diff options
author | Beniamino Galvani <bgalvani@redhat.com> | 2017-08-02 11:36:37 +0200 |
---|---|---|
committer | Beniamino Galvani <bgalvani@redhat.com> | 2017-08-02 11:39:12 +0200 |
commit | c3f4a9f997c7c1ef13fff0c6811686ca96b4645b (patch) | |
tree | a56cb572dfe0ff726195f4c9254e716a16bdc3a8 | |
parent | 3bd5a83eff69a261cf34f17424b3152ea11130d0 (diff) | |
download | NetworkManager-bg/openvpn-challenge-v1.tar.gz |
all: support challenge secrets for VPNsbg/openvpn-challenge-v1
VPN secrets with name having prefix 'x-vpn-challenge' are considered
as temporary secrets and never stored.
-rw-r--r-- | clients/common/nm-secret-agent-simple.c | 3 | ||||
-rw-r--r-- | libnm-core/nm-setting-vpn.c | 5 | ||||
-rw-r--r-- | src/settings/nm-settings-connection.c | 5 |
3 files changed, 11 insertions, 2 deletions
diff --git a/clients/common/nm-secret-agent-simple.c b/clients/common/nm-secret-agent-simple.c index 0faf68a567..ae3c5ef944 100644 --- a/clients/common/nm-secret-agent-simple.c +++ b/clients/common/nm-secret-agent-simple.c @@ -379,7 +379,8 @@ add_vpn_secret_helper (GPtrArray *secrets, NMSettingVpn *s_vpn, const char *name flags = get_vpn_secret_flags (s_vpn, name); if ( flags & NM_SETTING_SECRET_FLAG_AGENT_OWNED - || flags & NM_SETTING_SECRET_FLAG_NOT_SAVED) { + || flags & NM_SETTING_SECRET_FLAG_NOT_SAVED + || g_str_has_prefix (name, "x-vpn-challenge")) { secret = nm_secret_agent_simple_secret_new (ui_name, NM_SETTING (s_vpn), NM_SETTING_VPN_SECRETS, diff --git a/libnm-core/nm-setting-vpn.c b/libnm-core/nm-setting-vpn.c index 6b42e0c7a6..405808146a 100644 --- a/libnm-core/nm-setting-vpn.c +++ b/libnm-core/nm-setting-vpn.c @@ -571,6 +571,11 @@ get_secret_flags (NMSetting *setting, unsigned long tmp; NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; + if (g_str_has_prefix (secret_name, "x-vpn-challenge")) { + NM_SET_OUT (out_flags, NM_SETTING_SECRET_FLAG_NOT_SAVED); + return TRUE; + } + flags_key = g_strdup_printf ("%s-flags", secret_name); if (g_hash_table_lookup_extended (priv->data, flags_key, NULL, &val)) { errno = 0; diff --git a/src/settings/nm-settings-connection.c b/src/settings/nm-settings-connection.c index 3f9a2d523f..eb69668b82 100644 --- a/src/settings/nm-settings-connection.c +++ b/src/settings/nm-settings-connection.c @@ -1085,13 +1085,16 @@ get_secrets_done_cb (NMAgentManager *manager, nm_connection_clear_secrets (NM_CONNECTION (self)); if (!dict || nm_connection_update_secrets (NM_CONNECTION (self), setting_name, dict, &local)) { GVariant *filtered_secrets; + ForEachSecretFlags tmp_flags = cmp_flags; + + tmp_flags.forbidden |= NM_SETTING_SECRET_FLAG_NOT_SAVED; /* Update the connection with the agent's secrets; by this point if any * system-owned secrets exist in 'secrets' the agent that provided them * will have been authenticated, so those secrets can replace the existing * system secrets. */ - filtered_secrets = for_each_secret (NM_CONNECTION (self), secrets, TRUE, validate_secret_flags, &cmp_flags); + filtered_secrets = for_each_secret (NM_CONNECTION (self), secrets, TRUE, validate_secret_flags, &tmp_flags); if (nm_connection_update_secrets (NM_CONNECTION (self), setting_name, filtered_secrets, &local)) { /* Now that all secrets are updated, copy and cache new secrets, * then save them to backing storage. |