From 5a04d8057ed5a6f626ae9fe2eb9e877eeac0f74b Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Sat, 3 Sep 2016 23:01:21 +0530 Subject: [PATCH] networks: Add polkit rules for network management Allow Plinth to manage network connections even when running as 'plinth' user and not root user. This is done by adding polkit rules that Network Manager checks - Add new style Javascript based rules file for newer versions of polkit (>105). This is not fuly tested. - Add old style .pkla file for older versions of polkit (<=105). --- CHANGELOG.md | 1 + .../share/polkit-1/rules.d/50-plinth.rules | 25 +++++++++++++++++++ .../org.freedombox.NetworkManager.pkla | 4 +++ setup.py | 7 +++++- 4 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 data/usr/share/polkit-1/rules.d/50-plinth.rules create mode 100644 data/var/lib/polkit-1/localauthority/10-vendor.d/org.freedombox.NetworkManager.pkla diff --git a/CHANGELOG.md b/CHANGELOG.md index 58f090203..22366081a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file. about enabled services. - Allow initial setup operation to happen without package installation. +- networks: Add polkit rules for network management. ### Fixed - users: Fixed checking restricted usernames. diff --git a/data/usr/share/polkit-1/rules.d/50-plinth.rules b/data/usr/share/polkit-1/rules.d/50-plinth.rules new file mode 100644 index 000000000..1998bc122 --- /dev/null +++ b/data/usr/share/polkit-1/rules.d/50-plinth.rules @@ -0,0 +1,25 @@ +/* +# +# This file is part of Plinth. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +*/ + +polkit.addRule(function(action, subject) { + if (action.id.indexOf("org.freedesktop.NetworkManager.") == 0 && + subject.user == "plinth") { + return polkit.Result.YES; + } +}); diff --git a/data/var/lib/polkit-1/localauthority/10-vendor.d/org.freedombox.NetworkManager.pkla b/data/var/lib/polkit-1/localauthority/10-vendor.d/org.freedombox.NetworkManager.pkla new file mode 100644 index 000000000..5b7071c26 --- /dev/null +++ b/data/var/lib/polkit-1/localauthority/10-vendor.d/org.freedombox.NetworkManager.pkla @@ -0,0 +1,4 @@ +[Allow Plinth to manage NetworkManager connections] +Identity=unix-user:plinth +Action=org.freedesktop.NetworkManager.* +ResultAny=yes diff --git a/setup.py b/setup.py index f2e4172e6..2da6cafd2 100755 --- a/setup.py +++ b/setup.py @@ -213,6 +213,8 @@ setuptools.setup( ['data/lib/systemd/system/plinth.service']), ('/usr/share/plinth/actions', glob.glob(os.path.join('actions', '*'))), + ('/usr/share/polkit-1/rules.d', + ['data/usr/share/polkit-1/rules.d/50-plinth.rules']), ('/usr/share/man/man1', ['doc/plinth.1']), ('/etc/plinth', ['data/etc/plinth/plinth.config']), ('/usr/share/augeas/lenses', @@ -223,7 +225,10 @@ setuptools.setup( glob.glob('data/usr/share/pam-configs/*-freedombox')), ('/etc/plinth/modules-enabled', glob.glob(os.path.join('data/etc/plinth/modules-enabled', - '*')))], + '*'))), + ('/var/lib/polkit-1/localauthority/10-vendor.d', + ['data/var/lib/polkit-1/localauthority/10-vendor.d/' + 'org.freedombox.NetworkManager.pkla'])], cmdclass={ 'build': CustomBuild, 'clean': CustomClean,