So that normal users who have PolicyKit authorization to edit system connections
can read secrets, move system connection secrets logic into the system connection
service from libnm-glib, and protect it with PolicyKit checks. Convert the
ifcfg-rh plugin over to using NMSysconfigConnection so that it can take advantage
of the new PolicyKit protection.
Fix a few problems... No plugin should return secrets in the GetSettings method,
which some plugins did. When that was committed in the commit "system-settings:
don't return secrets in the settings", it broke those plugins that didn't implement
GetSecrets. Each plugin can actually use the same code for GetSettings and
GetSecrets, so implement those generically in the NMExportedConnection class and
remove plugin-specific implementations that all did the same thing.
* libnm-glib/nm-settings.c
libnm-glib/nm-settings.h
- Rename the "get_secrets" virtual function "service_get_secrets" to
clarify when it's used; NMExportedConnetion is a base-class for both
the client and service side, which is sort of confusing, and
get_secrets only makes sense on the service side.
* libnm-glib/nm-dbus-connection.c
- (get_secrets): remove, unused, and clients need to do extra work to
get secrets anyway since the call can block on the remote side
* system-settings/plugins/ifupdown/nm-ifupdown-connection.c
system-settings/plugins/keyfile/nm-keyfile-connection.c
- Fix up for get_secrets -> service_get_secrets
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4192 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Add connection UUIDs, since connection names can be changed, and since
old-style connection IDs could change over the life of the connection. The
UUID should be assigned at connection creation time, be stable for a given
connection, and should be unique among all connections for a given settings
service.
* configure.in
libnm-util/Makefile.am
- Require libuuid
* introspection/nm-exported-connection.xml
- Remove "GetID" method
* libnm-glib/nm-dbus-connection.c
libnm-glib/nm-settings.c
libnm-glib/nm-settings.h
- Remove id-related stuff
* libnm-util/nm-utils.c
libnm-util/nm-utils.h
libnm-util/libnm-util.ver
- (nm_utils_uuid_generate, nm_utils_uuid_generate_from_string): Add
utility functions to generate UUIDs
* libnm-util/nm-setting-connection.c
libnm-util/nm-setting-connection.h
- Add 'uuid' member to the connection setting
- (verify): require valid 'uuid' for a valid connection
* system-settings/plugins/ifcfg-fedora/nm-ifcfg-connection.c
system-settings/plugins/ifcfg-fedora/reader.c
system-settings/plugins/ifcfg-suse/nm-suse-connection.c
system-settings/plugins/ifcfg-suse/parser.c
system-settings/plugins/keyfile/nm-keyfile-connection.c
system-settings/src/main.c
- Remove id-related stuff
- Give connections UUIDs where needed
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4013 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Use PolicyKit to authorize the system settings' AddConnection method
and the system settings connections' Update and Delete methods.
* libnm-glib/nm-settings.c (impl_exported_connection_update)
(impl_exported_connection_delete, nm_exported_connection_update)
(nm_exported_connection_delete): Return boolean and fill GError
to notify the callers of the reasons why it might have failed.
* libnm-glib/nm-dbus-settings-system.c
(nm_dbus_settings_system_add_connection): Return the error from dbus
call so that the callers can see why it failed.
* libnm-glib/nm-dbus-connection.c (update, delete): Update the
signatures.
* system-settings/src/nm-polkit-helpers.[ch]: Implement.
* system-settings/src/nm-sysconfig-connection.[ch]: Implement. New
abstract base class that checks PolicyKit permissions.
* system-settings/src/dbus-settings.c:
(impl_settings_add_connection): Check the policy before carring out
the request.
* system-settings/plugins/keyfile/nm-keyfile-connection.c:
Inherit from NMSysconfigConnection, check the policies before
allowing updating or removing.
* system-settings/plugins/ifcfg-suse/nm-suse-connection.c:
Inherit from NMSysconfigConnection.
* introspection/nm-exported-connection.xml: Annotate "Update" and
"Delete" methods with async flag so that the implementations can get
access to DBusGMethodInvocation.
* system-settings/src/dbus-settings.c
(settings_add_connection_check_privileges): Implement.
(impl_settings_add_connection): Check the privileges before adding a new
connection. Improve error reporting.
* introspection/nm-settings-system.xml: Make the 'AddConnection' method
async so that the implementation can access DBusGMethodInvocation.
* configure.in: Check for PolicyKit.
* policy/org.freedesktop.network-manager-settings.system.policy:
New file.
* policy/Makefile.am: Install the policy file.
* configure.in: Add 'policy' subdir.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3646 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* libnm-glib/nm-dbus-settings.c (constructor): Fix the
"PropertiesChanged" signal signature.
