libnm: accept secrets without flags for nm-openconnect (rh#1332491)
This commit is contained in:
Thomas Haller
parent
d53fe7e21b
commit
bf98d20e2f
|
|
@ -0,0 +1,91 @@
|
|||
From ece6252756c2d8e64efaadaaa5c2a2d2626770fe Mon Sep 17 00:00:00 2001
|
||||
From: Lubomir Rintel <lkundrak@v3.sk>
|
||||
Date: Tue, 19 Jul 2016 14:41:40 +0200
|
||||
Subject: [PATCH 1/1] setting-vpn: whatever is in vpn.secrets always is a
|
||||
secrets
|
||||
|
||||
Even when there's no <secret>-flags key for it in vpn-data.
|
||||
|
||||
This is essentially to fix regression in the way openconnect uses the VPN
|
||||
secrets:
|
||||
|
||||
Openconnect auth helper is essentially a web browser that fills in an arbitrary
|
||||
HTML (or XML) form that's used to get the session cookie. The actual secret the
|
||||
service needs is the cookie itself.
|
||||
|
||||
However, what needs to be remembered includes the form data. What data can be
|
||||
in the form is installation dependent and can not be known in advance. Thus the
|
||||
flags for it can't be currently set in the connection. The auth helper is not
|
||||
capable of setting the flags either, because it can only return secrets.
|
||||
|
||||
Prior to 1424f249e we treated vpn.secrets without the flags as system secrets
|
||||
and store them in the connection. Since that commit we just filter them away,
|
||||
which broke user configurations.
|
||||
|
||||
This restores the behavior or treating everyting in vpn.secrets as secrets and
|
||||
falling back to system secrets.
|
||||
|
||||
Another way would be to find a way to flag the secrets, perhaps by
|
||||
extending the auth helper protocol to be able to store non-secret
|
||||
properties too.
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=768737
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1332491
|
||||
|
||||
(cherry picked from commit 9b96bfaa722f3cccf0df3a3bca6e8f227643f94f)
|
||||
(cherry picked from commit bb45adeda0bf427ada23b09daf970b0757e82d60)
|
||||
---
|
||||
libnm-core/nm-setting-vpn.c | 20 ++++++--------------
|
||||
1 file changed, 6 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/libnm-core/nm-setting-vpn.c b/libnm-core/nm-setting-vpn.c
|
||||
index c9a1e20..aa4ddc3 100644
|
||||
--- a/libnm-core/nm-setting-vpn.c
|
||||
+++ b/libnm-core/nm-setting-vpn.c
|
||||
@@ -566,8 +566,7 @@ get_secret_flags (NMSetting *setting,
|
||||
GError **error)
|
||||
{
|
||||
NMSettingVpnPrivate *priv = NM_SETTING_VPN_GET_PRIVATE (setting);
|
||||
- gboolean success = FALSE;
|
||||
- char *flags_key;
|
||||
+ gs_free char *flags_key = NULL;
|
||||
gpointer val;
|
||||
unsigned long tmp;
|
||||
NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
|
||||
@@ -576,28 +575,21 @@ get_secret_flags (NMSetting *setting,
|
||||
if (g_hash_table_lookup_extended (priv->data, flags_key, NULL, &val)) {
|
||||
errno = 0;
|
||||
tmp = strtoul ((const char *) val, NULL, 10);
|
||||
- if ((errno == 0) && (tmp <= NM_SETTING_SECRET_FLAGS_ALL)) {
|
||||
- flags = (NMSettingSecretFlags) tmp;
|
||||
- success = TRUE;
|
||||
- } else {
|
||||
+ if ((errno != 0) || (tmp > NM_SETTING_SECRET_FLAGS_ALL)) {
|
||||
g_set_error (error,
|
||||
NM_CONNECTION_ERROR,
|
||||
NM_CONNECTION_ERROR_INVALID_PROPERTY,
|
||||
_("failed to convert value '%s' to uint"),
|
||||
(const char *) val);
|
||||
g_prefix_error (error, "%s.%s: ", NM_SETTING_VPN_SETTING_NAME, flags_key);
|
||||
+ return FALSE;
|
||||
}
|
||||
- } else {
|
||||
- g_set_error_literal (error,
|
||||
- NM_CONNECTION_ERROR,
|
||||
- NM_CONNECTION_ERROR_MISSING_PROPERTY,
|
||||
- _("secret flags property not found"));
|
||||
- g_prefix_error (error, "%s.%s: ", NM_SETTING_VPN_SETTING_NAME, flags_key);
|
||||
+ flags = (NMSettingSecretFlags) tmp;
|
||||
}
|
||||
- g_free (flags_key);
|
||||
+
|
||||
if (out_flags)
|
||||
*out_flags = flags;
|
||||
- return success;
|
||||
+ return TRUE;
|
||||
}
|
||||
|
||||
static gboolean
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
|
@ -11,7 +11,7 @@
|
|||
%global git_sha %{nil}
|
||||
%global rpm_version 1.2.4
|
||||
%global real_version 1.2.4
|
||||
%global release_version 2
|
||||
%global release_version 3
|
||||
%global epoch_version 1
|
||||
|
||||
%global obsoletes_nmver 1:0.9.9.95-1
|
||||
|
|
@ -98,6 +98,7 @@ Source2: 00-server.conf
|
|||
Source3: 20-connectivity-fedora.conf
|
||||
|
||||
Patch1: 0001-wifi-clear-WiFi-requested-scan-rh1362165.patch
|
||||
Patch2: 0002-libnm-secrets-without-flags-rh1332491.patch
|
||||
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
|
|
@ -339,6 +340,7 @@ by nm-connection-editor and nm-applet in a non-graphical environment.
|
|||
%setup -q -n NetworkManager-%{real_version}
|
||||
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
|
||||
%build
|
||||
gtkdocize
|
||||
|
|
@ -641,6 +643,9 @@ fi
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Oct 12 2016 Thomas Haller <thaller@redhat.com> - 1:1.2.4-3
|
||||
- libnm: accept secrets without flags for nm-openconnect (rh#1332491)
|
||||
|
||||
* Wed Aug 17 2016 Francesco Giudici <fgiudici@redhat.com> - 1:1.2.4-2
|
||||
- fix stale Wi-Fi after resume from suspend (rh#1362165)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue