mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-14 20:18:39 +00:00
Add polkit action for Wi-Fi scans
Previously, Wi-Fi scans uses polkit action
"org.freedesktop.NetworkManager.network-control". This is introduced
in commit 5e3e19d0
. But in a system with restrict polkit rules, for
example "org.freedesktop.NetworkManager.network-control" was set as
auth_admin. When you open the network panel of GNOME Control Center, a
polkit dialog will keep showing up asking for admin password, as GNOME
Control Center scans the Wi-Fi list every 15 seconds.
Fix that by adding a new polkit action
"org.freedesktop.NetworkManager.wifi.scan" so that distributions can
add specific rule to allow Wi-Fi scans.
[thaller@redhat.com: fix macro in "shared/nm-common-macros.h"]
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/68
This commit is contained in:
parent
696cf38f45
commit
243af16c5b
|
@ -124,6 +124,8 @@ permission_to_string (NMClientPermission perm)
|
||||||
return NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS;
|
return NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS;
|
||||||
case NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK:
|
case NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK:
|
||||||
return NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK;
|
return NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK;
|
||||||
|
case NM_CLIENT_PERMISSION_WIFI_SCAN:
|
||||||
|
return NM_AUTH_PERMISSION_WIFI_SCAN;
|
||||||
default:
|
default:
|
||||||
return _("unknown");
|
return _("unknown");
|
||||||
}
|
}
|
||||||
|
|
|
@ -74,6 +74,16 @@
|
||||||
</defaults>
|
</defaults>
|
||||||
</action>
|
</action>
|
||||||
|
|
||||||
|
<action id="org.freedesktop.NetworkManager.wifi.scan">
|
||||||
|
<_description>Allow control of Wi-Fi scans</_description>
|
||||||
|
<_message>System policy prevents Wi-Fi scans</_message>
|
||||||
|
<defaults>
|
||||||
|
<allow_any>auth_admin</allow_any>
|
||||||
|
<allow_inactive>yes</allow_inactive>
|
||||||
|
<allow_active>yes</allow_active>
|
||||||
|
</defaults>
|
||||||
|
</action>
|
||||||
|
|
||||||
<action id="org.freedesktop.NetworkManager.wifi.share.protected">
|
<action id="org.freedesktop.NetworkManager.wifi.share.protected">
|
||||||
<_description>Connection sharing via a protected Wi-Fi network</_description>
|
<_description>Connection sharing via a protected Wi-Fi network</_description>
|
||||||
<_message>System policy prevents sharing connections via a protected Wi-Fi network</_message>
|
<_message>System policy prevents sharing connections via a protected Wi-Fi network</_message>
|
||||||
|
|
|
@ -107,6 +107,7 @@ G_BEGIN_DECLS
|
||||||
* statistics can be globally enabled or disabled
|
* statistics can be globally enabled or disabled
|
||||||
* @NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK: controls whether
|
* @NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK: controls whether
|
||||||
* connectivity check can be enabled or disabled
|
* connectivity check can be enabled or disabled
|
||||||
|
* @NM_CLIENT_PERMISSION_WIFI_SCAN: controls whether wifi scans can be performed
|
||||||
* @NM_CLIENT_PERMISSION_LAST: a reserved boundary value
|
* @NM_CLIENT_PERMISSION_LAST: a reserved boundary value
|
||||||
*
|
*
|
||||||
* #NMClientPermission values indicate various permissions that NetworkManager
|
* #NMClientPermission values indicate various permissions that NetworkManager
|
||||||
|
@ -130,8 +131,9 @@ typedef enum {
|
||||||
NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK = 14,
|
NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK = 14,
|
||||||
NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS = 15,
|
NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS = 15,
|
||||||
NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK = 16,
|
NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK = 16,
|
||||||
|
NM_CLIENT_PERMISSION_WIFI_SCAN = 17,
|
||||||
|
|
||||||
NM_CLIENT_PERMISSION_LAST = 16,
|
NM_CLIENT_PERMISSION_LAST = 17,
|
||||||
} NMClientPermission;
|
} NMClientPermission;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -310,6 +310,8 @@ nm_permission_to_client (const char *nm)
|
||||||
return NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS;
|
return NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS;
|
||||||
else if (!strcmp (nm, NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK))
|
else if (!strcmp (nm, NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK))
|
||||||
return NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK;
|
return NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK;
|
||||||
|
else if (!strcmp (nm, NM_AUTH_PERMISSION_WIFI_SCAN))
|
||||||
|
return NM_CLIENT_PERMISSION_WIFI_SCAN;
|
||||||
|
|
||||||
return NM_CLIENT_PERMISSION_NONE;
|
return NM_CLIENT_PERMISSION_NONE;
|
||||||
}
|
}
|
||||||
|
|
|
@ -40,6 +40,7 @@
|
||||||
#define NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK "org.freedesktop.NetworkManager.checkpoint-rollback"
|
#define NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK "org.freedesktop.NetworkManager.checkpoint-rollback"
|
||||||
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS "org.freedesktop.NetworkManager.enable-disable-statistics"
|
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS "org.freedesktop.NetworkManager.enable-disable-statistics"
|
||||||
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK "org.freedesktop.NetworkManager.enable-disable-connectivity-check"
|
#define NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK "org.freedesktop.NetworkManager.enable-disable-connectivity-check"
|
||||||
|
#define NM_AUTH_PERMISSION_WIFI_SCAN "org.freedesktop.NetworkManager.wifi.scan"
|
||||||
|
|
||||||
#define NM_CLONED_MAC_PRESERVE "preserve"
|
#define NM_CLONED_MAC_PRESERVE "preserve"
|
||||||
#define NM_CLONED_MAC_PERMANENT "permanent"
|
#define NM_CLONED_MAC_PERMANENT "permanent"
|
||||||
|
|
|
@ -1130,7 +1130,7 @@ _nm_device_iwd_request_scan (NMDeviceIwd *self,
|
||||||
NM_DEVICE_AUTH_REQUEST,
|
NM_DEVICE_AUTH_REQUEST,
|
||||||
invocation,
|
invocation,
|
||||||
NULL,
|
NULL,
|
||||||
NM_AUTH_PERMISSION_NETWORK_CONTROL,
|
NM_AUTH_PERMISSION_WIFI_SCAN,
|
||||||
TRUE,
|
TRUE,
|
||||||
dbus_request_scan_cb,
|
dbus_request_scan_cb,
|
||||||
options ? g_variant_ref (options) : NULL);
|
options ? g_variant_ref (options) : NULL);
|
||||||
|
|
|
@ -1202,7 +1202,7 @@ _nm_device_wifi_request_scan (NMDeviceWifi *self,
|
||||||
NM_DEVICE_AUTH_REQUEST,
|
NM_DEVICE_AUTH_REQUEST,
|
||||||
invocation,
|
invocation,
|
||||||
NULL,
|
NULL,
|
||||||
NM_AUTH_PERMISSION_NETWORK_CONTROL,
|
NM_AUTH_PERMISSION_WIFI_SCAN,
|
||||||
TRUE,
|
TRUE,
|
||||||
dbus_request_scan_cb,
|
dbus_request_scan_cb,
|
||||||
options ? g_variant_ref (options) : NULL);
|
options ? g_variant_ref (options) : NULL);
|
||||||
|
|
Loading…
Reference in a new issue