Merge remote branch 'origin/master' into zvm

.gitignore

@@ -106,5 +106,6 @@ m4/libtool.m4
 m4/lt*.m4
 
 policy/org.freedesktop.network-manager-settings.system.policy
+policy/org.freedesktop.NetworkManager.policy
 
 cli/src/nmcli

initscript/RedHat/NetworkManager.in

@@ -49,7 +49,7 @@ start()
 	echo
 
 	echo -n $"Starting NetworkManager daemon: "
-	daemon --check $servicename $processname --pid-file=$pidfile
+	daemon --pidfile $pidfile --check $servicename $processname --pid-file=$pidfile
 	RETVAL=$?
 	echo
 	if [ -n "${NETWORKWAIT}" ]; then 

introspection/nm-device.xml

@@ -9,7 +9,15 @@
     </property>
     <property name="Interface" type="s" access="read">
       <tp:docstring>
-        The network interface offered by the device.
+        The name of the device's control (and often data) interface.
+      </tp:docstring>
+    </property>
+    <property name="IpInterface" type="s" access="read">
+      <tp:docstring>
+        The name of the device's data interface when available.  This property
+        may not refer to the actual data interface until the device has
+        successfully established a data connection, indicated by the device's
+        State becoming ACTIVATED.
       </tp:docstring>
     </property>
     <property name="Driver" type="s" access="read">
@@ -65,10 +73,11 @@
     </property>
 
     <method name="Disconnect">
+      <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_device_disconnect"/>
+      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
       <tp:docstring>
         Disconnects a device and prevents the device from automatically activating further connections without user intervention.
       </tp:docstring>
-      <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_device_disconnect"/>
     </method>
 
     <signal name="StateChanged">

introspection/nm-manager-client.xml

@@ -31,19 +31,30 @@ object.  dbus-glib generates the same bound function names for D-Bus the methods
 
     <method name="DeactivateConnection">
       <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_manager_deactivate_connection"/>
+      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
       <arg name="active_connection" type="o" direction="in"/>
     </method>
 
     <method name="Sleep">
       <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_manager_sleep"/>
+      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
       <arg name="sleep" type="b" direction="in"/>
     </method>
 
     <method name="Enable">
       <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_manager_enable"/>
+      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
       <arg name="enable" type="b" direction="in"/>
     </method>
 
+    <method name="GetPermissions">
+      <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_manager_get_permissions"/>
+      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
+      <arg name="permissions" type="a{ss}" direction="out"/>
+    </method>
+
+    <signal name="CheckPermissions"/>
+
     <property name="NetworkingEnabled" type="b" access="read"/>
     <property name="WirelessEnabled" type="b" access="readwrite"/>
     <property name="WirelessHardwareEnabled" type="b" access="read"/>

introspection/nm-manager.xml

@@ -77,6 +77,7 @@
         Deactivate an active connection.
       </tp:docstring>
       <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_manager_deactivate_connection"/>
+      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
       <arg name="active_connection" type="o" direction="in">
         <tp:docstring>
           The currently active connection to deactivate.
@@ -86,6 +87,7 @@
 
     <method name="Sleep">
       <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_manager_sleep"/>
+      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
       <tp:docstring>
         Control the NetworkManager daemon's sleep state.  When asleep, all
         interfaces that it manages are deactivated.  When awake, devices are
@@ -101,6 +103,7 @@
 
     <method name="Enable">
       <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_manager_enable"/>
+      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
       <tp:docstring>
         Control whether overall networking is enabled or disabled.  When
         disabled, all interfaces that NM manages are deactivated.  When enabled,
@@ -116,6 +119,34 @@
       </arg>
     </method>
 
+    <method name="GetPermissions">
+      <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_manager_get_permissions"/>
+      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
+      <tp:docstring>
+        Returns the permissions a caller has for various authenticated operations
+        that NetworkManager provides, like Enable/Disable networking, changing
+        WiFi, WWAN, and WiMAX state, etc.
+      </tp:docstring>
+      <arg name="permissions" type="a{ss}" direction="out">
+        <tp:docstring>
+          Dictionary of available permissions and results.  Each permission
+          is represented by a name (ie "org.freedesktop.NetworkManager.Foobar")
+          and each result is one of the following values: "yes" (the permission
+          is available), "auth" (the permission is available after a successful
+          authentication), or "no" (the permission is denied).  Clients may use
+          these values in the UI to indicate the ability to perform certain
+          operations.
+        </tp:docstring>
+      </arg>
+    </method>
+
+    <signal name="CheckPermissions">
+      <tp:docstring>
+        Emitted when system authorization details change, indicating that
+        clients may wish to recheck permissions with GetPermissions.
+      </tp:docstring>
+    </signal>
+
     <method name="SetLogging">
       <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_manager_set_logging"/>
       <tp:docstring>
@@ -274,6 +305,7 @@
         DEPRECATED.  Control the NetworkManager daemon's sleep state.  When asleep, all interfaces that it manages are deactivated.
       </tp:docstring>
       <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_manager_legacy_sleep"/>
+      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
     </method>
 
     <method name="wake">
@@ -281,6 +313,7 @@
         DEPRECATED.  Control the NetworkManager daemon's sleep state.  When awake, all known interfaces are available to be activated.
       </tp:docstring>
       <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_manager_legacy_wake"/>
+      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
     </method>
 
     <method name="state">

libnm-glib/libnm-glib.ver

@@ -34,6 +34,7 @@ global:
 	nm_client_get_device_by_path;
 	nm_client_get_devices;
 	nm_client_get_manager_running;
+	nm_client_get_permission_result;
 	nm_client_get_state;
 	nm_client_get_type;
 	nm_client_networking_get_enabled;

libnm-glib/nm-client.c

@@ -58,6 +58,9 @@ typedef struct {
 	GPtrArray *devices;
 	GPtrArray *active_connections;
 
+	DBusGProxyCall *perm_call;
+	GHashTable *permissions;
+
 	gboolean have_networking_enabled;
 	gboolean networking_enabled;
 	gboolean wireless_enabled;
@@ -84,6 +87,7 @@ enum {
 enum {
 	DEVICE_ADDED,
 	DEVICE_REMOVED,
+	PERMISSION_CHANGED,
 
 	LAST_SIGNAL
 };
@@ -118,6 +122,8 @@ nm_client_init (NMClient *client)
 
 	priv->state = NM_STATE_UNKNOWN;
 
+	priv->permissions = g_hash_table_new (g_direct_hash, g_direct_equal);
+
 	g_signal_connect (client,
 	                  "notify::" NM_CLIENT_NETWORKING_ENABLED,
 	                  G_CALLBACK (handle_net_enabled_changed),
@@ -284,6 +290,114 @@ register_for_property_changed (NMClient *client)
 	                                     property_changed_info);
 }
 
+#define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network"
+#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI    "org.freedesktop.NetworkManager.enable-disable-wifi"
+#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN    "org.freedesktop.NetworkManager.enable-disable-wwan"
+#define NM_AUTH_PERMISSION_USE_USER_CONNECTIONS   "org.freedesktop.NetworkManager.use-user-connections"
+
+static NMClientPermission
+nm_permission_to_client (const char *nm)
+{
+	if (!strcmp (nm, NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK))
+		return NM_CLIENT_PERMISSION_ENABLE_DISABLE_NETWORK;
+	else if (!strcmp (nm, NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI))
+		return NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIFI;
+	else if (!strcmp (nm, NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN))
+		return NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN;
+	else if (!strcmp (nm, NM_AUTH_PERMISSION_USE_USER_CONNECTIONS))
+		return NM_CLIENT_PERMISSION_USE_USER_CONNECTIONS;
+	return NM_CLIENT_PERMISSION_NONE;
+}
+
+static NMClientPermissionResult
+nm_permission_result_to_client (const char *nm)
+{
+	if (!strcmp (nm, "yes"))
+		return NM_CLIENT_PERMISSION_RESULT_YES;
+	else if (!strcmp (nm, "no"))
+		return NM_CLIENT_PERMISSION_RESULT_NO;
+	else if (!strcmp (nm, "auth"))
+		return NM_CLIENT_PERMISSION_RESULT_AUTH;
+	return NM_CLIENT_PERMISSION_RESULT_UNKNOWN;
+}
+
+static void
+get_permissions_reply (DBusGProxy *proxy,
+                       GHashTable *permissions,
+                       GError *error,
+                       gpointer user_data)
+{
+	NMClient *self = NM_CLIENT (user_data);
+	NMClientPrivate *priv = NM_CLIENT_GET_PRIVATE (self);
+	GHashTableIter iter;
+	gpointer key, value;
+	NMClientPermission perm;
+	NMClientPermissionResult perm_result;
+	GList *keys, *keys_iter;
+
+	priv->perm_call = NULL;
+
+	/* get list of old permissions for change notification */
+	keys = g_hash_table_get_keys (priv->permissions);
+	g_hash_table_remove_all (priv->permissions);
+
+	if (!error) {
+		/* Process new permissions */
+		g_hash_table_iter_init (&iter, permissions);
+		while (g_hash_table_iter_next (&iter, &key, &value)) {
+			perm = nm_permission_to_client ((const char *) key);
+			perm_result = nm_permission_result_to_client ((const char *) value);
+			if (perm) {
+				g_hash_table_insert (priv->permissions,
+				                     GUINT_TO_POINTER (perm),
+				                     GUINT_TO_POINTER (perm_result));
+
+				/* Remove this permission from the list of previous permissions
+				 * we'll be sending NM_CLIENT_PERMISSION_RESULT_UNKNOWN for
+				 * in the change signal since it is still a known permission.
+				 */
+				keys = g_list_remove (keys, GUINT_TO_POINTER (perm));
+			}
+		}
+	}
+
+	/* Signal changes in all updated permissions */
+	g_hash_table_iter_init (&iter, priv->permissions);
+	while (g_hash_table_iter_next (&iter, &key, &value)) {
+		g_signal_emit (self, signals[PERMISSION_CHANGED], 0,
+		               GPOINTER_TO_UINT (key),
+		               GPOINTER_TO_UINT (value));
+	}
+
+	/* And signal changes in all permissions that used to be valid but for
+	 * some reason weren't received in the last request (if any).
+	 */
+	for (keys_iter = keys; keys_iter; keys_iter = g_list_next (keys_iter)) {
+		g_signal_emit (self, signals[PERMISSION_CHANGED], 0,
+		               GPOINTER_TO_UINT (keys_iter->data),
+		               NM_CLIENT_PERMISSION_RESULT_UNKNOWN);
+	}
+	g_list_free (keys);
+}
+
+static DBusGProxyCall *
+get_permissions (NMClient *self)
+{
+	return org_freedesktop_NetworkManager_get_permissions_async (NM_CLIENT_GET_PRIVATE (self)->client_proxy,
+	                                                             get_permissions_reply,
+	                                                             self);
+}
+
+static void
+client_recheck_permissions (DBusGProxy *proxy, gpointer user_data)
+{
+	NMClient *self = NM_CLIENT (user_data);
+	NMClientPrivate *priv = NM_CLIENT_GET_PRIVATE (self);
+
+	if (!priv->perm_call)
+		priv->perm_call = get_permissions (self);
+}
+
 static GObject*
 constructor (GType type,
 		   guint n_construct_params,
@@ -324,6 +438,15 @@ constructor (GType type,
 						    object,
 						    NULL);
 
