diff -up NetworkManager-0.7.0/include/NetworkManager.h.system-permissions NetworkManager-0.7.0/include/NetworkManager.h
--- NetworkManager-0.7.0/include/NetworkManager.h.system-permissions 2008-11-28 10:31:55.000000000 -0500
+++ NetworkManager-0.7.0/include/NetworkManager.h 2009-05-19 10:58:51.000000000 -0400
@@ -355,5 +355,14 @@ typedef enum {
NM_ACTIVE_CONNECTION_STATE_ACTIVATED
} NMActiveConnectionState;
+
+typedef enum {
+ NM_SYSTEM_PERMISSION_NONE = 0x00000000,
+ NM_SYSTEM_PERMISSION_WIFI_OPEN_SHARING_DENIED = 0x00000001,
+ NM_SYSTEM_PERMISSION_WIFI_SHARING_DENIED = 0x00000002,
+
+ NM_SYSTEM_PERMISSION_LAST = NM_SYSTEM_PERMISSION_WIFI_SHARING_DENIED
+} NMSystemPermissions;
+
#endif /* NETWORK_MANAGER_H */
diff -up NetworkManager-0.7.0/introspection/nm-settings-system.xml.system-permissions NetworkManager-0.7.0/introspection/nm-settings-system.xml
--- NetworkManager-0.7.0/introspection/nm-settings-system.xml.system-permissions 2008-11-28 10:31:57.000000000 -0500
+++ NetworkManager-0.7.0/introspection/nm-settings-system.xml 2009-05-19 10:58:51.000000000 -0400
@@ -44,6 +44,12 @@
</tp:docstring>
</property>
+ <property name="Permissions" type="u" access="read" tp:type="NM_SYSTEM_PERMISSIONS">
+ <tp:docstring>
+ Flags describing permissions granted to unprivileged users, or restrictions on unprivileged users' requests.
+ </tp:docstring>
+ </property>
+
<property name="UnmanagedDevices" type="ao" access="read">
<tp:docstring>
The list of HAL UDIs of devices that should not be managed by NetworkManager.
@@ -58,6 +64,18 @@
</arg>
</signal>
+ <tp:flags name="NM_SYSTEM_PERMISSIONS" value-prefix="NM_SYSTEM_PERMISSION" type="u">
+ <tp:docstring>
+ Flags describing the permissions granted to unprivileged users, or restrictions on unprivileged users' requests.
+ </tp:docstring>
+ <tp:flag suffix="WIFI_OPEN_SHARING_DENIED" value="0x1">
+ <tp:docstring>Activating shared insecure shared WiFi connections is not allowed.</tp:docstring>
+ </tp:flag>
+ <tp:flag suffix="WIFI_SHARING_DENIED" value="0x2">
+ <tp:docstring>Activating shared WiFi connections is not allowed.</tp:docstring>
+ </tp:flag>
+ </tp:flags>
+
</interface>
</node>
diff -up NetworkManager-0.7.0/libnm-glib/libnm_glib.ver.system-permissions NetworkManager-0.7.0/libnm-glib/libnm_glib.ver
--- NetworkManager-0.7.0/libnm-glib/libnm_glib.ver.system-permissions 2008-11-28 10:31:57.000000000 -0500
+++ NetworkManager-0.7.0/libnm-glib/libnm_glib.ver 2009-05-19 10:58:51.000000000 -0400
@@ -47,6 +47,7 @@ global:
nm_dbus_settings_new;
nm_dbus_settings_system_add_connection;
nm_dbus_settings_system_get_can_modify;
+ nm_dbus_settings_system_get_permissions;
nm_dbus_settings_system_get_type;
nm_dbus_settings_system_get_unmanaged_devices;
nm_dbus_settings_system_new;
diff -up NetworkManager-0.7.0/libnm-glib/nm-dbus-settings-system.c.system-permissions NetworkManager-0.7.0/libnm-glib/nm-dbus-settings-system.c
--- NetworkManager-0.7.0/libnm-glib/nm-dbus-settings-system.c.system-permissions 2008-11-28 10:31:57.000000000 -0500
+++ NetworkManager-0.7.0/libnm-glib/nm-dbus-settings-system.c 2009-05-19 10:58:51.000000000 -0400
@@ -43,6 +43,9 @@ typedef struct {
gboolean got_can_modify;
gboolean can_modify;
+ gboolean got_permissions;
+ NMSystemPermissions permissions;
+
gboolean disposed;
} NMDBusSettingsSystemPrivate;
@@ -51,6 +54,7 @@ enum {
PROP_UNMANAGED_DEVICES,
PROP_HOSTNAME,
PROP_CAN_MODIFY,
+ PROP_PERMISSIONS,
LAST_PROP
};
@@ -236,6 +240,37 @@ nm_dbus_settings_system_get_can_modify (
return priv->can_modify;
}
+NMSystemPermissions
+nm_dbus_settings_system_get_permissions (NMDBusSettingsSystem *self)
+{
+ NMDBusSettingsSystemPrivate *priv;
+ GValue value = { 0, };
+ GError *err = NULL;
+
+ g_return_val_if_fail (NM_IS_DBUS_SETTINGS_SYSTEM (self), NM_SYSTEM_PERMISSION_NONE);
+
+ priv = NM_DBUS_SETTINGS_SYSTEM_GET_PRIVATE (self);
+
+ if (priv->got_permissions)
+ return priv->permissions;
+
+ if (!dbus_g_proxy_call (priv->props_proxy, "Get", &err,
+ G_TYPE_STRING, NM_DBUS_SERVICE_SYSTEM_SETTINGS,
+ G_TYPE_STRING, "Permissions",
