security: don't save CA cert ignore if editing is canceleddcbw/ca-cert-ignore-save-load

Previously the code would update GSettings whenever the button was
toggled, which meant the value would be saved even if the user
canceled editing of the connection.  Fix this.

Unfortunately, since only the upper-level code knows when the
editing has been canceled, the upper-level code has to handle
reading the initial values, and saving the new ones.  But that's
easy to do.

5 files changed, 132 insertions, 56 deletions

diff --git a/src/connection-editor/nm-connection-editor.c b/src/connection-editor/nm-connection-editor.c
index 377b3763..c2f6c524 100644
--- a/src/connection-editor/nm-connection-editor.c
+++ b/src/connection-editor/nm-connection-editor.c
@@ -76,6 +76,7 @@
 #include "page-vlan.h"
 #include "ce-polkit-button.h"
 #include "vpn-helpers.h"
+#include "eap-method.h"
 
 G_DEFINE_TYPE (NMConnectionEditor, nm_connection_editor, G_TYPE_OBJECT)
 
@@ -773,6 +774,9 @@ nm_connection_editor_set_connection (NMConnectionEditor *editor,
 	editor->orig_connection = g_object_ref (orig_connection);
 	nm_connection_editor_update_title (editor);
 
+	/* Handle CA cert ignore stuff */
+	eap_method_ca_cert_ignore_load (editor->connection);
+
 	s_con = nm_connection_get_setting_connection (editor->connection);
 	g_assert (s_con);
 
@@ -980,6 +984,9 @@ ok_button_clicked_save_connection (NMConnectionEditor *self)
 
 	nm_connection_editor_set_busy (self, TRUE);
 
+	/* Save new CA cert ignore values to GSettings */
+	eap_method_ca_cert_ignore_save (self->connection);
+
 	if (self->is_new_connection) {
 		nm_remote_settings_add_connection (self->settings,
 		                                   self->orig_connection,
diff --git a/src/ethernet-dialog.c b/src/ethernet-dialog.c
index 17799350..26d0053b 100644
--- a/src/ethernet-dialog.c
+++ b/src/ethernet-dialog.c
@@ -33,6 +33,7 @@
 #include "ethernet-dialog.h"
 #include "wireless-security.h"
 #include "applet-dialogs.h"
+#include "eap-method.h"
 
 static void
 stuff_changed_cb (WirelessSecurity *sec, gpointer user_data)
@@ -105,6 +106,9 @@ nma_ethernet_dialog_new (NMConnection *connection)
 	gtk_window_set_icon_name (GTK_WINDOW (dialog), "dialog-password");
 	dialog_set_network_name (connection, GTK_ENTRY (gtk_builder_get_object (builder, "network_name_entry")));
 
+	/* Handle CA cert ignore stuff */
+	eap_method_ca_cert_ignore_load (connection);
+
 	security = dialog_set_security (connection, builder, GTK_BOX (gtk_builder_get_object (builder, "security_vbox")));
 	wireless_security_set_changed_notify (security, stuff_changed_cb, GTK_WIDGET (gtk_builder_get_object (builder, "ok_button")));
 	g_object_set_data_full (G_OBJECT (dialog),
@@ -155,6 +159,9 @@ nma_ethernet_dialog_get_connection (GtkWidget *dialog)
 	s_8021x = nm_connection_get_setting (tmp_connection, NM_TYPE_SETTING_802_1X);
 	nm_connection_add_setting (connection, NM_SETTING (g_object_ref (s_8021x)));
 
+	/* Save new CA cert ignore values to GSettings */
+	eap_method_ca_cert_ignore_save (tmp_connection);
+
 	g_object_unref (tmp_connection);
 
 	return connection;
diff --git a/src/libnm-gtk/nm-wifi-dialog.c b/src/libnm-gtk/nm-wifi-dialog.c
index bcd5cb79..7d075498 100644
--- a/src/libnm-gtk/nm-wifi-dialog.c
+++ b/src/libnm-gtk/nm-wifi-dialog.c
@@ -38,6 +38,7 @@
 #include "nm-wifi-dialog.h"
 #include "wireless-security.h"
 #include "nm-ui-utils.h"
+#include "eap-method.h"
 
 G_DEFINE_TYPE (NMAWifiDialog, nma_wifi_dialog, GTK_TYPE_DIALOG)
 
@@ -1221,6 +1222,9 @@ nma_wifi_dialog_get_connection (NMAWifiDialog *self,
 		wireless_security_unref (sec);
 	}
 
+	/* Save new CA cert ignore values to GSettings */
+	eap_method_ca_cert_ignore_save (connection);
+
 	/* Fill device */
 	if (device) {
 		combo = GTK_WIDGET (gtk_builder_get_object (priv->builder, "device_combo"));
@@ -1270,6 +1274,9 @@ nma_wifi_dialog_new (NMClient *client,
 		priv->sec_combo = GTK_WIDGET (gtk_builder_get_object (priv->builder, "security_combo"));
 		priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL);
 
