2007-10-19 Dan Williams <dcbw@redhat.com>

Split the GetSecrets() call off to a separate D-Bus interface so that it
	can be more easily locked down with D-Bus policy.  Only 'root' (ie, NM)
	should be able to call GetSecrets().

	* include/NetworkManager.h
		- Define the connection secrets D-Bus interface

	* src/vpn-manager/nm-vpn-connection.c
		- (clear_need_auth): get the right proxy object for the connection
			secrets interface
		- (get_connection_secrets): use the connection secrets proxy; send
			empty hints in get secrets request

	* src/nm-activation-request.c
		- (nm_act_request_request_connection_secrets): use the connection
			secrets proxy; send empty hints in get secrets request

	* src/nm-manager.c
	  src/nm-manager.h
		- (connection_get_settings_cb): set the connection secrets proxy on
			the connection object too
		- (internal_new_connection_cb): create the connection secrets proxy

	* introspection/nm-settings-connection.xml
		- Define Connection.Secrets interface and move GetSecrets there
		- Add a 'hints' argument to GetSecrets

	* libnm-glib/nm-settings.c
	  libnm-glib/nm-settings.h
		- (impl_connection_settings_get_secrets): add 'hints' argument



git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2989 4912f4e0-d625-0410-9fb7-b9a5a253dbdc

src/nm-activation-request.c

@@ -201,6 +201,8 @@ get_secrets_cb (DBusGProxy *proxy, DBusGProxyCall *call, gpointer user_data)
 	g_hash_table_destroy (secrets);
 }
 
+#define DBUS_TYPE_STRING_ARRAY   (dbus_g_type_get_collection ("GPtrArray", G_TYPE_STRING))
+
 gboolean
 nm_act_request_request_connection_secrets (NMActRequest *req,
                                            const char *setting_name,
@@ -210,12 +212,13 @@ nm_act_request_request_connection_secrets (NMActRequest *req,
 	DBusGProxyCall *call;
 	GetSecretsInfo *info = NULL;
 	NMActRequestPrivate *priv = NULL;
+	GPtrArray *hints = NULL;
 
 	g_return_val_if_fail (NM_IS_ACT_REQUEST (req), FALSE);
 	g_return_val_if_fail (setting_name != NULL, FALSE);
 
 	priv = NM_ACT_REQUEST_GET_PRIVATE (req);
-	proxy = g_object_get_data (G_OBJECT (priv->connection), NM_MANAGER_CONNECTION_PROXY_TAG);
+	proxy = g_object_get_data (G_OBJECT (priv->connection), NM_MANAGER_CONNECTION_SECRETS_PROXY_TAG);
 	if (!DBUS_IS_G_PROXY (proxy)) {
 		nm_warning ("Couldn't get dbus proxy for connection.");
 		goto error;
@@ -233,6 +236,9 @@ nm_act_request_request_connection_secrets (NMActRequest *req,
 		goto error;
 	}
 
+	/* Empty for now */
+	hints = g_ptr_array_new ();
+
 	info->req = req;
 	call = dbus_g_proxy_begin_call_with_timeout (proxy, "GetSecrets",
 	                                             get_secrets_cb,
@@ -240,8 +246,10 @@ nm_act_request_request_connection_secrets (NMActRequest *req,
 	                                             free_get_secrets_info,
 	                                             G_MAXINT32,
 	                                             G_TYPE_STRING, setting_name,
+	                                             DBUS_TYPE_STRING_ARRAY, hints,
 	                                             G_TYPE_BOOLEAN, request_new,
 	                                             G_TYPE_INVALID);
+	g_ptr_array_free (hints, TRUE);
 	if (!call) {
 		nm_warning ("Could not call GetSecrets");
 		goto error;