For now, until we figure out a better story here. We don't necessarily
want to require an admin password just to connect to a wifi network
after installing, but for now lets be secure-by-default while we figure
out the right solution.
This policy will allow users to modify their personal connections (ie
maybe VPN connections, etc) distinctly from system-wide connections that
affect more than just their user. It makes sense to be more lenient when
making changes to settings that don't affect other users.
Meaning stays the same, but this will allow us to differentiate
in the future between personal connections (ie, just visible to
one user) and system connections (visible to more than one user).
Moves the system settings permissions checking into the core service's
permissions checking, which at the same time enables 3-way permission
reporting (yes, no, auth) instead of the old yes/no that we had for
system settings permissions before. This allows UI to show a lock
icon or such when the user could authenticate to gain the permission.
It also moves the wifi-create permissions' namespace to the main
namespace (not .settings) since they really should be checked before
starting a shared wifi connection, rather than having anything to do
with the settings service.
Just for consistency, make settings related stuff live under the
org.freedesktop.NetworkManager namespace, rather than its own
org.freedesktop.NetworkManagerSettings namespace. Renames are done for
DBus interface names, DBus object paths, and polkit actions.
PK's "allow_inactive" actually means "allow inactive *local* users", so
we do want to allow inactive local users to provide user connections.
We don't want to allow non-local inactive users to provide user connections.
So make the use-user-connections privilege match for both active and
inactive so we get the behavior we want.
Default to 'not allowed', distros that need backwards compatibility
can flip this to 'yes' if they need to. At this point, only power
management scripts should call these functions.
Since the new PolicyKit does away with easy checking of authorizations,
we get to implement it by ourselves, but that's OK since we can actually
use it for a lot more stuff. So add the GetPermissions call which returns
the permissions the caller actually has, and a signal informing callers
that their permissions might have changed. Hook this all up to
PolicyKit so it's useful.