From 17726abb0a42b7b103f58de5de00ed5e8c3a58d8 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Tue, 3 Dec 2013 22:07:16 -0600 Subject: [PATCH] NetworkAgent: handle empty hints and VPN secrets correctly get_secrets_keyring_cb() contained an optimization (copied over from nm-applet) that avoided a D-Bus round-trip when NetworkManager sent secrets hints that were not satisified by the user. This code did not properly handle empty hints though, and proceeded to always request new secrets whenever empty hints were sent. Remove this code entirely since the complexity is not worth it (per Jasper). Second, get_secrets_keyring_cb() was mishandling VPN secrets which were marked as "always ask". Because the VPN secrets are not GObject properties because they cannot be pre-defined, they are passed in a hash table that is a GObject property marked 'secret'. Unfortunately, that means that the shell agent cannot determine their secret flags. But since the VPN plugin auth dialogs have much better information about what's required than the shell agent does, always ask the VPN auth dialogs to handle the secrets requests after grabbing any that already exist from the keyring. This is also what nm-applet does. https://bugzilla.gnome.org/show_bug.cgi?id=719815 --- src/shell-network-agent.c | 26 ++++---------------------- 1 file changed, 4 insertions(+), 22 deletions(-) diff --git a/src/shell-network-agent.c b/src/shell-network-agent.c index 10f8d91e8..8d2b9b20a 100644 --- a/src/shell-network-agent.c +++ b/src/shell-network-agent.c @@ -243,20 +243,6 @@ gvalue_destroy_notify (gpointer data) g_slice_free (GValue, value); } -static gboolean -strv_has (gchar **haystack, - gchar *needle) -{ - gchar *iter; - for (iter = *haystack; iter; iter++) - { - if (g_strcmp0 (iter, needle) == 0) - return TRUE; - } - - return FALSE; -} - static void get_secrets_keyring_cb (GObject *source, GAsyncResult *result, @@ -267,7 +253,6 @@ get_secrets_keyring_cb (GObject *source, ShellNetworkAgentPrivate *priv; GError *secret_error = NULL; GError *error = NULL; - gint n_found = 0; GList *items; GList *l; GHashTable *outer; @@ -327,11 +312,6 @@ get_secrets_keyring_cb (GObject *source, else g_hash_table_insert (closure->vpn_entries, secret_name, g_strdup (secret_value_get (secret, NULL))); - if (closure->hints) - n_found += strv_has (closure->hints, secret_name); - else - n_found += 1; - g_hash_table_unref (attributes); secret_value_unref (secret); break; @@ -344,8 +324,10 @@ get_secrets_keyring_cb (GObject *source, g_list_free_full (items, g_object_unref); - if (n_found == 0 && - (closure->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION)) + /* All VPN requests get sent to the VPN's auth dialog, since it knows better + * than the agent do about what secrets are required. + */ + if (closure->is_vpn) { nm_connection_update_secrets (closure->connection, closure->setting_name, closure->entries, NULL);