Imported Upstream version 0.8.998upstream/0.8.998

8 files changed, 248 insertions, 132 deletions

diff --git a/src/vpn-manager/Makefile.in b/src/vpn-manager/Makefile.in
index 46aebbb24..8903d70ed 100644
--- a/src/vpn-manager/Makefile.in
+++ b/src/vpn-manager/Makefile.in
@@ -38,11 +38,16 @@ subdir = src/vpn-manager
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/compiler_warnings.m4 \
-	$(top_srcdir)/m4/gtk-doc.m4 $(top_srcdir)/m4/intltool.m4 \
-	$(top_srcdir)/m4/libnl-check.m4 $(top_srcdir)/m4/libtool.m4 \
-	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
-	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
-	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gtk-doc.m4 \
+	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
+	$(top_srcdir)/m4/intltool.m4 $(top_srcdir)/m4/introspection.m4 \
+	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libnl-check.m4 \
+	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+	$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \
+	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 mkinstalldirs = $(install_sh) -d
@@ -65,7 +70,7 @@ AM_V_lt = $(am__v_lt_$(V))
 am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY))
 am__v_lt_0 = --silent
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
 am__depfiles_maybe = depfiles
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
@@ -96,7 +101,6 @@ ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
-ACLOCAL_AMFLAGS = @ACLOCAL_AMFLAGS@
 ALL_LINGUAS = @ALL_LINGUAS@
 AMTAR = @AMTAR@
 AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
@@ -105,8 +109,6 @@ AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
 AUTOMAKE = @AUTOMAKE@
 AWK = @AWK@
-CATALOGS = @CATALOGS@
-CATOBJEXT = @CATOBJEXT@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
@@ -123,6 +125,7 @@ DHCLIENT_PATH = @DHCLIENT_PATH@
 DHCLIENT_VERSION = @DHCLIENT_VERSION@
 DHCPCD_PATH = @DHCPCD_PATH@
 DISABLE_DEPRECATED = @DISABLE_DEPRECATED@
+DLLTOOL = @DLLTOOL@
 DSYMUTIL = @DSYMUTIL@
 DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
@@ -131,6 +134,7 @@ ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GETTEXT_PACKAGE = @GETTEXT_PACKAGE@
 GIO_CFLAGS = @GIO_CFLAGS@
 GIO_LIBS = @GIO_LIBS@
@@ -139,8 +143,8 @@ GLIB_GENMARSHAL = @GLIB_GENMARSHAL@
 GLIB_LIBS = @GLIB_LIBS@
 GMODULE_CFLAGS = @GMODULE_CFLAGS@
 GMODULE_LIBS = @GMODULE_LIBS@
-GMOFILES = @GMOFILES@
 GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
 GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
 GNUTLS_LIBS = @GNUTLS_LIBS@
 GREP = @GREP@
@@ -155,13 +159,23 @@ INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-INSTOBJEXT = @INSTOBJEXT@
 INTLLIBS = @INTLLIBS@
 INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@
 INTLTOOL_MERGE = @INTLTOOL_MERGE@
 INTLTOOL_PERL = @INTLTOOL_PERL@
 INTLTOOL_UPDATE = @INTLTOOL_UPDATE@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@
+INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@
+INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@
+INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@
+INTROSPECTION_LIBS = @INTROSPECTION_LIBS@
+INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@
+INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@
+INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@
 IPTABLES_PATH = @IPTABLES_PATH@
+IWMX_SDK_CFLAGS = @IWMX_SDK_CFLAGS@
+IWMX_SDK_LIBS = @IWMX_SDK_LIBS@
 KERNEL_FIRMWARE_DIR = @KERNEL_FIRMWARE_DIR@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
@@ -169,6 +183,8 @@ LIBDL = @LIBDL@
 LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
 LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
 LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
 LIBM = @LIBM@
 LIBNL_CFLAGS = @LIBNL_CFLAGS@
 LIBNL_LIBS = @LIBNL_LIBS@
@@ -177,13 +193,15 @@ LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
 LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
-MKINSTALLDIRS = @MKINSTALLDIRS@
 MSGFMT = @MSGFMT@
-MSGFMT_OPTS = @MSGFMT_OPTS@
+MSGFMT_015 = @MSGFMT_015@
 MSGMERGE = @MSGMERGE@
 NM = @NM@
 NMEDIT = @NMEDIT@
@@ -209,12 +227,9 @@ PKGCONFIG_PATH = @PKGCONFIG_PATH@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POFILES = @POFILES@
 POLKIT_CFLAGS = @POLKIT_CFLAGS@
 POLKIT_LIBS = @POLKIT_LIBS@
 POSUB = @POSUB@
-PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@
-PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@
 PPPD_PLUGIN_DIR = @PPPD_PLUGIN_DIR@
 RANLIB = @RANLIB@
 RESOLVCONF_PATH = @RESOLVCONF_PATH@
@@ -229,10 +244,13 @@ UUID_CFLAGS = @UUID_CFLAGS@
 UUID_LIBS = @UUID_LIBS@
 VERSION = @VERSION@
 XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
 abs_builddir = @abs_builddir@
 abs_srcdir = @abs_srcdir@
 abs_top_builddir = @abs_top_builddir@
 abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
 am__include = @am__include@
diff --git a/src/vpn-manager/nm-vpn-connection-base.c b/src/vpn-manager/nm-vpn-connection-base.c
index 8a6fb2beb..7fde5db06 100644
--- a/src/vpn-manager/nm-vpn-connection-base.c
+++ b/src/vpn-manager/nm-vpn-connection-base.c
@@ -43,7 +43,6 @@ typedef struct {
 
