clients: only handle secret requests for connection being explicitly activated

When a connection is being activated, nmcli could ask for secrets for another connection, which might confuse users. We check the request now and only ask for secrets of connection being activated. Test case: $ nmcli con up my-ethernet0 Passwords or encryption keys are required to access the wireless network 'Red Hat'. Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
2014-11-11 13:15:19 +01:00
parent dcb25a37a5
commit a928ce89ef
5 changed files with 28 additions and 8 deletions
--- a/clients/cli/agent.c
+++ b/clients/cli/agent.c
@@ -142,7 +142,7 @@ static NMCResultCode
 do_agent_secret (NmCli *nmc, int argc, char **argv)
 {
 	/* Create secret agent */
-	nmc->secret_agent = nm_secret_agent_simple_new ("nmcli-agent");
+	nmc->secret_agent = nm_secret_agent_simple_new ("nmcli-agent", NULL);
 	if (nmc->secret_agent) {
 		/* We keep running */
 		nmc->should_wait = TRUE;
--- a/clients/cli/connections.c
+++ b/clients/cli/connections.c
@@ -2109,6 +2109,7 @@ nmc_activate_connection (NmCli *nmc,
                         GError **error)
 {
 	ActivateConnectionInfo *info;
+
 	GHashTable *pwds_hash;
 	NMDevice *device = NULL;
 	const char *spec_object = NULL;
@@ -2153,7 +2154,7 @@ nmc_activate_connection (NmCli *nmc,
 	nmc->pwds_hash = pwds_hash;

 	/* Create secret agent */
-	nmc->secret_agent = nm_secret_agent_simple_new ("nmcli-connect");
+	nmc->secret_agent = nm_secret_agent_simple_new ("nmcli-connect", nm_object_get_path (NM_OBJECT (connection)));
 	if (nmc->secret_agent)
 		g_signal_connect (nmc->secret_agent, "request-secrets", G_CALLBACK (secrets_requested), nmc);

--- a/clients/common/nm-secret-agent-simple.c
+++ b/clients/common/nm-secret-agent-simple.c
@@ -61,6 +61,8 @@ typedef struct {
 typedef struct {
 	/* <char *request_id, NMSecretAgentSimpleRequest *request> */
 	GHashTable *requests;
+
+	char *path;
 } NMSecretAgentSimplePrivate;

 static void
@@ -110,6 +112,8 @@ nm_secret_agent_simple_finalize (GObject *object)
 	g_hash_table_destroy (priv->requests);
 	g_error_free (error);

+	g_free (priv->path);
+
 	G_OBJECT_CLASS (nm_secret_agent_simple_parent_class)->finalize (object);
 }

@@ -447,6 +451,14 @@ nm_secret_agent_simple_get_secrets (NMSecretAgent                 *agent,
 		return;
 	}

+	if (priv->path && g_strcmp0 (priv->path, connection_path) != 0) {
+		/* We only handle requests for connection with @path if set. */
+		error = g_error_new (NM_SECRET_AGENT_ERROR, NM_SECRET_AGENT_ERROR_FAILED,
+		                     "Request for %s secrets doesn't match path %s",
+		                     request_id, priv->path);
+		goto nope;
+	}
+
 	s_con = nm_connection_get_setting_connection (connection);
 	connection_type = nm_setting_connection_get_connection_type (s_con);

@@ -627,15 +639,22 @@ nm_secret_agent_simple_class_init (NMSecretAgentSimpleClass *klass)
 /**
 * nm_secret_agent_simple_new:
 * @name: the identifier of secret agent
+ * @path: (allow-none): the path of the connection the agent handle secrets for,
+ *   or %NULL to handle requests for all connections
 *
 * Creates a new #NMSecretAgentSimple.
 *
 * Returns: a new #NMSecretAgentSimple
 */
 NMSecretAgent *
-nm_secret_agent_simple_new (const char *name)
+nm_secret_agent_simple_new (const char *name, const char *path)
 {
-	return g_initable_new (NM_TYPE_SECRET_AGENT_SIMPLE, NULL, NULL,
+	NMSecretAgent *agent;
+
+	agent = g_initable_new (NM_TYPE_SECRET_AGENT_SIMPLE, NULL, NULL,
 	                        NM_SECRET_AGENT_IDENTIFIER, name,
 	                        NULL);
+	NM_SECRET_AGENT_SIMPLE_GET_PRIVATE (agent)->path = g_strdup (path);
+
+	return agent;
 }
--- a/clients/common/nm-secret-agent-simple.h
+++ b/clients/common/nm-secret-agent-simple.h
@@ -47,7 +47,7 @@ typedef struct {

 GType nm_secret_agent_simple_get_type (void);

-NMSecretAgent *nm_secret_agent_simple_new      (const char *name);
+NMSecretAgent *nm_secret_agent_simple_new      (const char *name, const char *path);
 void           nm_secret_agent_simple_response (NMSecretAgentSimple *self,
                                                const char          *request_id,
                                                GPtrArray           *secrets);
--- a/clients/tui/nmtui-connect.c
+++ b/clients/tui/nmtui-connect.c
@@ -145,7 +145,7 @@ activate_connection (NMConnection *connection,
 	label = nmt_newt_label_new (_("Connecting..."));
 	nmt_newt_form_set_content (form, label);

-	agent = nm_secret_agent_simple_new ("nmtui");
+	agent = nm_secret_agent_simple_new ("nmtui", nm_object_get_path (NM_OBJECT (connection)));
 	g_signal_connect (agent, "request-secrets", G_CALLBACK (secrets_requested), NULL);

 	specific_object_path = specific_object ? nm_object_get_path (specific_object) : NULL;