|
Packit Service |
87a54e |
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
|
Packit |
5756e2 |
/*
|
|
Packit |
5756e2 |
* Copyright (C) 2011 - 2015 Red Hat, Inc.
|
|
Packit |
5756e2 |
* Copyright (C) 2011 Giovanni Campagna <scampa.giovanni@gmail.com>
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/**
|
|
Packit |
5756e2 |
* SECTION:nm-secret-agent-simple
|
|
Packit |
5756e2 |
* @short_description: A simple secret agent for NetworkManager
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* #NMSecretAgentSimple is the secret agent used by nmtui-connect and nmcli.
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* This is a stripped-down version of gnome-shell's ShellNetworkAgent,
|
|
Packit |
5756e2 |
* with bits of the corresponding JavaScript code squished down into
|
|
Packit |
5756e2 |
* it. It is intended to eventually be generic enough that it could
|
|
Packit |
5756e2 |
* replace ShellNetworkAgent.
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
|
|
Packit Service |
2bceb2 |
#include "libnm/nm-default-client.h"
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#include "nm-secret-agent-simple.h"
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#include <gio/gunixoutputstream.h>
|
|
Packit |
5756e2 |
#include <gio/gunixinputstream.h>
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#include "nm-vpn-service-plugin.h"
|
|
Packit |
5756e2 |
#include "nm-vpn-helpers.h"
|
|
Packit |
5756e2 |
#include "nm-glib-aux/nm-secret-utils.h"
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
typedef struct {
|
|
Packit Service |
a1bd4f |
char *request_id;
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimple *self;
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
NMConnection * connection;
|
|
Packit Service |
a1bd4f |
const char * setting_name;
|
|
Packit Service |
a1bd4f |
char ** hints;
|
|
Packit Service |
a1bd4f |
NMSecretAgentOldGetSecretsFunc callback;
|
|
Packit Service |
a1bd4f |
gpointer callback_data;
|
|
Packit Service |
a1bd4f |
GCancellable * cancellable;
|
|
Packit Service |
a1bd4f |
NMSecretAgentGetSecretsFlags flags;
|
|
Packit |
5756e2 |
} RequestData;
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
enum {
|
|
Packit Service |
a1bd4f |
REQUEST_SECRETS,
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
LAST_SIGNAL
|
|
Packit |
5756e2 |
};
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
static guint signals[LAST_SIGNAL] = {0};
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
typedef struct {
|
|
Packit Service |
a1bd4f |
GHashTable *requests;
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
char * path;
|
|
Packit Service |
a1bd4f |
gboolean enabled;
|
|
Packit |
5756e2 |
} NMSecretAgentSimplePrivate;
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
struct _NMSecretAgentSimple {
|
|
Packit Service |
a1bd4f |
NMSecretAgentOld parent;
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimplePrivate _priv;
|
|
Packit |
5756e2 |
};
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
struct _NMSecretAgentSimpleClass {
|
|
Packit Service |
a1bd4f |
NMSecretAgentOldClass parent;
|
|
Packit |
5756e2 |
};
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
G_DEFINE_TYPE(NMSecretAgentSimple, nm_secret_agent_simple, NM_TYPE_SECRET_AGENT_OLD)
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
#define NM_SECRET_AGENT_SIMPLE_GET_PRIVATE(self) \
|
|
Packit Service |
a1bd4f |
_NM_GET_PRIVATE(self, NMSecretAgentSimple, NM_IS_SECRET_AGENT_SIMPLE, NMSecretAgentOld)
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
_request_data_free(gpointer data)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
RequestData *request = data;
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
g_free(request->request_id);
|
|
Packit Service |
a1bd4f |
nm_clear_g_cancellable(&request->cancellable);
|
|
Packit Service |
a1bd4f |
g_object_unref(request->connection);
|
|
Packit Service |
a1bd4f |
g_strfreev(request->hints);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
g_slice_free(RequestData, request);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
_request_data_complete(RequestData * request,
|
|
Packit Service |
a1bd4f |
GVariant * secrets,
|
|
Packit Service |
a1bd4f |
GError * error,
|
|
Packit Service |
a1bd4f |
GHashTableIter *iter_to_remove)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimple * self = request->self;
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimplePrivate *priv = NM_SECRET_AGENT_SIMPLE_GET_PRIVATE(self);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
nm_assert((secrets != NULL) != (error != NULL));
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
request->callback(NM_SECRET_AGENT_OLD(request->self),
|
|
Packit Service |
a1bd4f |
request->connection,
|
|
Packit Service |
a1bd4f |
secrets,
|
|
Packit Service |
a1bd4f |
error,
|
|
Packit Service |
a1bd4f |
request->callback_data);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
if (iter_to_remove)
|
|
Packit Service |
a1bd4f |
g_hash_table_iter_remove(iter_to_remove);
|
|
Packit Service |
a1bd4f |
else
|
|
Packit Service |
a1bd4f |
g_hash_table_remove(priv->requests, request);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/**
|
|
Packit |
5756e2 |
* NMSecretAgentSimpleSecret:
|
|
Packit |
5756e2 |
* @name: the user-visible name of the secret. Eg, "WEP Passphrase".
|
|
Packit |
5756e2 |
* @value: the value of the secret
|
|
Packit |
5756e2 |
* @password: %TRUE if this secret represents a password, %FALSE
|
|
Packit |
5756e2 |
* if it represents non-secret data.
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* A single "secret" being requested.
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
typedef struct {
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimpleSecret base;
|
|
Packit Service |
a1bd4f |
NMSetting * setting;
|
|
Packit Service |
a1bd4f |
char * property;
|
|
Packit |
5756e2 |
} SecretReal;
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
_secret_real_free(NMSecretAgentSimpleSecret *secret)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
SecretReal *real = (SecretReal *) secret;
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
g_free((char *) secret->pretty_name);
|
|
Packit Service |
a1bd4f |
g_free((char *) secret->entry_id);
|
|
Packit Service |
a1bd4f |
nm_free_secret(secret->value);
|
|
Packit Service |
a1bd4f |
g_free((char *) secret->vpn_type);
|
|
Packit Service |
a1bd4f |
g_free(real->property);
|
|
Packit Service |
a1bd4f |
g_clear_object(&real->setting);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
g_slice_free(SecretReal, real);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static NMSecretAgentSimpleSecret *
|
|
Packit Service |
a1bd4f |
_secret_real_new_plain(NMSecretAgentSecretType secret_type,
|
|
Packit Service |
a1bd4f |
const char * pretty_name,
|
|
Packit Service |
a1bd4f |
NMSetting * setting,
|
|
Packit Service |
a1bd4f |
const char * property)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
SecretReal * real;
|
|
Packit Service |
a1bd4f |
gs_free char *value = NULL;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
nm_assert(property);
|
|
Packit Service |
a1bd4f |
nm_assert(NM_IS_SETTING(setting));
|
|
Packit Service |
a1bd4f |
nm_assert(NM_IN_SET(secret_type,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_SECRET_TYPE_PROPERTY,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_SECRET_TYPE_SECRET));
|
|
Packit Service |
a1bd4f |
nm_assert(g_object_class_find_property(G_OBJECT_GET_CLASS(setting), property));
|
|
Packit Service |
a1bd4f |
nm_assert((secret_type == NM_SECRET_AGENT_SECRET_TYPE_SECRET)
|
|
Packit Service |
a1bd4f |
== nm_setting_get_secret_flags(setting, property, NULL, NULL));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_object_get(setting, property, &value, NULL);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
real = g_slice_new(SecretReal);
|
|
Packit Service |
a1bd4f |
*real = (SecretReal){
|
|
Packit Service |
a1bd4f |
.base.secret_type = secret_type,
|
|
Packit Service |
a1bd4f |
.base.pretty_name = g_strdup(pretty_name),
|
|
Packit Service |
a1bd4f |
.base.entry_id = g_strdup_printf("%s.%s", nm_setting_get_name(setting), property),
|
|
Packit Service |
a1bd4f |
.base.value = g_steal_pointer(&value),
|
|
Packit Service |
a1bd4f |
.base.is_secret = (secret_type != NM_SECRET_AGENT_SECRET_TYPE_PROPERTY),
|
|
Packit Service |
a1bd4f |
.setting = g_object_ref(setting),
|
|
Packit Service |
a1bd4f |
.property = g_strdup(property),
|
|
Packit Service |
a1bd4f |
};
|
|
Packit Service |
a1bd4f |
return &real->base;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static NMSecretAgentSimpleSecret *
|
|
Packit Service |
a1bd4f |
_secret_real_new_vpn_secret(const char *pretty_name,
|
|
Packit Service |
a1bd4f |
NMSetting * setting,
|
|
Packit Service |
a1bd4f |
const char *property,
|
|
Packit Service |
a1bd4f |
const char *vpn_type)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
SecretReal *real;
|
|
Packit Service |
a1bd4f |
const char *value;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
nm_assert(property);
|
|
Packit Service |
a1bd4f |
nm_assert(NM_IS_SETTING_VPN(setting));
|
|
Packit Service |
a1bd4f |
nm_assert(vpn_type);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
value = nm_setting_vpn_get_secret(NM_SETTING_VPN(setting), property);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
real = g_slice_new(SecretReal);
|
|
Packit Service |
a1bd4f |
*real = (SecretReal){
|
|
Packit Service |
a1bd4f |
.base.secret_type = NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET,
|
|
Packit Service |
a1bd4f |
.base.pretty_name = g_strdup(pretty_name),
|
|
Packit Service |
a1bd4f |
.base.entry_id =
|
|
Packit Service |
a1bd4f |
g_strdup_printf("%s%s", NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS, property),
|
|
Packit Service |
a1bd4f |
.base.value = g_strdup(value),
|
|
Packit Service |
a1bd4f |
.base.is_secret = TRUE,
|
|
Packit Service |
a1bd4f |
.base.vpn_type = g_strdup(vpn_type),
|
|
Packit Service |
a1bd4f |
.setting = g_object_ref(setting),
|
|
Packit Service |
a1bd4f |
.property = g_strdup(property),
|
|
Packit Service |
a1bd4f |
};
|
