Bug#697529: unblock: network-manager-applet/0.9.4.1-3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package network-manager-applet
The handling of system wide connections caused a lot of grieve among
users and admins since it requires admin privileges.
For the simple cases (like single-user laptop), the pkla file we ship in
network-manager_0.9.4.0-7 is sufficient.
There are other use cases though, where you don't want to grant every
user the right to create and modify system connections like e.g. a
shared-laptop with untrusted users.
That's what this patch in nm-applet is for: In such a case giving the
user the root passwort or adding them to group netdev/sudo is not
wanted. So we automatically fall back to user connections.
A similar patch will be written for gnome-shell, which ships its own NM
client. Once that is ready I'll file a separate unblock request.
The changelog reads:
network-manager-applet (0.9.4.1-3) unstable; urgency=low
[ Michael Biebl ]
* Add Build-Depends on gnome-common which is required for autoreconf.
[ Josselin Mouette ]
* debian/patches/05-8021x-passwords-user.patch: patch from upstream git.
Correctly set 802.1x passwords as agent-owned, so that they are stored
in the user’s keyring.
* debian/patches/11-user-connections.patch: new patch. Set passwords as
agent-owned when they need to, to allow users without root permissions
to easily configure their connections. (Closes: #696256)
The logic is:
- Bluetooth, CDMA and GSM connections: always user-owned
- WEP/WPA connections: system-owned if user has the permissions
(with NM’s config, that is netdev or sudo membership), user-owned
otherwise. The password is stored in the keyring for WPA, not for
WEP.
- WiMax / Wired connections: always system-owned (with 802.1x
passwords in the keyring).
-- Michael Biebl <biebl@debian.org> Sun, 06 Jan 2013 09:57:29 +0100
Full debdiff is attached.
Cheers,
Michael
unblock network-manager-applet/0.9.4.1-3
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696256#148
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff --git a/debian/changelog b/debian/changelog
index dded885..a3b75c0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,26 @@
+network-manager-applet (0.9.4.1-3) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * Add Build-Depends on gnome-common which is required for autoreconf.
+
+ [ Josselin Mouette ]
+ * debian/patches/05-8021x-passwords-user.patch: patch from upstream git.
+ Correctly set 802.1x passwords as agent-owned, so that they are stored
+ in the user’s keyring.
+ * debian/patches/11-user-connections.patch: new patch. Set passwords as
+ agent-owned when they need to, to allow users without root permissions
+ to easily configure their connections. (Closes: #696256)
+ The logic is:
+ - Bluetooth, CDMA and GSM connections: always user-owned
+ - WEP/WPA connections: system-owned if user has the permissions
+ (with NM’s config, that is netdev or sudo membership), user-owned
+ otherwise. The password is stored in the keyring for WPA, not for
+ WEP.
+ - WiMax / Wired connections: always system-owned (with 802.1x
+ passwords in the keyring).
+
+ -- Michael Biebl <biebl@debian.org> Sun, 06 Jan 2013 09:57:29 +0100
+
network-manager-applet (0.9.4.1-2) unstable; urgency=low
* debian/rules: Use xz compression for binary packages.
diff --git a/debian/control b/debian/control
index f82a5a9..b3ef725 100644
--- a/debian/control
+++ b/debian/control
@@ -8,6 +8,7 @@ Build-Depends:
dpkg-dev (>= 1.16.1),
autotools-dev,
dh-autoreconf,
+ gnome-common,
intltool,
libdbus-glib-1-dev (>= 0.74),
libgnome-keyring-dev,
diff --git a/debian/patches/05-8021x-passwords-user.patch b/debian/patches/05-8021x-passwords-user.patch
new file mode 100644
index 0000000..d40538c
--- /dev/null
+++ b/debian/patches/05-8021x-passwords-user.patch
@@ -0,0 +1,223 @@
+From 2d666bc7aa6f0b731d131319b36f07b0f2bdce16 Mon Sep 17 00:00:00 2001
+From: Dan Williams <dcbw@redhat.com>
+Date: Mon, 05 Nov 2012 21:26:17 +0000
+Subject: libnm-gtk: set default 802.1x password flags to "agent-owned"
+
+Imported 0.8 connections and VPN connects had password flags set for
+the appropriate connection types, but we want to default 802.1x
+passwords to "agent-owned" too.
