diff options
Diffstat (limited to 'debian/patches/Allow-to-create-connections-without-admin-privileges.patch')
| -rw-r--r-- | debian/patches/Allow-to-create-connections-without-admin-privileges.patch | 322 |
1 files changed, 322 insertions, 0 deletions
diff --git a/debian/patches/Allow-to-create-connections-without-admin-privileges.patch b/debian/patches/Allow-to-create-connections-without-admin-privileges.patch new file mode 100644 index 00000000..2e3f2fa5 --- /dev/null +++ b/debian/patches/Allow-to-create-connections-without-admin-privileges.patch @@ -0,0 +1,322 @@ +From: Michael Biebl <biebl@debian.org> +Date: Tue, 18 Mar 2014 10:49:13 +0100 +Subject: Allow to create connections without admin privileges +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Set passwords as agent-owned when they need to, to allow users without +root permissions to easily configure their connections. +The logic is: +- Bluetooth, CDMA and GSM connections: always user-owned +- WEP/WPA connections: system-owned if user has the permissions + (with NM’s config, that is netdev or sudo membership), user-owned + otherwise. The password is stored in the keyring for WPA, not for + WEP. +- WiMax / Wired connections: always system-owned (with 802.1x + passwords in the keyring). + +Closes: #696256 +--- + src/applet-device-wifi.c | 25 +++++++++++++++++++++++++ + src/connection-editor/page-mobile.c | 10 ++++++++++ + src/connection-editor/page-vpn.c | 9 +++++++++ + src/connection-editor/page-wifi.c | 13 +++++++++++++ + src/libnm-gtk/nm-wifi-dialog.c | 4 ++++ + src/mobile-helpers.c | 3 +++ + src/utils/utils.c | 7 +++++++ + src/utils/utils.h | 3 +++ + src/wireless-security/ws-wep-key.c | 7 +++++++ + src/wireless-security/ws-wpa-psk.c | 5 +++++ + 10 files changed, 86 insertions(+) + +diff --git a/src/applet-device-wifi.c b/src/applet-device-wifi.c +index 9944fb4..1c287b0 100644 +--- a/src/applet-device-wifi.c ++++ b/src/applet-device-wifi.c +@@ -526,6 +526,7 @@ _do_new_auto_connection (NMApplet *applet, + NMSettingWirelessSecurity *s_wsec = NULL; + NMSetting8021x *s_8021x = NULL; + GBytes *ssid; ++ NM80211ApFlags flags; + NM80211ApSecurityFlags wpa_flags, rsn_flags; + GtkWidget *dialog; + MoreInfo *more_info; +@@ -557,6 +558,7 @@ _do_new_auto_connection (NMApplet *applet, + /* If the AP is WPA[2]-Enterprise then we need to set up a minimal 802.1x + * setting and ask the user for more information. + */ ++ flags = nm_access_point_get_flags (ap); + rsn_flags = nm_access_point_get_rsn_flags (ap); + wpa_flags = nm_access_point_get_wpa_flags (ap); + if ( (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X) +@@ -585,6 +587,29 @@ _do_new_auto_connection (NMApplet *applet, + nm_connection_add_setting (connection, NM_SETTING (s_8021x)); + } + ++ if (utils_default_to_private_connection (applet->nm_client)) { ++ if (!s_con) { ++ s_con = (NMSettingConnection *) nm_setting_connection_new (); ++ nm_connection_add_setting (connection, NM_SETTING (s_con)); ++ } ++ nm_setting_connection_add_permission (s_con, "user", g_get_user_name (), NULL); ++ ++ if ((rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK) || ++ (wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK)) { ++ if (!s_wsec) { ++ s_wsec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); ++ nm_connection_add_setting (connection, NM_SETTING (s_wsec)); ++ } ++ g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_PSK_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED, NULL); ++ } else if (flags & NM_802_11_AP_FLAGS_PRIVACY) { ++ if (!s_wsec) { ++ s_wsec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); ++ nm_connection_add_setting (connection, NM_SETTING (s_wsec)); ++ } ++ g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_WEP_KEY_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED, NULL); ++ } ++ } ++ + /* If it's an 802.1x connection, we need more information, so pop up the + * Dialog Of Doom. + */ +diff --git a/src/connection-editor/page-mobile.c b/src/connection-editor/page-mobile.c +index 8a1aa64..44c0f81 100644 +--- a/src/connection-editor/page-mobile.c ++++ b/src/connection-editor/page-mobile.c +@@ -442,6 +442,7 @@ new_connection_mobile_wizard_done (NMAMobileWizard *wizard, + NMConnection *connection = NULL; + + if (!canceled && method) { ++ NMSettingConnection *s_con; + NMSetting *type_setting; + const char *ctype = NULL; + char *detail = NULL; +@@ -455,6 +456,7 @@ new_connection_mobile_wizard_done (NMAMobileWizard *wizard, + NM_SETTING_GSM_NUMBER, "*99#", + NM_SETTING_GSM_USERNAME, method->username, + NM_SETTING_GSM_PASSWORD, method->password, ++ NM_SETTING_GSM_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED, + NM_SETTING_GSM_APN, method->gsm_apn, + NULL); + break; +@@ -466,6 +468,7 @@ new_connection_mobile_wizard_done (NMAMobileWizard *wizard, + NM_SETTING_CDMA_NUMBER, "#777", + NM_SETTING_GSM_USERNAME, method->username, + NM_SETTING_GSM_PASSWORD, method->password, ++ NM_SETTING_GSM_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED, + NULL); + break; + default: +@@ -480,6 +483,13 @@ new_connection_mobile_wizard_done (NMAMobileWizard *wizard, + connection = ce_page_new_connection (detail, ctype, FALSE, info->client, info->user_data); + g_free (detail); + ++ s_con = nm_connection_get_setting_connection (connection); ++ if (!s_con) { ++ s_con = (NMSettingConnection *) nm_setting_connection_new (); ++ nm_connection_add_setting (connection, NM_SETTING (s_con)); ++ } ++ nm_setting_connection_add_permission (s_con, "user", g_get_user_name (), NULL); ++ + nm_connection_add_setting (connection, type_setting); + nm_connection_add_setting (connection, nm_setting_ppp_new ()); + } +diff --git a/src/connection-editor/page-vpn.c b/src/connection-editor/page-vpn.c +index d07f491..0a4d538 100644 +--- a/src/connection-editor/page-vpn.c ++++ b/src/connection-editor/page-vpn.c +@@ -277,6 +277,7 @@ vpn_connection_new (GtkWindow *parent, + gpointer user_data) + { + NMConnection *connection; ++ NMSettingConnection *s_con; + NMSetting *s_vpn; + + if (!detail) { +@@ -302,6 +303,14 @@ vpn_connection_new (GtkWindow *parent, + FALSE, + client, + user_data); ++ ++ s_con = nm_connection_get_setting_connection (connection); ++ if (!s_con) { ++ s_con = (NMSettingConnection *) nm_setting_connection_new (); ++ nm_connection_add_setting (connection, NM_SETTING (s_con)); ++ } ++ nm_setting_connection_add_permission (s_con, "user", g_get_user_name (), NULL); ++ + s_vpn = nm_setting_vpn_new (); + g_object_set (s_vpn, NM_SETTING_VPN_SERVICE_TYPE, detail, NULL); + nm_connection_add_setting (connection, s_vpn); +diff --git a/src/connection-editor/page-wifi.c