rpms / NetworkManager

Clone
Source Code
GIT

Blame SOURCES/0017-clients-secret-request-rh1351272.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   b54c16dfd2b4adaa3245898035d9476ad6c97fa1
  2.   SOURCES
  3.   0017-clients-secret-request-rh1351272.patch
Blob History Raw
a85faa 
From 3ba59ef7a5ee6e079089d0e7d0db8b554c6804da Mon Sep 17 00:00:00 2001
a85faa 
From: Beniamino Galvani <bgalvani@redhat.com>
a85faa 
Date: Fri, 9 Sep 2016 17:33:09 +0200
a85faa 
Subject: [PATCH 1/5] clients: add define for NMSecretAgentSimple signal name
a85faa
a85faa 
(cherry picked from commit b28b2ba8a961143ccb9cbba58320b38e5b8d5f5c)
a85faa 
(cherry picked from commit ce3e2152bc5253f73ee1ce5132fa6c1e48aebb24)
a85faa 
---
a85faa 
 clients/cli/agent.c                     | 5 ++++-
a85faa 
 clients/cli/connections.c               | 5 ++++-
a85faa 
 clients/cli/devices.c                   | 8 ++++++--
a85faa 
 clients/common/nm-secret-agent-simple.c | 2 +-
a85faa 
 clients/common/nm-secret-agent-simple.h | 3 +++
a85faa 
 clients/tui/nmtui-connect.c             | 5 ++++-
a85faa 
 6 files changed, 22 insertions(+), 6 deletions(-)
a85faa
a85faa 
diff --git a/clients/cli/agent.c b/clients/cli/agent.c
a85faa 
index bc837c7..e876d26 100644
a85faa 
--- a/clients/cli/agent.c
a85faa 
+++ b/clients/cli/agent.c
a85faa 
@@ -148,7 +148,10 @@ do_agent_secret (NmCli *nmc, int argc, char **argv)
a85faa 
 		nmc->should_wait++;
a85faa
a85faa 
 		nm_secret_agent_simple_enable (NM_SECRET_AGENT_SIMPLE (nmc->secret_agent), NULL);
a85faa 
-		g_signal_connect (nmc->secret_agent, "request-secrets", G_CALLBACK (secrets_requested), nmc);
a85faa 
+		g_signal_connect (nmc->secret_agent,
a85faa 
+		                  NM_SECRET_AGENT_SIMPLE_REQUEST_SECRETS,
a85faa 
+		                  G_CALLBACK (secrets_requested),
a85faa 
+		                  nmc);
a85faa 
 		g_print (_("nmcli successfully registered as a NetworkManager's secret agent.\n"));
a85faa 
 	} else {
a85faa 
 		g_string_printf (nmc->return_text, _("Error: secret agent initialization failed"));
a85faa 
diff --git a/clients/cli/connections.c b/clients/cli/connections.c
a85faa 
index ea7c8a7..ddd7444 100644
a85faa 
--- a/clients/cli/connections.c
a85faa 
+++ b/clients/cli/connections.c
a85faa 
@@ -2530,7 +2530,10 @@ nmc_activate_connection (NmCli *nmc,
a85faa 
 	/* Create secret agent */
a85faa 
 	nmc->secret_agent = nm_secret_agent_simple_new ("nmcli-connect");
a85faa 
 	if (nmc->secret_agent) {
a85faa 
-		g_signal_connect (nmc->secret_agent, "request-secrets", G_CALLBACK (nmc_secrets_requested), nmc);
a85faa 
+		g_signal_connect (nmc->secret_agent,
a85faa 
+		                  NM_SECRET_AGENT_SIMPLE_REQUEST_SECRETS,
a85faa 
+		                  G_CALLBACK (nmc_secrets_requested),
a85faa 
+		                  nmc);
a85faa 
 		if (connection) {
a85faa 
 			nm_secret_agent_simple_enable (NM_SECRET_AGENT_SIMPLE (nmc->secret_agent),
a85faa 
 			                               nm_object_get_path (NM_OBJECT (connection)));
a85faa 
diff --git a/clients/cli/devices.c b/clients/cli/devices.c
a85faa 
index afa769f..32c84bb 100644
a85faa 
--- a/clients/cli/devices.c
a85faa 
+++ b/clients/cli/devices.c
a85faa 
@@ -1860,8 +1860,12 @@ do_device_connect (NmCli *nmc, int argc, char **argv)
a85faa
a85faa 
 	/* Create secret agent */
a85faa 
 	nmc->secret_agent = nm_secret_agent_simple_new ("nmcli-connect");
