agent-manager: let nm_settings_connection_check_permission() check all secret-agents searching for permission

nm_agent_manager_get_agent_by_user() would only return the first
matching secret agent for the user. This way, we might miss an agent
that has permissions.

Instead, add nm_agent_manager_has_agent_with_permission() and search
all agents.

3 files changed, 24 insertions, 26 deletions

diff --git a/src/settings/nm-agent-manager.c b/src/settings/nm-agent-manager.c
index c5a0d9dea1..7c45bc8f79 100644
--- a/src/settings/nm-agent-manager.c
+++ b/src/settings/nm-agent-manager.c
@@ -226,21 +226,6 @@ _agent_find_by_identifier_and_uid (NMAgentManagerPrivate *priv,
 	return NULL;
 }
 
-static NMSecretAgent *
-_agent_find_by_username (NMAgentManagerPrivate *priv,
-                         const char *username)
-{
-	NMSecretAgent *agent;
-
-	nm_assert (username);
-
-	c_list_for_each_entry (agent, &priv->agent_lst_head, agent_lst) {
-		if (nm_streq0 (nm_secret_agent_get_owner_username (agent), username))
-			return agent;
-	}
-	return NULL;
-}
-
 /*****************************************************************************/
 
 static void
@@ -1402,13 +1387,28 @@ nm_agent_manager_delete_secrets (NMAgentManager *self,
 
 /*****************************************************************************/
 
-NMSecretAgent *
-nm_agent_manager_get_agent_by_user (NMAgentManager *self, const char *username)
+gboolean
+nm_agent_manager_has_agent_with_permission (NMAgentManager *self,
+                                            const char *username,
+                                            const char *permission)
 {
-	g_return_val_if_fail (NM_IS_AGENT_MANAGER (self), NULL);
-	g_return_val_if_fail (username, NULL);
+	NMAgentManagerPrivate *priv;
+	NMSecretAgent *agent;
+
+	g_return_val_if_fail (NM_IS_AGENT_MANAGER (self), FALSE);
+	g_return_val_if_fail (username, FALSE);
+	g_return_val_if_fail (permission, FALSE);
+
+	priv = NM_AGENT_MANAGER_GET_PRIVATE (self);
 
-	return _agent_find_by_username (NM_AGENT_MANAGER_GET_PRIVATE (self), username);
+	c_list_for_each_entry (agent, &priv->agent_lst_head, agent_lst) {
+		if (!nm_streq0 (nm_secret_agent_get_owner_username (agent), username))
+			continue;
+		if (nm_secret_agent_has_permission (agent, permission))
+			return TRUE;
+	}
+
+	return FALSE;
 }
 
 /*****************************************************************************/
diff --git a/src/settings/nm-agent-manager.h b/src/settings/nm-agent-manager.h
index 5200d241ca..bf2dcb6ccf 100644
--- a/src/settings/nm-agent-manager.h
+++ b/src/settings/nm-agent-manager.h
@@ -65,8 +65,9 @@ void nm_agent_manager_delete_secrets (NMAgentManager *manager,
                                       const char *path,
                                       NMConnection *connection);
 
-NMSecretAgent *nm_agent_manager_get_agent_by_user (NMAgentManager *manager,
-                                                   const char *username);
+gboolean nm_agent_manager_has_agent_with_permission (NMAgentManager *self,
+                                                     const char *username,
+                                                     const char *permission);
 
 gboolean nm_agent_manager_all_agents_have_capability (NMAgentManager *manager,
                                                       NMAuthSubject *subject,
diff --git a/src/settings/nm-settings-connection.c b/src/settings/nm-settings-connection.c
index 3368359980..fd701ecde4 100644
--- a/src/settings/nm-settings-connection.c
+++ b/src/settings/nm-settings-connection.c
@@ -409,10 +409,7 @@ nm_settings_connection_check_permission (NMSettingsConnection *self,
 		 * either.
 		 */
 		if (nm_setting_connection_get_permission (s_con, i, NULL, &puser, NULL)) {
-			NMSecretAgent *agent = nm_agent_manager_get_agent_by_user (priv->agent_mgr, puser);
-
-			if (   agent
-			    && nm_secret_agent_has_permission (agent, permission))
+			if (nm_agent_manager_has_agent_with_permission (priv->agent_mgr, puser, permission))
 				return TRUE;
 		}
 	}