+---
+diff --git a/src/wireless-security/eap-method-leap.c b/src/wireless-security/eap-method-leap.c
+index 7e1d7bf..3a1545e 100644
+--- a/src/wireless-security/eap-method-leap.c
++++ b/src/wireless-security/eap-method-leap.c
+@@ -30,6 +30,8 @@
+
+ struct _EAPMethodLEAP {
+ EAPMethod parent;
++
++ gboolean new_connection;
+ };
+
+ static void
+@@ -83,6 +85,7 @@ add_to_size_group (EAPMethod *parent, GtkSizeGroup *group)
+ static void
+ fill_connection (EAPMethod *parent, NMConnection *connection)
+ {
++ EAPMethodLEAP *method = (EAPMethodLEAP *) parent;
+ NMSetting8021x *s_8021x;
+ GtkWidget *widget;
+
+@@ -98,6 +101,13 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_password_entry"));
+ g_assert (widget);
+ g_object_set (s_8021x, NM_SETTING_802_1X_PASSWORD, gtk_entry_get_text (GTK_ENTRY (widget)), NULL);
++
++ /* Default to agent-owned secrets for new connections */
++ if (method->new_connection) {
++ g_object_set (s_8021x,
++ NM_SETTING_802_1X_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
++ NULL);
++ }
+ }
+
+ static void
+@@ -115,6 +125,7 @@ eap_method_leap_new (WirelessSecurity *ws_parent,
+ NMConnection *connection,
+ gboolean secrets_only)
+ {
++ EAPMethodLEAP *method;
+ EAPMethod *parent;
+ GtkWidget *widget;
+
+@@ -131,6 +142,9 @@ eap_method_leap_new (WirelessSecurity *ws_parent,
+ if (!parent)
+ return NULL;
+
++ method = (EAPMethodLEAP *) parent;
++ method->new_connection = secrets_only ? FALSE : TRUE;
++
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_username_entry"));
+ g_assert (widget);
+ g_signal_connect (G_OBJECT (widget), "changed",
+@@ -163,6 +177,6 @@ eap_method_leap_new (WirelessSecurity *ws_parent,
+ (GCallback) show_toggled_cb,
+ parent);
+
+- return (EAPMethodLEAP *) parent;
++ return method;
+ }
+
+diff --git a/src/wireless-security/eap-method-simple.c b/src/wireless-security/eap-method-simple.c
+index ab5719d..6463c46 100644
+--- a/src/wireless-security/eap-method-simple.c
++++ b/src/wireless-security/eap-method-simple.c
+@@ -34,6 +34,7 @@ struct _EAPMethodSimple {
+
+ EAPMethodSimpleType type;
+ gboolean is_editor;
++ gboolean new_connection;
+ };
+
+ static void
+@@ -163,6 +164,13 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
+ g_assert (widget);
+ g_object_set (s_8021x, NM_SETTING_802_1X_PASSWORD, gtk_entry_get_text (GTK_ENTRY (widget)), NULL);
+ }
++
++ /* Default to agent-owned secrets for new connections */
++ if (method->new_connection && (not_saved == FALSE)) {
++ g_object_set (s_8021x,
++ NM_SETTING_802_1X_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
++ NULL);
++ }
+ }
+
+ static void
+@@ -230,6 +238,7 @@ eap_method_simple_new (WirelessSecurity *ws_parent,
+ method = (EAPMethodSimple *) parent;
+ method->type = type;
+ method->is_editor = is_editor;
++ method->new_connection = secrets_only ? FALSE : TRUE;
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_entry"));
+ g_assert (widget);
+diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c
+index 9128e42..d4efd5a 100644
+--- a/src/wireless-security/eap-method-tls.c
++++ b/src/wireless-security/eap-method-tls.c
+@@ -35,6 +35,8 @@
+
+ struct _EAPMethodTLS {
+ EAPMethod parent;
++
++ gboolean new_connection;
+ };
+
+
+@@ -117,12 +119,14 @@ add_to_size_group (EAPMethod *parent, GtkSizeGroup *group)
+ static void
+ fill_connection (EAPMethod *parent, NMConnection *connection)
+ {
++ EAPMethodTLS *method = (EAPMethodTLS *) parent;
+ NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ NMSetting8021x *s_8021x;
+ GtkWidget *widget;
+ char *ca_filename, *pk_filename, *cc_filename;
+ const char *password = NULL;
+ GError *error = NULL;
++ const char *secret_flag_prop = NULL;
+
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ g_assert (s_8021x);
+@@ -152,14 +156,20 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
+ g_warning ("Couldn't read phase2 private key '%s': %s", pk_filename, error ? error->message : "(unknown)");
+ g_clear_error (&error);
+ }
++ secret_flag_prop = NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS;
+ } else {
+ if (!nm_setting_802_1x_set_private_key (s_8021x, pk_filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
