From 922ce65a285e2cc9abd9643bd572fd14cd388ef5 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Fri, 28 Sep 2007 02:52:28 +0000 Subject: [PATCH] 2007-09-27 Dan Williams * auth-dialog/main.c - Rework password storage to match the GConf semantics of nm-applet better. Also, use generic secrets, not keyring network passwords. Keyring network passwords are inappropriate for our usage here. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2907 4912f4e0-d625-0410-9fb7-b9a5a253dbdc --- vpn-daemons/vpnc/ChangeLog | 7 ++ vpn-daemons/vpnc/auth-dialog/main.c | 166 +++++++++++++++------------- 2 files changed, 96 insertions(+), 77 deletions(-) diff --git a/vpn-daemons/vpnc/ChangeLog b/vpn-daemons/vpnc/ChangeLog index f2dcb1fa77..5917b1922a 100644 --- a/vpn-daemons/vpnc/ChangeLog +++ b/vpn-daemons/vpnc/ChangeLog @@ -1,3 +1,10 @@ +2007-09-27 Dan Williams + + * auth-dialog/main.c + - Rework password storage to match the GConf semantics of nm-applet + better. Also, use generic secrets, not keyring network passwords. + Keyring network passwords are inappropriate for our usage here. + 2007-09-27 Dan Williams * src/nm-vpnc-service.c diff --git a/vpn-daemons/vpnc/auth-dialog/main.c b/vpn-daemons/vpnc/auth-dialog/main.c index cfbe622de1..eae5528200 100644 --- a/vpn-daemons/vpnc/auth-dialog/main.c +++ b/vpn-daemons/vpnc/auth-dialog/main.c @@ -32,96 +32,106 @@ #include "../src/nm-vpnc-service.h" #include "gnome-two-password-dialog.h" +static char * +find_one_password (const char *vpn_name, + const char *vpn_service, + const char *secret_name, + gboolean *is_session) +{ + GList *found_list = NULL; + GnomeKeyringResult ret; + GnomeKeyringFound *found; + char *secret; + + ret = gnome_keyring_find_itemsv_sync (GNOME_KEYRING_ITEM_GENERIC_SECRET, + &found_list, + "connection-name", + GNOME_KEYRING_ATTRIBUTE_TYPE_STRING, + vpn_name, + "setting-name", + GNOME_KEYRING_ATTRIBUTE_TYPE_STRING, + NM_SETTING_VPN_PROPERTIES, + "setting-key", + GNOME_KEYRING_ATTRIBUTE_TYPE_STRING, + secret_name, + NULL); + if ((ret != GNOME_KEYRING_RESULT_OK) || (g_list_length (found_list) == 0)) + return NULL; + + found = (GnomeKeyringFound *) found_list->data; + + if (strcmp (found->keyring, "session") == 0) + *is_session = TRUE; + else + *is_session = FALSE; + + secret = found->secret ? g_strdup (found->secret) : NULL; + gnome_keyring_found_list_free (found_list); + + return secret; +} + static GSList * lookup_pass (const char *vpn_name, const char *vpn_service, gboolean *is_session) { - GSList *passwords; - GList *keyring_result; + GSList *passwords = NULL; + char *password; + char *group_password; - passwords = NULL; + password = find_one_password (vpn_name, vpn_service, "password", is_session); + if (!password) + return NULL; - if (gnome_keyring_find_network_password_sync (g_get_user_name (), /* user */ - NULL, /* domain */ - vpn_name, /* server */ - NULL, /* object */ - vpn_service, /* protocol */ - NULL, /* authtype */ - 0, /* port */ - &keyring_result) != GNOME_KEYRING_RESULT_OK) - return FALSE; - - if (keyring_result != NULL && g_list_length (keyring_result) == 2) { - char *password; - char *group_password; - GnomeKeyringNetworkPasswordData *data1 = keyring_result->data; - GnomeKeyringNetworkPasswordData *data2 = (g_list_next (keyring_result))->data; - - password = NULL; - group_password = NULL; - - if (strcmp (data1->object, "group_password") == 0) { - group_password = data1->password; - } else if (strcmp (data1->object, "password") == 0) { - password = data1->password; - } - - if (strcmp (data2->object, "group_password") == 0) { - group_password = data2->password; - } else if (strcmp (data2->object, "password") == 0) { - password = data2->password; - } - - if (password != NULL && group_password != NULL) { - passwords = g_slist_append (passwords, g_strdup (group_password)); - passwords = g_slist_append (passwords, g_strdup (password)); - if (strcmp (data1->keyring, "session") == 0) - *is_session = TRUE; - else - *is_session = FALSE; - } - - gnome_keyring_network_password_list_free (keyring_result); + group_password = find_one_password (vpn_name, vpn_service, "group-password", is_session); + if (!group_password) { + g_free (password); + return NULL; } + /* Group password first */ + passwords = g_slist_append (passwords, group_password); + passwords = g_slist_append (passwords, password); return passwords; } -static void save_vpn_password (const char *vpn_name, const char *vpn_service, const char *keyring, - const char *password, const char *group_password) +static void +save_vpn_password (const char *vpn_name, + const char *vpn_service, + const char *keyring, + const char *secret_name, + const char *secret) { + char *display_name; guint32 item_id; - GnomeKeyringResult keyring_result; + GnomeKeyringResult ret; + GnomeKeyringAttributeList *attrs = NULL; + guint32 id = 0; - keyring_result = gnome_keyring_set_network_password_sync (keyring, - g_get_user_name (), - NULL, - vpn_name, - "password", - vpn_service, - NULL, - 0, - password, - &item_id); - if (keyring_result != GNOME_KEYRING_RESULT_OK) - { - g_warning ("Couldn't store password in keyring, code %d", (int) keyring_result); - } + display_name = g_strdup_printf ("VPN %s secret for %s/%s/" NM_SETTING_VPN_PROPERTIES, + secret_name, + vpn_name, + vpn_service); - keyring_result = gnome_keyring_set_network_password_sync (keyring, - g_get_user_name (), - NULL, - vpn_name, - "group_password", - vpn_service, - NULL, - 0, - group_password, - &item_id); + attrs = gnome_keyring_attribute_list_new (); + gnome_keyring_attribute_list_append_string (attrs, + "connection-name", + vpn_name); + gnome_keyring_attribute_list_append_string (attrs, + "setting-name", + NM_SETTING_VPN_PROPERTIES); + gnome_keyring_attribute_list_append_string (attrs, + "setting-key", + secret_name); - if (keyring_result != GNOME_KEYRING_RESULT_OK) - { - g_warning ("Couldn't store password in keyring, code %d", (int) keyring_result); - } + ret = gnome_keyring_item_create_sync (keyring, + GNOME_KEYRING_ITEM_GENERIC_SECRET, + display_name, + attrs, + secret, + TRUE, + &id); + gnome_keyring_attribute_list_free (attrs); + g_free (display_name); } static GSList * @@ -199,10 +209,12 @@ get_passwords (const char *vpn_name, const char *vpn_service, gboolean retry) switch (gnome_two_password_dialog_get_remember (GNOME_TWO_PASSWORD_DIALOG (dialog))) { case GNOME_TWO_PASSWORD_DIALOG_REMEMBER_SESSION: - save_vpn_password (vpn_name, vpn_service, "session", password, group_password); + save_vpn_password (vpn_name, vpn_service, "session", "password", password); + save_vpn_password (vpn_name, vpn_service, "session", "group-password", group_password); break; case GNOME_TWO_PASSWORD_DIALOG_REMEMBER_FOREVER: - save_vpn_password (vpn_name, vpn_service, NULL, password, group_password); + save_vpn_password (vpn_name, vpn_service, NULL, "password", password); + save_vpn_password (vpn_name, vpn_service, NULL, "group-password", group_password); break; default: break;