From 68420568e44c0186e381e0919b43e5096e69b974 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 27 May 2020 11:43:02 +0200
Subject: [PATCH 1/3] libnm,ifcfg-rh: fix documentation for
 IEEE_8021X_PASSWORD_RAW_FLAGS in `man nm-settings-ifcfg-rh`

Fixes: a83ab252ee58 ('ifcfg-rh: add support for 802-1x.password-raw property')
(cherry picked from commit 9fde21504e782b81cdd4c5d1f5068e33e532078e)
(cherry picked from commit 36ddd266a5bddbc1f857131c36e4313ef635ad1b)
(cherry picked from commit 52bb253f6b05815eeecbf3d3508fe1caa2cacb1d)
(cherry picked from commit 3afbaeb5974bfb38aaefd441f6e40fbcc8140a8a)
---
 libnm-core/nm-setting-8021x.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c
index ae6fabd80c..2443f1a291 100644
--- a/libnm-core/nm-setting-8021x.c
+++ b/libnm-core/nm-setting-8021x.c
@@ -4156,8 +4156,8 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *klass)
 	 **/
 	/* ---ifcfg-rh---
 	 * property: password-raw-flags
-	 * variable: (none)
-	 * description: The property is not handled by ifcfg-rh plugin.
+	 * variable: IEEE_8021X_PASSWORD_RAW_FLAGS(+)
+	 * description: The secret flags for password-raw.
 	 * ---end---
 	 */
 	obj_properties[PROP_PASSWORD_RAW_FLAGS] =

From 80fccd5a16f3c700aa85026a9ac2ea163125b223 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 27 May 2020 11:59:19 +0200
Subject: [PATCH 2/3] libnm,ifcfg-rh: fix documentation for
 IEEE_8021X_SYSTEM_CA_CERTS in `man nm-settings-ifcfg-rh`

Fixes: 2a4fb75d3b03 ('ifcfg: add support for "802-1x.system-ca-certs" setting')
(cherry picked from commit b4537f2c03dbb433ecdec81c84f95f8e9f8727b3)
(cherry picked from commit 5d8a0837b302b1043c77834b5cfe04d67a2cde96)
(cherry picked from commit e11232de966f7f765ea9946d402c0e06839ffbd0)
(cherry picked from commit e00e764167ad8a211e3ed84afbc1599758af99c3)
---
 libnm-core/nm-setting-8021x.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c
index 2443f1a291..217f65a0e9 100644
--- a/libnm-core/nm-setting-8021x.c
+++ b/libnm-core/nm-setting-8021x.c
@@ -4389,8 +4389,8 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *klass)
 	 **/
 	/* ---ifcfg-rh---
 	 * property: system-ca-certs
-	 * variable: (none)
-	 * description: The property is not handled by ifcfg-rh plugin.
+	 * variable: IEEE_8021X_SYSTEM_CA_CERTS(+)
+	 * description: a boolean value.
 	 * ---end---
 	 */
 	obj_properties[PROP_SYSTEM_CA_CERTS] =

From d286e3dc28748b721739e688e6abb3fe6f0e1a36 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 27 May 2020 12:14:26 +0200
Subject: [PATCH 3/3] ifcfg-rh: support persisting 802-1x.pin and pin-flags
 property

(cherry picked from commit 655fd1ebd8c1f14dc658f728109bc41e9362d740)
(cherry picked from commit 799cee50689a27d04fa5a0e84fa515a55eeea7a4)
(cherry picked from commit 77e1132845c5b8514838418085d0ab9d109cee48)
(cherry picked from commit 73865ffb0b89c3eb8a563832813f72f6a1641348)
---
 Makefile.am                                               | 1 +
 libnm-core/nm-setting-8021x.c                             | 8 ++++----
 src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c       | 6 ++++++
 src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c       | 7 +++++++
 .../network-scripts/ifcfg-test-wired-802-1x-password-raw  | 2 ++
 .../network-scripts/keys-test-wired-802-1x-password-raw   | 1 +
 src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c       | 3 +++
 7 files changed, 24 insertions(+), 4 deletions(-)
 create mode 100644 src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wired-802-1x-password-raw