+	/* Permissions */
+	dbus_g_proxy_add_signal (priv->client_proxy, "CheckPermissions", G_TYPE_INVALID);
+	dbus_g_proxy_connect_signal (priv->client_proxy,
+	                             "CheckPermissions",
+	                             G_CALLBACK (client_recheck_permissions),
+	                             object,
+	                             NULL);
+	priv->perm_call = get_permissions (NM_CLIENT (object));
+
 	priv->bus_proxy = dbus_g_proxy_new_for_name (connection,
 										"org.freedesktop.DBus",
 										"/org/freedesktop/DBus",
@@ -381,12 +504,17 @@ dispose (GObject *object)
 		return;
 	}
 
+	if (priv->perm_call)
+		dbus_g_proxy_cancel_call (priv->client_proxy, priv->perm_call);
+
 	g_object_unref (priv->client_proxy);
 	g_object_unref (priv->bus_proxy);
 
 	free_object_array (&priv->devices);
 	free_object_array (&priv->active_connections);
 
+	g_hash_table_destroy (priv->permissions);
+
 	G_OBJECT_CLASS (nm_client_parent_class)->dispose (object);
 }
 
@@ -626,6 +754,22 @@ nm_client_class_init (NMClientClass *client_class)
 					  g_cclosure_marshal_VOID__OBJECT,
 					  G_TYPE_NONE, 1,
 					  G_TYPE_OBJECT);
+
+	/**
+	 * NMClient::permission-changed:
+	 * @widget: the client that received the signal
+	 * @permission: a permission from #NMClientPermission
+	 * @result: the permission's result, one of #NMClientPermissionResult
+	 *
+	 * Notifies that a permission has changed
+	 **/
+	signals[PERMISSION_CHANGED] =
+		g_signal_new ("permission-changed",
+					  G_OBJECT_CLASS_TYPE (object_class),
+					  G_SIGNAL_RUN_FIRST,
+					  0, NULL, NULL,
+					  _nm_marshal_VOID__UINT_UINT,
+					  G_TYPE_NONE, 2, G_TYPE_UINT, G_TYPE_UINT);
 }
 
 /**
@@ -1158,3 +1302,25 @@ nm_client_get_manager_running (NMClient *client)
 	return NM_CLIENT_GET_PRIVATE (client)->manager_running;
 }
 
+/**
+ * nm_client_get_permission_result:
+ * @client: a #NMClient
+ * @permission: the permission for which to return the result, one of #NMClientPermission
+ *
+ * Requests the result of a specific permission, which indicates whether the
+ * client can or cannot perform the action the permission represents
+ *
+ * Returns: the permission's result, one of #NMClientPermissionResult
+ **/
+NMClientPermissionResult
+nm_client_get_permission_result (NMClient *client, NMClientPermission permission)
+{
+	gpointer result;
+
+	g_return_val_if_fail (NM_IS_CLIENT (client), NM_CLIENT_PERMISSION_RESULT_UNKNOWN);
+
+	result = g_hash_table_lookup (NM_CLIENT_GET_PRIVATE (client)->permissions,
+	                              GUINT_TO_POINTER (permission));
+	return GPOINTER_TO_UINT (result);
+}
+

libnm-glib/nm-client.h

@@ -50,6 +50,25 @@ G_BEGIN_DECLS
 #define NM_CLIENT_WWAN_HARDWARE_ENABLED "wwan-hardware-enabled"
 #define NM_CLIENT_ACTIVE_CONNECTIONS "active-connections"
 
+/* Permissions */
+typedef enum {
+	NM_CLIENT_PERMISSION_NONE = 0,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_NETWORK = 1,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIFI = 2,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN = 3,
+	NM_CLIENT_PERMISSION_USE_USER_CONNECTIONS = 4,
+
+	NM_CLIENT_PERMISSION_LAST = NM_CLIENT_PERMISSION_USE_USER_CONNECTIONS
+} NMClientPermission;
+
+typedef enum {
+	NM_CLIENT_PERMISSION_RESULT_UNKNOWN = 0,
+	NM_CLIENT_PERMISSION_RESULT_YES,
+	NM_CLIENT_PERMISSION_RESULT_AUTH,
+	NM_CLIENT_PERMISSION_RESULT_NO
+} NMClientPermissionResult;
+
+
 typedef struct {
 	NMObject parent;
 } NMClient;
@@ -105,6 +124,9 @@ gboolean  nm_client_get_manager_running  (NMClient *client);
 const GPtrArray *nm_client_get_active_connections (NMClient *client);
 void      nm_client_sleep                (NMClient *client, gboolean sleep);
 
+NMClientPermissionResult nm_client_get_permission_result (NMClient *client,
+                                                          NMClientPermission permission);
+
 G_END_DECLS
 
 #endif /* NM_CLIENT_H */

libnm-glib/nm-device.c

@@ -49,6 +49,7 @@ typedef struct {
 	DBusGProxy *proxy;
 
 	char *iface;
+	char *ip_iface;
 	char *udi;
 	char *driver;
 	guint32 capabilities;
@@ -84,6 +85,7 @@ enum {
 	PROP_PRODUCT,
 	PROP_VENDOR,
 	PROP_DHCP6_CONFIG,
+	PROP_IP_INTERFACE,
 
 	LAST_PROP
 };
@@ -272,6 +274,7 @@ register_for_property_changed (NMDevice *device)
 	const NMPropertiesChangedInfo property_changed_info[] = {
 		{ NM_DEVICE_UDI,              _nm_object_demarshal_generic, &priv->udi },
 		{ NM_DEVICE_INTERFACE,        _nm_object_demarshal_generic, &priv->iface },
+		{ NM_DEVICE_IP_INTERFACE,     _nm_object_demarshal_generic, &priv->ip_iface },
 		{ NM_DEVICE_DRIVER,           _nm_object_demarshal_generic, &priv->driver },
 		{ NM_DEVICE_CAPABILITIES,     _nm_object_demarshal_generic, &priv->capabilities },
 		{ NM_DEVICE_MANAGED,          _nm_object_demarshal_generic, &priv->managed },
@@ -379,6 +382,7 @@ finalize (GObject *object)
 	NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE (object);
 
 	g_free (priv->iface);
+	g_free (priv->ip_iface);
 	g_free (priv->udi);
 	g_free (priv->driver);
 	g_free (priv->product);
@@ -402,6 +406,9 @@ get_property (GObject *object,
 	case PROP_INTERFACE:
 		g_value_set_string (value, nm_device_get_iface (device));
 		break;
+	case PROP_IP_INTERFACE:
+		g_value_set_string (value, nm_device_get_ip_iface (device));
+		break;
 	case PROP_DRIVER:
 		g_value_set_string (value, nm_device_get_driver (device));
 		break;
@@ -746,6 +753,33 @@ nm_device_get_iface (NMDevice *device)
 	return priv->iface;
 }
 
+/**
+ * nm_device_get_ip_iface:
+ * @device: a #NMDevice
+ *
+ * Gets the IP interface name of the #NMDevice over which IP traffic flows
+ * when the device is in the ACTIVATED state.
+ *
+ * Returns: the IP traffic interface of the device. This is the internal string
+ * used by the device, and must not be modified.
+ **/
+const char *
+nm_device_get_ip_iface (NMDevice *device)
+{
+	NMDevicePrivate *priv;
+
+	g_return_val_if_fail (NM_IS_DEVICE (device), NULL);
+
+	priv = NM_DEVICE_GET_PRIVATE (device);
+	if (!priv->ip_iface) {
+		priv->ip_iface = _nm_object_get_string_property (NM_OBJECT (device),
+		                                                 NM_DBUS_INTERFACE_DEVICE,
+		                                                 "IpInterface");
+	}
+
+	return priv->ip_iface;
+}
+
 /**
  * nm_device_get_udi:
  * @device: a #NMDevice

libnm-glib/nm-device.h

@@ -46,6 +46,7 @@ G_BEGIN_DECLS
 
 #define NM_DEVICE_UDI "udi"
 #define NM_DEVICE_INTERFACE "interface"
+#define NM_DEVICE_IP_INTERFACE "ip-interface"
 #define NM_DEVICE_DRIVER "driver"
 #define NM_DEVICE_CAPABILITIES "capabilities"
 #define NM_DEVICE_MANAGED "managed"
@@ -85,6 +86,7 @@ GType nm_device_get_type (void);
 GObject * nm_device_new (DBusGConnection *connection, const char *path);
 
 const char *  nm_device_get_iface            (NMDevice *device);
+const char *  nm_device_get_ip_iface         (NMDevice *device);
 const char *  nm_device_get_udi              (NMDevice *device);
 const char *  nm_device_get_driver           (NMDevice *device);
 guint32       nm_device_get_capabilities     (NMDevice *device);

libnm-util/Makefile.am

@@ -59,7 +59,7 @@ libnm_util_la_SOURCES=			\
 libnm_util_la_LIBADD = $(GLIB_LIBS) $(DBUS_LIBS) $(UUID_LIBS)
 
 libnm_util_la_LDFLAGS = -Wl,--version-script=$(srcdir)/libnm-util.ver \
-	-version-info "4:4:3"
+	-version-info "5:0:4"
 
 if WITH_GNUTLS
 libnm_util_la_SOURCES += crypto_gnutls.c

libnm-util/libnm-util.ver

@@ -366,6 +366,10 @@ global:
 	nm_utils_ssid_to_utf8;
 	nm_utils_uuid_generate;
 	nm_utils_uuid_generate_from_string;
+	nm_utils_wifi_freq_to_channel;
+	nm_utils_wifi_channel_to_freq;
+	nm_utils_wifi_find_next_channel;
+	nm_utils_wifi_is_channel_valid;
 	nm_ip4_address_compare;
 	nm_ip4_address_dup;
 	nm_ip4_address_get_address;

libnm-util/nm-setting-wireless.c

@@ -19,7 +19,7 @@
  * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
  * Boston, MA 02110-1301 USA.
  *
- * (C) Copyright 2007 - 2008 Red Hat, Inc.
+ * (C) Copyright 2007 - 2010 Red Hat, Inc.
  * (C) Copyright 2007 - 2008 Novell, Inc.
  */
 