+ G_TYPE_INVALID,
+ G_TYPE_VALUE, &value,
+ G_TYPE_INVALID)) {
+ g_warning ("Could not retrieve permissions: %s", err->message);
+ g_error_free (err);
+ return NM_SYSTEM_PERMISSION_NONE;
+ }
+
+ priv->permissions = g_value_get_uint (&value);
+ g_value_unset (&value);
+
+ return priv->permissions;
+}
+
static void
proxy_properties_changed (DBusGProxy *proxy,
GHashTable *properties,
@@ -262,6 +297,12 @@ proxy_properties_changed (DBusGProxy *pr
priv->can_modify = g_value_get_boolean (value);
g_object_notify (G_OBJECT (self), NM_DBUS_SETTINGS_SYSTEM_CAN_MODIFY);
}
+
+ value = (GValue *) g_hash_table_lookup (properties, "Permissions");
+ if (value) {
+ priv->permissions = g_value_get_uint (value);
+ g_object_notify (G_OBJECT (self), NM_DBUS_SETTINGS_SYSTEM_PERMISSIONS);
+ }
}
static void
@@ -290,22 +331,20 @@ constructor (GType type,
NULL);
priv->settings_proxy = dbus_g_proxy_new_for_name (dbus_connection,
- NM_DBUS_SERVICE_SYSTEM_SETTINGS,
- NM_DBUS_PATH_SETTINGS,
- NM_DBUS_IFACE_SETTINGS_SYSTEM);
+ NM_DBUS_SERVICE_SYSTEM_SETTINGS,
+ NM_DBUS_PATH_SETTINGS,
+ NM_DBUS_IFACE_SETTINGS_SYSTEM);
+ dbus_g_proxy_add_signal (priv->settings_proxy, "PropertiesChanged",
+ DBUS_TYPE_G_MAP_OF_VARIANT, G_TYPE_INVALID);
+ dbus_g_proxy_connect_signal (priv->settings_proxy, "PropertiesChanged",
+ G_CALLBACK (proxy_properties_changed),
+ object, NULL);
priv->props_proxy = dbus_g_proxy_new_for_name (dbus_connection,
NM_DBUS_SERVICE_SYSTEM_SETTINGS,
NM_DBUS_PATH_SETTINGS,
"org.freedesktop.DBus.Properties");
- dbus_g_proxy_add_signal (priv->props_proxy, "PropertiesChanged",
- DBUS_TYPE_G_MAP_OF_VARIANT,
- G_TYPE_INVALID);
- dbus_g_proxy_connect_signal (priv->props_proxy, "PropertiesChanged",
- G_CALLBACK (proxy_properties_changed),
- object, NULL);
-
return object;
}
@@ -348,6 +387,9 @@ get_property (GObject *object, guint pro
case PROP_CAN_MODIFY:
g_value_set_boolean (value, nm_dbus_settings_system_get_can_modify (self));
break;
+ case PROP_PERMISSIONS:
+ g_value_set_uint (value, nm_dbus_settings_system_get_permissions (self));
+ break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -389,5 +431,15 @@ nm_dbus_settings_system_class_init (NMDB
"Can modify",
FALSE,
G_PARAM_READABLE));
+
+ g_object_class_install_property
+ (object_class, PROP_PERMISSIONS,
+ g_param_spec_uint (NM_DBUS_SETTINGS_SYSTEM_PERMISSIONS,
+ "Permissions",
+ "Permissions",
+ NM_SYSTEM_PERMISSION_NONE,
+ NM_SYSTEM_PERMISSION_LAST,
+ NM_SYSTEM_PERMISSION_NONE,
+ G_PARAM_READABLE));
}
diff -up NetworkManager-0.7.0/libnm-glib/nm-dbus-settings-system.h.system-permissions NetworkManager-0.7.0/libnm-glib/nm-dbus-settings-system.h
--- NetworkManager-0.7.0/libnm-glib/nm-dbus-settings-system.h.system-permissions 2008-11-28 10:31:57.000000000 -0500
+++ NetworkManager-0.7.0/libnm-glib/nm-dbus-settings-system.h 2009-05-19 11:07:23.000000000 -0400
@@ -25,6 +25,7 @@
#define NM_DBUS_SETTINGS_SYSTEM_H
#include <nm-dbus-settings.h>
+#include <NetworkManager.h>
G_BEGIN_DECLS
@@ -38,6 +39,7 @@ G_BEGIN_DECLS
#define NM_DBUS_SETTINGS_SYSTEM_UNMANAGED_DEVICES "unmanaged-devices"
#define NM_DBUS_SETTINGS_SYSTEM_HOSTNAME "hostname"
#define NM_DBUS_SETTINGS_SYSTEM_CAN_MODIFY "can-modify"
+#define NM_DBUS_SETTINGS_SYSTEM_PERMISSIONS "permissions"
typedef struct {
NMDBusSettings parent;
@@ -65,6 +67,8 @@ gboolean nm_dbus_settings_system_save_ho
gboolean nm_dbus_settings_system_get_can_modify (NMDBusSettingsSystem *self);
+NMSystemPermissions nm_dbus_settings_system_get_permissions (NMDBusSettingsSystem *self);
+
G_END_DECLS
#endif /* NM_DBUS_SETTINGS_SYSTEM_H */
diff -up NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet.c.system-permissions NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet.c
--- NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet.c.system-permissions 2009-05-19 10:58:51.000000000 -0400
+++ NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet.c 2009-05-19 10:58:51.000000000 -0400
@@ -2394,6 +2394,16 @@ notify_defer_cb (gpointer user_data)
return FALSE;
}
+static void
