fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-05-01 20:48:06 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

settings: ensure not-saved or not-required VPN secrets don't propagate

Browse source 
We don't want these secrets in the NMSettingsConnection's internal
secrets cache since they shoulnd't ever be read off-disk, and they
should be discarded immedaitely after use.  Similarly, we want to
remove any of these secrets that do come through from a secrets
request that doesn't allow user-interaction, since not-saved secrets
aren't allowed there.
This commit is contained in:
Dan Williams 2011-02-10 18:45:13 -06:00
parent 67051f6445
commit e42e392418
1 changed files with 51 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
src/settings/nm-settings-connection.c
View file

@ -24,6 +24,7 @@
#include <NetworkManager.h>
#include <dbus/dbus-glib-lowlevel.h>
#include <nm-setting-connection.h>
#include <nm-setting-vpn.h>
#include <nm-utils.h>
#include "nm-settings-connection.h"
@ -163,9 +164,23 @@ only_system_secrets_cb (NMSetting *setting,
if (flags & NM_SETTING_PARAM_SECRET) {
NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE;
nm_setting_get_secret_flags (setting, key, &secret_flags, NULL);
if (secret_flags != NM_SETTING_SECRET_FLAG_NONE)
g_object_set (G_OBJECT (setting), key, NULL, NULL);
/* VPNs are special; need to handle each secret separately */
if (NM_IS_SETTING_VPN (setting) && !strcmp (key, NM_SETTING_VPN_SECRETS)) {
GHashTableIter iter;
const char *secret_name = NULL;
g_hash_table_iter_init (&iter, (GHashTable *) g_value_get_boxed (value));
while (g_hash_table_iter_next (&iter, (gpointer *) &secret_name, NULL)) {
if (nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL)) {
if (secret_flags != NM_SETTING_SECRET_FLAG_NONE)
nm_setting_vpn_remove_secret (NM_SETTING_VPN (setting), secret_name);
}
}
} else {
nm_setting_get_secret_flags (setting, key, &secret_flags, NULL);
if (secret_flags != NM_SETTING_SECRET_FLAG_NONE)
g_object_set (G_OBJECT (setting), key, NULL, NULL);
}
}
}
@ -360,6 +375,16 @@ clear_nonagent_secrets (GHashTableIter *iter,
return TRUE;
}
static gboolean
clear_unsaved_secrets (GHashTableIter *iter,
NMSettingSecretFlags flags,
gpointer user_data)
{
if (flags & (NM_SETTING_SECRET_FLAG_NOT_SAVED | NM_SETTING_SECRET_FLAG_NOT_REQUIRED))
g_hash_table_iter_remove (iter);
return TRUE;
}
static gboolean
has_system_owned_secrets (GHashTableIter *iter,
NMSettingSecretFlags flags,
@ -517,6 +542,12 @@ agent_secrets_done_cb (NMAgentManager *manager,
setting_name,
call_id);
/* If no user interaction was allowed, make sure that no "unsaved" secrets
* came back. Unsaved secrets by definition require user interaction.
*/
if (flags == 0) /* ie SECRETS_FLAG_NONE */
for_each_secret (NM_CONNECTION (self), secrets, clear_unsaved_secrets, NULL);
/* Update the connection with our existing secrets from backing storage */
nm_connection_clear_secrets (NM_CONNECTION (self));
hash = nm_connection_to_hash (priv->secrets, NM_SETTING_HASH_FLAG_ONLY_SECRETS);
@ -858,9 +889,23 @@ only_agent_secrets_cb (NMSetting *setting,
NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE;
/* Clear out system-owned or always-ask secrets */
nm_setting_get_secret_flags (setting, key, &secret_flags, NULL);
if (secret_flags != NM_SETTING_SECRET_FLAG_AGENT_OWNED)
g_object_set (G_OBJECT (setting), key, NULL, NULL);
if (NM_IS_SETTING_VPN (setting) && !strcmp (key, NM_SETTING_VPN_SECRETS)) {
GHashTableIter iter;
const char *secret_name = NULL;
/* VPNs are special; need to handle each secret separately */
g_hash_table_iter_init (&iter, (GHashTable *) g_value_get_boxed (value));
while (g_hash_table_iter_next (&iter, (gpointer *) &secret_name, NULL)) {
if (nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL)) {
if (secret_flags != NM_SETTING_SECRET_FLAG_AGENT_OWNED)
nm_setting_vpn_remove_secret (NM_SETTING_VPN (setting), secret_name);
}
}
} else {
nm_setting_get_secret_flags (setting, key, &secret_flags, NULL);
if (secret_flags != NM_SETTING_SECRET_FLAG_AGENT_OWNED)
g_object_set (G_OBJECT (setting), key, NULL, NULL);
}
}
}