|
Packit Service |
a1bd4f |
return &real->base;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static NMSecretAgentSimpleSecret *
|
|
Packit Service |
a1bd4f |
_secret_real_new_wireguard_peer_psk(NMSettingWireGuard *s_wg,
|
|
Packit Service |
a1bd4f |
const char * public_key,
|
|
Packit Service |
a1bd4f |
const char * preshared_key)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
SecretReal *real;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
nm_assert(NM_IS_SETTING_WIREGUARD(s_wg));
|
|
Packit Service |
a1bd4f |
nm_assert(public_key);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
real = g_slice_new(SecretReal);
|
|
Packit Service |
a1bd4f |
*real = (SecretReal){
|
|
Packit Service |
a1bd4f |
.base.secret_type = NM_SECRET_AGENT_SECRET_TYPE_WIREGUARD_PEER_PSK,
|
|
Packit Service |
a1bd4f |
.base.pretty_name = g_strdup_printf(_("Preshared-key for %s"), public_key),
|
|
Packit Service |
a1bd4f |
.base.entry_id = g_strdup_printf(NM_SETTING_WIREGUARD_SETTING_NAME
|
|
Packit Service |
a1bd4f |
"." NM_SETTING_WIREGUARD_PEERS
|
|
Packit Service |
a1bd4f |
".%s." NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY,
|
|
Packit Service |
a1bd4f |
public_key),
|
|
Packit Service |
a1bd4f |
.base.value = g_strdup(preshared_key),
|
|
Packit Service |
a1bd4f |
.base.is_secret = TRUE,
|
|
Packit Service |
a1bd4f |
.base.no_prompt_entry_id = TRUE,
|
|
Packit Service |
a1bd4f |
.setting = NM_SETTING(g_object_ref(s_wg)),
|
|
Packit Service |
a1bd4f |
.property = g_strdup(public_key),
|
|
Packit Service |
a1bd4f |
};
|
|
Packit Service |
a1bd4f |
return &real->base;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static gboolean
|
|
Packit Service |
a1bd4f |
add_8021x_secrets(RequestData *request, GPtrArray *secrets)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSetting8021x * s_8021x = nm_connection_get_setting_802_1x(request->connection);
|
|
Packit Service |
a1bd4f |
const char * eap_method;
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimpleSecret *secret;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
/* If hints are given, then always ask for what the hints require */
|
|
Packit Service |
a1bd4f |
if (request->hints && request->hints[0]) {
|
|
Packit Service |
a1bd4f |
char **iter;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
for (iter = request->hints; *iter; iter++) {
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_SECRET,
|
|
Packit Service |
a1bd4f |
_(*iter),
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_8021x),
|
|
Packit Service |
a1bd4f |
*iter);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
return TRUE;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
eap_method = nm_setting_802_1x_get_eap_method(s_8021x, 0);
|
|
Packit Service |
a1bd4f |
if (!eap_method)
|
|
Packit Service |
a1bd4f |
return FALSE;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (NM_IN_STRSET(eap_method, "md5", "leap", "ttls", "peap")) {
|
|
Packit Service |
a1bd4f |
/* TTLS and PEAP are actually much more complicated, but this complication
|
|
Packit Service |
a1bd4f |
* is not visible here since we only care about phase2 authentication
|
|
Packit Service |
a1bd4f |
* (and don't even care of which one)
|
|
Packit Service |
a1bd4f |
*/
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_PROPERTY,
|
|
Packit Service |
a1bd4f |
_("Username"),
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_8021x),
|
|
Packit Service |
a1bd4f |
NM_SETTING_802_1X_IDENTITY);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_SECRET,
|
|
Packit Service |
a1bd4f |
_("Password"),
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_8021x),
|
|
Packit Service |
a1bd4f |
NM_SETTING_802_1X_PASSWORD);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
return TRUE;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (nm_streq(eap_method, "tls")) {
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_PROPERTY,
|
|
Packit Service |
a1bd4f |
_("Identity"),
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_8021x),
|
|
Packit Service |
a1bd4f |
NM_SETTING_802_1X_IDENTITY);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_SECRET,
|
|
Packit Service |
a1bd4f |
_("Private key password"),
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_8021x),
|
|
Packit Service |
a1bd4f |
NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
return TRUE;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
return FALSE;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static gboolean
|
|
Packit Service |
a1bd4f |
add_wireless_secrets(RequestData *request, GPtrArray *secrets)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSettingWirelessSecurity *s_wsec =
|
|
Packit Service |
a1bd4f |
nm_connection_get_setting_wireless_security(request->connection);
|
|
Packit Service |
a1bd4f |
const char * key_mgmt = nm_setting_wireless_security_get_key_mgmt(s_wsec);
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimpleSecret *secret;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (!key_mgmt || nm_streq(key_mgmt, "owe"))
|
|
Packit Service |
a1bd4f |
return FALSE;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (NM_IN_STRSET(key_mgmt, "wpa-psk", "sae")) {
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_SECRET,
|
|
Packit Service |
a1bd4f |
_("Password"),
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_wsec),
|
|
Packit Service |
a1bd4f |
NM_SETTING_WIRELESS_SECURITY_PSK);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
return TRUE;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (nm_streq(key_mgmt, "none")) {
|
|
Packit Service |
a1bd4f |
guint32 index;
|
|
Packit Service |
a1bd4f |
char key[100];
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
index = nm_setting_wireless_security_get_wep_tx_keyidx(s_wsec);
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_SECRET,
|
|
Packit Service |
a1bd4f |
_("Key"),
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_wsec),
|
|
Packit Service |
a1bd4f |
nm_sprintf_buf(key, "wep-key%u", (guint) index));
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
return TRUE;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (nm_streq(key_mgmt, "iee8021x")) {
|
|
Packit Service |
a1bd4f |
if (nm_streq0(nm_setting_wireless_security_get_auth_alg(s_wsec), "leap")) {
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_SECRET,
|
|
Packit Service |
a1bd4f |
_("Password"),
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_wsec),
|
|
Packit Service |
a1bd4f |
NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
return TRUE;
|
|
Packit Service |
a1bd4f |
} else
|
|
Packit Service |
a1bd4f |
return add_8021x_secrets(request, secrets);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
d0b836 |
if (nm_streq(key_mgmt, "wpa-eap") || nm_streq(key_mgmt, "wpa-eap-suite-b-192"))
|
|
Packit Service |
a1bd4f |
return add_8021x_secrets(request, secrets);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
return FALSE;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static gboolean
|
|
Packit Service |
a1bd4f |
add_pppoe_secrets(RequestData *request, GPtrArray *secrets)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSettingPppoe * s_pppoe = nm_connection_get_setting_pppoe(request->connection);
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimpleSecret *secret;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_PROPERTY,
|
|
Packit Service |
a1bd4f |
_("Username"),
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_pppoe),
|
|
Packit Service |
a1bd4f |
NM_SETTING_PPPOE_USERNAME);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_PROPERTY,
|
|
Packit Service |
a1bd4f |
_("Service"),
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_pppoe),
|
|
Packit Service |
a1bd4f |
NM_SETTING_PPPOE_SERVICE);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_SECRET,
|
|
Packit Service |
a1bd4f |
_("Password"),
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_pppoe),
|
|
Packit Service |
a1bd4f |
NM_SETTING_PPPOE_PASSWORD);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
return TRUE;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static NMSettingSecretFlags
|
|
Packit Service |
a1bd4f |
get_vpn_secret_flags(NMSettingVpn *s_vpn, const char *secret_name)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
|
|
Packit Service |
a1bd4f |
GHashTable * vpn_data;
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
g_object_get(s_vpn, NM_SETTING_VPN_DATA, &vpn_data, NULL);
|
|
Packit Service |
a1bd4f |
nm_vpn_service_plugin_get_secret_flags(vpn_data, secret_name, &flags);
|
|
Packit Service |
a1bd4f |
g_hash_table_unref(vpn_data);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
return flags;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
add_vpn_secret_helper(GPtrArray * secrets,
|
|
Packit Service |
a1bd4f |
NMSettingVpn *s_vpn,
|
|
Packit Service |
a1bd4f |
const char * name,
|
|
Packit Service |
a1bd4f |
const char * ui_name)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimpleSecret *secret;
|
|
Packit Service |
a1bd4f |
NMSettingSecretFlags flags;
|
|
Packit Service |
a1bd4f |
int i;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
flags = get_vpn_secret_flags(s_vpn, name);
|
|
Packit Service |
a1bd4f |
if (flags & NM_SETTING_SECRET_FLAG_AGENT_OWNED || flags & NM_SETTING_SECRET_FLAG_NOT_SAVED) {
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_vpn_secret(ui_name,
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_vpn),
|
|
Packit Service |
a1bd4f |
name,
|
|
Packit Service |
a1bd4f |
nm_setting_vpn_get_service_type(s_vpn));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
/* Check for duplicates */
|
|
Packit Service |
a1bd4f |
for (i = 0; i < secrets->len; i++) {
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimpleSecret *s = secrets->pdata[i];
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (s->secret_type == secret->secret_type && nm_streq0(s->vpn_type, secret->vpn_type)
|
|
Packit Service |
a1bd4f |
&& nm_streq0(s->entry_id, secret->entry_id)) {
|
|
Packit Service |
a1bd4f |
_secret_real_free(secret);
|
|
Packit Service |
a1bd4f |
return;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#define VPN_MSG_TAG "x-vpn-message:"