 enum {
 	PROP_0,
-	PROP_SERVICE_NAME,
 	PROP_CONNECTION,
 	PROP_SPECIFIC_OBJECT,
 	PROP_DEVICES,
@@ -141,9 +140,6 @@ get_property (GObject *object, guint prop_id,
 	NMVpnConnectionBasePrivate *priv = NM_VPN_CONNECTION_BASE_GET_PRIVATE (object);
 
 	switch (prop_id) {
-	case PROP_SERVICE_NAME:
-		nm_active_connection_scope_to_value (priv->connection, value);
-		break;
 	case PROP_CONNECTION:
 		g_value_set_boxed (value, nm_connection_get_path (priv->connection));
 		break;
@@ -184,7 +180,6 @@ nm_vpn_connection_base_class_init (NMVpnConnectionBaseClass *vpn_class)
 
 	/* properties */
     nm_active_connection_install_properties (object_class,
-                                             PROP_SERVICE_NAME,
                                              PROP_CONNECTION,
                                              PROP_SPECIFIC_OBJECT,
                                              PROP_DEVICES,
diff --git a/src/vpn-manager/nm-vpn-connection.c b/src/vpn-manager/nm-vpn-connection.c
index 03e213ff7..601d29bcb 100644
--- a/src/vpn-manager/nm-vpn-connection.c
+++ b/src/vpn-manager/nm-vpn-connection.c
@@ -30,11 +30,11 @@
 #include "NetworkManager.h"
 #include "NetworkManagerVPN.h"
 #include "nm-vpn-connection.h"
+#include "nm-device-interface.h"
 #include "nm-setting-connection.h"
 #include "nm-setting-vpn.h"
 #include "nm-setting-ip4-config.h"
 #include "nm-dbus-manager.h"
-#include "nm-manager.h"
 #include "nm-system.h"
 #include "nm-logging.h"
 #include "nm-utils.h"
@@ -47,21 +47,22 @@
 #include "nm-dns-manager.h"
 #include "nm-netlink-monitor.h"
 #include "nm-glib-compat.h"
+#include "settings/nm-settings-connection.h"
 
 #include "nm-vpn-connection-glue.h"
 
-static void secrets_provider_interface_init (NMSecretsProviderInterface *sp_interface_class);
-
-G_DEFINE_TYPE_EXTENDED (NMVPNConnection, nm_vpn_connection, NM_TYPE_VPN_CONNECTION_BASE, 0,
-                        G_IMPLEMENT_INTERFACE (NM_TYPE_SECRETS_PROVIDER_INTERFACE,
-                                               secrets_provider_interface_init))
+G_DEFINE_TYPE (NMVPNConnection, nm_vpn_connection, NM_TYPE_VPN_CONNECTION_BASE)
 
 typedef struct {
 	gboolean disposed;
 
 	NMConnection *connection;
 
+	gboolean user_requested;
+	gulong user_uid;
 	NMActRequest *act_request;
+	guint32 secrets_id;
+	char *username;
 
