From 725f5c83303a192ccf008b963e21592cf8f9fc90 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Thu, 20 Feb 2014 15:10:36 -0600 Subject: [PATCH] NetworkAgent: fix initial secrets requests after 17726abb While the named commit was correct for VPN connections, it didn't work correctly for the initial secrets requests like when connecting to a new access point. In that case, secrets *should* be requested when none are found, but only if interaction is enabled. The bits of 17726abb which removed checking secrets against the hints *were* correct, but 17726abb removed too much. Also, to ensure passwords don't get inadvertently cleared when simply reading them from the keyring, don't save passwords unless something might have changed. https://bugzilla.gnome.org/show_bug.cgi?id=724779 --- src/shell-network-agent.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/src/shell-network-agent.c b/src/shell-network-agent.c index 8d2b9b2..c6f4b79 100644 --- a/src/shell-network-agent.c +++ b/src/shell-network-agent.c @@ -252,14 +252,15 @@ get_secrets_keyring_cb (GObject *source, ShellNetworkAgent *self; ShellNetworkAgentPrivate *priv; GError *secret_error = NULL; GError *error = NULL; GList *items; GList *l; GHashTable *outer; + gboolean secrets_found = FALSE; items = secret_service_search_finish (NULL, result, &secret_error); if (g_error_matches (secret_error, G_IO_ERROR, G_IO_ERROR_CANCELLED)) { g_error_free (secret_error); return; @@ -308,30 +309,36 @@ get_secrets_keyring_cb (GObject *source, g_value_set_string (secret_value, secret_value_get (secret, NULL)); g_hash_table_insert (closure->entries, secret_name, secret_value); } else g_hash_table_insert (closure->vpn_entries, secret_name, g_strdup (secret_value_get (secret, NULL))); + secrets_found = TRUE; + g_hash_table_unref (attributes); secret_value_unref (secret); break; } } g_hash_table_unref (attributes); secret_value_unref (secret); } g_list_free_full (items, g_object_unref); /* All VPN requests get sent to the VPN's auth dialog, since it knows better - * than the agent do about what secrets are required. + * than the agent about what secrets are required. Otherwise, if no secrets + * were found and interaction is allowed the ask for some secrets, because + * NetworkManager will fail the connection if not secrets are returned + * instead of asking again with REQUEST_NEW. */ - if (closure->is_vpn) + if (closure->is_vpn || + (!secrets_found && (closure->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION))) { nm_connection_update_secrets (closure->connection, closure->setting_name, closure->entries, NULL); request_secrets_from_ui (closure); return; } @@ -459,15 +466,14 @@ shell_network_agent_set_password (ShellNetworkAgent *self, void shell_network_agent_respond (ShellNetworkAgent *self, gchar *request_id, ShellNetworkAgentResponse response) { ShellNetworkAgentPrivate *priv; ShellAgentRequest *request; - NMConnection *dup; GHashTable *outer; g_return_if_fail (SHELL_IS_NETWORK_AGENT (self)); priv = self->priv; request = g_hash_table_lookup (priv->requests, request_id); g_return_if_fail (request != NULL); @@ -494,27 +500,31 @@ shell_network_agent_respond (ShellNetworkAgent *self, g_error_free (error); g_hash_table_remove (priv->requests, request_id); return; } /* response == SHELL_NETWORK_AGENT_CONFIRMED */ - /* Save updated secrets */ - dup = nm_connection_duplicate (request->connection); + /* Save any updated secrets */ + if ((request->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION) || + (request->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW)) + { + NMConnection *dup = nm_connection_duplicate (request->connection); - nm_connection_update_secrets (dup, request->setting_name, request->entries, NULL); - nm_secret_agent_save_secrets (NM_SECRET_AGENT (self), dup, NULL, NULL); + nm_connection_update_secrets (dup, request->setting_name, request->entries, NULL); + nm_secret_agent_save_secrets (NM_SECRET_AGENT (self), dup, NULL, NULL); + g_object_unref (dup); + } outer = g_hash_table_new (g_str_hash, g_str_equal); g_hash_table_insert (outer, request->setting_name, request->entries); request->callback (NM_SECRET_AGENT (self), request->connection, outer, NULL, request->callback_data); g_hash_table_destroy (outer); - g_object_unref (dup); g_hash_table_remove (priv->requests, request_id); } static void shell_network_agent_cancel_get_secrets (NMSecretAgent *agent, const gchar *connection_path, const gchar *setting_name) -- 1.8.5.3