From 62d742625d369d2e329eab66934e0d522c07482a Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 11 May 2023 13:05:51 +0200
Subject: tui: cleanup secrets_requested() function to use cleanup attribute

No explicit unref/free. Resources should be owned by somebody, like an
auto variable with a cleanup attribute.
---
 src/nmtui/nmtui-connect.c | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/src/nmtui/nmtui-connect.c b/src/nmtui/nmtui-connect.c
index 75862bbd90..0dfbf6ac20 100644
--- a/src/nmtui/nmtui-connect.c
+++ b/src/nmtui/nmtui-connect.c
@@ -34,7 +34,6 @@ secrets_requested(NMSecretAgentSimple *agent,
                   GPtrArray           *secrets,
                   gpointer             user_data)
 {
-    NmtNewtForm  *form;
     NMConnection *connection = NM_CONNECTION(user_data);
     gboolean      success    = FALSE;
 
@@ -44,7 +43,7 @@ secrets_requested(NMSecretAgentSimple *agent,
 
         if (nm_streq0(nm_setting_vpn_get_service_type(s_vpn),
                       NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT)) {
-            GError *error = NULL;
+            gs_free_error GError *error = NULL;
 
             nmt_newt_message_dialog(_("openconnect will be run to authenticate.\nIt will return to "
                                       "nmtui when completed."));
@@ -55,26 +54,21 @@ secrets_requested(NMSecretAgentSimple *agent,
 
             newtResume();
 
-            if (!success) {
+            if (!success)
                 nmt_newt_message_dialog(_("Error: openconnect failed: %s"), error->message);
-                g_clear_error(&error);
-            }
         }
     }
 
     if (!success) {
+        gs_unref_object NmtNewtForm *form = NULL;
+
         form = nmt_password_dialog_new(request_id, title, msg, secrets);
         nmt_newt_form_run_sync(form);
 
         success = nmt_password_dialog_succeeded(NMT_PASSWORD_DIALOG(form));
-
-        g_object_unref(form);
     }
 
-    if (success)
-        nm_secret_agent_simple_response(agent, request_id, secrets);
-    else
-        nm_secret_agent_simple_response(agent, request_id, NULL);
+    nm_secret_agent_simple_response(agent, request_id, success ? secrets : NULL);
 }
 
 typedef struct {
-- 
cgit v1.2.1


From a8ba0ea4c7f236d6394fa5b7cb97a897b587eeb4 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 11 May 2023 12:51:58 +0200
Subject: libnmc: drop redundant defines for array lengths

- use G_N_ELEMENTS() macro instead of having separate defines. The separate
  defines mean that when we check g_return_val_if_fail(oc_argc <= OC_ARGS_MAX, FALSE)
  that we must double check that OC_ARGS_MAX is really the size of the array
  that we want to check.

- replace g_return_val_if_fail() with nm_assert(). In this case, it should be
  very clear by review that the buffer is indeed large enough and the assertion
  holds. Use nm_assert().

- use unsigned integer for the loop variables. While int theoretically
  might exploit undefined behavior of signed overflow, we should instead
  use unsigned at places where it's appropriate (for example, those
  variables are compared against G_N_ELEMENTS() which gives a size_t type.

- declare auto variables on separate lines.

- make the global variable oc_property_args static and const. The const
  means the linker will put it into read-only memory, so we would get
  a crash on accidental modification.
---
 src/libnmc-base/nm-vpn-helpers.c | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/libnmc-base/nm-vpn-helpers.c b/src/libnmc-base/nm-vpn-helpers.c
index 10e2e0e696..51e15cda4b 100644
--- a/src/libnmc-base/nm-vpn-helpers.c
+++ b/src/libnmc-base/nm-vpn-helpers.c
@@ -213,7 +213,7 @@ _extract_variable_value(char *line, const char *tag, char **value)
 #define NM_OPENCONNECT_KEY_MCAKEY               "mcakey"
 #define NM_OPENCONNECT_KEY_MCA_PASS             "mca_key_pass"
 
