static void
get_secrets (NMSecretAgent *agent,
NMConnection *connection,
const char *connection_path,
const char *setting_name,
const char **hints,
guint32 flags,
NMSecretAgentGetSecretsFunc callback,
gpointer callback_data)
{
AppletAgentPrivate *priv = APPLET_AGENT_GET_PRIVATE (agent);
Request *r;
GError *error = NULL;
NMSettingConnection *s_con;
NMSetting *setting;
const char *uuid, *ctype;
GHashTable *attrs;
setting = nm_connection_get_setting_by_name (connection, setting_name);
if (!setting) {
error = g_error_new (NM_SECRET_AGENT_ERROR,
NM_SECRET_AGENT_ERROR_INVALID_CONNECTION,
"%s.%d - Connection didn't have requested setting '%s'.",
__FILE__, __LINE__, setting_name);
callback (agent, connection, NULL, error, callback_data);
g_error_free (error);
return;
}
uuid = nm_connection_get_uuid (connection);
s_con = nm_connection_get_setting_connection (connection);
g_assert (s_con);
ctype = nm_setting_connection_get_connection_type (s_con);
if (!uuid || !ctype) {
error = g_error_new (NM_SECRET_AGENT_ERROR,
NM_SECRET_AGENT_ERROR_INVALID_CONNECTION,
"%s.%d - Connection didn't have required UUID.",
__FILE__, __LINE__);
callback (agent, connection, NULL, error, callback_data);
g_error_free (error);
return;
}
/* Track the secrets request */
r = request_new (agent, connection, connection_path, setting_name, hints, flags, callback, NULL, NULL, callback_data);
g_hash_table_insert (priv->requests, GUINT_TO_POINTER (r->id), r);
/* VPN passwords are handled by the VPN plugin's auth dialog */
if (!strcmp (ctype, NM_SETTING_VPN_SETTING_NAME)) {
ask_for_secrets (r);
return;
}
/* Only handle non-VPN secrets if we're supposed to */
if (priv->vpn_only == TRUE) {
error = g_error_new_literal (NM_SECRET_AGENT_ERROR,
NM_SECRET_AGENT_ERROR_NO_SECRETS,
"Only handling VPN secrets at this time.");
callback (agent, connection, NULL, error, callback_data);
g_error_free (error);
return;
}
/* For everything else we scrape the keyring for secrets first, and ask
* later if required.
*/
attrs = secret_attributes_build (&network_manager_secret_schema,
KEYRING_UUID_TAG, uuid,
KEYRING_SN_TAG, setting_name,
NULL);
secret_service_search (NULL, &network_manager_secret_schema, attrs,
SECRET_SEARCH_ALL | SECRET_SEARCH_UNLOCK | SECRET_SEARCH_LOAD_SECRETS,
r->cancellable, keyring_find_secrets_cb, r);
r->keyring_calls++;
g_hash_table_unref (attrs);
}
static void
get_secrets (NMSecretAgent *agent,
NMConnection *connection,
const char *connection_path,
const char *setting_name,
const char **hints,
guint32 flags,
NMSecretAgentGetSecretsFunc callback,
gpointer callback_data)
{
AppletAgentPrivate *priv = APPLET_AGENT_GET_PRIVATE (agent);
Request *r;
GError *error = NULL;
NMSettingConnection *s_con;
NMSetting *setting;
const char *uuid, *ctype;
KeyringCall *call;
setting = nm_connection_get_setting_by_name (connection, setting_name);
if (!setting) {
error = g_error_new (NM_SECRET_AGENT_ERROR,
NM_SECRET_AGENT_ERROR_INVALID_CONNECTION,
"%s.%d - Connection didn't have requested setting '%s'.",
__FILE__, __LINE__, setting_name);
callback (agent, connection, NULL, error, callback_data);
g_error_free (error);
return;
}
uuid = nm_connection_get_uuid (connection);
s_con = nm_connection_get_setting_connection (connection);
g_assert (s_con);
ctype = nm_setting_connection_get_connection_type (s_con);
if (!uuid || !ctype) {
error = g_error_new (NM_SECRET_AGENT_ERROR,
NM_SECRET_AGENT_ERROR_INVALID_CONNECTION,
"%s.%d - Connection didn't have required UUID.",
__FILE__, __LINE__);
callback (agent, connection, NULL, error, callback_data);
g_error_free (error);
return;
}
/* Track the secrets request */
r = request_new (agent, connection, connection_path, setting_name, hints, flags, callback, NULL, NULL, callback_data);
g_hash_table_insert (priv->requests, GUINT_TO_POINTER (r->id), r);
/* VPN passwords are handled by the VPN plugin's auth dialog */
if (!strcmp (ctype, NM_SETTING_VPN_SETTING_NAME)) {
ask_for_secrets (r);
return;
}
/* For everything else we scrape the keyring for secrets first, and ask
* later if required.
