Commit 9cba854f authored by Dan Williams's avatar Dan Williams

settings: ensure transient secrets are ignored when rereading connections (rh #703785)

When a connection changes on-disk, the in-memory copy of it may contain
transient secrets (agent-owned or not saved) that dont' get written out
to disk.  When comparing the on-disk copy to the in-memory copy make sure
transient secrets are ignored so that we don't re-read the on-disk copy
needlessly.
parent 864db9f9
......@@ -187,6 +187,7 @@ commit_changes (NMSettingsConnection *connection,
GError *error = NULL;
NMConnection *reread;
char *unmanaged = NULL, *keyfile = NULL, *routefile = NULL, *route6file = NULL;
gboolean same = FALSE;
/* To ensure we don't rewrite files that are only changed from other
* processes on-disk, read the existing connection back in and only rewrite
......@@ -200,25 +201,30 @@ commit_changes (NMSettingsConnection *connection,
g_free (routefile);
g_free (route6file);
if (reread && nm_connection_compare (NM_CONNECTION (connection),
reread,
NM_SETTING_COMPARE_FLAG_EXACT))
goto out;
if (reread) {
same = nm_connection_compare (NM_CONNECTION (connection),
reread,
NM_SETTING_COMPARE_FLAG_IGNORE_AGENT_OWNED_SECRETS |
NM_SETTING_COMPARE_FLAG_IGNORE_NOT_SAVED_SECRETS);
g_object_unref (reread);
/* Don't bother writing anything out if nothing really changed */
if (same == TRUE)
return;
}
if (!writer_update_connection (NM_CONNECTION (connection),
IFCFG_DIR,
priv->path,
priv->keyfile,
&error)) {
if (writer_update_connection (NM_CONNECTION (connection),
IFCFG_DIR,
priv->path,
priv->keyfile,
&error)) {
/* Chain up to parent to handle success */
NM_SETTINGS_CONNECTION_CLASS (nm_ifcfg_connection_parent_class)->commit_changes (connection, callback, user_data);
} else {
/* Otherwise immediate error */
callback (connection, error, user_data);
g_error_free (error);
return;
}
out:
if (reread)
g_object_unref (reread);
NM_SETTINGS_CONNECTION_CLASS (nm_ifcfg_connection_parent_class)->commit_changes (connection, callback, user_data);
}
static void
......
......@@ -272,7 +272,8 @@ connection_new_or_changed (SCPluginIfcfg *self,
/* When the connections are the same, nothing is done */
if (nm_connection_compare (NM_CONNECTION (existing),
NM_CONNECTION (new),
NM_SETTING_COMPARE_FLAG_EXACT)) {
NM_SETTING_COMPARE_FLAG_IGNORE_AGENT_OWNED_SECRETS |
NM_SETTING_COMPARE_FLAG_IGNORE_NOT_SAVED_SECRETS)) {
g_object_unref (new);
return;
}
......
......@@ -278,7 +278,8 @@ reload_connections (gpointer config)
if (auto_refresh && is_true (auto_refresh)) {
if (!nm_connection_compare (NM_CONNECTION (old),
NM_CONNECTION (new),
NM_SETTING_COMPARE_FLAG_EXACT)) {
NM_SETTING_COMPARE_FLAG_IGNORE_AGENT_OWNED_SECRETS |
NM_SETTING_COMPARE_FLAG_IGNORE_NOT_SAVED_SECRETS)) {
PLUGIN_PRINT (IFNET_PLUGIN_NAME, "Auto refreshing %s", conn_name);
/* Remove and re-add to disconnect and reconnect with new settings */
......
......@@ -231,7 +231,8 @@ dir_changed (GFileMonitor *monitor,
if (tmp) {
if (!nm_connection_compare (NM_CONNECTION (connection),
NM_CONNECTION (tmp),
NM_SETTING_COMPARE_FLAG_EXACT)) {
NM_SETTING_COMPARE_FLAG_IGNORE_AGENT_OWNED_SECRETS |
NM_SETTING_COMPARE_FLAG_IGNORE_NOT_SAVED_SECRETS)) {
PLUGIN_PRINT (KEYFILE_PLUGIN_NAME, "updating %s", full_path);
update_connection_settings (connection, tmp);
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment