[NetworkManager] fix suspend/resume and nmcli issues
Daniel Williams
dcbw at fedoraproject.org
Fri Oct 15 19:16:42 UTC 2010
commit 3e67131815f78e1a8b22c720addf59a6df4361f6
Author: Dan Williams <dcbw at redhat.com>
Date: Fri Oct 15 14:19:39 2010 -0500
fix suspend/resume and nmcli issues
- core: fix suspend/resume regression (rh #638640)
- core: fix issue causing some nmcli requests to be ignored
NetworkManager.spec | 10 +++-
nm-libnm-glib-prop-set-delay.patch | 50 +++++++++++++++
nm-sleep-wake-no-auth.patch | 122 ++++++++++++++++++++++++++++++++++++
3 files changed, 181 insertions(+), 1 deletions(-)
---
diff --git a/NetworkManager.spec b/NetworkManager.spec
index 94c7d3a..b34e57e 100644
--- a/NetworkManager.spec
+++ b/NetworkManager.spec
@@ -20,7 +20,7 @@ Name: NetworkManager
Summary: Network connection manager and user applications
Epoch: 1
Version: 0.8.1
-Release: 8%{snapshot}%{?dist}
+Release: 9%{snapshot}%{?dist}
Group: System Environment/Base
License: GPLv2+
URL: http://www.gnome.org/projects/NetworkManager/
@@ -34,6 +34,8 @@ Patch3: nm-applet-no-notifications.patch
Patch4: nm-remove-stale-hosts-mappings.patch
Patch5: nm-preserve-custom-hostnames.patch
Patch6: nm-prevent-hostname-dup.patch
+Patch7: nm-sleep-wake-no-auth.patch
+Patch8: nm-libnm-glib-prop-set-delay.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires(post): chkconfig
@@ -167,6 +169,8 @@ tar -xjf %{SOURCE1}
%patch4 -p1 -b .remove-stale-hosts-mappings
%patch5 -p1 -b .preserve-custom-hostnames
%patch6 -p1 -b .prevent-hostname-dup
+%patch7 -p1 -b .sleep-wake
+%patch8 -p1 -b .prop-set-delay
%build
@@ -420,6 +424,10 @@ fi
%{_datadir}/gtk-doc/html/libnm-util/*
%changelog
+* Fri Oct 15 2010 Dan Williams <dcbw at redhat.com> - 0.8.1-9
+- core: fix suspend/resume regression (rh #638640)
+- core: fix issue causing some nmcli requests to be ignored
+
* Thu Oct 7 2010 Dan Williams <dcbw at redhat.com> - 0.8.1-8
- core: preserve custom local-mapped hostnames in /etc/hosts (rh #627269)
diff --git a/nm-libnm-glib-prop-set-delay.patch b/nm-libnm-glib-prop-set-delay.patch
new file mode 100644
index 0000000..ea60d8a
--- /dev/null
+++ b/nm-libnm-glib-prop-set-delay.patch
@@ -0,0 +1,50 @@
+commit 8d7b9a4ef56d3ca0c06c8d655e71698bdab04d9f
+Author: Jiří Klimeš <jklimes at redhat.com>
+Date: Fri Oct 15 09:41:34 2010 +0200
+
+ libnm-glib: call D-Bus with a timeout when Set()ting properties
+
+ The caller needs to be authenticated, so wait a bit to be sure
+ it didn't quit too quickly.
+
+diff --git a/libnm-glib/Makefile.am b/libnm-glib/Makefile.am
+index 008cc6d..ec21a32 100644
+--- a/libnm-glib/Makefile.am
++++ b/libnm-glib/Makefile.am
+@@ -132,7 +132,7 @@ libnm_glib_la_LIBADD = \
+ $(GUDEV_LIBS)
+
+ libnm_glib_la_LDFLAGS = -Wl,--version-script=$(srcdir)/libnm-glib.ver \
+- -version-info "6:1:4"
++ -version-info "6:2:4"
+
+ noinst_PROGRAMS = libnm-glib-test
+
+diff --git a/libnm-glib/nm-object.c b/libnm-glib/nm-object.c
+index 72ea050..85cb6b7 100644
+--- a/libnm-glib/nm-object.c
++++ b/libnm-glib/nm-object.c
+@@ -527,12 +527,17 @@ _nm_object_set_property (NMObject *object,
+ g_return_if_fail (prop_name != NULL);
+ g_return_if_fail (G_IS_VALUE (value));
+
+- dbus_g_proxy_call_no_reply (NM_OBJECT_GET_PRIVATE (object)->properties_proxy,
+- "Set",
+- G_TYPE_STRING, interface,
+- G_TYPE_STRING, prop_name,
+- G_TYPE_VALUE, value,
+- G_TYPE_INVALID);
++ if (!dbus_g_proxy_call_with_timeout (NM_OBJECT_GET_PRIVATE (object)->properties_proxy,
++ "Set", 2000, NULL,
++ G_TYPE_STRING, interface,
++ G_TYPE_STRING, prop_name,
++ G_TYPE_VALUE, value,
++ G_TYPE_INVALID)) {
++
++ /* Ignore errors. dbus_g_proxy_call_with_timeout() is called instead of
++ * dbus_g_proxy_call_no_reply() to give NM chance to authenticate the caller.
++ */
++ }
+ }
+
+ char *
diff --git a/nm-sleep-wake-no-auth.patch b/nm-sleep-wake-no-auth.patch
new file mode 100644
index 0000000..9c90a08
--- /dev/null
+++ b/nm-sleep-wake-no-auth.patch
@@ -0,0 +1,122 @@
+commit 878f6c4074acfdee42c320680f5529e01b909ba2
+Author: Dan Williams <dcbw at redhat.com>
+Date: Fri Oct 15 10:28:38 2010 -0500
+
+ core: ignore authorization for sleep/wake requests (but restrict to root) (rh #638640)
+
+ Everyone uses pm-utils still for sleep/wake support, and that's
+ traditionally how NM was put to sleep and woken up. But pm-utils
+ uses dbus-send without --print-reply so dbus-send quits immediately
+ after sending the message. That doesn't give NM enough time to
+ get the senders UID and thus validate the request, so the request
+ gets denied, and sometimes NM stays asleep after the machine is
+ woken up.
+
+ Instead, don't get the sender's UID and try to authorize it, but
+ just let the request go through. Rely on D-Bus permissions to
+ make sure that only root can call sleep/wake methods.
+
+diff --git a/src/NetworkManager.conf b/src/NetworkManager.conf
+index 8d08314..1f1ed49 100644
+--- a/src/NetworkManager.conf
++++ b/src/NetworkManager.conf
+@@ -60,6 +60,18 @@
+ <deny send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager"
+ send_member="SetLogging"/>
++
++ <deny send_destination="org.freedesktop.NetworkManager"
++ send_interface="org.freedesktop.NetworkManager"
++ send_member="Sleep"/>
++
++ <deny send_destination="org.freedesktop.NetworkManager"
++ send_interface="org.freedesktop.NetworkManager"
++ send_member="sleep"/>
++
++ <deny send_destination="org.freedesktop.NetworkManager"
++ send_interface="org.freedesktop.NetworkManager"
++ send_member="wake"/>
+ </policy>
+ <policy context="default">
+ <deny own="org.freedesktop.NetworkManager"/>
+@@ -72,6 +84,18 @@
+ send_interface="org.freedesktop.NetworkManager"
+ send_member="SetLogging"/>
+
++ <deny send_destination="org.freedesktop.NetworkManager"
++ send_interface="org.freedesktop.NetworkManager"
++ send_member="Sleep"/>
++
++ <deny send_destination="org.freedesktop.NetworkManager"
++ send_interface="org.freedesktop.NetworkManager"
++ send_member="sleep"/>
++
++ <deny send_destination="org.freedesktop.NetworkManager"
++ send_interface="org.freedesktop.NetworkManager"
++ send_member="wake"/>
++
+ <!-- The org.freedesktop.NetworkManagerSettings.Connection.Secrets
+ interface is secured via PolicyKit.
+ -->
+diff --git a/src/nm-manager.c b/src/nm-manager.c
+index 758a082..4a3e499 100644
+--- a/src/nm-manager.c
++++ b/src/nm-manager.c
+@@ -3369,6 +3369,7 @@ _internal_sleep (NMManager *self, gboolean do_sleep)
+ g_object_notify (G_OBJECT (self), NM_MANAGER_SLEEPING);
+ }
+
++#if 0
+ static void
+ sleep_auth_done_cb (NMAuthChain *chain,
+ GError *error,
+@@ -3407,6 +3408,7 @@ sleep_auth_done_cb (NMAuthChain *chain,
+
+ nm_auth_chain_unref (chain);
+ }
++#endif
+
+ static void
+ impl_manager_sleep (NMManager *self,
+@@ -3414,10 +3416,12 @@ impl_manager_sleep (NMManager *self,
+ DBusGMethodInvocation *context)
+ {
+ NMManagerPrivate *priv;
+- NMAuthChain *chain;
+ GError *error = NULL;
++#if 0
++ NMAuthChain *chain;
+ gulong sender_uid = G_MAXULONG;
+ const char *error_desc = NULL;
++#endif
+
+ g_return_if_fail (NM_IS_MANAGER (self));
+
+@@ -3432,6 +3436,19 @@ impl_manager_sleep (NMManager *self,
+ return;
+ }
+
++ /* Unconditionally allow the request. Previously it was polkit protected
++ * but unfortunately that doesn't work for short-lived processes like
++ * pm-utils. It uses dbus-send without --print-reply, which quits
++ * immediately after sending the request, and NM is unable to obtain the
++ * sender's UID as dbus-send has already dropped off the bus. Thus NM
++ * fails the request. Instead, don't validate the request, but rely on
++ * D-Bus permissions to restrict the call to root.
++ */
++ _internal_sleep (self, do_sleep);
++ dbus_g_method_return (context);
++ return;
++
++#if 0
+ if (!nm_auth_get_caller_uid (context, priv->dbus_mgr, &sender_uid, &error_desc)) {
+ error = g_error_new_literal (NM_MANAGER_ERROR,
+ NM_MANAGER_ERROR_PERMISSION_DENIED,
+@@ -3457,6 +3474,7 @@ impl_manager_sleep (NMManager *self,
+
+ nm_auth_chain_set_data (chain, "sleep", GUINT_TO_POINTER (do_sleep), NULL);
+ nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SLEEP_WAKE, TRUE);
++#endif
+ }
+
+ static void
More information about the scm-commits
mailing list