[network-manager-openvpn] properties: default secrets to being agent-owned

From: Dan Williams <dcbw src gnome org>
To: commits-list gnome org
Cc:
Subject: [network-manager-openvpn] properties: default secrets to being agent-owned
Date: Tue, 5 Apr 2011 03:40:52 +0000 (UTC)

commit 48beea76f62520b8254c6aa631dc9923ba35df48
Author: Dan Williams <dcbw redhat com>
Date:   Mon Apr 4 22:41:27 2011 -0500

    properties: default secrets to being agent-owned
    
    More secure this way, usually VPN connections are more private and
    thus we want the secrets to be stored in the user's session,
    protected by a keyring password or something.

 properties/import-export.c |   30 +++++++++++++++++++++++++++++-
 1 files changed, 29 insertions(+), 1 deletions(-)
---
diff --git a/properties/import-export.c b/properties/import-export.c
index af7ea02..56a2890 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -42,6 +42,7 @@
 #include "import-export.h"
 #include "nm-openvpn.h"
 #include "../src/nm-openvpn-service.h"
+#include "../common/utils.h"
 
 #define AUTH_TAG "auth "
 #define AUTH_USER_PASS_TAG "auth-user-pass"
@@ -470,8 +471,13 @@ do_import (const char *path, char **lines, GError **error)
 					nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_PORT, s_port);
 					if (user)
 						nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_HTTP_PROXY_USERNAME, user);
-					if (pass)
+					if (pass) {
 						nm_setting_vpn_add_secret (s_vpn, NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD, pass);
+						nm_setting_set_secret_flags (NM_SETTING (s_vpn),
+						                             NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD,
+						                             NM_SETTING_SECRET_FLAG_AGENT_OWNED,
+						                             NULL);
+					}
 					proxy_set = TRUE;
 				}
 				g_free (s_port);
@@ -660,6 +666,28 @@ do_import (const char *path, char **lines, GError **error)
 			ctype = NM_OPENVPN_CONTYPE_TLS;
 
 		nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE, ctype);
+
+		/* Default secret flags to be agent-owned */
+		if (have_pass) {
+			nm_setting_set_secret_flags (NM_SETTING (s_vpn),
+			                             NM_OPENVPN_KEY_PASSWORD,
+			                             NM_SETTING_SECRET_FLAG_AGENT_OWNED,
+			                             NULL);
+		}
+		if (have_certs) {
+			const char *key_path;
+
+			key_path = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY);
+			if (key_path && is_encrypted (key_path)) {
+				/* If there should be a private key password, default it to
+				 * being agent-owned.
+				 */
+				nm_setting_set_secret_flags (NM_SETTING (s_vpn),
+				                             NM_OPENVPN_KEY_CERTPASS,
+				                             NM_SETTING_SECRET_FLAG_AGENT_OWNED,
+				                             NULL);
+			}
+		}
 	}
 
 	g_free (default_path);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]