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static gboolean
|
|
Packit Service |
a1bd4f |
add_vpn_secrets(RequestData *request, GPtrArray *secrets, char **msg)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSettingVpn * s_vpn = nm_connection_get_setting_vpn(request->connection);
|
|
Packit Service |
a1bd4f |
const NmcVpnPasswordName *p;
|
|
Packit Service |
a1bd4f |
const char * vpn_msg = NULL;
|
|
Packit Service |
a1bd4f |
char ** iter;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
/* If hints are given, then always ask for what the hints require */
|
|
Packit Service |
a1bd4f |
if (request->hints) {
|
|
Packit Service |
a1bd4f |
for (iter = request->hints; *iter; iter++) {
|
|
Packit Service |
a1bd4f |
if (!vpn_msg && g_str_has_prefix(*iter, VPN_MSG_TAG))
|
|
Packit Service |
a1bd4f |
vpn_msg = &(*iter)[NM_STRLEN(VPN_MSG_TAG)];
|
|
Packit Service |
a1bd4f |
else
|
|
Packit Service |
a1bd4f |
add_vpn_secret_helper(secrets, s_vpn, *iter, *iter);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
NM_SET_OUT(msg, g_strdup(vpn_msg));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
/* Now add what client thinks might be required, because hints may be empty or incomplete */
|
|
Packit Service |
a1bd4f |
p = nm_vpn_get_secret_names(nm_setting_vpn_get_service_type(s_vpn));
|
|
Packit Service |
a1bd4f |
while (p && p->name) {
|
|
Packit Service |
a1bd4f |
add_vpn_secret_helper(secrets, s_vpn, p->name, _(p->ui_name));
|
|
Packit Service |
a1bd4f |
p++;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
return TRUE;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static gboolean
|
|
Packit Service |
a1bd4f |
add_wireguard_secrets(RequestData *request, GPtrArray *secrets, char **msg, GError **error)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSettingWireGuard * s_wg;
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimpleSecret *secret;
|
|
Packit Service |
a1bd4f |
guint i;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
s_wg = NM_SETTING_WIREGUARD(
|
|
Packit Service |
a1bd4f |
nm_connection_get_setting(request->connection, NM_TYPE_SETTING_WIREGUARD));
|
|
Packit Service |
a1bd4f |
if (!s_wg) {
|
|
Packit Service |
a1bd4f |
g_set_error(error,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_ERROR,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_ERROR_FAILED,
|
|
Packit Service |
a1bd4f |
"Cannot service a WireGuard secrets request %s for a connection without "
|
|
Packit Service |
a1bd4f |
"WireGuard settings",
|
|
Packit Service |
a1bd4f |
request->request_id);
|
|
Packit Service |
a1bd4f |
return FALSE;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (!request->hints || !request->hints[0]
|
|
Packit Service |
a1bd4f |
|| g_strv_contains(NM_CAST_STRV_CC(request->hints), NM_SETTING_WIREGUARD_PRIVATE_KEY)) {
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_SECRET,
|
|
Packit Service |
a1bd4f |
_("WireGuard private-key"),
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_wg),
|
|
Packit Service |
a1bd4f |
NM_SETTING_WIREGUARD_PRIVATE_KEY);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (request->hints) {
|
|
Packit Service |
a1bd4f |
for (i = 0; request->hints[i]; i++) {
|
|
Packit Service |
a1bd4f |
NMWireGuardPeer *peer;
|
|
Packit Service |
a1bd4f |
const char * name = request->hints[i];
|
|
Packit Service |
a1bd4f |
gs_free char * public_key = NULL;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (nm_streq(name, NM_SETTING_WIREGUARD_PRIVATE_KEY))
|
|
Packit Service |
a1bd4f |
continue;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (NM_STR_HAS_PREFIX(name, NM_SETTING_WIREGUARD_PEERS ".")) {
|
|
Packit Service |
a1bd4f |
const char *tmp;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
tmp = &name[NM_STRLEN(NM_SETTING_WIREGUARD_PEERS ".")];
|
|
Packit Service |
a1bd4f |
if (NM_STR_HAS_SUFFIX(tmp, "." NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY)) {
|
|
Packit Service |
a1bd4f |
public_key = g_strndup(
|
|
Packit Service |
a1bd4f |
tmp,
|
|
Packit Service |
a1bd4f |
strlen(tmp) - NM_STRLEN("." NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY));
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (!public_key)
|
|
Packit Service |
a1bd4f |
continue;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
peer = nm_setting_wireguard_get_peer_by_public_key(s_wg, public_key, NULL);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets,
|
|
Packit Service |
a1bd4f |
_secret_real_new_wireguard_peer_psk(
|
|
Packit Service |
a1bd4f |
s_wg,
|
|
Packit Service |
a1bd4f |
(peer ? nm_wireguard_peer_get_public_key(peer) : public_key),
|
|
Packit Service |
a1bd4f |
(peer ? nm_wireguard_peer_get_preshared_key(peer) : NULL)));
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
*msg = g_strdup_printf(_("Secrets are required to connect WireGuard VPN '%s'"),
|
|
Packit Service |
a1bd4f |
nm_connection_get_id(request->connection));
|
|
Packit Service |
a1bd4f |
return TRUE;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
typedef struct {
|
|
Packit Service |
a1bd4f |
GPid auth_dialog_pid;
|
|
Packit Service |
a1bd4f |
GString * auth_dialog_response;
|
|
Packit Service |
a1bd4f |
RequestData * request;
|
|
Packit Service |
a1bd4f |
GPtrArray * secrets;
|
|
Packit Service |
a1bd4f |
GCancellable * cancellable;
|
|
Packit Service |
a1bd4f |
gulong cancellable_id;
|
|
Packit Service |
a1bd4f |
guint child_watch_id;
|
|
Packit Service |
a1bd4f |
GInputStream * input_stream;
|
|
Packit Service |
a1bd4f |
GOutputStream *output_stream;
|
|
Packit Service |
a1bd4f |
char read_buf[5];
|
|
Packit |
5756e2 |
} AuthDialogData;
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
_auth_dialog_data_free(AuthDialogData *data)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
nm_clear_g_signal_handler(data->cancellable, &data->cancellable_id);
|
|
Packit Service |
a1bd4f |
g_clear_object(&data->cancellable);
|
|
Packit Service |
a1bd4f |
nm_clear_g_source(&data->child_watch_id);
|
|
Packit Service |
a1bd4f |
g_ptr_array_unref(data->secrets);
|
|
Packit Service |
a1bd4f |
g_spawn_close_pid(data->auth_dialog_pid);
|
|
Packit Service |
a1bd4f |
g_string_free(data->auth_dialog_response, TRUE);
|
|
Packit Service |
a1bd4f |
g_object_unref(data->input_stream);
|
|
Packit Service |
a1bd4f |
g_object_unref(data->output_stream);
|
|
Packit Service |
a1bd4f |
g_slice_free(AuthDialogData, data);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
_auth_dialog_exited(GPid pid, int status, gpointer user_data)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
AuthDialogData * data = user_data;
|
|
Packit Service |
a1bd4f |
RequestData * request = data->request;
|
|
Packit Service |
a1bd4f |
GPtrArray * secrets = data->secrets;
|
|
Packit Service |
a1bd4f |
NMSettingVpn * s_vpn = nm_connection_get_setting_vpn(request->connection);
|
|
Packit Service |
a1bd4f |
nm_auto_unref_keyfile GKeyFile *keyfile = NULL;
|
|
Packit Service |
a1bd4f |
gs_strfreev char ** groups = NULL;
|
|
Packit Service |
a1bd4f |
gs_free char * title = NULL;
|
|
Packit Service |
a1bd4f |
gs_free char * message = NULL;
|
|
Packit Service |
a1bd4f |
int i;
|
|
Packit Service |
a1bd4f |
gs_free_error GError *error = NULL;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
data->child_watch_id = 0;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
nm_clear_g_cancellable_disconnect(data->cancellable, &data->cancellable_id);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (status != 0) {
|
|
Packit Service |
a1bd4f |
g_set_error(&error,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_ERROR,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_ERROR_FAILED,
|
|
Packit Service |
a1bd4f |
"Auth dialog failed with error code %d\n",
|
|
Packit Service |
a1bd4f |
status);
|
|
Packit Service |
a1bd4f |
goto out;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
keyfile = g_key_file_new();
|
|
Packit Service |
a1bd4f |
if (!g_key_file_load_from_data(keyfile,
|
|
Packit Service |
a1bd4f |
data->auth_dialog_response->str,
|
|
Packit Service |
a1bd4f |
data->auth_dialog_response->len,
|
|
Packit Service |
a1bd4f |
G_KEY_FILE_NONE,
|
|
Packit Service |
a1bd4f |
&error)) {
|
|
Packit Service |
a1bd4f |
goto out;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
groups = g_key_file_get_groups(keyfile, NULL);
|
|
Packit Service |
a1bd4f |
if (!nm_streq0(groups[0], "VPN Plugin UI")) {
|
|
Packit Service |
a1bd4f |
g_set_error(&error,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_ERROR,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_ERROR_FAILED,
|
|
Packit Service |
a1bd4f |
"Expected [VPN Plugin UI] in auth dialog response");
|
|
Packit Service |
a1bd4f |
goto out;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
title = g_key_file_get_string(keyfile, "VPN Plugin UI", "Title", &error);
|
|
Packit Service |
a1bd4f |
if (!title)
|
|
Packit Service |
a1bd4f |
goto out;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
message = g_key_file_get_string(keyfile, "VPN Plugin UI", "Description", &error);
|
|
Packit Service |
a1bd4f |
if (!message)
|
|
Packit Service |
a1bd4f |
goto out;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
for (i = 1; groups[i]; i++) {
|
|
Packit Service |
a1bd4f |
gs_free char *pretty_name = NULL;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (!g_key_file_get_boolean(keyfile, groups[i], "IsSecret", NULL))
|
|
Packit Service |
a1bd4f |
continue;
|
|
Packit Service |
a1bd4f |
if (!g_key_file_get_boolean(keyfile, groups[i], "ShouldAsk", NULL))
|
|
Packit Service |
a1bd4f |
continue;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
pretty_name = g_key_file_get_string(keyfile, groups[i], "Label", NULL);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets,
|
|
Packit Service |
a1bd4f |
_secret_real_new_vpn_secret(pretty_name,
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_vpn),
|
|
Packit Service |
a1bd4f |
groups[i],
|
|
Packit Service |
a1bd4f |
nm_setting_vpn_get_service_type(s_vpn)));
|
|
Packit Service |
a1bd4f |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
out:
|
|
Packit Service |
a1bd4f |
/* Try to fall back to the hardwired VPN support if the auth dialog fails.