+system_settings_permissions_changed_cb (NMDBusSettingsSystem *settings,
+ GParamSpec *pspec,
+ gpointer user_data)
+{
+ NMApplet *applet = NM_APPLET (user_data);
+
+ applet->permissions = nm_dbus_settings_system_get_permissions (settings);
+}
+
static GObject *
constructor (GType type,
guint n_props,
@@ -2437,6 +2447,12 @@ constructor (GType type,
}
applet->dbus_settings = (NMDBusSettings *) nm_dbus_settings_system_new (applet_dbus_manager_get_connection (dbus_mgr));
+ if (applet->dbus_settings) {
+ applet->permissions = nm_dbus_settings_system_get_permissions (NM_DBUS_SETTINGS_SYSTEM (applet->dbus_settings));
+ g_signal_connect (applet->dbus_settings, "notify::permissions",
+ G_CALLBACK (system_settings_permissions_changed_cb),
+ applet);
+ }
applet->gconf_settings = nma_gconf_settings_new ();
g_signal_connect (applet->gconf_settings, "new-secrets-requested",
diff -up NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet-device-wifi.c.system-permissions NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet-device-wifi.c
--- NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet-device-wifi.c.system-permissions 2009-05-19 10:58:51.000000000 -0400
+++ NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet-device-wifi.c 2009-05-19 10:58:51.000000000 -0400
@@ -128,6 +128,9 @@ nma_menu_add_create_network_item (GtkWid
gtk_widget_show_all (menu_item);
gtk_menu_shell_append (GTK_MENU_SHELL (menu), menu_item);
g_signal_connect (menu_item, "activate", G_CALLBACK (new_network_activate_cb), applet);
+
+ if (applet->permissions & NM_SYSTEM_PERMISSION_WIFI_SHARING_DENIED)
+ gtk_widget_set_sensitive (GTK_WIDGET (menu_item), FALSE);
}
diff -up NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet.h.system-permissions NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet.h
--- NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet.h.system-permissions 2009-05-19 10:58:51.000000000 -0400
+++ NetworkManager-0.7.0/network-manager-applet-0.7.0/src/applet.h 2009-05-19 10:58:51.000000000 -0400
@@ -47,6 +47,7 @@
#include <NetworkManager.h>
#include <nm-active-connection.h>
#include <nm-dbus-settings.h>
+#include <nm-dbus-settings-system.h>
#include "applet-dbus-manager.h"
#include "nma-gconf-settings.h"
@@ -84,8 +85,9 @@ typedef struct
NMClient *nm_client;
NMDBusSettings *dbus_settings;
- NMAGConfSettings *gconf_settings;
+ NMSystemPermissions permissions;
+ NMAGConfSettings *gconf_settings;
GConfClient * gconf_client;
char * glade_file;
diff -up NetworkManager-0.7.0/network-manager-applet-0.7.0/src/wireless-dialog.c.system-permissions NetworkManager-0.7.0/network-manager-applet-0.7.0/src/wireless-dialog.c
--- NetworkManager-0.7.0/network-manager-applet-0.7.0/src/wireless-dialog.c.system-permissions 2009-05-19 10:58:51.000000000 -0400
+++ NetworkManager-0.7.0/network-manager-applet-0.7.0/src/wireless-dialog.c 2009-05-19 11:05:47.000000000 -0400
@@ -425,6 +425,8 @@ connection_combo_init (NMAWirelessDialog
const char *connection_type;
const char *mode;
const GByteArray *setting_mac;
+ NMSettingIP4Config *s_ip4;
+ const char *method = NULL;
s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (candidate, NM_TYPE_SETTING_CONNECTION));
connection_type = s_con ? nm_setting_connection_get_connection_type (s_con) : NULL;
@@ -438,15 +440,12 @@ connection_combo_init (NMAWirelessDialog
if (!s_wireless)
continue;
+ s_ip4 = (NMSettingIP4Config *) nm_connection_get_setting (candidate, NM_TYPE_SETTING_IP4_CONFIG);
+ if (s_ip4)
+ method = nm_setting_ip4_config_get_method (s_ip4);
+
/* If creating a new Ad-Hoc network, only show shared network connections */
if (priv->adhoc_create) {
- NMSettingIP4Config *s_ip4;
- const char *method = NULL;
-
- s_ip4 = (NMSettingIP4Config *) nm_connection_get_setting (candidate, NM_TYPE_SETTING_IP4_CONFIG);
- if (s_ip4)
- method = nm_setting_ip4_config_get_method (s_ip4);
-
if (!s_ip4 || strcmp (method, "shared"))
continue;
@@ -456,6 +455,16 @@ connection_combo_init (NMAWirelessDialog
continue;
}
+ /* Honor permissions for wifi sharing */
