settings: Drop nm_settings_connection_clear_secrets

All usages of nm_settings_connection_clear_secrets() outside of the
NMSettingsConnection implementation were setting the
clear_cached_system_secrets parameter to FALSE which meant that the
operation was a no-op since the system-secrets cache kept a copy of the
secrets being cleared and any access to the SettingsConnection through
the D-Bus API or the class methods would behave the same as without the
call, with the exception of directly reading the settings from the
result of nm_settings_connection_get_connection().  The calls would
still generate D-Bus and gobject signals however, which were redundant.

Drop the method and its calls from the rest of NM code as not needed and
potentially confusing.  The comments preceding these calls implied that
they were needed so that the next activation attempt would be forced to
use nm_settings_connection_get_secrets() but this was the case probably
only before the applied connection concept was introduced.

Also drop two nm_active_connection_clear_secrets() uses in
NMVpnConnection, right before the teardown of the active connection,
that could only possibly have any effect if they affected the
NMSettingsConnection, but as mentioned earlier the
nm_settings_connection_clear_secrets() use inside
nm_active_connection_clear_secrets() didn't do anything and is now
removed.

The one internal use of nm_active_connection_clear_secrets() in the
D-Bus ClearSecrets() implementation is inlined.

src/core/nm-active-connection.c

@@ -516,11 +516,6 @@ nm_active_connection_clear_secrets(NMActiveConnection *self)
 
     priv = NM_ACTIVE_CONNECTION_GET_PRIVATE(self);
 
-    if (nm_settings_connection_has_unmodified_applied_connection(priv->settings_connection.obj,
-                                                                 priv->applied_connection,
-                                                                 NM_SETTING_COMPARE_FLAG_NONE)) {
-        nm_settings_connection_clear_secrets(priv->settings_connection.obj, FALSE, FALSE);
-    }
     nm_connection_clear_secrets(priv->applied_connection);
 }
 

src/core/nm-policy.c

@@ -2003,19 +2003,12 @@ device_state_changed(NMDevice *          device,
                           nm_settings_connection_get_id(sett_conn));
                 }
             }
-
-            nm_settings_connection_clear_secrets(sett_conn, FALSE, FALSE);
         }
         break;
     case NM_DEVICE_STATE_ACTIVATED:
         if (sett_conn) {
             /* Reset auto retries back to default since connection was successful */
             nm_settings_connection_autoconnect_retries_reset(sett_conn);
-
-            /* And clear secrets so they will always be requested from the
-             * settings service when the next connection is made.
-             */
-            nm_settings_connection_clear_secrets(sett_conn, FALSE, FALSE);
         }
 
         /* Add device's new IPv4 and IPv6 configs to DNS */

src/core/settings/nm-settings-connection.c

@@ -477,39 +477,6 @@ update_agent_secrets_cache(NMSettingsConnection *self, NMConnection *new)
     }
 }
 
-void
-nm_settings_connection_clear_secrets(NMSettingsConnection *self,
-                                     gboolean              clear_cached_system_secrets,
-                                     gboolean              persist)
-{
-    gs_unref_object NMConnection *connection_cloned = NULL;
-
-    if (!nm_settings_connection_still_valid(self))
-        return;
-
-    /* FIXME: add API to NMConnection so that we can clone a profile without secrets. */
-
-    connection_cloned = nm_simple_connection_new_clone(nm_settings_connection_get_connection(self));
-
-    nm_connection_clear_secrets(connection_cloned);
-
-    if (!nm_settings_connection_update(
-            self,
-            connection_cloned,
-            persist ? NM_SETTINGS_CONNECTION_PERSIST_MODE_KEEP
-                    : NM_SETTINGS_CONNECTION_PERSIST_MODE_NO_PERSIST,
-            NM_SETTINGS_CONNECTION_INT_FLAGS_NONE,
-            NM_SETTINGS_CONNECTION_INT_FLAGS_NONE,
-            NM_SETTINGS_CONNECTION_UPDATE_REASON_IGNORE_PERSIST_FAILURE
-                | (clear_cached_system_secrets
-                       ? NM_SETTINGS_CONNECTION_UPDATE_REASON_CLEAR_SYSTEM_SECRETS
-                       : NM_SETTINGS_CONNECTION_UPDATE_REASON_NONE)
-                | NM_SETTINGS_CONNECTION_UPDATE_REASON_CLEAR_AGENT_SECRETS,
-            "clear-secrets",
-            NULL))
-        nm_assert_not_reached();
-}
-
 static gboolean
 _secrets_update(NMConnection * connection,
                 const char *   setting_name,
@@ -1938,8 +1905,9 @@ dbus_clear_secrets_auth_cb(NMSettingsConnection * self,
                            GError *               error,
                            gpointer               user_data)
 {
-    NMSettingsConnectionPrivate *priv = NM_SETTINGS_CONNECTION_GET_PRIVATE(self);
-    gs_free_error GError *local       = NULL;
+    NMSettingsConnectionPrivate *priv               = NM_SETTINGS_CONNECTION_GET_PRIVATE(self);
+    gs_free_error GError *local                     = NULL;
+    gs_unref_object NMConnection *connection_cloned = NULL;
 
