[network-manager-applet/bg/wifi-check-permissions: 1/4] applet: Check the user has permission to modify before showing dialog

From: Beniamino Galvani <bgalvani src gnome org>
To: commits-list gnome org
Cc:
Subject: [network-manager-applet/bg/wifi-check-permissions: 1/4] applet: Check the user has permission to modify before showing dialog
Date: Tue, 14 Mar 2017 13:49:18 +0000 (UTC)

commit c5c5483a826c2b4fc5820227c2de794a54019c65
Author: Iain Lane <iain orangesquash org uk>
Date:   Fri Mar 3 12:27:23 2017 +0000

    applet: Check the user has permission to modify before showing dialog
    
    In most places, we (or NM) check permissions before performing actions.
    One place we don't is when we need more information when connecting to
    and 802.1x network. In that case we pop up a dialog to ask for more
    information before initiaing the connection.
    
    The dialog contains a GTK+ filechooser. We don't want unprivileged users
    to have access to this as it allows opening files.
    
    Check for MODIFY_SYSTEM or MODIFY_OWN before showing the dialog for
    802.1x connections. If the user doesn't have or can't get it, don't show
    the dialog. They wouldn't have been able to create the connection
    anyway.

 src/applet-device-wifi.c |   18 ++++++++++++++++++
 1 files changed, 18 insertions(+), 0 deletions(-)
---
diff --git a/src/applet-device-wifi.c b/src/applet-device-wifi.c
index 7b8fa6e..ccf8bb2 100644
--- a/src/applet-device-wifi.c
+++ b/src/applet-device-wifi.c
@@ -514,6 +514,15 @@ done:
        gtk_widget_destroy (GTK_WIDGET (dialog));
 }
 
+static gboolean
+can_get_permission (NMApplet *applet, NMClientPermission perm)
+{
+       if (   applet->permissions[perm] == NM_CLIENT_PERMISSION_RESULT_YES
+           || applet->permissions[perm] == NM_CLIENT_PERMISSION_RESULT_AUTH)
+               return TRUE;
+       return FALSE;
+}
+
 static void
 _do_new_auto_connection (NMApplet *applet,
                          NMDevice *device,
@@ -590,6 +599,15 @@ _do_new_auto_connection (NMApplet *applet,
         * Dialog Of Doom.
         */
        if (s_8021x) {
+               if (!can_get_permission (applet, NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM) &&
+                   !can_get_permission (applet, NM_CLIENT_PERMISSION_SETTINGS_MODIFY_OWN)) {
+                       const char *text = _("Failed to add new connection");
+                       const char *err_text = _("Insufficient privileges.");
+                       g_warning ("%s: %s", text, err_text);
+                       utils_show_error_dialog (_("Connection failure"), text, err_text, FALSE, NULL);
+                        g_clear_object (&connection);
+                       return;
+               }
                more_info = g_malloc0 (sizeof (*more_info));
                more_info->applet = applet;
                more_info->callback = callback;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]