b/src/connection-editor/page-wifi.c +index 8215cb3..394e977 100644 +--- a/src/connection-editor/page-wifi.c ++++ b/src/connection-editor/page-wifi.c +@@ -26,6 +26,8 @@ + #include <math.h> + + #include "nm-connection-editor.h" ++#include "utils.h" ++ + #include "page-wifi.h" + + G_DEFINE_TYPE (CEPageWifi, ce_page_wifi, CE_TYPE_PAGE) +@@ -621,6 +623,17 @@ wifi_connection_new (GtkWindow *parent, + TRUE, + client, + user_data); ++ ++ if (utils_default_to_private_connection (client)) { ++ NMSettingConnection *s_con; ++ s_con = nm_connection_get_setting_connection (connection); ++ if (!s_con) { ++ s_con = (NMSettingConnection *) nm_setting_connection_new (); ++ nm_connection_add_setting (connection, NM_SETTING (s_con)); ++ } ++ nm_setting_connection_add_permission (s_con, "user", g_get_user_name (), NULL); ++ } ++ + s_wifi = nm_setting_wireless_new (); + g_object_set (s_wifi, NM_SETTING_WIRELESS_MODE, "infrastructure", NULL); + nm_connection_add_setting (connection, s_wifi); +diff --git a/src/libnm-gtk/nm-wifi-dialog.c b/src/libnm-gtk/nm-wifi-dialog.c +index 1bf1bf4..7c29a5b 100644 +--- a/src/libnm-gtk/nm-wifi-dialog.c ++++ b/src/libnm-gtk/nm-wifi-dialog.c +@@ -36,6 +36,7 @@ + #include "wireless-security.h" + #include "nm-ui-utils.h" + #include "eap-method.h" ++#include "utils.h" + + G_DEFINE_TYPE (NMAWifiDialog, nma_wifi_dialog, GTK_TYPE_DIALOG) + +@@ -1229,6 +1230,9 @@ nma_wifi_dialog_get_connection (NMAWifiDialog *self, + NM_SETTING_CONNECTION_UUID, uuid, + NULL); + g_free (uuid); ++ if (utils_default_to_private_connection (priv->client)) { ++ nm_setting_connection_add_permission (s_con, "user", g_get_user_name (), NULL); ++ } + nm_connection_add_setting (connection, (NMSetting *) s_con); + + s_wireless = (NMSettingWireless *) nm_setting_wireless_new (); +diff --git a/src/mobile-helpers.c b/src/mobile-helpers.c +index 406e3e0..751bea1 100644 +--- a/src/mobile-helpers.c ++++ b/src/mobile-helpers.c +@@ -183,6 +183,7 @@ mobile_wizard_done (NMAMobileWizard *wizard, + NM_SETTING_CDMA_NUMBER, "#777", + NM_SETTING_CDMA_USERNAME, method->username, + NM_SETTING_CDMA_PASSWORD, method->password, ++ NM_SETTING_CDMA_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED, + NULL); + nm_connection_add_setting (connection, setting); + } else if (method->devtype == NM_DEVICE_MODEM_CAPABILITY_GSM_UMTS) { +@@ -193,6 +194,7 @@ mobile_wizard_done (NMAMobileWizard *wizard, + NM_SETTING_GSM_USERNAME, method->username, + NM_SETTING_GSM_PASSWORD, method->password, + NM_SETTING_GSM_APN, method->gsm_apn, ++ NM_SETTING_GSM_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED, + NULL); + nm_connection_add_setting (connection, setting); + } else +@@ -223,6 +225,7 @@ mobile_wizard_done (NMAMobileWizard *wizard, + "user", g_get_user_name (), NULL); + g_free (uuid); + g_free (id); ++ nm_setting_connection_add_permission ((NMSettingConnection *) setting, "user", g_get_user_name (), NULL); + nm_connection_add_setting (connection, setting); + } + +diff --git a/src/utils/utils.c b/src/utils/utils.c +index fd573cc..172d3f8 100644 +--- a/src/utils/utils.c ++++ b/src/utils/utils.c +@@ -370,3 +370,10 @@ utils_fake_return_key (GdkEventKey *event) + g_free (keys); + } + ++gboolean ++utils_default_to_private_connection (NMClient *client) ++{ ++ NMClientPermissionResult