+ if (method && !strcmp (method, NM_SETTING_IP4_CONFIG_METHOD_SHARED)) {
+ if (priv->applet->permissions & NM_SYSTEM_PERMISSION_WIFI_SHARING_DENIED)
+ continue;
+
+ if ( (priv->applet->permissions & NM_SYSTEM_PERMISSION_WIFI_OPEN_SHARING_DENIED)
+ && !nm_setting_wireless_get_security (s_wireless))
+ continue;
+ }
+
/* Ignore connections that don't apply to the selected device */
setting_mac = nm_setting_wireless_get_mac_address (s_wireless);
if (setting_mac) {
@@ -720,7 +729,7 @@ security_combo_init (NMAWirelessDialog *
int active = -1;
int item = 0;
NMSettingWireless *s_wireless = NULL;
- gboolean is_adhoc;
+ gboolean is_adhoc, allow_open = TRUE;
g_return_val_if_fail (self != NULL, FALSE);
@@ -765,11 +774,17 @@ security_combo_init (NMAWirelessDialog *
if (wep_type == NM_WEP_KEY_TYPE_UNKNOWN)
wep_type = NM_WEP_KEY_TYPE_KEY;
}
+ } else if (is_adhoc) {
+ default_type = NMU_SEC_STATIC_WEP;
+ wep_type = NM_WEP_KEY_TYPE_PASSPHRASE;
}
sec_model = gtk_list_store_new (2, G_TYPE_STRING, wireless_security_get_g_type ());
- if (nm_utils_security_valid (NMU_SEC_NONE, dev_caps, !!priv->ap, is_adhoc, ap_flags, ap_wpa, ap_rsn)) {
+ if (is_adhoc && (priv->applet->permissions & NM_SYSTEM_PERMISSION_WIFI_OPEN_SHARING_DENIED))
+ allow_open = FALSE;
+
+ if (allow_open && nm_utils_security_valid (NMU_SEC_NONE, dev_caps, !!priv->ap, is_adhoc, ap_flags, ap_wpa, ap_rsn)) {
gtk_list_store_append (sec_model, &iter);
gtk_list_store_set (sec_model, &iter,
S_NAME_COLUMN, _("None"),
diff -up NetworkManager-0.7.0/src/NetworkManagerPolicy.c.system-permissions NetworkManager-0.7.0/src/NetworkManagerPolicy.c
--- NetworkManager-0.7.0/src/NetworkManagerPolicy.c.system-permissions 2009-05-19 10:58:51.000000000 -0400
+++ NetworkManager-0.7.0/src/NetworkManagerPolicy.c 2009-05-19 10:58:51.000000000 -0400
@@ -40,6 +40,7 @@
#include "nm-dbus-manager.h"
#include "nm-setting-ip4-config.h"
#include "nm-setting-connection.h"
+#include "nm-setting-wireless.h"
#include "NetworkManagerSystem.h"
#include "nm-named-manager.h"
#include "nm-vpn-manager.h"
@@ -610,6 +611,48 @@ out:
policy->default_device = best;
}
+static gboolean
+is_connection_allowed (NMConnection *connection, NMSystemPermissions permissions)
+{
+ NMSettingConnection *s_con;
+ NMSettingIP4Config *s_ip4;
+ NMSettingWireless *s_wifi;
+ const char *method, *ctype;
+
+ s_ip4 = (NMSettingIP4Config *) nm_connection_get_setting (connection, NM_TYPE_SETTING_IP4_CONFIG);
+ if (!s_ip4)
+ return TRUE;
+
+ /* All non-shared connections are allowed */
+ method = nm_setting_ip4_config_get_method (s_ip4);
+ g_assert (method);
+ if (strcmp (method, NM_SETTING_IP4_CONFIG_METHOD_SHARED))
+ return TRUE;
+
+ s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION);
+ g_assert (s_con);
+
+ /* All non-wifi connections are allowed */
+ ctype = nm_setting_connection_get_connection_type (s_con);
+ g_assert (ctype);
+ if (strcmp (ctype, NM_SETTING_WIRELESS_SETTING_NAME))
+ return TRUE;
+
+ s_wifi = (NMSettingWireless *) nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS);
+ g_assert (s_wifi);
+
+ /* Check for wifi sharing completely disabled */
+ if (permissions & NM_SYSTEM_PERMISSION_WIFI_SHARING_DENIED)
+ return FALSE;
+
+ /* Check for disabled open wifi sharing */
+ if ( (permissions & NM_SYSTEM_PERMISSION_WIFI_OPEN_SHARING_DENIED)
+ && !nm_setting_wireless_get_security (s_wifi))
+ return FALSE;
+
+ return TRUE;
+}
+
typedef struct {
NMPolicy *policy;
NMDevice *device;
@@ -639,13 +682,15 @@ auto_activate_device (gpointer user_data
connections = nm_manager_get_connections (policy->manager, NM_CONNECTION_SCOPE_SYSTEM);
connections = g_slist_concat (connections, nm_manager_get_connections (policy->manager, NM_CONNECTION_SCOPE_USER));
- /* Remove connections that are in the invalid list. */
+ /* Remove connections that are in the invalid list or are not permitted. */
iter = connections;
while (iter) {
NMConnection *iter_connection = NM_CONNECTION (iter->data);
GSList *next = g_slist_next (iter);
+ NMSystemPermissions permissions = nm_manager_get_system_permissions (policy->manager);
