cli: only handle secret requests for connection being explicitly activatedjk/nmcli-ask-pwd-fix

When a connection is being activated, nmcli could ask for secrets for another
connection, which might confuse users. We check the request now and only ask
for secrets of connection being activated.

Test case:
$ nmcli con up my-ethernet0
Passwords or encryption keys are required to access the wireless network 'Red Hat'.
Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.

1 files changed, 44 insertions, 3 deletions

diff --git a/clients/cli/connections.c b/clients/cli/connections.c
index 5327634926..8ac25a6fb6 100644
--- a/clients/cli/connections.c
+++ b/clients/cli/connections.c
@@ -1873,7 +1873,13 @@ progress_vpn_cb (gpointer user_data)
 
 typedef struct {
 	NmCli *nmc;
+	NMConnection *connection;
+} RequestSecretsData;
+
+typedef struct {
+	NmCli *nmc;
 	NMDevice *device;
+	RequestSecretsData *secrets_data;
 } ActivateConnectionInfo;
 
 static void
@@ -1940,6 +1946,8 @@ activate_connection_cb (GObject *client, GAsyncResult *result, gpointer user_dat
 			g_timeout_add_seconds (nmc->timeout, timeout_cb, nmc);
 		}
 	}
+	if (info->secrets_data)
+		g_slice_free (RequestSecretsData, info->secrets_data);
 	g_free (info);
 }
 
@@ -2070,6 +2078,24 @@ get_secrets_from_user (const char *request_id,
 	return TRUE;
 }
 
+static gboolean
+is_request_for_this_connection (const char *request_id, NMConnection *connection)
+{
+	const char *path;
+	size_t len;
+
+	g_return_val_if_fail (request_id, FALSE);
+	g_return_val_if_fail (NM_IS_CONNECTION (connection), FALSE);
+
+	path = nm_object_get_path (NM_OBJECT (connection));
+	len = path ? strlen (path) : 0;
+
+	if (g_str_has_prefix (request_id, path) && request_id[len] == '/')
+		return TRUE;
+
+	return FALSE;
+}
+
 static void
 secrets_requested (NMSecretAgentSimple *agent,
                    const char          *request_id,
@@ -2078,9 +2104,17 @@ secrets_requested (NMSecretAgentSimple *agent,
                    GPtrArray           *secrets,
                    gpointer             user_data)
 {
-	NmCli *nmc = (NmCli *) user_data;
+	RequestSecretsData *secrets_data = (RequestSecretsData *) user_data;
+	NmCli *nmc = secrets_data->nmc;
+	NMConnection *connection = secrets_data->connection;
 	gboolean success = FALSE;
 
+	/* Only handle secret request for this connection. */
+	if (!is_request_for_this_connection (request_id, connection)) {
+		nm_secret_agent_simple_response (agent, request_id, NULL);
+		return;
+	}
+
 	if (nmc->print_output == NMC_PRINT_PRETTY)
 		nmc_terminal_erase_line ();
 
@@ -2109,6 +2143,8 @@ nmc_activate_connection (NmCli *nmc,
                          GError **error)
 {
 	ActivateConnectionInfo *info;
+	RequestSecretsData *secrets_data = NULL;
+
 	GHashTable *pwds_hash;
 	NMDevice *device = NULL;
 	const char *spec_object = NULL;
@@ -2154,12 +2190,17 @@ nmc_activate_connection (NmCli *nmc,
 
 	/* Create secret agent */
 	nmc->secret_agent = nm_secret_agent_simple_new ("nmcli-connect");
-	if (nmc->secret_agent)
-		g_signal_connect (nmc->secret_agent, "request-secrets", G_CALLBACK (secrets_requested), nmc);
+	if (nmc->secret_agent) {
+		secrets_data = g_slice_new (RequestSecretsData);
+		secrets_data->nmc = nmc;
+		secrets_data->connection = connection;
+		g_signal_connect (nmc->secret_agent, "request-secrets", G_CALLBACK (secrets_requested), secrets_data);
+	}
 
 	info = g_malloc0 (sizeof (ActivateConnectionInfo));
 	info->nmc = nmc;
 	info->device = device;
+	info->secrets_data = secrets_data;
 
 	nm_client_activate_connection_async (nmc->client,
 	                                     connection,