diff options
| author | Lubomir Rintel <lkundrak@v3.sk> | 2016-07-19 14:41:40 +0200 |
|---|---|---|
| committer | Lubomir Rintel <lkundrak@v3.sk> | 2016-07-19 16:14:51 +0200 |
| commit | 9b96bfaa722f3cccf0df3a3bca6e8f227643f94f (patch) | |
| tree | 83a7766e82a2f144fcf72f56f29ee456f805f996 /libnm-core | |
| parent | 4500968587aace26d4d7d43a082149fb54474f35 (diff) | |
| download | NetworkManager-9b96bfaa722f3cccf0df3a3bca6e8f227643f94f.tar.gz | |
setting-vpn: whatever is in vpn.secrets always is a secrets
Even when there's no <secret>-flags key for it in vpn-data.
This is essentially to fix regression in the way openconnect uses the VPN
secrets:
Openconnect auth helper is essentially a web browser that fills in an arbitrary
HTML (or XML) form that's used to get the session cookie. The actual secret the
service needs is the cookie itself.
However, what needs to be remembered includes the form data. What data can be
in the form is installation dependent and can not be known in advance. Thus the
flags for it can't be currently set in the connection. The auth helper is not
capable of setting the flags either, because it can only return secrets.
Prior to 1424f249e we treated vpn.secrets without the flags as system secrets
and store them in the connection. Since that commit we just filter them away,
which broke user configurations.
This restores the behavior or treating everyting in vpn.secrets as secrets and
falling back to system secrets.
Another way would be to find a way to flag the secrets, perhaps by
extending the auth helper protocol to be able to store non-secret
properties too.
https://bugzilla.gnome.org/show_bug.cgi?id=768737
Diffstat (limited to 'libnm-core')
| -rw-r--r-- | libnm-core/nm-setting-vpn.c | 20 |
1 files changed, 6 insertions, 14 deletions
diff --git a/libnm-core/nm-setting-vpn.c b/libnm-core/nm-setting-vpn.c index c9a1e20b61..aa4ddc3a42 100644 --- a/libnm-core/nm-setting-vpn.c +++ b/libnm-core/nm-setting-vpn.c @@ -566,8 +566,7 @@ get_secret_flags (NMSetting *setting, GError **error) { NMSettingVpnPrivate *priv = NM_SETTING_VPN_GET_PRIVATE (setting); - gboolean success = FALSE; - char *flags_key; + gs_free char *flags_key = NULL; gpointer val; unsigned long tmp; NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; @@ -576,28 +575,21 @@ get_secret_flags (NMSetting *setting, if (g_hash_table_lookup_extended (priv->data, flags_key, NULL, &val)) { errno = 0; tmp = strtoul ((const char *) val, NULL, 10); - if ((errno == 0) && (tmp <= NM_SETTING_SECRET_FLAGS_ALL)) { - flags = (NMSettingSecretFlags) tmp; - success = TRUE; - } else { + if ((errno != 0) || (tmp > NM_SETTING_SECRET_FLAGS_ALL)) { g_set_error (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY, _("failed to convert value '%s' to uint"), (const char *) val); g_prefix_error (error, "%s.%s: ", NM_SETTING_VPN_SETTING_NAME, flags_key); + return FALSE; } - } else { - g_set_error_literal (error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_MISSING_PROPERTY, - _("secret flags property not found")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_VPN_SETTING_NAME, flags_key); + flags = (NMSettingSecretFlags) tmp; } - g_free (flags_key); + if (out_flags) *out_flags = flags; - return success; + return TRUE; } static gboolean |