From ed0699886f49e5dd8d6ca9ffb60ba17cd76a810f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Mon, 7 Jun 2021 17:49:57 +0200
Subject: [PATCH 1/5] status/network: Disable modem connection when windows
aren't allowed
The item launches the corresponding Settings panel when activated, which
doesn't work when windows are disabled by the session mode. Rather than
failing silently, turn the item insensitive.
---
js/ui/status/network.js | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
index b3bb7589c..3ad7b04dd 100644
--- a/js/ui/status/network.js
+++ b/js/ui/status/network.js
@@ -514,6 +514,10 @@ var NMDeviceModem = class extends NMConnectionDevice {
this._iconChanged();
});
}
+
+ this._sessionUpdatedId =
+ Main.sessionMode.connect('updated', this._sessionUpdated.bind(this));
+ this._sessionUpdated();
}
get category() {
@@ -525,6 +529,10 @@ var NMDeviceModem = class extends NMConnectionDevice {
'connect-3g', this._device.get_path()]);
}
+ _sessionUpdated() {
+ this._autoConnectItem.sensitive = Main.sessionMode.hasWindows;
+ }
+
destroy() {
if (this._operatorNameId) {
this._mobileDevice.disconnect(this._operatorNameId);
@@ -534,6 +542,10 @@ var NMDeviceModem = class extends NMConnectionDevice {
this._mobileDevice.disconnect(this._signalQualityId);
this._signalQualityId = 0;
}
+ if (this._sessionUpdatedId) {
+ Main.sessionMode.disconnect(this._sessionUpdatedId);
+ this._sessionUpdatedId = 0;
+ }
super.destroy();
}
--
2.31.1
From 59d52e1591e1522fff22320c657496ca978a7926 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Mon, 7 Jun 2021 18:28:32 +0200
Subject: [PATCH 2/5] status/network: Only list wifi networks that can be
activated
Setting up a connection for an Enterprise WPA(2) encrypted wireless
network requires Settings. That's not available when windows are
disabled via the session mode, so filter out affected entries.
---
js/ui/status/network.js | 29 ++++++++++++++++++++++++++++-
1 file changed, 28 insertions(+), 1 deletion(-)
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
index 3ad7b04dd..c023022a7 100644
--- a/js/ui/status/network.js
+++ b/js/ui/status/network.js
@@ -1,5 +1,5 @@
// -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*-
-const { Clutter, Gio, GLib, GObject, NM, St } = imports.gi;
+const { Clutter, Gio, GLib, GObject, Meta, NM, St } = imports.gi;
const Mainloop = imports.mainloop;
const Signals = imports.signals;
@@ -751,6 +751,11 @@ var NMWirelessDialog = class extends ModalDialog.ModalDialog {
this._scanTimeoutId = 0;
}
+ if (this._syncVisibilityId) {
+ Meta.later_remove(this._syncVisibilityId);
+ this._syncVisibilityId = 0;
+ }
+
super.destroy();
}
@@ -1081,9 +1086,31 @@ var NMWirelessDialog = class extends ModalDialog.ModalDialog {
this._itemBox.insert_child_at_index(network.item.actor, newPos);
}
+ this._queueSyncItemVisibility();
this._syncView();
}
+ _queueSyncItemVisibility() {
+ if (this._syncVisibilityId)
+ return;
+
+ this._syncVisibilityId = Meta.later_add(
+ Meta.LaterType.BEFORE_REDRAW,
+ () => {
+ const { hasWindows } = Main.sessionMode;
+ const { WPA2_ENT, WPA_ENT } = NMAccessPointSecurity;
+
+ for (const network of this._networks) {
+ const [firstAp] = network.accessPoints;
+ network.item.visible =
+ hasWindows ||
+ network.connections.length > 0 ||
+ (firstAp._secType !== WPA2_ENT && firstAp._secType !== WPA_ENT);
+ }
+ return GLib.SOURCE_REMOVE;
+ });
+ }
+
_accessPointRemoved(device, accessPoint) {
let res = this._findExistingNetwork(accessPoint);
--
2.31.1
From 9d204cdb38bcfee214dbe0b0bf9c2073dc50fe93 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Tue, 8 Jun 2021 00:17:48 +0200
Subject: [PATCH 3/5] status/network: Consider network-control action
NetworkManager installs a `network-control` polkit action that can
be used to disallow network configuration, except that we happily
ignore it. Add it to the conditions that turn a network section
insensitive.
