From f2c317e3d2ba3acbe73bf060d767115b2421db69 Mon Sep 17 00:00:00 2001
From: Dan Williams <dcbw@redhat.com>
Date: Fri, 11 Feb 2011 11:19:02 -0600
Subject: [PATCH] policy: rename "modfiy" permission to "modify system"

Meaning stays the same, but this will allow us to differentiate
in the future between personal connections (ie, just visible to
one user) and system connections (visible to more than one user).
---
 libnm-glib/nm-client.c                          | 6 +++---
 libnm-glib/nm-client.h                          | 2 +-
 policy/org.freedesktop.NetworkManager.policy.in | 8 ++++----
 src/nm-manager-auth.h                           | 2 +-
 src/nm-manager.c                                | 4 ++--
 src/settings/nm-agent-manager.c                 | 4 ++--
 src/settings/nm-settings-connection.c           | 4 ++--
 src/settings/nm-settings.c                      | 4 ++--
 8 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/libnm-glib/nm-client.c b/libnm-glib/nm-client.c
index bbc0c91f6a..34e98aa97e 100644
--- a/libnm-glib/nm-client.c
+++ b/libnm-glib/nm-client.c
@@ -335,7 +335,7 @@ register_for_property_changed (NMClient *client)
 #define NM_AUTH_PERMISSION_NETWORK_CONTROL            "org.freedesktop.NetworkManager.network-control"
 #define NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED       "org.freedesktop.NetworkManager.wifi.share.protected"
 #define NM_AUTH_PERMISSION_WIFI_SHARE_OPEN            "org.freedesktop.NetworkManager.wifi.share.open"
-#define NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY "org.freedesktop.NetworkManager.settings.modify"
+#define NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM     "org.freedesktop.NetworkManager.settings.modify.system"
 #define NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY   "org.freedesktop.NetworkManager.settings.hostname.modify"
 
 static NMClientPermission
@@ -357,8 +357,8 @@ nm_permission_to_client (const char *nm)
 		return NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED;
 	else if (!strcmp (nm, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN))
 		return NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN;
-	else if (!strcmp (nm, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY))
-		return NM_CLIENT_PERMISSION_SETTINGS_CONNECTION_MODIFY;
+	else if (!strcmp (nm, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM))
+		return NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM;
 	else if (!strcmp (nm, NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY))
 		return NM_CLIENT_PERMISSION_SETTINGS_HOSTNAME_MODIFY;
 
diff --git a/libnm-glib/nm-client.h b/libnm-glib/nm-client.h
index bdc5ab81fb..b0b59930f1 100644
--- a/libnm-glib/nm-client.h
+++ b/libnm-glib/nm-client.h
@@ -62,7 +62,7 @@ typedef enum {
 	NM_CLIENT_PERMISSION_NETWORK_CONTROL = 5,
 	NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED = 6,
 	NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN = 7,
-	NM_CLIENT_PERMISSION_SETTINGS_CONNECTION_MODIFY = 8,
+	NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM = 8,
 	NM_CLIENT_PERMISSION_SETTINGS_HOSTNAME_MODIFY = 9,
 	NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIMAX = 10,
 
diff --git a/policy/org.freedesktop.NetworkManager.policy.in b/policy/org.freedesktop.NetworkManager.policy.in
index acdee8829c..7cc72c2ce4 100644
--- a/policy/org.freedesktop.NetworkManager.policy.in
+++ b/policy/org.freedesktop.NetworkManager.policy.in
@@ -81,12 +81,12 @@
     </defaults>
   </action>
 
-  <action id="org.freedesktop.NetworkManager.settings.modify">
-    <_description>Modify system connections</_description>
-    <_message>System policy prevents modification of system settings</_message>
+  <action id="org.freedesktop.NetworkManager.settings.modify.system">
+    <_description>Modify network connections for all users</_description>
+    <_message>System policy prevents modification of network settings for all users</_message>
     <defaults>
       <allow_inactive>no</allow_inactive>
-      <allow_active>auth_admin_keep</allow_active>
+      <allow_active>yes</allow_active>
     </defaults>
   </action>
 
diff --git a/src/nm-manager-auth.h b/src/nm-manager-auth.h
index 15b8cde138..f5f6c2cb8d 100644
--- a/src/nm-manager-auth.h
+++ b/src/nm-manager-auth.h
@@ -37,7 +37,7 @@
 #define NM_AUTH_PERMISSION_NETWORK_CONTROL            "org.freedesktop.NetworkManager.network-control"
 #define NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED       "org.freedesktop.NetworkManager.wifi.share.protected"
 #define NM_AUTH_PERMISSION_WIFI_SHARE_OPEN            "org.freedesktop.NetworkManager.wifi.share.open"
-#define NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY "org.freedesktop.NetworkManager.settings.modify"
+#define NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM     "org.freedesktop.NetworkManager.settings.modify.system"
 #define NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY   "org.freedesktop.NetworkManager.settings.hostname.modify"
 
