92 lines
3.3 KiB
Diff
92 lines
3.3 KiB
Diff
From ece6252756c2d8e64efaadaaa5c2a2d2626770fe Mon Sep 17 00:00:00 2001
|
|
From: Lubomir Rintel <lkundrak@v3.sk>
|
|
Date: Tue, 19 Jul 2016 14:41:40 +0200
|
|
Subject: [PATCH 1/1] setting-vpn: whatever is in vpn.secrets always is a
|
|
secrets
|
|
|
|
Even when there's no <secret>-flags key for it in vpn-data.
|
|
|
|
This is essentially to fix regression in the way openconnect uses the VPN
|
|
secrets:
|
|
|
|
Openconnect auth helper is essentially a web browser that fills in an arbitrary
|
|
HTML (or XML) form that's used to get the session cookie. The actual secret the
|
|
service needs is the cookie itself.
|
|
|
|
However, what needs to be remembered includes the form data. What data can be
|
|
in the form is installation dependent and can not be known in advance. Thus the
|
|
flags for it can't be currently set in the connection. The auth helper is not
|
|
capable of setting the flags either, because it can only return secrets.
|
|
|
|
Prior to 1424f249e we treated vpn.secrets without the flags as system secrets
|
|
and store them in the connection. Since that commit we just filter them away,
|
|
which broke user configurations.
|
|
|
|
This restores the behavior or treating everyting in vpn.secrets as secrets and
|
|
falling back to system secrets.
|
|
|
|
Another way would be to find a way to flag the secrets, perhaps by
|
|
extending the auth helper protocol to be able to store non-secret
|
|
properties too.
|
|
|
|
https://bugzilla.gnome.org/show_bug.cgi?id=768737
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1332491
|
|
|
|
(cherry picked from commit 9b96bfaa722f3cccf0df3a3bca6e8f227643f94f)
|
|
(cherry picked from commit bb45adeda0bf427ada23b09daf970b0757e82d60)
|
|
---
|
|
libnm-core/nm-setting-vpn.c | 20 ++++++--------------
|
|
1 file changed, 6 insertions(+), 14 deletions(-)
|
|
|
|
diff --git a/libnm-core/nm-setting-vpn.c b/libnm-core/nm-setting-vpn.c
|
|
index c9a1e20..aa4ddc3 100644
|
|
--- a/libnm-core/nm-setting-vpn.c
|
|
+++ b/libnm-core/nm-setting-vpn.c
|
|
@@ -566,8 +566,7 @@ get_secret_flags (NMSetting *setting,
|
|
GError **error)
|
|
{
|
|
NMSettingVpnPrivate *priv = NM_SETTING_VPN_GET_PRIVATE (setting);
|
|
- gboolean success = FALSE;
|
|
- char *flags_key;
|
|
+ gs_free char *flags_key = NULL;
|
|
gpointer val;
|
|
unsigned long tmp;
|
|
NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
|
|
@@ -576,28 +575,21 @@ get_secret_flags (NMSetting *setting,
|
|
if (g_hash_table_lookup_extended (priv->data, flags_key, NULL, &val)) {
|
|
errno = 0;
|
|
tmp = strtoul ((const char *) val, NULL, 10);
|
|
- if ((errno == 0) && (tmp <= NM_SETTING_SECRET_FLAGS_ALL)) {
|
|
- flags = (NMSettingSecretFlags) tmp;
|
|
- success = TRUE;
|
|
- } else {
|
|
+ if ((errno != 0) || (tmp > NM_SETTING_SECRET_FLAGS_ALL)) {
|
|
g_set_error (error,
|
|
NM_CONNECTION_ERROR,
|
|
NM_CONNECTION_ERROR_INVALID_PROPERTY,
|
|
_("failed to convert value '%s' to uint"),
|
|
(const char *) val);
|
|
g_prefix_error (error, "%s.%s: ", NM_SETTING_VPN_SETTING_NAME, flags_key);
|
|
+ return FALSE;
|
|
}
|
|
- } else {
|
|
- g_set_error_literal (error,
|
|
- NM_CONNECTION_ERROR,
|
|
- NM_CONNECTION_ERROR_MISSING_PROPERTY,
|
|
- _("secret flags property not found"));
|
|
- g_prefix_error (error, "%s.%s: ", NM_SETTING_VPN_SETTING_NAME, flags_key);
|
|
+ flags = (NMSettingSecretFlags) tmp;
|
|
}
|
|
- g_free (flags_key);
|
|
+
|
|
if (out_flags)
|
|
*out_flags = flags;
|
|
- return success;
|
|
+ return TRUE;
|
|
}
|
|
|
|
static gboolean
|
|
--
|
|
2.7.4
|
|
|