* libnm-glib/nm-dbus-connection.c (constructor): Use the common GType
defined in nm-dbus-glib-types.h.
Don't register the connection on dbus, we're a proxy class to
communicate with an already registered connection over dbus.
2008-04-30 Tambet Ingo <tambet@gmail.com>
Implement new subclasses of NMSettings and NMExportedConnection to make
it easier for the applet to access and modify system settings.
* libnm-glib/nm-dbus-connection.[ch]:
* libnm-glib/nm-dbus-settings.[ch]:
* libnm-glib/nm-dbus-settings-system.[ch]: Implement.
* libnm-glib/Makefile.am: Add the new files to build, generate some more
bindings and glue.
* include/NetworkManager.h: Define the system settings DBus interface.
2008-04-30 Tambet Ingo <tambet@gmail.com>
Implement additional C API for exported connections to make them identical
with the DBus API. Change the (list_connections) virtual function to be
more usable from C - instead of requiring implementers to return a GPtrArray
of dbus paths, return a list of connections.
* libnm-glib/nm-settings.c (nm_exported_connection_class_init): Fix a typo.
(nm_settings_list_connections):
(nm_exported_connection_new):
(nm_exported_connection_update):
(nm_exported_connection_delete): Implement.
(impl_settings_list_connections):
(impl_exported_connection_update):
(impl_exported_connection_delete): Use the new public functions to make
sure the C and dbus interfaces stay in sync.
* system-settings/src/dbus-settings.c (list_connections): Return a list of
connections.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3630 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Implement GKeyFile system settings plugin.
Implement writing system settings (currently supported only by GKeyFile plugin).
* system-settings/src/main.c:
* system-settings/src/dbus-settings.c: Move the communication with plugins
from main.c to dbus-settings.c. Makes it possible to talk to all registered
plugins for adding/updating/removing connections.
* system-settings/src/nm-system-config-interface.c
(nm_system_config_interface_add_connection): Implement
(nm_system_config_interface_update_connection): Implement.
(nm_system_config_interface_remove_connection): Implement.
* system-settings/plugins/keyfile/Makefile.am:
* system-settings/plugins/keyfile/plugin.[ch]:
* system-settings/plugins/keyfile/writer.[ch]:
* system-settings/plugins/keyfile/reader.[ch]: Implement.
* system-settings/plugins/Makefile.am: Add GKeyFile plugin.
* configure.in: Generate GKeyFile Makefile.
* libnm-glib/nm-settings.c (impl_exported_connection_get_id): Fix a memory
corruption, need to duplicate the returned string.
(impl_exported_connection_update): Implement.
(impl_exported_connection_delete): Implement.
* introspection/nm-settings-system.xml: Add "AddConnection" method.
* introspection/nm-exported-connection.xml: Add "Update" and "Delete" methods.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3587 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* libnm-glib/nm-object-cache.c
libnm-glib/nm-settings.c
src/dhcp-manager/nm-dhcp-manager.c
system-settings/plugins/ifcfg-fedora/plugin.c
system-settings/plugins/ifcfg-suse/plugin.c
system-settings/src/nm-system-config-hal-manager.c
libnm-util/nm-utils.c
- Remove usage of GStaticMutex since gcc-4.3 hates it and because we're
not threadsafe anyway
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3548 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* libnm-glib/nm-settings.c
libnm-glib/nm-settings.h
- (nm_exported_connection_get_id): new function
- (impl_exported_connection_get_id): use nm_exported_connection_get_id()
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3528 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Massive fixup of libnm-glib to:
a) have all objects (with the exception of VPN) cache their properties and
update them asynchronously on PropertiesChanged signals from NM
b) return internal const data for most attributes/properties instead of
allocated values that the caller must free
c) cache wrapped objects such that a given D-Bus path will always map to the
same GObject returned by libnm-glib
d) remove a few signals and move them to GObject property notifications
e) match recent NM D-Bus API changes for activation/deactivation
f) remove some private functions from libnm-glib headers
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3491 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* Global rename of NMConnectionSettings -> NMExportedConnection to cut down
on confusing names
* Add 'path' and 'scope' properties to NMConnection since both NM and the
applet were having to hack this in anyway. Remove the 'path' stuff from
NMExportedConnection
* Internally rename NMConnectionType -> NMConnectionScope
* Provide default implementations of the 'get_id' and 'get_settings' methods
of NMExportedConnection
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3334 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Split the GetSecrets() call off to a separate D-Bus interface so that it
can be more easily locked down with D-Bus policy. Only 'root' (ie, NM)
should be able to call GetSecrets().