 	NMDevice *parent_dev;
 	gulong device_monitor;
@@ -201,7 +202,9 @@ device_ip4_config_changed (NMDevice *device,
 NMVPNConnection *
 nm_vpn_connection_new (NMConnection *connection,
                        NMActRequest *act_request,
-                       NMDevice *parent_device)
+                       NMDevice *parent_device,
+                       gboolean user_requested,
+                       gulong user_uid)
 {
 	NMVPNConnection *self;
 	NMVPNConnectionPrivate *priv;
@@ -216,6 +219,8 @@ nm_vpn_connection_new (NMConnection *connection,
 
 	priv = NM_VPN_CONNECTION_GET_PRIVATE (self);
 
+	priv->user_requested = user_requested;
+	priv->user_uid = user_uid;
 	priv->connection = g_object_ref (connection);
 	priv->parent_dev = g_object_ref (parent_device);
 	priv->act_request = g_object_ref (act_request);
@@ -470,8 +475,7 @@ nm_vpn_connection_ip4_config_get (DBusGProxy *proxy,
 
 	val = (GValue *) g_hash_table_lookup (config_hash, NM_VPN_PLUGIN_IP4_CONFIG_BANNER);
 	if (val) {
-		if (priv->banner)
-			g_free (priv->banner);
+		g_free (priv->banner);
 		priv->banner = g_strdup (g_value_get_string (val));
 	}
 
@@ -590,8 +594,36 @@ nm_vpn_connection_connect_cb (DBusGProxy *proxy, GError *err, gpointer user_data
 	}
 }
 
+/* Add a username to a hashed connection */
+static GHashTable *
+_hash_with_username (NMConnection *connection, const char *username)
+{
+	NMConnection *dup;
+	NMSetting *s_vpn;
+	GHashTable *hash;
+	const char *existing;
+
+	/* Shortcut if we weren't given a username or if there already was one in
+	 * the VPN setting; don't bother duplicating the connection and everything.
+	 */
+	s_vpn = nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
+	g_assert (s_vpn);
+	existing = nm_setting_vpn_get_user_name (NM_SETTING_VPN (s_vpn));
+	if (username == NULL || existing)
+		return nm_connection_to_hash (connection, NM_SETTING_HASH_FLAG_ALL);
+
+	dup = nm_connection_duplicate (connection);
+	g_assert (dup);
+	s_vpn = nm_connection_get_setting (dup, NM_TYPE_SETTING_VPN);
+	g_assert (s_vpn);
+	g_object_set (s_vpn, NM_SETTING_VPN_USER_NAME, username, NULL);
+	hash = nm_connection_to_hash (dup, NM_SETTING_HASH_FLAG_ALL);
+	g_object_unref (dup);
+	return hash;
+}
+
 static void
-really_activate (NMVPNConnection *connection)
+really_activate (NMVPNConnection *connection, const char *username)
 {
 	NMVPNConnectionPrivate *priv;
 	GHashTable *hash;
@@ -611,7 +643,7 @@ really_activate (NMVPNConnection *connection)
 						    G_CALLBACK (nm_vpn_connection_ip4_config_get),
 						    connection, NULL);
 
-	hash = nm_connection_to_hash (priv->connection);
+	hash = _hash_with_username (priv->connection, username);
 	org_freedesktop_NetworkManager_VPN_Plugin_connect_async (priv->proxy,
 	                                                         hash,
 	                                                         nm_vpn_connection_connect_cb,
@@ -759,55 +791,26 @@ nm_vpn_connection_disconnect (NMVPNConnection *connection,
 
 /******************************************************************************/
 
-static gboolean
-secrets_update_setting (NMSecretsProviderInterface *interface,
-                        const char *setting_name,
-                        GHashTable *new)
-{
-	NMVPNConnection *self = NM_VPN_CONNECTION (interface);
-	NMVPNConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE (self);
-	GError *error = NULL;
-
-	g_return_val_if_fail (priv->connection != NULL, FALSE);
-
-	if (strcmp (setting_name, NM_SETTING_VPN_SETTING_NAME))
-		return FALSE;
-
-	if (!nm_connection_update_secrets (priv->connection, NM_SETTING_VPN_SETTING_NAME, new, &error)) {
-		nm_log_warn (LOGD_VPN, "Failed to update VPN secrets: %d %s",
-		             error ? error->code : -1,
-		             error && error->message ? error->message : "(none)");
-		g_clear_error (&error);
-		return FALSE;
-	}
-	return TRUE;
-}
-
 static void
-secrets_result (NMSecretsProviderInterface *interface,
-	            const char *setting_name,
-	            RequestSecretsCaller caller,
-	            const GSList *updated,
-	            GError *error)
+vpn_secrets_cb (NMSettingsConnection *connection,
+                guint32 call_id,
+                const char *agent_username,
+                const char *setting_name,
+                GError *error,
+                gpointer user_data)
 {
-	NMVPNConnection *self = NM_VPN_CONNECTION (interface);
+	NMVPNConnection *self = NM_VPN_CONNECTION (user_data);
 	NMVPNConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE (self);
 
