fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-25 00:10:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

all: merge branch 'th/vpn-secrets-bgo790655'

Browse source 
https://bugzilla.gnome.org/show_bug.cgi?id=790655
This commit is contained in:
Thomas Haller 2017-11-23 14:51:16 +01:00
commit ca26d1ae07
23 changed files with 545 additions and 407 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Makefile.am
View file

@ -1066,6 +1066,7 @@ libnm_tests_test_remote_settings_client_CPPFLAGS = $(libnm_tests_cppflags)
libnm_tests_test_secret_agent_CPPFLAGS = $(libnm_tests_cppflags)
libnm_tests_test_general_SOURCES = \
shared/nm-utils/nm-compat.c \
libnm/tests/test-general.c
libnm_tests_test_nm_client_SOURCES = \
@ -4565,6 +4566,8 @@ EXTRA_DIST += \
shared/nm-utils/c-list-util.c \
shared/nm-utils/c-list-util.h \
shared/nm-utils/gsystem-local-alloc.h \
shared/nm-utils/nm-compat.c \
shared/nm-utils/nm-compat.h \
shared/nm-utils/nm-glib.h \
shared/nm-utils/nm-jansson.h \
shared/nm-utils/nm-obj.h \

2
clients/cli/agent.c
View file

@ -104,7 +104,7 @@ get_secrets_from_user (const char *request_id,
rl_startup_hook = set_deftext;
pre_input_deftext = g_strdup (secret->value);
}
pwd = nmc_readline ("%s (%s): ", secret->name, secret->prop_name);
pwd = nmc_readline ("%s (%s): ", secret->pretty_name, secret->entry_id);
/* No password provided, cancel the secrets. */
if (!pwd)

58
clients/cli/common.c
View file

@ -531,10 +531,10 @@ vpn_openconnect_get_secrets (NMConnection *connection, GPtrArray *secrets)
{
GError *error = NULL;
NMSettingVpn *s_vpn;
const char *vpn_type, *gw, *port;
char *cookie = NULL;
char *gateway = NULL;
char *gwcert = NULL;
const char *gw, *port;
gs_free char *cookie = NULL;
gs_free char *gateway = NULL;
gs_free char *gwcert = NULL;
int status = 0;
int i;
gboolean ret;
@ -546,8 +546,7 @@ vpn_openconnect_get_secrets (NMConnection *connection, GPtrArray *secrets)
return FALSE;
s_vpn = nm_connection_get_setting_vpn (connection);
vpn_type = nm_setting_vpn_get_service_type (s_vpn);
if (g_strcmp0 (vpn_type, NM_DBUS_INTERFACE ".openconnect"))
if (!nm_streq0 (nm_setting_vpn_get_service_type (s_vpn), NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT))
return FALSE;
/* Get gateway and port */
@ -570,34 +569,31 @@ vpn_openconnect_get_secrets (NMConnection *connection, GPtrArray *secrets)
/* Append port to the host value */
if (gateway && port) {
char *tmp = gateway;
gateway = g_strdup_printf ("%s%s", gateway, port);
g_free (tmp);
gs_free char *tmp = gateway;
gateway = g_strdup_printf ("%s%s", tmp, port);
}
/* Fill secrets to the array */
for (i = 0; i < secrets->len; i++) {
NMSecretAgentSimpleSecret *secret = secrets->pdata[i];
if (!g_strcmp0 (secret->vpn_type, vpn_type)) {
if (!g_strcmp0 (secret->vpn_property, "cookie")) {
g_free (secret->value);
secret->value = cookie;
cookie = NULL;
} else if (!g_strcmp0 (secret->vpn_property, "gateway")) {
g_free (secret->value);
secret->value = gateway;
gateway = NULL;
} else if (!g_strcmp0 (secret->vpn_property, "gwcert")) {
g_free (secret->value);
secret->value = gwcert;
gwcert = NULL;
}
if (secret->secret_type != NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET)
continue;
if (!nm_streq0 (secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT))
continue;
if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "cookie")) {
g_free (secret->value);
secret->value = g_steal_pointer (&cookie);
} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gateway")) {
g_free (secret->value);
secret->value = g_steal_pointer (&gateway);
} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gwcert")) {
g_free (secret->value);
secret->value = g_steal_pointer (&gwcert);
}
}
g_free (cookie);
g_free (gateway);
g_free (gwcert);
return TRUE;
}
@ -624,7 +620,7 @@ get_secrets_from_user (const char *request_id,
/* First try to find the password in provided passwords file,
* then ask user. */
if (pwds_hash && (pwd = g_hash_table_lookup (pwds_hash, secret->prop_name))) {
if (pwds_hash && (pwd = g_hash_table_lookup (pwds_hash, secret->entry_id))) {
pwd = g_strdup (pwd);
} else {
if (ask) {
@ -640,8 +636,10 @@ get_secrets_from_user (const char *request_id,
}
if (msg)
g_print ("%s\n", msg);
pwd = nmc_readline_echo (secret->password ? echo_on : TRUE,
"%s (%s): ", secret->name, secret->prop_name);
pwd = nmc_readline_echo (secret->is_secret
? echo_on
: TRUE,
"%s (%s): ", secret->pretty_name, secret->entry_id);
if (!pwd)
pwd = g_strdup ("");
} else {
@ -649,7 +647,7 @@ get_secrets_from_user (const char *request_id,
g_print ("%s\n", msg);
g_printerr (_("Warning: password for '%s' not given in 'passwd-file' "
"and nmcli cannot ask without '--ask' option.\n"),
secret->prop_name);
secret->entry_id);
}
}
/* No password provided, cancel the secrets. */

220
clients/common/nm-secret-agent-simple.c
View file

@ -147,7 +147,6 @@ strv_has (gchar **haystack,
typedef struct {
NMSecretAgentSimpleSecret base;
NMSetting *setting;
char *property;
} NMSecretAgentSimpleSecretReal;
@ -157,11 +156,10 @@ nm_secret_agent_simple_secret_free (NMSecretAgentSimpleSecret *secret)
{
NMSecretAgentSimpleSecretReal *real = (NMSecretAgentSimpleSecretReal *)secret;
g_free (secret->name);
g_free (secret->prop_name);
g_free ((char *) secret->pretty_name);
g_free ((char *) secret->entry_id);
g_free (secret->value);
g_free (secret->vpn_property);
g_free (secret->vpn_type);
g_free ((char *) secret->vpn_type);
g_free (real->property);
g_clear_object (&real->setting);
@ -169,33 +167,45 @@ nm_secret_agent_simple_secret_free (NMSecretAgentSimpleSecret *secret)
}
static NMSecretAgentSimpleSecret *
nm_secret_agent_simple_secret_new (const char *name,
nm_secret_agent_simple_secret_new (NMSecretAgentSecretType secret_type,
const char *pretty_name,
NMSetting *setting,
const char *property,
const char *vpn_property,
const char *vpn_type,
gboolean password)
const char *vpn_type)
{
NMSecretAgentSimpleSecretReal *real;
const char *vpn_prefix;
const char *value;
nm_assert (property);
nm_assert (NM_IS_SETTING (setting));
real = g_slice_new0 (NMSecretAgentSimpleSecretReal);
real->base.name = g_strdup (name);
real->base.prop_name = vpn_property ?
g_strdup_printf ("%s.%s.%s", nm_setting_get_name (setting), property, vpn_property) :
g_strdup_printf ("%s.%s", nm_setting_get_name (setting), property);
real->base.vpn_property = g_strdup (vpn_property);
real->base.vpn_type = g_strdup (vpn_type);
real->base.password = password;
if (setting) {
real->setting = g_object_ref (setting);
real->property = g_strdup (property);
if (vpn_property)
real->base.value = g_strdup (nm_setting_vpn_get_secret (NM_SETTING_VPN (setting), vpn_property));
else
g_object_get (setting, property, &real->base.value, NULL);
*((NMSecretAgentSecretType *) &real->base.secret_type) = secret_type;
real->setting = g_object_ref (setting);
real->base.pretty_name = g_strdup (pretty_name);
real->property = g_strdup (property);
switch (secret_type) {
case NM_SECRET_AGENT_SECRET_TYPE_PROPERTY:
case NM_SECRET_AGENT_SECRET_TYPE_SECRET:
nm_assert (!vpn_type);
nm_assert (g_object_class_find_property (G_OBJECT_GET_CLASS (setting), property));
nm_assert ((secret_type == NM_SECRET_AGENT_SECRET_TYPE_SECRET) == nm_setting_get_secret_flags (setting, property, NULL, NULL));
real->base.entry_id = g_strdup_printf ("%s.%s", nm_setting_get_name (setting), property);
g_object_get (setting, property, &real->base.value, NULL);
real->base.is_secret = (secret_type != NM_SECRET_AGENT_SECRET_TYPE_PROPERTY);
break;
case NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET:
vpn_prefix = NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET;
value = nm_setting_vpn_get_secret (NM_SETTING_VPN (setting), property);
real->base.entry_id = g_strdup_printf ("%s%s", vpn_prefix, property);
nm_assert (vpn_type);
real->base.vpn_type = g_strdup (vpn_type);
real->base.value = g_strdup (value);
real->base.is_secret = TRUE;
break;
}
nm_assert (real->base.entry_id);
return &real->base;
}
@ -220,37 +230,33 @@ add_8021x_secrets (NMSecretAgentSimpleRequest *request,
* is not visible here since we only care about phase2 authentication
* (and don't even care of which one)
*/
secret = nm_secret_agent_simple_secret_new (_("Username"),
secret = nm_secret_agent_simple_secret_new (NM_SECRET_AGENT_SECRET_TYPE_PROPERTY,
_("Username"),
NM_SETTING (s_8021x),
NM_SETTING_802_1X_IDENTITY,
NULL,
NULL,
FALSE);
NULL);
g_ptr_array_add (secrets, secret);
secret = nm_secret_agent_simple_secret_new (_("Password"),
secret = nm_secret_agent_simple_secret_new (NM_SECRET_AGENT_SECRET_TYPE_SECRET,
_("Password"),
NM_SETTING (s_8021x),
NM_SETTING_802_1X_PASSWORD,
NULL,
NULL,
TRUE);
NULL);
g_ptr_array_add (secrets, secret);
return TRUE;
}
if (!strcmp (eap_method, "tls")) {
secret = nm_secret_agent_simple_secret_new (_("Identity"),
secret = nm_secret_agent_simple_secret_new (NM_SECRET_AGENT_SECRET_TYPE_PROPERTY,
_("Identity"),
NM_SETTING (s_8021x),
NM_SETTING_802_1X_IDENTITY,
NULL,
NULL,
FALSE);
NULL);
g_ptr_array_add (secrets, secret);
secret = nm_secret_agent_simple_secret_new (_("Private key password"),
secret = nm_secret_agent_simple_secret_new (NM_SECRET_AGENT_SECRET_TYPE_SECRET,
_("Private key password"),
NM_SETTING (s_8021x),
NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD,
NULL,
NULL,
TRUE);
NULL);
g_ptr_array_add (secrets, secret);
return TRUE;
}
@ -270,12 +276,11 @@ add_wireless_secrets (NMSecretAgentSimpleRequest *request,
return FALSE;
if (!strcmp (key_mgmt, "wpa-none") || !strcmp (key_mgmt, "wpa-psk")) {
secret = nm_secret_agent_simple_secret_new (_("Password"),
secret = nm_secret_agent_simple_secret_new (NM_SECRET_AGENT_SECRET_TYPE_SECRET,
_("Password"),
NM_SETTING (s_wsec),
NM_SETTING_WIRELESS_SECURITY_PSK,
NULL,
NULL,
TRUE);
NULL);
g_ptr_array_add (secrets, secret);
return TRUE;
}
@ -286,12 +291,11 @@ add_wireless_secrets (NMSecretAgentSimpleRequest *request,
index = nm_setting_wireless_security_get_wep_tx_keyidx (s_wsec);
key = g_strdup_printf ("wep-key%d", index);
secret = nm_secret_agent_simple_secret_new (_("Key"),
secret = nm_secret_agent_simple_secret_new (NM_SECRET_AGENT_SECRET_TYPE_SECRET,
_("Key"),
NM_SETTING (s_wsec),
key,
NULL,
NULL,
TRUE);
NULL);
g_free (key);
g_ptr_array_add (secrets, secret);
@ -300,12 +304,11 @@ add_wireless_secrets (NMSecretAgentSimpleRequest *request,
if (!strcmp (key_mgmt, "iee8021x")) {
if (!g_strcmp0 (nm_setting_wireless_security_get_auth_alg (s_wsec), "leap")) {
secret = nm_secret_agent_simple_secret_new (_("Password"),
secret = nm_secret_agent_simple_secret_new (NM_SECRET_AGENT_SECRET_TYPE_SECRET,
_("Password"),
NM_SETTING (s_wsec),
NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD,
NULL,
NULL,
TRUE);
NULL);
g_ptr_array_add (secrets, secret);
return TRUE;
} else
@ -325,26 +328,23 @@ add_pppoe_secrets (NMSecretAgentSimpleRequest *request,
