Blame SOURCES/gdm-networking.patch

1bd53d
From 1eb9fef5e18d56bbe7a6422303ff8e31fe677759 Mon Sep 17 00:00:00 2001
1bd53d
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
1bd53d
Date: Mon, 7 Jun 2021 17:49:57 +0200
1bd53d
Subject: [PATCH 1/5] status/network: Disable modem connection when windows
1bd53d
 aren't allowed
1bd53d
1bd53d
The item launches the corresponding Settings panel when activated, which
1bd53d
doesn't work when windows are disabled by the session mode. Rather than
1bd53d
failing silently, turn the item insensitive.
1bd53d
---
1bd53d
 js/ui/status/network.js | 12 ++++++++++++
1bd53d
 1 file changed, 12 insertions(+)
1bd53d
1bd53d
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
1bd53d
index 5487fde40..6e7878d20 100644
1bd53d
--- a/js/ui/status/network.js
1bd53d
+++ b/js/ui/status/network.js
1bd53d
@@ -563,6 +563,10 @@ var NMDeviceModem = class extends NMConnectionDevice {
1bd53d
                 this._iconChanged();
1bd53d
             });
1bd53d
         }
1bd53d
+
1bd53d
+        this._sessionUpdatedId =
1bd53d
+            Main.sessionMode.connect('updated', this._sessionUpdated.bind(this));
1bd53d
+        this._sessionUpdated();
1bd53d
     }
1bd53d
 
1bd53d
     get category() {
1bd53d
@@ -573,6 +577,10 @@ var NMDeviceModem = class extends NMConnectionDevice {
1bd53d
         launchSettingsPanel('network', 'connect-3g', this._device.get_path());
1bd53d
     }
1bd53d
 
1bd53d
+    _sessionUpdated() {
1bd53d
+        this._autoConnectItem.sensitive = Main.sessionMode.hasWindows;
1bd53d
+    }
1bd53d
+
1bd53d
     destroy() {
1bd53d
         if (this._operatorNameId) {
1bd53d
             this._mobileDevice.disconnect(this._operatorNameId);
1bd53d
@@ -582,6 +590,10 @@ var NMDeviceModem = class extends NMConnectionDevice {
1bd53d
             this._mobileDevice.disconnect(this._signalQualityId);
1bd53d
             this._signalQualityId = 0;
1bd53d
         }
1bd53d
+        if (this._sessionUpdatedId) {
1bd53d
+            Main.sessionMode.disconnect(this._sessionUpdatedId);
1bd53d
+            this._sessionUpdatedId = 0;
1bd53d
+        }
1bd53d
 
1bd53d
         super.destroy();
1bd53d
     }
1bd53d
-- 
1bd53d
2.31.1
1bd53d
1bd53d
1bd53d
From 0288558940c0090dca0873daeaa33e8d20cdbb0f Mon Sep 17 00:00:00 2001
1bd53d
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
1bd53d
Date: Mon, 7 Jun 2021 18:28:32 +0200
1bd53d
Subject: [PATCH 2/5] status/network: Only list wifi networks that can be
1bd53d
 activated
1bd53d
1bd53d
Setting up a connection for an Enterprise WPA(2) encrypted wireless
1bd53d
network requires Settings. That's not available when windows are
1bd53d
disabled via the session mode, so filter out affected entries.
1bd53d
---
1bd53d
 js/ui/status/network.js | 30 +++++++++++++++++++++++++++++-
1bd53d
 1 file changed, 29 insertions(+), 1 deletion(-)
1bd53d
1bd53d
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
1bd53d
index 6e7878d20..36915dbc1 100644
1bd53d
--- a/js/ui/status/network.js
1bd53d
+++ b/js/ui/status/network.js
1bd53d
@@ -1,6 +1,6 @@
1bd53d
 // -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*-
1bd53d
 /* exported NMApplet */
1bd53d
-const { Clutter, Gio, GLib, GObject, NM, St } = imports.gi;
1bd53d
+const { Clutter, Gio, GLib, GObject, Meta, NM, St } = imports.gi;
1bd53d
 const Signals = imports.signals;
1bd53d
 
