diff options
author | Andrew Zaborowski <andrew.zaborowski@intel.com> | 2021-04-07 23:47:10 +0200 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2021-04-19 18:11:10 +0200 |
commit | 60dcb83b584a8bc4451d5c3cd45cc03f7a49f966 (patch) | |
tree | 4dacb6d36e964bef364b03e9c907332960252395 | |
parent | ee583adecfe1b7afc5546cfa2867f32e6bc17194 (diff) | |
download | NetworkManager-60dcb83b584a8bc4451d5c3cd45cc03f7a49f966.tar.gz |
iwd: Only save system-owned secrets to IWD config
Avoid saving agent-owned secrets when converting settings connections
to IWD config files and avoid reacting to NMSettingsConnection updates
that don't seem to touch any non-secret or system-owned-secret settings.
-rw-r--r-- | src/core/devices/wifi/nm-iwd-manager.c | 8 | ||||
-rw-r--r-- | src/core/devices/wifi/nm-wifi-utils.c | 11 |
2 files changed, 11 insertions, 8 deletions
diff --git a/src/core/devices/wifi/nm-iwd-manager.c b/src/core/devices/wifi/nm-iwd-manager.c index 1c4b211f41..109ea50caa 100644 --- a/src/core/devices/wifi/nm-iwd-manager.c +++ b/src/core/devices/wifi/nm-iwd-manager.c @@ -452,10 +452,10 @@ sett_conn_changed(NMSettingsConnection * sett_conn, nm_assert(sett_conn == data->mirror_connection); - if (update_reason - & (NM_SETTINGS_CONNECTION_UPDATE_REASON_CLEAR_SYSTEM_SECRETS - | NM_SETTINGS_CONNECTION_UPDATE_REASON_RESET_SYSTEM_SECRETS - | NM_SETTINGS_CONNECTION_UPDATE_REASON_BLOCK_AUTOCONNECT)) + if (!NM_FLAGS_ANY(update_reason, + NM_SETTINGS_CONNECTION_UPDATE_REASON_UPDATE_NON_SECRET + | NM_SETTINGS_CONNECTION_UPDATE_REASON_CLEAR_SYSTEM_SECRETS + | NM_SETTINGS_CONNECTION_UPDATE_REASON_RESET_SYSTEM_SECRETS)) return; /* If this is a generated connection it may be ourselves updating it */ diff --git a/src/core/devices/wifi/nm-wifi-utils.c b/src/core/devices/wifi/nm-wifi-utils.c index 2af1ab767c..8576c8dff7 100644 --- a/src/core/devices/wifi/nm-wifi-utils.c +++ b/src/core/devices/wifi/nm-wifi-utils.c @@ -996,6 +996,9 @@ nm_wifi_utils_get_iwd_config_filename(const char * ssid, /*****************************************************************************/ +#define SECRETS_DONT_STORE_FLAGS \ + (NM_SETTING_SECRET_FLAG_AGENT_OWNED | NM_SETTING_SECRET_FLAG_NOT_SAVED) + static gboolean psk_setting_to_iwd_config(GKeyFile *file, NMSettingWirelessSecurity *s_wsec, GError **error) { @@ -1005,13 +1008,13 @@ psk_setting_to_iwd_config(GKeyFile *file, NMSettingWirelessSecurity *s_wsec, GEr guint8 buffer[32]; const char * key_mgmt = nm_setting_wireless_security_get_key_mgmt(s_wsec); - if (!psk || (psk_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED)) { + if (!psk || NM_FLAGS_ANY(psk_flags, SECRETS_DONT_STORE_FLAGS)) { g_key_file_set_comment(file, "Security", NULL, "The passphrase is to be queried through the agent", NULL); - if (psk_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED) { + if (NM_FLAGS_ANY(psk_flags, SECRETS_DONT_STORE_FLAGS)) { nm_log_info( LOGD_WIFI, "IWD network config is being created wihout the PSK but IWD will save the PSK on " @@ -1184,7 +1187,7 @@ eap_certs_to_iwd_config(GKeyFile * file, : nm_setting_802_1x_get_private_key_password(s_8021x); key_password_flags = phase2 ? nm_setting_802_1x_get_phase2_private_key_password_flags(s_8021x) : nm_setting_802_1x_get_private_key_password_flags(s_8021x); - if (!key_password || (key_password_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED)) { + if (!key_password || NM_FLAGS_ANY(key_password_flags, SECRETS_DONT_STORE_FLAGS)) { g_key_file_set_comment( file, "Security", @@ -1320,7 +1323,7 @@ eap_optional_password_to_iwd_config(GKeyFile * file, "the \"password\" property"); return FALSE; } - if (!password || (flags & NM_SETTING_SECRET_FLAG_NOT_SAVED)) { + if (!password || NM_FLAGS_ANY(flags, SECRETS_DONT_STORE_FLAGS)) { return g_key_file_set_comment(file, "Security", nm_sprintf_buf(setting_buf, "%s%s", iwd_prefix, "Method"), |