NMSettingPppoe *s_pppoe = nm_connection_get_setting_pppoe (request->connection);
NMSecretAgentSimpleSecret *secret;
secret = nm_secret_agent_simple_secret_new (_("Username"),
secret = nm_secret_agent_simple_secret_new (NM_SECRET_AGENT_SECRET_TYPE_PROPERTY,
_("Username"),
NM_SETTING (s_pppoe),
NM_SETTING_PPPOE_USERNAME,
NULL,
NULL,
FALSE);
NULL);
g_ptr_array_add (secrets, secret);
secret = nm_secret_agent_simple_secret_new (_("Service"),
secret = nm_secret_agent_simple_secret_new (NM_SECRET_AGENT_SECRET_TYPE_PROPERTY,
_("Service"),
NM_SETTING (s_pppoe),
NM_SETTING_PPPOE_SERVICE,
NULL,
NULL,
FALSE);
NULL);
g_ptr_array_add (secrets, secret);
secret = nm_secret_agent_simple_secret_new (_("Password"),
secret = nm_secret_agent_simple_secret_new (NM_SECRET_AGENT_SECRET_TYPE_SECRET,
_("Password"),
NM_SETTING (s_pppoe),
NM_SETTING_PPPOE_PASSWORD,
NULL,
NULL,
TRUE);
NULL);
g_ptr_array_add (secrets, secret);
return TRUE;
}
@ -369,23 +369,27 @@ add_vpn_secret_helper (GPtrArray *secrets, NMSettingVpn *s_vpn, const char *name
NMSettingSecretFlags flags;
int i;
/* Check for duplicates */
for (i = 0; i < secrets->len; i++) {
secret = secrets->pdata[i];
if (g_strcmp0 (secret->vpn_property, name) == 0)
return;
}
flags = get_vpn_secret_flags (s_vpn, name);
if ( flags & NM_SETTING_SECRET_FLAG_AGENT_OWNED
|| flags & NM_SETTING_SECRET_FLAG_NOT_SAVED) {
secret = nm_secret_agent_simple_secret_new (ui_name,
secret = nm_secret_agent_simple_secret_new (NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET,
ui_name,
NM_SETTING (s_vpn),
NM_SETTING_VPN_SECRETS,
name,
nm_setting_vpn_get_service_type (s_vpn),
TRUE);
nm_setting_vpn_get_service_type (s_vpn));
/* Check for duplicates */
for (i = 0; i < secrets->len; i++) {
NMSecretAgentSimpleSecret *s = secrets->pdata[i];
if ( s->secret_type == secret->secret_type
&& nm_streq0 (s->vpn_type, secret->vpn_type)
&& nm_streq0 (s->entry_id, secret->entry_id)) {
nm_secret_agent_simple_secret_free (secret);
return;
}
}
g_ptr_array_add (secrets, secret);
}
}
@ -489,24 +493,22 @@ request_secrets_from_ui (NMSecretAgentSimpleRequest *request)
title = _("PIN code required");
msg = g_strdup (_("PIN code is needed for the mobile broadband device"));
secret = nm_secret_agent_simple_secret_new (_("PIN"),
secret = nm_secret_agent_simple_secret_new (NM_SECRET_AGENT_SECRET_TYPE_PROPERTY,
_("PIN"),
NM_SETTING (s_gsm),
NM_SETTING_GSM_PIN,
NULL,
NULL,
FALSE);
NULL);
g_ptr_array_add (secrets, secret);
} else {
title = _("Mobile broadband network password");
msg = g_strdup_printf (_("A password is required to connect to '%s'."),
nm_connection_get_id (request->connection));
secret = nm_secret_agent_simple_secret_new (_("Password"),
secret = nm_secret_agent_simple_secret_new (NM_SECRET_AGENT_SECRET_TYPE_SECRET,
_("Password"),
NM_SETTING (s_gsm),
NM_SETTING_GSM_PASSWORD,
NULL,
NULL,
TRUE);
NULL);
g_ptr_array_add (secrets, secret);
}
} else if (nm_connection_is_type (request->connection, NM_SETTING_MACSEC_SETTING_NAME)) {
@ -517,12 +519,11 @@ request_secrets_from_ui (NMSecretAgentSimpleRequest *request)
if (nm_setting_macsec_get_mode (s_macsec) == NM_SETTING_MACSEC_MODE_PSK) {
title = _("MACsec PSK authentication");
secret = nm_secret_agent_simple_secret_new (_("MKA CAK"),
secret = nm_secret_agent_simple_secret_new (NM_SECRET_AGENT_SECRET_TYPE_SECRET,
_("MKA CAK"),
NM_SETTING (s_macsec),
NM_SETTING_MACSEC_MKA_CAK,
NULL,
NULL,
TRUE);
NULL);
g_ptr_array_add (secrets, secret);
} else {
title = _("MACsec EAP authentication");
@ -535,12 +536,11 @@ request_secrets_from_ui (NMSecretAgentSimpleRequest *request)
msg = g_strdup_printf (_("A password is required to connect to '%s'."),
nm_connection_get_id (request->connection));
secret = nm_secret_agent_simple_secret_new (_("Password"),
secret = nm_secret_agent_simple_secret_new (NM_SECRET_AGENT_SECRET_TYPE_SECRET,
_("Password"),
NM_SETTING (s_cdma),
NM_SETTING_CDMA_PASSWORD,
NULL,
NULL,
TRUE);
NULL);
g_ptr_array_add (secrets, secret);
} else if (nm_connection_is_type (request->connection, NM_SETTING_BLUETOOTH_SETTING_NAME)) {
NMSetting *setting = NULL;
@ -558,12 +558,11 @@ request_secrets_from_ui (NMSecretAgentSimpleRequest *request)
msg = g_strdup_printf (_("A password is required to connect to '%s'."),
nm_connection_get_id (request->connection));
secret = nm_secret_agent_simple_secret_new (_("Password"),
secret = nm_secret_agent_simple_secret_new (NM_SECRET_AGENT_SECRET_TYPE_SECRET,
_("Password"),
setting,
"password",
NULL,
NULL,
TRUE);
NULL);
g_ptr_array_add (secrets, secret);
} else
ok = FALSE;
@ -690,9 +689,7 @@ nm_secret_agent_simple_response (NMSecretAgentSimple *self,
GHashTable *settings;
GHashTableIter iter;
const char *name;
const char *vpn_secrets_base_name = NULL;
g_variant_builder_init (&vpn_secrets_builder, G_VARIANT_TYPE ("a{ss}"));
gboolean has_vpn = FALSE;
settings = g_hash_table_new (nm_str_hash, g_str_equal);
for (i = 0; i < secrets->len; i++) {
@ -705,22 +702,27 @@ nm_secret_agent_simple_response (NMSecretAgentSimple *self,
setting_builder);
}
if (secret->base.vpn_property) {
/* VPN secrets need slightly different treatment.
* "secrets" property is actually a hash table of secrets. */
vpn_secrets_base_name = secret->property;
g_variant_builder_add (&vpn_secrets_builder, "{ss}",
secret->base.vpn_property, secret->base.value);
} else {
switch (secret->base.secret_type) {
case NM_SECRET_AGENT_SECRET_TYPE_PROPERTY:
case NM_SECRET_AGENT_SECRET_TYPE_SECRET:
g_variant_builder_add (setting_builder, "{sv}",
secret->property,
g_variant_new_string (secret->base.value));
break;
case NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET:
if (!has_vpn) {
g_variant_builder_init (&vpn_secrets_builder, G_VARIANT_TYPE ("a{ss}"));
has_vpn = TRUE;
}
g_variant_builder_add (&vpn_secrets_builder, "{ss}",
secret->property, secret->base.value);
break;
}
}
if (vpn_secrets_base_name) {
if (has_vpn) {
g_variant_builder_add (setting_builder, "{sv}",
vpn_secrets_base_name,
"secrets",
g_variant_builder_end (&vpn_secrets_builder));
}