+		/* Handle CA cert ignore stuff */
+		eap_method_ca_cert_ignore_load (connection);
+
 		if (!internal_init (self, connection, device, secrets_only, FALSE)) {
 			g_warning ("Couldn't create Wi-Fi security dialog.");
 			gtk_widget_destroy (GTK_WIDGET (self));
diff --git a/src/wireless-security/eap-method.c b/src/wireless-security/eap-method.c
index 5184b46b..4354fd8f 100644
--- a/src/wireless-security/eap-method.c
+++ b/src/wireless-security/eap-method.c
@@ -98,51 +98,6 @@ eap_method_update_secrets (EAPMethod *method, NMConnection *connection)
 		method->update_secrets (method, connection);
 }
 
-static GSettings *
-_get_ca_ignore_settings (const char *uuid)
-{
-	GSettings *settings;
-	char *path = NULL;
-
-	path = g_strdup_printf ("/org/gnome/nm-applet/eap/%s", uuid);
-	settings = g_settings_new_with_path ("org.gnome.nm-applet.eap", path);
-	g_free (path);
-
-	return settings;
-}
-
-static void
-_set_ignore_ca_cert (const char *uuid, gboolean phase2, gboolean ignore)
-{
-	GSettings *settings;
-	const char *key;
-
-	g_return_if_fail (uuid != NULL);
-
-	settings = _get_ca_ignore_settings (uuid);
-	key = phase2 ? "ignore-phase2-ca-cert" : "ignore-ca-cert";
-	g_settings_set_boolean (settings, key, ignore);
-	g_object_unref (settings);
-}
-
-static gboolean
-_get_ignore_ca_cert (const char *uuid, gboolean phase2)
-{
-	GSettings *settings;
-	const char *key;
-	gboolean ignore = FALSE;
-
-	g_return_val_if_fail (uuid != NULL, FALSE);
-
-	settings = _get_ca_ignore_settings (uuid);
-
-	key = phase2 ? "ignore-phase2-ca-cert" : "ignore-ca-cert";
-	ignore = g_settings_get_boolean (settings, key);
-
-	g_object_unref (settings);
-	return ignore;
-}
-
 void
 eap_method_phase2_update_secrets_helper (EAPMethod *method,
                                          NMConnection *connection,
@@ -572,6 +527,24 @@ eap_method_ca_cert_not_required_toggled (GtkBuilder *builder, const char *id_ca_
 	g_object_set_data_full (G_OBJECT (widget), "filename-old", filename_old, g_free);
 }
 
+/* Used as both GSettings keys and GObject data tags */
+#define IGNORE_CA_CERT_TAG "ignore-ca-cert"
+#define IGNORE_PHASE2_CA_CERT_TAG "ignore-phase2-ca-cert"
+
+/**
+ * eap_method_ca_cert_ignore_set:
+ * @method: the #EAPMethod object
+ * @connection: the #NMConnection
+ * @filename: the certificate file, if any
+ * @ca_cert_error: %TRUE if an error was encountered loading the given CA
+ * certificate, %FALSE if not or if a CA certificate is not present
+ * @id_ca_cert_is_not_required_checkbox: the #GtkWidget object name of the
+ * "CA certificate not required" checkbox
+ *
+ * Updates the connection's CA cert ignore value to %TRUE if the "CA certificate
+ * not required" checkbox is checked.  If @ca_cert_error is %TRUE, then the
+ * connection's CA cert ignore value will always be set to %TRUE.
+ */
 void
 eap_method_ca_cert_ignore_set (EAPMethod *method,
                                NMConnection *connection,
@@ -580,29 +553,107 @@ eap_method_ca_cert_ignore_set (EAPMethod *method,
                                const char *id_ca_cert_is_not_required_checkbox)
 {
 	GtkWidget *widget;
+	NMSetting8021x *s_8021x;
+	gboolean ignore;
 
 	/* We don't really need the checkbox value here. Just assert that it is set as expected. */
 	widget = GTK_WIDGET (gtk_builder_get_object (method->builder, id_ca_cert_is_not_required_checkbox));
 	g_assert (widget && (ca_cert_error || !filename == gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))));
 
-	_set_ignore_ca_cert (nm_connection_get_uuid (connection),
-	                     method->phase2,
-	                     !ca_cert_error && filename==NULL);
+	s_8021x = nm_connection_get_setting_802_1x (connection);
+	if (s_8021x) {
+		ignore = !ca_cert_error && filename == NULL;
+		g_object_set_data (G_OBJECT (s_8021x),
+		                   method->phase2 ? IGNORE_PHASE2_CA_CERT_TAG : IGNORE_CA_CERT_TAG,
+		                   GUINT_TO_POINTER (ignore));
+	}
 }
 