1bd53d
 const Animation = imports.ui.animation;
1bd53d
@@ -816,6 +816,11 @@ class NMWirelessDialog extends ModalDialog.ModalDialog {
1bd53d
             GLib.source_remove(this._scanTimeoutId);
1bd53d
             this._scanTimeoutId = 0;
1bd53d
         }
1bd53d
+
1bd53d
+        if (this._syncVisibilityId) {
1bd53d
+            Meta.later_remove(this._syncVisibilityId);
1bd53d
+            this._syncVisibilityId = 0;
1bd53d
+        }
1bd53d
     }
1bd53d
 
1bd53d
     _onScanTimeout() {
1bd53d
@@ -1149,9 +1154,32 @@ class NMWirelessDialog extends ModalDialog.ModalDialog {
1bd53d
             this._itemBox.insert_child_at_index(network.item, newPos);
1bd53d
         }
1bd53d
 
1bd53d
+        this._queueSyncItemVisibility();
1bd53d
         this._syncView();
1bd53d
     }
1bd53d
 
1bd53d
+    _queueSyncItemVisibility() {
1bd53d
+        if (this._syncVisibilityId)
1bd53d
+            return;
1bd53d
+
1bd53d
+        this._syncVisibilityId = Meta.later_add(
1bd53d
+            Meta.LaterType.BEFORE_REDRAW,
1bd53d
+            () => {
1bd53d
+                const { hasWindows } = Main.sessionMode;
1bd53d
+                const { WPA2_ENT, WPA_ENT } = NMAccessPointSecurity;
1bd53d
+
1bd53d
+                for (const network of this._networks) {
1bd53d
+                    const [firstAp] = network.accessPoints;
1bd53d
+                    network.item.visible =
1bd53d
+                        hasWindows ||
1bd53d
+                        network.connections.length > 0 ||
1bd53d
+                        (firstAp._secType !== WPA2_ENT && firstAp._secType !== WPA_ENT);
1bd53d
+                }
1bd53d
+                this._syncVisibilityId = 0;
1bd53d
+                return GLib.SOURCE_REMOVE;
1bd53d
+            });
1bd53d
+    }
1bd53d
+
1bd53d
     _accessPointRemoved(device, accessPoint) {
1bd53d
         let res = this._findExistingNetwork(accessPoint);
1bd53d
 
1bd53d
-- 
1bd53d
2.31.1
1bd53d
1bd53d
1bd53d
From eb9620bc134ef8e7732f5e64b93ac9ea5bba2092 Mon Sep 17 00:00:00 2001
1bd53d
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
1bd53d
Date: Tue, 8 Jun 2021 00:17:48 +0200
1bd53d
Subject: [PATCH 3/5] status/network: Consider network-control action
1bd53d
1bd53d
NetworkManager installs a `network-control` polkit action that can
1bd53d
be used to disallow network configuration, except that we happily
1bd53d
ignore it. Add it to the conditions that turn a network section
1bd53d
insensitive.
1bd53d
---
1bd53d
 js/ui/status/network.js | 14 ++++++++++++--
1bd53d
 1 file changed, 12 insertions(+), 2 deletions(-)
1bd53d
1bd53d
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
1bd53d
index 36915dbc1..e238fdfe7 100644
1bd53d
--- a/js/ui/status/network.js
1bd53d
+++ b/js/ui/status/network.js
1bd53d
@@ -1,6 +1,6 @@
1bd53d
 // -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*-
1bd53d
 /* exported NMApplet */
1bd53d
-const { Clutter, Gio, GLib, GObject, Meta, NM, St } = imports.gi;
1bd53d
+const { Clutter, Gio, GLib, GObject, Meta, NM, Polkit, St } = imports.gi;
1bd53d
 const Signals = imports.signals;
1bd53d
 
1bd53d
 const Animation = imports.ui.animation;
1bd53d
@@ -1750,11 +1750,21 @@ class Indicator extends PanelMenu.SystemIndicator {
1bd53d
         this._client.connect('connection-removed', this._connectionRemoved.bind(this));
1bd53d
 
1bd53d
         Main.sessionMode.connect('updated', this._sessionUpdated.bind(this));
1bd53d
+        try {
1bd53d
+            this._configPermission = await Polkit.Permission.new(
1bd53d
+                'org.freedesktop.NetworkManager.network-control', null, null);
1bd53d
+        } catch (e) {
1bd53d
+            log('No permission to control network connections: %s'.format(e.toString()));
1bd53d
+            this._configPermission = null;
1bd53d
+        }
1bd53d
         this._sessionUpdated();
1bd53d
     }
1bd53d
 
