From 7dab990eb2e912099006c9a86c72c501ddc4b756 Mon Sep 17 00:00:00 2001
From: Michael Schaller <misch@rodete-desktop-imager.corp.google.com>
Date: Thu, 12 Apr 2018 13:56:30 +0200
Subject: [PATCH 1/3] device: let Ethernet connection fail on supplicant
 timeout if no secrets are required

Without this patch an Ethernet connection attempt that encountered a supplicant
timeout was stuck in the needs-auth state even if it didn't require secrets.
This patch applies the respective WiFi behaviour also to Ethernet devices.

https://bugzilla.gnome.org/show_bug.cgi?id=795196
https://github.com/NetworkManager/NetworkManager/pull/92
---
 src/devices/nm-device-ethernet.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c
index 16fa43146..f0b411e34 100644
--- a/src/devices/nm-device-ethernet.c
+++ b/src/devices/nm-device-ethernet.c
@@ -671,8 +671,10 @@ handle_auth_or_fail (NMDeviceEthernet *self,
 		wired_secrets_get_secrets (self, setting_name,
 		                           NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION
 		                             | (new_secrets ? NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW : 0));
-	} else
+	} else {
 		_LOGI (LOGD_DEVICE, "Cleared secrets, but setting didn't need any secrets.");
+		return NM_ACT_STAGE_RETURN_FAILURE;
+	}
 
 	return NM_ACT_STAGE_RETURN_POSTPONE;
 }

From d5ee549e07b8f4c34b5d9c07d8048dbb9e8bd0ef Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 12 Apr 2018 14:13:23 +0200
Subject: [PATCH 2/3] device: let macsec connection fail on supplicant timeout
 if no secrets are required

Like for ethernet.
---
 src/devices/nm-device-macsec.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/devices/nm-device-macsec.c b/src/devices/nm-device-macsec.c
index 9927adb32..a6759b393 100644
--- a/src/devices/nm-device-macsec.c
+++ b/src/devices/nm-device-macsec.c
@@ -494,8 +494,10 @@ handle_auth_or_fail (NMDeviceMacsec *self,
 		macsec_secrets_get_secrets (self, setting_name,
 		                            NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION
 		                             | (new_secrets ? NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW : 0));
-	} else
+	} else {
 		_LOGI (LOGD_DEVICE, "Cleared secrets, but setting didn't need any secrets.");
+		return NM_ACT_STAGE_RETURN_FAILURE;
+	}
 
 	return NM_ACT_STAGE_RETURN_POSTPONE;
 }

From 251e5707d58d3aacfab971759176ef8d78105548 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 12 Apr 2018 14:16:25 +0200
Subject: [PATCH 3/3] device: return early from handle_auth_or_fail() on
 failure

Don't do if-else, if one branch is going to return with failure.
---
 src/devices/nm-device-ethernet.c | 9 ++++-----
 src/devices/nm-device-macsec.c   | 9 ++++-----
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c
index f0b411e34..56dc7f43c 100644
--- a/src/devices/nm-device-ethernet.c
+++ b/src/devices/nm-device-ethernet.c
@@ -667,15 +667,14 @@ handle_auth_or_fail (NMDeviceEthernet *self,
 
 	applied_connection = nm_act_request_get_applied_connection (req);
 	setting_name = nm_connection_need_secrets (applied_connection, NULL);
-	if (setting_name) {
-		wired_secrets_get_secrets (self, setting_name,
-		                           NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION
-		                             | (new_secrets ? NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW : 0));
-	} else {
+	if (!setting_name) {
 		_LOGI (LOGD_DEVICE, "Cleared secrets, but setting didn't need any secrets.");
 		return NM_ACT_STAGE_RETURN_FAILURE;
 	}
 
+	wired_secrets_get_secrets (self, setting_name,
+	                             NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION
+	                           | (new_secrets ? NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW : 0));
 	return NM_ACT_STAGE_RETURN_POSTPONE;
 }
 
diff --git a/src/devices/nm-device-macsec.c b/src/devices/nm-device-macsec.c
index a6759b393..895ea34f6 100644
--- a/src/devices/nm-device-macsec.c
+++ b/src/devices/nm-device-macsec.c
@@ -490,15 +490,14 @@ handle_auth_or_fail (NMDeviceMacsec *self,
 
 	applied_connection = nm_act_request_get_applied_connection (req);
 	setting_name = nm_connection_need_secrets (applied_connection, NULL);
-	if (setting_name) {
-		macsec_secrets_get_secrets (self, setting_name,
-		                            NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION
-		                             | (new_secrets ? NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW : 0));
-	} else {
+	if (!setting_name) {
 		_LOGI (LOGD_DEVICE, "Cleared secrets, but setting didn't need any secrets.");
 		return NM_ACT_STAGE_RETURN_FAILURE;
 	}
 
+	macsec_secrets_get_secrets (self, setting_name,
+	                              NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION
+	                            | (new_secrets ? NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW : 0));
 	return NM_ACT_STAGE_RETURN_POSTPONE;
 }