---
js/ui/status/network.js | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
index c023022a7..79729e01b 100644
--- a/js/ui/status/network.js
+++ b/js/ui/status/network.js
@@ -1,5 +1,5 @@
// -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*-
-const { Clutter, Gio, GLib, GObject, Meta, NM, St } = imports.gi;
+const { Clutter, Gio, GLib, GObject, Meta, NM, Polkit, St } = imports.gi;
const Mainloop = imports.mainloop;
const Signals = imports.signals;
@@ -1683,11 +1683,25 @@ var NMApplet = class extends PanelMenu.SystemIndicator {
this._client.connect('connection-removed', this._connectionRemoved.bind(this));
Main.sessionMode.connect('updated', this._sessionUpdated.bind(this));
- this._sessionUpdated();
+
+ this._configPermission = null;
+ Polkit.Permission.new(
+ 'org.freedesktop.NetworkManager.network-control', null, null,
+ (o, res) => {
+ try {
+ this._configPermission = Polkit.Permission.new_finish(res);
+ } catch (e) {
+ log('No permission to control network connections: %s'.format(e.toString()));
+ }
+ this._sessionUpdated();
+ });
}
_sessionUpdated() {
- let sensitive = !Main.sessionMode.isLocked && !Main.sessionMode.isGreeter;
+ const sensitive =
+ !Main.sessionMode.isLocked &&
+ !Main.sessionMode.isGreeter &&
+ this._configPermission && this._configPermission.allowed;
this.menu.setSensitive(sensitive);
}
--
2.31.1
From 7d2c8aabb86b9942c99ae9b7157dbffb875acde9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Thu, 10 Jun 2021 23:12:27 +0200
Subject: [PATCH 4/5] sessionMode: Enable networkAgent on login screen
We will soon enable the network sections in the status menu on the
login screen, so enable the network agent to handle authentication
requests (like wifi/VPN passwords).
---
js/ui/sessionMode.js | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/js/ui/sessionMode.js b/js/ui/sessionMode.js
index 25aa75a3d..fa7f83416 100644
--- a/js/ui/sessionMode.js
+++ b/js/ui/sessionMode.js
@@ -43,7 +43,9 @@ const _modes = {
isGreeter: true,
isPrimary: true,
unlockDialog: imports.gdm.loginDialog.LoginDialog,
- components: ['polkitAgent'],
+ components: Config.HAVE_NETWORKMANAGER
+ ? ['networkAgent', 'polkitAgent']
+ : ['polkitAgent'],
panel: {
left: [],
center: ['dateMenu'],
--
2.31.1
From 07ce899bcb9d30991262d6c484508e6c5fa14c85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Tue, 8 Jun 2021 00:19:26 +0200
Subject: [PATCH 5/5] status/network: Do not disable on login screen
We currently disable all network items on both the lock- and login
screen. While it makes sense to be very restrictive on the lock screen,
there are some (fringe) use cases for being more permissive on the
login screen (like remote home directories only accessible via VPN).
There's precedence with the power-off/restart actions to be less
restrictive on the login screen, and since we started respecting
the `network-control` polkit action, it's possible to restore the
old behavior if desired.
---
js/ui/status/network.js | 1 -
1 file changed, 1 deletion(-)
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
index 79729e01b..914dbbd99 100644
--- a/js/ui/status/network.js
+++ b/js/ui/status/network.js
@@ -1700,7 +1700,6 @@ var NMApplet = class extends PanelMenu.SystemIndicator {
_sessionUpdated() {
const sensitive =
!Main.sessionMode.isLocked &&
- !Main.sessionMode.isGreeter &&
this._configPermission && this._configPermission.allowed;
this.menu.setSensitive(sensitive);
}
--
2.31.1