- if (g_object_get_data (G_OBJECT (iter_connection), INVALID_TAG)) {
+ if ( g_object_get_data (G_OBJECT (iter_connection), INVALID_TAG)
+ || !is_connection_allowed (iter_connection, permissions)) {
connections = g_slist_remove_link (connections, iter);
g_object_unref (iter_connection);
g_slist_free (iter);
diff -up NetworkManager-0.7.0/src/nm-manager.c.system-permissions NetworkManager-0.7.0/src/nm-manager.c
--- NetworkManager-0.7.0/src/nm-manager.c.system-permissions 2008-11-28 10:31:41.000000000 -0500
+++ NetworkManager-0.7.0/src/nm-manager.c 2009-05-19 10:58:51.000000000 -0400
@@ -121,6 +121,7 @@ typedef struct {
DBusGProxy *system_props_proxy;
GSList *unmanaged_udis;
char *hostname;
+ NMSystemPermissions permissions;
PendingConnectionInfo *pending_connection_info;
gboolean wireless_enabled;
@@ -1227,6 +1228,7 @@ system_settings_properties_changed_cb (D
gpointer user_data)
{
NMManager *manager = NM_MANAGER (user_data);
+ NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (manager);
GValue *value;
value = g_hash_table_lookup (properties, "UnmanagedDevices");
@@ -1236,6 +1238,10 @@ system_settings_properties_changed_cb (D
value = g_hash_table_lookup (properties, "Hostname");
if (value && G_VALUE_HOLDS (value, G_TYPE_STRING))
handle_hostname (manager, g_value_get_string (value));
+
+ value = g_hash_table_lookup (properties, "Permissions");
+ if (value && G_VALUE_HOLDS (value, G_TYPE_UINT))
+ priv->permissions = g_value_get_uint (value);
}
static void
@@ -1292,6 +1298,33 @@ system_settings_get_hostname_cb (DBusGPr
}
static void
+system_settings_get_permissions_cb (DBusGProxy *proxy,
+ DBusGProxyCall *call_id,
+ gpointer user_data)
+{
+ NMManager *manager = NM_MANAGER (user_data);
+ NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (manager);
+ GError *error = NULL;
+ GValue value = { 0, };
+
+ if (!dbus_g_proxy_end_call (proxy, call_id, &error,
+ G_TYPE_VALUE, &value,
+ G_TYPE_INVALID)) {
+ nm_warning ("%s: Error getting permissions from the system settings service: (%d) %s",
+ __func__, error->code, error->message);
+ g_error_free (error);
+ g_object_unref (proxy);
+ return;
+ }
+
+ if (G_VALUE_HOLDS (&value, G_TYPE_UINT))
+ priv->permissions = g_value_get_uint (&value);
+
+ g_value_unset (&value);
+ g_object_unref (proxy);
+}
+
+static void
query_system_settings_property (NMManager *manager,
const char *property,
DBusGProxyCallNotify callback)
@@ -1344,6 +1377,7 @@ nm_manager_name_owner_changed (NMDBusMan
/* System Settings service appeared, update stuff */
query_system_settings_property (manager, "UnmanagedDevices", system_settings_get_unmanaged_devices_cb);
query_system_settings_property (manager, "Hostname", system_settings_get_hostname_cb);
+ query_system_settings_property (manager, "Permissions", system_settings_get_permissions_cb);
query_connections (manager, NM_CONNECTION_SCOPE_SYSTEM);
} else {
/* System Settings service disappeared, throw them away (?) */
@@ -1404,6 +1438,7 @@ initial_get_connections (gpointer user_d
NM_DBUS_SERVICE_SYSTEM_SETTINGS)) {
query_system_settings_property (manager, "UnmanagedDevices", system_settings_get_unmanaged_devices_cb);
query_system_settings_property (manager, "Hostname", system_settings_get_hostname_cb);
+ query_system_settings_property (manager, "Permissions", system_settings_get_permissions_cb);
query_connections (manager, NM_CONNECTION_SCOPE_SYSTEM);
} else {
/* Try to activate the system settings daemon */
@@ -1795,6 +1830,56 @@ nm_manager_get_act_request_by_path (NMMa
return NULL;
}
+static gboolean
+check_permissions (NMManager *manager, NMConnection *connection, GError **error)
+{
+ NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (manager);
+ NMSettingConnection *s_con;
+ NMSettingIP4Config *s_ip4;
+ NMSettingWireless *s_wifi;
+ const char *security;
+
+ /* Check whether this is a shared connection or not */
+ s_ip4 = (NMSettingIP4Config *) nm_connection_get_setting (connection, NM_TYPE_SETTING_IP4_CONFIG);
+ if (!s_ip4)
+ return TRUE;
+ g_assert (nm_setting_ip4_config_get_method (s_ip4));
+