+ g_warning ("Couldn't read private key '%s': %s", pk_filename, error ? error->message : "(unknown)");
+ g_clear_error (&error);
+ }
++ secret_flag_prop = NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS;
+ }
+ g_free (pk_filename);
+
++ /* Default to agent-owned secrets for new connections */
++ if (method->new_connection)
++ g_object_set (s_8021x, secret_flag_prop, NM_SETTING_SECRET_FLAG_AGENT_OWNED, NULL);
++
+ /* TLS client certificate */
+ if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
+ /* If the key is pkcs#12 nm_setting_802_1x_set_private_key() already
+@@ -376,6 +386,7 @@ eap_method_tls_new (WirelessSecurity *ws_parent,
+ gboolean phase2,
+ gboolean secrets_only)
+ {
++ EAPMethodTLS *method;
+ EAPMethod *parent;
+ GtkWidget *widget;
+ NMSetting8021x *s_8021x = NULL;
+@@ -393,6 +404,9 @@ eap_method_tls_new (WirelessSecurity *ws_parent,
+ if (!parent)
+ return NULL;
+
++ method = (EAPMethodTLS *) parent;
++ method->new_connection = secrets_only ? FALSE : TRUE;
++
+ eap_method_nag_init (parent, "eap_tls_ca_cert_button", connection);
+
+ if (connection)
+@@ -458,6 +472,6 @@ eap_method_tls_new (WirelessSecurity *ws_parent,
+ gtk_widget_hide (widget);
+ }
+
+- return (EAPMethodTLS *) parent;
++ return method;
+ }
+
+diff --git a/src/wireless-security/ws-leap.c b/src/wireless-security/ws-leap.c
+index 1f0fdaf..16327cb 100644
+--- a/src/wireless-security/ws-leap.c
++++ b/src/wireless-security/ws-leap.c
+@@ -28,6 +28,7 @@
+
+ struct _WirelessSecurityLEAP {
+ WirelessSecurity parent;
++ gboolean new_connection;
+ };
+
+ static void
+@@ -79,6 +80,7 @@ add_to_size_group (WirelessSecurity *parent, GtkSizeGroup *group)
+ static void
+ fill_connection (WirelessSecurity *parent, NMConnection *connection)
+ {
++ WirelessSecurityLEAP *sec = (WirelessSecurityLEAP *) parent;
+ NMSettingWireless *s_wireless;
+ NMSettingWirelessSecurity *s_wireless_sec;
+ GtkWidget *widget;
+@@ -105,6 +107,13 @@ fill_connection (WirelessSecurity *parent, NMConnection *connection)
+ NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME, leap_username,
+ NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD, leap_password,
+ NULL);
++
++ /* Default to agent-owned secrets for new connections */
++ if (sec->new_connection) {
++ g_object_set (s_wireless_sec,
++ NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
++ NULL);
++ }
+ }
+
+ static void
+@@ -151,6 +160,7 @@ ws_leap_new (NMConnection *connection, gboolean secrets_only)
+
+ parent->adhoc_compatible = FALSE;
+ sec = (WirelessSecurityLEAP *) parent;
++ sec->new_connection = secrets_only ? FALSE : TRUE;
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "leap_password_entry"));
+ g_assert (widget);
+--
+cgit v0.9.0.2
diff --git a/debian/patches/11-user-connections.patch b/debian/patches/11-user-connections.patch
new file mode 100644
index 0000000..3001763
--- /dev/null
+++ b/debian/patches/11-user-connections.patch
@@ -0,0 +1,427 @@
+Index: network-manager-applet-0.9.4.1/src/applet-device-wifi.c
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/applet-device-wifi.c 2012-12-17 17:42:31.554758617 +0100
++++ network-manager-applet-0.9.4.1/src/applet-device-wifi.c 2012-12-17 19:19:20.727158212 +0100
+@@ -462,6 +462,23 @@ _do_new_auto_connection (NMApplet *apple
+ nm_connection_add_setting (connection, NM_SETTING (s_8021x));
+ }
+
++ if (utils_default_to_private_connection (applet->nm_client)) {
++ if (!s_con) {
++ s_con = (NMSettingConnection *) nm_setting_connection_new ();
++ nm_connection_add_setting (connection, NM_SETTING (s_con));
++ }
++ nm_setting_connection_add_permission (s_con, "user", g_get_user_name (), NULL);
++
++ if ((rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK) ||
++ (wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK)) {
++ if (!s_wsec) {
++ s_wsec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new ();
++ nm_connection_add_setting (connection, NM_SETTING (s_wsec));
++ }
++ g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_PSK_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED, NULL);
++ }
++ }
++
+ /* If it's an 802.1x connection, we need more information, so pop up the
+ * Dialog Of Doom.