 
diff --git a/src/nm-manager.c b/src/nm-manager.c
index a7adb13ade..65ba95fb74 100644
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@@ -2730,7 +2730,7 @@ get_permissions_done_cb (NMAuthChain *chain,
 		get_perm_add_result (chain, results, NM_AUTH_PERMISSION_NETWORK_CONTROL);
 		get_perm_add_result (chain, results, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED);
 		get_perm_add_result (chain, results, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN);
-		get_perm_add_result (chain, results, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY);
+		get_perm_add_result (chain, results, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM);
 		get_perm_add_result (chain, results, NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY);
 		dbus_g_method_return (context, results);
 		g_hash_table_destroy (results);
@@ -2761,7 +2761,7 @@ impl_manager_get_permissions (NMManager *self,
 	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_NETWORK_CONTROL, FALSE);
 	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED, FALSE);
 	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN, FALSE);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY, FALSE);
+	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM, FALSE);
 	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_HOSTNAME_MODIFY, FALSE);
 }
 
diff --git a/src/settings/nm-agent-manager.c b/src/settings/nm-agent-manager.c
index fc4c7e6a5a..d094c4ffc6 100644
--- a/src/settings/nm-agent-manager.c
+++ b/src/settings/nm-agent-manager.c
@@ -778,7 +778,7 @@ get_agent_modify_auth_cb (NMAuthChain *chain,
 		 * to it.  If it didn't, we still ask it for secrets, but we don't send
 		 * any system secrets.
 		 */
-		result = nm_auth_chain_get_result (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY);
+		result = nm_auth_chain_get_result (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM);
 		if (result == NM_AUTH_CALL_RESULT_YES)
 			req->current_has_modify = TRUE;
 
@@ -813,7 +813,7 @@ get_next_cb (Request *req)
 		                                            get_agent_modify_auth_cb,
 		                                            req);
 		g_assert (req->chain);
-		nm_auth_chain_add_call (req->chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY, TRUE);
+		nm_auth_chain_add_call (req->chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM, TRUE);
 	} else {
 		nm_log_dbg (LOGD_AGENTS, "(%p/%s) requesting user-owned secrets from agent %s",
 			        req, req->setting_name, agent_dbus_owner);
diff --git a/src/settings/nm-settings-connection.c b/src/settings/nm-settings-connection.c
index eaafcfe88f..b8afed23ab 100644
--- a/src/settings/nm-settings-connection.c
+++ b/src/settings/nm-settings-connection.c
@@ -723,7 +723,7 @@ pk_auth_cb (NMAuthChain *chain,
 		                     "Error checking authorization: %s",
 		                     chain_error->message ? chain_error->message : "(unknown)");
 	} else {
-		result = nm_auth_chain_get_result (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY);
+		result = nm_auth_chain_get_result (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM);
 
 		/* Caller didn't successfully authenticate */
 		if (result != NM_AUTH_CALL_RESULT_YES) {
@@ -787,7 +787,7 @@ auth_start (NMSettingsConnection *self,
 		info->sender_uid = sender_uid;
 		nm_auth_chain_set_data (chain, "pk-auth-info", info, g_free);
 
-		nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY, TRUE);
+		nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM, TRUE);
 		priv->pending_auths = g_slist_append (priv->pending_auths, chain);
 	} else {
 		/* Don't need polkit auth, automatic success */
diff --git a/src/settings/nm-settings.c b/src/settings/nm-settings.c
index 7276094fa4..3c1d97275b 100644
--- a/src/settings/nm-settings.c
+++ b/src/settings/nm-settings.c
@@ -815,7 +815,7 @@ pk_add_cb (NMAuthChain *chain,
 		goto done;
 	}
 
-	result = nm_auth_chain_get_result (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY);
+	result = nm_auth_chain_get_result (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM);
 
 	/* Caller didn't successfully authenticate */
 	if (result != NM_AUTH_CALL_RESULT_YES) {
@@ -925,7 +925,7 @@ nm_settings_add_connection (NMSettings *self,
 	chain = nm_auth_chain_new (priv->authority, context, NULL, pk_add_cb, self);
 	g_assert (chain);
 	priv->auths = g_slist_append (priv->auths, chain);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_CONNECTION_MODIFY, TRUE);
+	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM, TRUE);
 	nm_auth_chain_set_data (chain, "connection", g_object_ref (connection), g_object_unref);
 	nm_auth_chain_set_data (chain, "callback", callback, NULL);
 	nm_auth_chain_set_data (chain, "callback-data", user_data, NULL);