diff options
| author | Thomas Haller <thaller@redhat.com> | 2018-09-14 11:13:05 +0200 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2018-09-14 15:17:53 +0200 |
| commit | 6bfab6796f064c4f878e05476a60cd59fa8bf11e (patch) | |
| tree | 757fb6a57ac9ec19efca5a8a33eb9c484ccf4354 | |
| parent | 63639f338fcf5380e0606ea32aefce1273497164 (diff) | |
cli: fix reading "vpn.secrets.*" from passwd-file
Due to a bug, we required VPN secrets to be prefixed with
"vpn.secret." instead of "vpn.secrets.". This was a change
in behavior with 1.12.0 release.
Fix it, to restore the old behavior. For backward compatibility
to the broken behavior, adjust parse_passwords() to treat accept
that as well.
https://bugzilla.redhat.com/show_bug.cgi?id=1628833
https://github.com/NetworkManager/NetworkManager/pull/201
Fixes: 0601b5d725b072bd3ce4ec60be867898a16f85cd
(cherry picked from commit 5815ae8c60961f088e4e54b41ddf8254cb83574a)
| -rw-r--r-- | clients/cli/common.c | 6 | ||||
| -rw-r--r-- | clients/cli/connections.c | 10 | ||||
| -rw-r--r-- | clients/common/nm-secret-agent-simple.c | 2 | ||||
| -rw-r--r-- | clients/common/nm-secret-agent-simple.h | 2 | ||||
| -rw-r--r-- | clients/tui/nmtui-connect.c | 6 |
5 files changed, 17 insertions, 9 deletions
diff --git a/clients/cli/common.c b/clients/cli/common.c index ede447bad0..88e9815455 100644 --- a/clients/cli/common.c +++ b/clients/cli/common.c @@ -645,13 +645,13 @@ vpn_openconnect_get_secrets (NMConnection *connection, GPtrArray *secrets) if (!nm_streq0 (secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT)) continue; - if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "cookie")) { + if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "cookie")) { g_free (secret->value); secret->value = g_steal_pointer (&cookie); - } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gateway")) { + } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gateway")) { g_free (secret->value); secret->value = g_steal_pointer (&gateway); - } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gwcert")) { + } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gwcert")) { g_free (secret->value); secret->value = g_steal_pointer (&gwcert); } diff --git a/clients/cli/connections.c b/clients/cli/connections.c index ad0b767215..bcd257ac2e 100644 --- a/clients/cli/connections.c +++ b/clients/cli/connections.c @@ -2607,7 +2607,15 @@ parse_passwords (const char *passwd_file, GError **error) return NULL; } - pwd_spec = g_strdup_printf ("%s.%s", setting, prop); + if ( nm_streq (setting, "vpn") + && g_str_has_prefix (prop, "secret.")) { + /* in 1.12.0, we wrongly required the VPN secrets to be named + * "vpn.secret". It should be "vpn.secrets". Work around it + * (rh#1628833). */ + pwd_spec = g_strdup_printf ("vpn.secrets.%s", &prop[NM_STRLEN ("secret.")]); + } else + pwd_spec = g_strdup_printf ("%s.%s", setting, prop); + g_hash_table_insert (pwds_hash, pwd_spec, g_strdup (pwd)); } return g_steal_pointer (&pwds_hash); diff --git a/clients/common/nm-secret-agent-simple.c b/clients/common/nm-secret-agent-simple.c index 7048e0ef3e..cab0c15ab8 100644 --- a/clients/common/nm-secret-agent-simple.c +++ b/clients/common/nm-secret-agent-simple.c @@ -195,7 +195,7 @@ nm_secret_agent_simple_secret_new (NMSecretAgentSecretType secret_type, real->base.is_secret = (secret_type != NM_SECRET_AGENT_SECRET_TYPE_PROPERTY); break; case NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET: - vpn_prefix = NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET; + vpn_prefix = NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS; value = nm_setting_vpn_get_secret (NM_SETTING_VPN (setting), property); real->base.entry_id = g_strdup_printf ("%s%s", vpn_prefix, property); nm_assert (vpn_type); diff --git a/clients/common/nm-secret-agent-simple.h b/clients/common/nm-secret-agent-simple.h index 505987dfd9..529aaeaca9 100644 --- a/clients/common/nm-secret-agent-simple.h +++ b/clients/common/nm-secret-agent-simple.h @@ -56,7 +56,7 @@ typedef struct { gboolean is_secret; } NMSecretAgentSimpleSecret; -#define NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "vpn.secret." +#define NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "vpn.secrets." #define NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT NM_DBUS_INTERFACE".openconnect" diff --git a/clients/tui/nmtui-connect.c b/clients/tui/nmtui-connect.c index 2a954fb8cb..6f29e13e9e 100644 --- a/clients/tui/nmtui-connect.c +++ b/clients/tui/nmtui-connect.c @@ -121,13 +121,13 @@ secrets_requested (NMSecretAgentSimple *agent, continue; if (!nm_streq0 (secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT)) continue; - if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "cookie")) { + if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "cookie")) { g_free (secret->value); secret->value = g_steal_pointer (&cookie); - } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gateway")) { + } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gateway")) { g_free (secret->value); secret->value = g_steal_pointer (&gateway); - } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gwcert")) { + } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gwcert")) { g_free (secret->value); secret->value = g_steal_pointer (&gwcert); } |