|
|
Packit Service |
a1bd4f |
* We may eventually get rid of the whole hardwired secrets handling at some point,
|
|
Packit Service |
a1bd4f |
* when the auth helpers are goode enough.. */
|
|
Packit Service |
a1bd4f |
if (error && add_vpn_secrets(request, secrets, &message)) {
|
|
Packit Service |
a1bd4f |
g_clear_error(&error);
|
|
Packit Service |
a1bd4f |
if (!message) {
|
|
Packit Service |
a1bd4f |
message = g_strdup_printf(_("A password is required to connect to '%s'."),
|
|
Packit Service |
a1bd4f |
nm_connection_get_id(request->connection));
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (error)
|
|
Packit Service |
a1bd4f |
_request_data_complete(request, NULL, error, NULL);
|
|
Packit Service |
a1bd4f |
else {
|
|
Packit Service |
a1bd4f |
g_signal_emit(request->self,
|
|
Packit Service |
a1bd4f |
signals[REQUEST_SECRETS],
|
|
Packit Service |
a1bd4f |
0,
|
|
Packit Service |
a1bd4f |
request->request_id,
|
|
Packit Service |
a1bd4f |
title,
|
|
Packit Service |
a1bd4f |
message,
|
|
Packit Service |
a1bd4f |
secrets);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
_auth_dialog_data_free(data);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
_request_cancelled(GObject *object, gpointer user_data)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
_auth_dialog_data_free(user_data);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
_auth_dialog_read_done(GObject *source_object, GAsyncResult *res, gpointer user_data)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
GInputStream * auth_dialog_out = G_INPUT_STREAM(source_object);
|
|
Packit Service |
a1bd4f |
AuthDialogData *data = user_data;
|
|
Packit Service |
a1bd4f |
gssize read_size;
|
|
Packit Service |
a1bd4f |
gs_free_error GError *error = NULL;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
read_size = g_input_stream_read_finish(auth_dialog_out, res, &error);
|
|
Packit Service |
a1bd4f |
switch (read_size) {
|
|
Packit Service |
a1bd4f |
case -1:
|
|
Packit Service |
a1bd4f |
if (!g_error_matches(error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
|
|
Packit Service |
a1bd4f |
_request_data_complete(data->request, NULL, error, NULL);
|
|
Packit Service |
a1bd4f |
_auth_dialog_data_free(data);
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
case 0:
|
|
Packit Service |
a1bd4f |
/* Done reading. Let's wait for the auth dialog to exit so that we're able to collect the status.
|
|
Packit Service |
a1bd4f |
* Remember we can be cancelled in between. */
|
|
Packit Service |
a1bd4f |
data->child_watch_id = g_child_watch_add(data->auth_dialog_pid, _auth_dialog_exited, data);
|
|
Packit Service |
a1bd4f |
data->cancellable = g_object_ref(data->request->cancellable);
|
|
Packit Service |
a1bd4f |
data->cancellable_id =
|
|
Packit Service |
a1bd4f |
g_cancellable_connect(data->cancellable, G_CALLBACK(_request_cancelled), data, NULL);
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
default:
|
|
Packit Service |
a1bd4f |
g_string_append_len(data->auth_dialog_response, data->read_buf, read_size);
|
|
Packit Service |
a1bd4f |
g_input_stream_read_async(auth_dialog_out,
|
|
Packit Service |
a1bd4f |
data->read_buf,
|
|
Packit Service |
a1bd4f |
sizeof(data->read_buf),
|
|
Packit Service |
a1bd4f |
G_PRIORITY_DEFAULT,
|
|
Packit Service |
a1bd4f |
NULL,
|
|
Packit Service |
a1bd4f |
_auth_dialog_read_done,
|
|
Packit Service |
a1bd4f |
data);
|
|
Packit Service |
a1bd4f |
return;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_input_stream_close(auth_dialog_out, NULL, NULL);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
_auth_dialog_write_done(GObject *source_object, GAsyncResult *res, gpointer user_data)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
GOutputStream *auth_dialog_out = G_OUTPUT_STREAM(source_object);
|
|
Packit Service |
a1bd4f |
_nm_unused gs_free char *auth_dialog_request_free = user_data;
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
/* We don't care about write errors. If there are any problems, the
|
|
Packit Service |
a1bd4f |
* reader shall notice. */
|
|
Packit Service |
a1bd4f |
g_output_stream_write_finish(auth_dialog_out, res, NULL);
|
|
Packit Service |
a1bd4f |
g_output_stream_close(auth_dialog_out, NULL, NULL);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
_add_to_string(GString *string, const char *key, const char *value)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
gs_strfreev char **lines = NULL;
|
|
Packit Service |
a1bd4f |
int i;
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
lines = g_strsplit(value, "\n", -1);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
g_string_append(string, key);
|
|
Packit Service |
a1bd4f |
for (i = 0; lines[i]; i++) {
|
|
Packit Service |
a1bd4f |
g_string_append_c(string, '=');
|
|
Packit Service |
a1bd4f |
g_string_append(string, lines[i]);
|
|
Packit Service |
a1bd4f |
g_string_append_c(string, '\n');
|
|
Packit Service |
a1bd4f |
}
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
_add_data_item_to_string(const char *key, const char *value, gpointer user_data)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
GString *string = user_data;
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
_add_to_string(string, "DATA_KEY", key);
|
|
Packit Service |
a1bd4f |
_add_to_string(string, "DATA_VAL", value);
|
|
Packit Service |
a1bd4f |
g_string_append_c(string, '\n');
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
_add_secret_to_string(const char *key, const char *value, gpointer user_data)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
GString *string = user_data;
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
_add_to_string(string, "SECRET_KEY", key);
|
|
Packit Service |
a1bd4f |
_add_to_string(string, "SECRET_VAL", value);
|
|
Packit Service |
a1bd4f |
g_string_append_c(string, '\n');
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static gboolean
|
|
Packit Service |
a1bd4f |
try_spawn_vpn_auth_helper(RequestData *request, GPtrArray *secrets)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSettingVpn * s_vpn = nm_connection_get_setting_vpn(request->connection);
|
|
Packit Service |
a1bd4f |
gs_unref_ptrarray GPtrArray *auth_dialog_argv = NULL;
|
|
Packit Service |
a1bd4f |
NMVpnPluginInfo * plugin_info;
|
|
Packit Service |
a1bd4f |
const char * s;
|
|
Packit Service |
a1bd4f |
GPid auth_dialog_pid;
|
|
Packit Service |
a1bd4f |
int auth_dialog_in_fd;
|
|
Packit Service |
a1bd4f |
int auth_dialog_out_fd;
|
|
Packit Service |
a1bd4f |
GOutputStream * auth_dialog_in;
|
|
Packit Service |
a1bd4f |
GInputStream * auth_dialog_out;
|
|
Packit Service |
a1bd4f |
GError * error = NULL;
|
|
Packit Service |
a1bd4f |
GString * auth_dialog_request;
|
|
Packit Service |
a1bd4f |
char * auth_dialog_request_str;
|
|
Packit Service |
a1bd4f |
gsize auth_dialog_request_len;
|
|
Packit Service |
a1bd4f |
AuthDialogData * data;
|
|
Packit Service |
a1bd4f |
int i;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
plugin_info = nm_vpn_plugin_info_list_find_by_service(nm_vpn_get_plugin_infos(),
|
|
Packit Service |
a1bd4f |
nm_setting_vpn_get_service_type(s_vpn));
|
|
Packit Service |
a1bd4f |
if (!plugin_info)
|
|
Packit Service |
a1bd4f |
return FALSE;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
s = nm_vpn_plugin_info_lookup_property(plugin_info, "GNOME", "supports-external-ui-mode");
|
|
Packit Service |
a1bd4f |
if (!_nm_utils_ascii_str_to_bool(s, FALSE))
|
|
Packit Service |
a1bd4f |
return FALSE;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
auth_dialog_argv = g_ptr_array_new();
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
s = nm_vpn_plugin_info_lookup_property(plugin_info, "GNOME", "auth-dialog");
|
|
Packit Service |
a1bd4f |
g_return_val_if_fail(s, FALSE);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(auth_dialog_argv, (gpointer) s);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(auth_dialog_argv, "-u");
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(auth_dialog_argv, (gpointer) nm_connection_get_uuid(request->connection));
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(auth_dialog_argv, "-n");
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(auth_dialog_argv, (gpointer) nm_connection_get_id(request->connection));
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(auth_dialog_argv, "-s");
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(auth_dialog_argv, (gpointer) nm_setting_vpn_get_service_type(s_vpn));
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(auth_dialog_argv, "--external-ui-mode");
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(auth_dialog_argv, "-i");
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (request->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW)
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(auth_dialog_argv, "-r");
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
