From e2c6a0dd6afc9ac30107813a1e7786aa376c4f01 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Mon, 20 Nov 2017 21:16:02 +0100 Subject: settings: preserve agent-owned secrets on connection add Settings plugins now return the connection that was reread from file when adding a connection, which means that any agent-owned secret is lost. Ensure that we don't forget agent-owned secrets by caching them and readding them to the new connection returned by plugins. Fixes: 8a1d483ca867aa02a155bab934b19d74abac902c Fixes: b4594af55e0665917c48f0dd3cd56b49f2ea1f78 https://bugzilla.gnome.org/show_bug.cgi?id=789383 (cherry picked from commit 62141d59cb3f41081ecc2af1f716f78c3d2a89b5) (cherry picked from commit 0bd8b347258b05aee148a9337cab217fdb78ba03) --- src/settings/nm-settings.c | 51 +++++++++++++++++++++++++++++----------------- 1 file changed, 32 insertions(+), 19 deletions(-) diff --git a/src/settings/nm-settings.c b/src/settings/nm-settings.c index afd1b0849..40eb3413d 100644 --- a/src/settings/nm-settings.c +++ b/src/settings/nm-settings.c @@ -1178,6 +1178,25 @@ claim_connection (NMSettings *self, NMSettingsConnection *connection) } } +static gboolean +secrets_filter_cb (NMSetting *setting, + const char *secret, + NMSettingSecretFlags flags, + gpointer user_data) +{ + NMSettingSecretFlags filter_flags = GPOINTER_TO_UINT (user_data); + + /* Returns TRUE to remove the secret */ + + /* Can't use bitops with SECRET_FLAG_NONE so handle that specifically */ + if ( (flags == NM_SETTING_SECRET_FLAG_NONE) + && (filter_flags == NM_SETTING_SECRET_FLAG_NONE)) + return FALSE; + + /* Otherwise if the secret has at least one of the desired flags keep it */ + return (flags & filter_flags) ? FALSE : TRUE; +} + /** * nm_settings_add_connection: * @self: the #NMSettings object @@ -1228,9 +1247,22 @@ nm_settings_add_connection (NMSettings *self, for (iter = priv->plugins; iter; iter = g_slist_next (iter)) { NMSettingsPlugin *plugin = NM_SETTINGS_PLUGIN (iter->data); GError *add_error = NULL; + gs_unref_object NMConnection *simple = NULL; + gs_unref_variant GVariant *secrets = NULL; + + /* Make a copy of agent-owned secrets because they won't be present in + * the connection returned by plugins, as plugins return only what was + * reread from the file. */ + simple = nm_simple_connection_new_clone (connection); + nm_connection_clear_secrets_with_flags (simple, + secrets_filter_cb, + GUINT_TO_POINTER (NM_SETTING_SECRET_FLAG_AGENT_OWNED)); + secrets = nm_connection_to_dbus (simple, NM_CONNECTION_SERIALIZE_ONLY_SECRETS); added = nm_settings_plugin_add_connection (plugin, connection, save_to_disk, &add_error); if (added) { + if (secrets) + nm_connection_update_secrets (NM_CONNECTION (added), NULL, secrets, NULL); claim_connection (self, added); return added; } @@ -1246,25 +1278,6 @@ nm_settings_add_connection (NMSettings *self, return NULL; } -static gboolean -secrets_filter_cb (NMSetting *setting, - const char *secret, - NMSettingSecretFlags flags, - gpointer user_data) -{ - NMSettingSecretFlags filter_flags = GPOINTER_TO_UINT (user_data); - - /* Returns TRUE to remove the secret */ - - /* Can't use bitops with SECRET_FLAG_NONE so handle that specifically */ - if ( (flags == NM_SETTING_SECRET_FLAG_NONE) - && (filter_flags == NM_SETTING_SECRET_FLAG_NONE)) - return FALSE; - - /* Otherwise if the secret has at least one of the desired flags keep it */ - return (flags & filter_flags) ? FALSE : TRUE; -} - static void send_agent_owned_secrets (NMSettings *self, NMSettingsConnection *connection, -- cgit v1.2.3