@@ -480,31 +480,11 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
 	}
 
 	if (priv->channel) {
-		if (!strcmp (priv->band, "a")) {
+		if (!nm_utils_wifi_is_channel_valid (priv->channel, priv->band)) {
-			int i;
+			g_set_error (error,
-			int valid_channels[] = { 7, 8, 9, 11, 12, 16, 34, 36, 40, 44, 48,
+			             NM_SETTING_WIRELESS_ERROR,
-			                         52, 56, 60, 64, 100, 104, 108, 112, 116,
+			             NM_SETTING_WIRELESS_ERROR_INVALID_PROPERTY,
-			                         120, 124, 128, 132, 136, 140, 149, 153,
+			             NM_SETTING_WIRELESS_CHANNEL);
-			                         157, 161, 165, 183, 184, 185, 187, 188,
-			                         192, 196, 0 };
-
-			for (i = 0; valid_channels[i]; i++) {
-				if (priv->channel == valid_channels[i])
-					break;
-			}
-
-			if (valid_channels[i] == 0) {
-				g_set_error (error,
-				             NM_SETTING_WIRELESS_ERROR,
-				             NM_SETTING_WIRELESS_ERROR_INVALID_PROPERTY,
-				             NM_SETTING_WIRELESS_CHANNEL);
-				return FALSE;
-			}
-		} else if (!strcmp (priv->band, "bg") && priv->channel > 14) {
-				g_set_error (error,
-				             NM_SETTING_WIRELESS_ERROR,
-				             NM_SETTING_WIRELESS_ERROR_INVALID_PROPERTY,
-				             NM_SETTING_WIRELESS_CHANNEL);
 			return FALSE;
 		}
 	}

libnm-util/nm-utils.c

@@ -117,7 +117,7 @@ static const struct IsoLangToEncodings isoLangEntries2[] =
 	/* Arabic */
 	{ "ar",		{"iso-8859-6",	"windows-1256",	NULL} },
 
-	/* Balitc */
+	/* Baltic */
 	{ "et",		{"iso-8859-4",	"windows-1257",	NULL} },	/* Estonian */
 	{ "lt",		{"iso-8859-4",	"windows-1257",	NULL} },	/* Lithuanian */
 	{ "lv",		{"iso-8859-4",	"windows-1257",	NULL} },	/* Latvian */
@@ -2131,3 +2131,212 @@ out:
 	return ret;
 }
 
+/* Band, channel/frequency stuff for wireless */
+struct cf_pair {
+	guint32 chan;
+	guint32 freq;
+};
+
+static struct cf_pair a_table[] = {
+	/* A band */
+	{  7, 5035 },
+	{  8, 5040 },
+	{  9, 5045 },
+	{ 11, 5055 },
+	{ 12, 5060 },
+	{ 16, 5080 },
+	{ 34, 5170 },
+	{ 36, 5180 },
+	{ 38, 5190 },
+	{ 40, 5200 },
+	{ 42, 5210 },
+	{ 44, 5220 },
+	{ 46, 5230 },
+	{ 48, 5240 },
+	{ 50, 5250 },
+	{ 52, 5260 },
+	{ 56, 5280 },
+	{ 58, 5290 },
+	{ 60, 5300 },
+	{ 64, 5320 },
+	{ 100, 5500 },
+	{ 104, 5520 },
+	{ 108, 5540 },
+	{ 112, 5560 },
+	{ 116, 5580 },
+	{ 120, 5600 },
+	{ 124, 5620 },
+	{ 128, 5640 },
+	{ 132, 5660 },
+	{ 136, 5680 },
+	{ 140, 5700 },
+	{ 149, 5745 },
+	{ 152, 5760 },
+	{ 153, 5765 },
+	{ 157, 5785 },
+	{ 160, 5800 },
+	{ 161, 5805 },
+	{ 165, 5825 },
+	{ 183, 4915 },
+	{ 184, 4920 },
+	{ 185, 4925 },
+	{ 187, 4935 },
+	{ 188, 4945 },
+	{ 192, 4960 },
+	{ 196, 4980 },
+	{ 0, -1 }
+};
+
+static struct cf_pair bg_table[] = {
+	/* B/G band */
+	{ 1, 2412 },
+	{ 2, 2417 },
+	{ 3, 2422 },
+	{ 4, 2427 },
+	{ 5, 2432 },
+	{ 6, 2437 },
+	{ 7, 2442 },
+	{ 8, 2447 },
+	{ 9, 2452 },
+	{ 10, 2457 },
+	{ 11, 2462 },
+	{ 12, 2467 },
+	{ 13, 2472 },
+	{ 14, 2484 },
+	{ 0, -1 }
+};
+
+/**
+ * nm_utils_wifi_freq_to_channel:
+ * @freq: frequency
+ *
+ * Utility function to translate a WiFi frequency to its corresponding channel.
+ *
+ * Returns: the channel represented by the frequency or 0
+ **/
+guint32
+nm_utils_wifi_freq_to_channel (guint32 freq)
+{
+	int i = 0;
+
+	if (freq > 4900) {
+		while (a_table[i].chan && (a_table[i].freq != freq))
+			i++;
+		return a_table[i].chan;
+	} else {
+		while (bg_table[i].chan && (bg_table[i].freq != freq))
+			i++;
+		return bg_table[i].chan;
+	}
+
+	return 0;
+}
+
+/**
+ * nm_utils_wifi_channel_to_freq:
+ * @channel: channel
+ * @band: frequency band for wireless ("a" or "bg")
+ *
+ * Utility function to translate a WiFi channel to its corresponding frequency.
+ *
+ * Returns: the frequency represented by the channel of the band,
+ *          or -1 when the freq is invalid, or 0 when the band
+ *          is invalid
+ **/
+guint32
+nm_utils_wifi_channel_to_freq (guint32 channel, const char *band)
+{
+	int i = 0;
+
+	if (!strcmp (band, "a")) {
+		while (a_table[i].chan && (a_table[i].chan != channel))
+			i++;
+		return a_table[i].freq;
+	} else if (!strcmp (band, "bg")) {
+		while (bg_table[i].chan && (bg_table[i].chan != channel))
+			i++;
+		return bg_table[i].freq;
+	}
+
+	return 0;
+}
+
+/**
+ * nm_utils_wifi_find_next_channel:
+ * @channel: current channel
+ * @direction: whether going downward (0 or less) or upward (1 or more)
+ * @band: frequency band for wireless ("a" or "bg")
+ *
+ * Utility function to find out next/previous WiFi channel for a channel.
+ *
+ * Returns: the next channel in the specified direction or 0
+ **/
+guint32
+nm_utils_wifi_find_next_channel (guint32 channel, int direction, char *band)
+{
+	size_t a_size = sizeof (a_table) / sizeof (struct cf_pair);
+	size_t bg_size = sizeof (bg_table) / sizeof (struct cf_pair);
+	struct cf_pair *pair = NULL;
+
+	if (!strcmp (band, "a")) {
+		if (channel < a_table[0].chan)
+			return a_table[0].chan;
+		if (channel > a_table[a_size - 2].chan)
+			return a_table[a_size - 2].chan;
+		pair = &a_table[0];
+	} else if (!strcmp (band, "bg")) {
+		if (channel < bg_table[0].chan)
+			return bg_table[0].chan;
+		if (channel > bg_table[bg_size - 2].chan)
+			return bg_table[bg_size - 2].chan;
+		pair = &bg_table[0];
+	} else {
+		g_assert_not_reached ();
+		return 0;
+	}
+
+	while (pair->chan) {
+		if (channel == pair->chan)
+			return channel;
+		if ((channel < (pair+1)->chan) && (channel > pair->chan)) {
+			if (direction > 0)	
+				return (pair+1)->chan;
+			else
+				return pair->chan;
+		}
+		pair++;
+	}
+	return 0;
+}
+
+/**
+ * nm_utils_wifi_is_channel_valid:
+ * @channel: channel
+ * @band: frequency band for wireless ("a" or "bg")
+ *
+ * Utility function to verify WiFi channel validity.
+ *
+ * Returns: TRUE or FALSE
+ **/
+gboolean
+nm_utils_wifi_is_channel_valid (guint32 channel, const char *band)
+{
+	struct cf_pair *table = NULL;
+	int i = 0;
+
+	if (!strcmp (band, "a"))
+		table = a_table;
+	else if (!strcmp (band, "bg"))
+		table = bg_table;
+	else
+		return FALSE;
+
+	while (table[i].chan && (table[i].chan != channel))
+		i++;
+
+	if (table[i].chan != 0)
+		return TRUE;
+	else
+		return FALSE;
+}
+

libnm-util/nm-utils.h

@@ -215,4 +215,9 @@ GByteArray *nm_utils_rsa_key_encrypt (const GByteArray *data,
 
 G_END_DECLS
 
+guint32 nm_utils_wifi_freq_to_channel (guint32 freq);
+guint32 nm_utils_wifi_channel_to_freq (guint32 channel, const char *band);
+guint32 nm_utils_wifi_find_next_channel (guint32 channel, int direction, char *band);
+gboolean nm_utils_wifi_is_channel_valid (guint32 channel, const char *band);
+
 #endif /* NM_UTILS_H */

po/POTFILES.in

@@ -11,6 +11,8 @@ libnm-util/crypto.c
 libnm-util/crypto_gnutls.c
 libnm-util/crypto_nss.c
 libnm-util/nm-utils.c
+policy/org.freedesktop.network-manager-settings.system.policy.in
+policy/org.freedesktop.NetworkManager.policy.in
 src/nm-netlink-monitor.c
 src/main.c
 src/dhcp-manager/nm-dhcp-dhclient.c
@@ -19,5 +21,4 @@ src/logging/nm-logging.c
 src/named-manager/nm-named-manager.c
 src/system-settings/nm-default-wired-connection.c
 system-settings/plugins/ifcfg-rh/reader.c
-policy/org.freedesktop.network-manager-settings.system.policy.in
 

policy/Makefile.am

@@ -1,6 +1,9 @@
 polkit_policydir = $(datadir)/polkit-1/actions
 
-dist_polkit_policy_in_files = org.freedesktop.network-manager-settings.system.policy.in
+dist_polkit_policy_in_files = \
+	org.freedesktop.network-manager-settings.system.policy.in \
+	org.freedesktop.NetworkManager.policy.in
+
 dist_polkit_policy_DATA = $(dist_polkit_policy_in_files:.policy.in=.policy)
 
