Bug 971540 - Plasma-nm: Shared connection asks for root password on every reconnect
Plasma-nm: Shared connection asks for root password on every reconnect
Status: RESOLVED UPSTREAM
: 1061707 (view as bug list)
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: KDE Workspace (Plasma)
Leap 42.1
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: E-Mail List
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-17 08:22 UTC by Axel Braun
Modified: 2017-10-25 17:13 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Axel Braun 2016-03-17 08:22:40 UTC
I have a WIFI connection to a WPA-router. 
When I allow that all users can connect to this network, I have to enter the root password. So far, so good. 
But on next connection, e.g. after a S2RAM, it asks again for the root password.
This happens on a fully patched Leap system.
I found two other bugs with the same context for openSUSE 13.2 (909683, 925062) marked as fixed, but this is obviously not the case.

I had opened an upstream bug for this https://bugs.kde.org/show_bug.cgi?id=359842 but maintainer claims this is a polkit issue. The users discussing this bug see it different.

What is your opinion on that? Polkit and to be fixed in openSUSE, of plasma-nm and to be fixed upstream -> reopen the KDE bug?
Comment 1 Wolfgang Bauer 2016-03-17 10:38:00 UTC
(In reply to Axel Braun from comment #0)
> What is your opinion on that? Polkit and to be fixed in openSUSE, of
> plasma-nm and to be fixed upstream -> reopen the KDE bug?

My opinion is that this is no openSUSE polkit setup issue.
The root password is needed to *modify* a shared connection, that's what our default polkit rules specify. Connecting should not require it.

And if you set kwallet to have an empty password or it is opened already (i.e. there's no need for entering the wallet password) you won't be asked for the root password. The root password (for modifying the shared connection) is only required if kwallet has to be opened for some reason. And this looks like some bug in plasma-nm or kwallet (or somewhere in between) to me, not a problem with the polkit setup.
Modifying the polkit rule to allow modifying a shared connection without root password would be a workaround from our side, not a solution IMHO.

A workaround is also to save the password centrally in NetworkManager.
Plasma-nm's connection editor allows to do that since 5.5 (with kwallet being the default also for shared connection since then) but due to a bug in Qt5 you have to resize the window after switching to the "Wireless Security" tab to be able to click the disk icon and change this.

See also the discussion here:
https://forums.opensuse.org/showthread.php/514047-Shared-connection-asks-for-root-password-on-every-reconnect?p=2758482#post2758482

I am going to add a comment to the KDE bug report and will reopen it.
Comment 2 Wolfgang Bauer 2016-03-17 10:41:50 UTC
PS, forgot to mention:
Something is fishy there anyway (independent of the polkit rules setup), because the connection is also successfully established if you do *NOT* enter the root password, but just click on Cancel in the root password dialog.
Comment 3 Axel Braun 2016-03-17 10:54:25 UTC
(In reply to Wolfgang Bauer from comment #1)
> (In reply to Axel Braun from comment #0)
> > What is your opinion on that? Polkit and to be fixed in openSUSE, of
> > plasma-nm and to be fixed upstream -> reopen the KDE bug?

...

> See also the discussion here:
> https://forums.opensuse.org/showthread.php/514047-Shared-connection-asks-for-
> root-password-on-every-reconnect?p=2758482#post2758482

Yes, I kicked this off
 
> I am going to add a comment to the KDE bug report and will reopen it.

Thanks!
Comment 4 Wolfgang Bauer 2016-03-18 09:43:25 UTC
A further note:
You can of course also change the polkit rules on your system (as suggested in the KDE bug report) to get rid of that root password request.
Add the following line to /etc/polkit-default-privs.local, and run /sbin/set_polkit_default_privs to apply the change:
org.freedesktop.NetworkManager.settings.modify.system yes

We (the openSUSE KDE team) cannot randomly change the distribution-wide polkit defaults to our needs/preference though. This would have to be decided by the security team.
And it of course would affect the whole distribution, not only KDE.

Anyway, as the KDE bug report is open again, I'm going to close this as UPSTREAM for now.
Let's see what happens there...
Comment 5 Wolfgang Bauer 2017-10-25 17:13:04 UTC
*** Bug 1061707 has been marked as a duplicate of this bug. ***