20
clients/common/nm-secret-agent-simple.h
View file

@ -42,13 +42,25 @@ typedef struct {
} NMSecretAgentSimpleClass;
typedef enum {
NM_SECRET_AGENT_SECRET_TYPE_PROPERTY,
NM_SECRET_AGENT_SECRET_TYPE_SECRET,
NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET,
} NMSecretAgentSecretType;
typedef struct {
char *name, *prop_name, *value;
char *vpn_property;
char *vpn_type;
gboolean password;
const NMSecretAgentSecretType secret_type;
const char *pretty_name;
const char *entry_id;
char *value;
const char *vpn_type;
gboolean is_secret;
} NMSecretAgentSimpleSecret;
#define NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "vpn.secret."
#define NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT NM_DBUS_INTERFACE".openconnect"
GType nm_secret_agent_simple_get_type (void);
NMSecretAgentOld *nm_secret_agent_simple_new (const char *name);

4
clients/tui/nmt-password-dialog.c
View file

@ -144,12 +144,12 @@ nmt_password_dialog_constructed (GObject *object)
NMSecretAgentSimpleSecret *secret = priv->secrets->pdata[i];
NmtNewtEntryFlags flags;
widget = nmt_newt_label_new (secret->name);
widget = nmt_newt_label_new (secret->pretty_name);
nmt_newt_grid_add (secret_grid, widget, 0, i);
nmt_newt_widget_set_padding (widget, 4, 0, 1, 0);
flags = NMT_NEWT_ENTRY_NONEMPTY;
if (secret->password)
if (secret->is_secret)
flags |= NMT_NEWT_ENTRY_PASSWORD;
widget = nmt_newt_entry_new (30, flags);
if (secret->value)

43
clients/tui/nmtui-connect.c
View file

@ -100,41 +100,38 @@ secrets_requested (NMSecretAgentSimple *agent,
{
NmtNewtForm *form;
NMConnection *connection = NM_CONNECTION (user_data);
char *cookie = NULL;
char *gateway = NULL;
char *gwcert = NULL;
int i;
/* Get secrets for OpenConnect VPN */
if (connection && nm_connection_is_type (connection, NM_SETTING_VPN_SETTING_NAME)) {
if ( connection
&& nm_connection_is_type (connection, NM_SETTING_VPN_SETTING_NAME)) {
NMSettingVpn *s_vpn = nm_connection_get_setting_vpn (connection);
const char *vpn_type = nm_setting_vpn_get_service_type (s_vpn);
if (!g_strcmp0 (vpn_type, NM_DBUS_INTERFACE ".openconnect")) {
if (nm_streq0 (nm_setting_vpn_get_service_type (s_vpn), NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT)) {
gs_free char *cookie = NULL;
gs_free char *gateway = NULL;
gs_free char *gwcert = NULL;
openconnect_authenticate (connection, &cookie, &gateway, &gwcert);
for (i = 0; i < secrets->len; i++) {
NMSecretAgentSimpleSecret *secret = secrets->pdata[i];
if (!g_strcmp0 (secret->vpn_type, NM_DBUS_INTERFACE ".openconnect")) {
if (!g_strcmp0 (secret->vpn_property, "cookie")) {
g_free (secret->value);
secret->value = cookie;
cookie = NULL;
} else if (!g_strcmp0 (secret->vpn_property, "gateway")) {
g_free (secret->value);
secret->value = gateway;
gateway = NULL;
} else if (!g_strcmp0 (secret->vpn_property, "gwcert")) {
g_free (secret->value);
secret->value = gwcert;
gwcert = NULL;
}
if (secret->secret_type != NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET)
continue;
if (!nm_streq0 (secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT))
continue;
if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "cookie")) {
g_free (secret->value);
secret->value = g_steal_pointer (&cookie);
} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gateway")) {
g_free (secret->value);
secret->value = g_steal_pointer (&gateway);
} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gwcert")) {
g_free (secret->value);
secret->value = g_steal_pointer (&gwcert);
}
}
g_free (cookie);
g_free (gateway);
g_free (gwcert);
}
}