*/
call = keyring_call_new (r);
call->keyring_id = gnome_keyring_find_itemsv (GNOME_KEYRING_ITEM_GENERIC_SECRET,
keyring_find_secrets_cb,
call,
keyring_call_free,
KEYRING_UUID_TAG,
GNOME_KEYRING_ATTRIBUTE_TYPE_STRING,
uuid,
KEYRING_SN_TAG,
GNOME_KEYRING_ATTRIBUTE_TYPE_STRING,
setting_name,
NULL);
r->keyring_calls = g_slist_append (r->keyring_calls, call);
}
static void
keyring_find_secrets_cb (GObject *source,
GAsyncResult *result,
gpointer user_data)
{
Request *r = user_data;
GError *error = NULL;
GError *search_error = NULL;
const char *connection_id = NULL;
GHashTable *secrets = NULL, *settings = NULL;
GList *list = NULL;
GList *iter;
gboolean hint_found = FALSE, ask = FALSE;
r->keyring_calls--;
if (g_cancellable_is_cancelled (r->cancellable)) {
/* Callback already called by NM or dispose */
request_free (r);
return;
}
list = secret_service_search_finish (NULL, result, &search_error);
connection_id = nm_connection_get_id (r->connection);
if (g_error_matches (search_error, G_IO_ERROR, G_IO_ERROR_CANCELLED)) {
error = g_error_new_literal (NM_SECRET_AGENT_ERROR,
NM_SECRET_AGENT_ERROR_USER_CANCELED,
"The secrets request was canceled by the user");
g_error_free (search_error);
goto done;
} else if (search_error) {
error = g_error_new (NM_SECRET_AGENT_ERROR,
NM_SECRET_AGENT_ERROR_INTERNAL_ERROR,
"%s.%d - failed to read secrets from keyring (%s)",
__FILE__, __LINE__, search_error->message);
g_error_free (search_error);
goto done;
}
/* Only ask if we're allowed to, so that eg a connection editor which
* requests secrets for its UI, for a connection which doesn't have any
* secrets yet, doesn't trigger the applet secrets dialog.
*/
if ( (r->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION)
&& g_list_length (list) == 0) {
g_message ("No keyring secrets found for %s/%s; asking user.", connection_id, r->setting_name);
ask_for_secrets (r);
return;
}
secrets = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, destroy_gvalue);
/* Extract the secrets from the list of matching keyring items */
for (iter = list; iter != NULL; iter = g_list_next (iter)) {
SecretItem *item = iter->data;
SecretValue *secret;
const char *key_name;
GHashTable *attributes;
secret = secret_item_get_secret (item);
if (secret) {
attributes = secret_item_get_attributes (item);
key_name = g_hash_table_lookup (attributes, KEYRING_SK_TAG);
if (!key_name) {
g_hash_table_unref (attributes);
secret_value_unref (secret);
continue;
}
g_hash_table_insert (secrets, g_strdup (key_name),
string_to_gvalue (secret_value_get (secret, NULL)));
/* See if this property matches a given hint */
if (r->hints && r->hints[0]) {
if (!g_strcmp0 (r->hints[0], key_name) || !g_strcmp0 (r->hints[1], key_name))
hint_found = TRUE;
}
g_hash_table_unref (attributes);
secret_value_unref (secret);
break;
}
}
/* If there were hints, and none of the hints were returned by the keyring,
* get some new secrets.
*/
if (r->flags) {
if (r->hints && r->hints[0] && !hint_found)
ask = TRUE;
else if (r->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW) {
g_message ("New secrets for %s/%s requested; ask the user", connection_id, r->setting_name);
ask = TRUE;
} else if ( (r->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION)
&& is_connection_always_ask (r->connection))
ask = TRUE;
}
/* Returned secrets are a{sa{sv}}; this is the outer a{s...} hash that
* will contain all the individual settings hashes.