a85faa 
-	if (nmc->secret_agent)
a85faa 
-		g_signal_connect (nmc->secret_agent, "request-secrets", G_CALLBACK (nmc_secrets_requested), nmc);
a85faa 
+	if (nmc->secret_agent) {
a85faa 
+		g_signal_connect (nmc->secret_agent,
a85faa 
+		                  NM_SECRET_AGENT_SIMPLE_REQUEST_SECRETS,
a85faa 
+		                  G_CALLBACK (nmc_secrets_requested),
a85faa 
+		                  nmc);
a85faa 
+	}
a85faa
a85faa 
 	info = g_malloc0 (sizeof (AddAndActivateInfo));
a85faa 
 	info->nmc = nmc;
a85faa 
diff --git a/clients/common/nm-secret-agent-simple.c b/clients/common/nm-secret-agent-simple.c
a85faa 
index 721f980..3fe1a0b 100644
a85faa 
--- a/clients/common/nm-secret-agent-simple.c
a85faa 
+++ b/clients/common/nm-secret-agent-simple.c
a85faa 
@@ -807,7 +807,7 @@ nm_secret_agent_simple_class_init (NMSecretAgentSimpleClass *klass)
a85faa 
 	 * When the dialog is complete, the app must call
a85faa 
 	 * nm_secret_agent_simple_response() with the results.
a85faa 
 	 */
a85faa 
-	signals[REQUEST_SECRETS] = g_signal_new ("request-secrets",
a85faa 
+	signals[REQUEST_SECRETS] = g_signal_new (NM_SECRET_AGENT_SIMPLE_REQUEST_SECRETS,
a85faa 
 	                                         G_TYPE_FROM_CLASS (klass),
a85faa 
 	                                         0, 0, NULL, NULL, NULL,
a85faa 
 	                                         G_TYPE_NONE,
a85faa 
diff --git a/clients/common/nm-secret-agent-simple.h b/clients/common/nm-secret-agent-simple.h
a85faa 
index ba819ae..f85ba65 100644
a85faa 
--- a/clients/common/nm-secret-agent-simple.h
a85faa 
+++ b/clients/common/nm-secret-agent-simple.h
a85faa 
@@ -29,6 +29,9 @@
a85faa 
 #define NM_IS_SECRET_AGENT_SIMPLE_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_SECRET_AGENT_SIMPLE))
a85faa 
 #define NM_SECRET_AGENT_SIMPLE_GET_CLASS(obj)  (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_SECRET_AGENT_SIMPLE, NMSecretAgentSimpleClass))
a85faa
a85faa 
+/* Signals */
a85faa 
+#define NM_SECRET_AGENT_SIMPLE_REQUEST_SECRETS  "request-secrets"
a85faa 
+
a85faa 
 typedef struct {
a85faa 
 	NMSecretAgentOld parent;
a85faa
a85faa 
diff --git a/clients/tui/nmtui-connect.c b/clients/tui/nmtui-connect.c
a85faa 
index ae9dd43..ddabcd7 100644
a85faa 
--- a/clients/tui/nmtui-connect.c
a85faa 
+++ b/clients/tui/nmtui-connect.c
a85faa 
@@ -239,7 +239,10 @@ activate_connection (NMConnection *connection,
a85faa 
 			nm_secret_agent_simple_enable (NM_SECRET_AGENT_SIMPLE (agent),
a85faa 
 			                               nm_object_get_path (NM_OBJECT (connection)));
a85faa 
 		}
a85faa 
-		g_signal_connect (agent, "request-secrets", G_CALLBACK (secrets_requested), connection);
a85faa 
+		g_signal_connect (agent,
a85faa 
+		                  NM_SECRET_AGENT_SIMPLE_REQUEST_SECRETS,
a85faa 
+		                  G_CALLBACK (secrets_requested),
a85faa 
+		                  connection);
a85faa 
 	}
a85faa
a85faa 
 	specific_object_path = specific_object ? nm_object_get_path (specific_object) : NULL;
a85faa 
--
a85faa 
2.7.4
a85faa
a85faa 
From 3dbeeb4f58232d85f64daac2de3c13bbce98849a Mon Sep 17 00:00:00 2001
a85faa 
From: Beniamino Galvani <bgalvani@redhat.com>
a85faa 
Date: Fri, 9 Sep 2016 21:45:45 +0200
a85faa 
Subject: [PATCH 2/5] clients: don't show "(null)" prompt for secrets
a85faa
a85faa 
If the caller doesn't provide a message, simply don't show it.