* include/NetworkManager.h
- Define the connection secrets D-Bus interface
* src/vpn-manager/nm-vpn-connection.c
- (clear_need_auth): get the right proxy object for the connection
secrets interface
- (get_connection_secrets): use the connection secrets proxy; send
empty hints in get secrets request
* src/nm-activation-request.c
- (nm_act_request_request_connection_secrets): use the connection
secrets proxy; send empty hints in get secrets request
* src/nm-manager.c
src/nm-manager.h
- (connection_get_settings_cb): set the connection secrets proxy on
the connection object too
- (internal_new_connection_cb): create the connection secrets proxy
* introspection/nm-settings-connection.xml
- Define Connection.Secrets interface and move GetSecrets there
- Add a 'hints' argument to GetSecrets
* libnm-glib/nm-settings.c
libnm-glib/nm-settings.h
- (impl_connection_settings_get_secrets): add 'hints' argument
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2989 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* libnm-glib/nm-settings.c
- (nm_connection_settings_class_init): provide correct type for argument
to the Updated signal so that dbus-glib knows how to marshal it
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2931 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* libnm-glib/nm-settings.c
libnm-glib/nm-settings.h
- (new_error -> nm_settings_new_error): make public so that subclasses
can use the same error domain. Also pass a valid error code to
g_error_new_literal() so that libdbus doesn't assert when converting
the GError into a DBusError
- (impl_settings_list_connections, impl_connection_settings_get_id,
impl_connection_settings_get_settings,
impl_connection_settings_get_secrets): use new error creator
function
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2879 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Properly re-query secrets from the settings daemon when stuff fails.
* src/nm-device-802-11-wireless.c
- (ap_auth_enforced): handle static WEP correctly here by differentiating
between Shared Key and Open System auth modes
- (link_timeout_cb, supplicant_connection_timeout_cb,
real_act_stage4_ip_config_timeout): clear existing secrets and
request new ones when something fails due to a suspected wrong key
- (real_act_stage2_config): fix for new request_new argument to
nm_manager_get_connection_secrets()
* src/nm-manager.c
src/nm-manager.h
- (nm_manager_get_connection_secrets): return error status; pass
new request_new argument on to the settings daemon
* introspection/nm-settings-connection.xml
- New 'request_new' argument to the GetSecrets call that hints to the
settings daemon to ask the user for completely new secrets
* libnm-glib/nm-settings.c
libnm-glib/nm-settings.h
- (impl_connection_settings_get_secrets): handle new 'request_new'
argument
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2872 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* introspection/nm-settings-connection.xml
libnm-glib/nm-settings.c
libnm-glib/nm-settings.h
- Make GetSecrets asynchronous on the server side
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2829 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Stupid mistake on my part; object path and interface for settings service
and connection objects can be the same, only the service name must be
different for the system and user settings services.
* include/NetworkManager.h
src/nm-manager.c
introspection/nm-settings-connection.xml
introspection/nm-settings.xml
libnm-glib/nm-settings.c
- (nm_connection_settings_init, query_user_connections,
new_connection_cb): Unify NetworkManagerSettings and Connection
interface name and object path
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2772 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* include/NetworkManager.h
libnm-glib/nm-settings.c
- defines for the user settings daemon D-Bus bits
* src/NetworkManager.c
- Remove stuff that referred to the old NetworkManagerInfo service
* src/vpn-manager/nm-dbus-vpn.h
- Move old NMI defines to the only place they are used still
* libnm-util/nm-connection.c
libnm-util/nm-connection.h
src/nm-activation-request.c
- Make NMConnection a GObject subclass so we can do spiffy stuff with it
* src/nm-manager.c
src/nm-manager.h
- Get connections and their settings from the user settings daemon
at the appropriate times
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2763 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* include/NetworkManager.h
- Keep NMConnection object path in sync
* libnm-glib/nm-settings.c
libnm-glib/nm-settings.h
- Break D-Bus object registration out of the init function, because
every object that's exported over D-Bus needs to use the _same_
DBusConnection. Otherwise, each object would get a different object
path tree and wouldn't be callable.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2747 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* libnm-glib/nm-settings.c
libnm-glib/nm-settings.h
- make the dbus path a property of the object, and autogenerate it.
It can't be composed of the 'id' field becuase that's not available
yet during the GObject creation in nm_connection_settings_init()
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2745 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* include/NetworkManager.h: added DBus path for connection settings.
* libnm-glib/nm-settings.[ch] (nm_settings_signal_new_connection,
nm_connection_settings_signal_updated,
nm_connection_settings_signal_removed): new functions to wrap the
objects' signals.
(nm_connection_settings_init): register GObject with DBus.
(nm_connection_settings_get_dbus_object_path): new function.
* libnm-glib/Makefile.am: added libnmutil to link flags.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2672 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
