diff options
| author | Lubomir Rintel <lkundrak@v3.sk> | 2017-01-17 19:52:35 +0100 |
|---|---|---|
| committer | Lubomir Rintel <lkundrak@v3.sk> | 2017-01-18 10:35:09 +0100 |
| commit | 040be47155cee05251b737b000613c4d2493d1a2 (patch) | |
| tree | 27c8e42ded46058798f55c200c57f0d9358b1722 | |
| parent | 140eeeafa8b363c0be15087d03ca661e459d10a0 (diff) | |
| download | NetworkManager-lr/secrets.tar.gz | |
WIP: reset the connection secrets iff they are present on D-Buslr/secrets
| -rw-r--r-- | libnm-core/nm-connection.c | 7 | ||||
| -rw-r--r-- | libnm-core/nm-core-internal.h | 2 | ||||
| -rw-r--r-- | libnm-core/nm-setting-private.h | 1 | ||||
| -rw-r--r-- | libnm-core/nm-setting.c | 10 | ||||
| -rw-r--r-- | libnm-core/nm-simple-connection.c | 7 | ||||
| -rw-r--r-- | libnm-core/tests/test-general.c | 43 | ||||
| -rw-r--r-- | libnm/nm-device.c | 4 | ||||
| -rw-r--r-- | libnm/nm-remote-connection.c | 1 | ||||
| -rw-r--r-- | libnm/nm-secret-agent-old.c | 2 | ||||
| -rw-r--r-- | libnm/nm-vpn-plugin-old.c | 6 | ||||
| -rw-r--r-- | libnm/nm-vpn-service-plugin.c | 6 | ||||
| -rw-r--r-- | src/devices/nm-device.c | 1 | ||||
| -rw-r--r-- | src/nm-manager.c | 2 | ||||
| -rw-r--r-- | src/settings/nm-settings-connection.c | 50 | ||||
| -rw-r--r-- | src/settings/nm-settings.c | 1 |
15 files changed, 82 insertions, 61 deletions
diff --git a/libnm-core/nm-connection.c b/libnm-core/nm-connection.c index 40322427b4..ba740ae748 100644 --- a/libnm-core/nm-connection.c +++ b/libnm-core/nm-connection.c @@ -238,6 +238,7 @@ validate_permissions_type (GVariant *variant, GError **error) * @connection: a #NMConnection * @new_settings: a #GVariant of type %NM_VARIANT_TYPE_CONNECTION, with the new settings * @parse_flags: flags. + * @has_secrets: XXX * @error: location to store error, or %NULL * * Replaces @connection's settings with @new_settings (which must be @@ -254,6 +255,7 @@ gboolean _nm_connection_replace_settings (NMConnection *connection, GVariant *new_settings, NMSettingParseFlags parse_flags, + gboolean *has_secrets, GError **error) { NMConnectionPrivate *priv; @@ -316,7 +318,8 @@ _nm_connection_replace_settings (NMConnection *connection, } } - setting = _nm_setting_new_from_dbus (type, setting_dict, new_settings, parse_flags, &local); + setting = _nm_setting_new_from_dbus (type, setting_dict, new_settings, + parse_flags, has_secrets, &local); if (!setting) { if (NM_FLAGS_HAS (parse_flags, NM_SETTING_PARSE_FLAGS_BEST_EFFORT)) @@ -378,7 +381,7 @@ nm_connection_replace_settings (NMConnection *connection, GVariant *new_settings, GError **error) { - return _nm_connection_replace_settings (connection, new_settings, NM_SETTING_PARSE_FLAGS_NONE, error); + return _nm_connection_replace_settings (connection, new_settings, NM_SETTING_PARSE_FLAGS_NONE, NULL, error); } /** diff --git a/libnm-core/nm-core-internal.h b/libnm-core/nm-core-internal.h index 74f45100b1..69791d1414 100644 --- a/libnm-core/nm-core-internal.h +++ b/libnm-core/nm-core-internal.h @@ -115,10 +115,12 @@ typedef enum { /*< skip >*/ gboolean _nm_connection_replace_settings (NMConnection *connection, GVariant *new_settings, NMSettingParseFlags parse_flags, + gboolean *has_secrets, GError **error); NMConnection *_nm_simple_connection_new_from_dbus (GVariant *dict, NMSettingParseFlags parse_flags, + gboolean *has_secrets, GError **error); guint32 _nm_setting_get_setting_priority (NMSetting *setting); diff --git a/libnm-core/nm-setting-private.h b/libnm-core/nm-setting-private.h index 8d09e3d759..2200af4180 100644 --- a/libnm-core/nm-setting-private.h +++ b/libnm-core/nm-setting-private.h @@ -126,6 +126,7 @@ NMSetting *_nm_setting_new_from_dbus (GType setting_type, GVariant *setting_dict, GVariant *connection_dict, NMSettingParseFlags parse_flags, + gboolean *has_secrets, GError **error); typedef GVariant * (*NMSettingPropertyGetFunc) (NMSetting *setting, diff --git a/libnm-core/nm-setting.c b/libnm-core/nm-setting.c index 82467c9c6a..866b92e3cc 100644 --- a/libnm-core/nm-setting.c +++ b/libnm-core/nm-setting.c @@ -775,6 +775,7 @@ _nm_setting_to_dbus (NMSetting *setting, NMConnection *connection, NMConnectionS * @connection_dict: the #GVariant containing an %NM_VARIANT_TYPE_CONNECTION * dictionary mapping setting names to dictionaries. * @parse_flags: flags to determine behavior during parsing. + * @has_secrets: XXX * @error: location to store error, or %NULL * * Creates a new #NMSetting object and populates that object with the properties @@ -792,6 +793,7 @@ _nm_setting_new_from_dbus (GType setting_type, GVariant *setting_dict, GVariant *connection_dict, NMSettingParseFlags parse_flags, + gboolean *has_secrets, GError **error) { gs_unref_object NMSetting *setting = NULL; @@ -852,8 +854,12 @@ _nm_setting_new_from_dbus (GType setting_type, value = g_variant_lookup_value (setting_dict, property->name, NULL); - if (value && keys) - g_hash_table_remove (keys, property->name); + if (value) { + if (keys) + g_hash_table_remove (keys, property->name); + if (has_secrets && property->param_spec && (property->param_spec->flags & NM_SETTING_PARAM_SECRET)) + *has_secrets = TRUE; + } if (value && property->set_func) { diff --git a/libnm-core/nm-simple-connection.c b/libnm-core/nm-simple-connection.c index 11700666f5..2cc58454b1 100644 --- a/libnm-core/nm-simple-connection.c +++ b/libnm-core/nm-simple-connection.c @@ -53,6 +53,7 @@ nm_simple_connection_new (void) /** * _nm_simple_connection_new_from_dbus: * @dict: a #GVariant of type %NM_VARIANT_TYPE_CONNECTION describing the connection + * @has_secrets: XXX * @error: on unsuccessful return, an error * * Creates a new #NMSimpleConnection from a hash table describing the @@ -64,7 +65,8 @@ nm_simple_connection_new (void) * an error. **/ NMConnection * -_nm_simple_connection_new_from_dbus (GVariant *dict, NMSettingParseFlags parse_flags, GError **error) +_nm_simple_connection_new_from_dbus (GVariant *dict, NMSettingParseFlags parse_flags, + gboolean *has_secrets, GError **error) { NMConnection *connection; @@ -74,7 +76,7 @@ _nm_simple_connection_new_from_dbus (GVariant *dict, NMSettingParseFlags parse_f g_return_val_if_fail (!NM_FLAGS_ALL (parse_flags, NM_SETTING_PARSE_FLAGS_STRICT | NM_SETTING_PARSE_FLAGS_BEST_EFFORT), NULL); connection = nm_simple_connection_new (); - if (!_nm_connection_replace_settings (connection, dict, parse_flags, error)) + if (!_nm_connection_replace_settings (connection, dict, parse_flags, has_secrets, error)) g_clear_object (&connection); return connection; } @@ -97,6 +99,7 @@ nm_simple_connection_new_from_dbus (GVariant *dict, GError **error) { return _nm_simple_connection_new_from_dbus (dict, NM_SETTING_PARSE_FLAGS_NORMALIZE, + NULL, error); } diff --git a/libnm-core/tests/test-general.c b/libnm-core/tests/test-general.c index 1cb8d7af99..e8eb50ee82 100644 --- a/libnm-core/tests/test-general.c +++ b/libnm-core/tests/test-general.c @@ -77,7 +77,7 @@ G_STATIC_ASSERT (sizeof (bool) <= sizeof (int)); static NMConnection * _connection_new_from_dbus (GVariant *dict, GError **error) { - return _nm_simple_connection_new_from_dbus (dict, NM_SETTING_PARSE_FLAGS_NORMALIZE, error); + return _nm_simple_connection_new_from_dbus (dict, NM_SETTING_PARSE_FLAGS_NORMALIZE, NULL, error); } static void @@ -1026,15 +1026,18 @@ test_setting_new_from_dbus (void) { NMSettingWirelessSecurity *s_wsec; GVariant *dict; + gboolean has_secrets; s_wsec = make_test_wsec_setting ("setting-new-from-dbus"); dict = _nm_setting_to_dbus (NM_SETTING (s_wsec), NULL, NM_CONNECTION_SERIALIZE_ALL); g_object_unref (s_wsec); - s_wsec = (NMSettingWirelessSecurity *) _nm_setting_new_from_dbus (NM_TYPE_SETTING_WIRELESS_SECURITY, dict, NULL, NM_SETTING_PARSE_FLAGS_NONE, NULL); + s_wsec = (NMSettingWirelessSecurity *) _nm_setting_new_from_dbus (NM_TYPE_SETTING_WIRELESS_SECURITY, dict, NULL, + NM_SETTING_PARSE_FLAGS_NONE, &has_secrets, NULL); g_variant_unref (dict); g_assert (s_wsec); + g_assert (has_secrets); g_assert_cmpstr (nm_setting_wireless_security_get_key_mgmt (s_wsec), ==, "wpa-psk"); g_assert_cmpstr (nm_setting_wireless_security_get_leap_username (s_wsec), ==, "foobarbaz"); g_assert_cmpstr (nm_setting_wireless_security_get_psk (s_wsec), ==, "random psk"); @@ -1042,6 +1045,30 @@ test_setting_new_from_dbus (void) } static void +test_setting_new_from_dbus_no_secrets (void) +{ + NMSettingWirelessSecurity *s_wsec; + GVariant *dict; + gboolean has_secrets; + + s_wsec = make_test_wsec_setting ("setting-new-from-dbus"); + dict = _nm_setting_to_dbus (NM_SETTING (s_wsec), NULL, NM_CONNECTION_SERIALIZE_NO_SECRETS); + g_object_unref (s_wsec); + + s_wsec = (NMSettingWirelessSecurity *) _nm_setting_new_from_dbus (NM_TYPE_SETTING_WIRELESS_SECURITY, dict, NULL, + NM_SETTING_PARSE_FLAGS_NONE, &has_secrets, NULL); + g_variant_unref (dict); + + g_assert (s_wsec); + g_assert (!has_secrets); + g_assert_cmpstr (nm_setting_wireless_security_get_key_mgmt (s_wsec), ==, "wpa-psk"); + g_assert_cmpstr (nm_setting_wireless_security_get_leap_username (s_wsec), ==, "foobarbaz"); + g_assert_cmpstr (nm_setting_wireless_security_get_psk (s_wsec), ==, NULL); + g_object_unref (s_wsec); +} + + +static void test_setting_new_from_dbus_transform (void) { NMSetting *s_wired; @@ -1060,7 +1087,7 @@ test_setting_new_from_dbus_transform (void) dbus_mac_address, ETH_ALEN, 1)); dict = g_variant_builder_end (&builder); - s_wired = _nm_setting_new_from_dbus (NM_TYPE_SETTING_WIRED, dict, NULL, NM_SETTING_PARSE_FLAGS_NONE, &error); + s_wired = _nm_setting_new_from_dbus (NM_TYPE_SETTING_WIRED, dict, NULL, NM_SETTING_PARSE_FLAGS_NONE, NULL, &error); g_assert_no_error (error); g_assert_cmpstr (nm_setting_wired_get_mac_address (NM_SETTING_WIRED (s_wired)), ==, test_mac_address); @@ -1086,7 +1113,8 @@ test_setting_new_from_dbus_enum (void) g_variant_new_int32 (NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_TEMP_ADDR)); dict = g_variant_builder_end (&builder); - s_ip6 = (NMSettingIP6Config *) _nm_setting_new_from_dbus (NM_TYPE_SETTING_IP6_CONFIG, dict, NULL, NM_SETTING_PARSE_FLAGS_NONE, &error); + s_ip6 = (NMSettingIP6Config *) _nm_setting_new_from_dbus (NM_TYPE_SETTING_IP6_CONFIG, dict, NULL, + NM_SETTING_PARSE_FLAGS_NONE, NULL, &error); g_assert_no_error (error); g_assert_cmpint (nm_setting_ip6_config_get_ip6_privacy (s_ip6), ==, NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_TEMP_ADDR); @@ -1105,7 +1133,8 @@ test_setting_new_from_dbus_enum (void) NM_SETTING_SECRET_FLAG_NOT_SAVED)); dict = g_variant_builder_end (&builder); - s_wsec = (NMSettingWirelessSecurity *) _nm_setting_new_from_dbus (NM_TYPE_SETTING_WIRELESS_SECURITY, dict, NULL, NM_SETTING_PARSE_FLAGS_NONE, &error); + s_wsec = (NMSettingWirelessSecurity *) _nm_setting_new_from_dbus (NM_TYPE_SETTING_WIRELESS_SECURITY, dict, NULL, + NM_SETTING_PARSE_FLAGS_NONE, NULL, &error); g_assert_no_error (error); g_assert_cmpint (nm_setting_wireless_security_get_wep_key_type (s_wsec), ==, NM_WEP_KEY_TYPE_KEY); @@ -1122,7 +1151,8 @@ test_setting_new_from_dbus_enum (void) g_variant_new_byte ('E')); dict = g_variant_builder_end (&builder); - s_serial = (NMSettingSerial *) _nm_setting_new_from_dbus (NM_TYPE_SETTING_SERIAL, dict, NULL, NM_SETTING_PARSE_FLAGS_NONE, &error); + s_serial = (NMSettingSerial *) _nm_setting_new_from_dbus (NM_TYPE_SETTING_SERIAL, dict, NULL, + NM_SETTING_PARSE_FLAGS_NONE, NULL, &error); g_assert_no_error (error); g_assert_cmpint (nm_setting_serial_get_parity (s_serial), ==, NM_SETTING_SERIAL_PARITY_EVEN); @@ -5491,6 +5521,7 @@ int main (int argc, char **argv) g_test_add_func ("/core/general/test_connection_to_dbus_setting_name", test_connection_to_dbus_setting_name); g_test_add_func ("/core/general/test_connection_to_dbus_deprecated_props", test_connection_to_dbus_deprecated_props); g_test_add_func ("/core/general/test_setting_new_from_dbus", test_setting_new_from_dbus); + g_test_add_func ("/core/general/test_setting_new_from_dbus_no_secrets", test_setting_new_from_dbus_no_secrets); g_test_add_func ("/core/general/test_setting_new_from_dbus_transform", test_setting_new_from_dbus_transform); g_test_add_func ("/core/general/test_setting_new_from_dbus_enum", test_setting_new_from_dbus_enum); g_test_add_func ("/core/general/test_setting_new_from_dbus_bad", test_setting_new_from_dbus_bad); diff --git a/libnm/nm-device.c b/libnm/nm-device.c index 02b5cad550..a5bdb355bc 100644 --- a/libnm/nm-device.c +++ b/libnm/nm-device.c @@ -2215,7 +2215,7 @@ nm_device_get_applied_connection (NMDevice *device, return NULL; } - connection = _nm_simple_connection_new_from_dbus (dict, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, error); + connection = _nm_simple_connection_new_from_dbus (dict, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, NULL, error); if (!connection) return NULL; @@ -2257,7 +2257,7 @@ device_get_applied_connection_cb (GObject *proxy, goto out; } - connection = _nm_simple_connection_new_from_dbus (dict, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, &error); + connection = _nm_simple_connection_new_from_dbus (dict, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, NULL, &error); if (!connection) { g_simple_async_result_take_error (simple, error); goto out; diff --git a/libnm/nm-remote-connection.c b/libnm/nm-remote-connection.c index 395ba84e8a..2693df72e1 100644 --- a/libnm/nm-remote-connection.c +++ b/libnm/nm-remote-connection.c @@ -568,6 +568,7 @@ replace_settings (NMRemoteConnection *self, GVariant *new_settings) if (!_nm_connection_replace_settings ((NMConnection *) self, new_settings, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, + NULL, &error)) g_clear_error (&error); } diff --git a/libnm/nm-secret-agent-old.c b/libnm/nm-secret-agent-old.c index 76e4238d26..5ae98e1099 100644 --- a/libnm/nm-secret-agent-old.c +++ b/libnm/nm-secret-agent-old.c @@ -274,7 +274,7 @@ verify_request (NMSecretAgentOld *self, /* Make sure the given connection is valid */ g_assert (out_connection); - connection = _nm_simple_connection_new_from_dbus (connection_dict, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, &local); + connection = _nm_simple_connection_new_from_dbus (connection_dict, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, NULL, &local); if (connection) { nm_connection_set_path (connection, connection_path); *out_connection = connection; diff --git a/libnm/nm-vpn-plugin-old.c b/libnm/nm-vpn-plugin-old.c index aff23b2007..1cc44c87a8 100644 --- a/libnm/nm-vpn-plugin-old.c +++ b/libnm/nm-vpn-plugin-old.c @@ -465,7 +465,7 @@ _connect_generic (NMVpnPluginOld *plugin, return; } - connection = _nm_simple_connection_new_from_dbus (properties, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, &error); + connection = _nm_simple_connection_new_from_dbus (properties, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, NULL, &error); if (!connection) { g_dbus_method_invocation_return_error (context, NM_VPN_PLUGIN_ERROR, @@ -547,7 +547,7 @@ impl_vpn_plugin_old_need_secrets (NMVpnPluginOld *plugin, gboolean needed; GError *error = NULL; - connection = _nm_simple_connection_new_from_dbus (properties, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, &error); + connection = _nm_simple_connection_new_from_dbus (properties, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, NULL, &error); if (!connection) { g_dbus_method_invocation_return_error (context, NM_VPN_PLUGIN_ERROR, @@ -606,7 +606,7 @@ impl_vpn_plugin_old_new_secrets (NMVpnPluginOld *plugin, return; } - connection = _nm_simple_connection_new_from_dbus (properties, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, &error); + connection = _nm_simple_connection_new_from_dbus (properties, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, NULL, &error); if (!connection) { g_dbus_method_invocation_return_error (context, NM_VPN_PLUGIN_ERROR, diff --git a/libnm/nm-vpn-service-plugin.c b/libnm/nm-vpn-service-plugin.c index 91451ed0f1..16f768d56d 100644 --- a/libnm/nm-vpn-service-plugin.c +++ b/libnm/nm-vpn-service-plugin.c @@ -482,7 +482,7 @@ _connect_generic (NMVpnServicePlugin *plugin, return; } - connection = _nm_simple_connection_new_from_dbus (properties, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, &error); + connection = _nm_simple_connection_new_from_dbus (properties, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, NULL, &error); if (!connection) { g_dbus_method_invocation_return_error (context, NM_VPN_PLUGIN_ERROR, @@ -568,7 +568,7 @@ impl_vpn_service_plugin_need_secrets (NMVpnServicePlugin *plugin, gboolean needed; GError *error = NULL; - connection = _nm_simple_connection_new_from_dbus (properties, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, &error); + connection = _nm_simple_connection_new_from_dbus (properties, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, NULL, &error); if (!connection) { g_dbus_method_invocation_return_error (context, NM_VPN_PLUGIN_ERROR, @@ -627,7 +627,7 @@ impl_vpn_service_plugin_new_secrets (NMVpnServicePlugin *plugin, return; } - connection = _nm_simple_connection_new_from_dbus (properties, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, &error); + connection = _nm_simple_connection_new_from_dbus (properties, NM_SETTING_PARSE_FLAGS_BEST_EFFORT, NULL, &error); if (!connection) { g_dbus_method_invocation_return_error (context, NM_VPN_PLUGIN_ERROR, diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c index 969bf6a6a6..7c2fd450e7 100644 --- a/src/devices/nm-device.c +++ b/src/devices/nm-device.c @@ -8666,6 +8666,7 @@ impl_device_reapply (NMDevice *self, connection = _nm_simple_connection_new_from_dbus (settings, NM_SETTING_PARSE_FLAGS_STRICT | NM_SETTING_PARSE_FLAGS_NORMALIZE, + NULL, &error); if (!connection) { g_prefix_error (&error, "The settings specified are invalid: "); diff --git a/src/nm-manager.c b/src/nm-manager.c index 867e0db6d8..4a2ce6aa4a 100644 --- a/src/nm-manager.c +++ b/src/nm-manager.c @@ -3793,7 +3793,7 @@ impl_manager_add_and_activate_connection (NMManager *self, */ connection = nm_simple_connection_new (); if (settings && g_variant_n_children (settings)) - _nm_connection_replace_settings (connection, settings, NM_SETTING_PARSE_FLAGS_STRICT, NULL); + _nm_connection_replace_settings (connection, settings, NM_SETTING_PARSE_FLAGS_STRICT, NULL, NULL); subject = validate_activation_request (self, context, diff --git a/src/settings/nm-settings-connection.c b/src/settings/nm-settings-connection.c index 06ec3d420d..24f975de04 100644 --- a/src/settings/nm-settings-connection.c +++ b/src/settings/nm-settings-connection.c @@ -1542,6 +1542,7 @@ typedef struct { NMAuthSubject *subject; NMConnection *new_settings; gboolean save_to_disk; + gboolean has_secrets; char *audit_args; } UpdateInfo; @@ -1551,38 +1552,6 @@ typedef struct { } CallbackInfo; static void -has_some_secrets_cb (NMSetting *setting, - const char *key, - const GValue *value, - GParamFlags flags, - gpointer user_data) -{ - GParamSpec *pspec; - - if (NM_IS_SETTING_VPN (setting)) { - if (nm_setting_vpn_get_num_secrets (NM_SETTING_VPN(setting))) - *((gboolean *) user_data) = TRUE; - return; - } - - pspec = g_object_class_find_property (G_OBJECT_GET_CLASS (G_OBJECT (setting)), key); - if (pspec) { - if ( (flags & NM_SETTING_PARAM_SECRET) - && !g_param_value_defaults (pspec, (GValue *)value)) - *((gboolean *) user_data) = TRUE; - } -} - -static gboolean -any_secrets_present (NMConnection *self) -{ - gboolean has_secrets = FALSE; - - nm_connection_for_each_setting_value (self, has_some_secrets_cb, &has_secrets); - return has_secrets; -} - -static void cached_secrets_to_connection (NMSettingsConnection *self, NMConnection *connection) { NMSettingsConnectionPrivate *priv = NM_SETTINGS_CONNECTION_GET_PRIVATE (self); @@ -1710,18 +1679,18 @@ update_auth_cb (NMSettingsConnection *self, return; } - if (!any_secrets_present (info->new_settings)) { - /* If the new connection has no secrets, we do not want to remove all - * secrets, rather we keep all the existing ones. Do that by merging - * them in to the new connection. - */ - cached_secrets_to_connection (self, info->new_settings); - } else { + if (info->has_secrets) { /* Cache the new secrets from the agent, as stuff like inotify-triggered * changes to connection's backing config files will blow them away if * they're in the main connection. */ update_agent_secrets_cache (self, info->new_settings); + } else { + /* If the new connection has no secrets, we do not want to remove all + * secrets, rather we keep all the existing ones. Do that by merging + * them in to the new connection. + */ + cached_secrets_to_connection (self, info->new_settings); } if (nm_audit_manager_audit_enabled (nm_audit_manager_get ())) @@ -1779,6 +1748,7 @@ settings_connection_update_helper (NMSettingsConnection *self, UpdateInfo *info; const char *permission; char *error_desc = NULL; + gboolean has_secrets = FALSE; g_assert (new_settings != NULL || save_to_disk == TRUE); @@ -1794,6 +1764,7 @@ settings_connection_update_helper (NMSettingsConnection *self, tmp = _nm_simple_connection_new_from_dbus (new_settings, NM_SETTING_PARSE_FLAGS_STRICT | NM_SETTING_PARSE_FLAGS_NORMALIZE, + &has_secrets, &error); if (!tmp) goto error; @@ -1823,6 +1794,7 @@ settings_connection_update_helper (NMSettingsConnection *self, info->subject = subject; info->save_to_disk = save_to_disk; info->new_settings = tmp; + info->has_secrets = has_secrets; permission = get_update_modify_permission (NM_CONNECTION (self), tmp ? tmp : NM_CONNECTION (self)); diff --git a/src/settings/nm-settings.c b/src/settings/nm-settings.c index 6a920d5cf4..3ecfc9065f 100644 --- a/src/settings/nm-settings.c +++ b/src/settings/nm-settings.c @@ -1487,6 +1487,7 @@ impl_settings_add_connection_helper (NMSettings *self, connection = _nm_simple_connection_new_from_dbus (settings, NM_SETTING_PARSE_FLAGS_STRICT | NM_SETTING_PARSE_FLAGS_NORMALIZE, + NULL, &error); if (connection) { |