From f449ace2f160fd5d14cb679d0c2f099f9cc3d04c Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 22 Nov 2019 11:26:51 +0100
Subject: [PATCH 1/3] ifcfg: add svSetValueBoolean_cond_true() helper

(cherry picked from commit 87af96a9d665354c59a87e5561ae993b9a79a6db)
---
 src/settings/plugins/ifcfg-rh/shvar.c | 6 ++++++
 src/settings/plugins/ifcfg-rh/shvar.h | 1 +
 2 files changed, 7 insertions(+)

diff --git a/src/settings/plugins/ifcfg-rh/shvar.c b/src/settings/plugins/ifcfg-rh/shvar.c
index 94e31aac60..d4bc71f3f5 100644
--- a/src/settings/plugins/ifcfg-rh/shvar.c
+++ b/src/settings/plugins/ifcfg-rh/shvar.c
@@ -1356,6 +1356,12 @@ svSetValueBoolean (shvarFile *s, const char *key, gboolean value)
 	return svSetValue (s, key, value ? "yes" : "no");
 }
 
+gboolean
+svSetValueBoolean_cond_true (shvarFile *s, const char *key, gboolean value)
+{
+	return svSetValue (s, key, value ? "yes" : NULL);
+}
+
 gboolean
 svSetValueEnum (shvarFile *s, const char *key, GType gtype, int value)
 {
diff --git a/src/settings/plugins/ifcfg-rh/shvar.h b/src/settings/plugins/ifcfg-rh/shvar.h
index 67fb5404ca..2f6912b34b 100644
--- a/src/settings/plugins/ifcfg-rh/shvar.h
+++ b/src/settings/plugins/ifcfg-rh/shvar.h
@@ -96,6 +96,7 @@ gboolean svGetValueEnum (shvarFile *s, const char *key,
 gboolean svSetValue (shvarFile *s, const char *key, const char *value);
 gboolean svSetValueStr (shvarFile *s, const char *key, const char *value);
 gboolean svSetValueBoolean (shvarFile *s, const char *key, gboolean value);
+gboolean svSetValueBoolean_cond_true (shvarFile *s, const char *key, gboolean value);
 gboolean svSetValueInt64 (shvarFile *s, const char *key, gint64 value);
 gboolean svSetValueInt64_cond (shvarFile *s, const char *key, gboolean do_set, gint64 value);
 gboolean svSetValueEnum (shvarFile *s, const char *key, GType gtype, int value);

From d0572b660239cdfefae90f55c130b0babf9064a3 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 22 Nov 2019 11:23:09 +0100
Subject: [PATCH 2/3] ifcfg: add support for "802-1x.system-ca-certs" setting

(cherry picked from commit 2a4fb75d3b03d8d4391b10ad028a991dc6cf78e8)
---
 src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 5 +++++
 src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
index 020766c879..68ebd78192 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
@@ -3573,6 +3573,11 @@ next:
 		return NULL;
 	}
 
+	g_object_set (s_8021x,
+	              NM_SETTING_802_1X_SYSTEM_CA_CERTS,
+	              svGetValueBoolean (ifcfg, "IEEE_8021X_SYSTEM_CA_CERTS", FALSE),
+	              NULL);
+
 	nm_clear_g_free (&value);
 	v = svGetValueStr (ifcfg, "IEEE_8021X_SUBJECT_MATCH", &value);
 	g_object_set (s_8021x, NM_SETTING_802_1X_SUBJECT_MATCH, v, NULL);
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
index f3cd71bdc9..03a533108b 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
@@ -432,6 +432,10 @@ write_8021x_setting (NMConnection *connection,
 	            nm_setting_802_1x_get_password_raw_flags (s_8021x));
 	g_free (tmp);
 
+	svSetValueBoolean_cond_true (ifcfg,
+	                             "IEEE_8021X_SYSTEM_CA_CERTS",
+	                             nm_setting_802_1x_get_system_ca_certs (s_8021x));
+
 	/* PEAP version */
 	value = nm_setting_802_1x_get_phase1_peapver (s_8021x);
 	svUnsetValue (ifcfg, "IEEE_8021X_PEAP_VERSION");

From b67983c3873e943bd1969b7e4908575682d044da Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 22 Nov 2019 11:33:38 +0100
Subject: [PATCH 3/3] ifcfg: various cleanup in ifcfg writer

    svUnsetValue (ifcfg, KEY);
    if (condition)
         svSetValue* (ifcfg, KEY, ...);

is not good. It requires first clearing the value, before setting
it again.