 @INTLTOOL_POLICY_RULE@

policy/org.freedesktop.NetworkManager.policy.in

@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<policyconfig>
+
+  <vendor>NetworkManager</vendor>
+  <vendor_url>http://www.gnome.org/projects/NetworkManager</vendor_url>
+  <icon_name>nm-icon</icon_name>
+
+  <action id="org.freedesktop.NetworkManager.enable-disable-network">
+    <_description>Enable or disable system networking</_description>
+    <_message>System policy prevents enabling or disabling system networking</_message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
+  <action id="org.freedesktop.NetworkManager.sleep-wake">
+    <_description>Put NetworkManager to sleep or wake it up (should only be used by system power management)</_description>
+    <_message>System policy prevents putting NetworkManager to sleep or waking it up</_message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>no</allow_active>
+    </defaults>
+  </action>
+
+  <action id="org.freedesktop.NetworkManager.enable-disable-wifi">
+    <_description>Enable or disable WiFi devices</_description>
+    <_message>System policy prevents enabling or disabling WiFi devices</_message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
+  <action id="org.freedesktop.NetworkManager.enable-disable-wwan">
+    <_description>Enable or disable mobile broadband devices</_description>
+    <_message>System policy prevents enabling or disabling mobile broadband devices</_message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
+  <action id="org.freedesktop.NetworkManager.use-user-connections">
+    <_description>Allow use of user-specific connections</_description>
+    <_message>System policy prevents use of user-specific connections</_message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
+  <action id="org.freedesktop.NetworkManager.network-control">
+    <_description>Allow control of network connections</_description>
+    <_message>System policy prevents control of network connections</_message>
+    <defaults>
+      <allow_inactive>yes</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
+</policyconfig>
+

src/Makefile.am

@@ -133,6 +133,8 @@ NetworkManager_SOURCES = \
 		nm-system.h \
 		nm-manager.c \
 		nm-manager.h \
+		nm-manager-auth.c \
+		nm-manager-auth.h \
 		nm-netlink-monitor.c \
 		nm-netlink-monitor.h \
 		nm-activation-request.c \
@@ -211,6 +213,7 @@ NetworkManager_CPPFLAGS = \
 	$(GUDEV_CFLAGS) \
 	$(LIBNL_CFLAGS) \
 	$(GMODULE_CFLAGS) \
+	$(POLKIT_CFLAGS) \
 	-DG_DISABLE_DEPRECATED \
 	-DBINDIR=\"$(bindir)\" \
 	-DSBINDIR=\"$(sbindir)\" \
@@ -242,6 +245,7 @@ NetworkManager_LDADD = \
 	$(GUDEV_LIBS) \
 	$(LIBNL_LIBS) \
 	$(GMODULE_LIBS) \
+	$(POLKIT_LIBS) \
 	$(LIBM) \
 	$(LIBDL)
 

src/dnsmasq-manager/nm-dnsmasq-manager.c

@@ -251,8 +251,9 @@ create_dm_cmd_line (const char *iface,
 	GString *s;
 	NMIP4Address *tmp;
 	struct in_addr addr;
-	char buf[INET_ADDRSTRLEN + 1];
+	char buf[INET_ADDRSTRLEN + 15];
 	char localaddr[INET_ADDRSTRLEN + 1];
+	int i;
 
 	dm_binary = nm_find_dnsmasq ();
 	if (!dm_binary) {
@@ -273,6 +274,21 @@ create_dm_cmd_line (const char *iface,
 		nm_cmd_line_add_string (cmd, "--log-queries");
 	}
 
+	/* dnsmasq may read from it's default config file location, which if that
+	 * location is a valid config file, it will combine with the options here
+	 * and cause undesirable side-effects.  Like sending bogus IP addresses
+	 * as the gateway or whatever.  So give dnsmasq a bogus config file
+	 * location to avoid screwing up the configuration we're passing to it.
+	 */
+	memset (buf, 0, sizeof (buf));
+	strcpy (buf, "/tmp/");
+	for (i = 5; i < 15; i++)
+		buf[i] = (char) (g_random_int_range ((guint32) 'a', (guint32) 'z') & 0xFF);
+	strcat (buf, ".conf");
+
+	nm_cmd_line_add_string (cmd, "--conf-file");
+	nm_cmd_line_add_string (cmd, buf);
+
 	nm_cmd_line_add_string (cmd, "--no-hosts");
 	nm_cmd_line_add_string (cmd, "--keep-in-foreground");
 	nm_cmd_line_add_string (cmd, "--bind-interfaces");

src/nm-device-ethernet.c

@@ -1449,8 +1449,6 @@ real_deactivate_quickly (NMDevice *device)
 {
 	NMDeviceEthernetPrivate *priv = NM_DEVICE_ETHERNET_GET_PRIVATE (device);
 
-	nm_device_set_ip_iface (device, NULL);
-
 	if (priv->pending_ip4_config) {
 		g_object_unref (priv->pending_ip4_config);
 		priv->pending_ip4_config = NULL;

src/nm-device-interface.c

@@ -19,6 +19,8 @@
  * Copyright (C) 2007 - 2010 Red Hat, Inc.
  */
 
+#include <dbus/dbus-glib.h>
+
 #include "nm-marshal.h"
 #include "nm-setting-connection.h"
 #include "nm-device-interface.h"
@@ -26,8 +28,8 @@
 #include "nm-properties-changed-signal.h"
 #include "nm-rfkill.h"
 
-static gboolean impl_device_disconnect (NMDeviceInterface *device,
+static void impl_device_disconnect (NMDeviceInterface *device,
-                                        GError **error);
+                                    DBusGMethodInvocation *context);
 
 #include "nm-device-interface-glue.h"
 
@@ -88,7 +90,15 @@ nm_device_interface_init (gpointer g_iface)
 							  "Interface",
 							  "Interface",
 							  NULL,
-							  G_PARAM_READWRITE | G_PARAM_CONSTRUCT));
+							  G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
+
+	g_object_interface_install_property
+		(g_iface,
+		 g_param_spec_string (NM_DEVICE_INTERFACE_IP_IFACE,
+		                      "IP Interface",
+		                      "IP Interface",
+		                      NULL,
+		                      G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
 
 	g_object_interface_install_property
 		(g_iface,
@@ -211,6 +221,13 @@ nm_device_interface_init (gpointer g_iface)
 				  G_TYPE_NONE, 3,
 				  G_TYPE_UINT, G_TYPE_UINT, G_TYPE_UINT);
 
+	g_signal_new (NM_DEVICE_INTERFACE_DISCONNECT_REQUEST,
+	              iface_type,
+	              G_SIGNAL_RUN_FIRST,
+	              0, NULL, NULL,
+	              g_cclosure_marshal_VOID__POINTER,
+	              G_TYPE_NONE, 1, G_TYPE_POINTER);
+
 	dbus_g_object_type_install_info (iface_type,
 									 &dbus_glib_nm_device_interface_object_info);
 
@@ -334,11 +351,11 @@ nm_device_interface_disconnect (NMDeviceInterface *device,
 	return success;
 }
 
-static gboolean
+static void
 impl_device_disconnect (NMDeviceInterface *device,
-                        GError **error)
+                        DBusGMethodInvocation *context)
 {
-	return nm_device_interface_disconnect (device, error);
+	g_signal_emit_by_name (device, NM_DEVICE_INTERFACE_DISCONNECT_REQUEST, context);
 }
 
 void

src/nm-device-interface.h

@@ -45,8 +45,11 @@ typedef enum
 #define NM_DEVICE_INTERFACE_ERROR (nm_device_interface_error_quark ())
 #define NM_TYPE_DEVICE_INTERFACE_ERROR (nm_device_interface_error_get_type ()) 
 
+#define NM_DEVICE_INTERFACE_DISCONNECT_REQUEST "disconnect-request"
+
 #define NM_DEVICE_INTERFACE_UDI              "udi"
 #define NM_DEVICE_INTERFACE_IFACE            "interface"
+#define NM_DEVICE_INTERFACE_IP_IFACE         "ip-interface"
 #define NM_DEVICE_INTERFACE_DRIVER           "driver"
 #define NM_DEVICE_INTERFACE_CAPABILITIES     "capabilities"
 #define NM_DEVICE_INTERFACE_IP4_ADDRESS      "ip4-address"
@@ -67,6 +70,7 @@ typedef enum {
 
 	NM_DEVICE_INTERFACE_PROP_UDI = NM_DEVICE_INTERFACE_PROP_FIRST,
 	NM_DEVICE_INTERFACE_PROP_IFACE,
+	NM_DEVICE_INTERFACE_PROP_IP_IFACE,
 	NM_DEVICE_INTERFACE_PROP_DRIVER,
 	NM_DEVICE_INTERFACE_PROP_CAPABILITIES,
 	NM_DEVICE_INTERFACE_PROP_IP4_ADDRESS,

src/nm-device.c

@@ -388,11 +388,12 @@ void
 nm_device_set_ip_iface (NMDevice *self, const char *iface)
 {
 	NMDevicePrivate *priv;
+	char *old_ip_iface;
 
 	g_return_if_fail (NM_IS_DEVICE (self));
 
 	priv = NM_DEVICE_GET_PRIVATE (self);
-	g_free (priv->ip_iface);
+	old_ip_iface = priv->ip_iface;
 	priv->ip_ifindex = 0;
 
 	priv->ip_iface = g_strdup (iface);
@@ -402,6 +403,11 @@ nm_device_set_ip_iface (NMDevice *self, const char *iface)
 			nm_log_warn (LOGD_HW, "(%s): failed to look up interface index", iface);
 		}
 	}
+
+	/* Emit change notification */
+	if (g_strcmp0 (old_ip_iface, priv->ip_iface))
+		g_object_notify (G_OBJECT (self), NM_DEVICE_INTERFACE_IP_IFACE);
+	g_free (old_ip_iface);
 }
 
 
@@ -1019,6 +1025,7 @@ aipd_get_ip4_config (NMDevice *self, NMDeviceStateReason *reason)
 	NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE (self);
 	NMIP4Config *config = NULL;
 	NMIP4Address *addr;
+	NMIP4Route *route;
 
 	g_return_val_if_fail (priv->aipd_addr > 0, NULL);
 
@@ -1033,6 +1040,14 @@ aipd_get_ip4_config (NMDevice *self, NMDeviceStateReason *reason)
 	nm_ip4_address_set_prefix (addr, 16);
 	nm_ip4_config_take_address (config, addr);
 
+	/* Add a multicast route for link-local connections: destination= 224.0.0.0, netmask=240.0.0.0 */
+	route = nm_ip4_route_new ();
+	nm_ip4_route_set_dest (route, (guint32) htonl (0xE0000000L));
+	nm_ip4_route_set_prefix (route, 4);
+	nm_ip4_route_set_next_hop (route, (guint32) 0);
+	nm_ip4_route_set_metric (route, 0);
+	nm_ip4_config_take_route (config, route);
+
 	return config;	
 }
 
@@ -2737,6 +2752,8 @@ nm_device_deactivate_quickly (NMDevice *self)
 	dnsmasq_cleanup (self);
 	aipd_cleanup (self);
 
+	nm_device_set_ip_iface (self, NULL);
+
 	/* Turn off router advertisements until they are needed */
 	if (priv->ip6_accept_ra_path)
 		nm_utils_do_sysctl (priv->ip6_accept_ra_path, "0\n");
@@ -3378,6 +3395,8 @@ set_property (GObject *object, guint prop_id,
 			}
 		}
 		break;
+	case NM_DEVICE_INTERFACE_PROP_IP_IFACE:
+		break;
 	case NM_DEVICE_INTERFACE_PROP_DRIVER:
 		priv->driver = g_strdup (g_value_get_string (value));
 		break;
@@ -3427,6 +3446,12 @@ get_property (GObject *object, guint prop_id,
 	case NM_DEVICE_INTERFACE_PROP_IFACE:
 		g_value_set_string (value, priv->iface);
 		break;
+	case NM_DEVICE_INTERFACE_PROP_IP_IFACE:
+		if ((state == NM_DEVICE_STATE_ACTIVATED) || (state == NM_DEVICE_STATE_IP_CONFIG))
+			g_value_set_string (value, nm_device_get_ip_iface (self));
+		else
+			g_value_set_string (value, NULL);
+		break;
 	case NM_DEVICE_INTERFACE_PROP_IFINDEX:
 		g_value_set_int (value, priv->ifindex);
 		break;
@@ -3531,6 +3556,10 @@ nm_device_class_init (NMDeviceClass *klass)
 									  NM_DEVICE_INTERFACE_PROP_IFACE,
 									  NM_DEVICE_INTERFACE_IFACE);
 