+ /* If it's not a shared connection, it's OK */
+ if (strcmp (nm_setting_ip4_config_get_method (s_ip4), NM_SETTING_IP4_CONFIG_METHOD_SHARED))
+ return TRUE;
+
+ s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION);
+ g_assert (s_con);
+ g_assert (nm_setting_connection_get_connection_type (s_con));
+
+ /* Only care about wifi permissions for now */
+ if (strcmp (nm_setting_connection_get_connection_type (s_con), NM_SETTING_WIRELESS_SETTING_NAME))
+ return TRUE;
+
+ if (priv->permissions & NM_SYSTEM_PERMISSION_WIFI_SHARING_DENIED) {
+ g_set_error (error, NM_MANAGER_ERROR,
+ NM_MANAGER_ERROR_PERMISSION_DENIED,
+ "%s", "Permission to create shared WiFi networks was denied by system settings.");
+ return FALSE;
+ }
+
+ s_wifi = (NMSettingWireless *) nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS);
+ g_assert (s_wifi);
+ security = nm_setting_wireless_get_security (s_wifi);
+
+ if (!security || strcmp (security, NM_SETTING_WIRELESS_SECURITY_SETTING_NAME)) {
+ if (priv->permissions & NM_SYSTEM_PERMISSION_WIFI_OPEN_SHARING_DENIED) {
+ g_set_error (error, NM_MANAGER_ERROR,
+ NM_MANAGER_ERROR_PERMISSION_DENIED,
+ "%s", "Permission to create unprotected shared WiFi networks was denied by system settings.");
+ return FALSE;
+ }
+ }
+
+ return TRUE;
+}
+
static const char *
internal_activate_device (NMManager *manager,
NMDevice *device,
@@ -1813,6 +1898,9 @@ internal_activate_device (NMManager *man
dev_iface = NM_DEVICE_INTERFACE (device);
+ if (!check_permissions (manager, connection, error))
+ return NULL;
+
/* Ensure the requested connection is compatible with the device */
if (!nm_device_interface_check_connection_compatible (dev_iface, connection, error))
return NULL;
@@ -2363,3 +2451,11 @@ nm_manager_get_active_connections_by_con
return get_active_connections (manager, connection);
}
+NMSystemPermissions
+nm_manager_get_system_permissions (NMManager *manager)
+{
+ g_return_val_if_fail (NM_IS_MANAGER (manager), NM_SYSTEM_PERMISSION_NONE);
+
+ return NM_MANAGER_GET_PRIVATE (manager)->permissions;
+}
+
diff -up NetworkManager-0.7.0/src/nm-manager.h.system-permissions NetworkManager-0.7.0/src/nm-manager.h
--- NetworkManager-0.7.0/src/nm-manager.h.system-permissions 2008-11-28 10:31:41.000000000 -0500
+++ NetworkManager-0.7.0/src/nm-manager.h 2009-05-19 10:58:51.000000000 -0400
@@ -78,6 +78,8 @@ GType nm_manager_get_type (void);
NMManager *nm_manager_get (void);
+NMSystemPermissions nm_manager_get_system_permissions (NMManager *manager);
+
/* Device handling */
GSList *nm_manager_get_devices (NMManager *manager);
diff -up NetworkManager-0.7.0/system-settings/plugins/ifcfg-rh/plugin.c.system-permissions NetworkManager-0.7.0/system-settings/plugins/ifcfg-rh/plugin.c
--- NetworkManager-0.7.0/system-settings/plugins/ifcfg-rh/plugin.c.system-permissions 2009-05-19 10:58:51.000000000 -0400
+++ NetworkManager-0.7.0/system-settings/plugins/ifcfg-rh/plugin.c 2009-05-19 10:58:51.000000000 -0400
@@ -81,6 +81,7 @@ typedef struct {
gulong ih_event_id;
int sc_network_wd;
char *hostname;
+ NMSystemConfigInterfacePermissions permissions;
GFileMonitor *monitor;
guint monitor_id;
@@ -523,6 +524,27 @@ plugin_set_hostname (SCPluginIfcfg *plug
return TRUE;
}
+static NMSystemConfigInterfacePermissions
+plugin_get_permissions (SCPluginIfcfg *plugin)
+{
+ NMSystemConfigInterfacePermissions permissions = NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_NONE;
+ shvarFile *network;
+
+ network = svNewFile (SC_NETWORK_FILE);
+ if (!network) {
+ PLUGIN_WARN (IFCFG_PLUGIN_NAME, "Could not get hostname: failed to read " SC_NETWORK_FILE);
+ return NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_NONE;
+ }
+
+ if (!svTrueValue (network, "NM_WIFI_OPEN_SHARING_ALLOWED", TRUE))
+ permissions |= NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_WIFI_OPEN_SHARING_DENIED;
+ if (!svTrueValue (network, "NM_WIFI_SHARING_ALLOWED", TRUE))
+ permissions |= NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_WIFI_SHARING_DENIED;
+
+ svCloseFile (network);
+ return permissions;