Various cleanup to fix such uses.

(cherry picked from commit 5028206ec410760c46cc6ac411a6b0c2fb2405a6)
---
 .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c    | 39 +++++++++----------
 1 file changed, 18 insertions(+), 21 deletions(-)

diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
index 03a533108b..809d3769f9 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
@@ -436,35 +436,33 @@ write_8021x_setting (NMConnection *connection,
 	                             "IEEE_8021X_SYSTEM_CA_CERTS",
 	                             nm_setting_802_1x_get_system_ca_certs (s_8021x));
 
-	/* PEAP version */
 	value = nm_setting_802_1x_get_phase1_peapver (s_8021x);
-	svUnsetValue (ifcfg, "IEEE_8021X_PEAP_VERSION");
-	if (value && (!strcmp (value, "0") || !strcmp (value, "1")))
+	if (NM_IN_STRSET (value, "0", "1"))
 		svSetValueStr (ifcfg, "IEEE_8021X_PEAP_VERSION", value);
+	else
+		svUnsetValue (ifcfg, "IEEE_8021X_PEAP_VERSION");
 
-	/* Force new PEAP label */
-	value = nm_setting_802_1x_get_phase1_peaplabel (s_8021x);
-	svUnsetValue (ifcfg, "IEEE_8021X_PEAP_FORCE_NEW_LABEL");
-	if (value && !strcmp (value, "1"))
-		svSetValueStr (ifcfg, "IEEE_8021X_PEAP_FORCE_NEW_LABEL", "yes");
+	svSetValueBoolean_cond_true (ifcfg,
+	                             "IEEE_8021X_PEAP_FORCE_NEW_LABEL",
+	                             nm_streq0 (nm_setting_802_1x_get_phase1_peaplabel (s_8021x), "1"));
 
-	/* PAC file */
-	value = nm_setting_802_1x_get_pac_file (s_8021x);
-	svUnsetValue (ifcfg, "IEEE_8021X_PAC_FILE");
-	if (value)
-		svSetValueStr (ifcfg, "IEEE_8021X_PAC_FILE", value);
+	svSetValueStr (ifcfg,
+	               "IEEE_8021X_PAC_FILE",
+	               nm_setting_802_1x_get_pac_file (s_8021x));
 
 	/* FAST PAC provisioning */
 	value = nm_setting_802_1x_get_phase1_fast_provisioning (s_8021x);
-	svUnsetValue (ifcfg, "IEEE_8021X_FAST_PROVISIONING");
 	if (value) {
 		if (strcmp (value, "1") == 0)
-			svSetValueStr (ifcfg, "IEEE_8021X_FAST_PROVISIONING", "allow-unauth");
+			value = "allow-unauth";
 		else if (strcmp (value, "2") == 0)
-			svSetValueStr (ifcfg, "IEEE_8021X_FAST_PROVISIONING", "allow-auth");
+			value = "allow-auth";
 		else if (strcmp (value, "3") == 0)
-			svSetValueStr (ifcfg, "IEEE_8021X_FAST_PROVISIONING", "allow-unauth allow-auth");
+			value = "allow-unauth allow-auth";
+		else
+			value = NULL;
 	}
+	svSetValueStr (ifcfg, "IEEE_8021X_FAST_PROVISIONING", value);
 
 	/* Phase2 auth methods */
 	svUnsetValue (ifcfg, "IEEE_8021X_INNER_AUTH_METHODS");
@@ -541,10 +539,9 @@ write_8021x_setting (NMConnection *connection,
 	vint = nm_setting_802_1x_get_auth_timeout (s_8021x);
 	svSetValueInt64_cond (ifcfg, "IEEE_8021X_AUTH_TIMEOUT", vint > 0, vint);
 
-	if (nm_setting_802_1x_get_optional (s_8021x))
-		svSetValueBoolean (ifcfg, "IEEE_8021X_OPTIONAL", TRUE);
-	else
-		svUnsetValue (ifcfg, "IEEE_8021X_OPTIONAL");
+	svSetValueBoolean_cond_true (ifcfg,
+	                             "IEEE_8021X_OPTIONAL",
+	                             nm_setting_802_1x_get_optional (s_8021x));
 
 	if (!write_8021x_certs (s_8021x, secrets, blobs, FALSE, ifcfg, error))
 		return FALSE;