-	g_return_if_fail (priv->connection != NULL);
-	g_return_if_fail (caller == SECRETS_CALLER_VPN);
+	g_return_if_fail (NM_CONNECTION (connection) == priv->connection);
+	g_return_if_fail (call_id == priv->secrets_id);
+
+	priv->secrets_id = 0;
 
 	if (error)
 		nm_vpn_connection_fail (self, NM_VPN_CONNECTION_STATE_REASON_NO_SECRETS);
 	else
-		really_activate (self);
-}
-
-static void
-secrets_provider_interface_init (NMSecretsProviderInterface *sp_interface_class)
-{
-	/* interface implementation */
-	sp_interface_class->update_setting = secrets_update_setting;
-	sp_interface_class->result = secrets_result;
+		really_activate (self, agent_username);
 }
 
 static void
@@ -818,6 +821,7 @@ connection_need_secrets_cb  (DBusGProxy *proxy,
 {
 	NMVPNConnection *self = NM_VPN_CONNECTION (user_data);
 	NMVPNConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE (self);
+	GError *local = NULL;
 
 	if (error) {
 		nm_log_err (LOGD_VPN, "NeedSecrets failed: %s %s",
@@ -828,35 +832,107 @@ connection_need_secrets_cb  (DBusGProxy *proxy,
 	}
 
 	if (!setting_name || !strlen (setting_name)) {
+		nm_log_dbg (LOGD_VPN, "(%s/%s) service indicated no additional secrets required",
+				    nm_connection_get_uuid (priv->connection),
+				    nm_connection_get_id (priv->connection));
+
 		/* No secrets required */
-		really_activate (self);
+		really_activate (self, priv->username);
 		return;
 	}
 
-	/* Get the secrets the VPN plugin wants */
-	if (!nm_secrets_provider_interface_get_secrets (NM_SECRETS_PROVIDER_INTERFACE (self),
-                                                    priv->connection,
-                                                    setting_name,
-                                                    FALSE,
-                                                    SECRETS_CALLER_VPN,
-                                                    NULL,
-                                                    NULL))
+	nm_log_dbg (LOGD_VPN, "(%s/%s) service indicated additional '%s' secrets required",
+			    nm_connection_get_uuid (priv->connection),
+			    nm_connection_get_id (priv->connection),
+			    setting_name);
+
+	priv->secrets_id = nm_settings_connection_get_secrets (NM_SETTINGS_CONNECTION (priv->connection),
+	                                                       priv->user_requested,
+	                                                       priv->user_uid,
+	                                                       setting_name,
+	                                                       NM_SETTINGS_GET_SECRETS_FLAG_ALLOW_INTERACTION,
+	                                                       NULL,
+	                                                       vpn_secrets_cb,
+	                                                       self,
+	                                                       &local);
+	if (!priv->secrets_id) {
+		if (local)
+			nm_log_err (LOGD_VPN, "failed to get secrets: (%d) %s", local->code, local->message);
 		nm_vpn_connection_fail (self, NM_VPN_CONNECTION_STATE_REASON_NO_SECRETS);
+		g_clear_error (&local);
+	}
 }
 
