libnm: accept secrets without flags for nm-openconnect (rh#1332491)
This commit is contained in:
parent
d53fe7e21b
commit
bf98d20e2f
91
0002-libnm-secrets-without-flags-rh1332491.patch
Normal file
91
0002-libnm-secrets-without-flags-rh1332491.patch
Normal file
@ -0,0 +1,91 @@
|
|||||||
|
From ece6252756c2d8e64efaadaaa5c2a2d2626770fe Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lubomir Rintel <lkundrak@v3.sk>
|
||||||
|
Date: Tue, 19 Jul 2016 14:41:40 +0200
|
||||||
|
Subject: [PATCH 1/1] setting-vpn: whatever is in vpn.secrets always is a
|
||||||
|
secrets
|
||||||
|
|
||||||
|
Even when there's no <secret>-flags key for it in vpn-data.
|
||||||
|
|
||||||
|
This is essentially to fix regression in the way openconnect uses the VPN
|
||||||
|
secrets:
|
||||||
|
|
||||||
|
Openconnect auth helper is essentially a web browser that fills in an arbitrary
|
||||||
|
HTML (or XML) form that's used to get the session cookie. The actual secret the
|
||||||
|
service needs is the cookie itself.
|
||||||
|
|
||||||
|
However, what needs to be remembered includes the form data. What data can be
|
||||||
|
in the form is installation dependent and can not be known in advance. Thus the
|
||||||
|
flags for it can't be currently set in the connection. The auth helper is not
|
||||||
|
capable of setting the flags either, because it can only return secrets.
|
||||||
|
|
||||||
|
Prior to 1424f249e we treated vpn.secrets without the flags as system secrets
|
||||||
|
and store them in the connection. Since that commit we just filter them away,
|
||||||
|
which broke user configurations.
|
||||||
|
|
||||||
|
This restores the behavior or treating everyting in vpn.secrets as secrets and
|
||||||
|
falling back to system secrets.
|
||||||
|
|
||||||
|
Another way would be to find a way to flag the secrets, perhaps by
|
||||||
|
extending the auth helper protocol to be able to store non-secret
|
||||||
|
properties too.
|
||||||
|
|
||||||
|
https://bugzilla.gnome.org/show_bug.cgi?id=768737
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1332491
|
||||||
|
|
||||||
|
(cherry picked from commit 9b96bfaa722f3cccf0df3a3bca6e8f227643f94f)
|
||||||
|
(cherry picked from commit bb45adeda0bf427ada23b09daf970b0757e82d60)
|
||||||
|
---
|
||||||
|
libnm-core/nm-setting-vpn.c | 20 ++++++--------------
|
||||||
|
1 file changed, 6 insertions(+), 14 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libnm-core/nm-setting-vpn.c b/libnm-core/nm-setting-vpn.c
|
||||||
|
index c9a1e20..aa4ddc3 100644
|
||||||
|
--- a/libnm-core/nm-setting-vpn.c
|
||||||
|
+++ b/libnm-core/nm-setting-vpn.c
|
||||||
|
@@ -566,8 +566,7 @@ get_secret_flags (NMSetting *setting,
|
||||||
|
GError **error)
|
||||||
|
{
|
||||||
|
NMSettingVpnPrivate *priv = NM_SETTING_VPN_GET_PRIVATE (setting);
|
||||||
|
- gboolean success = FALSE;
|
||||||
|
- char *flags_key;
|
||||||
|
+ gs_free char *flags_key = NULL;
|
||||||
|
gpointer val;
|
||||||
|
unsigned long tmp;
|
||||||
|
NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
|
||||||
|
@@ -576,28 +575,21 @@ get_secret_flags (NMSetting *setting,