s = nm_vpn_plugin_info_lookup_property(plugin_info, "GNOME", "supports-hints");
|
|
Packit Service |
a1bd4f |
if (_nm_utils_ascii_str_to_bool(s, FALSE)) {
|
|
Packit Service |
a1bd4f |
for (i = 0; request->hints[i]; i++) {
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(auth_dialog_argv, "-t");
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(auth_dialog_argv, request->hints[i]);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(auth_dialog_argv, NULL);
|
|
Packit Service |
a1bd4f |
if (!g_spawn_async_with_pipes(NULL,
|
|
Packit Service |
a1bd4f |
(char **) auth_dialog_argv->pdata,
|
|
Packit Service |
a1bd4f |
NULL,
|
|
Packit Service |
a1bd4f |
G_SPAWN_DO_NOT_REAP_CHILD,
|
|
Packit Service |
a1bd4f |
NULL,
|
|
Packit Service |
a1bd4f |
NULL,
|
|
Packit Service |
a1bd4f |
&auth_dialog_pid,
|
|
Packit Service |
a1bd4f |
&auth_dialog_in_fd,
|
|
Packit Service |
a1bd4f |
&auth_dialog_out_fd,
|
|
Packit Service |
a1bd4f |
NULL,
|
|
Packit Service |
a1bd4f |
&error)) {
|
|
Packit Service |
a1bd4f |
g_warning("Failed to spawn the auth dialog%s\n", error->message);
|
|
Packit Service |
a1bd4f |
return FALSE;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
auth_dialog_in = g_unix_output_stream_new(auth_dialog_in_fd, TRUE);
|
|
Packit Service |
a1bd4f |
auth_dialog_out = g_unix_input_stream_new(auth_dialog_out_fd, TRUE);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
auth_dialog_request = g_string_new_len(NULL, 1024);
|
|
Packit Service |
a1bd4f |
nm_setting_vpn_foreach_data_item(s_vpn, _add_data_item_to_string, auth_dialog_request);
|
|
Packit Service |
a1bd4f |
nm_setting_vpn_foreach_secret(s_vpn, _add_secret_to_string, auth_dialog_request);
|
|
Packit Service |
a1bd4f |
g_string_append(auth_dialog_request, "DONE\nQUIT\n");
|
|
Packit Service |
a1bd4f |
auth_dialog_request_len = auth_dialog_request->len;
|
|
Packit Service |
a1bd4f |
auth_dialog_request_str = g_string_free(auth_dialog_request, FALSE);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
data = g_slice_new(AuthDialogData);
|
|
Packit Service |
a1bd4f |
*data = (AuthDialogData){
|
|
Packit Service |
a1bd4f |
.auth_dialog_response = g_string_new_len(NULL, sizeof(data->read_buf)),
|
|
Packit Service |
a1bd4f |
.auth_dialog_pid = auth_dialog_pid,
|
|
Packit Service |
a1bd4f |
.request = request,
|
|
Packit Service |
a1bd4f |
.secrets = g_ptr_array_ref(secrets),
|
|
Packit Service |
a1bd4f |
.input_stream = auth_dialog_out,
|
|
Packit Service |
a1bd4f |
.output_stream = auth_dialog_in,
|
|
Packit Service |
a1bd4f |
};
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_output_stream_write_async(auth_dialog_in,
|
|
Packit Service |
a1bd4f |
auth_dialog_request_str,
|
|
Packit Service |
a1bd4f |
auth_dialog_request_len,
|
|
Packit Service |
a1bd4f |
G_PRIORITY_DEFAULT,
|
|
Packit Service |
a1bd4f |
request->cancellable,
|
|
Packit Service |
a1bd4f |
_auth_dialog_write_done,
|
|
Packit Service |
a1bd4f |
auth_dialog_request_str);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_input_stream_read_async(auth_dialog_out,
|
|
Packit Service |
a1bd4f |
data->read_buf,
|
|
Packit Service |
a1bd4f |
sizeof(data->read_buf),
|
|
Packit Service |
a1bd4f |
G_PRIORITY_DEFAULT,
|
|
Packit Service |
a1bd4f |
request->cancellable,
|
|
Packit Service |
a1bd4f |
_auth_dialog_read_done,
|
|
Packit Service |
a1bd4f |
data);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
return TRUE;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
request_secrets_from_ui(RequestData *request)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
gs_unref_ptrarray GPtrArray *secrets = NULL;
|
|
Packit Service |
a1bd4f |
gs_free_error GError * error = NULL;
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimplePrivate *priv;
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimpleSecret * secret;
|
|
Packit Service |
a1bd4f |
const char * title;
|
|
Packit Service |
a1bd4f |
gs_free char * msg = NULL;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
priv = NM_SECRET_AGENT_SIMPLE_GET_PRIVATE(request->self);
|
|
Packit Service |
a1bd4f |
g_return_if_fail(priv->enabled);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
/* We only handle requests for connection with @path if set. */
|
|
Packit Service |
a1bd4f |
if (priv->path && !g_str_has_prefix(request->request_id, priv->path)) {
|
|
Packit Service |
a1bd4f |
g_set_error(&error,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_ERROR,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_ERROR_FAILED,
|
|
Packit Service |
a1bd4f |
"Request for %s secrets doesn't match path %s",
|
|
Packit Service |
a1bd4f |
request->request_id,
|
|
Packit Service |
a1bd4f |
priv->path);
|
|
Packit Service |
a1bd4f |
goto out_fail_error;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
secrets = g_ptr_array_new_with_free_func((GDestroyNotify) _secret_real_free);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (nm_connection_is_type(request->connection, NM_SETTING_WIRELESS_SETTING_NAME)) {
|
|
Packit Service |
a1bd4f |
NMSettingWireless *s_wireless;
|
|
Packit Service |
a1bd4f |
GBytes * ssid;
|
|
Packit Service |
a1bd4f |
char * ssid_utf8;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
s_wireless = nm_connection_get_setting_wireless(request->connection);
|
|
Packit Service |
a1bd4f |
ssid = nm_setting_wireless_get_ssid(s_wireless);
|
|
Packit Service |
a1bd4f |
ssid_utf8 = nm_utils_ssid_to_utf8(g_bytes_get_data(ssid, NULL), g_bytes_get_size(ssid));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
title = _("Authentication required by wireless network");
|
|
Packit Service |
a1bd4f |
msg = g_strdup_printf(
|
|
Packit Service |
a1bd4f |
_("Passwords or encryption keys are required to access the wireless network '%s'."),
|
|
Packit Service |
a1bd4f |
ssid_utf8);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (!add_wireless_secrets(request, secrets))
|
|
Packit Service |
a1bd4f |
goto out_fail;
|
|
Packit Service |
a1bd4f |
} else if (nm_connection_is_type(request->connection, NM_SETTING_WIRED_SETTING_NAME)) {
|
|
Packit Service |
a1bd4f |
title = _("Wired 802.1X authentication");
|
|
Packit Service |
a1bd4f |
msg = g_strdup_printf(_("Secrets are required to access the wired network '%s'"),
|
|
Packit Service |
a1bd4f |
nm_connection_get_id(request->connection));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (!add_8021x_secrets(request, secrets))
|
|
Packit Service |
a1bd4f |
goto out_fail;
|
|
Packit Service |
a1bd4f |
} else if (nm_connection_is_type(request->connection, NM_SETTING_PPPOE_SETTING_NAME)) {
|
|
Packit Service |
a1bd4f |
title = _("DSL authentication");
|
|
Packit Service |
a1bd4f |
msg = g_strdup_printf(_("Secrets are required for the DSL connection '%s'"),
|
|
Packit Service |
a1bd4f |
nm_connection_get_id(request->connection));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (!add_pppoe_secrets(request, secrets))
|
|
Packit Service |
a1bd4f |
goto out_fail;
|
|
Packit Service |
a1bd4f |
} else if (nm_connection_is_type(request->connection, NM_SETTING_GSM_SETTING_NAME)) {
|
|
Packit Service |
a1bd4f |
NMSettingGsm *s_gsm = nm_connection_get_setting_gsm(request->connection);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (g_strv_contains(NM_CAST_STRV_CC(request->hints), NM_SETTING_GSM_PIN)) {
|
|
Packit Service |
a1bd4f |
title = _("PIN code required");
|
|
Packit Service |
a1bd4f |
msg = g_strdup(_("PIN code is needed for the mobile broadband device"));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_SECRET,
|
|
Packit Service |
a1bd4f |
_("PIN"),
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_gsm),
|
|
Packit Service |
a1bd4f |
NM_SETTING_GSM_PIN);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
} else {
|
|
Packit Service |
a1bd4f |
title = _("Mobile broadband network password");
|
|
Packit Service |
a1bd4f |
msg = g_strdup_printf(_("A password is required to connect to '%s'."),
|
|
Packit Service |
a1bd4f |
nm_connection_get_id(request->connection));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_SECRET,
|
|
Packit Service |
a1bd4f |
_("Password"),
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_gsm),
|
|
Packit Service |
a1bd4f |
NM_SETTING_GSM_PASSWORD);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
} else if (nm_connection_is_type(request->connection, NM_SETTING_MACSEC_SETTING_NAME)) {
|
|
Packit Service |
a1bd4f |
NMSettingMacsec *s_macsec = nm_connection_get_setting_macsec(request->connection);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
msg = g_strdup_printf(_("Secrets are required to access the MACsec network '%s'"),
|
|
Packit Service |
a1bd4f |
nm_connection_get_id(request->connection));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (nm_setting_macsec_get_mode(s_macsec) == NM_SETTING_MACSEC_MODE_PSK) {
|
|
Packit Service |
a1bd4f |
title = _("MACsec PSK authentication");
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_SECRET,
|
|
Packit Service |
a1bd4f |
