Debian Bug report logs - #426462
network-manager: Add support for at_console dbus access check

version graph

Package: network-manager; Maintainer for network-manager is Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>; Source for network-manager is src:network-manager.

Reported by: Petter Reinholdtsen <pere@hungry.com>

Date: Mon, 28 May 2007 22:18:11 UTC

Severity: important

Tags: patch

Found in version network-manager/0.6.4-8

Fixed in version network-manager/0.6.5-1

Done: Michael Biebl <biebl@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>:
Bug#426462; Package network-manager. Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
New Bug report received and forwarded. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: submit@bugs.debian.org
Subject: network-manager: Add support for at_console dbus access check
Date: Tue, 29 May 2007 00:12:03 +0200
Package:  network-manager
Version:  0.6.4-8
Severity: important
Tags:     patch

In a large installation, it does not scale to add all users to the
groups granting access to local devices on each machine.  In such
configurations it is better to assign that access dynamically at
login, using the pam_group and pam_foreground pam modules.

In Debian Edu, we use pam_group and pam_foreground to grant access to
single desktop machines (what we call the standalone profile), to make
sure all users are treated the same way even if they are added later
on using adduser or added to the LDAP database.  I would recommend
Debian changed its default to also use pam_group and pam_foreground to
grant access to local devices.

In such setting, the network-manager do not work properly, as it do
not grant access to console users but only to members of the netdev
group.

Here is a patch to fix it, by granting access to both members of the
netdev group, and the users logged into the console.  It modifies the
patches 02-dbus_access_network_manager and 03-dbus_access_nm_applet to
add a block for the netdev group instead of modifying the setting for
the at_console group.

diff -u network-manager-0.6.4/debian/patches/03-dbus_access_nm_applet.patch network-manager-0.6.4/debian/patches/03-dbus_access_nm_applet.patch
--- network-manager-0.6.4/debian/patches/03-dbus_access_nm_applet.patch
+++ network-manager-0.6.4/debian/patches/03-dbus_access_nm_applet.patch
@@ -1,11 +1,15 @@
---- gnome/applet/nm-applet.conf.orig	2006-02-07 04:22:39.000000000 +0100
-+++ gnome/applet/nm-applet.conf	2006-02-07 04:23:00.000000000 +0100
-@@ -8,7 +8,7 @@
+--- gnome/applet/nm-applet.conf.orig	2007-05-28 23:58:46.000000000 +0200
++++ gnome/applet/nm-applet.conf	2007-05-28 23:59:21.000000000 +0200
+@@ -14,6 +14,12 @@
  		<allow send_destination="org.freedesktop.NetworkManagerInfo"/>
                  <allow send_interface="org.freedesktop.NetworkManagerInfo"/>
  	</policy>
--	<policy at_console="true">
 +	<policy group="netdev">
- 		<allow own="org.freedesktop.NetworkManagerInfo"/>
++		<allow own="org.freedesktop.NetworkManagerInfo"/>
++
++		<allow send_destination="org.freedesktop.NetworkManagerInfo"/>
++                <allow send_interface="org.freedesktop.NetworkManagerInfo"/>
++	</policy>
+ 	<policy context="default">
+ 		<deny own="org.freedesktop.NetworkManagerInfo"/>
  
- 		<allow send_destination="org.freedesktop.NetworkManagerInfo"/>
diff -u network-manager-0.6.4/debian/patches/02-dbus_access_network_manager.patch network-manager-0.6.4/debian/patches/02-dbus_access_network_manager.patch
--- network-manager-0.6.4/debian/patches/02-dbus_access_network_manager.patch
+++ network-manager-0.6.4/debian/patches/02-dbus_access_network_manager.patch
@@ -1,15 +1,17 @@
---- src/NetworkManager.conf.orig	2006-06-14 02:47:10.000000000 +0200
-+++ src/NetworkManager.conf	2006-06-14 02:48:31.000000000 +0200
-@@ -8,7 +8,11 @@
+--- src/NetworkManager.conf.orig	2007-05-28 23:57:20.000000000 +0200
++++ src/NetworkManager.conf	2007-05-29 00:00:50.000000000 +0200
+@@ -12,6 +12,14 @@
                  <allow send_destination="org.freedesktop.NetworkManager"/>
                  <allow send_interface="org.freedesktop.NetworkManager"/>
          </policy>
--        <policy at_console="true">
 +        <policy user="haldaemon">
 +                <allow send_destination="org.freedesktop.NetworkManager"/>
 +                <allow send_interface="org.freedesktop.NetworkManager"/>
 +        </policy>
 +        <policy group="netdev">
-                 <allow send_destination="org.freedesktop.NetworkManager"/>
-                 <allow send_interface="org.freedesktop.NetworkManager"/>
-         </policy>
++                <allow send_destination="org.freedesktop.NetworkManager"/>
++                <allow send_interface="org.freedesktop.NetworkManager"/>
++        </policy>
+         <policy context="default">
+                 <deny own="org.freedesktop.NetworkManager"/>
+                 <deny send_destination="org.freedesktop.NetworkManager"/>



Reply sent to Michael Biebl <biebl@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Petter Reinholdtsen <pere@hungry.com>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 426462-close@bugs.debian.org (full text, mbox):

From: Michael Biebl <biebl@debian.org>
To: 426462-close@bugs.debian.org
Subject: Bug#426462: fixed in network-manager 0.6.5-1
Date: Mon, 27 Aug 2007 00:03:13 +0000
Source: network-manager
Source-Version: 0.6.5-1

