diff options
author | Beniamino Galvani <bgalvani@redhat.com> | 2018-11-26 17:38:53 +0100 |
---|---|---|
committer | Beniamino Galvani <bgalvani@redhat.com> | 2018-11-29 15:28:56 +0100 |
commit | f15b837de6c0fb1ade951597678a0659b7723ec7 (patch) | |
tree | c90a52183f22c5435af3cd82e4e61d62d5582193 | |
parent | 26b1da98af09d72392f9d3387f62e38c0f3a05a1 (diff) | |
download | NetworkManager-f15b837de6c0fb1ade951597678a0659b7723ec7.tar.gz |
libnm-core: add secret type for keyfile write callback
Introduce a new SECRET NMKeyfileWriteType so that clients can decide
by themselves how to persist (or not) secret properties.
-rw-r--r-- | libnm-core/nm-keyfile-internal.h | 15 | ||||
-rw-r--r-- | libnm-core/nm-keyfile.c | 19 | ||||
-rw-r--r-- | libnm-core/tests/test-keyfile.c | 60 |
3 files changed, 93 insertions, 1 deletions
diff --git a/libnm-core/nm-keyfile-internal.h b/libnm-core/nm-keyfile-internal.h index 98df586596..ddf9667891 100644 --- a/libnm-core/nm-keyfile-internal.h +++ b/libnm-core/nm-keyfile-internal.h @@ -109,7 +109,8 @@ gboolean nm_keyfile_read_ensure_uuid (NMConnection *connection, /*****************************************************************************/ typedef enum { - NM_KEYFILE_WRITE_TYPE_CERT = 1, + NM_KEYFILE_WRITE_TYPE_SECRET = 1, + NM_KEYFILE_WRITE_TYPE_CERT = 2, } NMKeyfileWriteType; /** @@ -143,6 +144,18 @@ typedef gboolean (*NMKeyfileWriteHandler) (NMConnection *connection, GError **error); /** + * NMKeyfileWriteTypeSecret: + * + * this struct is passed as @type_data for the @NMKeyfileWriteHandler of + * type %NM_KEYFILE_WRITE_TYPE_SECRET. + */ +typedef struct { + const char *setting_name; + const char *key; + NMSetting *setting; +} NMKeyfileWriteTypeDataSecret; + +/** * NMKeyfileWriteTypeDataCert: * * this struct is passed as @type_data for the @NMKeyfileWriteHandler of diff --git a/libnm-core/nm-keyfile.c b/libnm-core/nm-keyfile.c index ad6089eeff..cd6433c5da 100644 --- a/libnm-core/nm-keyfile.c +++ b/libnm-core/nm-keyfile.c @@ -3018,6 +3018,25 @@ write_setting_value (NMSetting *setting, return; } + if ( (pspec->flags & NM_SETTING_PARAM_SECRET) + && info->handler) { + NMKeyfileWriteTypeDataSecret data = { + .setting_name = setting_name, + .key = key, + .setting = setting, + }; + + if (info->handler (info->connection, + info->keyfile, + NM_KEYFILE_WRITE_TYPE_SECRET, + &data, + info->user_data, + &info->error)) + return; + if (info->error) + return; + } + if (pip && pip->writer) { pip->writer (info, setting, key, value); return; diff --git a/libnm-core/tests/test-keyfile.c b/libnm-core/tests/test-keyfile.c index 9b9d1c0415..79dd2da925 100644 --- a/libnm-core/tests/test-keyfile.c +++ b/libnm-core/tests/test-keyfile.c @@ -742,6 +742,65 @@ test_vpn_1 (void) CLEAR (&con, &keyfile); } +static gboolean +write_handler_secret (NMConnection *connection, + GKeyFile *keyfile, + NMKeyfileWriteType type, + void *type_data, + void *user_data, + GError **error) +{ + if (type == NM_KEYFILE_WRITE_TYPE_SECRET) { + NMKeyfileWriteTypeDataSecret *data = type_data; + gs_free char *value = NULL; + const char *alias; + + alias = nm_keyfile_plugin_get_alias_for_setting_name (data->setting_name); + g_object_get (G_OBJECT (data->setting), data->key, &value, NULL); + value = g_strdup_printf ("SECRET:%s", value); + + g_key_file_set_string (keyfile, + alias ?: data->setting_name, + data->key, + value); + return TRUE; + } + return FALSE; +} + +static void +test_writer_secret (void) +{ + gs_unref_keyfile GKeyFile *keyfile = NULL; + gs_unref_object NMConnection *con = NULL; + gs_free_error GError *error = NULL; + gs_free char *value; + + con = nmtst_create_connection_from_keyfile ( + "[connection]\n" + "id=wifi1\n" + "type=wifi\n" + "interface-name=wlan0\n" + + "[wifi]\n" + "mode=infrastructure\n" + "ssid=abc\n" + + "[wifi-security]\n" + "key-mgmt=wpa-psk\n" + "psk=12341234\n", + "/test_writer_secret/wifi1"); + g_assert (con); + + keyfile = nm_keyfile_write (con, write_handler_secret, NULL, &error); + nmtst_assert_success (keyfile, error); + + value = g_key_file_get_string (keyfile, "wifi-security", "psk", &error); + nmtst_assert_success (value, error); + + g_assert_cmpstr (value, ==, "SECRET:12341234"); +} + /*****************************************************************************/ NMTST_DEFINE (); @@ -757,6 +816,7 @@ int main (int argc, char **argv) g_test_add_func ("/core/keyfile/test_team_conf_read/invalid", test_team_conf_read_invalid); g_test_add_func ("/core/keyfile/test_user/1", test_user_1); g_test_add_func ("/core/keyfile/test_vpn/1", test_vpn_1); + g_test_add_func ("/core/keyfile/test_writer_secret/1", test_writer_secret); return g_test_run (); } |