+ */
+Index: network-manager-applet-0.9.4.1/src/applet-device-gsm.c
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/applet-device-gsm.c 2012-12-17 17:42:31.554758617 +0100
++++ network-manager-applet-0.9.4.1/src/applet-device-gsm.c 2012-12-17 17:42:33.054765947 +0100
+@@ -147,6 +147,7 @@ mobile_wizard_done (NMAMobileWizard *wiz
+ NM_SETTING_GSM_NUMBER, "*99#",
+ NM_SETTING_GSM_USERNAME, method->username,
+ NM_SETTING_GSM_PASSWORD, method->password,
++ NM_SETTING_GSM_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
+ NM_SETTING_GSM_APN, method->gsm_apn,
+ NULL);
+ nm_connection_add_setting (connection, setting);
+@@ -177,6 +178,7 @@ mobile_wizard_done (NMAMobileWizard *wiz
+ NULL);
+ g_free (uuid);
+ g_free (id);
++ nm_setting_connection_add_permission ((NMSettingConnection *) setting, "user", g_get_user_name (), NULL);
+ nm_connection_add_setting (connection, setting);
+ }
+
+Index: network-manager-applet-0.9.4.1/src/libnm-gtk/nm-wireless-dialog.c
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/libnm-gtk/nm-wireless-dialog.c 2012-12-17 17:42:31.554758617 +0100
++++ network-manager-applet-0.9.4.1/src/libnm-gtk/nm-wireless-dialog.c 2012-12-17 19:23:20.988332793 +0100
+@@ -1219,6 +1219,9 @@ nma_wireless_dialog_get_connection (NMAW
+ NM_SETTING_CONNECTION_UUID, uuid,
+ NULL);
+ g_free (uuid);
++ if (utils_default_to_private_connection (priv->client)) {
++ nm_setting_connection_add_permission (s_con, "user", g_get_user_name (), NULL);
++ }
+ nm_connection_add_setting (connection, (NMSetting *) s_con);
+
+ s_wireless = (NMSettingWireless *) nm_setting_wireless_new ();
+Index: network-manager-applet-0.9.4.1/src/applet-device-cdma.c
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/applet-device-cdma.c 2012-12-17 17:42:31.554758617 +0100
++++ network-manager-applet-0.9.4.1/src/applet-device-cdma.c 2012-12-17 17:42:33.054765947 +0100
+@@ -119,6 +119,7 @@ mobile_wizard_done (NMAMobileWizard *wiz
+ NM_SETTING_CDMA_NUMBER, "#777",
+ NM_SETTING_CDMA_USERNAME, method->username,
+ NM_SETTING_CDMA_PASSWORD, method->password,
++ NM_SETTING_CDMA_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
+ NULL);
+ nm_connection_add_setting (connection, setting);
+
+@@ -148,6 +149,7 @@ mobile_wizard_done (NMAMobileWizard *wiz
+ NULL);
+ g_free (uuid);
+ g_free (id);
++ nm_setting_connection_add_permission ((NMSettingConnection *) setting, "user", g_get_user_name (), NULL);
+ nm_connection_add_setting (connection, setting);
+ }
+
+Index: network-manager-applet-0.9.4.1/src/gnome-bluetooth/bt-widget.c
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/gnome-bluetooth/bt-widget.c 2012-12-17 17:42:31.554758617 +0100
++++ network-manager-applet-0.9.4.1/src/gnome-bluetooth/bt-widget.c 2012-12-17 17:42:33.058765971 +0100
+@@ -256,6 +256,7 @@ add_pan_connection (PluginInfo *info)
+ NULL);
+ g_free (id);
+ g_free (uuid);
++ nm_setting_connection_add_permission ((NMSettingConnection *) setting, "user", g_get_user_name (), NULL);
+ nm_connection_add_setting (connection, setting);
+
+ /* The Bluetooth settings */
+@@ -392,6 +393,7 @@ dun_new_cdma (NMAMobileWizardAccessMetho
+ NM_SETTING_CDMA_NUMBER, "#777",
+ NM_SETTING_CDMA_USERNAME, method->username,
+ NM_SETTING_CDMA_PASSWORD, method->password,
++ NM_SETTING_CDMA_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
+ NULL);
+ nm_connection_add_setting (connection, setting);
+
+@@ -421,6 +423,7 @@ dun_new_cdma (NMAMobileWizardAccessMetho