perms; ++ perms = nm_client_get_permission_result (client, NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM); ++ return (perms != NM_CLIENT_PERMISSION_RESULT_YES); ++} +diff --git a/src/utils/utils.h b/src/utils/utils.h +index 908741c..64a53ea 100644 +--- a/src/utils/utils.h ++++ b/src/utils/utils.h +@@ -34,6 +34,7 @@ + #include <nm-connection.h> + #include <nm-device.h> + #include <nm-access-point.h> ++#include <nm-client.h> + #else + #error neither LIBNM_BUILD nor LIBNM_GLIB_BUILD defined + #endif +@@ -65,6 +66,8 @@ void utils_show_error_dialog (const char *title, + gboolean modal, + GtkWindow *parent); + ++gboolean utils_default_to_private_connection (NMClient *client); ++ + #define NMA_ERROR (g_quark_from_static_string ("nma-error-quark")) + + typedef enum { +diff --git a/src/wireless-security/ws-wep-key.c b/src/wireless-security/ws-wep-key.c +index 3628d67..18d9300 100644 +--- a/src/wireless-security/ws-wep-key.c ++++ b/src/wireless-security/ws-wep-key.c +@@ -157,6 +157,7 @@ static void + fill_connection (WirelessSecurity *parent, NMConnection *connection) + { + WirelessSecurityWEPKey *sec = (WirelessSecurityWEPKey *) parent; ++ NMSettingConnection *s_con; + NMSettingWirelessSecurity *s_wsec; + NMSettingSecretFlags secret_flags; + GtkWidget *widget, *passwd_entry; +@@ -183,6 +184,12 @@ fill_connection (WirelessSecurity *parent, NMConnection *connection) + NM_SETTING_WIRELESS_SECURITY_WEP_KEY_TYPE, sec->type, + NULL); + ++ s_con = nm_connection_get_setting_connection (connection); ++ ++ /* If the connection is user-owned, mark the secrets as agent-owned */ ++ if (s_con && nm_setting_connection_get_num_permissions (s_con)) ++ g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_WEP_KEY_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED, NULL); ++ + for (i = 0; i < 4; i++) { + if (strlen (sec->keys[i])) + nm_setting_wireless_security_set_wep_key (s_wsec, i, sec->keys[i]); +diff --git a/src/wireless-security/ws-wpa-psk.c b/src/wireless-security/ws-wpa-psk.c +index aec5563..6bdb852 100644 +--- a/src/wireless-security/ws-wpa-psk.c ++++ b/src/wireless-security/ws-wpa-psk.c +@@ -103,12 +103,14 @@ fill_connection (WirelessSecurity *parent, NMConnection *connection) + WirelessSecurityWPAPSK *wpa_psk = (WirelessSecurityWPAPSK *) parent; + GtkWidget *widget, *passwd_entry; + const char *key; ++ NMSettingConnection *s_con; + NMSettingWireless *s_wireless; + NMSettingWirelessSecurity *s_wireless_sec; + NMSettingSecretFlags secret_flags; + const char *mode; + gboolean is_adhoc = FALSE; + ++ s_con = nm_connection_get_setting_connection (connection); + s_wireless = nm_connection_get_setting_wireless (connection); + g_assert (s_wireless); + +@@ -124,6 +126,9 @@ fill_connection (WirelessSecurity *parent, NMConnection *connection) + passwd_entry = widget; + key = gtk_entry_get_text (GTK_ENTRY (widget)); + g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_PSK, key, NULL); ++ /* If the connection is user-owned, mark the secrets as agent-owned */ ++ if (s_con && nm_setting_connection_get_num_permissions (s_con)) ++ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_PSK_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED, NULL); + + /* Save PSK_FLAGS to the connection */ + secret_flags = nma_utils_menu_to_secret_flags (passwd_entry); |