*/
settings = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, (GDestroyNotify) g_hash_table_destroy);
g_hash_table_insert (settings, g_strdup (r->setting_name), secrets);
done:
g_list_free_full (list, g_object_unref);
if (ask) {
GHashTableIter hash_iter;
const char *setting_name;
GHashTable *setting_hash;
/* Stuff all the found secrets into the connection for the UI to use */
g_hash_table_iter_init (&hash_iter, settings);
while (g_hash_table_iter_next (&hash_iter,
(gpointer *) &setting_name,
(gpointer *) &setting_hash)) {
nm_connection_update_secrets (r->connection,
setting_name,
setting_hash,
NULL);
}
ask_for_secrets (r);
} else {
/* Otherwise send the secrets back to NetworkManager */
r->get_callback (NM_SECRET_AGENT (r->agent), r->connection, error ? NULL : settings, error, r->callback_data);
request_free (r);
}
if (settings)
g_hash_table_destroy (settings);
g_clear_error (&error);
}
static void
keyring_find_secrets_cb (GnomeKeyringResult result,
GList *list,
gpointer user_data)
{
KeyringCall *call = user_data;
Request *r = call->r;
GError *error = NULL;
const char *connection_id = NULL;
GHashTable *secrets = NULL, *settings = NULL;
GList *iter;
gboolean hint_found = FALSE, ask = FALSE;
r->keyring_calls = g_slist_remove (r->keyring_calls, call);
if (r->canceled) {
/* Callback already called by NM or dispose */
request_free (r);
return;
}
connection_id = nm_connection_get_id (r->connection);
if (result == GNOME_KEYRING_RESULT_CANCELLED) {
error = g_error_new_literal (NM_SECRET_AGENT_ERROR,
NM_SECRET_AGENT_ERROR_USER_CANCELED,
"The secrets request was canceled by the user");
goto done;
} else if ( result != GNOME_KEYRING_RESULT_OK
&& result != GNOME_KEYRING_RESULT_NO_MATCH) {
error = g_error_new (NM_SECRET_AGENT_ERROR,
NM_SECRET_AGENT_ERROR_INTERNAL_ERROR,
"%s.%d - failed to read secrets from keyring (result %d)",
__FILE__, __LINE__, result);
goto done;
}
/* Only ask if we're allowed to, ie if flags != NM_SECRET_AGENT_GET_SECRETS_FLAG_NONE */
if (r->flags && g_list_length (list) == 0) {
g_message ("No keyring secrets found for %s/%s; asking user.", connection_id, r->setting_name);
ask_for_secrets (r);
return;
}
secrets = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, destroy_gvalue);
/* Extract the secrets from the list of matching keyring items */
for (iter = list; iter != NULL; iter = g_list_next (iter)) {
GnomeKeyringFound *found = iter->data;
GnomeKeyringAttribute *attr;
const char *key_name = NULL;
int i;
for (i = 0; i < found->attributes->len; i++) {
attr = &(gnome_keyring_attribute_list_index (found->attributes, i));
if ( (strcmp (attr->name, KEYRING_SK_TAG) == 0)
&& (attr->type == GNOME_KEYRING_ATTRIBUTE_TYPE_STRING)) {
key_name = attr->value.string;
g_hash_table_insert (secrets, g_strdup (key_name), string_to_gvalue (found->secret));
/* See if this property matches a given hint */
if (r->hints && r->hints[0]) {
if (!g_strcmp0 (r->hints[0], key_name) || !g_strcmp0 (r->hints[1], key_name))
hint_found = TRUE;
}
break;
}
}
}
/* If there were hints, and none of the hints were returned by the keyring,
* get some new secrets.
*/
if (r->flags) {
if (r->hints && r->hints[0] && !hint_found)
ask = TRUE;
else if (r->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW) {
g_message ("New secrets for %s/%s requested; ask the user", connection_id, r->setting_name);
ask = TRUE;
} else if ( (r->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION)
&& is_connection_always_ask (r->connection))
ask = TRUE;
}
/* Returned secrets are a{sa{sv}}; this is the outer a{s...} hash that
* will contain all the individual settings hashes.
*/
settings = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, (GDestroyNotify) g_hash_table_destroy);
g_hash_table_insert (settings, g_strdup (r->setting_name), secrets);
done:
if (ask) {
GHashTableIter hash_iter;
const char *setting_name;
GHashTable *setting_hash;
/* Stuff all the found secrets into the connection for the UI to use */
g_hash_table_iter_init (&hash_iter, settings);
while (g_hash_table_iter_next (&hash_iter,
(gpointer *) &setting_name,
(gpointer *) &setting_hash)) {
nm_connection_update_secrets (r->connection,
setting_name,
setting_hash,
NULL);
}
ask_for_secrets (r);
} else {
/* Otherwise send the secrets back to NetworkManager */
r->get_callback (NM_SECRET_AGENT (r->agent), r->connection, error ? NULL : settings, error, r->callback_data);
request_free (r);
}
if (settings)
g_hash_table_destroy (settings);
g_clear_error (&error);
}