-struct {
+static const struct {
     const char *property;
     const char *cmdline;
 } oc_property_args[] = {
@@ -230,9 +230,6 @@ struct {
     {NM_OPENCONNECT_KEY_MCA_PASS, "--mca-key-password"},
 };
 
-#define NR_OC_STRING_PROPS (sizeof(oc_property_args) / sizeof(oc_property_args[0]))
-#define OC_ARGS_MAX        (12 + 2 * NR_OC_STRING_PROPS)
-
 /*
  * For old versions of openconnect we need to extract the port# and
  * append it to the hostname that is returned to us. Use a cut-down
@@ -296,10 +293,11 @@ nm_vpn_openconnect_authenticate_helper(NMSettingVpn *s_vpn, GPtrArray *secrets,
         "/usr/local/bin/",
         NULL,
     };
-    int         port = 0;
+    const char *oc_argv[(12 + 2 * G_N_ELEMENTS(oc_property_args))];
     const char *gw;
-    const char *oc_argv[OC_ARGS_MAX];
-    int         i, oc_argc = 0;
+    int         port;
+    guint       oc_argc = 0;
+    guint       i;
 
     /* Get gateway and port */
     gw = nm_setting_vpn_get_data_item(s_vpn, "gateway");
@@ -327,7 +325,7 @@ nm_vpn_openconnect_authenticate_helper(NMSettingVpn *s_vpn, GPtrArray *secrets,
     oc_argv[oc_argc++] = "--authenticate";
     oc_argv[oc_argc++] = gw;
 
-    for (i = 0; i < NR_OC_STRING_PROPS; i++) {
+    for (i = 0; i < G_N_ELEMENTS(oc_property_args); i++) {
         opt = nm_setting_vpn_get_data_item(s_vpn, oc_property_args[i].property);
         if (opt) {
             oc_argv[oc_argc++] = oc_property_args[i].cmdline;
@@ -371,7 +369,8 @@ nm_vpn_openconnect_authenticate_helper(NMSettingVpn *s_vpn, GPtrArray *secrets,
     }
 
     oc_argv[oc_argc++] = NULL;
-    g_return_val_if_fail(oc_argc <= OC_ARGS_MAX, FALSE);
+
+    nm_assert(oc_argc <= G_N_ELEMENTS(oc_argv));
 
     if (!g_spawn_sync(NULL,
                       (char **) oc_argv,
-- 
cgit v1.2.1


From c0c8eb347d8021a49080be1ab88823b593032c65 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 12 May 2023 13:25:38 +0200
Subject: libnmc: fix openconnect option "--cafile" in
 nm_vpn_openconnect_authenticate_helper()

Fixes: 97f2a368f154 ('libnmc-base: add supported options for OpenConnect CLI authentication')
---
 src/libnmc-base/nm-vpn-helpers.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libnmc-base/nm-vpn-helpers.c b/src/libnmc-base/nm-vpn-helpers.c
index 51e15cda4b..cbe76f5f1c 100644
--- a/src/libnmc-base/nm-vpn-helpers.c
+++ b/src/libnmc-base/nm-vpn-helpers.c
@@ -218,7 +218,7 @@ static const struct {
     const char *cmdline;
 } oc_property_args[] = {
     {NM_OPENCONNECT_KEY_USERCERT, "--certificate"},
-    {NM_OPENCONNECT_KEY_CACERT, "--caflle"},
+    {NM_OPENCONNECT_KEY_CACERT, "--cafile"},
     {NM_OPENCONNECT_KEY_PRIVKEY, "--sslkey"},
     {NM_OPENCONNECT_KEY_KEY_PASS, "--key-password"},
     {NM_OPENCONNECT_KEY_PROTOCOL, "--protocol"},
-- 
cgit v1.2.1