 static void
-call_need_secrets (NMVPNConnection *vpn_connection)
+existing_secrets_cb (NMSettingsConnection *connection,
+                     guint32 call_id,
+                     const char *agent_username,
+                     const char *setting_name,
+                     GError *error,
+                     gpointer user_data)
 {
-	NMVPNConnectionPrivate *priv;
-	GHashTable *settings;
-
-	priv = NM_VPN_CONNECTION_GET_PRIVATE (vpn_connection);
-	settings = nm_connection_to_hash (priv->connection);
-	org_freedesktop_NetworkManager_VPN_Plugin_need_secrets_async (priv->proxy,
-	                         settings,
-	                         connection_need_secrets_cb,
-	                         vpn_connection);
-	g_hash_table_destroy (settings);
+	NMVPNConnection *self = NM_VPN_CONNECTION (user_data);
+	NMVPNConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE (self);
+	GHashTable *hash;
+
+	g_return_if_fail (NM_CONNECTION (connection) == priv->connection);
+	g_return_if_fail (call_id == priv->secrets_id);
+
+	priv->secrets_id = 0;
+
+	if (error) {
+		nm_log_err (LOGD_VPN, "Failed to request existing VPN secrets #2: (%s) %s",
+		            g_quark_to_string (error->domain),
+		            error->message);
+		nm_vpn_connection_fail (self, NM_VPN_CONNECTION_STATE_REASON_NO_SECRETS);
+	} else {
+		nm_log_dbg (LOGD_VPN, "(%s/%s) asking service if additional secrets are required",
+			        nm_connection_get_uuid (priv->connection),
+			        nm_connection_get_id (priv->connection));
+
+		/* Cache the username for later */
+		g_free (priv->username);
+		priv->username = g_strdup (agent_username);
+
+		/* Ask the VPN service if more secrets are required */
+		hash = _hash_with_username (priv->connection, priv->username);
+		org_freedesktop_NetworkManager_VPN_Plugin_need_secrets_async (priv->proxy,
+		                                                              hash,
+		                                                              connection_need_secrets_cb,
+		                                                              self);
+		g_hash_table_destroy (hash);
+	}
+}
+
+static void
+get_existing_secrets (NMVPNConnection *self)
+{
+	NMVPNConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE (self);
+	GError *error = NULL;
+
+	nm_log_dbg (LOGD_VPN, "(%s/%s) requesting existing VPN secrets",
+	            nm_connection_get_uuid (priv->connection),
+	            nm_connection_get_id (priv->connection));
+
+	/* Just get existing secrets if any so we can ask the VPN service if
+	 * any more are required.
+	 */
+	priv->secrets_id = nm_settings_connection_get_secrets (NM_SETTINGS_CONNECTION (priv->connection),
+	                                                       priv->user_requested,
+	                                                       priv->user_uid,
+	                                                       NM_SETTING_VPN_SETTING_NAME,
+	                                                       NM_SETTINGS_GET_SECRETS_FLAG_NONE,
+	                                                       NULL,
+	                                                       existing_secrets_cb,
+	                                                       self,
+	                                                       &error);
+	if (priv->secrets_id == 0) {
+		nm_log_err (LOGD_VPN, "Failed to request existing VPN secrets #1: (%s) %s",
+		            g_quark_to_string (error->domain),
+		            error->message);
+		g_error_free (error);
+		nm_vpn_connection_fail (self, NM_VPN_CONNECTION_STATE_REASON_NO_SECRETS);
+	}
 }
 
 static void
@@ -901,15 +977,11 @@ vpn_cleanup (NMVPNConnection *connection)
 		priv->gw_route = NULL;
 	}
 
-	if (priv->banner) {
-		g_free (priv->banner);
-		priv->banner = NULL;
-	}
+	g_free (priv->banner);
+	priv->banner = NULL;
 
-	if (priv->ip_iface) {
-		g_free (priv->ip_iface);
-		priv->ip_iface = NULL;
-	}
+	g_free (priv->ip_iface);
+	priv->ip_iface = NULL;
 
 	/* Clear out connection secrets to ensure that the settings service
 	 * gets asked for them next time the connection is activated.
@@ -919,17 +991,25 @@ vpn_cleanup (NMVPNConnection *connection)
 }
 
 static void
-connection_state_changed (NMVPNConnection *connection,
+connection_state_changed (NMVPNConnection *self,
                           NMVPNConnectionState state,
                           NMVPNConnectionStateReason reason)
 {
-	NMVPNConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE (connection);
+	NMVPNConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE (self);
 