We believe that the bug you reported is fixed in the latest version of
network-manager, which is due to be installed in the Debian FTP archive:

libnm-glib-dev_0.6.5-1_i386.deb
  to pool/main/n/network-manager/libnm-glib-dev_0.6.5-1_i386.deb
libnm-glib0_0.6.5-1_i386.deb
  to pool/main/n/network-manager/libnm-glib0_0.6.5-1_i386.deb
libnm-util-dev_0.6.5-1_i386.deb
  to pool/main/n/network-manager/libnm-util-dev_0.6.5-1_i386.deb
libnm-util0_0.6.5-1_i386.deb
  to pool/main/n/network-manager/libnm-util0_0.6.5-1_i386.deb
network-manager-dev_0.6.5-1_i386.deb
  to pool/main/n/network-manager/network-manager-dev_0.6.5-1_i386.deb
network-manager_0.6.5-1.diff.gz
  to pool/main/n/network-manager/network-manager_0.6.5-1.diff.gz
network-manager_0.6.5-1.dsc
  to pool/main/n/network-manager/network-manager_0.6.5-1.dsc
network-manager_0.6.5-1_i386.deb
  to pool/main/n/network-manager/network-manager_0.6.5-1_i386.deb
network-manager_0.6.5.orig.tar.gz
  to pool/main/n/network-manager/network-manager_0.6.5.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 426462@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated network-manager package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 27 Aug 2007 00:39:16 +0200
Source: network-manager
Binary: libnm-util-dev network-manager-dev libnm-util0 libnm-glib0 network-manager libnm-glib-dev
Architecture: source i386
Version: 0.6.5-1
Distribution: unstable
Urgency: low
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description: 
 libnm-glib-dev - network management framework (GLib interface)
 libnm-glib0 - network management framework (GLib shared library)
 libnm-util-dev - network management framework (development files)
 libnm-util0 - network management framework (shared library)
 network-manager - network management framework daemon
 network-manager-dev - network management framework (development files)
Closes: 375302 402747 420959 420959 426462 431562 431658
Changes: 
 network-manager (0.6.5-1) unstable; urgency=low
 .
   * New upstream release. (Closes: #420959, #431658)
     - Runs wpa_supplicant in less verbose mode. (Closes: #375302, #431562)
     - Adds support for LEAP and phase two authentication.
       (Closes: #420959, #402747)
   * Removed patches that were merged upstream
     - debian/patches/09_fix_bigendian_words.patch
     - debian/patches/12_dbus1.0.patch
     - debian/patches/13-wep_capabilities
   * debian/network-manager.preinst
     - Do not parse /var/lib/dpkg/status directly but use dpkg-query instead.
   * Rebased and updated patches for new release
     - debian/patches/11-man_page_sh_name.patch
     - debian/patches/05-debian_backend.patch
   * Upstream has split nm-applet into a separate package. This means we no
     longer build the network-manager-gnome binary package from this source
     package.
     - Removed files that are now part of the new nm-applet source package
       + debian/network-manager-gnome.README.Debian
       + debian/patches/10-po_fr.patch
       + debian/patches/14-po_de.patch
       + debian/patches/03-dbus_access_nm_applet.patch
       + debian/network-manager-gnome.manpages
       + debian/nm-applet.sgml
       + debian/network-manager.install
       + debian/network-manager-gnome.install
     - debian/control
       + Remove the binary package network-manager-gnome.
       + Add Conflicts/Replaces: network-manager-gnome (<< 0.6.5-1) as
         nm-vpn-properties is now part of the network-manager binary package.
       + Update Build-Depends. Add autotools-dev, libglib2.0-dev and iproute,
         remove libpanel-applet2-dev.
     - debian/rules
       + Do not build the nm-applet.1 manpage anymore.
       + Exclude nm-vpn-properties from dh_shlibdeps. This is a temporary
         workaround until this binary has also been moved into the nm-applet
         source package.
     - debian/copyright
       + Remove the copyright notices for files which are now in the nm-applet
         source package.
   * debian/patches/20-stable_branch_updates_r2652.patch
     - Pull updates from the stable branch up until revision 2652.
     - Fixes broken link detection and a couple of smaller issues.
     - Adds support for the rfkill switch.
   * debian/patches/02-dbus_access_network_manager.patch
     - Add support for at_console dbus access check. (Closes: #426462)
Files: 
 82095922917e6bba67bb804366cf1020 1243 net optional network-manager_0.6.5-1.dsc
 b5143199dcd0195d9926169bb0b395f6 965539 net optional network-manager_0.6.5.orig.tar.gz
 f777befa05038e6f3c0a4225a6b2d65c 26196 net optional network-manager_0.6.5-1.diff.gz
 f77223d3085140299f829de0c4702eaf 378672 net optional network-manager_0.6.5-1_i386.deb
 7a5371be7124168aae5cb1507f27b786 119788 devel optional network-manager-dev_0.6.5-1_i386.deb
 93ff7bfae695eadb52ef8f4c1a8b2e22 125336 libs optional libnm-glib0_0.6.5-1_i386.deb
 5288b72b89eb50730f533a9ded70257d 125192 libdevel optional libnm-glib-dev_0.6.5-1_i386.deb
 3fe95404c36db8824e20fccca52cbdb1 131556 libs optional libnm-util0_0.6.5-1_i386.deb
 1d07092c7e0e2a84cdf86bd64b151973 135162 libdevel optional libnm-util-dev_0.6.5-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG0g3wh7PER70FhVQRAl6CAKC95HHwEj0BUjqQ53TaHiTxenpYDwCfWB2H
OZX6AT0arkTDXx8xXxzOsKI=
=EJIF
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 08 Oct 2007 07:30:28 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 08:42:02 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.