powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1055 Commits
1 Branch
0 Tags
390 MiB
 
 
 
 
 
 
Tree: 260568e7ec
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '260568e7ec'
${ noResults }
base/SOURCES/1002-cli-fix-reading-vpn.se...

120 lines
5.5 KiB
Raw Blame History

From 948a03d2a28dae7bb975f6e64dc7b5a31f10d5b9 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 14 Sep 2018 11:13:05 +0200
Subject: [PATCH 1/1] cli: fix reading "vpn.secrets.*" from passwd-file
Due to a bug, we required VPN secrets to be prefixed with
"vpn.secret." instead of "vpn.secrets.". This was a change
in behavior with 1.12.0 release.
Fix it, to restore the old behavior. For backward compatibility
to the broken behavior, adjust parse_passwords() to treat accept
that as well.
https://bugzilla.redhat.com/show_bug.cgi?id=1628833
https://github.com/NetworkManager/NetworkManager/pull/201
Fixes: 0601b5d725b072bd3ce4ec60be867898a16f85cd
(cherry picked from commit 5815ae8c60961f088e4e54b41ddf8254cb83574a)
(cherry picked from commit 6bfab6796f064c4f878e05476a60cd59fa8bf11e)
(cherry picked from commit 10888abe96fedd3d6c5b99faea76465522f8e8e9)
---
clients/cli/common.c | 6 +++---
clients/cli/connections.c | 10 +++++++++-
clients/common/nm-secret-agent-simple.c | 2 +-
clients/common/nm-secret-agent-simple.h | 2 +-
clients/tui/nmtui-connect.c | 6 +++---
5 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/clients/cli/common.c b/clients/cli/common.c
index 09c86334a..4aea0d5b2 100644
--- a/clients/cli/common.c
+++ b/clients/cli/common.c
@@ -630,13 +630,13 @@ vpn_openconnect_get_secrets (NMConnection *connection, GPtrArray *secrets)
if (!nm_streq0 (secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT))
continue;
- if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "cookie")) {
+ if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "cookie")) {
g_free (secret->value);
secret->value = g_steal_pointer (&cookie);
- } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gateway")) {
+ } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gateway")) {
g_free (secret->value);
secret->value = g_steal_pointer (&gateway);
- } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gwcert")) {
+ } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gwcert")) {
g_free (secret->value);
secret->value = g_steal_pointer (&gwcert);
}
diff --git a/clients/cli/connections.c b/clients/cli/connections.c
index 1563178de..b547e34ca 100644
--- a/clients/cli/connections.c
+++ b/clients/cli/connections.c
@@ -2565,7 +2565,15 @@ parse_passwords (const char *passwd_file, GError **error)
return NULL;
}
- pwd_spec = g_strdup_printf ("%s.%s", setting, prop);
+ if ( nm_streq (setting, "vpn")
+ && g_str_has_prefix (prop, "secret.")) {
+ /* in 1.12.0, we wrongly required the VPN secrets to be named
+ * "vpn.secret". It should be "vpn.secrets". Work around it
+ * (rh#1628833). */
+ pwd_spec = g_strdup_printf ("vpn.secrets.%s", &prop[NM_STRLEN ("secret.")]);
+ } else
+ pwd_spec = g_strdup_printf ("%s.%s", setting, prop);
+
g_hash_table_insert (pwds_hash, pwd_spec, g_strdup (pwd));
}
return g_steal_pointer (&pwds_hash);
diff --git a/clients/common/nm-secret-agent-simple.c b/clients/common/nm-secret-agent-simple.c
index 0856b51ff..3df8c0386 100644
--- a/clients/common/nm-secret-agent-simple.c
+++ b/clients/common/nm-secret-agent-simple.c
@@ -195,7 +195,7 @@ nm_secret_agent_simple_secret_new (NMSecretAgentSecretType secret_type,
real->base.is_secret = (secret_type != NM_SECRET_AGENT_SECRET_TYPE_PROPERTY);
break;
case NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET:
- vpn_prefix = NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET;
+ vpn_prefix = NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS;
value = nm_setting_vpn_get_secret (NM_SETTING_VPN (setting), property);
real->base.entry_id = g_strdup_printf ("%s%s", vpn_prefix, property);
nm_assert (vpn_type);
diff --git a/clients/common/nm-secret-agent-simple.h b/clients/common/nm-secret-agent-simple.h
index 505987dfd..529aaeaca 100644
--- a/clients/common/nm-secret-agent-simple.h
+++ b/clients/common/nm-secret-agent-simple.h
@@ -56,7 +56,7 @@ typedef struct {
gboolean is_secret;
} NMSecretAgentSimpleSecret;
-#define NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "vpn.secret."
+#define NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "vpn.secrets."
#define NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT NM_DBUS_INTERFACE".openconnect"
diff --git a/clients/tui/nmtui-connect.c b/clients/tui/nmtui-connect.c
index 2a954fb8c..6f29e13e9 100644
--- a/clients/tui/nmtui-connect.c
+++ b/clients/tui/nmtui-connect.c
@@ -121,13 +121,13 @@ secrets_requested (NMSecretAgentSimple *agent,
continue;
if (!nm_streq0 (secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT))
continue;
- if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "cookie")) {
+ if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "cookie")) {
g_free (secret->value);
secret->value = g_steal_pointer (&cookie);
- } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gateway")) {
+ } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gateway")) {
g_free (secret->value);
secret->value = g_steal_pointer (&gateway);
- } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gwcert")) {
+ } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gwcert")) {
g_free (secret->value);
secret->value = g_steal_pointer (&gwcert);
}
--
2.17.1