From ed0699886f49e5dd8d6ca9ffb60ba17cd76a810f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20M=C3=BCllner?= Date: Mon, 7 Jun 2021 17:49:57 +0200 Subject: [PATCH 1/5] status/network: Disable modem connection when windows aren't allowed The item launches the corresponding Settings panel when activated, which doesn't work when windows are disabled by the session mode. Rather than failing silently, turn the item insensitive. --- js/ui/status/network.js | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/js/ui/status/network.js b/js/ui/status/network.js index b3bb7589c..3ad7b04dd 100644 --- a/js/ui/status/network.js +++ b/js/ui/status/network.js @@ -514,6 +514,10 @@ var NMDeviceModem = class extends NMConnectionDevice { this._iconChanged(); }); } + + this._sessionUpdatedId = + Main.sessionMode.connect('updated', this._sessionUpdated.bind(this)); + this._sessionUpdated(); } get category() { @@ -525,6 +529,10 @@ var NMDeviceModem = class extends NMConnectionDevice { 'connect-3g', this._device.get_path()]); } + _sessionUpdated() { + this._autoConnectItem.sensitive = Main.sessionMode.hasWindows; + } + destroy() { if (this._operatorNameId) { this._mobileDevice.disconnect(this._operatorNameId); @@ -534,6 +542,10 @@ var NMDeviceModem = class extends NMConnectionDevice { this._mobileDevice.disconnect(this._signalQualityId); this._signalQualityId = 0; } + if (this._sessionUpdatedId) { + Main.sessionMode.disconnect(this._sessionUpdatedId); + this._sessionUpdatedId = 0; + } super.destroy(); } -- 2.31.1 From 59d52e1591e1522fff22320c657496ca978a7926 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20M=C3=BCllner?= Date: Mon, 7 Jun 2021 18:28:32 +0200 Subject: [PATCH 2/5] status/network: Only list wifi networks that can be activated Setting up a connection for an Enterprise WPA(2) encrypted wireless network requires Settings. That's not available when windows are disabled via the session mode, so filter out affected entries. --- js/ui/status/network.js | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/js/ui/status/network.js b/js/ui/status/network.js index 3ad7b04dd..c023022a7 100644 --- a/js/ui/status/network.js +++ b/js/ui/status/network.js @@ -1,5 +1,5 @@ // -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*- -const { Clutter, Gio, GLib, GObject, NM, St } = imports.gi; +const { Clutter, Gio, GLib, GObject, Meta, NM, St } = imports.gi; const Mainloop = imports.mainloop; const Signals = imports.signals; @@ -751,6 +751,11 @@ var NMWirelessDialog = class extends ModalDialog.ModalDialog { this._scanTimeoutId = 0; } + if (this._syncVisibilityId) { + Meta.later_remove(this._syncVisibilityId); + this._syncVisibilityId = 0; + } + super.destroy(); } @@ -1081,9 +1086,31 @@ var NMWirelessDialog = class extends ModalDialog.ModalDialog { this._itemBox.insert_child_at_index(network.item.actor, newPos); } + this._queueSyncItemVisibility(); this._syncView(); } + _queueSyncItemVisibility() { + if (this._syncVisibilityId) + return; + + this._syncVisibilityId = Meta.later_add( + Meta.LaterType.BEFORE_REDRAW, + () => { + const { hasWindows } = Main.sessionMode; + const { WPA2_ENT, WPA_ENT } = NMAccessPointSecurity; + + for (const network of this._networks) { + const [firstAp] = network.accessPoints; + network.item.visible = + hasWindows || + network.connections.length > 0 || + (firstAp._secType !== WPA2_ENT && firstAp._secType !== WPA_ENT); + } + return GLib.SOURCE_REMOVE; + }); + } + _accessPointRemoved(device, accessPoint) { let res = this._findExistingNetwork(accessPoint); -- 2.31.1 From 9d204cdb38bcfee214dbe0b0bf9c2073dc50fe93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20M=C3=BCllner?