static void
modem_get_sim_ready (MMModem *modem,
GAsyncResult *res,
BroadbandDeviceInfo *info)
{
GHashTable *attrs;
info->mm_sim = mm_modem_get_sim_finish (modem, res, NULL);
if (!info->mm_sim)
/* Ok, the modem may not need it actually */
return;
/* Do nothing if we're not locked */
if (mm_modem_get_state (info->mm_modem) != MM_MODEM_STATE_LOCKED)
return;
/* If we have a device ID ask the keyring for any saved SIM-PIN codes */
if (mm_modem_get_device_identifier (info->mm_modem) &&
mm_modem_get_unlock_required (info->mm_modem) == MM_MODEM_LOCK_SIM_PIN) {
attrs = secret_attributes_build (&mobile_secret_schema, "devid",
mm_modem_get_device_identifier (info->mm_modem),
NULL);
secret_service_search (NULL, &mobile_secret_schema, attrs,
SECRET_SEARCH_UNLOCK | SECRET_SEARCH_LOAD_SECRETS,
info->cancellable, keyring_pin_check_cb, info);
g_hash_table_unref (attrs);
} else {
/* Couldn't get a device ID, but unlock required; present dialog */
unlock_dialog_new (info->device, info);
}
/* Couldn't get a device ID, but unlock required; present dialog */
unlock_dialog_new (info->device, info);
}
static void
get_secrets (NMSecretAgent *agent,
NMConnection *connection,
const char *connection_path,
const char *setting_name,
const char **hints,
guint32 flags,
NMSecretAgentGetSecretsFunc callback,
gpointer callback_data)
{
AppletAgentPrivate *priv = APPLET_AGENT_GET_PRIVATE (agent);
Request *r;
GError *error = NULL;
NMSettingConnection *s_con;
NMSetting *setting;
const char *uuid, *ctype;
GHashTable *attrs;
setting = nm_connection_get_setting_by_name (connection, setting_name);
if (!setting) {
error = g_error_new (NM_SECRET_AGENT_ERROR,
NM_SECRET_AGENT_ERROR_INVALID_CONNECTION,
"%s.%d - Connection didn't have requested setting '%s'.",
__FILE__, __LINE__, setting_name);
callback (agent, connection, NULL, error, callback_data);
g_error_free (error);
return;
}
uuid = nm_connection_get_uuid (connection);
s_con = nm_connection_get_setting_connection (connection);
g_assert (s_con);
ctype = nm_setting_connection_get_connection_type (s_con);
if (!uuid || !ctype) {
error = g_error_new (NM_SECRET_AGENT_ERROR,
NM_SECRET_AGENT_ERROR_INVALID_CONNECTION,
"%s.%d - Connection didn't have required UUID.",
__FILE__, __LINE__);
callback (agent, connection, NULL, error, callback_data);
g_error_free (error);
return;
}
/* Track the secrets request */
r = request_new (agent, connection, connection_path, setting_name, hints, flags, callback, NULL, NULL, callback_data);
g_hash_table_insert (priv->requests, GUINT_TO_POINTER (r->id), r);
/* VPN passwords are handled by the VPN plugin's auth dialog */
if (!strcmp (ctype, NM_SETTING_VPN_SETTING_NAME)) {
ask_for_secrets (r);
return;
}
/* Only handle non-VPN secrets if we're supposed to */
if (priv->vpn_only == TRUE) {
error = g_error_new_literal (NM_SECRET_AGENT_ERROR,
NM_SECRET_AGENT_ERROR_NO_SECRETS,
"Only handling VPN secrets at this time.");
callback (agent, connection, NULL, error, callback_data);
g_error_free (error);
return;
}
/* For everything else we scrape the keyring for secrets first, and ask
* later if required.
*/
attrs = secret_attributes_build (&network_manager_secret_schema,
KEYRING_UUID_TAG, uuid,
KEYRING_SN_TAG, setting_name,
NULL);
secret_service_search (NULL, &network_manager_secret_schema, attrs,
SECRET_SEARCH_ALL | SECRET_SEARCH_UNLOCK | SECRET_SEARCH_LOAD_SECRETS,
r->cancellable, keyring_find_secrets_cb, r);
r->keyring_calls++;
g_hash_table_unref (attrs);
}
void NetworkStorageSession::getCredentialFromPersistentStorage(const ProtectionSpace& protectionSpace, Function<void (Credential&&)> completionHandler)
{
#if USE(LIBSECRET)
if (m_sessionID.isEphemeral()) {
completionHandler({ });
return;
}
const String& realm = protectionSpace.realm();
if (realm.isEmpty()) {
completionHandler({ });
return;
}
GRefPtr<GHashTable> attributes = adoptGRef(secret_attributes_build(SECRET_SCHEMA_COMPAT_NETWORK,
"domain", realm.utf8().data(),
"server", protectionSpace.host().utf8().data(),
"port", protectionSpace.port(),
"protocol", schemeFromProtectionSpaceServerType(protectionSpace.serverType()),
"authtype", authTypeFromProtectionSpaceAuthenticationScheme(protectionSpace.authenticationScheme()),
nullptr));
if (!attributes) {
completionHandler({ });
return;
}
m_persisentStorageCancellable = adoptGRef(g_cancellable_new());
m_persisentStorageCompletionHandler = WTFMove(completionHandler);
secret_service_search(nullptr, SECRET_SCHEMA_COMPAT_NETWORK, attributes.get(),
static_cast<SecretSearchFlags>(SECRET_SEARCH_UNLOCK | SECRET_SEARCH_LOAD_SECRETS), m_persisentStorageCancellable.get(),
[](GObject* source, GAsyncResult* result, gpointer userData) {
GUniqueOutPtr<GError> error;
GUniquePtr<GList> elements(secret_service_search_finish(SECRET_SERVICE(source), result, &error.outPtr()));
if (g_error_matches (error.get(), G_IO_ERROR, G_IO_ERROR_CANCELLED))
return;
NetworkStorageSession* session = static_cast<NetworkStorageSession*>(userData);
auto completionHandler = std::exchange(session->m_persisentStorageCompletionHandler, nullptr);
if (error || !elements || !elements->data) {
completionHandler({ });
return;
}
GRefPtr<SecretItem> secretItem = adoptGRef(static_cast<SecretItem*>(elements->data));
GRefPtr<GHashTable> attributes = adoptGRef(secret_item_get_attributes(secretItem.get()));
String user = String::fromUTF8(static_cast<const char*>(g_hash_table_lookup(attributes.get(), "user")));
if (user.isEmpty()) {
completionHandler({ });
return;
}
size_t length;
GRefPtr<SecretValue> secretValue = adoptGRef(secret_item_get_secret(secretItem.get()));
const char* passwordData = secret_value_get(secretValue.get(), &length);
completionHandler(Credential(user, String::fromUTF8(passwordData, length), CredentialPersistencePermanent));
}, this);
#else
UNUSED_PARAM(protectionSpace);
completionHandler({ });
#endif
}
