| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Polkit documentation suggests that <allow_any> applies to all
clients, but that's actually not the case. allow_any,
allow_inactive, and allow_active are evaluated individually based
on whether the user is local and active (allow_active), local and
inactive (allow_inactive), and not local (allow_any). Thus all
three allow options must be specified for any authorization other
than 'no'.
|
|
|
|
|
|
|
|
|
|
|
|
| |
#707983) (rh #979416)
This commit allows inactive sessions (typically SSH or remote desktop
logins) to modify their own connections, to modify the system hostname
with authorization, and to modify system connections with
authorization.
https://bugzilla.redhat.com/show_bug.cgi?id=979416
https://bugzilla.gnome.org/show_bug.cgi?id=707983
|
| |
|
|
|
|
|
|
| |
Add --enable-modify-system, to change the default for
org.freedesktop.NetworkManager.settings.modify.system to allow users
to edit system connections without needing to authenticate.
|
|
|
|
|
|
|
| |
For now, until we figure out a better story here. We don't necessarily
want to require an admin password just to connect to a wifi network
after installing, but for now lets be secure-by-default while we figure
out the right solution.
|
| |
|
|
|
|
|
|
|
| |
This policy will allow users to modify their personal connections (ie
maybe VPN connections, etc) distinctly from system-wide connections that
affect more than just their user. It makes sense to be more lenient when
making changes to settings that don't affect other users.
|
|
|
|
|
|
| |
Meaning stays the same, but this will allow us to differentiate
in the future between personal connections (ie, just visible to
one user) and system connections (visible to more than one user).
|
|\ |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Moves the system settings permissions checking into the core service's
permissions checking, which at the same time enables 3-way permission
reporting (yes, no, auth) instead of the old yes/no that we had for
system settings permissions before. This allows UI to show a lock
icon or such when the user could authenticate to gain the permission.
It also moves the wifi-create permissions' namespace to the main
namespace (not .settings) since they really should be checked before
starting a shared wifi connection, rather than having anything to do
with the settings service.
|
| |
| |
| |
| |
| |
| |
| | |
Just for consistency, make settings related stuff live under the
org.freedesktop.NetworkManager namespace, rather than its own
org.freedesktop.NetworkManagerSettings namespace. Renames are done for
DBus interface names, DBus object paths, and polkit actions.
|
|/ |
|
|
|
|
|
|
|
|
|
| |
PK's "allow_inactive" actually means "allow inactive *local* users", so
we do want to allow inactive local users to provide user connections.
We don't want to allow non-local inactive users to provide user connections.
So make the use-user-connections privilege match for both active and
inactive so we get the behavior we want.
|
|
|
|
|
| |
Allows for locking down connections completely and disallowing
certain users from touching networking at all.
|
|
|
|
|
|
| |
Default to 'not allowed', distros that need backwards compatibility
can flip this to 'yes' if they need to. At this point, only power
management scripts should call these functions.
|
|
|
|
| |
#619323)
|
|
|
|
|
| |
Bothered me for a long time; now that we've bumped the soname, we can
rename the library too.
|
|
|
|
|
|
|
|
|
| |
Since the new PolicyKit does away with easy checking of authorizations,
we get to implement it by ourselves, but that's OK since we can actually
use it for a lot more stuff. So add the GetPermissions call which returns
the permissions the caller actually has, and a signal informing callers
that their permissions might have changed. Hook this all up to
PolicyKit so it's useful.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3653 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
|
|
|
|
| |
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3652 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
|
|
|
|
| |
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3651 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
|
|
|
|
|
|
|
| |
* Add another missing file, sigh.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3649 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
|
|
* Add the missing policy/Makefile.am
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3647 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
|