138 lines
5.1 KiB
Diff
138 lines
5.1 KiB
Diff
|
From 725f5c83303a192ccf008b963e21592cf8f9fc90 Mon Sep 17 00:00:00 2001
|
||
|
From: Dan Williams <dcbw@redhat.com>
|
||
|
Date: Thu, 20 Feb 2014 15:10:36 -0600
|
||
|
Subject: [PATCH] NetworkAgent: fix initial secrets requests after 17726abb
|
||
|
|
||
|
While the named commit was correct for VPN connections, it didn't
|
||
|
work correctly for the initial secrets requests like when connecting
|
||
|
to a new access point. In that case, secrets *should* be requested
|
||
|
when none are found, but only if interaction is enabled. The
|
||
|
bits of 17726abb which removed checking secrets against the hints
|
||
|
*were* correct, but 17726abb removed too much.
|
||
|
|
||
|
Also, to ensure passwords don't get inadvertently cleared when
|
||
|
simply reading them from the keyring, don't save passwords
|
||
|
unless something might have changed.
|
||
|
|
||
|
https://bugzilla.gnome.org/show_bug.cgi?id=724779
|
||
|
---
|
||
|
src/shell-network-agent.c | 26 ++++++++++++++++++--------
|
||
|
1 file changed, 18 insertions(+), 8 deletions(-)
|
||
|
|
||
|
diff --git a/src/shell-network-agent.c b/src/shell-network-agent.c
|
||
|
index 8d2b9b2..c6f4b79 100644
|
||
|
--- a/src/shell-network-agent.c
|
||
|
+++ b/src/shell-network-agent.c
|
||
|
@@ -252,14 +252,15 @@ get_secrets_keyring_cb (GObject *source,
|
||
|
ShellNetworkAgent *self;
|
||
|
ShellNetworkAgentPrivate *priv;
|
||
|
GError *secret_error = NULL;
|
||
|
GError *error = NULL;
|
||
|
GList *items;
|
||
|
GList *l;
|
||
|
GHashTable *outer;
|
||
|
+ gboolean secrets_found = FALSE;
|
||
|
|
||
|
items = secret_service_search_finish (NULL, result, &secret_error);
|
||
|
|
||
|
if (g_error_matches (secret_error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
|
||
|
{
|
||
|
g_error_free (secret_error);
|
||
|
return;
|
||
|
@@ -308,30 +309,36 @@ get_secrets_keyring_cb (GObject *source,
|
||
|
g_value_set_string (secret_value, secret_value_get (secret, NULL));
|
||
|
|
||
|
g_hash_table_insert (closure->entries, secret_name, secret_value);
|
||
|
}
|
||
|
else
|
||
|
g_hash_table_insert (closure->vpn_entries, secret_name, g_strdup (secret_value_get (secret, NULL)));
|
||
|
|
||
|
+ secrets_found = TRUE;
|
||
|
+
|
||
|
g_hash_table_unref (attributes);
|
||
|
secret_value_unref (secret);
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
g_hash_table_unref (attributes);
|
||
|
secret_value_unref (secret);
|
||
|
}
|
||
|
|
||
|
g_list_free_full (items, g_object_unref);
|
||
|
|
||
|
/* All VPN requests get sent to the VPN's auth dialog, since it knows better
|
||
|
- * than the agent do about what secrets are required.
|
||
|
+ * than the agent about what secrets are required. Otherwise, if no secrets
|
||
|
+ * were found and interaction is allowed the ask for some secrets, because
|
||
|
+ * NetworkManager will fail the connection if not secrets are returned
|
||
|
+ * instead of asking again with REQUEST_NEW.
|
||
|
*/
|
||
|
- if (closure->is_vpn)
|
||
|
+ if (closure->is_vpn ||
|
||
|
+ (!secrets_found && (closure->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION)))
|
||
|
{
|
||
|
nm_connection_update_secrets (closure->connection, closure->setting_name, closure->entries, NULL);
|
||
|
|
||
|
request_secrets_from_ui (closure);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
@@ -459,15 +466,14 @@ shell_network_agent_set_password (ShellNetworkAgent *self,
|
||
|
void
|
||
|
shell_network_agent_respond (ShellNetworkAgent *self,
|
||
|
gchar *request_id,
|
||
|
ShellNetworkAgentResponse response)
|
||
|
{
|
||
|
ShellNetworkAgentPrivate *priv;
|
||
|
ShellAgentRequest *request;
|
||
|
- NMConnection *dup;
|
||
|
GHashTable *outer;
|
||
|
|
||
|
g_return_if_fail (SHELL_IS_NETWORK_AGENT (self));
|
||
|
|
||
|
priv = self->priv;
|
||
|
request = g_hash_table_lookup (priv->requests, request_id);
|
||
|
g_return_if_fail (request != NULL);
|
||
|
@@ -494,27 +500,31 @@ shell_network_agent_respond (ShellNetworkAgent *self,
|
||
|
g_error_free (error);
|
||
|
g_hash_table_remove (priv->requests, request_id);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
/* response == SHELL_NETWORK_AGENT_CONFIRMED */
|
||
|
|
||
|
- /* Save updated secrets */
|
||
|
- dup = nm_connection_duplicate (request->connection);
|
||
|
+ /* Save any updated secrets */
|
||
|
+ if ((request->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION) ||
|
||
|
+ (request->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW))
|
||
|
+ {
|
||
|
+ NMConnection *dup = nm_connection_duplicate (request->connection);
|
||
|
|
||
|
- nm_connection_update_secrets (dup, request->setting_name, request->entries, NULL);
|
||
|
- nm_secret_agent_save_secrets (NM_SECRET_AGENT (self), dup, NULL, NULL);
|
||
|
+ nm_connection_update_secrets (dup, request->setting_name, request->entries, NULL);
|
||
|
+ nm_secret_agent_save_secrets (NM_SECRET_AGENT (self), dup, NULL, NULL);
|
||
|
+ g_object_unref (dup);
|
||
|
+ }
|
||
|
|
||
|
outer = g_hash_table_new (g_str_hash, g_str_equal);
|
||
|
g_hash_table_insert (outer, request->setting_name, request->entries);
|
||
|
|
||
|
request->callback (NM_SECRET_AGENT (self), request->connection, outer, NULL, request->callback_data);
|
||
|
|
||
|
g_hash_table_destroy (outer);
|
||
|
- g_object_unref (dup);
|
||
|
g_hash_table_remove (priv->requests, request_id);
|
||
|
}
|
||
|
|
||
|
static void
|
||
|
shell_network_agent_cancel_get_secrets (NMSecretAgent *agent,
|
||
|
const gchar *connection_path,
|
||
|
const gchar *setting_name)
|
||
|
--
|
||
|
1.8.5.3
|
||
|
|
||
|
|