+	g_object_class_override_property (object_class,
+	                                  NM_DEVICE_INTERFACE_PROP_IP_IFACE,
+	                                  NM_DEVICE_INTERFACE_IP_IFACE);
+
 	g_object_class_override_property (object_class,
 	                                  NM_DEVICE_INTERFACE_PROP_IFINDEX,
 	                                  NM_DEVICE_INTERFACE_IFINDEX);

src/nm-manager-auth.c

@@ -0,0 +1,402 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
+/* NetworkManager -- Network link manager
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2010 Red Hat, Inc.
+ */
+
+#include "nm-manager-auth.h"
+#include "nm-logging.h"
+
+#include <dbus/dbus-glib-lowlevel.h>
+#include <string.h>
+
+struct NMAuthChain {
+	guint32 refcount;
+	PolkitAuthority *authority;
+	GSList *calls;
+	GHashTable *data;
+
+	DBusGMethodInvocation *context;
+	char *owner;
+	GError *error;
+
+	NMAuthChainResultFunc done_func;
+	NMAuthChainCallFunc call_func;
+	gpointer user_data;
+};
+
+typedef struct {
+	NMAuthChain *chain;
+	GCancellable *cancellable;
+	char *permission;
+	gboolean disposed;
+} PolkitCall;
+
+typedef struct {
+	gpointer data;
+	GDestroyNotify destroy;
+} ChainData;
+
+static void
+free_data (gpointer data)
+{
+	ChainData *tmp = data;
+
+	if (tmp->destroy)
+		tmp->destroy (tmp->data);
+	memset (tmp, 0, sizeof (ChainData));
+	g_free (tmp);
+}
+
+static void
+default_call_func (NMAuthChain *chain,
+                   const char *permission,
+                   GError *error,
+                   NMAuthCallResult result,
+                   gpointer user_data)
+{
+	if (!error)
+		nm_auth_chain_set_data (chain, permission, GUINT_TO_POINTER (result), NULL);
+}
+
+NMAuthChain *
+nm_auth_chain_new (PolkitAuthority *authority,
+                   DBusGMethodInvocation *context,
+                   DBusGProxy *proxy,
+                   NMAuthChainResultFunc done_func,
+                   gpointer user_data)
+{
+	NMAuthChain *self;
+
+	g_return_val_if_fail (context || proxy, NULL);
+
+	self = g_malloc0 (sizeof (NMAuthChain));
+	self->refcount = 1;
+	self->authority = g_object_ref (authority);
+	self->data = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, free_data);
+	self->done_func = done_func;
+	self->call_func = /* call_func ? call_func : */ default_call_func;
+	self->user_data = user_data;
+	self->context = context;
+
+	if (proxy)
+		self->owner = g_strdup (dbus_g_proxy_get_bus_name (proxy));
+	else if (context)
+		self->owner = dbus_g_method_get_sender (context);
+
+	if (!self->owner) {
+		/* Need an owner */
+		g_warn_if_fail (self->owner);
+		nm_auth_chain_unref (self);
+		self = NULL;
+	}
+
+	return self;
+}
+
+gpointer
+nm_auth_chain_get_data (NMAuthChain *self, const char *tag)
+{
+	ChainData *tmp;
+
+	g_return_val_if_fail (self != NULL, NULL);
+	g_return_val_if_fail (tag != NULL, NULL);
+
+	tmp = g_hash_table_lookup (self->data, tag);
+	return tmp ? tmp->data : NULL;
+}
+
+void
+nm_auth_chain_set_data (NMAuthChain *self,
+                        const char *tag,
+                        gpointer data,
+                        GDestroyNotify data_destroy)
+{
+	ChainData *tmp;
+
+	g_return_if_fail (self != NULL);
+	g_return_if_fail (tag != NULL);
+
+	if (data == NULL)
+		g_hash_table_remove (self->data, tag);
+	else {
+		tmp = g_malloc0 (sizeof (ChainData));
+		tmp->data = data;
+		tmp->destroy = data_destroy;
+
+		g_hash_table_insert (self->data, g_strdup (tag), tmp);
+	}
+}
+
+static void
+nm_auth_chain_check_done (NMAuthChain *self)
+{
+	g_return_if_fail (self != NULL);
+
+	if (g_slist_length (self->calls) == 0) {
+		/* Ensure we say alive across the callback */
+		self->refcount++;
+		self->done_func (self, self->error, self->context, self->user_data);
+		nm_auth_chain_unref (self);
+	}
+}
+
+static void
+polkit_call_cancel (PolkitCall *call)
+{
+	call->disposed = TRUE;
+	g_cancellable_cancel (call->cancellable);
+}
+
+static void
+polkit_call_free (PolkitCall *call)
+{
+	g_return_if_fail (call != NULL);
+
+	call->disposed = TRUE;
+	g_free (call->permission);
+	call->permission = NULL;
+	call->chain = NULL;
+	g_object_unref (call->cancellable);
+	call->cancellable = NULL;
+	g_free (call);
+}
+
+static void
+pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data)
+{
+	PolkitCall *call = user_data;
+	NMAuthChain *chain;
+	PolkitAuthorizationResult *pk_result;
+	GError *error = NULL;
+	guint call_result = NM_AUTH_CALL_RESULT_UNKNOWN;
+
+	/* If the call is already disposed do nothing */
+	if (call->disposed) {
+		polkit_call_free (call);
+		return;
+	}
+
+	chain = call->chain;
+	chain->calls = g_slist_remove (chain->calls, call);
+
+	pk_result = polkit_authority_check_authorization_finish (chain->authority,
+	                                                         result,
+	                                                         &error);
+	if (error) {
+		if (!chain->error)
+			chain->error = g_error_copy (error);
+
+		nm_log_warn (LOGD_CORE, "error requesting auth for %s: (%d) %s",
+		             call->permission,
+		             error ? error->code : -1,
+		             error && error->message ? error->message : "(unknown)");
+	} else {
+		if (polkit_authorization_result_get_is_authorized (pk_result)) {
+			/* Caller has the permission */
+			call_result = NM_AUTH_CALL_RESULT_YES;
+		} else if (polkit_authorization_result_get_is_challenge (pk_result)) {
+			/* Caller could authenticate to get the permission */
+			call_result = NM_AUTH_CALL_RESULT_AUTH;
+		} else
+			call_result = NM_AUTH_CALL_RESULT_NO;
+	}
+
+	chain->call_func (chain, call->permission, error, call_result, chain->user_data);
+	nm_auth_chain_check_done (chain);
+
+	g_clear_error (&error);
+	polkit_call_free (call);
+	if (pk_result)
+		g_object_unref (pk_result);
+}
+
+gboolean
+nm_auth_chain_add_call (NMAuthChain *self,
+                        const char *permission,
+                        gboolean allow_interaction)
+{
+	PolkitCall *call;
+	PolkitSubject *subject;
+	PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE;
+
+	g_return_val_if_fail (self != NULL, FALSE);
+	g_return_val_if_fail (self->owner != NULL, FALSE);
+	g_return_val_if_fail (permission != NULL, FALSE);
+
+	subject = polkit_system_bus_name_new (self->owner);
+	if (!subject)
+		return FALSE;
+
+	call = g_malloc0 (sizeof (PolkitCall));
+	call->chain = self;
+	call->permission = g_strdup (permission);
+	call->cancellable = g_cancellable_new ();
+
+	self->calls = g_slist_append (self->calls, call);
+
+	if (allow_interaction)
+		flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION;
+
+	polkit_authority_check_authorization (self->authority,
+	                                      subject,
+	                                      permission,
+	                                      NULL,
+	                                      flags,
+	                                      call->cancellable,
+	                                      pk_call_cb,
+	                                      call);
+	g_object_unref (subject);
+	return TRUE;
+}
+
+void
+nm_auth_chain_unref (NMAuthChain *self)
+{
+	GSList *iter;
+
+	g_return_if_fail (self != NULL);
+
+	self->refcount--;
+	if (self->refcount > 0)
+		return;
+
+	g_object_unref (self->authority);
+	g_free (self->owner);
+
+	for (iter = self->calls; iter; iter = g_slist_next (iter))
+		polkit_call_cancel ((PolkitCall *) iter->data);
+	g_slist_free (self->calls);
+
+	g_clear_error (&self->error);
+	g_hash_table_destroy (self->data);
+
+	memset (self, 0, sizeof (NMAuthChain));
+	g_free (self);
+}
+
+/************ utils **************/
+
+gboolean
+nm_auth_get_caller_uid (DBusGMethodInvocation *context,
+                        NMDBusManager *dbus_mgr,
+                        gulong *out_uid,
+                        const char **out_error_desc)
+{
+	DBusConnection *connection;
+	char *sender = NULL;
+	gboolean success = FALSE;
+	DBusError dbus_error;
+
+	g_return_val_if_fail (context != NULL, FALSE);
+	g_return_val_if_fail (dbus_mgr != NULL, FALSE);
+	g_return_val_if_fail (out_uid != NULL, FALSE);
+
+	*out_uid = G_MAXULONG;
+
+	sender = dbus_g_method_get_sender (context);
+	if (!sender) {
+		if (out_error_desc)
+			*out_error_desc = "Could not determine D-Bus requestor";
+		goto out;
+	}
+
+	connection = nm_dbus_manager_get_dbus_connection (dbus_mgr);
+	if (!connection) {
+		if (out_error_desc)
+			*out_error_desc = "Could not get the D-Bus system bus";
+		goto out;
+	}
+
+	dbus_error_init (&dbus_error);
+	/* FIXME: do this async */
+	*out_uid = dbus_bus_get_unix_user (connection, sender, &dbus_error);
+	if (dbus_error_is_set (&dbus_error)) {
+		if (out_error_desc)
+			*out_error_desc = "Could not determine the user ID of the requestor";
+		dbus_error_free (&dbus_error);
+		*out_uid = G_MAXULONG;
+	} else
+		success = TRUE;
+
+out:
+	g_free (sender);
+	return success;
+}
+
+gboolean
+nm_auth_uid_authorized (gulong uid,
+                        NMDBusManager *dbus_mgr,
+                        DBusGProxy *user_proxy,
+                        const char **out_error_desc)
+{
+	DBusConnection *connection;
+	DBusError dbus_error;
+	char *service_owner = NULL;
+	const char *service_name;
+	gulong service_uid = G_MAXULONG;
+
+	g_return_val_if_fail (dbus_mgr != NULL, FALSE);
+	g_return_val_if_fail (out_error_desc != NULL, FALSE);
+
+	/* Ensure the request to activate the user connection came from the
+	 * same session as the user settings service.  FIXME: use ConsoleKit
+	 * too.
+	 */
+
+	if (!user_proxy) {
+		*out_error_desc = "No user settings service available";
+		return FALSE;
+	}
+
+	service_name = dbus_g_proxy_get_bus_name (user_proxy);
+	if (!service_name) {
+		*out_error_desc = "Could not determine user settings service name";
+		return FALSE;
+	}
+
+	connection = nm_dbus_manager_get_dbus_connection (dbus_mgr);
+	if (!connection) {
+		*out_error_desc = "Could not get the D-Bus system bus";
+		return FALSE;
+	}
+
+	service_owner = nm_dbus_manager_get_name_owner (dbus_mgr, service_name, NULL);
+	if (!service_owner) {
+		*out_error_desc = "Could not determine D-Bus owner of the user settings service";
+		return FALSE;
+	}
+
+	dbus_error_init (&dbus_error);
+	service_uid = dbus_bus_get_unix_user (connection, service_owner, &dbus_error);
+	g_free (service_owner);
+
+	if (dbus_error_is_set (&dbus_error)) {
+		dbus_error_free (&dbus_error);
+		*out_error_desc = "Could not determine the Unix UID of the sender of the request";
+		return FALSE;
+	}
+
+	/* And finally, the actual UID check */
+	if (uid != service_uid) {
+		*out_error_desc = "Requestor UID does not match the UID of the user settings service";
+		return FALSE;
+	}
+
+	return TRUE;
+}
+

