From a25db64f7cc318cdb735499a1e56de778617a680 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Fri, 27 Oct 2017 15:01:46 +0200 Subject: [PATCH 1/2] clients: implement CancelGetSecrets() secret-agent API --- clients/common/nm-secret-agent-simple.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/clients/common/nm-secret-agent-simple.c b/clients/common/nm-secret-agent-simple.c index c08f7fe24..4ef1be239 100644 --- a/clients/common/nm-secret-agent-simple.c +++ b/clients/common/nm-secret-agent-simple.c @@ -748,7 +748,12 @@ nm_secret_agent_simple_cancel_get_secrets (NMSecretAgentOld *agent, const gchar *connection_path, const gchar *setting_name) { - /* We don't support cancellation. Sorry! */ + NMSecretAgentSimple *self = NM_SECRET_AGENT_SIMPLE (agent); + NMSecretAgentSimplePrivate *priv = NM_SECRET_AGENT_SIMPLE_GET_PRIVATE (self); + gs_free char *request_id = NULL; + + request_id = g_strdup_printf ("%s/%s", connection_path, setting_name); + g_hash_table_remove (priv->requests, request_id); } static void From 61b666902b0797bf75664d0908661a4fbee0b9c2 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Fri, 27 Oct 2017 15:12:33 +0200 Subject: [PATCH 2/2] cli: enable secret-agent only after activation Change the activation procedure for connections that require secrets in the following way: - nmcli creates a secret-agent and leaves it disabled so that incoming requests are queued - nmcli calls ActivateConnection() - when the method returns success, the secret-agent gets enabled and all queued requests are processed When the user activates a connection which is already auto-activating, NM will deactivate the current active-connection and will call CancelGetSecrets() for it before the new ActivateConnection() returns. In this way, when the secret-agent is enabled by nmcli, we have the guarantee that there aren't any queued requests for the deactivating connections. https://bugzilla.redhat.com/show_bug.cgi?id=1438476 --- clients/cli/connections.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/clients/cli/connections.c b/clients/cli/connections.c index 73c1de264..c05a9e82f 100644 --- a/clients/cli/connections.c +++ b/clients/cli/connections.c @@ -2397,10 +2397,6 @@ nmc_activate_connection (NmCli *nmc, NM_SECRET_AGENT_SIMPLE_REQUEST_SECRETS, G_CALLBACK (nmc_secrets_requested), nmc); - if (connection) { - nm_secret_agent_simple_enable (NM_SECRET_AGENT_SIMPLE (nmc->secret_agent), - nm_object_get_path (NM_OBJECT (connection))); - } } info = g_malloc0 (sizeof (ActivateConnectionInfo)); @@ -6182,6 +6178,7 @@ typedef struct { NMDevice *device; NMActiveConnection *ac; guint monitor_id; + NmCli *nmc; } MonitorACInfo; static gboolean nmc_editor_cb_called; @@ -6259,6 +6256,14 @@ progress_activation_editor_cb (gpointer user_data) goto finish; /* we are done */ } + if (info->nmc->secret_agent) { + NMRemoteConnection *connection; + + connection = nm_active_connection_get_connection (ac); + nm_secret_agent_simple_enable (NM_SECRET_AGENT_SIMPLE (info->nmc->secret_agent), + nm_object_get_path (NM_OBJECT (connection))); + } + return TRUE; finish: @@ -6294,6 +6299,7 @@ activate_connection_editor_cb (GObject *client, monitor_ac_info->device = g_object_ref (device); monitor_ac_info->ac = active; monitor_ac_info->monitor_id = g_timeout_add (120, progress_activation_editor_cb, monitor_ac_info); + monitor_ac_info->nmc = info->nmc; } else g_object_unref (active); }