settings: accept not-saved secrets from agents without modify-system

The "modify.system" polkit permission allows a user to modify settings for connection profiles that belong to all users. For this reason, when an agent returns system secrets (i.e. secrets that are going to be stored to disk), NetworkManager checks that the agent has the modify.system permission. If a secret has the AGENT_OWNED flag, it's stored in the agent itself. If the secret has the NOT_SAVED flag, it will be asked to users at the beginning of every connection attempt. In both those cases the profile is not modified and there is no need for the modify.system permission. Fix the check to also consider the NOT_SAVED flag.
2026-02-24 21:50:34 +01:00 · 2026-02-23 17:21:55 +01:00 · 2026-02-23 17:21:55 +01:00 · db0825a110
commit db0825a110
parent eff8330b57
1 changed files with 2 additions and 1 deletions
--- a/src/core/settings/nm-settings-connection.c
+++ b/src/core/settings/nm-settings-connection.c
@ -781,7 +781,8 @@ validate_secret_flags(NMConnection *connection, GVariant *secrets, ForEachSecret
 static gboolean
 secret_is_system_owned(NMSettingSecretFlags flags, gpointer user_data)
 {
-    return !NM_FLAGS_HAS(flags, NM_SETTING_SECRET_FLAG_AGENT_OWNED);
+    return !NM_FLAGS_ANY(flags,
+                         NM_SETTING_SECRET_FLAG_AGENT_OWNED | NM_SETTING_SECRET_FLAG_NOT_SAVED);
 }

 static void