mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-15 20:45:32 +00:00
policy: rename "modfiy" permission to "modify system"
Meaning stays the same, but this will allow us to differentiate in the future between personal connections (ie, just visible to one user) and system connections (visible to more than one user).
This commit is contained in:
parent
76467e53e5
commit
f2c317e3d2
|
@ -335,7 +335,7 @@ register_for_property_changed (NMClient *client)
|
|||
#define NM_AUTH_PERMISSION_NETWORK_CONTROL "org.freedesktop.NetworkManager.network-control"
|
||||
#define NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED "org.freedesktop.NetworkManager.wifi.share.protected"
|
||||
#define NM_AUTH_PERMISSION_WIFI_SHARE_OPEN "org.freedesktop.NetworkManager.wifi.share.open"
|
||||
#define NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY "org.freedesktop.NetworkManager.settings.modify"
|
||||
#define NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM "org.freedesktop.NetworkManager.settings.modify.system"
|
||||
#define NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY "org.freedesktop.NetworkManager.settings.hostname.modify"
|
||||
|
||||
static NMClientPermission
|
||||
|
@ -357,8 +357,8 @@ nm_permission_to_client (const char *nm)
|
|||
return NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED;
|
||||
else if (!strcmp (nm, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN))
|
||||
return NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN;
|
||||
else if (!strcmp (nm, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY))
|
||||
return NM_CLIENT_PERMISSION_SETTINGS_CONNECTION_MODIFY;
|
||||
else if (!strcmp (nm, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM))
|
||||
return NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM;
|
||||
else if (!strcmp (nm, NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY))
|
||||
return NM_CLIENT_PERMISSION_SETTINGS_HOSTNAME_MODIFY;
|
||||
|
||||
|
|
|
@ -62,7 +62,7 @@ typedef enum {
|
|||
NM_CLIENT_PERMISSION_NETWORK_CONTROL = 5,
|
||||
NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED = 6,
|
||||
NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN = 7,
|
||||
NM_CLIENT_PERMISSION_SETTINGS_CONNECTION_MODIFY = 8,
|
||||
NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM = 8,
|
||||
NM_CLIENT_PERMISSION_SETTINGS_HOSTNAME_MODIFY = 9,
|
||||
NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIMAX = 10,
|
||||
|
||||
|
|
|
@ -81,12 +81,12 @@
|
|||
</defaults>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.NetworkManager.settings.modify">
|
||||
<_description>Modify system connections</_description>
|
||||
<_message>System policy prevents modification of system settings</_message>
|
||||
<action id="org.freedesktop.NetworkManager.settings.modify.system">
|
||||
<_description>Modify network connections for all users</_description>
|
||||
<_message>System policy prevents modification of network settings for all users</_message>
|
||||
<defaults>
|
||||
<allow_inactive>no</allow_inactive>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
<allow_active>yes</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
#define NM_AUTH_PERMISSION_NETWORK_CONTROL "org.freedesktop.NetworkManager.network-control"
|
||||
#define NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED "org.freedesktop.NetworkManager.wifi.share.protected"
|
||||
#define NM_AUTH_PERMISSION_WIFI_SHARE_OPEN "org.freedesktop.NetworkManager.wifi.share.open"
|
||||
#define NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY "org.freedesktop.NetworkManager.settings.modify"
|
||||
#define NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM "org.freedesktop.NetworkManager.settings.modify.system"
|
||||
#define NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY "org.freedesktop.NetworkManager.settings.hostname.modify"
|
||||
|
||||
|
||||
|
|
|
@ -2730,7 +2730,7 @@ get_permissions_done_cb (NMAuthChain *chain,
|
|||
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_NETWORK_CONTROL);
|
||||
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED);
|
||||
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN);
|
||||
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY);
|
||||
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM);
|
||||
get_perm_add_result (chain, results, NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY);
|
||||
dbus_g_method_return (context, results);
|
||||
g_hash_table_destroy (results);
|
||||
|
@ -2761,7 +2761,7 @@ impl_manager_get_permissions (NMManager *self,
|
|||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_NETWORK_CONTROL, FALSE);
|
||||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED, FALSE);
|
||||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN, FALSE);
|
||||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY, FALSE);
|
||||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM, FALSE);
|
||||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY, FALSE);
|
||||
}
|
||||
|
||||
|
|
|
@ -778,7 +778,7 @@ get_agent_modify_auth_cb (NMAuthChain *chain,
|
|||
* to it. If it didn't, we still ask it for secrets, but we don't send
|
||||
* any system secrets.
|
||||
*/
|
||||
result = nm_auth_chain_get_result (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY);
|
||||
result = nm_auth_chain_get_result (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM);
|
||||
if (result == NM_AUTH_CALL_RESULT_YES)
|
||||
req->current_has_modify = TRUE;
|
||||
|
||||
|
@ -813,7 +813,7 @@ get_next_cb (Request *req)
|
|||
get_agent_modify_auth_cb,
|
||||
req);
|
||||
g_assert (req->chain);
|
||||
nm_auth_chain_add_call (req->chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY, TRUE);
|
||||
nm_auth_chain_add_call (req->chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM, TRUE);
|
||||
} else {
|
||||
nm_log_dbg (LOGD_AGENTS, "(%p/%s) requesting user-owned secrets from agent %s",
|
||||
req, req->setting_name, agent_dbus_owner);
|
||||
|
|
|
@ -723,7 +723,7 @@ pk_auth_cb (NMAuthChain *chain,
|
|||
"Error checking authorization: %s",
|
||||
chain_error->message ? chain_error->message : "(unknown)");
|
||||
} else {
|
||||
result = nm_auth_chain_get_result (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY);
|
||||
result = nm_auth_chain_get_result (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM);
|
||||
|
||||
/* Caller didn't successfully authenticate */
|
||||
if (result != NM_AUTH_CALL_RESULT_YES) {
|
||||
|
@ -787,7 +787,7 @@ auth_start (NMSettingsConnection *self,
|
|||
info->sender_uid = sender_uid;
|
||||
nm_auth_chain_set_data (chain, "pk-auth-info", info, g_free);
|
||||
|
||||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY, TRUE);
|
||||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM, TRUE);
|
||||
priv->pending_auths = g_slist_append (priv->pending_auths, chain);
|
||||
} else {
|
||||
/* Don't need polkit auth, automatic success */
|
||||
|
|
|
@ -815,7 +815,7 @@ pk_add_cb (NMAuthChain *chain,
|
|||
goto done;
|
||||
}
|
||||
|
||||
result = nm_auth_chain_get_result (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY);
|
||||
result = nm_auth_chain_get_result (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM);
|
||||
|
||||
/* Caller didn't successfully authenticate */
|
||||
if (result != NM_AUTH_CALL_RESULT_YES) {
|
||||
|
@ -925,7 +925,7 @@ nm_settings_add_connection (NMSettings *self,
|
|||
chain = nm_auth_chain_new (priv->authority, context, NULL, pk_add_cb, self);
|
||||
g_assert (chain);
|
||||
priv->auths = g_slist_append (priv->auths, chain);
|
||||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY, TRUE);
|
||||
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM, TRUE);
|
||||
nm_auth_chain_set_data (chain, "connection", g_object_ref (connection), g_object_unref);
|
||||
nm_auth_chain_set_data (chain, "callback", callback, NULL);
|
||||
nm_auth_chain_set_data (chain, "callback-data", user_data, NULL);
|
||||
|
|
Loading…
Reference in a new issue