cli: fix reading "vpn.secrets.*" from passwd-file

Due to a bug, we required VPN secrets to be prefixed with "vpn.secret." instead of "vpn.secrets.". This was a change in behavior with 1.12.0 release. Fix it, to restore the old behavior. For backward compatibility to the broken behavior, adjust parse_passwords() to treat accept that as well. https://bugzilla.redhat.com/show_bug.cgi?id=1628833 https://github.com/NetworkManager/NetworkManager/pull/201 Fixes: 0601b5d725 (cherry picked from commit 5815ae8c60)
2024-07-23 19:24:38 +00:00 · 2018-09-14 11:13:05 +02:00 · 2018-09-14 11:13:05 +02:00 · 6bfab6796f
parent 63639f338f
commit 6bfab6796f
5 changed files with 17 additions and 9 deletions
--- a/clients/cli/common.c
+++ b/clients/cli/common.c
@ -645,13 +645,13 @@ vpn_openconnect_get_secrets (NMConnection *connection, GPtrArray *secrets)
 		if (!nm_streq0 (secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT))
 			continue;

-		if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "cookie")) {
+		if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "cookie")) {
 			g_free (secret->value);
 			secret->value = g_steal_pointer (&cookie);
-		} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gateway")) {
+		} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gateway")) {
 			g_free (secret->value);
 			secret->value = g_steal_pointer (&gateway);
-		} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gwcert")) {
+		} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gwcert")) {
 			g_free (secret->value);
 			secret->value = g_steal_pointer (&gwcert);
 		}
--- a/clients/cli/connections.c
+++ b/clients/cli/connections.c
@ -2607,7 +2607,15 @@ parse_passwords (const char *passwd_file, GError **error)
 			return NULL;
 		}

-		pwd_spec = g_strdup_printf ("%s.%s", setting, prop);
+		if (   nm_streq (setting, "vpn")
+		    && g_str_has_prefix (prop, "secret.")) {
+			/* in 1.12.0, we wrongly required the VPN secrets to be named
+			 * "vpn.secret". It should be "vpn.secrets". Work around it
+			 * (rh#1628833). */
+			pwd_spec = g_strdup_printf ("vpn.secrets.%s", &prop[NM_STRLEN ("secret.")]);
+		} else
+			pwd_spec = g_strdup_printf ("%s.%s", setting, prop);
+
 		g_hash_table_insert (pwds_hash, pwd_spec, g_strdup (pwd));
 	}
 	return g_steal_pointer (&pwds_hash);
--- a/clients/common/nm-secret-agent-simple.c
+++ b/clients/common/nm-secret-agent-simple.c
@ -195,7 +195,7 @@ nm_secret_agent_simple_secret_new (NMSecretAgentSecretType secret_type,
 		real->base.is_secret = (secret_type != NM_SECRET_AGENT_SECRET_TYPE_PROPERTY);
 		break;
 	case NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET:
-		vpn_prefix = NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET;
+		vpn_prefix = NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS;
 		value = nm_setting_vpn_get_secret (NM_SETTING_VPN (setting), property);
 		real->base.entry_id = g_strdup_printf ("%s%s", vpn_prefix, property);
 		nm_assert (vpn_type);
--- a/clients/common/nm-secret-agent-simple.h
+++ b/clients/common/nm-secret-agent-simple.h
@ -56,7 +56,7 @@ typedef struct {
 	gboolean is_secret;
 } NMSecretAgentSimpleSecret;

-#define NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "vpn.secret."
+#define NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "vpn.secrets."

 #define NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT  NM_DBUS_INTERFACE".openconnect"

--- a/clients/tui/nmtui-connect.c
+++ b/clients/tui/nmtui-connect.c
@ -121,13 +121,13 @@ secrets_requested (NMSecretAgentSimple *agent,
 					continue;
 				if (!nm_streq0 (secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT))
 					continue;
-				if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "cookie")) {
+				if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "cookie")) {
 					g_free (secret->value);
 					secret->value = g_steal_pointer (&cookie);
-				} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gateway")) {
+				} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gateway")) {
 					g_free (secret->value);
 					secret->value = g_steal_pointer (&gateway);
-				} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gwcert")) {
+				} else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gwcert")) {
 					g_free (secret->value);
 					secret->value = g_steal_pointer (&gwcert);
 				}