Commit 6bfab679 authored by Thomas Haller's avatar Thomas Haller

cli: fix reading "vpn.secrets.*" from passwd-file

Due to a bug, we required VPN secrets to be prefixed with
"vpn.secret." instead of "vpn.secrets.". This was a change
in behavior with 1.12.0 release.

Fix it, to restore the old behavior. For backward compatibility
to the broken behavior, adjust parse_passwords() to treat accept
that as well.

https://bugzilla.redhat.com/show_bug.cgi?id=1628833
https://github.com/NetworkManager/NetworkManager/pull/201

Fixes: 0601b5d7
(cherry picked from commit 5815ae8c)
parent 63639f33
......@@ -645,13 +645,13 @@ vpn_openconnect_get_secrets (NMConnection *connection, GPtrArray *secrets)
if (!nm_streq0 (secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT))
continue;
if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "cookie")) {
if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "cookie")) {
g_free (secret->value);
secret->value = g_steal_pointer (&cookie);
} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gateway")) {
} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gateway")) {
g_free (secret->value);
secret->value = g_steal_pointer (&gateway);
} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gwcert")) {
} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gwcert")) {
g_free (secret->value);
secret->value = g_steal_pointer (&gwcert);
}
......
......@@ -2607,7 +2607,15 @@ parse_passwords (const char *passwd_file, GError **error)
return NULL;
}
pwd_spec = g_strdup_printf ("%s.%s", setting, prop);
if ( nm_streq (setting, "vpn")
&& g_str_has_prefix (prop, "secret.")) {
/* in 1.12.0, we wrongly required the VPN secrets to be named
* "vpn.secret". It should be "vpn.secrets". Work around it
* (rh#1628833). */
pwd_spec = g_strdup_printf ("vpn.secrets.%s", &prop[NM_STRLEN ("secret.")]);
} else
pwd_spec = g_strdup_printf ("%s.%s", setting, prop);
g_hash_table_insert (pwds_hash, pwd_spec, g_strdup (pwd));
}
return g_steal_pointer (&pwds_hash);
......
......@@ -195,7 +195,7 @@ nm_secret_agent_simple_secret_new (NMSecretAgentSecretType secret_type,
real->base.is_secret = (secret_type != NM_SECRET_AGENT_SECRET_TYPE_PROPERTY);
break;
case NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET:
vpn_prefix = NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET;
vpn_prefix = NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS;
value = nm_setting_vpn_get_secret (NM_SETTING_VPN (setting), property);
real->base.entry_id = g_strdup_printf ("%s%s", vpn_prefix, property);
nm_assert (vpn_type);
......
......@@ -56,7 +56,7 @@ typedef struct {
gboolean is_secret;
} NMSecretAgentSimpleSecret;
#define NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "vpn.secret."
#define NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "vpn.secrets."
#define NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT NM_DBUS_INTERFACE".openconnect"
......
......@@ -121,13 +121,13 @@ secrets_requested (NMSecretAgentSimple *agent,
continue;
if (!nm_streq0 (secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT))
continue;
if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "cookie")) {
if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "cookie")) {
g_free (secret->value);
secret->value = g_steal_pointer (&cookie);
} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gateway")) {
} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gateway")) {
g_free (secret->value);
secret->value = g_steal_pointer (&gateway);
} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gwcert")) {
} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gwcert")) {
g_free (secret->value);
secret->value = g_steal_pointer (&gwcert);
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment