Package: cnetworkmanager
Version: 0.21.1-1
Severity: important
The rule I comment below :
<policy at_console="true">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
<allow
send_destination="org.freedesktop.NetworkManagerUserSettings"/>
<!-- Only root can get secrets -->
<!-- <deny
send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/>
-->
</policy>
is at_console thus overides the nm-applet.conf user="root" rule that allow the :
<allow
send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/>
ie:
<policy user="root">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
<allow
send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings"/>
<allow
send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection"/>
<!-- Only root can get secrets -->
<allow
send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/>
</policy>
In short as NetworkManager does not show the gerror from the: secrets_result
function in src/nm-activation-request.c in NetworkManager
the fact that this rule is denied is silently ignored. The symptom is
dbus-monitor --system:
signal sender=:1.569 -> dest=(null destination) serial=260008
path=/org/freedesktop/NetworkManager/Devices/1;
interface=org.freedesktop.NetworkManager.Device; member=StateChanged
uint32 5
uint32 4
uint32 0
signal sender=:1.569 -> dest=(null destination) serial=260009
path=/org/freedesktop/NetworkManager/Devices/1;
interface=org.freedesktop.NetworkManager.Device; member=StateChanged
uint32 6
uint32 5
uint32 0
signal sender=:1.569 -> dest=(null destination) serial=260013
path=/org/freedesktop/NetworkManager/Devices/1;
interface=org.freedesktop.NetworkManager.Device.Wireless;
member=PropertiesChanged
array [
dict entry(
string "State"
variant uint32 6
)
]
signal sender=:1.569 -> dest=(null destination) serial=260014
path=/org/freedesktop/NetworkManager/Devices/1;
interface=org.freedesktop.NetworkManager.Device; member=StateChanged
uint32 9
uint32 6
uint32 7
signal sender=:1.569 -> dest=(null destination) serial=260017
path=/org/freedesktop/NetworkManager/Devices/1;
interface=org.freedesktop.NetworkManager.Device.Wireless;
member=PropertiesChanged
array [
dict entry(
string "State"
variant uint32 9
)
]
ie that state change to 6 (AUTH needed) to 9 (failure) witrh reason 7 (no
secrets provided).
The nm-applet log is:
** (nm-applet:5476): WARNING **: Error in getting active connection 'Vpn'
property: (19) Method "Get" with signature "ss" on interface
"org.freedesktop.DBus.Properties" doesn't exist
** (nm-applet:5476): WARNING **: _nm_object_array_demarshal: couldn't create
object for /org/freedesktop/NetworkManager/ActiveConnection/1
as due to the failure to get secret the (here I do not use vpn) the
activeconnection is discarded and then later on when nm tries to check the Vpn
property on the active connection
this one is no more thus the error shown above.
Thank you to either use policykit or enable the :
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/>
in the user="root" to fix this one.
Maybe this bug should be cloned to ask for nm to log the dbus error in
secrets_result function in src/nm-activation-request.c. Please do if you
believe so too.
Best regards,
Alban
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.34-rc4-wleeepc (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages cnetworkmanager depends on:
ii network-manager 0.8-1 network management framework daemo
ii python 2.5.4-9 An interactive high-level object-o
ii python-dbus 0.83.1-1 simple interprocess messaging syst
ii python-support 1.0.7 automated rebuilding support for P
cnetworkmanager recommends no packages.
cnetworkmanager suggests no packages.
-- Configuration Files:
/etc/dbus-1/system.d/cnetworkmanager.conf changed:
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";>
<busconfig>
<policy user="root">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
<allow
send_destination="org.freedesktop.NetworkManagerUserSettings"/>
</policy>
<policy at_console="true">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
<allow
send_destination="org.freedesktop.NetworkManagerUserSettings"/>
<!-- Only root can get secrets -->
<!-- <deny
send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/>
-->
</policy>
<policy context="default">
<deny
send_destination="org.freedesktop.NetworkManagerUserSettings"/>
<allow
send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.DBus.Introspectable"/>
</policy>
<limit name="max_replies_per_connection">512</limit>
</busconfig>
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