src/nm-manager-auth.h

@@ -0,0 +1,89 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
+/* NetworkManager -- Network link manager
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2010 Red Hat, Inc.
+ */
+
+#ifndef NM_MANAGER_AUTH_H
+#define NM_MANAGER_AUTH_H
+
+#include <polkit/polkit.h>
+#include <glib.h>
+#include <dbus/dbus-glib.h>
+
+#include "nm-dbus-manager.h"
+
+#define NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK "org.freedesktop.NetworkManager.enable-disable-network"
+#define NM_AUTH_PERMISSION_SLEEP_WAKE             "org.freedesktop.NetworkManager.sleep-wake"
+#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI    "org.freedesktop.NetworkManager.enable-disable-wifi"
+#define NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN    "org.freedesktop.NetworkManager.enable-disable-wwan"
+#define NM_AUTH_PERMISSION_USE_USER_CONNECTIONS   "org.freedesktop.NetworkManager.use-user-connections"
+#define NM_AUTH_PERMISSION_NETWORK_CONTROL        "org.freedesktop.NetworkManager.network-control"
+
+
+typedef struct NMAuthChain NMAuthChain;
+
+typedef enum {
+	NM_AUTH_CALL_RESULT_UNKNOWN,
+	NM_AUTH_CALL_RESULT_YES,
+	NM_AUTH_CALL_RESULT_AUTH,
+	NM_AUTH_CALL_RESULT_NO,
+} NMAuthCallResult;
+
+typedef void (*NMAuthChainResultFunc) (NMAuthChain *chain,
+                                       GError *error,
+                                       DBusGMethodInvocation *context,
+                                       gpointer user_data);
+
+typedef void (*NMAuthChainCallFunc) (NMAuthChain *chain,
+                                     const char *permission,
+                                     GError *error,
+                                     NMAuthCallResult result,
+                                     gpointer user_data);
+
+NMAuthChain *nm_auth_chain_new (PolkitAuthority *authority,
+                                DBusGMethodInvocation *context,
+                                DBusGProxy *proxy,
+                                NMAuthChainResultFunc done_func,
+                                gpointer user_data);
+
+gpointer nm_auth_chain_get_data (NMAuthChain *chain, const char *tag);
+
+void nm_auth_chain_set_data (NMAuthChain *chain,
+                             const char *tag,
+                             gpointer data,
+                             GDestroyNotify data_destroy);
+
+gboolean nm_auth_chain_add_call (NMAuthChain *chain,
+                                 const char *permission,
+                                 gboolean allow_interaction);
+
+void nm_auth_chain_unref (NMAuthChain *chain);
+
+/* Utils */
+gboolean nm_auth_get_caller_uid (DBusGMethodInvocation *context,
+                                 NMDBusManager *dbus_mgr,
+                                 gulong *out_uid,
+                                 const char **out_error_desc);
+
+gboolean nm_auth_uid_authorized (gulong uid,
+                                 NMDBusManager *dbus_mgr,
+                                 DBusGProxy *user_proxy,
+                                 const char **out_error_desc);
+
+#endif /* NM_MANAGER_AUTH_H */
+

src/nm-manager.h

@@ -111,6 +111,8 @@ NMState nm_manager_get_state (NMManager *manager);
 
 GSList *nm_manager_get_connections    (NMManager *manager, NMConnectionScope scope);
 
+gboolean nm_manager_auto_user_connections_allowed (NMManager *manager);
+
 NMConnection * nm_manager_get_connection_by_object_path (NMManager *manager,
                                                          NMConnectionScope scope,
                                                          const char *path);

src/nm-policy-hostname.c

@@ -24,6 +24,7 @@
 #include <errno.h>
 #include <netdb.h>
 #include <ctype.h>
+#include <arpa/inet.h>
 
 #include <glib.h>
 
@@ -40,7 +41,10 @@ struct HostnameThread {
 	gboolean dead;
 	int ret;
 
-	guint32 ip4_addr;
+	struct sockaddr_in addr4;
+	struct sockaddr_in6 addr6;
+	struct sockaddr *addr;
+	size_t addr_size;
 	char hostname[NI_MAXHOST + 1];
 
 	HostnameThreadCallback callback;
@@ -53,9 +57,10 @@ hostname_thread_run_cb (gpointer user_data)
 	HostnameThread *ht = (HostnameThread *) user_data;
 	const char *hostname = NULL;
 
-	if (strlen (ht->hostname))
+	if (strlen (ht->hostname) && strcmp (ht->hostname, "."))
 		hostname = ht->hostname;
 
+	nm_log_dbg (LOGD_DNS, "(%p) calling address reverse-lookup result handler", ht);
 	(*ht->callback) (ht, ht->ret, hostname, ht->user_data);
 	return FALSE;
 }
@@ -64,9 +69,10 @@ static gpointer
 hostname_thread_worker (gpointer data)
 {
 	HostnameThread *ht = (HostnameThread *) data;
-	struct sockaddr_in addr;
 	int i;
 
+	nm_log_dbg (LOGD_DNS, "(%p) starting address reverse-lookup", ht);
+
 	g_mutex_lock (ht->lock);
 	if (ht->dead) {
 		g_mutex_unlock (ht->lock);
@@ -74,21 +80,22 @@ hostname_thread_worker (gpointer data)
 	}
 	g_mutex_unlock (ht->lock);
 
-	addr.sin_family = AF_INET;
+	ht->ret = getnameinfo (ht->addr, ht->addr_size, ht->hostname, NI_MAXHOST, NULL, 0, NI_NAMEREQD);
-	addr.sin_addr.s_addr = ht->ip4_addr;
-
-	ht->ret = getnameinfo ((struct sockaddr *) &addr, sizeof (struct sockaddr_in),
-	                       ht->hostname, NI_MAXHOST, NULL, 0,
-	                       NI_NAMEREQD);
 	if (ht->ret == 0) {
+		nm_log_dbg (LOGD_DNS, "(%p) address reverse-lookup returned hostname '%s'",
+		            ht, ht->hostname);
 		for (i = 0; i < strlen (ht->hostname); i++)
 			ht->hostname[i] = tolower (ht->hostname[i]);
+	} else {
+		nm_log_dbg (LOGD_DNS, "(%p) address reverse-lookup failed: (%d) %s",
+		            ht, ht->ret, gai_strerror (ht->ret));
 	}
 
 	/* Don't track the idle handler ID because by the time the g_idle_add()
 	 * returns the ID, the handler may already have run and freed the
 	 * HostnameThread.
 	 */
+	nm_log_dbg (LOGD_DNS, "(%p) scheduling address reverse-lookup result handler", ht);
 	g_idle_add (hostname_thread_run_cb, ht);
 	return (gpointer) TRUE;
 }
@@ -98,15 +105,21 @@ hostname_thread_free (HostnameThread *ht)
 {
 	g_return_if_fail (ht != NULL);
 
+	nm_log_dbg (LOGD_DNS, "(%p) freeing reverse-lookup thread", ht);
+
 	g_mutex_free (ht->lock);
 	memset (ht, 0, sizeof (HostnameThread));
 	g_free (ht);
 }
 
 HostnameThread *
-hostname_thread_new (guint32 ip4_addr, HostnameThreadCallback callback, gpointer user_data)
+hostname4_thread_new (guint32 ip4_addr,
+                      HostnameThreadCallback callback,
+                      gpointer user_data)
 {
 	HostnameThread *ht;
+	struct sockaddr_in addr4;
+	char buf[INET_ADDRSTRLEN + 1];
 
 	ht = g_malloc0 (sizeof (HostnameThread));
 	g_assert (ht);
@@ -114,14 +127,59 @@ hostname_thread_new (guint32 ip4_addr, HostnameThreadCallback callback, gpointer
 	ht->lock = g_mutex_new ();
 	ht->callback = callback;
 	ht->user_data = user_data;
-	ht->ip4_addr = ip4_addr;
+
+	ht->addr4.sin_family = AF_INET;
+	ht->addr4.sin_addr.s_addr = ip4_addr;
+	ht->addr = (struct sockaddr *) &ht->addr4;
+	ht->addr_size = sizeof (ht->addr4);
 
 	ht->thread = g_thread_create (hostname_thread_worker, ht, FALSE, NULL);
 	if (!ht->thread) {
 		hostname_thread_free (ht);
-		ht = NULL;
+		return NULL;
 	}
 
+	if (!inet_ntop (AF_INET, &addr4.sin_addr, buf, sizeof (buf)))
+		strcpy (buf, "(unknown)");
+
+	nm_log_dbg (LOGD_DNS, "(%p) started IPv4 reverse-lookup thread for address '%s'",
+	            ht, buf);
+
+	return ht;
+}
+
+HostnameThread *
+hostname6_thread_new (const struct in6_addr *ip6_addr,
+                      HostnameThreadCallback callback,
+                      gpointer user_data)
+{
+	HostnameThread *ht;
+	char buf[INET6_ADDRSTRLEN + 1];
+
+	ht = g_malloc0 (sizeof (HostnameThread));
+	g_assert (ht);
+
+	ht->lock = g_mutex_new ();
+	ht->callback = callback;
+	ht->user_data = user_data;
+
+	ht->addr6.sin6_family = AF_INET6;
+	ht->addr6.sin6_addr = *ip6_addr;
+	ht->addr = (struct sockaddr *) &ht->addr6;
+	ht->addr_size = sizeof (ht->addr6);
+
+	ht->thread = g_thread_create (hostname_thread_worker, ht, FALSE, NULL);
+	if (!ht->thread) {
+		hostname_thread_free (ht);
+		return NULL;
+	}
+
+	if (!inet_ntop (AF_INET, ip6_addr, buf, sizeof (buf)))
+		strcpy (buf, "(unknown)");
+
+	nm_log_dbg (LOGD_DNS, "(%p) started IPv6 reverse-lookup thread for address '%s'",
+	            ht, buf);
+
 	return ht;
 }
 
