• Dan Williams's avatar
    vpn: fix handling of connections with only system secrets · fb62f395
    Dan Williams authored
    The core problem was the nm_connection_need_secrets() call in
    nm-agent-manager.c's get_start() function; for VPN settings this
    always returns TRUE.  Thus if a VPN connection had only system
    secrets, when the agent manager checked if additional secrets
    were required, they would be, and agents would be asked for
    secrets they didn't have and couldn't provide.  Thus the
    connection would fail.  nm_connection_need_secrets() simply
    can't know if VPN secrets are really required because it
    doesn't know anything about the internal VPN private data;
    only the plugin itself can tell us if secrets are required.
    
    If the system secrets are sufficient we shouldn't be asking any
    agents for secrets at all.  So implement a three-step secrets
    path for VPN connections.  First we retrieve existing system
    secrets, and ask the plugin if these are sufficient.  Second we
    request both existing system secrets and existing agent secrets
    and again ask the plugin if these are sufficient.  If both those
    fail, we ask agents for new secrets.
    fb62f395
nm-secret-agent.c 12.3 KB