diff --git a/Makefile.am b/Makefile.am
index 086ef08000..3cf5d83949 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3074,6 +3074,7 @@ EXTRA_DIST += \
 	src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wifi-wpa-psk-hex \
 	src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wifi-wpa-psk-unquoted \
 	src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wifi-wpa-psk-unquoted2 \
+	src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wired-802-1x-password-raw \
 	src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wired-8021x-peap-mschapv2 \
 	src/settings/plugins/ifcfg-rh/tests/network-scripts/network-test-wired-defroute-no-gatewaydev-yes \
 	src/settings/plugins/ifcfg-rh/tests/network-scripts/network-test-wired-global-gateway \
diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c
index 217f65a0e9..dbaad18a42 100644
--- a/libnm-core/nm-setting-8021x.c
+++ b/libnm-core/nm-setting-8021x.c
@@ -4345,8 +4345,8 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *klass)
 	 **/
 	/* ---ifcfg-rh---
 	 * property: pin
-	 * variable: (none)
-	 * description: The property is not handled by ifcfg-rh plugin.
+	 * variable: IEEE_8021X_PIN(+)
+	 * description: The pin secret used for EAP authentication methods.
 	 * ---end---
 	 */
 	obj_properties[PROP_PIN] =
@@ -4363,8 +4363,8 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *klass)
 	 **/
 	/* ---ifcfg-rh---
 	 * property: pin-flags
-	 * variable: (none)
-	 * description: The property is not handled by ifcfg-rh plugin.
+	 * variable: IEEE_8021X_PIN_FLAGS(+)
+	 * description: The secret flags for the pin property.
 	 * ---end---
 	 */
 	obj_properties[PROP_PIN_FLAGS] =
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
index d1135d029d..ef234b823e 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
@@ -3580,6 +3580,12 @@ next:
 	v = svGetValueStr (ifcfg, "IEEE_8021X_PHASE2_CA_PATH", &value);
 	g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_CA_PATH, v, NULL);
 
+	_secret_set_from_ifcfg (s_8021x,
+	                        ifcfg,
+	                        keys_ifcfg,
+	                        "IEEE_8021X_PIN",
+	                        NM_SETTING_802_1X_PIN);
+
 	return g_steal_pointer (&s_8021x);
 }
 
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
index 35ca9c05f0..daf173b0be 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
@@ -558,6 +558,13 @@ write_8021x_setting (NMConnection *connection,
 	svSetValue (ifcfg, "IEEE_8021X_PHASE2_CA_PATH",
 	            nm_setting_802_1x_get_phase2_ca_path (s_8021x));
 
+	set_secret (ifcfg,
+	            secrets,
+	            "IEEE_8021X_PIN",
+	            nm_setting_802_1x_get_pin (s_8021x),
+	            "IEEE_8021X_PIN_FLAGS",
+	            nm_setting_802_1x_get_pin_flags (s_8021x));
+
 	if (!write_8021x_certs (s_8021x, secrets, blobs, FALSE, ifcfg, error))
 		return FALSE;
 
diff --git a/src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-802-1x-password-raw b/src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-802-1x-password-raw
index 181ffbef81..a5434434ba 100644
--- a/src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-802-1x-password-raw
+++ b/src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-802-1x-password-raw
@@ -11,3 +11,5 @@ IEEE_8021X_IDENTITY="Bill Smith"
 IEEE_8021X_CA_CERT=test_ca_cert.pem
 IEEE_8021X_INNER_AUTH_METHODS=EAP-GTC
 IEEE_8021X_PASSWORD_RAW=0408151623420001
+#IEEE_8021X_PIN=hallo1
+IEEE_8021X_PIN_FLAGS=0
diff --git a/src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wired-802-1x-password-raw b/src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wired-802-1x-password-raw
new file mode 100644
index 0000000000..d29a428976
--- /dev/null
+++ b/src/settings/plugins/ifcfg-rh/tests/network-scripts/keys-test-wired-802-1x-password-raw
@@ -0,0 +1 @@
+IEEE_8021X_PIN=hallo2
diff --git a/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
index eaaa749052..294e669b65 100644
--- a/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
+++ b/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
@@ -2024,6 +2024,9 @@ test_read_write_802_1x_password_raw (void)
 	                 ==,
 	                 NM_SETTING_SECRET_FLAG_NONE);
 
+	g_assert_cmpstr (nm_setting_802_1x_get_pin (s_8021x), ==, "hallo2");
+	g_assert_cmpint (nm_setting_802_1x_get_pin_flags (s_8021x), ==, NM_SETTING_SECRET_FLAG_NONE);
+
 	_writer_new_connection (connection,
 	                        TEST_SCRATCH_DIR,
 	                        &testfile);