fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-02-25 21:10:39 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

settings: accept not-saved secrets from agents without modify-system

Browse source 
The "modify.system" polkit permission allows a user to modify settings
for connection profiles that belong to all users.

For this reason, when an agent returns system secrets (i.e. secrets
that are going to be stored to disk), NetworkManager checks that the
agent has the modify.system permission.

If a secret has the AGENT_OWNED flag, it's stored in the agent
itself. If the secret has the NOT_SAVED flag, it will be asked to
users at the beginning of every connection attempt.

In both those cases the profile is not modified and there is no need
for the modify.system permission. Fix the check to also consider the
NOT_SAVED flag.

(cherry picked from commit db0825a110)
This commit is contained in:
Beniamino Galvani 2026-02-23 17:21:55 +01:00
parent 11f642168e
commit 480ba052f3
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/core/settings/nm-settings-connection.c
View file

@ -781,7 +781,8 @@ validate_secret_flags(NMConnection *connection, GVariant *secrets, ForEachSecret
static gboolean
secret_is_system_owned(NMSettingSecretFlags flags, gpointer user_data)
{
return !NM_FLAGS_HAS(flags, NM_SETTING_SECRET_FLAG_AGENT_OWNED);
return !NM_FLAGS_ANY(flags,
NM_SETTING_SECRET_FLAG_AGENT_OWNED | NM_SETTING_SECRET_FLAG_NOT_SAVED);
}
static void