7.0/system-settings/plugins/ifcfg-rh/plugin.c 2009-05-19 10:58:51.000000000 -0400 @@ -81,6 +81,7 @@ typedef struct { gulong ih_event_id; int sc_network_wd; char *hostname; + NMSystemConfigInterfacePermissions permissions; GFileMonitor *monitor; guint monitor_id; @@ -523,6 +524,27 @@ plugin_set_hostname (SCPluginIfcfg *plug return TRUE; } +static NMSystemConfigInterfacePermissions +plugin_get_permissions (SCPluginIfcfg *plugin) +{ + NMSystemConfigInterfacePermissions permissions = NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_NONE; + shvarFile *network; + + network = svNewFile (SC_NETWORK_FILE); + if (!network) { + PLUGIN_WARN (IFCFG_PLUGIN_NAME, "Could not get hostname: failed to read " SC_NETWORK_FILE); + return NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_NONE; + } + + if (!svTrueValue (network, "NM_WIFI_OPEN_SHARING_ALLOWED", TRUE)) + permissions |= NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_WIFI_OPEN_SHARING_DENIED; + if (!svTrueValue (network, "NM_WIFI_SHARING_ALLOWED", TRUE)) + permissions |= NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_WIFI_SHARING_DENIED; + + svCloseFile (network); + return permissions; +} + static void sc_network_changed_cb (NMInotifyHelper *ih, struct inotify_event *evt, @@ -532,6 +554,7 @@ sc_network_changed_cb (NMInotifyHelper * SCPluginIfcfg *plugin = SC_PLUGIN_IFCFG (user_data); SCPluginIfcfgPrivate *priv = SC_PLUGIN_IFCFG_GET_PRIVATE (plugin); char *new_hostname; + NMSystemConfigInterfacePermissions new_permissions; if (evt->wd != priv->sc_network_wd) return; @@ -545,6 +568,12 @@ sc_network_changed_cb (NMInotifyHelper * g_object_notify (G_OBJECT (plugin), NM_SYSTEM_CONFIG_INTERFACE_HOSTNAME); } else g_free (new_hostname); + + new_permissions = plugin_get_permissions (plugin); + if (new_permissions != priv->permissions) { + priv->permissions = new_permissions; + g_object_notify (G_OBJECT (plugin), NM_SYSTEM_CONFIG_INTERFACE_PERMISSIONS); + } } static void @@ -575,6 +604,7 @@ sc_plugin_ifcfg_init (SCPluginIfcfg *plu priv->sc_network_wd = nm_inotify_helper_add_watch (ih, SC_NETWORK_FILE); priv->hostname = plugin_get_hostname (plugin); + priv->permissions = plugin_get_permissions (plugin); } static void @@ -637,6 +667,9 @@ get_property (GObject *object, guint pro case NM_SYSTEM_CONFIG_INTERFACE_PROP_HOSTNAME: g_value_set_string (value, priv->hostname); break; + case NM_SYSTEM_CONFIG_INTERFACE_PROP_PERMISSIONS: + g_value_set_uint (value, priv->permissions); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -689,6 +722,10 @@ sc_plugin_ifcfg_class_init (SCPluginIfcf g_object_class_override_property (object_class, NM_SYSTEM_CONFIG_INTERFACE_PROP_HOSTNAME, NM_SYSTEM_CONFIG_INTERFACE_HOSTNAME); + + g_object_class_override_property (object_class, + NM_SYSTEM_CONFIG_INTERFACE_PROP_PERMISSIONS, + NM_SYSTEM_CONFIG_INTERFACE_PERMISSIONS); } static void diff -up NetworkManager-0.7.0/system-settings/src/dbus-settings.c.system-permissions NetworkManager-0.7.0/system-settings/src/dbus-settings.c --- NetworkManager-0.7.0/system-settings/src/dbus-settings.c.system-permissions 2008-11-28 10:31:54.000000000 -0500 +++ NetworkManager-0.7.0/system-settings/src/dbus-settings.c 2009-05-19 10:58:51.000000000 -0400 @@ -57,6 +57,7 @@ typedef struct { GHashTable *connections; GHashTable *unmanaged_devices; char *orig_hostname; + guint32 permissions; } NMSysconfigSettingsPrivate; G_DEFINE_TYPE (NMSysconfigSettings, nm_sysconfig_settings, NM_TYPE_SETTINGS); @@ -76,6 +77,7 @@ enum { PROP_UNMANAGED_DEVICES, PROP_HOSTNAME, PROP_CAN_MODIFY, + PROP_PERMISSIONS, LAST_PROP }; @@ -251,7 +253,7 @@ get_property (GObject *object, guint pro NMSysconfigSettings *self = NM_SYSCONFIG_SETTINGS (object); NMSysconfigSettingsPrivate *priv = NM_SYSCONFIG_SETTINGS_GET_PRIVATE (self); GSList *iter; - + guint32 permissions = 0; switch (prop_id) { case PROP_UNMANAGED_DEVICES: @@ -287,6 +289,15 @@ get_property (GObject *object, guint pro case PROP_CAN_MODIFY: g_value_set_boolean (value, !!get_first_plugin_by_capability (self, NM_SYSTEM_CONFIG_INTERFACE_CAP_MODIFY_CONNECTIONS)); break; + case PROP_PERMISSIONS: + for (iter = priv->plugins; iter; iter = iter->next) { + NMSystemConfigInterfacePermissions tmp_permissions = 0; + + g_object_get (G_OBJECT (iter->data), NM_SYSTEM_CONFIG_INTERFACE_PERMISSIONS, &tmp_permissions, NULL); + permissions |= tmp_permissions; + } + g_value_set_uint (value, permissions); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -332,6 +343,16 @@ nm_sysconfig_settings_class_init (NMSysc FALSE, G_PARAM_READABLE)); + g_object_class_install_property + (object_class, PROP_PERMISSIONS, + g_param_spec_uint (NM_SYSCONFIG_SETTINGS_PERMISSIONS, + "Permissions", + "Permissions", + NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_NONE, + NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_LAST, + NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_NONE, + G_PARAM_READABLE)); + /* signals */ signals[PROPERTIES_CHANGED] = g_signal_new ("properties-changed", @@ -435,6 +456,14 @@ hostname_changed (NMSystemConfigInterfac g_object_notify (G_OBJECT (user_data), NM_SYSCONFIG_SETTINGS_HOSTNAME); } +static void +permissions_changed (NMSystemConfigInterface *config, + GParamSpec *pspec, + gpointer user_data) +{ + g_object_notify (G_OBJECT (user_data), NM_SYSCONFIG_SETTINGS_PERMISSIONS); +} + void nm_sysconfig_settings_add_plugin (NMSysconfigSettings *self, NMSystemConfigInterface *plugin) @@ -453,6 +482,7 @@ nm_sysconfig_settings_add_plugin (NMSysc g_signal_connect (plugin, "connection-added", G_CALLBACK (plugin_connection_added), self); g_signal_connect (plugin, "unmanaged-devices-changed", G_CALLBACK (unmanaged_devices_changed), self); g_signal_connect (plugin, "notify::hostname", G_CALLBACK (hostname_changed), self); + g_signal_connect (plugin, "notify::permissions", G_CALLBACK (permissions_changed), self); nm_system_config_interface_init (plugin, priv->hal_mgr); diff -up NetworkManager-0.7.0/system-settings/src/dbus-settings.h.system-permissions NetworkManager-0.7.0/system-settings/src/dbus-settings.h --- NetworkManager-0.7.0/system-settings/src/dbus-settings.h.system-permissions 2008-11-28 10:31:54.000000000 -0500 +++ NetworkManager-0.7.0/system-settings/src/dbus-settings.h 2009-05-19 10:58:51.000000000 -0400 @@ -45,6 +45,7 @@ typedef struct _NMSysconfigSettingsClass #define NM_SYSCONFIG_SETTINGS_UNMANAGED_DEVICES "unmanaged-devices" #define NM_SYSCONFIG_SETTINGS_HOSTNAME "hostname" #define NM_SYSCONFIG_SETTINGS_CAN_MODIFY "can-modify" +#define NM_SYSCONFIG_SETTINGS_PERMISSIONS "permissions" struct _NMSysconfigSettings { diff -up NetworkManager-0.7.0/system-settings/src/nm-system-config-interface.c.system-permissions NetworkManager-0.7.0/system-settings/src/nm-system-config-interface.c --- NetworkManager-0.7.0/system-settings/src/nm-system-config-interface.c.system-permissions 2008-11-28 10:31:54.000000000 -0500 +++ NetworkManager-0.7.0/system-settings/src/nm-system-config-interface.c 2009-05-19 10:58:51.000000000 -0400 @@ -65,6 +65,16 @@ interface_init (gpointer g_iface) NULL, G_PARAM_READWRITE)); + g_object_interface_install_property + (g_iface, + g_param_spec_uint (NM_SYSTEM_CONFIG_INTERFACE_PERMISSIONS, + "Permissions", + "Plugin permissions", + NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_NONE, + NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_LAST, + NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_NONE, + G_PARAM_READABLE)); + /* Signals */ g_signal_new ("connection-added", iface_type, diff -up NetworkManager-0.7.0/system-settings/src/nm-system-config-interface.h.system-permissions NetworkManager-0.7.0/system-settings/src/nm-system-config-interface.h --- NetworkManager-0.7.0/system-settings/src/nm-system-config-interface.h.system-permissions 2008-11-28 10:31:54.000000000 -0500 +++ NetworkManager-0.7.0/system-settings/src/nm-system-config-interface.h 2009-05-19 10:58:51.000000000 -0400 @@ -62,6 +62,7 @@ GObject * nm_system_config_factory (void #define NM_SYSTEM_CONFIG_INTERFACE_INFO "info" #define NM_SYSTEM_CONFIG_INTERFACE_CAPABILITIES "capabilities" #define NM_SYSTEM_CONFIG_INTERFACE_HOSTNAME "hostname" +#define NM_SYSTEM_CONFIG_INTERFACE_PERMISSIONS "permissions" typedef enum { NM_SYSTEM_CONFIG_INTERFACE_CAP_NONE = 0x00000000, @@ -72,12 +73,21 @@ typedef enum { } NMSystemConfigInterfaceCapabilities; typedef enum { + NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_NONE = 0x00000000, + NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_WIFI_OPEN_SHARING_DENIED = 0x00000001, + NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_WIFI_SHARING_DENIED = 0x00000002, + + NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_LAST = NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_WIFI_SHARING_DENIED +} NMSystemConfigInterfacePermissions; + +typedef enum { NM_SYSTEM_CONFIG_INTERFACE_PROP_FIRST = 0x1000, NM_SYSTEM_CONFIG_INTERFACE_PROP_NAME = NM_SYSTEM_CONFIG_INTERFACE_PROP_FIRST, NM_SYSTEM_CONFIG_INTERFACE_PROP_INFO, NM_SYSTEM_CONFIG_INTERFACE_PROP_CAPABILITIES, NM_SYSTEM_CONFIG_INTERFACE_PROP_HOSTNAME, + NM_SYSTEM_CONFIG_INTERFACE_PROP_PERMISSIONS, } NMSystemConfigInterfaceProp;