+}
+
static void
sc_network_changed_cb (NMInotifyHelper *ih,
struct inotify_event *evt,
@@ -532,6 +554,7 @@ sc_network_changed_cb (NMInotifyHelper *
SCPluginIfcfg *plugin = SC_PLUGIN_IFCFG (user_data);
SCPluginIfcfgPrivate *priv = SC_PLUGIN_IFCFG_GET_PRIVATE (plugin);
char *new_hostname;
+ NMSystemConfigInterfacePermissions new_permissions;
if (evt->wd != priv->sc_network_wd)
return;
@@ -545,6 +568,12 @@ sc_network_changed_cb (NMInotifyHelper *
g_object_notify (G_OBJECT (plugin), NM_SYSTEM_CONFIG_INTERFACE_HOSTNAME);
} else
g_free (new_hostname);
+
+ new_permissions = plugin_get_permissions (plugin);
+ if (new_permissions != priv->permissions) {
+ priv->permissions = new_permissions;
+ g_object_notify (G_OBJECT (plugin), NM_SYSTEM_CONFIG_INTERFACE_PERMISSIONS);
+ }
}
static void
@@ -575,6 +604,7 @@ sc_plugin_ifcfg_init (SCPluginIfcfg *plu
priv->sc_network_wd = nm_inotify_helper_add_watch (ih, SC_NETWORK_FILE);
priv->hostname = plugin_get_hostname (plugin);
+ priv->permissions = plugin_get_permissions (plugin);
}
static void
@@ -637,6 +667,9 @@ get_property (GObject *object, guint pro
case NM_SYSTEM_CONFIG_INTERFACE_PROP_HOSTNAME:
g_value_set_string (value, priv->hostname);
break;
+ case NM_SYSTEM_CONFIG_INTERFACE_PROP_PERMISSIONS:
+ g_value_set_uint (value, priv->permissions);
+ break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -689,6 +722,10 @@ sc_plugin_ifcfg_class_init (SCPluginIfcf
g_object_class_override_property (object_class,
NM_SYSTEM_CONFIG_INTERFACE_PROP_HOSTNAME,
NM_SYSTEM_CONFIG_INTERFACE_HOSTNAME);
+
+ g_object_class_override_property (object_class,
+ NM_SYSTEM_CONFIG_INTERFACE_PROP_PERMISSIONS,
+ NM_SYSTEM_CONFIG_INTERFACE_PERMISSIONS);
}
static void
diff -up NetworkManager-0.7.0/system-settings/src/dbus-settings.c.system-permissions NetworkManager-0.7.0/system-settings/src/dbus-settings.c
--- NetworkManager-0.7.0/system-settings/src/dbus-settings.c.system-permissions 2008-11-28 10:31:54.000000000 -0500
+++ NetworkManager-0.7.0/system-settings/src/dbus-settings.c 2009-05-19 10:58:51.000000000 -0400
@@ -57,6 +57,7 @@ typedef struct {
GHashTable *connections;
GHashTable *unmanaged_devices;
char *orig_hostname;
+ guint32 permissions;
} NMSysconfigSettingsPrivate;
G_DEFINE_TYPE (NMSysconfigSettings, nm_sysconfig_settings, NM_TYPE_SETTINGS);
@@ -76,6 +77,7 @@ enum {
PROP_UNMANAGED_DEVICES,
PROP_HOSTNAME,
PROP_CAN_MODIFY,
+ PROP_PERMISSIONS,
LAST_PROP
};
@@ -251,7 +253,7 @@ get_property (GObject *object, guint pro
NMSysconfigSettings *self = NM_SYSCONFIG_SETTINGS (object);
NMSysconfigSettingsPrivate *priv = NM_SYSCONFIG_SETTINGS_GET_PRIVATE (self);
GSList *iter;
-
+ guint32 permissions = 0;
switch (prop_id) {
case PROP_UNMANAGED_DEVICES:
@@ -287,6 +289,15 @@ get_property (GObject *object, guint pro
case PROP_CAN_MODIFY:
g_value_set_boolean (value, !!get_first_plugin_by_capability (self, NM_SYSTEM_CONFIG_INTERFACE_CAP_MODIFY_CONNECTIONS));
break;
+ case PROP_PERMISSIONS:
+ for (iter = priv->plugins; iter; iter = iter->next) {
+ NMSystemConfigInterfacePermissions tmp_permissions = 0;
+
+ g_object_get (G_OBJECT (iter->data), NM_SYSTEM_CONFIG_INTERFACE_PERMISSIONS, &tmp_permissions, NULL);
+ permissions |= tmp_permissions;
+ }
+ g_value_set_uint (value, permissions);
+ break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -332,6 +343,16 @@ nm_sysconfig_settings_class_init (NMSysc
FALSE,
G_PARAM_READABLE));
+ g_object_class_install_property
+ (object_class, PROP_PERMISSIONS,
+ g_param_spec_uint (NM_SYSCONFIG_SETTINGS_PERMISSIONS,
+ "Permissions",
+ "Permissions",
+ NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_NONE,
+ NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_LAST,
+ NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_NONE,
+ G_PARAM_READABLE));
+
/* signals */
signals[PROPERTIES_CHANGED] =
g_signal_new ("properties-changed",
@@ -435,6 +456,14 @@ hostname_changed (NMSystemConfigInterfac
g_object_notify (G_OBJECT (user_data), NM_SYSCONFIG_SETTINGS_HOSTNAME);
}
+static void
+permissions_changed (NMSystemConfigInterface *config,
