mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2026-02-10 23:00:30 +01:00
read-only mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager
d2cf6fa75c
Use PolicyKit to authorize the system settings' AddConnection method
and the system settings connections' Update and Delete methods.
* libnm-glib/nm-settings.c (impl_exported_connection_update)
(impl_exported_connection_delete, nm_exported_connection_update)
(nm_exported_connection_delete): Return boolean and fill GError
to notify the callers of the reasons why it might have failed.
* libnm-glib/nm-dbus-settings-system.c
(nm_dbus_settings_system_add_connection): Return the error from dbus
call so that the callers can see why it failed.
* libnm-glib/nm-dbus-connection.c (update, delete): Update the
signatures.
* system-settings/src/nm-polkit-helpers.[ch]: Implement.
* system-settings/src/nm-sysconfig-connection.[ch]: Implement. New
abstract base class that checks PolicyKit permissions.
* system-settings/src/dbus-settings.c:
(impl_settings_add_connection): Check the policy before carring out
the request.
* system-settings/plugins/keyfile/nm-keyfile-connection.c:
Inherit from NMSysconfigConnection, check the policies before
allowing updating or removing.
* system-settings/plugins/ifcfg-suse/nm-suse-connection.c:
Inherit from NMSysconfigConnection.
* introspection/nm-exported-connection.xml: Annotate "Update" and
"Delete" methods with async flag so that the implementations can get
access to DBusGMethodInvocation.
* system-settings/src/dbus-settings.c
(settings_add_connection_check_privileges): Implement.
(impl_settings_add_connection): Check the privileges before adding a new
connection. Improve error reporting.
* introspection/nm-settings-system.xml: Make the 'AddConnection' method
async so that the implementation can access DBusGMethodInvocation.
* configure.in: Check for PolicyKit.
* policy/org.freedesktop.network-manager-settings.system.policy:
New file.
* policy/Makefile.am: Install the policy file.
* configure.in: Add 'policy' subdir.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3646 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
|
||
|---|---|---|
| callouts | ||
| docs | ||
| examples/python | ||
| include | ||
| initscript | ||
| introspection | ||
| libnm-glib | ||
| libnm-util | ||
| man | ||
| marshallers | ||
| po | ||
| src | ||
| system-settings | ||
| test | ||
| tools | ||
| vpn-daemons | ||
| .cvsignore | ||
| .gitignore | ||
| AUTHORS | ||
| autogen.sh | ||
| ChangeLog | ||
| configure.in | ||
| CONTRIBUTING | ||
| MAINTAINERS | ||
| Makefile.am | ||
| NetworkManager.pc.in | ||
| NEWS | ||
| README | ||
| TODO | ||
THEORY OF OPERATION: NetworkManager attempts to keep an active network connection available at all times. The point of NetworkManager is to make networking configuration and setup as painless and automatic as possible. If using DHCP, NetworkManager is _intended_ to replace default routes, obtain IP addresses from a DHCP server, and change nameservers whenever it sees fit. In effect, the goal of NetworkManager is to make networking Just Work. If you have special needs, we'd like to hear about them, but understand that NetworkManager is not intended to serve the needs of all users. From a list of all adapters currently installed on the system, NetworkManager will first try a wired and then a wireless adapter. Wireless adapters that support wireless scanning are preferred over ones that cannot. NetworkManager does not try to keep a connection up as long as possible, meaning that plugging into a wired network will switch the connection to the wired network away from the wireless one. For wireless networking support, NetworkManager keeps a list of wireless networks, the preferred list. Preferred Networks are wireless networks that the user has explicitly made NetworkManager associate with at some previous time. So if the user walks into a Starbucks and explicitly asks NetworkManager to associate with that Starbucks network, NetworkManager will remember the Starbucks network information from that point on. Upon returning to that Starbucks, NetworkManager will attempt to associate _automatically_ with the Starbucks network since it is now in the Preferred Networks list. The point of this is to ensure that only the user can determine which wireless networks to associate with, and that the user is aware which networks are security risks and which are not. STRUCTURE: NetworkManager runs as a root-user system level daemon, since it must manipulate hardware directly. It communicates over DBUS with a desktop-level per-user process, nm-applet. Since Preferred Networks are user-specific, there must be some mechanism of getting this information per-user. NetworkManager cannot store that information as it is user-specific, and therefore communicates over DBUS to the user daemon which provides those lists. NetworkManager also provides an API over DBUS for any DBUS-aware application to determine the current state of the network, including available wireless networks the computer is aware of and specific details about those networks. This API also provides the means for forcing NetworkManager to associate with a specific wireless network. Use of DBUS allows separation of NetworkManager, which requires no user-interface, and the parts of the user interface which might be desktop environment specific. The nm-applet provides a DBUS service called NetworkManagerInfo, which should provide to NetworkManager the Preferred Networks lists upon request. It also should be able to display a dialog to retrieve a WEP/WPA key or passphrase from the user when NetworkManager requests it. The GNOME version of NetworkManagerInfo, for example, stores Preferred Networks in GConf and WEP/WPA keys in gnome-keyring, and proxies that information to NetworkManager upon request.