ifcfg: merge branch 'th/ifcfg-8021x-system-ca-certs'

src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c

@@ -3506,6 +3506,11 @@ next:
 		return NULL;
 	}
 
+	g_object_set (s_8021x,
+	              NM_SETTING_802_1X_SYSTEM_CA_CERTS,
+	              svGetValueBoolean (ifcfg, "IEEE_8021X_SYSTEM_CA_CERTS", FALSE),
+	              NULL);
+
 	nm_clear_g_free (&value);
 	v = svGetValueStr (ifcfg, "IEEE_8021X_SUBJECT_MATCH", &value);
 	g_object_set (s_8021x, NM_SETTING_802_1X_SUBJECT_MATCH, v, NULL);

src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c

@@ -419,35 +419,37 @@ write_8021x_setting (NMConnection *connection,
 	            nm_setting_802_1x_get_password_raw_flags (s_8021x));
 	g_free (tmp);
 
-	/* PEAP version */
+	svSetValueBoolean_cond_true (ifcfg,
+	                             "IEEE_8021X_SYSTEM_CA_CERTS",
+	                             nm_setting_802_1x_get_system_ca_certs (s_8021x));
+
 	value = nm_setting_802_1x_get_phase1_peapver (s_8021x);
-	svUnsetValue (ifcfg, "IEEE_8021X_PEAP_VERSION");
+	if (NM_IN_STRSET (value, "0", "1"))
-	if (value && (!strcmp (value, "0") || !strcmp (value, "1")))
 		svSetValueStr (ifcfg, "IEEE_8021X_PEAP_VERSION", value);
+	else
+		svUnsetValue (ifcfg, "IEEE_8021X_PEAP_VERSION");
 
-	/* Force new PEAP label */
+	svSetValueBoolean_cond_true (ifcfg,
-	value = nm_setting_802_1x_get_phase1_peaplabel (s_8021x);
+	                             "IEEE_8021X_PEAP_FORCE_NEW_LABEL",
-	svUnsetValue (ifcfg, "IEEE_8021X_PEAP_FORCE_NEW_LABEL");
+	                             nm_streq0 (nm_setting_802_1x_get_phase1_peaplabel (s_8021x), "1"));
-	if (value && !strcmp (value, "1"))
-		svSetValueStr (ifcfg, "IEEE_8021X_PEAP_FORCE_NEW_LABEL", "yes");
 
-	/* PAC file */
+	svSetValueStr (ifcfg,
-	value = nm_setting_802_1x_get_pac_file (s_8021x);
+	               "IEEE_8021X_PAC_FILE",
-	svUnsetValue (ifcfg, "IEEE_8021X_PAC_FILE");
+	               nm_setting_802_1x_get_pac_file (s_8021x));
-	if (value)
-		svSetValueStr (ifcfg, "IEEE_8021X_PAC_FILE", value);
 
 	/* FAST PAC provisioning */
 	value = nm_setting_802_1x_get_phase1_fast_provisioning (s_8021x);
-	svUnsetValue (ifcfg, "IEEE_8021X_FAST_PROVISIONING");
 	if (value) {
 		if (strcmp (value, "1") == 0)
-			svSetValueStr (ifcfg, "IEEE_8021X_FAST_PROVISIONING", "allow-unauth");
+			value = "allow-unauth";
 		else if (strcmp (value, "2") == 0)
-			svSetValueStr (ifcfg, "IEEE_8021X_FAST_PROVISIONING", "allow-auth");
+			value = "allow-auth";
 		else if (strcmp (value, "3") == 0)
-			svSetValueStr (ifcfg, "IEEE_8021X_FAST_PROVISIONING", "allow-unauth allow-auth");
+			value = "allow-unauth allow-auth";
+		else
+			value = NULL;
 	}
+	svSetValueStr (ifcfg, "IEEE_8021X_FAST_PROVISIONING", value);
 
 	/* Phase2 auth methods */
 	svUnsetValue (ifcfg, "IEEE_8021X_INNER_AUTH_METHODS");
@@ -524,10 +526,9 @@ write_8021x_setting (NMConnection *connection,
 	vint = nm_setting_802_1x_get_auth_timeout (s_8021x);
 	svSetValueInt64_cond (ifcfg, "IEEE_8021X_AUTH_TIMEOUT", vint > 0, vint);
 
-	if (nm_setting_802_1x_get_optional (s_8021x))
+	svSetValueBoolean_cond_true (ifcfg,
-		svSetValueBoolean (ifcfg, "IEEE_8021X_OPTIONAL", TRUE);
+	                             "IEEE_8021X_OPTIONAL",
-	else
+	                             nm_setting_802_1x_get_optional (s_8021x));
-		svUnsetValue (ifcfg, "IEEE_8021X_OPTIONAL");
 
 	if (!write_8021x_certs (s_8021x, secrets, blobs, FALSE, ifcfg, error))
 		return FALSE;

src/settings/plugins/ifcfg-rh/shvar.c

@@ -1337,6 +1337,12 @@ svSetValueBoolean (shvarFile *s, const char *key, gboolean value)
 	return svSetValue (s, key, value ? "yes" : "no");
 }
 
+gboolean
+svSetValueBoolean_cond_true (shvarFile *s, const char *key, gboolean value)
+{
+	return svSetValue (s, key, value ? "yes" : NULL);
+}
+
 gboolean
 svSetValueEnum (shvarFile *s, const char *key, GType gtype, int value)
 {

src/settings/plugins/ifcfg-rh/shvar.h

@@ -72,6 +72,7 @@ gboolean svGetValueEnum (shvarFile *s, const char *key,
 gboolean svSetValue (shvarFile *s, const char *key, const char *value);
 gboolean svSetValueStr (shvarFile *s, const char *key, const char *value);
 gboolean svSetValueBoolean (shvarFile *s, const char *key, gboolean value);
+gboolean svSetValueBoolean_cond_true (shvarFile *s, const char *key, gboolean value);
 gboolean svSetValueInt64 (shvarFile *s, const char *key, gint64 value);
 gboolean svSetValueInt64_cond (shvarFile *s, const char *key, gboolean do_set, gint64 value);
 gboolean svSetValueEnum (shvarFile *s, const char *key, GType gtype, int value);