+/**
+ * eap_method_ca_cert_ignore_get:
+ * @method: the #EAPMethod object
+ * @connection: the #NMConnection
+ *
+ * Returns: %TRUE if a missing CA certificate can be ignored, %FALSE if a CA
+ * certificate should be required for the connection to be valid.
+ */
 gboolean
 eap_method_ca_cert_ignore_get (EAPMethod *method, NMConnection *connection)
 {
-	NMSettingConnection *s_con;
-	const char *uuid;
+	NMSetting8021x *s_8021x;
 
-	s_con = nm_connection_get_setting_connection (connection);
-	g_assert (s_con);
-	uuid = nm_setting_connection_get_uuid (s_con);
-	g_assert (uuid);
+	s_8021x = nm_connection_get_setting_802_1x (connection);
+	if (s_8021x) {
+		return !!g_object_get_data (G_OBJECT (s_8021x),
+		                            method->phase2 ? IGNORE_PHASE2_CA_CERT_TAG : IGNORE_CA_CERT_TAG);
+	}
+	return FALSE;
+}
 
-	/* Figure out if the user wants to ignore missing CA cert */
-	return _get_ignore_ca_cert (uuid, method->phase2);
+static GSettings *
+_get_ca_ignore_settings (NMConnection *connection)
+{
+	GSettings *settings;
+	char *path = NULL;
+
+	path = g_strdup_printf ("/org/gnome/nm-applet/eap/%s", nm_connection_get_uuid (connection));
+	settings = g_settings_new_with_path ("org.gnome.nm-applet.eap", path);
+	g_free (path);
+
+	return settings;
 }
 
+/**
+ * eap_method_ca_cert_ignore_save:
+ * @connection: the connection for which to save CA cert ignore values to GSettings
+ *
+ * Reads the CA cert ignore tags from the 802.1x setting GObject data and saves
+ * then to GSettings if present, using the connection UUID as the index.
+ */
+void
+eap_method_ca_cert_ignore_save (NMConnection *connection)
+{
+	NMSetting8021x *s_8021x = nm_connection_get_setting_802_1x (connection);
+	GSettings *settings;
+	gboolean ignore = FALSE, phase2_ignore = FALSE;
+
+	if (s_8021x) {
+		ignore = !!g_object_get_data (G_OBJECT (s_8021x), IGNORE_CA_CERT_TAG);
+		phase2_ignore = !!g_object_get_data (G_OBJECT (s_8021x), IGNORE_PHASE2_CA_CERT_TAG);
+	}
+
+	settings = _get_ca_ignore_settings (connection);
+	g_settings_set_boolean (settings, IGNORE_CA_CERT_TAG, ignore);
+	g_settings_set_boolean (settings, IGNORE_PHASE2_CA_CERT_TAG, phase2_ignore);
+	g_object_unref (settings);
+}
+
+/**
+ * eap_method_ca_cert_ignore_save:
+ * @connection: the connection for which to save CA cert ignore values to GSettings
+ *
+ * Reads the CA cert ignore tags from the 802.1x setting GObject data and saves
+ * then to GSettings if present, using the connection UUID as the index.
+ */
+void
+eap_method_ca_cert_ignore_load (NMConnection *connection)
+{
+	NMSetting8021x *s_8021x = nm_connection_get_setting_802_1x (connection);
+	GSettings *settings;
+
+	if (s_8021x) {
+		settings = _get_ca_ignore_settings (connection);
+		if (g_settings_get_boolean (settings, IGNORE_CA_CERT_TAG)) {
+			g_object_set_data (G_OBJECT (s_8021x),
+			                   IGNORE_CA_CERT_TAG,
+			                   GUINT_TO_POINTER (TRUE));
+		}
+		if (g_settings_get_boolean (settings, IGNORE_PHASE2_CA_CERT_TAG)) {
+			g_object_set_data (G_OBJECT (s_8021x),
+			                   IGNORE_PHASE2_CA_CERT_TAG,
+			                   GUINT_TO_POINTER (TRUE));
+		}
+		g_object_unref (settings);
+	}
+}
 
diff --git a/src/wireless-security/eap-method.h b/src/wireless-security/eap-method.h
index 626a3d73..b45e9d08 100644
--- a/src/wireless-security/eap-method.h
+++ b/src/wireless-security/eap-method.h
@@ -120,6 +120,7 @@ gboolean eap_method_ca_cert_required (GtkBuilder *builder,
 void eap_method_ca_cert_not_required_toggled (GtkBuilder *builder,
                                               const char *id_ca_cert_is_not_required_checkbox,
                                               const char *id_ca_cert_chooser);
+
 void eap_method_ca_cert_ignore_set (EAPMethod *method,
                                     NMConnection *connection,
                                     const char *filename,
@@ -127,5 +128,8 @@ void eap_method_ca_cert_ignore_set (EAPMethod *method,
                                     const char *id_ca_cert_is_not_required_checkbox);
 gboolean eap_method_ca_cert_ignore_get (EAPMethod *method, NMConnection *connection);
 
+void eap_method_ca_cert_ignore_save (NMConnection *connection);
+void eap_method_ca_cert_ignore_load (NMConnection *connection);
+
 #endif /* EAP_METHOD_H */