     if (error) {
         g_dbus_method_invocation_return_gerror(context, error);
@@ -1952,7 +1920,24 @@ dbus_clear_secrets_auth_cb(NMSettingsConnection * self,
         return;
     }
 
-    nm_settings_connection_clear_secrets(self, TRUE, TRUE);
+    /* FIXME: add API to NMConnection so that we can clone a profile without secrets. */
+
+    connection_cloned = nm_simple_connection_new_clone(nm_settings_connection_get_connection(self));
+
+    nm_connection_clear_secrets(connection_cloned);
+
+    if (!nm_settings_connection_update(
+            self,
+            connection_cloned,
+            NM_SETTINGS_CONNECTION_PERSIST_MODE_KEEP,
+            NM_SETTINGS_CONNECTION_INT_FLAGS_NONE,
+            NM_SETTINGS_CONNECTION_INT_FLAGS_NONE,
+            NM_SETTINGS_CONNECTION_UPDATE_REASON_IGNORE_PERSIST_FAILURE
+                | NM_SETTINGS_CONNECTION_UPDATE_REASON_CLEAR_SYSTEM_SECRETS
+                | NM_SETTINGS_CONNECTION_UPDATE_REASON_CLEAR_AGENT_SECRETS,
+            "clear-secrets",
+            NULL))
+        nm_assert_not_reached();
 
     /* Tell agents to remove secrets for this connection */
     nm_agent_manager_delete_secrets(priv->agent_mgr,

src/core/settings/nm-settings-connection.h

@@ -277,10 +277,6 @@ nm_settings_connection_get_secrets(NMSettingsConnection *          self,
 void nm_settings_connection_cancel_secrets(NMSettingsConnection *      self,
                                            NMSettingsConnectionCallId *call_id);
 
-void nm_settings_connection_clear_secrets(NMSettingsConnection *self,
-                                          gboolean              clear_cached_system_secrets,
-                                          gboolean              persist);
-
 gboolean nm_settings_connection_check_visibility(NMSettingsConnection *self,
                                                  NMSessionMonitor *    session_monitor);
 

src/core/vpn/nm-vpn-connection.c

@@ -399,11 +399,6 @@ vpn_cleanup(NMVpnConnection *self, NMDevice *parent_dev)
 
     g_free(priv->bus_name);
     priv->bus_name = NULL;
-
-    /* Clear out connection secrets to ensure that the settings service
-     * gets asked for them next time the connection is activated.
-     */
-    nm_active_connection_clear_secrets(NM_ACTIVE_CONNECTION(self));
 }
 
 static void
@@ -965,11 +960,6 @@ plugin_state_changed(NMVpnConnection *self, NMVpnServiceState new_service_state)
     priv->service_state = new_service_state;
 
     if (new_service_state == NM_VPN_SERVICE_STATE_STOPPED) {
-        /* Clear connection secrets to ensure secrets get requested each time the
-         * connection is activated.
-         */
-        nm_active_connection_clear_secrets(NM_ACTIVE_CONNECTION(self));
-
         if ((priv->vpn_state >= STATE_WAITING) && (priv->vpn_state <= STATE_ACTIVATED)) {
             VpnState old_state = priv->vpn_state;