+ NULL);
+ g_free (uuid);
+ g_free (id);
++ nm_setting_connection_add_permission ((NMSettingConnection *) setting, "user", g_get_user_name (), NULL);
+ nm_connection_add_setting (connection, setting);
+
+ return connection;
+@@ -440,6 +443,7 @@ dun_new_gsm (NMAMobileWizardAccessMethod
+ NM_SETTING_GSM_NUMBER, "*99#",
+ NM_SETTING_GSM_USERNAME, method->username,
+ NM_SETTING_GSM_PASSWORD, method->password,
++ NM_SETTING_GSM_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
+ NM_SETTING_GSM_APN, method->gsm_apn,
+ NULL);
+ nm_connection_add_setting (connection, setting);
+@@ -470,6 +474,7 @@ dun_new_gsm (NMAMobileWizardAccessMethod
+ NULL);
+ g_free (uuid);
+ g_free (id);
++ nm_setting_connection_add_permission ((NMSettingConnection *) setting, "user", g_get_user_name (), NULL);
+ nm_connection_add_setting (connection, setting);
+
+ return connection;
+Index: network-manager-applet-0.9.4.1/src/utils/utils.c
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/utils/utils.c 2012-12-17 17:42:31.554758617 +0100
++++ network-manager-applet-0.9.4.1/src/utils/utils.c 2012-12-17 19:45:35.022854558 +0100
+@@ -390,3 +390,10 @@ utils_show_error_dialog (const char *tit
+ }
+ }
+
++gboolean
++utils_default_to_private_connection (NMClient *client)
++{
++ NMClientPermissionResult perms;
++ perms = nm_client_get_permission_result (client, NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM);
++ return (perms != NM_CLIENT_PERMISSION_RESULT_YES);
++}
+Index: network-manager-applet-0.9.4.1/src/utils/utils.h
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/utils/utils.h 2012-12-17 17:42:31.554758617 +0100
++++ network-manager-applet-0.9.4.1/src/utils/utils.h 2012-12-17 19:20:42.087555979 +0100
+@@ -27,6 +27,7 @@
+ #include <gtk/gtk.h>
+ #include <nm-connection.h>
+ #include <nm-device.h>
++#include <nm-client.h>
+ #include <net/ethernet.h>
+ #include <nm-access-point.h>
+ #include <gnome-keyring.h>
+@@ -64,6 +65,8 @@ void utils_show_error_dialog (const char
+ gboolean modal,
+ GtkWindow *parent);
+
++gboolean utils_default_to_private_connection (NMClient *client);
++
+ #define NMA_ERROR (g_quark_from_static_string ("nma-error-quark"))
+
+ typedef enum {
+Index: network-manager-applet-0.9.4.1/src/connection-editor/nm-connection-list.c
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/connection-editor/nm-connection-list.c 2012-12-17 17:42:31.554758617 +0100
++++ network-manager-applet-0.9.4.1/src/connection-editor/nm-connection-list.c 2012-12-17 21:25:44.500233404 +0100
+@@ -605,6 +605,7 @@ add_clicked (GtkButton *button, gpointer
+ info->new_func (GTK_WINDOW (list->dialog),
+ really_add_connection,
+ page_get_connections,
++ info->list->nm_client,
+ info);
+ }
+
+@@ -1577,6 +1578,7 @@ nm_connection_list_create (NMConnectionL
+ info->new_func (GTK_WINDOW (info->list->dialog),
+ really_add_connection,
+ page_get_connections,
++ info->list->nm_client,
+ info);
+ }
+ }
+Index: network-manager-applet-0.9.4.1/src/wireless-security/ws-wpa-psk.c
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/wireless-security/ws-wpa-psk.c 2012-12-17 17:42:31.554758617 +0100
++++ network-manager-applet-0.9.4.1/src/wireless-security/ws-wpa-psk.c 2012-12-17 19:35:09.479796428 +0100
+@@ -92,11 +92,13 @@ fill_connection (WirelessSecurity *paren
+ {
+ GtkWidget *widget;
+ const char *key;
++ NMSettingConnection *s_con;
+ NMSettingWireless *s_wireless;
+ NMSettingWirelessSecurity *s_wireless_sec;
