fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-28 16:50:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

core: treat VPN secrets without flags as system-owned

Browse source 
All non-VPN secrets are considered system-owned if they do not
have any explicitly set secret flags, and this makes VPN secrets
treated the same way.  As part of the import process plugins and
the applet already update secret flags.  This ensures that VPN
secrets are treated consistently throughout the codebase.
This commit is contained in:
Dan Williams 2011-05-23 13:45:51 -05:00
parent ef71c5cca1
commit c0387ffbc5
3 changed files with 41 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/settings/nm-agent-manager.c
View file

@ -846,10 +846,10 @@ check_system_secrets_cb (NMSetting *setting,
/* VPNs are special; need to handle each secret separately */
g_hash_table_iter_init (&iter, (GHashTable *) g_value_get_boxed (value));
while (g_hash_table_iter_next (&iter, (gpointer *) &secret_name, NULL)) {
if (nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL)) {
if (secret_flags == NM_SETTING_SECRET_FLAG_NONE)
*has_system = TRUE;
}
secret_flags = NM_SETTING_SECRET_FLAG_NONE;
nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL);
if (secret_flags == NM_SETTING_SECRET_FLAG_NONE)
*has_system = TRUE;
}
} else {
nm_setting_get_secret_flags (setting, key, &secret_flags, NULL);

33
src/settings/nm-settings-connection.c
View file

@ -178,10 +178,10 @@ only_system_secrets_cb (NMSetting *setting,
g_hash_table_iter_init (&iter, (GHashTable *) g_value_get_boxed (value));
while (g_hash_table_iter_next (&iter, (gpointer *) &secret_name, NULL)) {
if (nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL)) {
if (secret_flags != NM_SETTING_SECRET_FLAG_NONE)
nm_setting_vpn_remove_secret (NM_SETTING_VPN (setting), secret_name);
}
secret_flags = NM_SETTING_SECRET_FLAG_NONE;
nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL);
if (secret_flags != NM_SETTING_SECRET_FLAG_NONE)
nm_setting_vpn_remove_secret (NM_SETTING_VPN (setting), secret_name);
}
} else {
nm_setting_get_secret_flags (setting, key, &secret_flags, NULL);
@ -482,7 +482,7 @@ for_each_secret (NMConnection *connection,
/* Walk through the list of keys in each setting hash */
g_hash_table_iter_init (&secret_iter, setting_hash);
while (g_hash_table_iter_next (&secret_iter, (gpointer) &secret_name, (gpointer) &val)) {
NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE;
/* VPN secrets need slightly different treatment here since the
* "secrets" property is actually a hash table of secrets.
@ -493,16 +493,15 @@ for_each_secret (NMConnection *connection,
/* Iterate through each secret from the VPN hash in the overall secrets hash */
g_hash_table_iter_init (&vpn_secrets_iter, g_value_get_boxed (val));
while (g_hash_table_iter_next (&vpn_secrets_iter, (gpointer) &secret_name, NULL)) {
if (nm_setting_get_secret_flags (setting, secret_name, &flags, NULL)) {
if (callback (&vpn_secrets_iter, flags, callback_data) == FALSE)
return;
}
}
} else {
if (nm_setting_get_secret_flags (setting, secret_name, &flags, NULL)) {
if (callback (&secret_iter, flags, callback_data) == FALSE)
secret_flags = NM_SETTING_SECRET_FLAG_NONE;
nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL);
if (callback (&vpn_secrets_iter, secret_flags, callback_data) == FALSE)
return;
}
} else {
nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL);
if (callback (&secret_iter, secret_flags, callback_data) == FALSE)
return;
}
}
}
@ -1017,10 +1016,10 @@ only_agent_secrets_cb (NMSetting *setting,
/* VPNs are special; need to handle each secret separately */
g_hash_table_iter_init (&iter, (GHashTable *) g_value_get_boxed (value));
while (g_hash_table_iter_next (&iter, (gpointer *) &secret_name, NULL)) {
if (nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL)) {
if (secret_flags != NM_SETTING_SECRET_FLAG_AGENT_OWNED)
nm_setting_vpn_remove_secret (NM_SETTING_VPN (setting), secret_name);
}
secret_flags = NM_SETTING_SECRET_FLAG_NONE;
nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL);
if (secret_flags != NM_SETTING_SECRET_FLAG_AGENT_OWNED)
nm_setting_vpn_remove_secret (NM_SETTING_VPN (setting), secret_name);
}
} else {
nm_setting_get_secret_flags (setting, key, &secret_flags, NULL);

33
src/settings/plugins/keyfile/writer.c
View file

@ -453,17 +453,22 @@ write_hash_of_string (GKeyFile *file,
g_hash_table_iter_init (&iter, (GHashTable *) g_value_get_boxed (value));
while (g_hash_table_iter_next (&iter, (gpointer *) &property, (gpointer *) &data)) {
NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
gboolean write_item = TRUE;
/* Handle VPN secrets specially; they are nested in the property's hash;
* we don't want to write them if the secret is not saved or not required.
* we don't want to write them if the secret is not saved, not required,
* or owned by a user's secret agent.
*/
if (vpn_secrets && nm_setting_get_secret_flags (setting, property, &flags, NULL)) {
if (flags & (NM_SETTING_SECRET_FLAG_NOT_SAVED | NM_SETTING_SECRET_FLAG_NOT_REQUIRED))
continue;
if (vpn_secrets) {
NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE;
nm_setting_get_secret_flags (setting, property, &secret_flags, NULL);
if (secret_flags != NM_SETTING_SECRET_FLAG_NONE)
write_item = FALSE;
}
g_key_file_set_string (file, group_name, property, data);
if (write_item)
g_key_file_set_string (file, group_name, property, data);
}
}
@ -799,7 +804,6 @@ write_setting_value (NMSetting *setting,
GType type = G_VALUE_TYPE (value);
KeyWriter *writer = &key_writers[0];
GParamSpec *pspec;
NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
/* Setting name gets picked up from the keyfile's section name instead */
if (!strcmp (key, NM_SETTING_NAME))
@ -822,12 +826,17 @@ write_setting_value (NMSetting *setting,
}
/* Don't write secrets that are owned by user secret agents or aren't
* supposed to be saved.
* supposed to be saved. VPN secrets are handled specially though since
* the secret flags there are in a third-level hash in the 'secrets'
* property.
*/
if ( (pspec->flags & NM_SETTING_PARAM_SECRET)
&& nm_setting_get_secret_flags (setting, key, &flags, NULL)
&& (flags != NM_SETTING_SECRET_FLAG_NONE))
return;
if (pspec->flags & NM_SETTING_PARAM_SECRET && !NM_IS_SETTING_VPN (setting)) {
NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE;
nm_setting_get_secret_flags (setting, key, &secret_flags, NULL);
if (secret_flags != NM_SETTING_SECRET_FLAG_NONE)
return;
}
/* Look through the list of handlers for non-standard format key values */
while (writer->setting_name) {