-	nm_secrets_provider_interface_cancel_get_secrets (NM_SECRETS_PROVIDER_INTERFACE (priv->act_request));
+	/* Clear any in-progress secrets request */
+	if (priv->secrets_id) {
+		nm_settings_connection_cancel_secrets (NM_SETTINGS_CONNECTION (priv->connection), priv->secrets_id);
+		priv->secrets_id = 0;
+	}
 
 	switch (state) {
 	case NM_VPN_CONNECTION_STATE_NEED_AUTH:
-		call_need_secrets (connection);
+		get_existing_secrets (self);
+		break;
+	case NM_VPN_CONNECTION_STATE_ACTIVATED:
+		/* Secrets no longer needed now that we're connected */
+		nm_connection_clear_secrets (priv->connection);
 		break;
 	case NM_VPN_CONNECTION_STATE_DISCONNECTED:
 	case NM_VPN_CONNECTION_STATE_FAILED:
@@ -945,7 +1025,7 @@ connection_state_changed (NMVPNConnection *connection,
 			g_object_unref (priv->proxy);
 			priv->proxy = NULL;
 		}
-		vpn_cleanup (connection);
+		vpn_cleanup (self);
 		break;
 	default:
 		break;
@@ -989,8 +1069,14 @@ dispose (GObject *object)
 	if (priv->proxy)
 		g_object_unref (priv->proxy);
 
+	if (priv->secrets_id) {
+		nm_settings_connection_cancel_secrets (NM_SETTINGS_CONNECTION (priv->connection),
+		                                       priv->secrets_id);
+	}
+
 	g_object_unref (priv->act_request);
 	g_object_unref (priv->connection);
+	g_free (priv->username);
 
 	G_OBJECT_CLASS (nm_vpn_connection_parent_class)->dispose (object);
 }
diff --git a/src/vpn-manager/nm-vpn-connection.h b/src/vpn-manager/nm-vpn-connection.h
index ab880b17f..fd5ee24e1 100644
--- a/src/vpn-manager/nm-vpn-connection.h
+++ b/src/vpn-manager/nm-vpn-connection.h
@@ -15,7 +15,7 @@
  * with this program; if not, write to the Free Software Foundation, Inc.,
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  *
- * Copyright (C) 2005 - 2008 Red Hat, Inc.
+ * Copyright (C) 2005 - 2011 Red Hat, Inc.
  * Copyright (C) 2006 - 2008 Novell, Inc.
  */
 
@@ -27,7 +27,6 @@
 #include "NetworkManagerVPN.h"
 #include "nm-device.h"
 #include "nm-activation-request.h"
-#include "nm-secrets-provider-interface.h"
 #include "nm-vpn-connection-base.h"
 
 #define NM_TYPE_VPN_CONNECTION            (nm_vpn_connection_get_type ())
@@ -59,7 +58,9 @@ GType nm_vpn_connection_get_type (void);
 
 NMVPNConnection * nm_vpn_connection_new (NMConnection *connection,
                                          NMActRequest *act_request,
-                                         NMDevice *parent_device);
+                                         NMDevice *parent_device,
+                                         gboolean user_requested,
+                                         gulong user_uid);
 
 void                 nm_vpn_connection_activate        (NMVPNConnection *connection);
 NMConnection *       nm_vpn_connection_get_connection  (NMVPNConnection *connection);
diff --git a/src/vpn-manager/nm-vpn-manager.c b/src/vpn-manager/nm-vpn-manager.c
index d3cd10a8b..2bd8f2360 100644
--- a/src/vpn-manager/nm-vpn-manager.c
+++ b/src/vpn-manager/nm-vpn-manager.c
@@ -115,22 +115,26 @@ find_active_vpn_connection_by_connection (NMVPNManager *self, NMConnection *conn
 	NMVPNManagerPrivate *priv = NM_VPN_MANAGER_GET_PRIVATE (self);
 	GHashTableIter iter;
 	gpointer data;
-	GSList *connections, *elt;
+	GSList *active, *aiter;
+	NMVPNConnection *found = NULL;
 
 	g_return_val_if_fail (connection, NULL);
 	g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL);
 
 	g_hash_table_iter_init (&iter, priv->services);
-	while (g_hash_table_iter_next (&iter, NULL, &data)) {
-		connections = nm_vpn_service_get_active_connections (NM_VPN_SERVICE (data));
-		for (elt = connections; elt; elt = g_slist_next (elt)) {
-			NMVPNConnection *vpn = NM_VPN_CONNECTION (elt->data);
+	while (g_hash_table_iter_next (&iter, NULL, &data) && (found == NULL)) {
+		active = nm_vpn_service_get_active_connections (NM_VPN_SERVICE (data));
+		for (aiter = active; aiter; aiter = g_slist_next (aiter)) {
+			NMVPNConnection *vpn = NM_VPN_CONNECTION (aiter->data);
 