+ const char *mode;
+ gboolean is_adhoc = FALSE;
+
++ s_con = nm_connection_get_setting_connection (connection);
+ s_wireless = nm_connection_get_setting_wireless (connection);
+ g_assert (s_wireless);
+
+@@ -113,6 +115,9 @@ fill_connection (WirelessSecurity *paren
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wpa_psk_entry"));
+ key = gtk_entry_get_text (GTK_ENTRY (widget));
+ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_PSK, key, NULL);
++ if (s_con && nm_setting_connection_get_num_permissions (s_con)) {
++ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_PSK_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED, NULL);
++ }
+
+ wireless_security_clear_ciphers (connection);
+ if (is_adhoc) {
+Index: network-manager-applet-0.9.4.1/src/connection-editor/page-mobile.c
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/connection-editor/page-mobile.c 2012-03-14 00:03:59.000000000 +0100
++++ network-manager-applet-0.9.4.1/src/connection-editor/page-mobile.c 2012-12-17 21:16:37.749560464 +0100
+@@ -554,6 +554,7 @@ new_connection_mobile_wizard_done (NMAMo
+ NMConnection *connection = NULL;
+
+ if (!canceled && method) {
++ NMSettingConnection *s_con;
+ NMSetting *type_setting;
+ const char *ctype = NULL;
+ char *detail = NULL;
+@@ -567,6 +568,7 @@ new_connection_mobile_wizard_done (NMAMo
+ NM_SETTING_GSM_NUMBER, "*99#",
+ NM_SETTING_GSM_USERNAME, method->username,
+ NM_SETTING_GSM_PASSWORD, method->password,
++ NM_SETTING_GSM_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
+ NM_SETTING_GSM_APN, method->gsm_apn,
+ NULL);
+ break;
+@@ -578,6 +580,7 @@ new_connection_mobile_wizard_done (NMAMo
+ NM_SETTING_CDMA_NUMBER, "#777",
+ NM_SETTING_GSM_USERNAME, method->username,
+ NM_SETTING_GSM_PASSWORD, method->password,
++ NM_SETTING_GSM_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
+ NULL);
+ break;
+ default:
+@@ -592,6 +595,13 @@ new_connection_mobile_wizard_done (NMAMo
+ connection = ce_page_new_connection (detail, ctype, FALSE, info->get_connections_func, info->user_data);
+ g_free (detail);
+
++ s_con = nm_connection_get_setting_connection (connection);
++ if (!s_con) {
++ s_con = (NMSettingConnection *) nm_setting_connection_new ();
++ nm_connection_add_setting (connection, NM_SETTING (s_con));
++ }
++ nm_setting_connection_add_permission (s_con, "user", g_get_user_name (), NULL);
++
+ nm_connection_add_setting (connection, type_setting);
+ add_default_serial_setting (connection);
+ nm_connection_add_setting (connection, nm_setting_ppp_new ());
+@@ -614,6 +624,7 @@ void
+ mobile_connection_new (GtkWindow *parent,
+ PageNewConnectionResultFunc result_func,
+ PageGetConnectionsFunc get_connections_func,
++ NMClient *client,
+ gpointer user_data)
+ {
+ NMAMobileWizard *wizard;
+Index: network-manager-applet-0.9.4.1/src/connection-editor/page-vpn.c
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/connection-editor/page-vpn.c 2012-03-14 00:03:59.000000000 +0100
++++ network-manager-applet-0.9.4.1/src/connection-editor/page-vpn.c 2012-12-17 21:17:31.889825149 +0100
+@@ -186,10 +186,12 @@ void
+ vpn_connection_new (GtkWindow *parent,
+ PageNewConnectionResultFunc result_func,
+ PageGetConnectionsFunc get_connections_func,
++ NMClient *client,
+ gpointer user_data)
+ {
+ char *service = NULL;
+ NMConnection *connection;
++ NMSettingConnection *s_con;
+ NMSetting *s_vpn;
+
+ service = vpn_ask_connection_type (parent);