1bd53d
     _sessionUpdated() {
1bd53d
-        let sensitive = !Main.sessionMode.isLocked && !Main.sessionMode.isGreeter;
1bd53d
+        const sensitive =
1bd53d
+            !Main.sessionMode.isLocked &&
1bd53d
+            !Main.sessionMode.isGreeter &&
1bd53d
+            this._configPermission && this._configPermission.allowed;
1bd53d
         this.menu.setSensitive(sensitive);
1bd53d
     }
1bd53d
 
1bd53d
-- 
1bd53d
2.31.1
1bd53d
1bd53d
1bd53d
From 2392810bb7e3d48fb33c4d6de39f5be2eca58988 Mon Sep 17 00:00:00 2001
1bd53d
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
1bd53d
Date: Thu, 10 Jun 2021 23:12:27 +0200
1bd53d
Subject: [PATCH 4/5] sessionMode: Enable networkAgent on login screen
1bd53d
1bd53d
We will soon enable the network sections in the status menu on the
1bd53d
login screen, so enable the network agent to handle authentication
1bd53d
requests (like wifi/VPN passwords).
1bd53d
---
1bd53d
 js/ui/sessionMode.js | 4 +++-
1bd53d
 1 file changed, 3 insertions(+), 1 deletion(-)
1bd53d
1bd53d
diff --git a/js/ui/sessionMode.js b/js/ui/sessionMode.js
1bd53d
index aa69fd115..4d4fb2444 100644
1bd53d
--- a/js/ui/sessionMode.js
1bd53d
+++ b/js/ui/sessionMode.js
1bd53d
@@ -47,7 +47,9 @@ const _modes = {
1bd53d
         isGreeter: true,
1bd53d
         isPrimary: true,
1bd53d
         unlockDialog: imports.gdm.loginDialog.LoginDialog,
1bd53d
-        components: ['polkitAgent'],
1bd53d
+        components: Config.HAVE_NETWORKMANAGER
1bd53d
+            ? ['networkAgent', 'polkitAgent']
1bd53d
+            : ['polkitAgent'],
1bd53d
         panel: {
1bd53d
             left: [],
1bd53d
             center: ['dateMenu'],
1bd53d
-- 
1bd53d
2.31.1
1bd53d
1bd53d
1bd53d
From b5fedfd846f271bf28be02ce5cd8517af7a3bc0a Mon Sep 17 00:00:00 2001
1bd53d
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
1bd53d
Date: Tue, 8 Jun 2021 00:19:26 +0200
1bd53d
Subject: [PATCH 5/5] status/network: Do not disable on login screen
1bd53d
1bd53d
We currently disable all network items on both the lock- and login
1bd53d
screen. While it makes sense to be very restrictive on the lock screen,
1bd53d
there are some (fringe) use cases for being more permissive on the
1bd53d
login screen (like remote home directories only accessible via VPN).
1bd53d
1bd53d
There's precedence with the power-off/restart actions to be less
1bd53d
restrictive on the login screen, and since we started respecting
1bd53d
the `network-control` polkit action, it's possible to restore the
1bd53d
old behavior if desired.
1bd53d
---
1bd53d
 js/ui/status/network.js | 1 -
1bd53d
 1 file changed, 1 deletion(-)
1bd53d
1bd53d
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
1bd53d
index e238fdfe7..f510f90ae 100644
1bd53d
--- a/js/ui/status/network.js
1bd53d
+++ b/js/ui/status/network.js
1bd53d
@@ -1763,7 +1763,6 @@ class Indicator extends PanelMenu.SystemIndicator {
1bd53d
     _sessionUpdated() {
1bd53d
         const sensitive =
1bd53d
             !Main.sessionMode.isLocked &&
1bd53d
-            !Main.sessionMode.isGreeter &&
1bd53d
             this._configPermission && this._configPermission.allowed;
1bd53d
         this.menu.setSensitive(sensitive);
1bd53d
     }
1bd53d
-- 
1bd53d
2.31.1
1bd53d