-			if (nm_vpn_connection_get_connection (vpn) == connection)
-				return vpn;
+			if (nm_vpn_connection_get_connection (vpn) == connection) {
+				found = vpn;
+				break;
+			}
 		}
+		g_slist_free (active);
 	}
-	return NULL;
+	return found;
 }
 
 static void
@@ -159,6 +163,8 @@ nm_vpn_manager_activate_connection (NMVPNManager *manager,
                                     NMConnection *connection,
                                     NMActRequest *act_request,
                                     NMDevice *device,
+                                    gboolean user_requested,
+                                    gulong user_uid,
                                     GError **error)
 {
 	NMSettingVPN *vpn_setting;
@@ -205,7 +211,7 @@ nm_vpn_manager_activate_connection (NMVPNManager *manager,
 		return NULL;
 	}
 
-	vpn = nm_vpn_service_activate (service, connection, act_request, device, error);
+	vpn = nm_vpn_service_activate (service, connection, act_request, device, user_requested, user_uid, error);
 	if (vpn) {
 		g_signal_connect (vpn, "vpn-state-changed",
 		                  G_CALLBACK (connection_vpn_state_changed),
@@ -223,7 +229,8 @@ nm_vpn_manager_deactivate_connection (NMVPNManager *self,
 	NMVPNManagerPrivate *priv;
 	GHashTableIter iter;
 	gpointer data;
-	GSList *active, *elt;
+	GSList *active, *aiter;
+	gboolean success = FALSE;
 
 	g_return_val_if_fail (self, FALSE);
 	g_return_val_if_fail (NM_IS_VPN_MANAGER (self), FALSE);
@@ -231,21 +238,23 @@ nm_vpn_manager_deactivate_connection (NMVPNManager *self,
 
 	priv = NM_VPN_MANAGER_GET_PRIVATE (self);
 	g_hash_table_iter_init (&iter, priv->services);
-	while (g_hash_table_iter_next (&iter, NULL, &data)) {
+	while (g_hash_table_iter_next (&iter, NULL, &data) && (success == FALSE)) {
 		active = nm_vpn_service_get_active_connections (NM_VPN_SERVICE (data));
-		for (elt = active; elt; elt = g_slist_next (elt)) {
-			NMVPNConnection *vpn = NM_VPN_CONNECTION (elt->data);
+		for (aiter = active; aiter; aiter = g_slist_next (aiter)) {
+			NMVPNConnection *vpn = NM_VPN_CONNECTION (aiter->data);
 			const char *vpn_path;
 
 			vpn_path = nm_vpn_connection_get_active_connection_path (vpn);
 			if (!strcmp (path, vpn_path)) {
 				nm_vpn_connection_disconnect (vpn, reason);
-				return TRUE;
+				success = TRUE;
+				break;
 			}
 		}
+		g_slist_free (active);
 	}
 
-	return FALSE;
+	return success;
 }
 
 void
@@ -256,7 +265,7 @@ nm_vpn_manager_add_active_connections (NMVPNManager *self,
 	NMVPNManagerPrivate *priv;
 	GHashTableIter iter;
 	gpointer data;
-	GSList *active, *elt;
+	GSList *active, *aiter;
 
 	g_return_if_fail (self);
 	g_return_if_fail (NM_IS_VPN_MANAGER (self));
@@ -266,8 +275,8 @@ nm_vpn_manager_add_active_connections (NMVPNManager *self,
 	g_hash_table_iter_init (&iter, priv->services);
 	while (g_hash_table_iter_next (&iter, NULL, &data)) {
 		active = nm_vpn_service_get_active_connections (NM_VPN_SERVICE (data));
-		for (elt = active; elt; elt = g_slist_next (elt)) {
-			NMVPNConnection *vpn = NM_VPN_CONNECTION (elt->data);
+		for (aiter = active; aiter; aiter = g_slist_next (aiter)) {
+			NMVPNConnection *vpn = NM_VPN_CONNECTION (aiter->data);
 			const char *path;
 
 			if (!filter || (nm_vpn_connection_get_connection (vpn) == filter)) {
@@ -275,6 +284,7 @@ nm_vpn_manager_add_active_connections (NMVPNManager *self,
 				g_ptr_array_add (array, g_strdup (path));
 			}
 		}
+		g_slist_free (active);
 	}
 }
 
