diff -Nru network-manager-applet-0.9.8.0/debian/changelog network-manager-applet-0.9.8.0/debian/changelog --- network-manager-applet-0.9.8.0/debian/changelog 2013-03-08 22:17:52.000000000 +0530 +++ network-manager-applet-0.9.8.0/debian/changelog 2013-04-14 01:33:42.000000000 +0530 @@ -1,3 +1,10 @@ +network-manager-applet (0.9.8.0-1ubuntu3) raring; urgency=low + + * debian/patches/user.patch: + - allow to create user connections by default (lp#1116317) + + -- Ritesh Khadgaray Sat, 13 Apr 2013 22:18:37 +0530 + network-manager-applet (0.9.8.0-1ubuntu2) raring; urgency=low * debian/control: add docbook-to-man to Build-Depends, missing in the diff -Nru network-manager-applet-0.9.8.0/debian/control network-manager-applet-0.9.8.0/debian/control --- network-manager-applet-0.9.8.0/debian/control 2013-03-08 22:17:52.000000000 +0530 +++ network-manager-applet-0.9.8.0/debian/control 2013-04-14 01:02:13.000000000 +0530 @@ -29,7 +29,8 @@ libgirepository1.0-dev, dh-translations, libappindicator3-dev, - gobject-introspection + gobject-introspection, + libpolkit-gobject-1-dev (>= 0.92) Standards-Version: 3.9.3 Vcs-Bzr: https://code.launchpad.net/~network-manager/network-manager-applet/ubuntu Homepage: http://www.gnome.org/projects/NetworkManager/ diff -Nru network-manager-applet-0.9.8.0/debian/patches/series network-manager-applet-0.9.8.0/debian/patches/series --- network-manager-applet-0.9.8.0/debian/patches/series 2013-03-08 22:17:52.000000000 +0530 +++ network-manager-applet-0.9.8.0/debian/patches/series 2013-04-13 22:19:51.000000000 +0530 @@ -16,3 +16,4 @@ lp1048516_dont_req_keyring_in_greeter.patch lp1048520_delay_pin_dialog_in_greeter.patch rebuild_menu_after_init.patch +user.patch diff -Nru network-manager-applet-0.9.8.0/debian/patches/user.patch network-manager-applet-0.9.8.0/debian/patches/user.patch --- network-manager-applet-0.9.8.0/debian/patches/user.patch 1970-01-01 05:30:00.000000000 +0530 +++ network-manager-applet-0.9.8.0/debian/patches/user.patch 2013-04-13 22:19:41.000000000 +0530 @@ -0,0 +1,543 @@ +From e223c372b298df485bbd0776ecf18dc088068a33 Mon Sep 17 00:00:00 2001 +From: Mathieu Trudel-Lapierre +Date: Thu, 28 Feb 2013 15:59:08 -0500 +Subject: [PATCH] policy: allow users to create user-owned connections if they + do not have permissions to create system-wide. + +Based on the work from Gary Ching-Pang Lin and Dominique Leuenberger. + +--- + configure.ac | 2 + + src/applet-device-ethernet.c | 6 +++ + src/applet-device-wifi.c | 12 ++++++ + src/applet-device-wimax.c | 6 +++ + src/connection-editor/Makefile.am | 2 + + src/connection-editor/ce-page.c | 48 ++++++++++++++++++++++ + src/connection-editor/ce-polkit-button.c | 35 ++++++++++------ + src/connection-editor/ce-polkit-button.h | 2 +- + src/connection-editor/nm-connection-editor.c | 9 ++++- + src/connection-editor/nm-connection-list.c | 8 +++- + src/gnome-bluetooth/Makefile.am | 2 + + src/gnome-bluetooth/nma-bt-device.c | 60 ++++++++++++++++++++++++++++ + src/mobile-helpers.c | 8 +++- + src/utils/Makefile.am | 3 +- + src/utils/utils.c | 41 +++++++++++++++++++ + src/utils/utils.h | 2 + + 16 files changed, 226 insertions(+), 20 