[network-manager-applet/rm-userset] agent: handle always-ask secrets generically
- From: Dan Williams <dcbw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-applet/rm-userset] agent: handle always-ask secrets generically
- Date: Wed, 2 Feb 2011 23:25:44 +0000 (UTC)
commit f3e68d644bd5292c73ed4b4d66c8088c15e4053b
Author: Dan Williams <dcbw redhat com>
Date: Wed Feb 2 11:55:39 2011 -0600
agent: handle always-ask secrets generically
src/applet-agent.c | 113 ++++++++++++++++++++++++++++++++++-----------------
1 files changed, 75 insertions(+), 38 deletions(-)
---
diff --git a/src/applet-agent.c b/src/applet-agent.c
index b7425de..1e8fbbb 100644
--- a/src/applet-agent.c
+++ b/src/applet-agent.c
@@ -30,6 +30,10 @@
#include <nm-setting-connection.h>
#include <nm-setting-8021x.h>
#include <nm-setting-vpn.h>
+#include <nm-setting-wireless.h>
+#include <nm-setting-wireless-security.h>
+#include <nm-setting-wired.h>
+#include <nm-setting-pppoe.h>
#include "applet-agent.h"
#include "utils.h"
@@ -189,43 +193,6 @@ ask_for_secrets (Request *r)
r);
}
-static gboolean
-is_otp_always_ask (NMConnection *connection)
-{
- NMSetting8021x *s_8021x;
- NMSettingConnection *s_con;
- const char *uuid, *eap_method, *phase2;
-
- s_8021x = (NMSetting8021x *) nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X);
- if (s_8021x) {
- gboolean can_always_ask = FALSE;
-
- /* Check if PEAP or TTLS is used */
- eap_method = nm_setting_802_1x_get_eap_method (s_8021x, 0);
- s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION);
- if (!strcmp (eap_method, "peap"))
- can_always_ask = TRUE;
- else if (!strcmp (eap_method, "ttls")) {
- /* Now make sure the phase2 method isn't TLS */
- phase2 = nm_setting_802_1x_get_phase2_auth (s_8021x);
- if (phase2 && strcmp (phase2, "tls"))
- can_always_ask = TRUE;
- else {
- phase2 = nm_setting_802_1x_get_phase2_autheap (s_8021x);
- if (phase2 && strcmp (phase2, "tls"))
- can_always_ask = TRUE;
- }
- }
-
- if (can_always_ask) {
- uuid = nm_setting_connection_get_uuid (s_con);
- if (nm_gconf_get_8021x_password_always_ask (uuid))
- return TRUE;
- }
- }
- return FALSE;
-}
-
static GValue *
string_to_gvalue (const char *str)
{
@@ -343,6 +310,75 @@ done:
}
static void
+check_always_ask_cb (NMSetting *setting,
+ const char *key,
+ const GValue *value,
+ GParamFlags flags,
+ gpointer user_data)
+{
+ gboolean *always_ask = user_data;
+ NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_SYSTEM_OWNED;
+
+ if (flags & NM_SETTING_PARAM_SECRET) {
+ if (nm_setting_get_secret_flags (setting, key, &secret_flags, NULL)) {
+ if (secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED)
+ *always_ask = TRUE;
+ }
+ }
+}
+
+static gboolean
+has_always_ask (NMSetting *setting)
+{
+ gboolean always_ask = FALSE;
+
+ nm_setting_enumerate_values (setting, check_always_ask_cb, &always_ask);
+ return always_ask;
+}
+
+static gboolean
+is_connection_always_ask (NMConnection *connection)
+{
+ NMSettingConnection *s_con;
+ const char *ctype;
+ NMSetting *setting;
+
+ /* For the given connection type, check if the secrets for that connection
+ * are always-ask or not.
+ */
+ s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION);
+ g_assert (s_con);
+ ctype = nm_setting_connection_get_connection_type (s_con);
+
+ setting = nm_connection_get_setting_by_name (connection, ctype);
+ g_return_val_if_fail (setting != NULL, FALSE);
+
+ if (has_always_ask (setting))
+ return TRUE;
+
+ /* Try type-specific settings too; be a bit paranoid and only consider
+ * secrets from settings relevant to the connection type.
+ */
+ if (NM_IS_SETTING_WIRELESS (setting)) {
+ setting = nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS_SECURITY);
+ if (setting && has_always_ask (setting))
+ return TRUE;
+ setting = nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X);
+ if (setting && has_always_ask (setting))
+ return TRUE;
+ } else if (NM_IS_SETTING_WIRED (setting)) {
+ setting = nm_connection_get_setting (connection, NM_TYPE_SETTING_PPPOE);
+ if (setting && has_always_ask (setting))
+ return TRUE;
+ setting = nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X);
+ if (setting && has_always_ask (setting))
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+static void
get_secrets (NMSecretAgent *agent,
NMConnection *connection,
const char *connection_path,
@@ -400,7 +436,8 @@ get_secrets (NMSecretAgent *agent,
else if (flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW) {
ask = TRUE;
g_message ("New secrets for %s/%s requested; ask the user", id, setting_name);
- } else if ((flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION) && is_otp_always_ask (connection))
+ } else if ( (flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION)
+ && is_connection_always_ask (connection))
ask = TRUE;
/* VPN passwords are handled by the VPN plugin's auth dialog; and we always
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]