+@@ -203,6 +205,14 @@ vpn_connection_new (GtkWindow *parent,
+ FALSE,
+ get_connections_func,
+ user_data);
++
++ s_con = nm_connection_get_setting_connection (connection);
++ if (!s_con) {
++ s_con = (NMSettingConnection *) nm_setting_connection_new ();
++ nm_connection_add_setting (connection, NM_SETTING (s_con));
++ }
++ nm_setting_connection_add_permission (s_con, "user", g_get_user_name (), NULL);
++
+ s_vpn = nm_setting_vpn_new ();
+ g_object_set (s_vpn, NM_SETTING_VPN_SERVICE_TYPE, service, NULL);
+ g_free (service);
+Index: network-manager-applet-0.9.4.1/src/connection-editor/ce-page.h
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/connection-editor/ce-page.h 2012-03-14 00:03:59.000000000 +0100
++++ network-manager-applet-0.9.4.1/src/connection-editor/ce-page.h 2012-12-17 21:12:11.904260821 +0100
+@@ -43,6 +43,7 @@ typedef GSList * (*PageGetConnectionsFun
+ typedef void (*PageNewConnectionFunc) (GtkWindow *parent,
+ PageNewConnectionResultFunc result_func,
+ PageGetConnectionsFunc get_connections_func,
++ NMClient *client,
+ gpointer user_data);
+
+ #define CE_TYPE_PAGE (ce_page_get_type ())
+Index: network-manager-applet-0.9.4.1/src/connection-editor/page-dsl.c
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/connection-editor/page-dsl.c 2012-03-14 00:03:59.000000000 +0100
++++ network-manager-applet-0.9.4.1/src/connection-editor/page-dsl.c 2012-12-17 21:15:30.873233525 +0100
+@@ -224,6 +224,7 @@ void
+ dsl_connection_new (GtkWindow *parent,
+ PageNewConnectionResultFunc result_func,
+ PageGetConnectionsFunc get_connections_func,
++ NMClient *client,
+ gpointer user_data)
+ {
+ NMConnection *connection;
+Index: network-manager-applet-0.9.4.1/src/connection-editor/page-dsl.h
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/connection-editor/page-dsl.h 2012-03-14 00:03:59.000000000 +0100
++++ network-manager-applet-0.9.4.1/src/connection-editor/page-dsl.h 2012-12-17 21:15:51.177332808 +0100
+@@ -56,6 +56,7 @@ CEPage *ce_page_dsl_new (NMConnection *c
+ void dsl_connection_new (GtkWindow *parent,
+ PageNewConnectionResultFunc callback,
+ PageGetConnectionsFunc get_connections_func,
++ NMClient *client,
+ gpointer user_data);
+
+ #endif /* __PAGE_DSL_H__ */
+Index: network-manager-applet-0.9.4.1/src/connection-editor/page-mobile.h
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/connection-editor/page-mobile.h 2012-03-14 00:03:59.000000000 +0100
++++ network-manager-applet-0.9.4.1/src/connection-editor/page-mobile.h 2012-12-17 21:16:52.353631835 +0100
+@@ -56,6 +56,7 @@ CEPage *ce_page_mobile_new (NMConnection
+ void mobile_connection_new (GtkWindow *parent,
+ PageNewConnectionResultFunc result_func,
+ PageGetConnectionsFunc get_connections_func,
++ NMClient *client,
+ gpointer user_data);
+
+ #endif /* __PAGE_MOBILE_H__ */
+Index: network-manager-applet-0.9.4.1/src/connection-editor/page-vpn.h
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/connection-editor/page-vpn.h 2012-03-14 00:03:59.000000000 +0100
++++ network-manager-applet-0.9.4.1/src/connection-editor/page-vpn.h 2012-12-17 21:17:45.065889589 +0100
+@@ -56,6 +56,7 @@ CEPage *ce_page_vpn_new (NMConnection *c
+ void vpn_connection_new (GtkWindow *parent,
+ PageNewConnectionResultFunc result_func,
+ PageGetConnectionsFunc get_connections_func,
++ NMClient *client,
+ gpointer user_data);
+
+ #endif /* __PAGE_VPN_H__ */
+Index: network-manager-applet-0.9.4.1/src/connection-editor/page-wired.c
