rpms/NetworkManager
7
0
Fork 0
Code Issues Pull Requests Releases Activity

fix suspend/resume and nmcli issues

Browse Source 
- core: fix suspend/resume regression (rh #638640)
- core: fix issue causing some nmcli requests to be ignored
This commit is contained in:
Dan Williams 2010-10-15 14:19:39 -05:00
parent 10e568e9dd
commit 3e67131815
3 changed files with 181 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
NetworkManager.spec
View File

@ -20,7 +20,7 @@ Name: NetworkManager
Summary: Network connection manager and user applications
Epoch: 1
Version: 0.8.1
Release: 8%{snapshot}%{?dist}
Release: 9%{snapshot}%{?dist}
Group: System Environment/Base
License: GPLv2+
URL: http://www.gnome.org/projects/NetworkManager/
@ -34,6 +34,8 @@ Patch3: nm-applet-no-notifications.patch
Patch4: nm-remove-stale-hosts-mappings.patch
Patch5: nm-preserve-custom-hostnames.patch
Patch6: nm-prevent-hostname-dup.patch
Patch7: nm-sleep-wake-no-auth.patch
Patch8: nm-libnm-glib-prop-set-delay.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires(post): chkconfig
@ -167,6 +169,8 @@ tar -xjf %{SOURCE1}
%patch4 -p1 -b .remove-stale-hosts-mappings
%patch5 -p1 -b .preserve-custom-hostnames
%patch6 -p1 -b .prevent-hostname-dup
%patch7 -p1 -b .sleep-wake
%patch8 -p1 -b .prop-set-delay
%build
@ -420,6 +424,10 @@ fi
%{_datadir}/gtk-doc/html/libnm-util/*
%changelog
* Fri Oct 15 2010 Dan Williams <dcbw@redhat.com> - 0.8.1-9
- core: fix suspend/resume regression (rh #638640)
- core: fix issue causing some nmcli requests to be ignored
* Thu Oct 7 2010 Dan Williams <dcbw@redhat.com> - 0.8.1-8
- core: preserve custom local-mapped hostnames in /etc/hosts (rh #627269)

50
nm-libnm-glib-prop-set-delay.patch Normal file
View File

@ -0,0 +1,50 @@
commit 8d7b9a4ef56d3ca0c06c8d655e71698bdab04d9f
Author: Jiří Klimeš <jklimes@redhat.com>
Date: Fri Oct 15 09:41:34 2010 +0200
libnm-glib: call D-Bus with a timeout when Set()ting properties
The caller needs to be authenticated, so wait a bit to be sure
it didn't quit too quickly.
diff --git a/libnm-glib/Makefile.am b/libnm-glib/Makefile.am
index 008cc6d..ec21a32 100644
--- a/libnm-glib/Makefile.am
+++ b/libnm-glib/Makefile.am
@@ -132,7 +132,7 @@ libnm_glib_la_LIBADD = \
$(GUDEV_LIBS)
libnm_glib_la_LDFLAGS = -Wl,--version-script=$(srcdir)/libnm-glib.ver \
- -version-info "6:1:4"
+ -version-info "6:2:4"
noinst_PROGRAMS = libnm-glib-test
diff --git a/libnm-glib/nm-object.c b/libnm-glib/nm-object.c
index 72ea050..85cb6b7 100644
--- a/libnm-glib/nm-object.c
+++ b/libnm-glib/nm-object.c
@@ -527,12 +527,17 @@ _nm_object_set_property (NMObject *object,
g_return_if_fail (prop_name != NULL);
g_return_if_fail (G_IS_VALUE (value));
- dbus_g_proxy_call_no_reply (NM_OBJECT_GET_PRIVATE (object)->properties_proxy,
- "Set",
- G_TYPE_STRING, interface,
- G_TYPE_STRING, prop_name,
- G_TYPE_VALUE, value,
- G_TYPE_INVALID);
+ if (!dbus_g_proxy_call_with_timeout (NM_OBJECT_GET_PRIVATE (object)->properties_proxy,
+ "Set", 2000, NULL,
+ G_TYPE_STRING, interface,
+ G_TYPE_STRING, prop_name,
+ G_TYPE_VALUE, value,
+ G_TYPE_INVALID)) {
+
+ /* Ignore errors. dbus_g_proxy_call_with_timeout() is called instead of
+ * dbus_g_proxy_call_no_reply() to give NM chance to authenticate the caller.
+ */
+ }
}
char *