a85faa
a85faa 
(cherry picked from commit a80af27fc930936cbdd2646a64b66359d09a603b)
a85faa 
(cherry picked from commit b8e34bcdb38d73819964537c0a175e3d25abe926)
a85faa 
---
a85faa 
 clients/cli/agent.c  | 3 ++-
a85faa 
 clients/cli/common.c | 6 ++++--
a85faa 
 2 files changed, 6 insertions(+), 3 deletions(-)
a85faa
a85faa 
diff --git a/clients/cli/agent.c b/clients/cli/agent.c
a85faa 
index e876d26..9211d9a 100644
a85faa 
--- a/clients/cli/agent.c
a85faa 
+++ b/clients/cli/agent.c
a85faa 
@@ -96,7 +96,8 @@ get_secrets_from_user (const char *request_id,
a85faa 
 		char *pwd = NULL;
a85faa
a85faa 
 		/* Ask user for the password */
a85faa 
-		g_print ("%s\n", msg);
a85faa 
+		if (msg)
a85faa 
+			g_print ("%s\n", msg);
a85faa 
 		if (secret->value) {
a85faa 
 			/* Prefill the password if we have it. */
a85faa 
 			rl_startup_hook = set_deftext;
a85faa 
diff --git a/clients/cli/common.c b/clients/cli/common.c
a85faa 
index f1ec46a..62cd6c9 100644
a85faa 
--- a/clients/cli/common.c
a85faa 
+++ b/clients/cli/common.c
a85faa 
@@ -1058,13 +1058,15 @@ get_secrets_from_user (const char *request_id,
a85faa 
 						nmc_rl_pre_input_deftext = g_strdup (secret->value);
a85faa 
 					}
a85faa 
 				}
a85faa 
-				g_print ("%s\n", msg);
a85faa 
+				if (msg)
a85faa 
+					g_print ("%s\n", msg);
a85faa 
 				pwd = nmc_readline_echo (secret->password ? echo_on : TRUE,
a85faa 
 				                         "%s (%s): ", secret->name, secret->prop_name);
a85faa 
 				if (!pwd)
a85faa 
 					pwd = g_strdup ("");
a85faa 
 			} else {
a85faa 
-				g_print ("%s\n", msg);
a85faa 
+				if (msg)
a85faa 
+					g_print ("%s\n", msg);
a85faa 
 				g_printerr (_("Warning: password for '%s' not given in 'passwd-file' "
a85faa 
 				              "and nmcli cannot ask without '--ask' option.\n"),
a85faa 
 				            secret->prop_name);
a85faa 
--
a85faa 
2.7.4
a85faa
a85faa 
From 44e5899a1d2d6c179c84a7f22782cda7a284c75a Mon Sep 17 00:00:00 2001
a85faa 
From: Beniamino Galvani <bgalvani@redhat.com>
a85faa 
Date: Fri, 9 Sep 2016 21:47:14 +0200
a85faa 
Subject: [PATCH 3/5] clients: add secrets request message for wired and DSL
a85faa 
 connections
a85faa
a85faa 
(cherry picked from commit 2c1adaae5e3bd838c5735209caabcab430a781d9)
a85faa 
(cherry picked from commit b632f2984b1e1caf32b773dbfde0f4d8b59fde8c)
a85faa 
---
a85faa 
 clients/common/nm-secret-agent-simple.c | 13 ++++---------
a85faa 
 1 file changed, 4 insertions(+), 9 deletions(-)
a85faa
a85faa 
diff --git a/clients/common/nm-secret-agent-simple.c b/clients/common/nm-secret-agent-simple.c
a85faa 
index 3fe1a0b..cf4abf9 100644
a85faa 
--- a/clients/common/nm-secret-agent-simple.c
a85faa 
+++ b/clients/common/nm-secret-agent-simple.c
a85faa 
@@ -455,19 +455,14 @@ request_secrets_from_ui (NMSecretAgentSimpleRequest *request)
a85faa 
 		s_con = nm_connection_get_setting_connection (request->connection);
a85faa
a85faa 
 		title = _("Wired 802.1X authentication");
a85faa 
-		msg = NULL;
a85faa 
