settings,keyfile: move openconnect hack from settings to keyfile reader
VPN settings (for openconnect) can only be handled by the keyfile settings
plugin.
In any case, such special casing belongs to the settings plugin and not
"nm-settings.c". The reason is that the settings plugin already has an
intimate understanding of the content of connections, it knows which fields
exist, their meaning, etc. It makes sense special handling of
openconnect is done there.
See also commit 304d0b869b ('core: openconnect migration hack').
Unfortunately it's not clear to me why/whether this is still the
right thing to do.
This commit is contained in:
Thomas Haller
@@ -363,6 +363,53 @@ read_field (char **current, const char **out_err_str, const char *characters, co
|
||||
}
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
#define NM_DBUS_SERVICE_OPENCONNECT "org.freedesktop.NetworkManager.openconnect"
|
||||
#define NM_OPENCONNECT_KEY_GATEWAY "gateway"
|
||||
#define NM_OPENCONNECT_KEY_COOKIE "cookie"
|
||||
#define NM_OPENCONNECT_KEY_GWCERT "gwcert"
|
||||
#define NM_OPENCONNECT_KEY_XMLCONFIG "xmlconfig"
|
||||
#define NM_OPENCONNECT_KEY_LASTHOST "lasthost"
|
||||
#define NM_OPENCONNECT_KEY_AUTOCONNECT "autoconnect"
|
||||
#define NM_OPENCONNECT_KEY_CERTSIGS "certsigs"
|
||||
|
||||
static void
|
||||
openconnect_fix_secret_flags (NMSetting *setting)
|
||||
{
|
||||
NMSettingVpn *s_vpn;
|
||||
NMSettingSecretFlags flags;
|
||||
|
||||
/* Huge hack. There were some openconnect changes that needed to happen
|
||||
* pretty late, too late to get into distros. Migration has already
|
||||
* happened for many people, and their secret flags are wrong. But we
|
||||
* don't want to requrie re-migration, so we have to fix it up here. Ugh.
|
||||
*/
|
||||
|
||||
if (!NM_IS_SETTING_VPN (setting))
|
||||
return;
|
||||
|
||||
s_vpn = NM_SETTING_VPN (setting);
|
||||
|
||||
if (!nm_streq0 (nm_setting_vpn_get_service_type (s_vpn), NM_DBUS_SERVICE_OPENCONNECT))
|
||||
return;
|
||||
|
||||
/* These are different for every login session, and should not be stored */
|
||||
flags = NM_SETTING_SECRET_FLAG_NOT_SAVED;
|
||||
nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENCONNECT_KEY_GATEWAY, flags, NULL);
|
||||
nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENCONNECT_KEY_COOKIE, flags, NULL);
|
||||
nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENCONNECT_KEY_GWCERT, flags, NULL);
|
||||
|
||||
/* These are purely internal data for the auth-dialog, and should be stored */
|
||||
flags = 0;
|
||||
nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENCONNECT_KEY_XMLCONFIG, flags, NULL);
|
||||
nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENCONNECT_KEY_LASTHOST, flags, NULL);
|
||||
nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENCONNECT_KEY_AUTOCONNECT, flags, NULL);
|
||||
nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENCONNECT_KEY_CERTSIGS, flags, NULL);
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
#define IP_ADDRESS_CHARS "0123456789abcdefABCDEF:.%"
|
||||
#define DIGITS "0123456789"
|
||||
#define DELIMITERS "/;,"
|
||||
@@ -1024,6 +1071,7 @@ read_hash_of_string (GKeyFile *file, NMSetting *setting, const char *key)
|
||||
nm_setting_bond_add_option (NM_SETTING_BOND (setting), name, value);
|
||||
}
|
||||
}
|
||||
openconnect_fix_secret_flags (setting);
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -178,7 +178,6 @@ static void default_wired_clear_tag (NMSettings *self,
|
||||
NMSettingsConnection *connection,
|
||||
gboolean add_to_no_auto_default);
|
||||
|
||||
static void openconnect_migrate_hack (NMConnection *connection);
|
||||
static void _clear_connections_cached_list (NMSettingsPrivate *priv);
|
||||
|
||||
/*****************************************************************************/
|
||||
@@ -474,10 +473,6 @@ claim_connection (NMSettings *self, NMSettingsConnection *sett_conn)
|
||||
/* Ensure its initial visibility is up-to-date */
|
||||
nm_settings_connection_recheck_visibility (sett_conn);
|
||||
|
||||
/* Evil openconnect migration hack */
|
||||
/* FIXME(copy-on-write-connection): avoid modifying NMConnection instances and share them via copy-on-write. */
|
||||
openconnect_migrate_hack (nm_settings_connection_get_connection (sett_conn));
|
||||
|
||||
/* This one unexports the connection, it needs to run late to give the active
|
||||
* connection a chance to deal with its reference to this settings connection. */
|
||||
g_signal_connect_after (sett_conn, NM_SETTINGS_CONNECTION_REMOVED,
|
||||
@@ -532,48 +527,6 @@ claim_connection (NMSettings *self, NMSettingsConnection *sett_conn)
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
#define NM_DBUS_SERVICE_OPENCONNECT "org.freedesktop.NetworkManager.openconnect"
|
||||
#define NM_OPENCONNECT_KEY_GATEWAY "gateway"
|
||||
#define NM_OPENCONNECT_KEY_COOKIE "cookie"
|
||||
#define NM_OPENCONNECT_KEY_GWCERT "gwcert"
|
||||
#define NM_OPENCONNECT_KEY_XMLCONFIG "xmlconfig"
|
||||
#define NM_OPENCONNECT_KEY_LASTHOST "lasthost"
|
||||
#define NM_OPENCONNECT_KEY_AUTOCONNECT "autoconnect"
|
||||
#define NM_OPENCONNECT_KEY_CERTSIGS "certsigs"
|
||||
|
||||
static void
|
||||
openconnect_migrate_hack (NMConnection *connection)
|
||||
{
|
||||
NMSettingVpn *s_vpn;
|
||||
NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NOT_SAVED;
|
||||
|
||||
/* Huge hack. There were some openconnect changes that needed to happen
|
||||
* pretty late, too late to get into distros. Migration has already
|
||||
* happened for many people, and their secret flags are wrong. But we
|
||||
* don't want to requrie re-migration, so we have to fix it up here. Ugh.
|
||||
*/
|
||||
|
||||
s_vpn = nm_connection_get_setting_vpn (connection);
|
||||
if (s_vpn == NULL)
|
||||
return;
|
||||
|
||||
if (g_strcmp0 (nm_setting_vpn_get_service_type (s_vpn), NM_DBUS_SERVICE_OPENCONNECT) == 0) {
|
||||
/* These are different for every login session, and should not be stored */
|
||||
nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENCONNECT_KEY_GATEWAY, flags, NULL);
|
||||
nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENCONNECT_KEY_COOKIE, flags, NULL);
|
||||
nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENCONNECT_KEY_GWCERT, flags, NULL);
|
||||
|
||||
/* These are purely internal data for the auth-dialog, and should be stored */
|
||||
flags = 0;
|
||||
nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENCONNECT_KEY_XMLCONFIG, flags, NULL);
|
||||
nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENCONNECT_KEY_LASTHOST, flags, NULL);
|
||||
nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENCONNECT_KEY_AUTOCONNECT, flags, NULL);
|
||||
nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENCONNECT_KEY_CERTSIGS, flags, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
static gboolean
|
||||
secrets_filter_cb (NMSetting *setting,
|
||||
const char *secret,
|
||||
|
||||
Reference in New Issue
Block a user