@@ -130,6 +188,8 @@ hostname_thread_kill (HostnameThread *ht)
 {
 	g_return_if_fail (ht != NULL);
 
+	nm_log_dbg (LOGD_DNS, "(%p) stopping reverse-lookup thread", ht);
+
 	g_mutex_lock (ht->lock);
 	ht->dead = TRUE;
 	g_mutex_unlock (ht->lock);

src/nm-policy-hostname.h

@@ -34,9 +34,13 @@ typedef void (*HostnameThreadCallback) (HostnameThread *ht,
                                         const char *hostname,
                                         gpointer user_data);
 
-HostnameThread * hostname_thread_new (guint32 ip4_addr,
+HostnameThread * hostname4_thread_new (guint32 ip4_addr,
-                                      HostnameThreadCallback callback,
+                                       HostnameThreadCallback callback,
-                                      gpointer user_data);
+                                       gpointer user_data);
+
+HostnameThread * hostname6_thread_new (const struct in6_addr *ip6_addr,
+                                       HostnameThreadCallback callback,
+                                       gpointer user_data);
 
 void             hostname_thread_free (HostnameThread *ht);
 

src/nm-policy.c

@@ -255,13 +255,12 @@ lookup_callback (HostnameThread *thread,
 }
 
 static void
-update_system_hostname (NMPolicy *policy, NMDevice *best)
+update_system_hostname (NMPolicy *policy, NMDevice *best4, NMDevice *best6)
 {
 	char *configured_hostname = NULL;
-	NMActRequest *best_req = NULL;
+	NMActRequest *best_req4 = NULL;
-	NMDHCP4Config *dhcp4_config;
+	NMActRequest *best_req6 = NULL;
-	NMIP4Config *ip4_config;
+	const char *dhcp_hostname, *p;
-	NMIP4Address *addr;
 
 	g_return_if_fail (policy != NULL);
 
@@ -288,10 +287,12 @@ update_system_hostname (NMPolicy *policy, NMDevice *best)
 	}
 
 	/* Try automatically determined hostname from the best device's IP config */
-	if (!best)
+	if (!best4)
-		best = get_best_ip4_device (policy->manager, &best_req);
+		best4 = get_best_ip4_device (policy->manager, &best_req4);
+	if (!best6)
+		best6 = get_best_ip6_device (policy->manager, &best_req6);
 
-	if (!best) {
+	if (!best4 && !best6) {
 		/* No best device; fall back to original hostname or if there wasn't
 		 * one, 'localhost.localdomain'
 		 */
@@ -299,22 +300,43 @@ update_system_hostname (NMPolicy *policy, NMDevice *best)
 		return;
 	}
 
-	/* Grab a hostname out of the device's DHCP4 config */
+	if (best4) {
-	dhcp4_config = nm_device_get_dhcp4_config (best);
+		NMDHCP4Config *dhcp4_config;
-	if (dhcp4_config) {
-		const char *dhcp4_hostname, *p;
 
-		p = dhcp4_hostname = nm_dhcp4_config_get_option (dhcp4_config, "host_name");
+		/* Grab a hostname out of the device's DHCP4 config */
-		if (dhcp4_hostname && strlen (dhcp4_hostname)) {
+		dhcp4_config = nm_device_get_dhcp4_config (best4);
-			/* Sanity check */
+		if (dhcp4_config) {
-			while (*p) {
+			p = dhcp_hostname = nm_dhcp4_config_get_option (dhcp4_config, "host_name");
-				if (!isblank (*p++)) {
+			if (dhcp_hostname && strlen (dhcp_hostname)) {
-					_set_hostname (dhcp4_hostname, "from DHCP");
+				/* Sanity check; strip leading spaces */
-					return;
+				while (*p) {
+					if (!isblank (*p++)) {
+						_set_hostname (dhcp_hostname, "from DHCPv4");
+						return;
+					}
 				}
+				nm_log_warn (LOGD_DNS, "DHCPv4-provided hostname '%s' looks invalid; ignoring it",
+					         dhcp_hostname);
+			}
+		}
+	} else if (best6) {
+		NMDHCP6Config *dhcp6_config;
+
+		/* Grab a hostname out of the device's DHCP4 config */
+		dhcp6_config = nm_device_get_dhcp6_config (best6);
+		if (dhcp6_config) {
+			p = dhcp_hostname = nm_dhcp6_config_get_option (dhcp6_config, "host_name");
+			if (dhcp_hostname && strlen (dhcp_hostname)) {
+				/* Sanity check; strip leading spaces */
+				while (*p) {
+					if (!isblank (*p++)) {
+						_set_hostname (dhcp_hostname, "from DHCPv6");
+						return;
+					}
+				}
+				nm_log_warn (LOGD_DNS, "DHCPv6-provided hostname '%s' looks invalid; ignoring it",
+					         dhcp_hostname);
 			}
-			nm_log_warn (LOGD_DNS, "DHCP-provided hostname '%s' looks invalid; ignoring it",
-			             dhcp4_hostname);
 		}
 	}
 
@@ -326,23 +348,47 @@ update_system_hostname (NMPolicy *policy, NMDevice *best)
 		return;
 	}
 
-	/* No configured hostname, no automatically determined hostname, and
+	/* No configured hostname, no automatically determined hostname, and no
-	 * no bootup hostname. Start reverse DNS of the current IP address.
+	 * bootup hostname. Start reverse DNS of the current IPv4 or IPv6 address.
 	 */
-	ip4_config = nm_device_get_ip4_config (best);
+	if (best4) {
-	if (   !ip4_config
+		NMIP4Config *ip4_config;
-	    || (nm_ip4_config_get_num_nameservers (ip4_config) == 0)
+		NMIP4Address *addr4;
-	    || (nm_ip4_config_get_num_addresses (ip4_config) == 0)) {
+
-		/* No valid IP4 config (!!); fall back to localhost.localdomain */
+		ip4_config = nm_device_get_ip4_config (best4);
-		_set_hostname (NULL, "no IPv4 config");
+		if (   !ip4_config
-		return;
+		    || (nm_ip4_config_get_num_nameservers (ip4_config) == 0)
+		    || (nm_ip4_config_get_num_addresses (ip4_config) == 0)) {
+			/* No valid IP4 config (!!); fall back to localhost.localdomain */
+			_set_hostname (NULL, "no IPv4 config");
+			return;
+		}
+
+		addr4 = nm_ip4_config_get_address (ip4_config, 0);
+		g_assert (addr4); /* checked for > 1 address above */
+
+		/* Start the hostname lookup thread */
+		policy->lookup = hostname4_thread_new (nm_ip4_address_get_address (addr4), lookup_callback, policy);
+	} else if (best6) {
+		NMIP6Config *ip6_config;
+		NMIP6Address *addr6;
+
+		ip6_config = nm_device_get_ip6_config (best6);
+		if (   !ip6_config
+		    || (nm_ip6_config_get_num_nameservers (ip6_config) == 0)
+		    || (nm_ip6_config_get_num_addresses (ip6_config) == 0)) {
+			/* No valid IP6 config (!!); fall back to localhost.localdomain */
+			_set_hostname (NULL, "no IPv6 config");
+			return;
+		}
+
+		addr6 = nm_ip6_config_get_address (ip6_config, 0);
+		g_assert (addr6); /* checked for > 1 address above */
+
+		/* Start the hostname lookup thread */
+		policy->lookup = hostname6_thread_new (nm_ip6_address_get_address (addr6), lookup_callback, policy);
 	}
 
-	addr = nm_ip4_config_get_address (ip4_config, 0);
-	g_assert (addr); /* checked for > 1 address above */
-
-	/* Start the hostname lookup thread */
-	policy->lookup = hostname_thread_new (nm_ip4_address_get_address (addr), lookup_callback, policy);
 	if (!policy->lookup) {
 		/* Fall back to 'localhost.localdomain' */
 		_set_hostname (NULL, "error starting hostname thread");
@@ -603,7 +649,7 @@ update_routing_and_dns (NMPolicy *policy, gboolean force_update)
 	update_ip6_routing_and_dns (policy, force_update);
 
 	/* Update the system hostname */
-	update_system_hostname (policy, policy->default_device4);
+	update_system_hostname (policy, policy->default_device4, policy->default_device6);
 }
 
 typedef struct {
@@ -633,7 +679,8 @@ auto_activate_device (gpointer user_data)
 
 	/* System connections first, then user connections */
 	connections = nm_manager_get_connections (policy->manager, NM_CONNECTION_SCOPE_SYSTEM);
-	connections = g_slist_concat (connections, nm_manager_get_connections (policy->manager, NM_CONNECTION_SCOPE_USER));
+	if (nm_manager_auto_user_connections_allowed (policy->manager))
+		connections = g_slist_concat (connections, nm_manager_get_connections (policy->manager, NM_CONNECTION_SCOPE_USER));
 
 	/* Remove connections that are in the invalid list. */
 	iter = connections;
@@ -652,13 +699,11 @@ auto_activate_device (gpointer user_data)
 	best_connection = nm_device_get_best_auto_connection (data->device, connections, &specific_object);
 	if (best_connection) {
 		GError *error = NULL;
-		const char *device_path;
 
-		device_path = nm_device_get_path (data->device);
 		if (!nm_manager_activate_connection (policy->manager,
 		                                     best_connection,
 		                                     specific_object,
-		                                     device_path,
+		                                     nm_device_get_path (data->device),
 		                                     FALSE,
 		                                     &error)) {
 			NMSettingConnection *s_con;
@@ -712,7 +757,7 @@ global_state_changed (NMManager *manager, NMState state, gpointer user_data)
 static void
 hostname_changed (NMManager *manager, GParamSpec *pspec, gpointer user_data)
 {
-	update_system_hostname ((NMPolicy *) user_data, NULL);
+	update_system_hostname ((NMPolicy *) user_data, NULL, NULL);
 }
 
 static void
@@ -1013,6 +1058,12 @@ connection_removed (NMManager *manager,
 	g_ptr_array_free (list, TRUE);
 }
 