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 84fdc6d..038e39e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -154,6 +154,8 @@ PKG_CHECK_MODULES(NOTIFY, [libnotify >= 0.4.3]) + AC_SUBST(NOTIFY_CFLAGS) + AC_SUBST(NOTIFY_LIBS) + ++PKG_CHECK_MODULES(POLKIT, [polkit-gobject-1 >= 0.92]) ++ + gtk2_req=2.20 + gtk3_req=3.0 + AC_ARG_WITH([gtkver], AS_HELP_STRING([--with-gtkver], [The major version of GTK+ to build with]), +diff --git a/src/applet-device-ethernet.c b/src/applet-device-ethernet.c +index 6e63dcb..aecc25b 100644 +--- a/src/applet-device-ethernet.c ++++ b/src/applet-device-ethernet.c +@@ -86,6 +86,12 @@ ethernet_new_auto_connection (NMDevice *device, + NM_SETTING_CONNECTION_UUID, uuid, + NULL); + g_free (uuid); ++ if (!utils_system_connection_authorized ()) { ++ nm_setting_connection_add_permission (s_con, ++ "user", ++ g_get_user_name(), ++ NULL); ++ } + + nm_connection_add_setting (connection, NM_SETTING (s_con)); + +diff --git a/src/applet-device-wifi.c b/src/applet-device-wifi.c +index fa3d618..edf9053 100644 +--- a/src/applet-device-wifi.c ++++ b/src/applet-device-wifi.c +@@ -461,6 +461,18 @@ _do_new_auto_connection (NMApplet *applet, + nm_connection_add_setting (connection, NM_SETTING (s_8021x)); + } + ++ if (!utils_system_connection_authorized ()) { ++ s_con = nm_connection_get_setting_connection (connection); ++ if (!s_con) { ++ s_con = (NMSettingConnection *) nm_setting_connection_new (); ++ nm_connection_add_setting (connection, NM_SETTING (s_con)); ++ } ++ nm_setting_connection_add_permission (s_con, ++ "user", ++ g_get_user_name(), ++ NULL); ++ } ++ + /* If it's an 802.1x connection, we need more information, so pop up the + * Dialog Of Doom. + */ +diff --git a/src/applet-device-wimax.c b/src/applet-device-wimax.c +index a870c48..09d8063 100644 +--- a/src/applet-device-wimax.c ++++ b/src/applet-device-wimax.c +@@ -94,6 +94,12 @@ wimax_new_auto_connection (NMDevice *device, + NM_SETTING_CONNECTION_UUID, uuid, + NULL); + g_free (uuid); ++ if (!utils_system_connection_authorized ()) { ++ nm_setting_connection_add_permission (s_con, ++ "user", ++ g_get_user_name(), ++ NULL); ++ } + + nm_connection_add_setting (connection, NM_SETTING (s_con)); + +diff --git a/src/connection-editor/Makefile.am b/src/connection-editor/Makefile.am +index 4cc9005..3b6d121 100644 +--- a/src/connection-editor/Makefile.am ++++ b/src/connection-editor/Makefile.am +@@ -11,6 +11,7 @@ nm_connection_editor_CPPFLAGS = \ + -DDATADIR=\""$(datadir)"\" \ + -DNMALOCALEDIR=\"$(datadir)/locale\" \ + $(DBUS_CFLAGS) \ ++ $(POLKIT_CFLAGS) \ + $(DISABLE_DEPRECATED) \ + -I${top_srcdir}/src/utils \ + -I${top_srcdir}/src/wireless-security \ +@@ -84,6 +85,7 @@ nm_connection_editor_LDADD = \ + ${top_builddir}/src/libnm-gtk/libnm-gtk.la \ + $(GTK_LIBS) \ + $(NMA_LIBS) \ ++ $(POLKIT_LIBS) \ + -lm + + uidir = $(datadir)/nm-applet +diff --git a/src/connection-editor/ce-page.c b/src/connection-editor/ce-page.c +index bf2798c..7130960 100644 +--- a/src/connection-editor/ce-page.c ++++ b/src/connection-editor/ce-page.c +@@ -29,6 +29,8 @@ + + #include + ++#include ++ + #include + #include + +@@ -528,6 +530,45 @@ ce_page_class_init (CEPageClass *page_class) + G_TYPE_NONE, 1, G_TYPE_POINTER); + } + ++static gboolean ++polkit_system_connection_authorized () ++{ ++ PolkitSubject *subject; ++ PolkitAuthority *authority; ++ PolkitAuthorizationResult *result; ++ GError *error = NULL; ++ static gboolean is_checked = FALSE; ++ static gboolean is_authorized = FALSE; ++ ++ if (is_checked) ++ return is_authorized; ++ ++ /* Check the polkit authorization */ ++ authority = polkit_authority_get_sync (NULL, NULL); ++ subject = polkit_unix_process_new (getpid ()); ++ result = polkit_authority_check_authorization_sync (authority, ++ subject, ++ "org.freedesktop.NetworkManager.settings.modify.system", ++ NULL, ++ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, ++ NULL, ++ &error); ++ if (error || !result) { ++ g_warning ("%s: failed to check polkit authorization! %s", __func__, ++ error ? error->message : "(unknown)"); ++ g_clear_error (&error); ++ } else if (polkit_authorization_result_get_is_authorized (result) ++ || polkit_authorization_result_get_is_challenge (result)) { ++ is_authorized = TRUE; ++ } ++ g_object_unref (result); ++ g_object_unref (authority); ++ g_object_unref (subject); ++ ++ is_checked = TRUE; ++ ++ return is_authorized; ++} + + NMConnection * + ce_page_new_connection (const char *format, +@@ -562,6 +603,13 @@ ce_page_new_connection (const char *format, + g_free (uuid); + g_free (id); + ++ if (!polkit_system_connection_authorized ()) { ++ nm_setting_connection_add_permission (s_con, ++ "user", ++ g_get_user_name(), ++ NULL); ++ } ++ + return connection; + } + +diff --git a/src/connection-editor/ce-polkit-button.c b/src/connection-editor/ce-polkit-button.c +index 5bd806a..2e0cebb 100644 +--- a/src/connection-editor/ce-polkit-button.c ++++ b/src/connection-editor/ce-polkit-button.c +@@ -91,19 +91,6 @@ update_and_emit (CEPolkitButton *self, gboolean old_actionable) + g_signal_emit (self, signals[ACTIONABLE], 0, new_actionable); + } + +-void +-ce_polkit_button_set_master_sensitive (CEPolkitButton *self, gboolean sensitive) +-{ +- gboolean old_actionable; +- +- g_return_if_fail (self != NULL); +- g_return_if_fail (CE_IS_POLKIT_BUTTON (self)); +- +- old_actionable = ce_polkit_button_get_actionable (self); +- CE_POLKIT_BUTTON_GET_PRIVATE (self)->master_sensitive = sensitive; +- update_and_emit (self, old_actionable); +-} +- + gboolean + ce_polkit_button_get_actionable (CEPolkitButton *self) + { +@@ -145,6 +132,28 @@ permission_changed_cb (NMClient *client, + g_signal_emit (self, signals[AUTHORIZED], 0, priv->authorized); + } + ++void ++ce_polkit_button_set_master_sensitive (CEPolkitButton *self, gboolean sensitive, gboolean user_owned) ++{ ++ CEPolkitButtonPrivate *priv = CE_POLKIT_BUTTON_GET_PRIVATE (self); ++ NMClientPermission permission = NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM; ++ gboolean old_actionable; ++ ++ g_return_if_fail (self != NULL); ++ g_return_if_fail (CE_IS_POLKIT_BUTTON (self)); ++ ++ old_actionable = ce_polkit_button_get_actionable (self); ++ CE_POLKIT_BUTTON_GET_PRIVATE (self)->master_sensitive = sensitive; ++ ++ if (user_owned) ++ permission = NM_CLIENT_PERMISSION_SETTINGS_MODIFY_OWN; ++ ++ permission_changed_cb (priv->client, ++ permission, ++ nm_client_get_permission_result (priv->client, permission), ++ self); ++} ++ + GtkWidget * + ce_polkit_button_new (const char *label, + const char *tooltip, +diff --git a/src/connection-editor/ce-polkit-button.h b/src/connection-editor/ce-polkit-button.h +index c8c803f..dc0f6ff 100644 +--- a/src/connection-editor/ce-polkit-button.h ++++ b/src/connection-editor/ce-polkit-button.h +@@ -57,7 +57,7 @@ GtkWidget *ce_polkit_button_new (const char *label, + NMClient *client, + NMClientPermission permission); + +-void ce_polkit_button_set_master_sensitive (CEPolkitButton *button, gboolean sensitive); ++void ce_polkit_button_set_master_sensitive (CEPolkitButton *button, gboolean sensitive, gboolean user_owned); + + gboolean ce_polkit_button_get_actionable (CEPolkitButton *button); + +diff --git a/src/connection-editor/nm-connection-editor.c b/src/connection-editor/nm-connection-editor.c +index e03160d..d5fe6ad 100644 +--- a/src/connection-editor/nm-connection-editor.c ++++ b/src/connection-editor/nm-connection-editor.c +@@ -195,7 +195,7 @@ static void + connection_editor_validate (NMConnectionEditor *editor) + { + NMSettingConnection *s_con; +- gboolean valid = FALSE, printed = FALSE; ++ gboolean valid = FALSE, printed = FALSE, user_owned = FALSE; + GSList *iter; + + if (!editor_is_initialized (editor)) +@@ -203,6 +203,11 @@ connection_editor_validate (NMConnectionEditor *editor) + + s_con = nm_connection_get_setting_connection (editor->connection); + g_assert (s_con); ++ ++ if (nm_setting_connection_get_num_permissions > 0 ++ && nm_setting_connection_permissions_user_allowed (s_con, g_get_user_name())) ++ user_owned = TRUE; ++ + if (nm_setting_connection_get_read_only (s_con)) + goto done; + +@@ -229,7 +234,7 @@ connection_editor_validate (NMConnectionEditor *editor) + } + + done: +- ce_polkit_button_set_master_sensitive (CE_POLKIT_BUTTON (editor->ok_button), valid); ++ ce_polkit_button_set_master_sensitive (CE_POLKIT_BUTTON (editor->ok_button), valid, user_owned); + gtk_widget_set_sensitive (editor->export_button, valid); + update_sensitivity (editor); + } +diff --git a/src/connection-editor/nm-connection-list.c b/src/connection-editor/nm-connection-list.c +index f445edf..353aecc 100644 +--- a/src/connection-editor/nm-connection-list.c ++++ b/src/connection-editor/nm-connection-list.c +@@ -393,7 +393,7 @@ pk_button_selection_changed_cb (GtkTreeSelection *selection, gpointer user_data) + GtkTreeModel *model; + NMRemoteConnection *connection; + NMSettingConnection *s_con; +- gboolean sensitive = FALSE; ++ gboolean sensitive = FALSE, user_owned = FALSE; + + if (gtk_tree_selection_get_selected (selection, &model, &iter)) { + connection = get_active_connection (list->connection_list); +@@ -402,10 +402,14 @@ pk_button_selection_changed_cb (GtkTreeSelection *selection, gpointer user_data) + g_assert (s_con); + + sensitive = !nm_setting_connection_get_read_only (s_con); ++ ++ if (nm_setting_connection_get_num_permissions (s_con) > 0 ++ && nm_setting_connection_permissions_user_allowed (s_con, g_get_user_name())) ++ user_owned = TRUE; + } + } + +- ce_polkit_button_set_master_sensitive (button, sensitive); ++ ce_polkit_button_set_master_sensitive (button, sensitive, user_owned); + } + + static void +diff --git a/src/gnome-bluetooth/Makefile.am b/src/gnome-bluetooth/Makefile.am +index dbf5373..b25070c 100644 +--- a/src/gnome-bluetooth/Makefile.am ++++ b/src/gnome-bluetooth/Makefile.am +@@ -7,6 +7,7 @@ INCLUDES = \ + -I${top_srcdir}/src/utils \ + -I${top_srcdir}/src/libnm-gtk \ + $(GNOME_BLUETOOTH_CFLAGS) \ ++ $(POLKIT_CFLAGS) \ + $(DISABLE_DEPRECATED) \ + $(WARN_CFLAGS) + +@@ -32,6 +33,7 @@ libnma_la_LIBADD = \ + $(top_builddir)/src/marshallers/libmarshallers.la \ + $(top_builddir)/src/utils/libutils.la \ + $(top_builddir)/src/libnm-gtk/libnm-gtk.la \ ++ $(POLKIT_LIBS) \ + $(GNOME_BLUETOOTH_LIBS) + + if WITH_MODEM_MANAGER_1 +diff --git a/src/gnome-bluetooth/nma-bt-device.c b/src/gnome-bluetooth/nma-bt-device.c +index 968dc89..787eeec 100644 +--- a/src/gnome-bluetooth/nma-bt-device.c ++++ b/src/gnome-bluetooth/nma-bt-device.c +@@ -34,6 +34,8 @@ + #include + #include + ++#include ++ + #include + #include + +@@ -340,6 +342,46 @@ dun_error (NmaBtDevice *self, const char *func, GError *error, const char *fallb + recheck_services_enabled (self); + } + ++static gboolean ++polkit_system_connection_authorized () ++{ ++ PolkitSubject *subject; ++ PolkitAuthority *authority; ++ PolkitAuthorizationResult *result; ++ GError *error = NULL; ++ static gboolean is_checked = FALSE; ++ static gboolean is_authorized = FALSE; ++ ++ if (is_checked) ++ return is_authorized; ++ ++ /* Check the polkit authorization */ ++ authority = polkit_authority_get_sync (NULL, NULL); ++ subject = polkit_unix_process_new (getpid ()); ++ result = polkit_authority_check_authorization_sync (authority, ++ subject, ++ "org.freedesktop.NetworkManager.settings.modify.system", ++ NULL, ++ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, ++ NULL, ++ &error); ++ if (error || !result) { ++ g_warning ("%s: failed to check polkit authorization! %s", __func__, ++ error ? error->message : "(unknown)"); ++ g_clear_error (&error); ++ } else if (polkit_authorization_result_get_is_authorized (result) ++ || polkit_authorization_result_get_is_challenge (result)) { ++ is_authorized = TRUE; ++ } ++ g_object_unref (result); ++ g_object_unref (authority); ++ g_object_unref (subject); ++ ++ is_checked = TRUE; ++ ++ return is_authorized; ++} ++ + static NMConnection * + dun_new_cdma (NMAMobileWizardAccessMethod *method) + { +@@ -380,6 +422,12 @@ dun_new_cdma (NMAMobileWizardAccessMethod *method) + NULL); + g_free (uuid); + g_free (id); ++ if (!polkit_system_connection_authorized ()) { ++ nm_setting_connection_add_permission ((NMSettingConnection *)setting, ++ "user", ++ g_get_user_name(), ++ NULL); ++ } + nm_connection_add_setting (connection, setting); + + return connection; +@@ -426,6 +474,12 @@ dun_new_gsm (NMAMobileWizardAccessMethod *method) + NULL); + g_free (uuid); + g_free (id); ++ if (!polkit_system_connection_authorized ()) { ++ nm_setting_connection_add_permission ((NMSettingConnection *)setting, ++ "user", ++ g_get_user_name(), ++ NULL); ++ } + nm_connection_add_setting (connection, setting); + + return connection; +@@ -985,6 +1039,12 @@ add_pan_connection (NmaBtDevice *self) + NULL); + g_free (id); + g_free (uuid); ++ if (!polkit_system_connection_authorized ()) { ++ nm_setting_connection_add_permission ((NMSettingConnection *)setting, ++ "user", ++ g_get_user_name(), ++ NULL); ++ } + nm_connection_add_setting (connection, setting); + + /* The Bluetooth settings */ +diff --git a/src/mobile-helpers.c b/src/mobile-helpers.c +index 4c1db5f..bff17ed 100644 +--- a/src/mobile-helpers.c ++++ b/src/mobile-helpers.c +@@ -210,7 +210,13 @@ mobile_wizard_done (NMAMobileWizard *wizard, + NULL); + g_free (uuid); + g_free (id); +- nm_connection_add_setting (connection, setting); ++ if (!utils_system_connection_authorized ()) { ++ nm_setting_connection_add_permission ((NMSettingConnection *)setting, ++ "user", ++ g_get_user_name(), ++ NULL); ++ } ++ nm_connection_add_setting (connection, setting); + } + + done: +diff --git a/src/utils/Makefile.am b/src/utils/Makefile.am +index 1a3308c..bf028cc 100644 +--- a/src/utils/Makefile.am ++++ b/src/utils/Makefile.am +@@ -9,7 +9,8 @@ libutils_la_SOURCES = \ + libutils_la_CPPFLAGS = \ + $(GTK_CFLAGS) \ + $(NMA_CFLAGS) \ ++ $(POLKIT_CFLAGS) \ + $(DISABLE_DEPRECATED) \ + -I${top_srcdir}/src + +-libutils_la_LIBADD = $(GTK_LIBS) $(NMA_LIBS) ++libutils_la_LIBADD = $(GTK_LIBS) $(NMA_LIBS) $(POLKIT_LIBS) +diff --git a/src/utils/utils.c b/src/utils/utils.c +index 00f8596..1c179bb 100644 +--- a/src/utils/utils.c ++++ b/src/utils/utils.c +@@ -27,6 +27,8 @@ + #include + #include + ++#include ++ + #include + #include + +@@ -209,3 +211,42 @@ utils_show_error_dialog (const char *title, + } + } + ++gboolean ++utils_system_connection_authorized () ++{ ++ PolkitSubject *subject; ++ PolkitAuthority *authority; ++ PolkitAuthorizationResult *result; ++ GError *error = NULL; ++ static gboolean is_checked = FALSE; ++ static gboolean is_authorized = FALSE; ++ ++ if (is_checked) ++ return is_authorized; ++ ++ /* Check the polkit authorization */ ++ authority = polkit_authority_get_sync (NULL, NULL); ++ subject = polkit_unix_process_new (getpid ()); ++ result = polkit_authority_check_authorization_sync (authority, ++ subject, ++ "org.freedesktop.NetworkManager.settings.modify.system", ++ NULL, ++ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, ++ NULL, ++ &error); ++ if (error || !result) { ++ g_warning ("%s: failed to check polkit authorization! %s", __func__, ++ error ? error->message : "(unknown)"); ++ g_clear_error (&error); ++ } else if (polkit_authorization_result_get_is_authorized (result) ++ || polkit_authorization_result_get_is_challenge (result)) { ++ is_authorized = TRUE; ++ } ++ g_object_unref (result); ++ g_object_unref (authority); ++ g_object_unref (subject); ++ ++ is_checked = TRUE; ++ ++ return is_authorized; ++} +diff --git a/src/utils/utils.h b/src/utils/utils.h +index 0da159a..eea4487 100644 +--- a/src/utils/utils.h ++++ b/src/utils/utils.h +@@ -59,5 +59,7 @@ typedef enum { + NMA_ERROR_GENERIC + } NMAError; + ++gboolean utils_system_connection_authorized (); ++ + #endif /* UTILS_H */ + +-- +1.8.1.2 + +