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/connection-editor/page-wired.c 2012-03-14 00:03:59.000000000 +0100
++++ network-manager-applet-0.9.4.1/src/connection-editor/page-wired.c 2012-12-17 21:18:53.906226101 +0100
+@@ -442,6 +442,7 @@ void
+ wired_connection_new (GtkWindow *parent,
+ PageNewConnectionResultFunc result_func,
+ PageGetConnectionsFunc get_connections_func,
++ NMClient *client,
+ gpointer user_data)
+ {
+ NMConnection *connection;
+Index: network-manager-applet-0.9.4.1/src/connection-editor/page-wired.h
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/connection-editor/page-wired.h 2012-03-14 00:03:59.000000000 +0100
++++ network-manager-applet-0.9.4.1/src/connection-editor/page-wired.h 2012-12-17 21:19:04.122276042 +0100
+@@ -56,6 +56,7 @@ CEPage *ce_page_wired_new (NMConnection
+ void wired_connection_new (GtkWindow *parent,
+ PageNewConnectionResultFunc result_func,
+ PageGetConnectionsFunc get_connections_func,
++ NMClient *client,
+ gpointer user_data);
+
+ #endif /* __PAGE_WIRED_H__ */
+Index: network-manager-applet-0.9.4.1/src/connection-editor/page-wireless.c
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/connection-editor/page-wireless.c 2012-03-14 00:03:59.000000000 +0100
++++ network-manager-applet-0.9.4.1/src/connection-editor/page-wireless.c 2012-12-17 21:21:16.646923928 +0100
+@@ -33,6 +33,8 @@
+ #include <nm-device-wifi.h>
+ #include <nm-utils.h>
+
++#include "utils.h"
++
+ #include "page-wireless.h"
+
+ G_DEFINE_TYPE (CEPageWireless, ce_page_wireless, CE_TYPE_PAGE)
+@@ -655,6 +657,7 @@ void
+ wifi_connection_new (GtkWindow *parent,
+ PageNewConnectionResultFunc result_func,
+ PageGetConnectionsFunc get_connections_func,
++ NMClient *client,
+ gpointer user_data)
+ {
+ NMConnection *connection;
+@@ -665,6 +668,17 @@ wifi_connection_new (GtkWindow *parent,
+ TRUE,
+ get_connections_func,
+ user_data);
++
++ if (utils_default_to_private_connection (client)) {
++ NMSettingConnection *s_con;
++ s_con = nm_connection_get_setting_connection (connection);
++ if (!s_con) {
++ s_con = (NMSettingConnection *) nm_setting_connection_new ();
++ nm_connection_add_setting (connection, NM_SETTING (s_con));
++ }
++ nm_setting_connection_add_permission (s_con, "user", g_get_user_name (), NULL);
++ }
++
+ s_wifi = nm_setting_wireless_new ();
+ g_object_set (s_wifi, NM_SETTING_WIRELESS_MODE, "infrastructure", NULL);
+ nm_connection_add_setting (connection, s_wifi);
+Index: network-manager-applet-0.9.4.1/src/connection-editor/page-wireless.h
+===================================================================
+--- network-manager-applet-0.9.4.1.orig/src/connection-editor/page-wireless.h 2012-03-14 00:03:59.000000000 +0100
++++ network-manager-applet-0.9.4.1/src/connection-editor/page-wireless.h 2012-12-17 21:19:22.602366384 +0100
+@@ -60,6 +60,7 @@ GByteArray *ce_page_wireless_get_ssid (C
+ void wifi_connection_new (GtkWindow *parent,
+ PageNewConnectionResultFunc result_func,
+ PageGetConnectionsFunc get_connections_func,
++ NMClient *client,
+ gpointer user_data);
+
+ #endif /* __PAGE_WIRELESS_H__ */
diff --git a/debian/patches/series b/debian/patches/series
index 735c473..d987bc6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,5 @@
02-fix-shell-version-detecting-code.patch
03-dont-handle-VPN-secrets-with-GNOME-Shell-3.4.patch
04-gnome-bluetooth-3.4-support.patch
+05-8021x-passwords-user.patch
+11-user-connections.patch
Reply to: