[Python-apps-team] Bug#578408: cnetworkmanager dbus config prevents nm-applet from asking about password
Alban Browaeys
prahal at yahoo.com
Mon Apr 19 16:45:10 UTC 2010
Package: cnetworkmanager
Version: 0.21.1-1
Severity: important
The rule I comment below :
<policy at_console="true">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"/>
<!-- Only root can get secrets -->
<!-- <deny send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/>
-->
</policy>
is at_console thus overides the nm-applet.conf user="root" rule that allow the :
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/>
ie:
<policy user="root">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection"/>
<!-- Only root can get secrets -->
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/>
</policy>
In short as NetworkManager does not show the gerror from the: secrets_result function in src/nm-activation-request.c in NetworkManager
the fact that this rule is denied is silently ignored. The symptom is dbus-monitor --system:
signal sender=:1.569 -> dest=(null destination) serial=260008 path=/org/freedesktop/NetworkManager/Devices/1; interface=org.freedesktop.NetworkManager.Device; member=StateChanged
uint32 5
uint32 4
uint32 0
signal sender=:1.569 -> dest=(null destination) serial=260009 path=/org/freedesktop/NetworkManager/Devices/1; interface=org.freedesktop.NetworkManager.Device; member=StateChanged
uint32 6
uint32 5
uint32 0
signal sender=:1.569 -> dest=(null destination) serial=260013 path=/org/freedesktop/NetworkManager/Devices/1; interface=org.freedesktop.NetworkManager.Device.Wireless; member=PropertiesChanged
array [
dict entry(
string "State"
variant uint32 6
)
]
signal sender=:1.569 -> dest=(null destination) serial=260014 path=/org/freedesktop/NetworkManager/Devices/1; interface=org.freedesktop.NetworkManager.Device; member=StateChanged
uint32 9
uint32 6
uint32 7
signal sender=:1.569 -> dest=(null destination) serial=260017 path=/org/freedesktop/NetworkManager/Devices/1; interface=org.freedesktop.NetworkManager.Device.Wireless; member=PropertiesChanged
array [
dict entry(
string "State"
variant uint32 9
)
]
ie that state change to 6 (AUTH needed) to 9 (failure) witrh reason 7 (no secrets provided).
The nm-applet log is:
** (nm-applet:5476): WARNING **: Error in getting active connection 'Vpn' property: (19) Method "Get" with signature "ss" on interface "org.freedesktop.DBus.Properties" doesn't exist
** (nm-applet:5476): WARNING **: _nm_object_array_demarshal: couldn't create object for /org/freedesktop/NetworkManager/ActiveConnection/1
as due to the failure to get secret the (here I do not use vpn) the activeconnection is discarded and then later on when nm tries to check the Vpn property on the active connection
this one is no more thus the error shown above.
Thank you to either use policykit or enable the :
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/>
in the user="root" to fix this one.
Maybe this bug should be cloned to ask for nm to log the dbus error in secrets_result function in src/nm-activation-request.c. Please do if you believe so too.
Best regards,
Alban
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.34-rc4-wleeepc (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages cnetworkmanager depends on:
ii network-manager 0.8-1 network management framework daemo
ii python 2.5.4-9 An interactive high-level object-o
ii python-dbus 0.83.1-1 simple interprocess messaging syst
ii python-support 1.0.7 automated rebuilding support for P
cnetworkmanager recommends no packages.
cnetworkmanager suggests no packages.
-- Configuration Files:
/etc/dbus-1/system.d/cnetworkmanager.conf changed:
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"/>
</policy>
<policy at_console="true">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"/>
<!-- Only root can get secrets -->
<!-- <deny send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/>
-->
</policy>
<policy context="default">
<deny send_destination="org.freedesktop.NetworkManagerUserSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.DBus.Introspectable"/>
</policy>
<limit name="max_replies_per_connection">512</limit>
</busconfig>
-- no debconf information
More information about the Python-apps-team
mailing list