151
libnm-core/nm-setting-vpn.c
View file

@ -155,6 +155,39 @@ nm_setting_vpn_get_persistent (NMSettingVpn *setting)
return NM_SETTING_VPN_GET_PRIVATE (setting)->persistent;
}
static const char **
_get_keys (NMSettingVpn *setting,
gboolean is_secrets,
guint *out_length)
{
NMSettingVpnPrivate *priv;
GHashTable *hash;
const char **keys;
guint len;
nm_assert (NM_IS_SETTING_VPN (setting));
priv = NM_SETTING_VPN_GET_PRIVATE (setting);
hash = is_secrets ? priv->secrets : priv->data;
if (!g_hash_table_size (hash)) {
NM_SET_OUT (out_length, 0);
return NULL;
}
keys = (const char **) g_hash_table_get_keys_as_array (hash, &len);
if (len > 1) {
g_qsort_with_data (keys,
len,
sizeof (const char *),
nm_strcmp_p_with_data,
NULL);
}
NM_SET_OUT (out_length, len);
return keys;
}
/**
* nm_setting_vpn_get_num_data_items:
* @setting: the #NMSettingVpn
@ -215,6 +248,28 @@ nm_setting_vpn_get_data_item (NMSettingVpn *setting, const char *key)
return (const char *) g_hash_table_lookup (NM_SETTING_VPN_GET_PRIVATE (setting)->data, key);
}
/**
* nm_setting_vpn_get_data_keys:
* @setting: the #NMSettingVpn
* @out_length: (allow-none): (out): the length of the returned array
*
* Retrieves every data key inside @setting, as an array.
*
* Returns: (array length=out_length) (transfer container): a
* %NULL-terminated array containing each data key or %NULL if
* there are no data items.
*
* Since: 1.12
*/
const char **
nm_setting_vpn_get_data_keys (NMSettingVpn *setting,
guint *out_length)
{
g_return_val_if_fail (NM_IS_SETTING_VPN (setting), NULL);
return _get_keys (setting, FALSE, out_length);
}
/**
* nm_setting_vpn_remove_data_item:
* @setting: the #NMSettingVpn
@ -240,32 +295,52 @@ nm_setting_vpn_remove_data_item (NMSettingVpn *setting, const char *key)
}
static void
foreach_item_helper (GHashTable *hash,
foreach_item_helper (NMSettingVpn *self,
gboolean is_secrets,
NMVpnIterFunc func,
gpointer user_data)
{
GList *keys, *liter;
GSList *copied = NULL, *siter;
NMSettingVpnPrivate *priv;
guint len, i;
gs_strfreev char **keys = NULL;
GHashTable *hash;
g_return_if_fail (hash != NULL);
nm_assert (NM_IS_SETTING_VPN (self));
nm_assert (func);
/* Grab keys and copy them so that the callback func can modify
* the hash table items if it wants to.
*/
keys = g_hash_table_get_keys (hash);
for (liter = keys; liter; liter = g_list_next (liter))
copied = g_slist_prepend (copied, g_strdup (liter->data));
copied = g_slist_reverse (copied);
g_list_free (keys);
priv = NM_SETTING_VPN_GET_PRIVATE (self);
for (siter = copied; siter; siter = g_slist_next (siter)) {
gpointer value;
value = g_hash_table_lookup (hash, siter->data);
func (siter->data, value, user_data);
if (is_secrets) {
keys = (char **) nm_setting_vpn_get_secret_keys (self, &len);
hash = priv->secrets;
} else {
keys = (char **) nm_setting_vpn_get_data_keys (self, &len);
hash = priv->data;
}
g_slist_free_full (copied, g_free);
if (!len) {
nm_assert (!keys);
return;
}
for (i = 0; i < len; i++) {
nm_assert (keys[i]);
keys[i] = g_strdup (keys[i]);
}
nm_assert (!keys[i]);
for (i = 0; i < len; i++) {
const char *value;
value = g_hash_table_lookup (hash, keys[i]);
/* XXX: note that we call the function with a clone of @key,
* not with the actual key from the dictionary.
*
* The @value on the other hand, is actually inside our dictionary,
* it's not a clone. However, it might be %NULL, in case the key was
* deleted while iterating. */
func (keys[i], value, user_data);
}
}
/**
@ -284,8 +359,9 @@ nm_setting_vpn_foreach_data_item (NMSettingVpn *setting,
gpointer user_data)
{
g_return_if_fail (NM_IS_SETTING_VPN (setting));
g_return_if_fail (func);
foreach_item_helper (NM_SETTING_VPN_GET_PRIVATE (setting)->data, func, user_data);
foreach_item_helper (setting, FALSE, func, user_data);
}
/**
@ -347,6 +423,28 @@ nm_setting_vpn_get_secret (NMSettingVpn *setting, const char *key)
return (const char *) g_hash_table_lookup (NM_SETTING_VPN_GET_PRIVATE (setting)->secrets, key);
}
/**
* nm_setting_vpn_get_secret_keys:
* @setting: the #NMSettingVpn
* @out_length: (allow-none): (out): the length of the returned array
*
* Retrieves every secret key inside @setting, as an array.
*
* Returns: (array length=out_length) (transfer container): a
* %NULL-terminated array containing each secret key or %NULL if
* there are no secrets.
*
* Since: 1.12
*/
const char **
nm_setting_vpn_get_secret_keys (NMSettingVpn *setting,
guint *out_length)
{
g_return_val_if_fail (NM_IS_SETTING_VPN (setting), NULL);
return _get_keys (setting, TRUE, out_length);
}
/**
* nm_setting_vpn_remove_secret:
* @setting: the #NMSettingVpn
@ -387,8 +485,9 @@ nm_setting_vpn_foreach_secret (NMSettingVpn *setting,
gpointer user_data)
{
g_return_if_fail (NM_IS_SETTING_VPN (setting));
g_return_if_fail (func);
foreach_item_helper (NM_SETTING_VPN_GET_PRIVATE (setting)->secrets, func, user_data);
foreach_item_helper (setting, TRUE, func, user_data);
}
/**
@ -707,23 +806,13 @@ clear_secrets_with_flags (NMSetting *setting,
return changed;
}
static void
destroy_one_secret (gpointer data)
{
char *secret = (char *) data;
/* Don't leave the secret lying around in memory */
memset (secret, 0, strlen (secret));
g_free (secret);
}
static void
nm_setting_vpn_init (NMSettingVpn *setting)
{
NMSettingVpnPrivate *priv = NM_SETTING_VPN_GET_PRIVATE (setting);
priv->data = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, g_free);
priv->secrets = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, destroy_one_secret);
priv->secrets = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, (GDestroyNotify) nm_free_secret);
}
static void

8
libnm-core/nm-setting-vpn.h
View file

@ -90,6 +90,9 @@ gboolean nm_setting_vpn_remove_data_item (NMSettingVpn *setting,
void nm_setting_vpn_foreach_data_item (NMSettingVpn *setting,
NMVpnIterFunc func,
gpointer user_data);
NM_AVAILABLE_IN_1_12
const char ** nm_setting_vpn_get_data_keys (NMSettingVpn *setting,
guint *out_length);
guint32 nm_setting_vpn_get_num_secrets (NMSettingVpn *setting);
void nm_setting_vpn_add_secret (NMSettingVpn *setting,
@ -102,6 +105,11 @@ gboolean nm_setting_vpn_remove_secret (NMSettingVpn *setting,
void nm_setting_vpn_foreach_secret (NMSettingVpn *setting,
NMVpnIterFunc func,
gpointer user_data);
NM_AVAILABLE_IN_1_12
const char ** nm_setting_vpn_get_secret_keys (NMSettingVpn *setting,
guint *out_length);
NM_AVAILABLE_IN_1_2
guint32 nm_setting_vpn_get_timeout (NMSettingVpn *setting);

25
libnm-core/nm-setting.c
View file

@ -1800,21 +1800,19 @@ get_secret_flags (NMSetting *setting,
NMSettingSecretFlags *out_flags,
GError **error)
{
char *flags_prop;
gs_free char *name_to_free = NULL;
NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
if (verify_secret && !is_secret_prop (setting, secret_name, error)) {
if (out_flags)
*out_flags = NM_SETTING_SECRET_FLAG_NONE;
NM_SET_OUT (out_flags, NM_SETTING_SECRET_FLAG_NONE);
return FALSE;
}
flags_prop = g_strdup_printf ("%s-flags", secret_name);
g_object_get (G_OBJECT (setting), flags_prop, &flags, NULL);
g_free (flags_prop);
if (out_flags)
*out_flags = flags;
g_object_get (G_OBJECT (setting),
nm_construct_name_a ("%s-flags", secret_name, &name_to_free),
&flags,
NULL);
NM_SET_OUT (out_flags, flags);
return TRUE;
}
@ -1850,14 +1848,15 @@ set_secret_flags (NMSetting *setting,
NMSettingSecretFlags flags,
GError **error)
{
char *flags_prop;
gs_free char *name_to_free = NULL;
if (verify_secret)
g_return_val_if_fail (is_secret_prop (setting, secret_name, error), FALSE);
flags_prop = g_strdup_printf ("%s-flags", secret_name);
g_object_set (G_OBJECT (setting), flags_prop, flags, NULL);
g_free (flags_prop);
g_object_set (G_OBJECT (setting),
nm_construct_name_a ("%s-flags", secret_name, &name_to_free),
flags,
NULL);
return TRUE;
}