122
nm-sleep-wake-no-auth.patch Normal file
View File

@ -0,0 +1,122 @@
commit 878f6c4074acfdee42c320680f5529e01b909ba2
Author: Dan Williams <dcbw@redhat.com>
Date: Fri Oct 15 10:28:38 2010 -0500
core: ignore authorization for sleep/wake requests (but restrict to root) (rh #638640)
Everyone uses pm-utils still for sleep/wake support, and that's
traditionally how NM was put to sleep and woken up. But pm-utils
uses dbus-send without --print-reply so dbus-send quits immediately
after sending the message. That doesn't give NM enough time to
get the senders UID and thus validate the request, so the request
gets denied, and sometimes NM stays asleep after the machine is
woken up.
Instead, don't get the sender's UID and try to authorize it, but
just let the request go through. Rely on D-Bus permissions to
make sure that only root can call sleep/wake methods.
diff --git a/src/NetworkManager.conf b/src/NetworkManager.conf
index 8d08314..1f1ed49 100644
--- a/src/NetworkManager.conf
+++ b/src/NetworkManager.conf
@@ -60,6 +60,18 @@
<deny send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager"
send_member="SetLogging"/>
+
+ <deny send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager"
+ send_member="Sleep"/>
+
+ <deny send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager"
+ send_member="sleep"/>
+
+ <deny send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager"
+ send_member="wake"/>
</policy>
<policy context="default">
<deny own="org.freedesktop.NetworkManager"/>
@@ -72,6 +84,18 @@
send_interface="org.freedesktop.NetworkManager"
send_member="SetLogging"/>
+ <deny send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager"
+ send_member="Sleep"/>
+
+ <deny send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager"
+ send_member="sleep"/>
+
+ <deny send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager"
+ send_member="wake"/>
+
<!-- The org.freedesktop.NetworkManagerSettings.Connection.Secrets
interface is secured via PolicyKit.
-->
diff --git a/src/nm-manager.c b/src/nm-manager.c
index 758a082..4a3e499 100644
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@@ -3369,6 +3369,7 @@ _internal_sleep (NMManager *self, gboolean do_sleep)
g_object_notify (G_OBJECT (self), NM_MANAGER_SLEEPING);
}
+#if 0
static void
sleep_auth_done_cb (NMAuthChain *chain,
GError *error,
@@ -3407,6 +3408,7 @@ sleep_auth_done_cb (NMAuthChain *chain,
nm_auth_chain_unref (chain);
}
+#endif
static void
impl_manager_sleep (NMManager *self,
@@ -3414,10 +3416,12 @@ impl_manager_sleep (NMManager *self,
DBusGMethodInvocation *context)
{
NMManagerPrivate *priv;
- NMAuthChain *chain;
GError *error = NULL;
+#if 0
+ NMAuthChain *chain;
gulong sender_uid = G_MAXULONG;
const char *error_desc = NULL;
+#endif
g_return_if_fail (NM_IS_MANAGER (self));
@@ -3432,6 +3436,19 @@ impl_manager_sleep (NMManager *self,
return;
}
+ /* Unconditionally allow the request. Previously it was polkit protected
+ * but unfortunately that doesn't work for short-lived processes like
+ * pm-utils. It uses dbus-send without --print-reply, which quits
+ * immediately after sending the request, and NM is unable to obtain the
+ * sender's UID as dbus-send has already dropped off the bus. Thus NM
+ * fails the request. Instead, don't validate the request, but rely on
+ * D-Bus permissions to restrict the call to root.
+ */
+ _internal_sleep (self, do_sleep);
+ dbus_g_method_return (context);
+ return;
+
+#if 0
if (!nm_auth_get_caller_uid (context, priv->dbus_mgr, &sender_uid, &error_desc)) {
error = g_error_new_literal (NM_MANAGER_ERROR,
NM_MANAGER_ERROR_PERMISSION_DENIED,
@@ -3457,6 +3474,7 @@ impl_manager_sleep (NMManager *self,
nm_auth_chain_set_data (chain, "sleep", GUINT_TO_POINTER (do_sleep), NULL);
nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SLEEP_WAKE, TRUE);
+#endif
}
static void