_("MKA CAK"),
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_macsec),
|
|
Packit Service |
a1bd4f |
NM_SETTING_MACSEC_MKA_CAK);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
} else {
|
|
Packit Service |
a1bd4f |
title = _("MACsec EAP authentication");
|
|
Packit Service |
a1bd4f |
if (!add_8021x_secrets(request, secrets))
|
|
Packit Service |
a1bd4f |
goto out_fail;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
} else if (nm_connection_is_type(request->connection, NM_SETTING_WIREGUARD_SETTING_NAME)) {
|
|
Packit Service |
a1bd4f |
title = _("WireGuard VPN secret");
|
|
Packit Service |
a1bd4f |
if (!add_wireguard_secrets(request, secrets, &msg, &error))
|
|
Packit Service |
a1bd4f |
goto out_fail_error;
|
|
Packit Service |
a1bd4f |
} else if (nm_connection_is_type(request->connection, NM_SETTING_CDMA_SETTING_NAME)) {
|
|
Packit Service |
a1bd4f |
NMSettingCdma *s_cdma = nm_connection_get_setting_cdma(request->connection);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
title = _("Mobile broadband network password");
|
|
Packit Service |
a1bd4f |
msg = g_strdup_printf(_("A password is required to connect to '%s'."),
|
|
Packit Service |
a1bd4f |
nm_connection_get_id(request->connection));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_SECRET,
|
|
Packit Service |
a1bd4f |
_("Password"),
|
|
Packit Service |
a1bd4f |
NM_SETTING(s_cdma),
|
|
Packit Service |
a1bd4f |
NM_SETTING_CDMA_PASSWORD);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
} else if (nm_connection_is_type(request->connection, NM_SETTING_BLUETOOTH_SETTING_NAME)) {
|
|
Packit Service |
a1bd4f |
NMSetting *setting = NULL;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
setting = nm_connection_get_setting_by_name(request->connection,
|
|
Packit Service |
a1bd4f |
NM_SETTING_BLUETOOTH_SETTING_NAME);
|
|
Packit Service |
a1bd4f |
if (setting
|
|
Packit Service |
a1bd4f |
&& !nm_streq0(nm_setting_bluetooth_get_connection_type(NM_SETTING_BLUETOOTH(setting)),
|
|
Packit Service |
a1bd4f |
NM_SETTING_BLUETOOTH_TYPE_NAP)) {
|
|
Packit Service |
a1bd4f |
setting =
|
|
Packit Service |
a1bd4f |
nm_connection_get_setting_by_name(request->connection, NM_SETTING_GSM_SETTING_NAME);
|
|
Packit Service |
a1bd4f |
if (!setting)
|
|
Packit Service |
a1bd4f |
setting = nm_connection_get_setting_by_name(request->connection,
|
|
Packit Service |
a1bd4f |
NM_SETTING_CDMA_SETTING_NAME);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (!setting)
|
|
Packit Service |
a1bd4f |
goto out_fail;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
title = _("Mobile broadband network password");
|
|
Packit Service |
a1bd4f |
msg = g_strdup_printf(_("A password is required to connect to '%s'."),
|
|
Packit Service |
a1bd4f |
nm_connection_get_id(request->connection));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
secret = _secret_real_new_plain(NM_SECRET_AGENT_SECRET_TYPE_SECRET,
|
|
Packit Service |
a1bd4f |
_("Password"),
|
|
Packit Service |
a1bd4f |
setting,
|
|
Packit Service |
a1bd4f |
"password");
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(secrets, secret);
|
|
Packit Service |
a1bd4f |
} else if (nm_connection_is_type(request->connection, NM_SETTING_VPN_SETTING_NAME)) {
|
|
Packit Service |
a1bd4f |
title = _("VPN password required");
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (try_spawn_vpn_auth_helper(request, secrets)) {
|
|
Packit Service |
a1bd4f |
/* This will emit REQUEST_SECRETS when ready */
|
|
Packit Service |
a1bd4f |
return;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (!add_vpn_secrets(request, secrets, &msg))
|
|
Packit Service |
a1bd4f |
goto out_fail;
|
|
Packit Service |
a1bd4f |
if (!msg) {
|
|
Packit Service |
a1bd4f |
msg = g_strdup_printf(_("A password is required to connect to '%s'."),
|
|
Packit Service |
a1bd4f |
nm_connection_get_id(request->connection));
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
} else
|
|
Packit Service |
a1bd4f |
goto out_fail;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (secrets->len == 0)
|
|
Packit Service |
a1bd4f |
goto out_fail;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_signal_emit(request->self,
|
|
Packit Service |
a1bd4f |
signals[REQUEST_SECRETS],
|
|
Packit Service |
a1bd4f |
0,
|
|
Packit Service |
a1bd4f |
request->request_id,
|
|
Packit Service |
a1bd4f |
title,
|
|
Packit Service |
a1bd4f |
msg,
|
|
Packit Service |
a1bd4f |
secrets);
|
|
Packit Service |
a1bd4f |
return;
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
out_fail:
|
|
Packit Service |
a1bd4f |
g_set_error(&error,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_ERROR,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_ERROR_FAILED,
|
|
Packit Service |
a1bd4f |
"Cannot service a secrets request %s for a %s connection",
|
|
Packit Service |
a1bd4f |
request->request_id,
|
|
Packit Service |
a1bd4f |
nm_connection_get_connection_type(request->connection));
|
|
Packit |
5756e2 |
out_fail_error:
|
|
Packit Service |
a1bd4f |
_request_data_complete(request, NULL, error, NULL);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
get_secrets(NMSecretAgentOld * agent,
|
|
Packit Service |
a1bd4f |
NMConnection * connection,
|
|
Packit Service |
a1bd4f |
const char * connection_path,
|
|
Packit Service |
a1bd4f |
const char * setting_name,
|
|
Packit Service |
a1bd4f |
const char ** hints,
|
|
Packit Service |
a1bd4f |
NMSecretAgentGetSecretsFlags flags,
|
|
Packit Service |
a1bd4f |
NMSecretAgentOldGetSecretsFunc callback,
|
|
Packit Service |
a1bd4f |
gpointer callback_data)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimple * self = NM_SECRET_AGENT_SIMPLE(agent);
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimplePrivate *priv = NM_SECRET_AGENT_SIMPLE_GET_PRIVATE(self);
|
|
Packit Service |
a1bd4f |
RequestData * request;
|
|
Packit Service |
a1bd4f |
gs_free_error GError *error = NULL;
|
|
Packit Service |
a1bd4f |
gs_free char * request_id = NULL;
|
|
Packit Service |
a1bd4f |
const char * request_id_setting_name;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
request_id = g_strdup_printf("%s/%s", connection_path, setting_name);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (g_hash_table_contains(priv->requests, &request_id)) {
|
|
Packit Service |
a1bd4f |
/* We already have a request pending for this (connection, setting) */
|
|
Packit Service |
a1bd4f |
error = g_error_new(NM_SECRET_AGENT_ERROR,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_ERROR_FAILED,
|
|
Packit Service |
a1bd4f |
"Request for %s secrets already pending",
|
|
Packit Service |
a1bd4f |
request_id);
|
|
Packit Service |
a1bd4f |
callback(agent, connection, NULL, error, callback_data);
|
|
Packit Service |
a1bd4f |
return;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (!(flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION)) {
|
|
Packit Service |
a1bd4f |
/* We don't do stored passwords */
|
|
Packit Service |
a1bd4f |
error = g_error_new(NM_SECRET_AGENT_ERROR,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_ERROR_NO_SECRETS,
|
|
Packit Service |
a1bd4f |
"Stored passwords not supported");
|
|
Packit Service |
a1bd4f |
callback(agent, connection, NULL, error, callback_data);
|
|
Packit Service |
a1bd4f |
return;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
nm_assert(g_str_has_suffix(request_id, setting_name));
|
|
Packit Service |
a1bd4f |
request_id_setting_name = &request_id[strlen(request_id) - strlen(setting_name)];
|
|
Packit Service |
a1bd4f |
nm_assert(nm_streq(request_id_setting_name, setting_name));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
request = g_slice_new(RequestData);
|
|
Packit Service |
a1bd4f |
*request = (RequestData){
|
|
Packit Service |
a1bd4f |
.self = self,
|
|
Packit Service |
a1bd4f |
.connection = g_object_ref(connection),
|
|
Packit Service |
a1bd4f |
.setting_name = request_id_setting_name,
|
|
Packit Service |
a1bd4f |
.hints = g_strdupv((char **) hints),
|
|
Packit Service |
a1bd4f |
.callback = callback,
|
|
Packit Service |
a1bd4f |
.callback_data = callback_data,
|
|
Packit Service |
a1bd4f |
.request_id = g_steal_pointer(&request_id),
|
|
Packit Service |
a1bd4f |
.flags = flags,
|
|
Packit Service |
a1bd4f |
.cancellable = g_cancellable_new(),
|
|
Packit Service |
a1bd4f |
};
|
|
Packit Service |
a1bd4f |
g_hash_table_add(priv->requests, request);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (priv->enabled)
|
|
Packit Service |
a1bd4f |
request_secrets_from_ui(request);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/**
|
|
Packit |
5756e2 |
* nm_secret_agent_simple_response:
|
|
Packit |
5756e2 |
* @self: the #NMSecretAgentSimple
|
|
Packit |
5756e2 |
* @request_id: the request ID being responded to
|
|
Packit |
5756e2 |
* @secrets: (allow-none): the array of secrets, or %NULL
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* Response to a #NMSecretAgentSimple::get-secrets signal.