2
libnm/libnm.ver
View file

@ -1258,4 +1258,6 @@ global:
nm_setting_team_port_get_lacp_key;
nm_setting_team_remove_runner_tx_hash;
nm_setting_team_remove_runner_tx_hash_by_value;
nm_setting_vpn_get_data_keys;
nm_setting_vpn_get_secret_keys;
} libnm_1_10_0;

123
libnm/nm-vpn-plugin-old.c
View file

@ -33,6 +33,7 @@
#include "nm-dbus-helpers.h"
#include "nm-core-internal.h"
#include "nm-simple-connection.h"
#include "nm-vpn-service-plugin.h"
#include "introspection/org.freedesktop.NetworkManager.VPN.Plugin.h"
@ -683,20 +684,6 @@ nm_vpn_plugin_old_secrets_required (NMVpnPluginOld *plugin,
/*****************************************************************************/
#define DATA_KEY_TAG "DATA_KEY="
#define DATA_VAL_TAG "DATA_VAL="
#define SECRET_KEY_TAG "SECRET_KEY="
#define SECRET_VAL_TAG "SECRET_VAL="
static void
free_secret (gpointer data)
{
char *secret = data;
memset (secret, 0, strlen (secret));
g_free (secret);
}
/**
* nm_vpn_plugin_old_read_vpn_details:
* @fd: file descriptor to read from, usually stdin (0)
@ -717,87 +704,7 @@ nm_vpn_plugin_old_read_vpn_details (int fd,
GHashTable **out_data,
GHashTable **out_secrets)
{
GHashTable *data, *secrets;
gboolean success = FALSE;
char *key = NULL, *val = NULL;
GString *line;
gchar c;
if (out_data)
g_return_val_if_fail (*out_data == NULL, FALSE);
if (out_secrets)
g_return_val_if_fail (*out_secrets == NULL, FALSE);
data = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, g_free);
secrets = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, free_secret);
line = g_string_new (NULL);
/* Read stdin for data and secret items until we get a DONE */
while (1) {
ssize_t nr;
GHashTable *hash = NULL;
errno = 0;
nr = read (fd, &c, 1);
if (nr == -1) {
if (errno == EAGAIN) {
g_usleep (100);
continue;
}
break;
}
if (c != '\n') {
g_string_append_c (line, c);
continue;
}
/* Check for the finish marker */
if (strcmp (line->str, "DONE") == 0)
break;
/* Otherwise it's a data/secret item */
if (strncmp (line->str, DATA_KEY_TAG, strlen (DATA_KEY_TAG)) == 0) {
hash = data;
key = g_strdup (line->str + strlen (DATA_KEY_TAG));
} else if (strncmp (line->str, DATA_VAL_TAG, strlen (DATA_VAL_TAG)) == 0) {
hash = data;
val = g_strdup (line->str + strlen (DATA_VAL_TAG));
} else if (strncmp (line->str, SECRET_KEY_TAG, strlen (SECRET_KEY_TAG)) == 0) {
hash = secrets;
key = g_strdup (line->str + strlen (SECRET_KEY_TAG));
} else if (strncmp (line->str, SECRET_VAL_TAG, strlen (SECRET_VAL_TAG)) == 0) {
hash = secrets;
val = g_strdup (line->str + strlen (SECRET_VAL_TAG));
}
g_string_truncate (line, 0);
if (key && val && hash) {
g_hash_table_insert (hash, key, val);
key = NULL;
val = NULL;
success = TRUE; /* Got at least one value */
}
}
if (success) {
if (out_data)
*out_data = data;
else
g_hash_table_destroy (data);
if (out_secrets)
*out_secrets = secrets;
else
g_hash_table_destroy (secrets);
} else {
g_hash_table_destroy (data);
g_hash_table_destroy (secrets);
}
g_string_free (line, TRUE);
return success;
return nm_vpn_service_plugin_read_vpn_details (fd, out_data, out_secrets);
}
/**
@ -820,31 +727,7 @@ nm_vpn_plugin_old_get_secret_flags (GHashTable *data,
const char *secret_name,
NMSettingSecretFlags *out_flags)
{
char *flag_name;
const char *val;
unsigned long tmp;
gboolean success = FALSE;
g_return_val_if_fail (data != NULL, FALSE);
g_return_val_if_fail (secret_name != NULL, FALSE);
g_return_val_if_fail (out_flags != NULL, FALSE);
g_return_val_if_fail (*out_flags == NM_SETTING_SECRET_FLAG_NONE, FALSE);
flag_name = g_strdup_printf ("%s-flags", secret_name);
/* Try new flags value first */
val = g_hash_table_lookup (data, flag_name);
if (val) {
errno = 0;
tmp = strtoul (val, NULL, 10);
if (errno == 0 && tmp <= NM_SETTING_SECRET_FLAGS_ALL) {
*out_flags = (NMSettingSecretFlags) tmp;
success = TRUE;
}
}
g_free (flag_name);
return success;
return nm_vpn_service_plugin_get_secret_flags (data, secret_name, out_flags);
}
/*****************************************************************************/