|
||||||
|
if (g_hash_table_lookup_extended (priv->data, flags_key, NULL, &val)) {
|
||||||
|
errno = 0;
|
||||||
|
tmp = strtoul ((const char *) val, NULL, 10);
|
||||||
|
- if ((errno == 0) && (tmp <= NM_SETTING_SECRET_FLAGS_ALL)) {
|
||||||
|
- flags = (NMSettingSecretFlags) tmp;
|
||||||
|
- success = TRUE;
|
||||||
|
- } else {
|
||||||
|
+ if ((errno != 0) || (tmp > NM_SETTING_SECRET_FLAGS_ALL)) {
|
||||||
|
g_set_error (error,
|
||||||
|
NM_CONNECTION_ERROR,
|
||||||
|
NM_CONNECTION_ERROR_INVALID_PROPERTY,
|
||||||
|
_("failed to convert value '%s' to uint"),
|
||||||
|
(const char *) val);
|
||||||
|
g_prefix_error (error, "%s.%s: ", NM_SETTING_VPN_SETTING_NAME, flags_key);
|
||||||
|
+ return FALSE;
|
||||||
|
}
|
||||||
|
- } else {
|
||||||
|
- g_set_error_literal (error,
|
||||||
|
- NM_CONNECTION_ERROR,
|
||||||
|
- NM_CONNECTION_ERROR_MISSING_PROPERTY,
|
||||||
|
- _("secret flags property not found"));
|
||||||
|
- g_prefix_error (error, "%s.%s: ", NM_SETTING_VPN_SETTING_NAME, flags_key);
|
||||||
|
+ flags = (NMSettingSecretFlags) tmp;
|
||||||
|
}
|
||||||
|
- g_free (flags_key);
|
||||||
|
+
|
||||||
|
if (out_flags)
|
||||||
|
*out_flags = flags;
|
||||||
|
- return success;
|
||||||
|
+ return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
static gboolean
|
||||||
|
--
|
||||||
|
2.7.4
|
||||||
|
|
@ -11,7 +11,7 @@
|
|||||||
%global git_sha %{nil}
|
%global git_sha %{nil}
|
||||||
%global rpm_version 1.2.4
|
%global rpm_version 1.2.4
|
||||||
%global real_version 1.2.4
|
%global real_version 1.2.4
|
||||||
%global release_version 2
|
%global release_version 3
|
||||||
%global epoch_version 1
|
%global epoch_version 1
|
||||||
|
|
||||||
%global obsoletes_nmver 1:0.9.9.95-1
|
%global obsoletes_nmver 1:0.9.9.95-1
|
||||||
@ -98,6 +98,7 @@ Source2: 00-server.conf
|
|||||||
Source3: 20-connectivity-fedora.conf
|
Source3: 20-connectivity-fedora.conf
|
||||||
|
|
||||||
Patch1: 0001-wifi-clear-WiFi-requested-scan-rh1362165.patch
|
Patch1: 0001-wifi-clear-WiFi-requested-scan-rh1362165.patch
|
||||||
|
Patch2: 0002-libnm-secrets-without-flags-rh1332491.patch
|
||||||
|
|
||||||
Requires(post): systemd
|
Requires(post): systemd
|
||||||
Requires(preun): systemd
|
Requires(preun): systemd
|
||||||
@ -339,6 +340,7 @@ by nm-connection-editor and nm-applet in a non-graphical environment.
|
|||||||
%setup -q -n NetworkManager-%{real_version}
|
%setup -q -n NetworkManager-%{real_version}
|
||||||
|
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
gtkdocize
|
gtkdocize
|
||||||
@ -641,6 +643,9 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Oct 12 2016 Thomas Haller <thaller@redhat.com> - 1:1.2.4-3
|
||||||
|
- libnm: accept secrets without flags for nm-openconnect (rh#1332491)
|
||||||
|
|
||||||
* Wed Aug 17 2016 Francesco Giudici <fgiudici@redhat.com> - 1:1.2.4-2
|
* Wed Aug 17 2016 Francesco Giudici <fgiudici@redhat.com> - 1:1.2.4-2
|
||||||
- fix stale Wi-Fi after resume from suspend (rh#1362165)
|
- fix stale Wi-Fi after resume from suspend (rh#1362165)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user