+		msg = g_strdup_printf (_("Secrets are required to access the wired network '%s'"),
a85faa 
+		                       nm_connection_get_id (request->connection));
a85faa
a85faa 
-		secret = nm_secret_agent_simple_secret_new (_("Network name"),
a85faa 
-		                                            NM_SETTING (s_con),
a85faa 
-		                                            NM_SETTING_CONNECTION_ID,
a85faa 
-		                                            NULL,
a85faa 
-		                                            NULL,
a85faa 
-		                                            FALSE);
a85faa 
-		g_ptr_array_add (secrets, secret);
a85faa 
 		ok = add_8021x_secrets (request, secrets);
a85faa 
 	} else if (nm_connection_is_type (request->connection, NM_SETTING_PPPOE_SETTING_NAME)) {
a85faa 
 		title = _("DSL authentication");
a85faa 
-		msg = NULL;
a85faa 
+		msg = g_strdup_printf (_("Secrets are required for the DSL connection '%s'"),
a85faa 
+		                       nm_connection_get_id (request->connection));
a85faa
a85faa 
 		ok = add_pppoe_secrets (request, secrets);
a85faa 
 	} else if (nm_connection_is_type (request->connection, NM_SETTING_GSM_SETTING_NAME)) {
a85faa 
--
a85faa 
2.7.4
a85faa
a85faa 
From 80a78aceabea1db90fc036bea0c7d51f24e76d49 Mon Sep 17 00:00:00 2001
a85faa 
From: Beniamino Galvani <bgalvani@redhat.com>
a85faa 
Date: Tue, 13 Sep 2016 14:35:55 +0200
a85faa 
Subject: [PATCH 4/5] clients: handle secret requests only for current
a85faa 
 connection
a85faa
a85faa 
The path was checked only when serving the enqueued requests but not
a85faa 
for new ones. Fix this by moving the check to
a85faa 
request_secrets_from_ui().
a85faa
a85faa 
Fixes: 991df804086c4a1cee393d6d7182fa40cbba5dd7
a85faa
a85faa 
https://bugzilla.redhat.com/show_bug.cgi?id=1351272
a85faa 
(cherry picked from commit f3099db28e193a4c3736a651af2d10102cc39853)
a85faa 
(cherry picked from commit 9b443db4519a04fd7f7b2ff8c286395d7b2457da)
a85faa 
---
a85faa 
 clients/common/nm-secret-agent-simple.c | 34 ++++++++++++++++++---------------
a85faa 
 1 file changed, 19 insertions(+), 15 deletions(-)
a85faa
a85faa 
diff --git a/clients/common/nm-secret-agent-simple.c b/clients/common/nm-secret-agent-simple.c
a85faa 
index cf4abf9..0c90eba 100644
a85faa 
--- a/clients/common/nm-secret-agent-simple.c
a85faa 
+++ b/clients/common/nm-secret-agent-simple.c
a85faa 
@@ -428,11 +428,28 @@ static void
a85faa 
 request_secrets_from_ui (NMSecretAgentSimpleRequest *request)
a85faa 
 {
a85faa 
 	GPtrArray *secrets;
a85faa 
+	NMSecretAgentSimplePrivate *priv;
a85faa 
 	NMSecretAgentSimpleSecret *secret;
a85faa 
 	const char *title;
a85faa 
 	char *msg;
a85faa 
 	gboolean ok = TRUE;
a85faa
a85faa 
+	priv = NM_SECRET_AGENT_SIMPLE_GET_PRIVATE (request->self);
a85faa 
+	g_return_if_fail (priv->enabled);
a85faa 
+
a85faa 
+	/* We only handle requests for connection with @path if set. */
a85faa 
+	if (!g_str_has_prefix (request->request_id, priv->path)) {
a85faa 
+		gs_free_error GError *error = NULL;
