While the named commit was correct for VPN connections, it didn't
work correctly for the initial secrets requests like when connecting
to a new access point. In that case, secrets *should* be requested
when none are found, but only if interaction is enabled. The
bits of 17726abb which removed checking secrets against the hints
*were* correct, but 17726abb removed too much.
Also, to ensure passwords don't get inadvertently cleared when
simply reading them from the keyring, don't save passwords
unless something might have changed.
https://bugzilla.gnome.org/show_bug.cgi?id=724779
get_secrets_keyring_cb() contained an optimization (copied over from
nm-applet) that avoided a D-Bus round-trip when NetworkManager sent
secrets hints that were not satisified by the user. This code did
not properly handle empty hints though, and proceeded to always
request new secrets whenever empty hints were sent. Remove this
code entirely since the complexity is not worth it (per Jasper).
Second, get_secrets_keyring_cb() was mishandling VPN secrets which
were marked as "always ask". Because the VPN secrets are not GObject
properties because they cannot be pre-defined, they are passed in
a hash table that is a GObject property marked 'secret'. Unfortunately,
that means that the shell agent cannot determine their secret flags.
But since the VPN plugin auth dialogs have much better information
about what's required than the shell agent does, always ask the VPN
auth dialogs to handle the secrets requests after grabbing any that
already exist from the keyring. This is also what nm-applet does.
https://bugzilla.gnome.org/show_bug.cgi?id=719815
It doesn't make sense to have multiple requests for the same
connection/setting combination at the same time, since we would be
asking the user twice for the same password. Instead, report cancellation
to NetworkManager if this happens.
Note that does make sense to have multiple requests in sequence though
(they could have different flags), but this is not affected.
https://bugzilla.gnome.org/show_bug.cgi?id=674961
If a request isn't found in shell_network_agent_set_password() or
shell_network_agent_respond(), then g_return_if_fail() rather than
crashing. OTOH, if a request is not found in
shell_network_agent_cancel_get_secrets(), then just ignore it
silently, since that could legitimately happen.
https://bugzilla.gnome.org/show_bug.cgi?id=674961
When the operation is cancelled by NetworkManager, the request is
cancelled immediately. Later when gnome-keyring invokes the callback
notifying the error we must therefore not access its memory.
Previously the callback would mistakenly treat "cancelled" (which
indicates a programmatic cancel) as "denied" (which means the user
clicked "Cancel" on the keyring prompt)
https://bugzilla.gnome.org/show_bug.cgi?id=658484
VPN secrets are stored by the plugins, that provide separate
helpers for authentication. This commit adds the support for invoking
the binaries and pass them connection details.
For plugins that support it (as exposed by their keyfile), we invoke
them in "external-ui-mode" and expect a set of metadata about the
secrets which is used to build a shell styled dialog.
https://bugzilla.gnome.org/show_bug.cgi?id=658484
VPN secrets are currently unhandled by the UI code. To avoid
lengthy timeouts, bail out early with an error, so NetworkManager
falls back to the nm-applet agent directly.
https://bugzilla.gnome.org/show_bug.cgi?id=658484
A network agent is a component that stores network secrets (like
wifi passwords) in the session keyring. This commit adds an
implementation of it to be used by the shell network dialogs. It
handles most of the keyring stuff, delegating the UI to upper layers.
https://bugzilla.gnome.org/show_bug.cgi?id=650244