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* If the user provided secrets, the caller should set the
|
|
Packit |
5756e2 |
* corresponding <literal>value</literal> fields in the
|
|
Packit |
5756e2 |
* #NMSecretAgentSimpleSecrets (freeing any initial values they had), and
|
|
Packit |
5756e2 |
* pass the array to nm_secret_agent_simple_response(). If the user
|
|
Packit |
5756e2 |
* cancelled the request, @secrets should be NULL.
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
void
|
|
Packit Service |
a1bd4f |
nm_secret_agent_simple_response(NMSecretAgentSimple *self,
|
|
Packit Service |
a1bd4f |
const char * request_id,
|
|
Packit Service |
a1bd4f |
GPtrArray * secrets)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimplePrivate *priv;
|
|
Packit Service |
a1bd4f |
RequestData * request;
|
|
Packit Service |
a1bd4f |
gs_unref_variant GVariant *secrets_dict = NULL;
|
|
Packit Service |
a1bd4f |
gs_free_error GError *error = NULL;
|
|
Packit Service |
a1bd4f |
int i;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_return_if_fail(NM_IS_SECRET_AGENT_SIMPLE(self));
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
priv = NM_SECRET_AGENT_SIMPLE_GET_PRIVATE(self);
|
|
Packit Service |
a1bd4f |
request = g_hash_table_lookup(priv->requests, &request_id);
|
|
Packit Service |
a1bd4f |
g_return_if_fail(request != NULL);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (secrets) {
|
|
Packit Service |
a1bd4f |
GVariantBuilder conn_builder, *setting_builder;
|
|
Packit Service |
a1bd4f |
GVariantBuilder vpn_secrets_builder;
|
|
Packit Service |
a1bd4f |
GVariantBuilder wg_secrets_builder;
|
|
Packit Service |
a1bd4f |
GVariantBuilder wg_peer_builder;
|
|
Packit Service |
a1bd4f |
GHashTable * settings;
|
|
Packit Service |
a1bd4f |
GHashTableIter iter;
|
|
Packit Service |
a1bd4f |
const char * name;
|
|
Packit Service |
a1bd4f |
gboolean has_vpn = FALSE;
|
|
Packit Service |
a1bd4f |
gboolean has_wg = FALSE;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
settings = g_hash_table_new_full(nm_str_hash,
|
|
Packit Service |
a1bd4f |
g_str_equal,
|
|
Packit Service |
a1bd4f |
NULL,
|
|
Packit Service |
a1bd4f |
(GDestroyNotify) g_variant_builder_unref);
|
|
Packit Service |
a1bd4f |
for (i = 0; i < secrets->len; i++) {
|
|
Packit Service |
a1bd4f |
SecretReal *secret = secrets->pdata[i];
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
setting_builder = g_hash_table_lookup(settings, nm_setting_get_name(secret->setting));
|
|
Packit Service |
a1bd4f |
if (!setting_builder) {
|
|
Packit Service |
a1bd4f |
setting_builder = g_variant_builder_new(NM_VARIANT_TYPE_SETTING);
|
|
Packit Service |
a1bd4f |
g_hash_table_insert(settings,
|
|
Packit Service |
a1bd4f |
(char *) nm_setting_get_name(secret->setting),
|
|
Packit Service |
a1bd4f |
setting_builder);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
switch (secret->base.secret_type) {
|
|
Packit Service |
a1bd4f |
case NM_SECRET_AGENT_SECRET_TYPE_PROPERTY:
|
|
Packit Service |
a1bd4f |
case NM_SECRET_AGENT_SECRET_TYPE_SECRET:
|
|
Packit Service |
a1bd4f |
g_variant_builder_add(setting_builder,
|
|
Packit Service |
a1bd4f |
"{sv}",
|
|
Packit Service |
a1bd4f |
secret->property,
|
|
Packit Service |
a1bd4f |
g_variant_new_string(secret->base.value));
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
case NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET:
|
|
Packit Service |
a1bd4f |
if (!has_vpn) {
|
|
Packit Service |
a1bd4f |
g_variant_builder_init(&vpn_secrets_builder, G_VARIANT_TYPE("a{ss}"));
|
|
Packit Service |
a1bd4f |
has_vpn = TRUE;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
g_variant_builder_add(&vpn_secrets_builder,
|
|
Packit Service |
a1bd4f |
"{ss}",
|
|
Packit Service |
a1bd4f |
secret->property,
|
|
Packit Service |
a1bd4f |
secret->base.value);
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
case NM_SECRET_AGENT_SECRET_TYPE_WIREGUARD_PEER_PSK:
|
|
Packit Service |
a1bd4f |
if (!has_wg) {
|
|
Packit Service |
a1bd4f |
g_variant_builder_init(&wg_secrets_builder, G_VARIANT_TYPE("aa{sv}"));
|
|
Packit Service |
a1bd4f |
has_wg = TRUE;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
g_variant_builder_init(&wg_peer_builder, G_VARIANT_TYPE("a{sv}"));
|
|
Packit Service |
a1bd4f |
g_variant_builder_add(&wg_peer_builder,
|
|
Packit Service |
a1bd4f |
"{sv}",
|
|
Packit Service |
a1bd4f |
NM_WIREGUARD_PEER_ATTR_PUBLIC_KEY,
|
|
Packit Service |
a1bd4f |
g_variant_new_string(secret->property));
|
|
Packit Service |
a1bd4f |
g_variant_builder_add(&wg_peer_builder,
|
|
Packit Service |
a1bd4f |
"{sv}",
|
|
Packit Service |
a1bd4f |
NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY,
|
|
Packit Service |
a1bd4f |
g_variant_new_string(secret->base.value));
|
|
Packit Service |
a1bd4f |
g_variant_builder_add(&wg_secrets_builder, "a{sv}", &wg_peer_builder);
|
|
Packit Service |
a1bd4f |
break;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (has_vpn) {
|
|
Packit Service |
a1bd4f |
g_variant_builder_add(setting_builder,
|
|
Packit Service |
a1bd4f |
"{sv}",
|
|
Packit Service |
a1bd4f |
"secrets",
|
|
Packit Service |
a1bd4f |
g_variant_builder_end(&vpn_secrets_builder));
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (has_wg) {
|
|
Packit Service |
a1bd4f |
g_variant_builder_add(setting_builder,
|
|
Packit Service |
a1bd4f |
"{sv}",
|
|
Packit Service |
a1bd4f |
NM_SETTING_WIREGUARD_PEERS,
|
|
Packit Service |
a1bd4f |
g_variant_builder_end(&wg_secrets_builder));
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_variant_builder_init(&conn_builder, NM_VARIANT_TYPE_CONNECTION);
|
|
Packit Service |
a1bd4f |
g_hash_table_iter_init(&iter, settings);
|
|
Packit Service |
a1bd4f |
while (g_hash_table_iter_next(&iter, (gpointer *) &name, (gpointer *) &setting_builder))
|
|
Packit Service |
a1bd4f |
g_variant_builder_add(&conn_builder, "{sa{sv}}", name, setting_builder);
|
|
Packit Service |
a1bd4f |
secrets_dict = g_variant_ref_sink(g_variant_builder_end(&conn_builder));
|
|
Packit Service |
a1bd4f |
g_hash_table_destroy(settings);
|
|
Packit Service |
a1bd4f |
} else {
|
|
Packit Service |
a1bd4f |
error = g_error_new(NM_SECRET_AGENT_ERROR,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_ERROR_USER_CANCELED,
|
|
Packit Service |
a1bd4f |
"User cancelled");
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
_request_data_complete(request, secrets_dict, error, NULL);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
cancel_get_secrets(NMSecretAgentOld *agent, const char *connection_path, const char *setting_name)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimple * self = NM_SECRET_AGENT_SIMPLE(agent);
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimplePrivate *priv = NM_SECRET_AGENT_SIMPLE_GET_PRIVATE(self);
|
|
Packit Service |
a1bd4f |
gs_free_error GError *error = NULL;
|
|
Packit Service |
a1bd4f |
gs_free char * request_id = NULL;
|
|
Packit Service |
a1bd4f |
RequestData * request;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
request_id = g_strdup_printf("%s/%s", connection_path, setting_name);
|
|
Packit Service |
a1bd4f |
request = g_hash_table_lookup(priv->requests, &request_id);
|
|
Packit Service |
a1bd4f |
if (!request) {
|
|
Packit Service |
a1bd4f |
/* this is really a bug of the caller (or us?). We cannot invoke a callback,
|
|
Packit Service |
a1bd4f |
* hence the caller cannot cleanup the request. */
|
|
Packit Service |
a1bd4f |
g_return_if_reached();
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_set_error(&error,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_ERROR,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_ERROR_AGENT_CANCELED,
|
|
Packit Service |
a1bd4f |
"The secret agent is going away");
|
|
Packit Service |
a1bd4f |
_request_data_complete(request, NULL, error, NULL);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
save_secrets(NMSecretAgentOld * agent,
|
|
Packit Service |
a1bd4f |
NMConnection * connection,
|
|
Packit Service |
a1bd4f |
const char * connection_path,
|
|
Packit Service |
a1bd4f |
NMSecretAgentOldSaveSecretsFunc callback,
|
|
Packit Service |
a1bd4f |
gpointer callback_data)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
/* We don't support secret storage */
|
|
Packit Service |
a1bd4f |
callback(agent, connection, NULL, callback_data);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
delete_secrets(NMSecretAgentOld * agent,
|
|
Packit Service |
a1bd4f |
NMConnection * connection,
|
|
Packit Service |
a1bd4f |
const char * connection_path,
|
|
Packit Service |
a1bd4f |
NMSecretAgentOldDeleteSecretsFunc callback,
|
|
Packit Service |
a1bd4f |
gpointer callback_data)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
/* We don't support secret storage, so there's nothing to delete. */
|
|
Packit Service |
a1bd4f |
callback(agent, connection, NULL, callback_data);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/**
|
|
Packit |
5756e2 |
* nm_secret_agent_simple_enable:
|
|
Packit |
5756e2 |
* @self: the #NMSecretAgentSimple
|
|
Packit |
5756e2 |
* @path: (allow-none): the path of the connection (if any) to handle secrets
|
|
Packit |
5756e2 |
* for. If %NULL, secrets for any connection will be handled.
