libnm-core: add secret type for keyfile write callback

Introduce a new SECRET NMKeyfileWriteType so that clients can decide
by themselves how to persist (or not) secret properties.

3 files changed, 93 insertions, 1 deletions

diff --git a/libnm-core/nm-keyfile-internal.h b/libnm-core/nm-keyfile-internal.h
index 98df586596..ddf9667891 100644
--- a/libnm-core/nm-keyfile-internal.h
+++ b/libnm-core/nm-keyfile-internal.h
@@ -109,7 +109,8 @@ gboolean nm_keyfile_read_ensure_uuid (NMConnection *connection,
 /*****************************************************************************/
 
 typedef enum {
-	NM_KEYFILE_WRITE_TYPE_CERT              = 1,
+	NM_KEYFILE_WRITE_TYPE_SECRET            = 1,
+	NM_KEYFILE_WRITE_TYPE_CERT              = 2,
 } NMKeyfileWriteType;
 
 /**
@@ -143,6 +144,18 @@ typedef gboolean (*NMKeyfileWriteHandler) (NMConnection *connection,
                                            GError **error);
 
 /**
+ * NMKeyfileWriteTypeSecret:
+ *
+ * this struct is passed as @type_data for the @NMKeyfileWriteHandler of
+ * type %NM_KEYFILE_WRITE_TYPE_SECRET.
+ */
+typedef struct {
+	const char *setting_name;
+	const char *key;
+	NMSetting *setting;
+} NMKeyfileWriteTypeDataSecret;
+
+/**
  * NMKeyfileWriteTypeDataCert:
  *
  * this struct is passed as @type_data for the @NMKeyfileWriteHandler of
diff --git a/libnm-core/nm-keyfile.c b/libnm-core/nm-keyfile.c
index ad6089eeff..cd6433c5da 100644
--- a/libnm-core/nm-keyfile.c
+++ b/libnm-core/nm-keyfile.c
@@ -3018,6 +3018,25 @@ write_setting_value (NMSetting *setting,
 		return;
 	}
 
+	if (   (pspec->flags & NM_SETTING_PARAM_SECRET)
+	    && info->handler) {
+		NMKeyfileWriteTypeDataSecret data = {
+			.setting_name = setting_name,
+			.key = key,
+			.setting = setting,
+		};
+
+		if (info->handler (info->connection,
+		                   info->keyfile,
+		                   NM_KEYFILE_WRITE_TYPE_SECRET,
+		                   &data,
+		                   info->user_data,
+		                   &info->error))
+			return;
+		if (info->error)
+			return;
+	}
+
 	if (pip && pip->writer) {
 		pip->writer (info, setting, key, value);
 		return;
diff --git a/libnm-core/tests/test-keyfile.c b/libnm-core/tests/test-keyfile.c
index 9b9d1c0415..79dd2da925 100644
--- a/libnm-core/tests/test-keyfile.c
+++ b/libnm-core/tests/test-keyfile.c
@@ -742,6 +742,65 @@ test_vpn_1 (void)
 	CLEAR (&con, &keyfile);
 }
 
+static gboolean
+write_handler_secret (NMConnection *connection,
+                      GKeyFile *keyfile,
+                      NMKeyfileWriteType type,
+                      void *type_data,
+                      void *user_data,
+                      GError **error)
+{
+	if (type == NM_KEYFILE_WRITE_TYPE_SECRET) {
+		NMKeyfileWriteTypeDataSecret *data = type_data;
+		gs_free char *value = NULL;
+		const char *alias;
+
+		alias = nm_keyfile_plugin_get_alias_for_setting_name (data->setting_name);
+		g_object_get (G_OBJECT (data->setting), data->key, &value, NULL);
+		value = g_strdup_printf ("SECRET:%s", value);
+
+		g_key_file_set_string (keyfile,
+		                       alias ?: data->setting_name,
+		                       data->key,
+		                       value);
+		return TRUE;
+	}
+	return FALSE;
+}
+
+static void
+test_writer_secret (void)
+{
+	gs_unref_keyfile GKeyFile *keyfile = NULL;
+	gs_unref_object NMConnection *con = NULL;
+	gs_free_error GError *error = NULL;
+	gs_free char *value;
+
+	con = nmtst_create_connection_from_keyfile (
+	      "[connection]\n"
+	      "id=wifi1\n"
+	      "type=wifi\n"
+	      "interface-name=wlan0\n"
+
+	      "[wifi]\n"
+	      "mode=infrastructure\n"
+	      "ssid=abc\n"
+
+	      "[wifi-security]\n"
+	      "key-mgmt=wpa-psk\n"
+	      "psk=12341234\n",
+	      "/test_writer_secret/wifi1");
+	g_assert (con);
+
+	keyfile = nm_keyfile_write (con, write_handler_secret, NULL, &error);
+	nmtst_assert_success (keyfile, error);
+
+	value = g_key_file_get_string (keyfile, "wifi-security", "psk", &error);
+	nmtst_assert_success (value, error);
+
+	g_assert_cmpstr (value, ==, "SECRET:12341234");
+}
+
 /*****************************************************************************/
 
 NMTST_DEFINE ();
@@ -757,6 +816,7 @@ int main (int argc, char **argv)
 	g_test_add_func ("/core/keyfile/test_team_conf_read/invalid", test_team_conf_read_invalid);
 	g_test_add_func ("/core/keyfile/test_user/1", test_user_1);
 	g_test_add_func ("/core/keyfile/test_vpn/1", test_vpn_1);
+	g_test_add_func ("/core/keyfile/test_writer_secret/1", test_writer_secret);
 
 	return g_test_run ();
 }