+static void
+manager_user_permissions_changed (NMManager *manager, NMPolicy *policy)
+{
+	schedule_activate_all (policy);
+}
+
 NMPolicy *
 nm_policy_new (NMManager *manager, NMVPNManager *vpn_manager)
 {
@@ -1088,6 +1139,10 @@ nm_policy_new (NMManager *manager, NMVPNManager *vpn_manager)
 	                       G_CALLBACK (connection_removed), policy);
 	policy->signal_ids = g_slist_append (policy->signal_ids, (gpointer) id);
 
+	id = g_signal_connect (manager, "user-permissions-changed",
+	                       G_CALLBACK (manager_user_permissions_changed), policy);
+	policy->signal_ids = g_slist_append (policy->signal_ids, (gpointer) id);
+
 	return policy;
 }
 

src/nm-wifi-ap.c

@@ -15,7 +15,7 @@
  * with this program; if not, write to the Free Software Foundation, Inc.,
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  *
- * Copyright (C) 2004 - 2008 Red Hat, Inc.
+ * Copyright (C) 2004 - 2010 Red Hat, Inc.
  * Copyright (C) 2006 - 2008 Novell, Inc.
  */
 
@@ -604,7 +604,7 @@ nm_ap_new_fake_from_connection (NMConnection *connection)
 	channel = nm_setting_wireless_get_channel (s_wireless);
 
 	if (band && channel) {
-		guint32 freq = channel_to_freq (channel, band);
+		guint32 freq = nm_utils_wifi_channel_to_freq (channel, band);
 
 		if (freq == 0)
 			goto error;
@@ -1256,21 +1256,21 @@ nm_ap_check_compatible (NMAccessPoint *self,
 
 	channel = nm_setting_wireless_get_channel (s_wireless);
 	if (channel) {
-		guint32 ap_chan = freq_to_channel (priv->freq);
+		guint32 ap_chan = nm_utils_wifi_freq_to_channel (priv->freq);
 
 		if (channel != ap_chan)
 			return FALSE;
 	}
 
 	s_wireless_sec = (NMSettingWirelessSecurity *) nm_connection_get_setting (connection,
-															    NM_TYPE_SETTING_WIRELESS_SECURITY);
+	                                                                          NM_TYPE_SETTING_WIRELESS_SECURITY);
 
 	return nm_setting_wireless_ap_security_compatible (s_wireless,
-											 s_wireless_sec,
+	                                                   s_wireless_sec,
-											 nm_ap_get_flags (self),
+	                                                   nm_ap_get_flags (self),
-											 nm_ap_get_wpa_flags (self),
+	                                                   nm_ap_get_wpa_flags (self),
-											 nm_ap_get_rsn_flags (self),
+	                                                   nm_ap_get_rsn_flags (self),
-											 nm_ap_get_mode (self));
+	                                                   nm_ap_get_mode (self));
 }
 
 static gboolean
@@ -1364,114 +1364,3 @@ nm_ap_match_in_list (NMAccessPoint *find_ap,
 	return NULL;
 }
 
-
-struct cf_pair {
-	guint32 chan;
-	guint32 freq;
-};
-
-static struct cf_pair a_table[] = {
-	/* A band */
-	{  7, 5035 },
-	{  8, 5040 },
-	{  9, 5045 },
-	{ 11, 5055 },
-	{ 12, 5060 },
-	{ 16, 5080 },
-	{ 34, 5170 },
-	{ 36, 5180 },
-	{ 38, 5190 },
-	{ 40, 5200 },
-	{ 42, 5210 },
-	{ 44, 5220 },
-	{ 46, 5230 },
-	{ 48, 5240 },
-	{ 50, 5250 },
-	{ 52, 5260 },
-	{ 56, 5280 },
-	{ 58, 5290 },
-	{ 60, 5300 },
-	{ 64, 5320 },
-	{ 100, 5500 },
-	{ 104, 5520 },
-	{ 108, 5540 },
-	{ 112, 5560 },
-	{ 116, 5580 },
-	{ 120, 5600 },
-	{ 124, 5620 },
-	{ 128, 5640 },
-	{ 132, 5660 },
-	{ 136, 5680 },
-	{ 140, 5700 },
-	{ 149, 5745 },
-	{ 152, 5760 },
-	{ 153, 5765 },
-	{ 157, 5785 },
-	{ 160, 5800 },
-	{ 161, 5805 },
-	{ 165, 5825 },
-	{ 183, 4915 },
-	{ 184, 4920 },
-	{ 185, 4925 },
-	{ 187, 4935 },
-	{ 188, 4945 },
-	{ 192, 4960 },
-	{ 196, 4980 },
-	{ 0, -1 }
-};
-
-static struct cf_pair bg_table[] = {
-	/* B/G band */
-	{ 1, 2412 },
-	{ 2, 2417 },
-	{ 3, 2422 },
-	{ 4, 2427 },
-	{ 5, 2432 },
-	{ 6, 2437 },
-	{ 7, 2442 },
-	{ 8, 2447 },
-	{ 9, 2452 },
-	{ 10, 2457 },
-	{ 11, 2462 },
-	{ 12, 2467 },
-	{ 13, 2472 },
-	{ 14, 2484 },
-	{ 0, -1 }
-};
-
-guint32
-freq_to_channel (guint32 freq)
-{
-	int i = 0;
-
-	if (freq > 4900) {
-		while (a_table[i].chan && (a_table[i].freq != freq))
-			i++;
-		return a_table[i].chan;
-	} else {
-		while (bg_table[i].chan && (bg_table[i].freq != freq))
-			i++;
-		return bg_table[i].chan;
-	}
-
-	return 0;
-}
-
-guint32
-channel_to_freq (guint32 channel, const char *band)
-{
-	int i = 0;
-
-	if (!strcmp (band, "a")) {
-		while (a_table[i].chan && (a_table[i].chan != channel))
-			i++;
-		return a_table[i].freq;
-	} else if (!strcmp (band, "bg")) {
-		while (bg_table[i].chan && (bg_table[i].chan != channel))
-			i++;
-		return bg_table[i].freq;
-	}
-
-	return 0;
-}
-

src/nm-wifi-ap.h

@@ -15,7 +15,7 @@
  * with this program; if not, write to the Free Software Foundation, Inc.,
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  *
- * Copyright (C) 2004 - 2008 Red Hat, Inc.
+ * Copyright (C) 2004 - 2010 Red Hat, Inc.
  * Copyright (C) 2006 - 2008 Novell, Inc.
  */
 
@@ -123,7 +123,4 @@ NMAccessPoint *     nm_ap_match_in_list (NMAccessPoint *find_ap,
 
 void				nm_ap_print_self (NMAccessPoint *ap, const char * prefix);
 
-guint32 freq_to_channel (guint32 freq);
-guint32 channel_to_freq (guint32 channel, const char *band);
-
 #endif /* NM_ACCESS_POINT_H */

src/vpn-manager/nm-vpn-manager.c

@@ -304,6 +304,33 @@ nm_vpn_manager_get_active_connections (NMVPNManager *manager)
 	return list;
 }
 
+NMConnection *
+nm_vpn_manager_get_connection_for_active (NMVPNManager *manager,
+                                          const char *active_path)
+{
+	NMVPNManagerPrivate *priv;
+	GSList *iter;
+
+	g_return_val_if_fail (NM_IS_VPN_MANAGER (manager), NULL);
+
+	priv = NM_VPN_MANAGER_GET_PRIVATE (manager);
+	for (iter = priv->services; iter; iter = g_slist_next (iter)) {
+		GSList *active, *elt;
+
+		active = nm_vpn_service_get_active_connections (NM_VPN_SERVICE (iter->data));
+		for (elt = active; elt; elt = g_slist_next (elt)) {
+			NMVPNConnection *candidate = NM_VPN_CONNECTION (elt->data);
+			const char *ac_path;
+
+			ac_path = nm_vpn_connection_get_active_connection_path (candidate);
+			if (ac_path && !strcmp (ac_path, active_path))
+				return nm_vpn_connection_get_connection (candidate);
+		}
+	}
+
+	return NULL;
+}
+
 NMVPNManager *
 nm_vpn_manager_get (void)
 {

src/vpn-manager/nm-vpn-manager.h

@@ -83,4 +83,7 @@ void nm_vpn_manager_add_active_connections (NMVPNManager *manager,
 
 GSList *nm_vpn_manager_get_active_connections (NMVPNManager *manager);
 
+NMConnection *nm_vpn_manager_get_connection_for_active (NMVPNManager *manager,
+                                                        const char *active_path);
+
 #endif /* NM_VPN_VPN_MANAGER_H */

system-settings/plugins/ifcfg-rh/reader.c

@@ -1622,21 +1622,27 @@ add_one_wep_key (shvarFile *ifcfg,
 				p++;
 			}
 			key = g_strdup (value);
-		} else if (   strncmp (value, "s:", 2)
+		} else if (   !strncmp (value, "s:", 2)
 		           && (strlen (value) == 7 || strlen (value) == 15)) {
-			/* ASCII passphrase */
+			/* ASCII key */
 			char *p = value + 2;
 
 			while (*p) {
 				if (!isascii ((int) (*p))) {
 					g_set_error (error, ifcfg_plugin_error_quark (), 0,
-					             "Invalid ASCII WEP passphrase.");
+					             "Invalid ASCII WEP key.");
 					goto out;
 				}
 				p++;
 			}
 
-			key = utils_bin2hexstr (value, strlen (value), strlen (value) * 2);
+			/* Remove 's:' prefix.
+			 * Don't convert to hex string. wpa_supplicant takes 'wep_key0' option over D-Bus as byte array
+			 * and converts it to hex string itself. Even though we convert hex string keys into a bin string
+			 * before passing to wpa_supplicant, this prevents two unnecessary conversions. And mainly,
+			 * ASCII WEP key doesn't change to HEX WEP key in UI, which could confuse users.
+			 */
+			key = g_strdup (value + 2);
 		}
 	}
 

system-settings/plugins/ifcfg-rh/writer.c

@@ -605,6 +605,8 @@ write_wireless_security_setting (NMConnection *connection,
 
 			key = nm_setting_wireless_security_get_wep_key (s_wsec, i);
 			if (key) {
+				char *ascii_key = NULL;
+
 				/* Passphrase needs a different ifcfg key since with WEP, there
 				 * are some passphrases that are indistinguishable from WEP hex
 				 * keys.
@@ -612,11 +614,19 @@ write_wireless_security_setting (NMConnection *connection,
 				key_type = nm_setting_wireless_security_get_wep_key_type (s_wsec);
 				if (key_type == NM_WEP_KEY_TYPE_PASSPHRASE)
 					tmp = g_strdup_printf ("KEY_PASSPHRASE%d", i + 1);
-				else
+				else {
 					tmp = g_strdup_printf ("KEY%d", i + 1);
 
+					/* Add 's:' prefix for ASCII keys */
+					if (strlen (key) == 5 || strlen (key) == 13) {
+						ascii_key = g_strdup_printf ("s:%s", key);
+						key = ascii_key;
+					}
+				}
+
 				set_secret (ifcfg, tmp, key, FALSE);
 				g_free (tmp);
+				g_free (ascii_key);
 			}
 		}
 	}