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* Enables servicing the requests including the already queued ones. If @path
|
|
Packit |
5756e2 |
* is given, the agent will only handle requests for connections that match
|
|
Packit |
5756e2 |
* @path.
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
void
|
|
Packit Service |
a1bd4f |
nm_secret_agent_simple_enable(NMSecretAgentSimple *self, const char *path)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimplePrivate *priv = NM_SECRET_AGENT_SIMPLE_GET_PRIVATE(self);
|
|
Packit Service |
a1bd4f |
gs_free RequestData **requests = NULL;
|
|
Packit Service |
a1bd4f |
gsize i;
|
|
Packit Service |
a1bd4f |
gs_free char * path_full = NULL;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
/* The path is only used to match a request_id with the current
|
|
Packit Service |
a1bd4f |
* connection. Since the request_id is "${CONNECTION_PATH}/${SETTING}",
|
|
Packit Service |
a1bd4f |
* add a trailing '/' to the path to match the full connection path.
|
|
Packit Service |
a1bd4f |
*/
|
|
Packit Service |
a1bd4f |
path_full = path ? g_strdup_printf("%s/", path) : NULL;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (!nm_streq0(path_full, priv->path)) {
|
|
Packit Service |
a1bd4f |
g_free(priv->path);
|
|
Packit Service |
a1bd4f |
priv->path = g_steal_pointer(&path_full);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (priv->enabled)
|
|
Packit Service |
a1bd4f |
return;
|
|
Packit Service |
a1bd4f |
priv->enabled = TRUE;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
/* Service pending secret requests. */
|
|
Packit Service |
a1bd4f |
requests = (RequestData **) g_hash_table_get_keys_as_array(priv->requests, NULL);
|
|
Packit Service |
a1bd4f |
for (i = 0; requests[i]; i++)
|
|
Packit Service |
a1bd4f |
request_secrets_from_ui(requests[i]);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
nm_secret_agent_simple_init(NMSecretAgentSimple *agent)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimplePrivate *priv = NM_SECRET_AGENT_SIMPLE_GET_PRIVATE(agent);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
G_STATIC_ASSERT_EXPR(G_STRUCT_OFFSET(RequestData, request_id) == 0);
|
|
Packit Service |
a1bd4f |
priv->requests = g_hash_table_new_full(nm_pstr_hash, nm_pstr_equal, NULL, _request_data_free);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/**
|
|
Packit |
5756e2 |
* nm_secret_agent_simple_new:
|
|
Packit |
5756e2 |
* @name: the identifier of secret agent
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* Creates a new #NMSecretAgentSimple. It does not serve any requests until
|
|
Packit |
5756e2 |
* nm_secret_agent_simple_enable() is called.
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* Returns: a new #NMSecretAgentSimple if the agent creation is successful
|
|
Packit |
5756e2 |
* or %NULL in case of a failure.
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
NMSecretAgentSimple *
|
|
Packit Service |
a1bd4f |
nm_secret_agent_simple_new(const char *name)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
return g_initable_new(NM_TYPE_SECRET_AGENT_SIMPLE,
|
|
Packit Service |
a1bd4f |
NULL,
|
|
Packit Service |
a1bd4f |
NULL,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_OLD_IDENTIFIER,
|
|
Packit Service |
a1bd4f |
name,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_OLD_CAPABILITIES,
|
|
Packit Service |
a1bd4f |
NM_SECRET_AGENT_CAPABILITY_VPN_HINTS,
|
|
Packit Service |
a1bd4f |
NULL);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
dispose(GObject *object)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimplePrivate *priv = NM_SECRET_AGENT_SIMPLE_GET_PRIVATE(object);
|
|
Packit Service |
a1bd4f |
gs_free_error GError *error = NULL;
|
|
Packit Service |
a1bd4f |
GHashTableIter iter;
|
|
Packit Service |
a1bd4f |
RequestData * request;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_hash_table_iter_init(&iter, priv->requests);
|
|
Packit Service |
a1bd4f |
while (g_hash_table_iter_next(&iter, NULL, (gpointer *) &request)) {
|
|
Packit Service |
a1bd4f |
if (!error)
|
|
Packit Service |
a1bd4f |
nm_utils_error_set_cancelled(&error, TRUE, "NMSecretAgentSimple");
|
|
Packit Service |
a1bd4f |
_request_data_complete(request, NULL, error, &iter);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
G_OBJECT_CLASS(nm_secret_agent_simple_parent_class)->dispose(object);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
finalize(GObject *object)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSecretAgentSimplePrivate *priv = NM_SECRET_AGENT_SIMPLE_GET_PRIVATE(object);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
g_hash_table_destroy(priv->requests);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
g_free(priv->path);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
G_OBJECT_CLASS(nm_secret_agent_simple_parent_class)->finalize(object);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
void
|
|
Packit Service |
a1bd4f |
nm_secret_agent_simple_class_init(NMSecretAgentSimpleClass *klass)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
GObjectClass * object_class = G_OBJECT_CLASS(klass);
|
|
Packit Service |
a1bd4f |
NMSecretAgentOldClass *agent_class = NM_SECRET_AGENT_OLD_CLASS(klass);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
object_class->dispose = dispose;
|
|
Packit Service |
a1bd4f |
object_class->finalize = finalize;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
agent_class->get_secrets = get_secrets;
|
|
Packit Service |
a1bd4f |
agent_class->cancel_get_secrets = cancel_get_secrets;
|
|
Packit Service |
a1bd4f |
agent_class->save_secrets = save_secrets;
|
|
Packit Service |
a1bd4f |
agent_class->delete_secrets = delete_secrets;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
/**
|
|
Packit Service |
a1bd4f |
* NMSecretAgentSimple::request-secrets:
|
|
Packit Service |
a1bd4f |
* @agent: the #NMSecretAgentSimple
|
|
Packit Service |
a1bd4f |
* @request_id: request ID, to eventually pass to
|
|
Packit Service |
a1bd4f |
* nm_secret_agent_simple_response().
|
|
Packit Service |
a1bd4f |
* @title: a title for the password dialog
|
|
Packit Service |
a1bd4f |
* @prompt: a prompt message for the password dialog
|
|
Packit Service |
a1bd4f |
* @secrets: (element-type #NMSecretAgentSimpleSecret): array of secrets
|
|
Packit Service |
a1bd4f |
* being requested.
|
|
Packit Service |
a1bd4f |
*
|
|
Packit Service |
a1bd4f |
* Emitted when the agent requires secrets from the user.
|
|
Packit Service |
a1bd4f |
*
|
|
Packit Service |
a1bd4f |
* The application should ask user for the secrets. For example,
|
|
Packit Service |
a1bd4f |
* nmtui should create a password dialog (#NmtPasswordDialog)
|
|
Packit Service |
a1bd4f |
* with the given title and prompt, and an entry for each
|
|
Packit Service |
a1bd4f |
* element of @secrets. If any of the secrets already have a
|
|
Packit Service |
a1bd4f |
* <literal>value</literal> filled in, the corresponding entry
|
|
Packit Service |
a1bd4f |
* should be initialized to that value.
|
|
Packit Service |
a1bd4f |
*
|
|
Packit Service |
a1bd4f |
* When the dialog is complete, the app must call
|
|
Packit Service |
a1bd4f |
* nm_secret_agent_simple_response() with the results.
|
|
Packit Service |
a1bd4f |
*/
|
|
Packit Service |
a1bd4f |
signals[REQUEST_SECRETS] = g_signal_new(NM_SECRET_AGENT_SIMPLE_REQUEST_SECRETS,
|
|
Packit Service |
a1bd4f |
G_TYPE_FROM_CLASS(klass),
|
|
Packit Service |
a1bd4f |
0,
|
|
Packit Service |
a1bd4f |
0,
|
|
Packit Service |
a1bd4f |
NULL,
|
|
Packit Service |
a1bd4f |
NULL,
|
|
Packit Service |
a1bd4f |
NULL,
|
|
Packit Service |
a1bd4f |
G_TYPE_NONE,
|
|
Packit Service |
a1bd4f |
4,
|
|
Packit Service |
a1bd4f |
G_TYPE_STRING, /* request_id */
|
|
Packit Service |
a1bd4f |
G_TYPE_STRING, /* title */
|
|
Packit Service |
a1bd4f |
G_TYPE_STRING, /* prompt */
|
|
Packit Service |
a1bd4f |
G_TYPE_PTR_ARRAY);
|
|
Packit |
5756e2 |
}
|