diff options
| author | Beniamino Galvani <bgalvani@redhat.com> | 2017-11-20 21:16:02 +0100 |
|---|---|---|
| committer | Beniamino Galvani <bgalvani@redhat.com> | 2017-11-21 13:27:59 +0100 |
| commit | 62141d59cb3f41081ecc2af1f716f78c3d2a89b5 (patch) | |
| tree | ccf677646bedd19dea8a32b935f9482565e1abc1 | |
| parent | 9a631a068e21fc193d81f1c421a0350c8aab52a6 (diff) | |
| download | NetworkManager-62141d59cb3f41081ecc2af1f716f78c3d2a89b5.tar.gz | |
settings: preserve agent-owned secrets on connection add
Settings plugins now return the connection that was reread from file
when adding a connection, which means that any agent-owned secret is
lost. Ensure that we don't forget agent-owned secrets by caching them
and readding them to the new connection returned by plugins.
Fixes: 8a1d483ca867aa02a155bab934b19d74abac902c
Fixes: b4594af55e0665917c48f0dd3cd56b49f2ea1f78
https://bugzilla.gnome.org/show_bug.cgi?id=789383
| -rw-r--r-- | src/settings/nm-settings.c | 51 |
1 files changed, 32 insertions, 19 deletions
diff --git a/src/settings/nm-settings.c b/src/settings/nm-settings.c index e2b467a24c..4eeee31554 100644 --- a/src/settings/nm-settings.c +++ b/src/settings/nm-settings.c @@ -1037,6 +1037,25 @@ claim_connection (NMSettings *self, NMSettingsConnection *connection) } } +static gboolean +secrets_filter_cb (NMSetting *setting, + const char *secret, + NMSettingSecretFlags flags, + gpointer user_data) +{ + NMSettingSecretFlags filter_flags = GPOINTER_TO_UINT (user_data); + + /* Returns TRUE to remove the secret */ + + /* Can't use bitops with SECRET_FLAG_NONE so handle that specifically */ + if ( (flags == NM_SETTING_SECRET_FLAG_NONE) + && (filter_flags == NM_SETTING_SECRET_FLAG_NONE)) + return FALSE; + + /* Otherwise if the secret has at least one of the desired flags keep it */ + return (flags & filter_flags) ? FALSE : TRUE; +} + /** * nm_settings_add_connection: * @self: the #NMSettings object @@ -1087,9 +1106,22 @@ nm_settings_add_connection (NMSettings *self, for (iter = priv->plugins; iter; iter = g_slist_next (iter)) { NMSettingsPlugin *plugin = NM_SETTINGS_PLUGIN (iter->data); GError *add_error = NULL; + gs_unref_object NMConnection *simple = NULL; + gs_unref_variant GVariant *secrets = NULL; + + /* Make a copy of agent-owned secrets because they won't be present in + * the connection returned by plugins, as plugins return only what was + * reread from the file. */ + simple = nm_simple_connection_new_clone (connection); + nm_connection_clear_secrets_with_flags (simple, + secrets_filter_cb, + GUINT_TO_POINTER (NM_SETTING_SECRET_FLAG_AGENT_OWNED)); + secrets = nm_connection_to_dbus (simple, NM_CONNECTION_SERIALIZE_ONLY_SECRETS); added = nm_settings_plugin_add_connection (plugin, connection, save_to_disk, &add_error); if (added) { + if (secrets) + nm_connection_update_secrets (NM_CONNECTION (added), NULL, secrets, NULL); claim_connection (self, added); return added; } @@ -1105,25 +1137,6 @@ nm_settings_add_connection (NMSettings *self, return NULL; } -static gboolean -secrets_filter_cb (NMSetting *setting, - const char *secret, - NMSettingSecretFlags flags, - gpointer user_data) -{ - NMSettingSecretFlags filter_flags = GPOINTER_TO_UINT (user_data); - - /* Returns TRUE to remove the secret */ - - /* Can't use bitops with SECRET_FLAG_NONE so handle that specifically */ - if ( (flags == NM_SETTING_SECRET_FLAG_NONE) - && (filter_flags == NM_SETTING_SECRET_FLAG_NONE)) - return FALSE; - - /* Otherwise if the secret has at least one of the desired flags keep it */ - return (flags & filter_flags) ? FALSE : TRUE; -} - static void send_agent_owned_secrets (NMSettings *self, NMSettingsConnection *connection, |