[Bug 713639] New: NetworkManager: broken privilege handling
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c0 Summary: NetworkManager: broken privilege handling Classification: openSUSE Product: openSUSE 12.1 Version: Factory Platform: All OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: lnussel@novell.com QAContact: qa@suse.de CC: holler@nefkom.info, dimstar@opensuse.org, bruno@ioda-net.ch, vuntz@novell.com, dutchkind@txoriaskea.org, melchiaros@aol.com Found By: --- Blocker: --- Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flag| |SHIP_STOPPER? +++ This bug was initially created as a clone of Bug #680140 +++ I tried connecting to a WPA2 enterprise network. The implementation looks rather broken/buggy. NM seems to require PK authentication for the wrong action and presents the wrong dialogs. When a system connection is created with the option to always prompt for the password I would not expect requiring root authentication from the user to actually enter it. Also, presenting the full connection edit dialog instead of just a password prompt is rather confusing. This needs to be fixed in NM and has nothing to do with the default privilege setting. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c zj jia <zjjia@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zjjia@novell.com AssignedTo|bnc-team-screening@forge.pr |bili@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c1 Stephan Kulow <coolo@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P1 - Urgent Flag|SHIP_STOPPER? |SHIP_STOPPER+ --- Comment #1 from Stephan Kulow <coolo@suse.com> 2011-09-27 10:53:30 CEST --- This needs to be fixed or worked around as last resort. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c2 --- Comment #2 from Vincent Untz <vuntz@suse.com> 2011-09-27 09:18:31 UTC --- https://bugzilla.gnome.org/show_bug.cgi?id=646187 is the upstream bug about this. I'm unsure how easy this is fixable. (FWIW, the workaround is easy: change the policy for org.freedesktop.NetworkManager.settings.modify.own) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c3 Li Bin <bili@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |lnussel@suse.com --- Comment #3 from Li Bin <bili@suse.com> 2011-09-27 15:49:08 UTC --- Ludwig, So I'm still not understand your issue clearly, what's the wrong dialogs, And I viewed the bgo which in comment #2, so the workaround is let the WPA2 enterprise network use the org.freedesktop.NetworkManager.settings.modify.own while not org.freedesktop.NetworkManager.settings.modify.system, so that it wouldn't need to require PK authentication, right? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c4 --- Comment #4 from Bruno Friedmann <bruno@ioda-net.ch> 2011-09-27 16:54:07 UTC --- Even without WPA2 enterprise the pk auth and root password appear. I suspect that's used by NM to update the last time connected :-( and it ask also (which seems normal) opening my kwallet -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c5 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|lnussel@suse.com | --- Comment #5 from Ludwig Nussel <lnussel@suse.com> 2011-09-28 08:49:34 CEST --- (In reply to comment #3)
So I'm still not understand your issue clearly, what's the wrong dialogs,
Try it out then you'll see.
And I viewed the bgo which in comment #2, so the workaround is let the WPA2 enterprise network use the org.freedesktop.NetworkManager.settings.modify.own while not org.freedesktop.NetworkManager.settings.modify.system, so that it wouldn't need to require PK authentication, right?
No. See the NM mailinglist for an analysis: http://mail.gnome.org/archives/networkmanager-list/2011-September/msg00216.h... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c6 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |michalng@gmail.com --- Comment #6 from Ludwig Nussel <lnussel@suse.com> 2011-10-06 13:00:25 CEST --- *** Bug 722033 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=722033 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c7 --- Comment #7 from Robert Riemann <rriemann@physik.hu-berlin.de> 2011-10-09 01:02:29 UTC --- For me this bug is really a release-blocker! I would love if someone could tell me in detail how to work-around this bug. I think, that I'm not able to figure out how to change the PolicyKit settings might be another bug. I really don't get it. :/ Kind regards, Robert -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c8 --- Comment #8 from Hans-Peter Holler <holler@nefkom.info> 2011-10-09 12:40:51 UTC --- As root: - make sure package polkit-default-privs is installed - edit /etc/polkit-default-privs.local - add these lines: org.freedesktop.NetworkManager.settings.modify.own yes org.freedesktop.NetworkManager.settings.modify.system yes - run /sbin/set_polkit_default_privs HTH, Hans-Peter @Ludwig: yes, this is ugly and insecure, but if you want a working system ... ;-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c9 --- Comment #9 from Ludwig Nussel <lnussel@suse.com> 2011-10-10 11:06:12 CEST --- Please try home:lnussel:branches:GNOME:Factory/NetworkManager -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c10 --- Comment #10 from Will Stephenson <wstephenson@suse.com> 2011-10-10 11:11:26 UTC --- That worksforme, on startup and resume from sleep Can you do something similar for modemmanager? org.freedesktop.ModemManager.Device.Control is privileged, and required for SIM unlock, and granting this to a user with polkit is not remembered. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c11 --- Comment #11 from Ludwig Nussel <lnussel@suse.com> 2011-10-10 13:29:30 CEST --- I wasn't even aware that the user directly talks to MM. I thought NM acts as proxy. org.freedesktop.ModemManager.Device.Control is most likely an entirely different, unrelated problem. Probably even works as designed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c12 --- Comment #12 from Hans-Peter Holler <holler@nefkom.info> 2011-10-10 19:53:32 UTC --- Sorry, http://download.opensuse.org/repositories/home:/lnussel:/branches:/GNOME:/ is empty. Waiting for Factory :-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c13 --- Comment #13 from Ludwig Nussel <lnussel@suse.com> 2011-10-11 13:31:35 CEST --- oops, publishing was disabled. I've enable it now. Meanwhile you can still fetch the packages using "osc getbinaries" -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c14 --- Comment #14 from Vincent Untz <vuntz@suse.com> 2011-10-14 15:45:18 UTC --- Ludwig: thanks for submitting your fixes (https://build.opensuse.org/request/show/87842). Just checking with you: we'll use those patches for 12.1, but can I assume it's fine to drop them once 12.1 is released in Factory so we can get the real fixes later on? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c15 --- Comment #15 from Vincent Untz <vuntz@suse.com> 2011-10-14 15:47:11 UTC --- Btw, does this mean we will still require root authentication for org.freedesktop.NetworkManager.settings.modify.own? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c16 --- Comment #16 from Ludwig Nussel <lnussel@suse.com> 2011-10-17 09:03:49 CEST --- yes and yes. Note that the system vs user connection thing doesn't make much sense with NM 0.9. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c17 Li Bin <bili@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bili@suse.com |lnussel@suse.com --- Comment #17 from Li Bin <bili@suse.com> 2011-10-17 07:55:45 UTC --- Ludwig, So I thought you could close it as fixed. Assign to you. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c18 --- Comment #18 from Bernhard Wiedemann <bwiedemann@suse.com> 2011-10-17 10:00:09 CEST --- This is an autogenerated message for OBS integration: This bug (713639) was mentioned in https://build.opensuse.org/request/show/88130 Factory / NetworkManager -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c19 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #19 from Ludwig Nussel <lnussel@suse.com> 2011-10-17 10:11:24 CEST --- done -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c20 Will Stephenson <wstephenson@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Version|Factory |RC 2 Resolution|FIXED | --- Comment #20 from Will Stephenson <wstephenson@suse.com> 2011-11-04 12:21:54 UTC --- This is back with RC2 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c21 --- Comment #21 from Ludwig Nussel <lnussel@suse.com> 2011-11-04 13:45:52 CET --- please describe what you did and how to reproduce -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c22 --- Comment #22 from Christopher Stender <cstender@suse.com> 2011-11-04 12:57:26 UTC --- Steps to reproduce * go to the networkmanager plasmoid * add a new wireless connection for the "Novell" network (enter user and pw) * make sure that "system connection" isn't activated * save configuration -> NM requires the root password and creates a system connection in /etc/NetworkManager/system-connections I'm not sure if this is really the same bug or just another bug in the networkmanager plasmoid because "system connection" was not activated. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c23 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED --- Comment #23 from Ludwig Nussel <lnussel@suse.com> 2011-11-04 15:00:04 CET --- This is expected. The bug is about activating such a connection, not about creating it. With NM all connections are in fact system connections. The checkbox previously known as 'system connection' just controls who is allowed to activate the connection. GNOME therefore calls this option "available to all users". -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c24 --- Comment #24 from Christopher Stender <cstender@suse.com> 2011-11-04 14:12:35 UTC --- Ludwig, thanks a lot for the information. @Will: IMHO the "system connection" string in the plasmoid should be renamed as well. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c25 --- Comment #25 from Michal ng <michalng@gmail.com> 2011-11-17 14:01:39 UTC --- Hi Lugwig, I've report the duplicate bug here (https://bugzilla.novell.com/show_bug.cgi?id=722033) just to confirm my understanding, it is expected/normal for Networkmanager to request for root privileges before connecting to wireless access point? (If memory does not fail me, believe that root privileges is not required in 11.2 or some other distribution.) Thanks in advance for the clarification. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c26 Sven Burmeister <sven.burmeister@gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sven.burmeister@gmx.net --- Comment #26 from Sven Burmeister <sven.burmeister@gmx.net> 2011-11-19 17:15:14 UTC --- (In reply to comment #25)
just to confirm my understanding, it is expected/normal for Networkmanager to request for root privileges before connecting to wireless access point? (If memory does not fail me, believe that root privileges is not required in 11.2 or some other distribution.)
No. Creating needs root privileges because the connection is not stored within you user's folders but within the base-system. Connecting does not need root privileges. The really bad thing about it is though that AFAIK formatting / and keeping /home will lose your connections. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c27 --- Comment #27 from David Kerkhof <dutchkind@txoriaskea.org> 2011-11-21 18:05:36 UTC --- I still fail to see the logic of this decision. There are many laptop users out there that have no admin rights, but need to set up connections while on the road. You can't expect them to call the system admin for this each time they have to connect to a wireless system. This makes the whole networkmanager a useless system with a lot of hassle. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.novell.com/show_bug.cgi?id=713639#c28 --- Comment #28 from Sven Burmeister <sven.burmeister@gmx.net> 2011-11-21 18:56:56 UTC --- (In reply to comment #27)
I still fail to see the logic of this decision. There are many laptop users out there that have no admin rights, but need to set up connections while on the road. You can't expect them to call the system admin for this each time they have to connect to a wireless system. This makes the whole networkmanager a useless system with a lot of hassle.
Your admin should be able to set policykit's settings to something he thinks is sensible. If he wants you do be able to create connections, he can. Since this is a bug report, please keep discussion to the mailinglist, e.g. opensuse@. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com