a85faa 
+
a85faa 
+		error = g_error_new (NM_SECRET_AGENT_ERROR, NM_SECRET_AGENT_ERROR_FAILED,
a85faa 
+		                     "Request for %s secrets doesn't match path %s",
a85faa 
+		                     request->request_id, priv->path);
a85faa 
+		request->callback (NM_SECRET_AGENT_OLD (request->self), request->connection,
a85faa 
+		                   NULL, error, request->callback_data);
a85faa 
+		g_hash_table_remove (priv->requests, request->request_id);
a85faa 
+		return;
a85faa 
+	}
a85faa 
+
a85faa 
 	secrets = g_ptr_array_new_with_free_func ((GDestroyNotify) nm_secret_agent_simple_secret_free);
a85faa
a85faa 
 	if (nm_connection_is_type (request->connection, NM_SETTING_WIRELESS_SETTING_NAME)) {
a85faa 
@@ -734,7 +751,6 @@ nm_secret_agent_simple_enable (NMSecretAgentSimple *self, const char *path)
a85faa 
 {
a85faa 
 	NMSecretAgentSimplePrivate *priv = NM_SECRET_AGENT_SIMPLE_GET_PRIVATE (self);
a85faa 
 	GList *requests, *iter;
a85faa 
-	GError *error;
a85faa
a85faa 
 	if (g_strcmp0 (path, priv->path) != 0) {
a85faa 
 		g_free (priv->path);
a85faa 
@@ -747,21 +763,9 @@ nm_secret_agent_simple_enable (NMSecretAgentSimple *self, const char *path)
a85faa
a85faa 
 	/* Service pending secret requests. */
a85faa 
 	requests = g_hash_table_get_values (priv->requests);
a85faa 
-	for (iter = requests; iter; iter = g_list_next (iter)) {
a85faa 
-		NMSecretAgentSimpleRequest *request = iter->data;
a85faa 
+	for (iter = requests; iter; iter = g_list_next (iter))
a85faa 
+		request_secrets_from_ui (iter->data);
a85faa
a85faa 
-		if (g_str_has_prefix (request->request_id, priv->path)) {
a85faa 
-			request_secrets_from_ui (request);
a85faa 
-		} else {
a85faa 
-			/* We only handle requests for connection with @path if set. */
a85faa 
-			error = g_error_new (NM_SECRET_AGENT_ERROR, NM_SECRET_AGENT_ERROR_FAILED,
a85faa 
-			                     "Request for %s secrets doesn't match path %s",
a85faa 
-			                     request->request_id, priv->path);
a85faa 
-			request->callback (NM_SECRET_AGENT_OLD (self), request->connection, NULL, error, request->callback_data);
a85faa 
-			g_hash_table_remove (priv->requests, request->request_id);
a85faa 
-			g_error_free (error);
a85faa 
-		}
a85faa 
-	}
a85faa 
 	g_list_free (requests);
a85faa 
 }
a85faa
a85faa 
--
a85faa 
2.7.4
a85faa
a85faa 
From 2d098e3b174122e495586b53469ab07a18ebfd8b Mon Sep 17 00:00:00 2001
a85faa 
From: Beniamino Galvani <bgalvani@redhat.com>
a85faa 
Date: Tue, 13 Sep 2016 14:54:08 +0200
a85faa 
Subject: [PATCH 5/5] clients: fix matching of connection path
a85faa
a85faa 
Since we use g_str_has_prefix() to match a request_id with the
a85faa 
connection path, there can be wrong matches. For example:
a85faa
a85faa 
 request_id: /org/freedesktop/NetworkManager/Settings/10/802-1x
a85faa 
 connection: /org/freedesktop/NetworkManager/Settings/1
a85faa
a85faa 
would match. Add a trailing slash to the connection path stored in the
a85faa 
agent to prevent this.
a85faa
a85faa 
(cherry picked from commit f666efed0de21343ad8b847bf2c7def0b3e2625b)
a85faa 
(cherry picked from commit b7b3f54f9861d46135559945c0f9e8e47efcb181)
a85faa 
---
a85faa 
 clients/common/nm-secret-agent-simple.c | 12 ++++++++++--
a85faa 
 1 file changed, 10 insertions(+), 2 deletions(-)
a85faa
a85faa 
diff --git a/clients/common/nm-secret-agent-simple.c b/clients/common/nm-secret-agent-simple.c
a85faa 
index 0c90eba..550fefa 100644
a85faa 
--- a/clients/common/nm-secret-agent-simple.c
a85faa 
+++ b/clients/common/nm-secret-agent-simple.c
a85faa 
@@ -751,10 +751,18 @@ nm_secret_agent_simple_enable (NMSecretAgentSimple *self, const char *path)
a85faa 
 {
a85faa 
 	NMSecretAgentSimplePrivate *priv = NM_SECRET_AGENT_SIMPLE_GET_PRIVATE (self);
a85faa 
 	GList *requests, *iter;
a85faa 
+	gs_free char *path_full = NULL;
a85faa
a85faa 
-	if (g_strcmp0 (path, priv->path) != 0) {
a85faa 
+	/* The path is only used to match a request_id with the current
a85faa 
+	 * connection. Since the request_id is "${CONNECTION_PATH}/${SETTING}",
a85faa 
+	 * add a trailing '/' to the path to match the full connection path.
a85faa 
+	 */
a85faa 
+	path_full = path ? g_strdup_printf ("%s/", path) : NULL;
a85faa 
+
a85faa 
+	if (g_strcmp0 (path_full, priv->path) != 0) {
a85faa 
 		g_free (priv->path);
a85faa 
-		priv->path = g_strdup (path);
a85faa 
+		priv->path = path_full;
a85faa 
+		path_full = NULL;
a85faa 
 	}
a85faa
a85faa 
 	if (priv->enabled)
a85faa 
--
a85faa 
2.7.4
a85faa
a85faa 
From cd404115a16314379d88135820891711cca5b2b3 Mon Sep 17 00:00:00 2001
a85faa 
From: Beniamino Galvani <bgalvani@redhat.com>
a85faa 
Date: Thu, 15 Sep 2016 09:40:03 +0200
a85faa 
Subject: [PATCH] clients: fix check on secret request path
a85faa
a85faa 
priv->path is NULL when the agent handles all requests (for example
a85faa 
when executing "nmcli agent").
a85faa
a85faa 
Fixes: f3099db28e193a4c3736a651af2d10102cc39853
a85faa 
(cherry picked from commit 2a391348b6906a728d68ef5758b6bf102318986a)
a85faa 
(cherry picked from commit 5dfb3ec72c57e5d1c7dabb03bf8da03053973356)
a85faa 
---
a85faa 
 clients/common/nm-secret-agent-simple.c | 2 +-
a85faa 
 1 file changed, 1 insertion(+), 1 deletion(-)
a85faa
a85faa 
diff --git a/clients/common/nm-secret-agent-simple.c b/clients/common/nm-secret-agent-simple.c
a85faa 
index 550fefa..4e59f48 100644
a85faa 
--- a/clients/common/nm-secret-agent-simple.c
a85faa 
+++ b/clients/common/nm-secret-agent-simple.c
a85faa 
@@ -438,7 +438,7 @@ request_secrets_from_ui (NMSecretAgentSimpleRequest *request)
a85faa 
 	g_return_if_fail (priv->enabled);
a85faa
a85faa 
 	/* We only handle requests for connection with @path if set. */
a85faa 
-	if (!g_str_has_prefix (request->request_id, priv->path)) {
a85faa 
+	if (priv->path && !g_str_has_prefix (request->request_id, priv->path)) {
a85faa 
 		gs_free_error GError *error = NULL;
a85faa
a85faa 
 		error = g_error_new (NM_SECRET_AGENT_ERROR, NM_SECRET_AGENT_ERROR_FAILED,
a85faa 
--
a85faa 
2.7.4
a85faa

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation