From c0387ffbc50c67a3a11c9a5d6f24fff59c4b9a83 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Mon, 23 May 2011 13:45:51 -0500 Subject: [PATCH] core: treat VPN secrets without flags as system-owned All non-VPN secrets are considered system-owned if they do not have any explicitly set secret flags, and this makes VPN secrets treated the same way. As part of the import process plugins and the applet already update secret flags. This ensures that VPN secrets are treated consistently throughout the codebase. --- src/settings/nm-agent-manager.c | 8 +++---- src/settings/nm-settings-connection.c | 33 +++++++++++++-------------- src/settings/plugins/keyfile/writer.c | 33 +++++++++++++++++---------- 3 files changed, 41 insertions(+), 33 deletions(-) diff --git a/src/settings/nm-agent-manager.c b/src/settings/nm-agent-manager.c index 5a1dfcba20..8a5ea1068a 100644 --- a/src/settings/nm-agent-manager.c +++ b/src/settings/nm-agent-manager.c @@ -846,10 +846,10 @@ check_system_secrets_cb (NMSetting *setting, /* VPNs are special; need to handle each secret separately */ g_hash_table_iter_init (&iter, (GHashTable *) g_value_get_boxed (value)); while (g_hash_table_iter_next (&iter, (gpointer *) &secret_name, NULL)) { - if (nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL)) { - if (secret_flags == NM_SETTING_SECRET_FLAG_NONE) - *has_system = TRUE; - } + secret_flags = NM_SETTING_SECRET_FLAG_NONE; + nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL); + if (secret_flags == NM_SETTING_SECRET_FLAG_NONE) + *has_system = TRUE; } } else { nm_setting_get_secret_flags (setting, key, &secret_flags, NULL); diff --git a/src/settings/nm-settings-connection.c b/src/settings/nm-settings-connection.c index 9c23ebed6a..6f54e330e5 100644 --- a/src/settings/nm-settings-connection.c +++ b/src/settings/nm-settings-connection.c @@ -178,10 +178,10 @@ only_system_secrets_cb (NMSetting *setting, g_hash_table_iter_init (&iter, (GHashTable *) g_value_get_boxed (value)); while (g_hash_table_iter_next (&iter, (gpointer *) &secret_name, NULL)) { - if (nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL)) { - if (secret_flags != NM_SETTING_SECRET_FLAG_NONE) - nm_setting_vpn_remove_secret (NM_SETTING_VPN (setting), secret_name); - } + secret_flags = NM_SETTING_SECRET_FLAG_NONE; + nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL); + if (secret_flags != NM_SETTING_SECRET_FLAG_NONE) + nm_setting_vpn_remove_secret (NM_SETTING_VPN (setting), secret_name); } } else { nm_setting_get_secret_flags (setting, key, &secret_flags, NULL); @@ -482,7 +482,7 @@ for_each_secret (NMConnection *connection, /* Walk through the list of keys in each setting hash */ g_hash_table_iter_init (&secret_iter, setting_hash); while (g_hash_table_iter_next (&secret_iter, (gpointer) &secret_name, (gpointer) &val)) { - NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; + NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; /* VPN secrets need slightly different treatment here since the * "secrets" property is actually a hash table of secrets. @@ -493,16 +493,15 @@ for_each_secret (NMConnection *connection, /* Iterate through each secret from the VPN hash in the overall secrets hash */ g_hash_table_iter_init (&vpn_secrets_iter, g_value_get_boxed (val)); while (g_hash_table_iter_next (&vpn_secrets_iter, (gpointer) &secret_name, NULL)) { - if (nm_setting_get_secret_flags (setting, secret_name, &flags, NULL)) { - if (callback (&vpn_secrets_iter, flags, callback_data) == FALSE) - return; - } - } - } else { - if (nm_setting_get_secret_flags (setting, secret_name, &flags, NULL)) { - if (callback (&secret_iter, flags, callback_data) == FALSE) + secret_flags = NM_SETTING_SECRET_FLAG_NONE; + nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL); + if (callback (&vpn_secrets_iter, secret_flags, callback_data) == FALSE) return; } + } else { + nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL); + if (callback (&secret_iter, secret_flags, callback_data) == FALSE) + return; } } } @@ -1017,10 +1016,10 @@ only_agent_secrets_cb (NMSetting *setting, /* VPNs are special; need to handle each secret separately */ g_hash_table_iter_init (&iter, (GHashTable *) g_value_get_boxed (value)); while (g_hash_table_iter_next (&iter, (gpointer *) &secret_name, NULL)) { - if (nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL)) { - if (secret_flags != NM_SETTING_SECRET_FLAG_AGENT_OWNED) - nm_setting_vpn_remove_secret (NM_SETTING_VPN (setting), secret_name); - } + secret_flags = NM_SETTING_SECRET_FLAG_NONE; + nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL); + if (secret_flags != NM_SETTING_SECRET_FLAG_AGENT_OWNED) + nm_setting_vpn_remove_secret (NM_SETTING_VPN (setting), secret_name); } } else { nm_setting_get_secret_flags (setting, key, &secret_flags, NULL); diff --git a/src/settings/plugins/keyfile/writer.c b/src/settings/plugins/keyfile/writer.c index 5ecf5891cf..eeb145560d 100644 --- a/src/settings/plugins/keyfile/writer.c +++ b/src/settings/plugins/keyfile/writer.c @@ -453,17 +453,22 @@ write_hash_of_string (GKeyFile *file, g_hash_table_iter_init (&iter, (GHashTable *) g_value_get_boxed (value)); while (g_hash_table_iter_next (&iter, (gpointer *) &property, (gpointer *) &data)) { - NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; + gboolean write_item = TRUE; /* Handle VPN secrets specially; they are nested in the property's hash; - * we don't want to write them if the secret is not saved or not required. + * we don't want to write them if the secret is not saved, not required, + * or owned by a user's secret agent. */ - if (vpn_secrets && nm_setting_get_secret_flags (setting, property, &flags, NULL)) { - if (flags & (NM_SETTING_SECRET_FLAG_NOT_SAVED | NM_SETTING_SECRET_FLAG_NOT_REQUIRED)) - continue; + if (vpn_secrets) { + NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; + + nm_setting_get_secret_flags (setting, property, &secret_flags, NULL); + if (secret_flags != NM_SETTING_SECRET_FLAG_NONE) + write_item = FALSE; } - g_key_file_set_string (file, group_name, property, data); + if (write_item) + g_key_file_set_string (file, group_name, property, data); } } @@ -799,7 +804,6 @@ write_setting_value (NMSetting *setting, GType type = G_VALUE_TYPE (value); KeyWriter *writer = &key_writers[0]; GParamSpec *pspec; - NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; /* Setting name gets picked up from the keyfile's section name instead */ if (!strcmp (key, NM_SETTING_NAME)) @@ -822,12 +826,17 @@ write_setting_value (NMSetting *setting, } /* Don't write secrets that are owned by user secret agents or aren't - * supposed to be saved. + * supposed to be saved. VPN secrets are handled specially though since + * the secret flags there are in a third-level hash in the 'secrets' + * property. */ - if ( (pspec->flags & NM_SETTING_PARAM_SECRET) - && nm_setting_get_secret_flags (setting, key, &flags, NULL) - && (flags != NM_SETTING_SECRET_FLAG_NONE)) - return; + if (pspec->flags & NM_SETTING_PARAM_SECRET && !NM_IS_SETTING_VPN (setting)) { + NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; + + nm_setting_get_secret_flags (setting, key, &secret_flags, NULL); + if (secret_flags != NM_SETTING_SECRET_FLAG_NONE) + return; + } /* Look through the list of handlers for non-standard format key values */ while (writer->setting_name) {