From 9cba854fa0a32022a44e922dd4e70aaaf3c00dd2 Mon Sep 17 00:00:00 2001
From: Dan Williams <dcbw@redhat.com>
Date: Tue, 7 Jun 2011 18:39:18 -0500
Subject: [PATCH] settings: ensure transient secrets are ignored when rereading
 connections (rh #703785)

When a connection changes on-disk, the in-memory copy of it may contain
transient secrets (agent-owned or not saved) that dont' get written out
to disk.  When comparing the on-disk copy to the in-memory copy make sure
transient secrets are ignored so that we don't re-read the on-disk copy
needlessly.
---
 .../plugins/ifcfg-rh/nm-ifcfg-connection.c    | 38 +++++++++++--------
 src/settings/plugins/ifcfg-rh/plugin.c        |  3 +-
 src/settings/plugins/ifnet/plugin.c           |  3 +-
 src/settings/plugins/keyfile/plugin.c         |  3 +-
 4 files changed, 28 insertions(+), 19 deletions(-)

diff --git a/src/settings/plugins/ifcfg-rh/nm-ifcfg-connection.c b/src/settings/plugins/ifcfg-rh/nm-ifcfg-connection.c
index 433f933bb5..534f44d9ff 100644
--- a/src/settings/plugins/ifcfg-rh/nm-ifcfg-connection.c
+++ b/src/settings/plugins/ifcfg-rh/nm-ifcfg-connection.c
@@ -187,6 +187,7 @@ commit_changes (NMSettingsConnection *connection,
 	GError *error = NULL;
 	NMConnection *reread;
 	char *unmanaged = NULL, *keyfile = NULL, *routefile = NULL, *route6file = NULL;
+	gboolean same = FALSE;
 
 	/* To ensure we don't rewrite files that are only changed from other
 	 * processes on-disk, read the existing connection back in and only rewrite
@@ -200,25 +201,30 @@ commit_changes (NMSettingsConnection *connection,
 	g_free (routefile);
 	g_free (route6file);
 
-	if (reread && nm_connection_compare (NM_CONNECTION (connection),
-	                                     reread,
-	                                     NM_SETTING_COMPARE_FLAG_EXACT))
-		goto out;
+	if (reread) {
+		same = nm_connection_compare (NM_CONNECTION (connection),
+		                              reread,
+		                              NM_SETTING_COMPARE_FLAG_IGNORE_AGENT_OWNED_SECRETS |
+		                                NM_SETTING_COMPARE_FLAG_IGNORE_NOT_SAVED_SECRETS);
+		g_object_unref (reread);
 
-	if (!writer_update_connection (NM_CONNECTION (connection),
-	                               IFCFG_DIR,
-	                               priv->path,
-	                               priv->keyfile,
-	                               &error)) {
-		callback (connection, error, user_data);
-		g_error_free (error);
-		return;
+		/* Don't bother writing anything out if nothing really changed */
+		if (same == TRUE)
+			return;
 	}
 
-out:
-	if (reread)
-		g_object_unref (reread);
-	NM_SETTINGS_CONNECTION_CLASS (nm_ifcfg_connection_parent_class)->commit_changes (connection, callback, user_data);
+	if (writer_update_connection (NM_CONNECTION (connection),
+	                              IFCFG_DIR,
+	                              priv->path,
+	                              priv->keyfile,
+	                              &error)) {
+		/* Chain up to parent to handle success */
+		NM_SETTINGS_CONNECTION_CLASS (nm_ifcfg_connection_parent_class)->commit_changes (connection, callback, user_data);
+	} else {
+		/* Otherwise immediate error */
+		callback (connection, error, user_data);
+		g_error_free (error);
+	}
 }
 
 static void 
diff --git a/src/settings/plugins/ifcfg-rh/plugin.c b/src/settings/plugins/ifcfg-rh/plugin.c
index 7915c46724..7d2765651a 100644
--- a/src/settings/plugins/ifcfg-rh/plugin.c
+++ b/src/settings/plugins/ifcfg-rh/plugin.c
@@ -272,7 +272,8 @@ connection_new_or_changed (SCPluginIfcfg *self,
 	/* When the connections are the same, nothing is done */
 	if (nm_connection_compare (NM_CONNECTION (existing),
 	                           NM_CONNECTION (new),
-	                           NM_SETTING_COMPARE_FLAG_EXACT)) {
+	                           NM_SETTING_COMPARE_FLAG_IGNORE_AGENT_OWNED_SECRETS |
+	                             NM_SETTING_COMPARE_FLAG_IGNORE_NOT_SAVED_SECRETS)) {
 		g_object_unref (new);
 		return;
 	}
diff --git a/src/settings/plugins/ifnet/plugin.c b/src/settings/plugins/ifnet/plugin.c
index 69b7bc8033..590836884a 100644
--- a/src/settings/plugins/ifnet/plugin.c
+++ b/src/settings/plugins/ifnet/plugin.c
@@ -278,7 +278,8 @@ reload_connections (gpointer config)
 			if (auto_refresh && is_true (auto_refresh)) {
 				if (!nm_connection_compare (NM_CONNECTION (old),
 				                            NM_CONNECTION (new),
-				                            NM_SETTING_COMPARE_FLAG_EXACT)) {
+				                            NM_SETTING_COMPARE_FLAG_IGNORE_AGENT_OWNED_SECRETS |
+				                              NM_SETTING_COMPARE_FLAG_IGNORE_NOT_SAVED_SECRETS)) {
 					PLUGIN_PRINT (IFNET_PLUGIN_NAME, "Auto refreshing %s", conn_name);
 
 					/* Remove and re-add to disconnect and reconnect with new settings */
diff --git a/src/settings/plugins/keyfile/plugin.c b/src/settings/plugins/keyfile/plugin.c
index ffc614bc5a..af69c2001f 100644
--- a/src/settings/plugins/keyfile/plugin.c
+++ b/src/settings/plugins/keyfile/plugin.c
@@ -231,7 +231,8 @@ dir_changed (GFileMonitor *monitor,
 			if (tmp) {
 				if (!nm_connection_compare (NM_CONNECTION (connection),
 				                            NM_CONNECTION (tmp),
-				                            NM_SETTING_COMPARE_FLAG_EXACT)) {
+				                            NM_SETTING_COMPARE_FLAG_IGNORE_AGENT_OWNED_SECRETS |
+				                              NM_SETTING_COMPARE_FLAG_IGNORE_NOT_SAVED_SECRETS)) {
 					PLUGIN_PRINT (KEYFILE_PLUGIN_NAME, "updating %s", full_path);
 					update_connection_settings (connection, tmp);
 				}