74
libnm/nm-vpn-service-plugin.c
View file

@ -710,15 +710,6 @@ nm_vpn_service_plugin_secrets_required (NMVpnServicePlugin *plugin,
#define SECRET_KEY_TAG "SECRET_KEY="
#define SECRET_VAL_TAG "SECRET_VAL="
static void
free_secret (gpointer data)
{
char *secret = data;
memset (secret, 0, strlen (secret));
g_free (secret);
}
/**
* nm_vpn_service_plugin_read_vpn_details:
* @fd: file descriptor to read from, usually stdin (0)
@ -739,10 +730,11 @@ nm_vpn_service_plugin_read_vpn_details (int fd,
GHashTable **out_data,
GHashTable **out_secrets)
{
GHashTable *data, *secrets;
gs_unref_hashtable GHashTable *data = NULL;
gs_unref_hashtable GHashTable *secrets = NULL;
gboolean success = FALSE;
char *key = NULL, *val = NULL;
GString *line;
nm_auto_free_gstring GString *line = NULL;
gchar c;
if (out_data)
@ -751,7 +743,7 @@ nm_vpn_service_plugin_read_vpn_details (int fd,
g_return_val_if_fail (*out_secrets == NULL, FALSE);
data = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, g_free);
secrets = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, free_secret);
secrets = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, (GDestroyNotify) nm_free_secret);
line = g_string_new (NULL);
@ -804,21 +796,9 @@ nm_vpn_service_plugin_read_vpn_details (int fd,
}
if (success) {
if (out_data)
*out_data = data;
else
g_hash_table_destroy (data);
if (out_secrets)
*out_secrets = secrets;
else
g_hash_table_destroy (secrets);
} else {
g_hash_table_destroy (data);
g_hash_table_destroy (secrets);
NM_SET_OUT (out_data, g_steal_pointer (&data));
NM_SET_OUT (out_secrets, g_steal_pointer (&secrets));
}
g_string_free (line, TRUE);
return success;
}
@ -842,31 +822,29 @@ nm_vpn_service_plugin_get_secret_flags (GHashTable *data,
const char *secret_name,
NMSettingSecretFlags *out_flags)
{
char *flag_name;
const char *val;
unsigned long tmp;
gboolean success = FALSE;
gs_free char *flag_name_free = NULL;
const char *s;
gint64 t1;
NMSettingSecretFlags t0;
g_return_val_if_fail (data != NULL, FALSE);
g_return_val_if_fail (secret_name != NULL, FALSE);
g_return_val_if_fail (out_flags != NULL, FALSE);
g_return_val_if_fail (*out_flags == NM_SETTING_SECRET_FLAG_NONE, FALSE);
g_return_val_if_fail (data, FALSE);
g_return_val_if_fail (out_flags && *out_flags == NM_SETTING_SECRET_FLAG_NONE, FALSE);
if (!secret_name || !*secret_name)
g_return_val_if_reached (FALSE);
flag_name = g_strdup_printf ("%s-flags", secret_name);
/* Try new flags value first */
val = g_hash_table_lookup (data, flag_name);
if (val) {
errno = 0;
tmp = strtoul (val, NULL, 10);
if (errno == 0 && tmp <= NM_SETTING_SECRET_FLAGS_ALL) {
*out_flags = (NMSettingSecretFlags) tmp;
success = TRUE;
}
}
g_free (flag_name);
return success;
s = g_hash_table_lookup (data,
nm_construct_name_a ("%s-flags", secret_name, &flag_name_free));
if (!s)
return FALSE;
t1 = _nm_utils_ascii_str_to_int64 (s, 10, 0, G_MAXINT64, -1);
if (t1 == -1)
return FALSE;
t0 = (NMSettingSecretFlags) t1;
if ((gint64) t0 != t1)
return FALSE;
NM_SET_OUT (out_flags, t0);
return TRUE;
}
/*****************************************************************************/

88
shared/nm-utils/nm-compat.c Normal file
View file

@ -0,0 +1,88 @@
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
/* NetworkManager -- Network link manager
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA.
*
* (C) Copyright 2017 Red Hat, Inc.
*/
#include "nm-default.h"
#include "nm-compat.h"
/*****************************************************************************/
static void
_get_keys_cb (const char *key, const char *val, gpointer user_data)
{
GPtrArray *a = user_data;
g_ptr_array_add (a, g_strdup (key));
}
static const char **
_get_keys (NMSettingVpn *setting,
gboolean is_secrets,
guint *out_length)
{
guint len;
const char **keys = NULL;
gs_unref_ptrarray GPtrArray *a = NULL;
nm_assert (NM_IS_SETTING_VPN (setting));
a = g_ptr_array_new ();
if (is_secrets)
nm_setting_vpn_foreach_secret (setting, _get_keys_cb, a);
else
nm_setting_vpn_foreach_data_item (setting, _get_keys_cb, a);
len = a->len;
if (a->len) {
g_ptr_array_sort (a, nm_strcmp_p);
g_ptr_array_add (a, NULL);
keys = (const char **) g_ptr_array_free (g_steal_pointer (&a), FALSE);
/* we need to cache the keys *somewhere*. */
g_object_set_qdata_full (G_OBJECT (setting),
is_secrets
? NM_CACHED_QUARK ("libnm._nm_setting_vpn_get_secret_keys")
: NM_CACHED_QUARK ("libnm._nm_setting_vpn_get_data_keys"),
keys,
(GDestroyNotify) g_strfreev);
}
NM_SET_OUT (out_length, len);
return keys;
}
const char **
_nm_setting_vpn_get_data_keys (NMSettingVpn *setting,
guint *out_length)
{
g_return_val_if_fail (NM_IS_SETTING_VPN (setting), NULL);
return _get_keys (setting, FALSE, out_length);
}
const char **
_nm_setting_vpn_get_secret_keys (NMSettingVpn *setting,
guint *out_length)
{
g_return_val_if_fail (NM_IS_SETTING_VPN (setting), NULL);
return _get_keys (setting, TRUE, out_length);
}

53
shared/nm-utils/nm-compat.h Normal file
View file

@ -0,0 +1,53 @@
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
/* NetworkManager -- Network link manager
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA.
*
* (C) Copyright 2017 Red Hat, Inc.
*/
#ifndef __NM_COMPAT_H__
#define __NM_COMPAT_H__
#include "nm-setting-vpn.h"
const char **_nm_setting_vpn_get_data_keys (NMSettingVpn *setting,
guint *out_length);
const char **_nm_setting_vpn_get_secret_keys (NMSettingVpn *setting,
guint *out_length);
#if NM_CHECK_VERSION (1, 11, 0)
#define nm_setting_vpn_get_data_keys(setting, out_length) \
({ \
G_GNUC_BEGIN_IGNORE_DEPRECATIONS \
nm_setting_vpn_get_data_keys (setting, out_length); \
G_GNUC_END_IGNORE_DEPRECATIONS \
})
#define nm_setting_vpn_get_secret_keys(setting, out_length) \
({ \
G_GNUC_BEGIN_IGNORE_DEPRECATIONS \
nm_setting_vpn_get_secret_keys (setting, out_length); \
G_GNUC_END_IGNORE_DEPRECATIONS \
})
#else
#define nm_setting_vpn_get_data_keys(setting, out_length) \
_nm_setting_vpn_get_data_keys (setting, out_length)
#define nm_setting_vpn_get_secret_keys(setting, out_length) \
_nm_setting_vpn_get_secret_keys (setting, out_length)
#endif
#endif /* __NM_COMPAT_H__ */

22
shared/nm-utils/nm-macros-internal.h
View file

@ -1172,6 +1172,28 @@ nm_decode_version (guint version, guint *major, guint *minor, guint *micro)
_buf; \
})
/* aims to alloca() a buffer and fill it with printf(format, name).
* Note that format must not contain any format specifier except
* "%s".
* If the resulting string would be too large for stack allocation,
* it allocates a buffer with g_malloc() and assigns it to *p_val_to_free. */
#define nm_construct_name_a(format, name, p_val_to_free) \
({ \
const char *const _name = (name); \
char **const _p_val_to_free = (p_val_to_free); \
const gsize _name_len = strlen (_name); \
char *_buf2; \
\
nm_assert (_p_val_to_free && !*_p_val_to_free); \
if (NM_STRLEN (format) + _name_len < 200) \
_buf2 = nm_sprintf_bufa (NM_STRLEN (format) + _name_len, format, _name); \
else { \
_buf2 = g_strdup_printf (format, _name); \
*_p_val_to_free = _buf2; \
} \
(const char *) _buf2; \
})
/*****************************************************************************/
/**