= Date: Tue, 8 Jun 2021 00:17:48 +0200 Subject: [PATCH 3/5] status/network: Consider network-control action NetworkManager installs a `network-control` polkit action that can be used to disallow network configuration, except that we happily ignore it. Add it to the conditions that turn a network section insensitive. --- js/ui/status/network.js | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/js/ui/status/network.js b/js/ui/status/network.js index c023022a7..79729e01b 100644 --- a/js/ui/status/network.js +++ b/js/ui/status/network.js @@ -1,5 +1,5 @@ // -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*- -const { Clutter, Gio, GLib, GObject, Meta, NM, St } = imports.gi; +const { Clutter, Gio, GLib, GObject, Meta, NM, Polkit, St } = imports.gi; const Mainloop = imports.mainloop; const Signals = imports.signals; @@ -1683,11 +1683,25 @@ var NMApplet = class extends PanelMenu.SystemIndicator { this._client.connect('connection-removed', this._connectionRemoved.bind(this)); Main.sessionMode.connect('updated', this._sessionUpdated.bind(this)); - this._sessionUpdated(); + + this._configPermission = null; + Polkit.Permission.new( + 'org.freedesktop.NetworkManager.network-control', null, null, + (o, res) => { + try { + this._configPermission = Polkit.Permission.new_finish(res); + } catch (e) { + log('No permission to control network connections: %s'.format(e.toString())); + } + this._sessionUpdated(); + }); } _sessionUpdated() { - let sensitive = !Main.sessionMode.isLocked && !Main.sessionMode.isGreeter; + const sensitive = + !Main.sessionMode.isLocked && + !Main.sessionMode.isGreeter && + this._configPermission && this._configPermission.allowed; this.menu.setSensitive(sensitive); } -- 2.31.1 From 7d2c8aabb86b9942c99ae9b7157dbffb875acde9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20M=C3=BCllner?= Date: Thu, 10 Jun 2021 23:12:27 +0200 Subject: [PATCH 4/5] sessionMode: Enable networkAgent on login screen We will soon enable the network sections in the status menu on the login screen, so enable the network agent to handle authentication requests (like wifi/VPN passwords). --- js/ui/sessionMode.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/js/ui/sessionMode.js b/js/ui/sessionMode.js index 25aa75a3d..fa7f83416 100644 --- a/js/ui/sessionMode.js +++ b/js/ui/sessionMode.js @@ -43,7 +43,9 @@ const _modes = { isGreeter: true, isPrimary: true, unlockDialog: imports.gdm.loginDialog.LoginDialog, - components: ['polkitAgent'], + components: Config.HAVE_NETWORKMANAGER + ? ['networkAgent', 'polkitAgent'] + : ['polkitAgent'], panel: { left: [], center: ['dateMenu'], -- 2.31.1 From 07ce899bcb9d30991262d6c484508e6c5fa14c85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20M=C3=BCllner?= Date: Tue, 8 Jun 2021 00:19:26 +0200 Subject: [PATCH 5/5] status/network: Do not disable on login screen We currently disable all network items on both the lock- and login screen. While it makes sense to be very restrictive on the lock screen, there are some (fringe) use cases for being more permissive on the login screen (like remote home directories only accessible via VPN). There's precedence with the power-off/restart actions to be less restrictive on the login screen, and since we started respecting the `network-control` polkit action, it's possible to restore the old behavior if desired. --- js/ui/status/network.js | 1 - 1 file changed, 1 deletion(-) diff --git a/js/ui/status/network.js b/js/ui/status/network.js index 79729e01b..914dbbd99 100644 --- a/js/ui/status/network.js +++ b/js/ui/status/network.js @@ -1700,7 +1700,6 @@ var NMApplet = class extends PanelMenu.SystemIndicator { _sessionUpdated() { const sensitive = !Main.sessionMode.isLocked && - !Main.sessionMode.isGreeter && this._configPermission && this._configPermission.allowed; this.menu.setSensitive(sensitive); } -- 2.31.1