From 725f5c83303a192ccf008b963e21592cf8f9fc90 Mon Sep 17 00:00:00 2001
From: Dan Williams <dcbw@redhat.com>
Date: Thu, 20 Feb 2014 15:10:36 -0600
Subject: [PATCH] NetworkAgent: fix initial secrets requests after 17726abb

While the named commit was correct for VPN connections, it didn't
work correctly for the initial secrets requests like when connecting
to a new access point.  In that case, secrets *should* be requested
when none are found, but only if interaction is enabled.  The
bits of 17726abb which removed checking secrets against the hints
*were* correct, but 17726abb removed too much.

Also, to ensure passwords don't get inadvertently cleared when
simply reading them from the keyring, don't save passwords
unless something might have changed.

https://bugzilla.gnome.org/show_bug.cgi?id=724779
---
 src/shell-network-agent.c | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/src/shell-network-agent.c b/src/shell-network-agent.c
index 8d2b9b2..c6f4b79 100644
--- a/src/shell-network-agent.c
+++ b/src/shell-network-agent.c
@@ -252,14 +252,15 @@ get_secrets_keyring_cb (GObject            *source,
   ShellNetworkAgent *self;
   ShellNetworkAgentPrivate *priv;
   GError *secret_error = NULL;
   GError *error = NULL;
   GList *items;
   GList *l;
   GHashTable *outer;
+  gboolean secrets_found = FALSE;
 
   items = secret_service_search_finish (NULL, result, &secret_error);
 
   if (g_error_matches (secret_error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
     {
       g_error_free (secret_error);
       return;
@@ -308,30 +309,36 @@ get_secrets_keyring_cb (GObject            *source,
                   g_value_set_string (secret_value, secret_value_get (secret, NULL));
 
                   g_hash_table_insert (closure->entries, secret_name, secret_value);
                 }
               else
                 g_hash_table_insert (closure->vpn_entries, secret_name, g_strdup (secret_value_get (secret, NULL)));
 
+              secrets_found = TRUE;
+
               g_hash_table_unref (attributes);
               secret_value_unref (secret);
               break;
             }
         }
 
       g_hash_table_unref (attributes);
       secret_value_unref (secret);
     }
 
   g_list_free_full (items, g_object_unref);
 
   /* All VPN requests get sent to the VPN's auth dialog, since it knows better
-   * than the agent do about what secrets are required.
+   * than the agent about what secrets are required.  Otherwise, if no secrets
+   * were found and interaction is allowed the ask for some secrets, because
+   * NetworkManager will fail the connection if not secrets are returned
+   * instead of asking again with REQUEST_NEW.
    */
-  if (closure->is_vpn)
+  if (closure->is_vpn ||
+      (!secrets_found && (closure->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION)))
     {
       nm_connection_update_secrets (closure->connection, closure->setting_name, closure->entries, NULL);
 
       request_secrets_from_ui (closure);
       return;
     }
 
@@ -459,15 +466,14 @@ shell_network_agent_set_password (ShellNetworkAgent *self,
 void
 shell_network_agent_respond (ShellNetworkAgent         *self,
                              gchar                     *request_id,
                              ShellNetworkAgentResponse  response)
 {
   ShellNetworkAgentPrivate *priv;
   ShellAgentRequest *request;
-  NMConnection *dup;
   GHashTable *outer;
 
   g_return_if_fail (SHELL_IS_NETWORK_AGENT (self));
 
   priv = self->priv;
   request = g_hash_table_lookup (priv->requests, request_id);
   g_return_if_fail (request != NULL);
@@ -494,27 +500,31 @@ shell_network_agent_respond (ShellNetworkAgent         *self,
       g_error_free (error);
       g_hash_table_remove (priv->requests, request_id);
       return;
     }
 
   /* response == SHELL_NETWORK_AGENT_CONFIRMED */
 
-  /* Save updated secrets */
-  dup = nm_connection_duplicate (request->connection);
+  /* Save any updated secrets */
+  if ((request->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION) ||
+      (request->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW))
+    {
+      NMConnection *dup = nm_connection_duplicate (request->connection);
 
-  nm_connection_update_secrets (dup, request->setting_name, request->entries, NULL);
-  nm_secret_agent_save_secrets (NM_SECRET_AGENT (self), dup, NULL, NULL);
+      nm_connection_update_secrets (dup, request->setting_name, request->entries, NULL);
+      nm_secret_agent_save_secrets (NM_SECRET_AGENT (self), dup, NULL, NULL);
+      g_object_unref (dup);
+    }
 
   outer = g_hash_table_new (g_str_hash, g_str_equal);
   g_hash_table_insert (outer, request->setting_name, request->entries);
 
   request->callback (NM_SECRET_AGENT (self), request->connection, outer, NULL, request->callback_data);
 
   g_hash_table_destroy (outer);
-  g_object_unref (dup);
   g_hash_table_remove (priv->requests, request_id);
 }
 
 static void
 shell_network_agent_cancel_get_secrets (NMSecretAgent *agent,
                                         const gchar   *connection_path,
                                         const gchar   *setting_name)
-- 
1.8.5.3