8
src/platform/nmp-object.c
View file

@ -861,12 +861,6 @@ _vt_cmd_obj_cmp_lnk_vlan (const NMPObject *obj1, const NMPObject *obj2)
return c;
}
gboolean
nmp_object_equal (const NMPObject *obj1, const NMPObject *obj2)
{
return nmp_object_cmp (obj1, obj2) == 0;
}
/* @src is a const object, which is not entirely correct for link types, where
* we increase the ref count for src->_link.udev.device.
* Hence, nmp_object_copy() can violate the const promise of @src.
@ -1076,7 +1070,7 @@ nmp_object_id_hash (const NMPObject *obj)
NMHashState h;
if (!obj)
return 0;
return nm_hash_static (914932607u);
nm_hash_init (&h, 914932607u);
nmp_object_id_hash_update (obj, &h);

8
src/platform/nmp-object.h
View file

@ -471,7 +471,13 @@ const NMPObject *nmp_object_stackinit_id_ip6_address (NMPObject *obj, int ifinde
const char *nmp_object_to_string (const NMPObject *obj, NMPObjectToStringMode to_string_mode, char *buf, gsize buf_size);
void nmp_object_hash_update (const NMPObject *obj, NMHashState *h);
int nmp_object_cmp (const NMPObject *obj1, const NMPObject *obj2);
gboolean nmp_object_equal (const NMPObject *obj1, const NMPObject *obj2);
static inline gboolean
nmp_object_equal (const NMPObject *obj1, const NMPObject *obj2)
{
return nmp_object_cmp (obj1, obj2) == 0;
}
void nmp_object_copy (NMPObject *dst, const NMPObject *src, gboolean id_only);
NMPObject *nmp_object_clone (const NMPObject *obj, gboolean id_only);

2
src/settings/nm-agent-manager.c
View file

@ -1213,7 +1213,7 @@ nm_agent_manager_get_secrets (NMAgentManager *self,
GVariant *existing_secrets,
const char *setting_name,
NMSecretAgentGetSecretsFlags flags,
const char **hints,
const char *const*hints,
NMAgentSecretsResultFunc callback,
gpointer callback_data)
{

2
src/settings/nm-agent-manager.h
View file

@ -60,7 +60,7 @@ NMAgentManagerCallId nm_agent_manager_get_secrets (NMAgentManager *manager,
GVariant *existing_secrets,
const char *setting_name,
NMSecretAgentGetSecretsFlags flags,
const char **hints,
const char *const*hints,
NMAgentSecretsResultFunc callback,
gpointer callback_data);

2
src/settings/nm-settings-connection.c
View file

@ -1228,7 +1228,7 @@ nm_settings_connection_get_secrets (NMSettingsConnection *self,
NMAuthSubject *subject,
const char *setting_name,
NMSecretAgentGetSecretsFlags flags,
const char **hints,
const char *const*hints,
NMSettingsConnectionSecretsFunc callback,
gpointer callback_data)
{

2
src/settings/nm-settings-connection.h
View file

@ -167,7 +167,7 @@ NMSettingsConnectionCallId nm_settings_connection_get_secrets (NMSettingsConnect
NMAuthSubject *subject,
const char *setting_name,
NMSecretAgentGetSecretsFlags flags,
const char **hints,
const char *const*hints,
NMSettingsConnectionSecretsFunc callback,
gpointer callback_data);

32
src/vpn/nm-vpn-connection.c
View file

@ -185,13 +185,13 @@ static NMSettingsConnection *_get_settings_connection (NMVpnConnection *self,
static void get_secrets (NMVpnConnection *self,
SecretsReq secrets_idx,
const char **hints);
const char *const*hints);
static guint32 get_route_table (NMVpnConnection *self, int addr_family, gboolean fallback_main);
static void plugin_interactive_secrets_required (NMVpnConnection *self,
const char *message,
const char **secrets);
const char *const*secrets);
static void _set_vpn_state (NMVpnConnection *self,
VpnState vpn_state,
@ -2047,7 +2047,7 @@ state_changed_cb (GDBusProxy *proxy,
static void
secrets_required_cb (GDBusProxy *proxy,
const char *message,
const char **secrets,
const char *const*secrets,
gpointer user_data)
{
NMVpnConnection *self = NM_VPN_CONNECTION (user_data);
@ -2638,7 +2638,7 @@ get_secrets_cb (NMSettingsConnection *connection,
static void
get_secrets (NMVpnConnection *self,
SecretsReq secrets_idx,
const char **hints)
const char *const*hints)
{
NMVpnConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE (self);
NMSecretAgentGetSecretsFlags flags = NM_SECRET_AGENT_GET_SECRETS_FLAG_NONE;
@ -2683,12 +2683,13 @@ get_secrets (NMVpnConnection *self,
static void
plugin_interactive_secrets_required (NMVpnConnection *self,
const char *message,
const char **secrets)
const char *const*secrets)
{
NMVpnConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE (self);
guint32 secrets_len = secrets ? g_strv_length ((char **) secrets) : 0;
char **hints;
guint32 i;
const gsize secrets_len = NM_PTRARRAY_LEN (secrets);
gsize i;
gs_free const char **hints = NULL;
gs_free char *message_hint = NULL;
_LOGI ("VPN plugin: requested secrets; state %s (%d)",
vpn_state_to_string (priv->vpn_state), priv->vpn_state);
@ -2700,14 +2701,17 @@ plugin_interactive_secrets_required (NMVpnConnection *self,
_set_vpn_state (self, STATE_NEED_AUTH, NM_ACTIVE_CONNECTION_STATE_REASON_NONE, FALSE);
/* Copy hints and add message to the end */
hints = g_malloc0 (sizeof (char *) * (secrets_len + 2));
hints = g_new (const char *, secrets_len + 2);
for (i = 0; i < secrets_len; i++)
hints[i] = g_strdup (secrets[i]);
if (message)
hints[i] = g_strdup_printf ("x-vpn-message:%s", message);
hints[i] = secrets[i];
if (message) {
message_hint = g_strdup_printf ("x-vpn-message:%s", message);
hints[i++] = message_hint;
}
hints[i] = NULL;
nm_assert (i < secrets_len + 2);
get_secrets (self, SECRETS_REQ_INTERACTIVE, (const char **) hints);
g_strfreev (hints);
get_secrets (self, SECRETS_REQ_INTERACTIVE, hints);
}
/*****************************************************************************/