From 28b159eeaf0b7bcf552932285408ecd2c70f3b82 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 22 Nov 2019 11:26:51 +0100
Subject: [PATCH 1/3] ifcfg: add svSetValueBoolean_cond_true() helper

(cherry picked from commit 87af96a9d665354c59a87e5561ae993b9a79a6db)
(cherry picked from commit f449ace2f160fd5d14cb679d0c2f099f9cc3d04c)
---
 src/settings/plugins/ifcfg-rh/shvar.c | 6 ++++++
 src/settings/plugins/ifcfg-rh/shvar.h | 1 +
 2 files changed, 7 insertions(+)

diff --git a/src/settings/plugins/ifcfg-rh/shvar.c b/src/settings/plugins/ifcfg-rh/shvar.c
index b399a17fa2..d25eb13840 100644
--- a/src/settings/plugins/ifcfg-rh/shvar.c
+++ b/src/settings/plugins/ifcfg-rh/shvar.c
@@ -1357,6 +1357,12 @@ svSetValueBoolean (shvarFile *s, const char *key, gboolean value)
 	return svSetValue (s, key, value ? "yes" : "no");
 }
 
+gboolean
+svSetValueBoolean_cond_true (shvarFile *s, const char *key, gboolean value)
+{
+	return svSetValue (s, key, value ? "yes" : NULL);
+}
+
 gboolean
 svSetValueEnum (shvarFile *s, const char *key, GType gtype, int value)
 {
diff --git a/src/settings/plugins/ifcfg-rh/shvar.h b/src/settings/plugins/ifcfg-rh/shvar.h
index b38a855760..676196b8a2 100644
--- a/src/settings/plugins/ifcfg-rh/shvar.h
+++ b/src/settings/plugins/ifcfg-rh/shvar.h
@@ -97,6 +97,7 @@ gboolean svGetValueEnum (shvarFile *s, const char *key,
 gboolean svSetValue (shvarFile *s, const char *key, const char *value);
 gboolean svSetValueStr (shvarFile *s, const char *key, const char *value);
 gboolean svSetValueBoolean (shvarFile *s, const char *key, gboolean value);
+gboolean svSetValueBoolean_cond_true (shvarFile *s, const char *key, gboolean value);
 gboolean svSetValueInt64 (shvarFile *s, const char *key, gint64 value);
 gboolean svSetValueInt64_cond (shvarFile *s, const char *key, gboolean do_set, gint64 value);
 gboolean svSetValueEnum (shvarFile *s, const char *key, GType gtype, int value);

From 73de171aac5ae89a6a3332112944728ad747d456 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 22 Nov 2019 11:23:09 +0100
Subject: [PATCH 2/3] ifcfg: add support for "802-1x.system-ca-certs" setting

(cherry picked from commit 2a4fb75d3b03d8d4391b10ad028a991dc6cf78e8)
(cherry picked from commit d0572b660239cdfefae90f55c130b0babf9064a3)
---
 src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 5 +++++
 src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
index f40b57daf2..f450c6ab46 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
@@ -3536,6 +3536,11 @@ next:
 		return NULL;
 	}
 
+	g_object_set (s_8021x,
+	              NM_SETTING_802_1X_SYSTEM_CA_CERTS,
+	              svGetValueBoolean (ifcfg, "IEEE_8021X_SYSTEM_CA_CERTS", FALSE),
+	              NULL);
+
 	nm_clear_g_free (&value);
 	v = svGetValueStr (ifcfg, "IEEE_8021X_SUBJECT_MATCH", &value);
 	g_object_set (s_8021x, NM_SETTING_802_1X_SUBJECT_MATCH, v, NULL);
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
index d692241a1a..01f5da7848 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
@@ -446,6 +446,10 @@ write_8021x_setting (NMConnection *connection,
 	            nm_setting_802_1x_get_password_raw_flags (s_8021x));
 	g_free (tmp);
 
+	svSetValueBoolean_cond_true (ifcfg,
+	                             "IEEE_8021X_SYSTEM_CA_CERTS",
+	                             nm_setting_802_1x_get_system_ca_certs (s_8021x));
+
 	/* PEAP version */
 	value = nm_setting_802_1x_get_phase1_peapver (s_8021x);
 	svUnsetValue (ifcfg, "IEEE_8021X_PEAP_VERSION");

From e18868a19bddc9625ae26c2968334cb201dee73f Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 22 Nov 2019 11:33:38 +0100
Subject: [PATCH 3/3] ifcfg: various cleanup in ifcfg writer

    svUnsetValue (ifcfg, KEY);
    if (condition)
         svSetValue* (ifcfg, KEY, ...);

is not good. It requires first clearing the value, before setting
it again.

Various cleanup to fix such uses.

(cherry picked from commit 5028206ec410760c46cc6ac411a6b0c2fb2405a6)
(cherry picked from commit b67983c3873e943bd1969b7e4908575682d044da)
---
 .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c    | 32 +++++++++----------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
index 01f5da7848..7121cec7be 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
@@ -450,35 +450,33 @@ write_8021x_setting (NMConnection *connection,
 	                             "IEEE_8021X_SYSTEM_CA_CERTS",
 	                             nm_setting_802_1x_get_system_ca_certs (s_8021x));
 
-	/* PEAP version */
 	value = nm_setting_802_1x_get_phase1_peapver (s_8021x);
-	svUnsetValue (ifcfg, "IEEE_8021X_PEAP_VERSION");
-	if (value && (!strcmp (value, "0") || !strcmp (value, "1")))
+	if (NM_IN_STRSET (value, "0", "1"))
 		svSetValueStr (ifcfg, "IEEE_8021X_PEAP_VERSION", value);
+	else
+		svUnsetValue (ifcfg, "IEEE_8021X_PEAP_VERSION");
 
-	/* Force new PEAP label */
-	value = nm_setting_802_1x_get_phase1_peaplabel (s_8021x);
-	svUnsetValue (ifcfg, "IEEE_8021X_PEAP_FORCE_NEW_LABEL");
-	if (value && !strcmp (value, "1"))
-		svSetValueStr (ifcfg, "IEEE_8021X_PEAP_FORCE_NEW_LABEL", "yes");
+	svSetValueBoolean_cond_true (ifcfg,
+	                             "IEEE_8021X_PEAP_FORCE_NEW_LABEL",
+	                             nm_streq0 (nm_setting_802_1x_get_phase1_peaplabel (s_8021x), "1"));
 
-	/* PAC file */
-	value = nm_setting_802_1x_get_pac_file (s_8021x);
-	svUnsetValue (ifcfg, "IEEE_8021X_PAC_FILE");
-	if (value)
-		svSetValueStr (ifcfg, "IEEE_8021X_PAC_FILE", value);
+	svSetValueStr (ifcfg,
+	               "IEEE_8021X_PAC_FILE",
+	               nm_setting_802_1x_get_pac_file (s_8021x));
 
 	/* FAST PAC provisioning */
 	value = nm_setting_802_1x_get_phase1_fast_provisioning (s_8021x);
-	svUnsetValue (ifcfg, "IEEE_8021X_FAST_PROVISIONING");
 	if (value) {
 		if (strcmp (value, "1") == 0)
-			svSetValueStr (ifcfg, "IEEE_8021X_FAST_PROVISIONING", "allow-unauth");
+			value = "allow-unauth";
 		else if (strcmp (value, "2") == 0)
-			svSetValueStr (ifcfg, "IEEE_8021X_FAST_PROVISIONING", "allow-auth");
+			value = "allow-auth";
 		else if (strcmp (value, "3") == 0)
-			svSetValueStr (ifcfg, "IEEE_8021X_FAST_PROVISIONING", "allow-unauth allow-auth");
+			value = "allow-unauth allow-auth";
+		else
+			value = NULL;
 	}
+	svSetValueStr (ifcfg, "IEEE_8021X_FAST_PROVISIONING", value);
 
 	/* Phase2 auth methods */
 	svUnsetValue (ifcfg, "IEEE_8021X_INNER_AUTH_METHODS");