@@ -284,7 +294,7 @@ nm_vpn_manager_get_active_connections (NMVPNManager *self)
 	NMVPNManagerPrivate *priv;
 	GHashTableIter iter;
 	gpointer data;
-	GSList *list = NULL, *active, *elt;
+	GSList *list = NULL, *active;
 
 	g_return_val_if_fail (self, NULL);
 	g_return_val_if_fail (NM_IS_VPN_MANAGER (self), NULL);
@@ -293,8 +303,7 @@ nm_vpn_manager_get_active_connections (NMVPNManager *self)
 	g_hash_table_iter_init (&iter, priv->services);
 	while (g_hash_table_iter_next (&iter, NULL, &data)) {
 		active = nm_vpn_service_get_active_connections (NM_VPN_SERVICE (data));
-		for (elt = active; elt; elt = g_slist_next (elt))
-			list = g_slist_append (list, g_object_ref (G_OBJECT (elt->data)));
+		list = g_slist_concat (list, active);
 	}
 	return list;
 }
diff --git a/src/vpn-manager/nm-vpn-manager.h b/src/vpn-manager/nm-vpn-manager.h
index f14844a9d..6159bb86f 100644
--- a/src/vpn-manager/nm-vpn-manager.h
+++ b/src/vpn-manager/nm-vpn-manager.h
@@ -71,6 +71,8 @@ NMVPNConnection *nm_vpn_manager_activate_connection (NMVPNManager *manager,
                                                      NMConnection *connection,
                                                      NMActRequest *act_request,
                                                      NMDevice *device,
+                                                     gboolean user_requested,
+                                                     gulong user_uid,
                                                      GError **error);
 
 gboolean nm_vpn_manager_deactivate_connection (NMVPNManager *manager,
diff --git a/src/vpn-manager/nm-vpn-service.c b/src/vpn-manager/nm-vpn-service.c
index 3d44d9004..3b4e2b481 100644
--- a/src/vpn-manager/nm-vpn-service.c
+++ b/src/vpn-manager/nm-vpn-service.c
@@ -325,6 +325,8 @@ nm_vpn_service_activate (NMVPNService *service,
                          NMConnection *connection,
                          NMActRequest *act_request,
                          NMDevice *device,
+                         gboolean user_requested,
+                         gulong user_uid,
                          GError **error)
 {
 	NMVPNConnection *vpn;
@@ -341,7 +343,7 @@ nm_vpn_service_activate (NMVPNService *service,
 
 	clear_quit_timeout (service);
 
-	vpn = nm_vpn_connection_new (connection, act_request, device);
+	vpn = nm_vpn_connection_new (connection, act_request, device, user_requested, user_uid);
 	g_signal_connect (vpn, "vpn-state-changed",
 				   G_CALLBACK (connection_vpn_state_changed),
 				   service);
@@ -415,7 +417,8 @@ nm_vpn_service_init (NMVPNService *self)
 	NMVPNServicePrivate *priv = NM_VPN_SERVICE_GET_PRIVATE (self);
 
 	priv->dbus_mgr = nm_dbus_manager_get ();
-	priv->name_owner_id = g_signal_connect (priv->dbus_mgr, "name-owner-changed",
+	priv->name_owner_id = g_signal_connect (priv->dbus_mgr,
+	                                        NM_DBUS_MANAGER_NAME_OWNER_CHANGED,
 	                                        G_CALLBACK (nm_vpn_service_name_owner_changed),
 	                                        self);
 }
diff --git a/src/vpn-manager/nm-vpn-service.h b/src/vpn-manager/nm-vpn-service.h
index c7c1b0366..0c2445e26 100644
--- a/src/vpn-manager/nm-vpn-service.h
+++ b/src/vpn-manager/nm-vpn-service.h
@@ -59,6 +59,8 @@ NMVPNConnection * nm_vpn_service_activate (NMVPNService *service,
                                            NMConnection *connection,
                                            NMActRequest *act_request,
                                            NMDevice *device,
+                                           gboolean user_requested,
+                                           gulong user_uid,
                                            GError **error);
 
 GSList * nm_vpn_service_get_active_connections (NMVPNService *service);