+ GParamSpec *pspec,
+ gpointer user_data)
+{
+ g_object_notify (G_OBJECT (user_data), NM_SYSCONFIG_SETTINGS_PERMISSIONS);
+}
+
void
nm_sysconfig_settings_add_plugin (NMSysconfigSettings *self,
NMSystemConfigInterface *plugin)
@@ -453,6 +482,7 @@ nm_sysconfig_settings_add_plugin (NMSysc
g_signal_connect (plugin, "connection-added", G_CALLBACK (plugin_connection_added), self);
g_signal_connect (plugin, "unmanaged-devices-changed", G_CALLBACK (unmanaged_devices_changed), self);
g_signal_connect (plugin, "notify::hostname", G_CALLBACK (hostname_changed), self);
+ g_signal_connect (plugin, "notify::permissions", G_CALLBACK (permissions_changed), self);
nm_system_config_interface_init (plugin, priv->hal_mgr);
diff -up NetworkManager-0.7.0/system-settings/src/dbus-settings.h.system-permissions NetworkManager-0.7.0/system-settings/src/dbus-settings.h
--- NetworkManager-0.7.0/system-settings/src/dbus-settings.h.system-permissions 2008-11-28 10:31:54.000000000 -0500
+++ NetworkManager-0.7.0/system-settings/src/dbus-settings.h 2009-05-19 10:58:51.000000000 -0400
@@ -45,6 +45,7 @@ typedef struct _NMSysconfigSettingsClass
#define NM_SYSCONFIG_SETTINGS_UNMANAGED_DEVICES "unmanaged-devices"
#define NM_SYSCONFIG_SETTINGS_HOSTNAME "hostname"
#define NM_SYSCONFIG_SETTINGS_CAN_MODIFY "can-modify"
+#define NM_SYSCONFIG_SETTINGS_PERMISSIONS "permissions"
struct _NMSysconfigSettings
{
diff -up NetworkManager-0.7.0/system-settings/src/nm-system-config-interface.c.system-permissions NetworkManager-0.7.0/system-settings/src/nm-system-config-interface.c
--- NetworkManager-0.7.0/system-settings/src/nm-system-config-interface.c.system-permissions 2008-11-28 10:31:54.000000000 -0500
+++ NetworkManager-0.7.0/system-settings/src/nm-system-config-interface.c 2009-05-19 10:58:51.000000000 -0400
@@ -65,6 +65,16 @@ interface_init (gpointer g_iface)
NULL,
G_PARAM_READWRITE));
+ g_object_interface_install_property
+ (g_iface,
+ g_param_spec_uint (NM_SYSTEM_CONFIG_INTERFACE_PERMISSIONS,
+ "Permissions",
+ "Plugin permissions",
+ NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_NONE,
+ NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_LAST,
+ NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_NONE,
+ G_PARAM_READABLE));
+
/* Signals */
g_signal_new ("connection-added",
iface_type,
diff -up NetworkManager-0.7.0/system-settings/src/nm-system-config-interface.h.system-permissions NetworkManager-0.7.0/system-settings/src/nm-system-config-interface.h
--- NetworkManager-0.7.0/system-settings/src/nm-system-config-interface.h.system-permissions 2008-11-28 10:31:54.000000000 -0500
+++ NetworkManager-0.7.0/system-settings/src/nm-system-config-interface.h 2009-05-19 10:58:51.000000000 -0400
@@ -62,6 +62,7 @@ GObject * nm_system_config_factory (void
#define NM_SYSTEM_CONFIG_INTERFACE_INFO "info"
#define NM_SYSTEM_CONFIG_INTERFACE_CAPABILITIES "capabilities"
#define NM_SYSTEM_CONFIG_INTERFACE_HOSTNAME "hostname"
+#define NM_SYSTEM_CONFIG_INTERFACE_PERMISSIONS "permissions"
typedef enum {
NM_SYSTEM_CONFIG_INTERFACE_CAP_NONE = 0x00000000,
@@ -72,12 +73,21 @@ typedef enum {
} NMSystemConfigInterfaceCapabilities;
typedef enum {
+ NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_NONE = 0x00000000,
+ NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_WIFI_OPEN_SHARING_DENIED = 0x00000001,
+ NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_WIFI_SHARING_DENIED = 0x00000002,
+
+ NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_LAST = NM_SYSTEM_CONFIG_INTERFACE_PERMISSION_WIFI_SHARING_DENIED
+} NMSystemConfigInterfacePermissions;
+
+typedef enum {
NM_SYSTEM_CONFIG_INTERFACE_PROP_FIRST = 0x1000,
NM_SYSTEM_CONFIG_INTERFACE_PROP_NAME = NM_SYSTEM_CONFIG_INTERFACE_PROP_FIRST,
NM_SYSTEM_CONFIG_INTERFACE_PROP_INFO,
NM_SYSTEM_CONFIG_INTERFACE_PROP_CAPABILITIES,
NM_SYSTEM_CONFIG_INTERFACE_PROP_HOSTNAME,
+ NM_SYSTEM_CONFIG_INTERFACE_PROP_PERMISSIONS,
} NMSystemConfigInterfaceProp;
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
d60bd1f35e0c82afb5f88d78afd23ee9
>
files
>
40
