Commit fb62f395 authored by Dan Williams's avatar Dan Williams

vpn: fix handling of connections with only system secrets

The core problem was the nm_connection_need_secrets() call in
nm-agent-manager.c's get_start() function; for VPN settings this
always returns TRUE.  Thus if a VPN connection had only system
secrets, when the agent manager checked if additional secrets
were required, they would be, and agents would be asked for
secrets they didn't have and couldn't provide.  Thus the
connection would fail.  nm_connection_need_secrets() simply
can't know if VPN secrets are really required because it
doesn't know anything about the internal VPN private data;
only the plugin itself can tell us if secrets are required.

If the system secrets are sufficient we shouldn't be asking any
agents for secrets at all.  So implement a three-step secrets
path for VPN connections.  First we retrieve existing system
secrets, and ask the plugin if these are sufficient.  Second we
request both existing system secrets and existing agent secrets
and again ask the plugin if these are sufficient.  If both those
fail, we ask agents for new secrets.
parent 2d461942
......@@ -22,12 +22,16 @@
#define NM_SETTINGS_FLAGS_H
/* NOTE: these values should match the NM_SECRET_AGENT_GET_SECRETS_FLAGS in
* the nm-secret-agent.xml introspection file.
* the nm-secret-agent.xml introspection file; except ONLY_SYSTEM which is
* internal to NM.
*/
typedef enum {
NM_SETTINGS_GET_SECRETS_FLAG_NONE = 0x0,
NM_SETTINGS_GET_SECRETS_FLAG_ALLOW_INTERACTION = 0x1,
NM_SETTINGS_GET_SECRETS_FLAG_REQUEST_NEW = 0x2
NM_SETTINGS_GET_SECRETS_FLAG_REQUEST_NEW = 0x2,
/* Internal only to NM */
NM_SETTINGS_GET_SECRETS_FLAG_ONLY_SYSTEM = 0x80000000
} NMSettingsGetSecretsFlags;
#endif /* NM_SETTINGS_FLAGS_H */
......
......@@ -945,8 +945,8 @@ get_start (gpointer user_data)
g_clear_error (&error);
} else {
/* Do we have everything we need? */
/* FIXME: handle second check for VPN connections */
if ((nm_connection_need_secrets (tmp, NULL) == NULL) && (request_new == FALSE)) {
if ( (req->flags & NM_SETTINGS_GET_SECRETS_FLAG_ONLY_SYSTEM)
|| ((nm_connection_need_secrets (tmp, NULL) == NULL) && (request_new == FALSE))) {
nm_log_dbg (LOGD_AGENTS, "(%p/%s) system settings secrets sufficient",
req, req->setting_name);
......@@ -1059,7 +1059,8 @@ nm_agent_manager_get_secrets (NMAgentManager *self,
g_hash_table_insert (priv->requests, GUINT_TO_POINTER (req->reqid), req);
/* Kick off the request */
request_add_agents (self, req);
if (!(req->flags & NM_SETTINGS_GET_SECRETS_FLAG_ONLY_SYSTEM))
request_add_agents (self, req);
req->idle_id = g_idle_add (get_start, req);
return req->reqid;
......
......@@ -189,6 +189,9 @@ nm_secret_agent_get_secrets (NMSecretAgent *self,
hash = nm_connection_to_hash (connection, NM_SETTING_HASH_FLAG_ALL);
/* Mask off the private ONLY_SYSTEM flag if present */
flags &= ~NM_SETTINGS_GET_SECRETS_FLAG_ONLY_SYSTEM;
r = request_new (self, nm_connection_get_path (connection), setting_name, callback, callback_data);
r->call = dbus_g_proxy_begin_call_with_timeout (priv->proxy,
"GetSecrets",
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment