diff --git a/src/libnm-core-impl/nm-setting-vpn.c b/src/libnm-core-impl/nm-setting-vpn.c index b867d01860..f34d560854 100644 --- a/src/libnm-core-impl/nm-setting-vpn.c +++ b/src/libnm-core-impl/nm-setting-vpn.c @@ -704,6 +704,8 @@ for_each_secret(NMSetting *setting, while (g_variant_iter_next(&vpn_secrets_iter, "{&s&s}", &vpn_secret_name, &secret)) { NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; + _nm_setting_secret_fix_hint_tag(setting, &vpn_secret_name); + /* we ignore the return value of get_secret_flags. The function may determine * that this is not a secret, based on having not secret-flags and no secrets. * But we have the secret at hand. We know it would be a valid secret, if we diff --git a/src/libnm-core-impl/nm-setting-wireguard.c b/src/libnm-core-impl/nm-setting-wireguard.c index 4f96f74210..b27265ece1 100644 --- a/src/libnm-core-impl/nm-setting-wireguard.c +++ b/src/libnm-core-impl/nm-setting-wireguard.c @@ -2218,6 +2218,8 @@ for_each_secret(NMSetting *setting, while (g_variant_iter_next(peer_iter, "{&sv}", &key, &val)) { _nm_unused gs_unref_variant GVariant *val_free = val; + _nm_setting_secret_fix_hint_tag(setting, &key); + if (nm_streq(key, NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY)) { if (!preshared_key && g_variant_is_of_type(val, G_VARIANT_TYPE_STRING)) preshared_key = g_variant_ref(val); diff --git a/src/libnm-core-impl/nm-setting.c b/src/libnm-core-impl/nm-setting.c index bbaa6fcda2..005cc0f337 100644 --- a/src/libnm-core-impl/nm-setting.c +++ b/src/libnm-core-impl/nm-setting.c @@ -3559,6 +3559,8 @@ for_each_secret(NMSetting *setting, { NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; + _nm_setting_secret_fix_hint_tag(setting, &secret_name); + if (!nm_setting_get_secret_flags(setting, secret_name, &secret_flags, NULL)) { if (!remove_non_secrets) g_variant_builder_add(setting_builder, "{sv}", secret_name, val); @@ -3568,6 +3570,37 @@ for_each_secret(NMSetting *setting, g_variant_builder_add(setting_builder, "{sv}", secret_name, val); } +gboolean +_nm_setting_secret_fix_hint_tag(NMSetting *setting, const char **secret_name) +{ + /* Secret agents should remove tags like "x-dynamic-challenge:" from the secret name, + * but old agents might have not adapted yet. If that happens, do the work here: + * remove the tag and set the flags that are implied by that tag. */ + + NMSettingSecretFlags flags_to_add = NM_SETTING_SECRET_FLAG_NONE; + gboolean ret = FALSE; + + if (g_str_has_prefix(*secret_name, NM_SECRET_TAG_DYNAMIC_CHALLENGE)) { + *secret_name += NM_STRLEN(NM_SECRET_TAG_DYNAMIC_CHALLENGE); + flags_to_add |= NM_SETTING_SECRET_FLAG_NOT_SAVED; + ret = TRUE; + } else if (g_str_has_prefix(*secret_name, NM_SECRET_TAG_DYNAMIC_CHALLENGE_ECHO)) { + *secret_name += NM_STRLEN(NM_SECRET_TAG_DYNAMIC_CHALLENGE_ECHO); + flags_to_add |= NM_SETTING_SECRET_FLAG_NOT_SAVED; + ret = TRUE; + } + + if (flags_to_add) { + NMSettingSecretFlags current_flags = NM_SETTING_SECRET_FLAG_NONE; + + nm_setting_get_secret_flags(setting, *secret_name, ¤t_flags, NULL); + current_flags |= flags_to_add; + nm_setting_set_secret_flags(setting, *secret_name, current_flags, NULL); + } + + return ret; +} + static void _set_error_secret_property_not_found(GError **error, NMSetting *setting, const char *secret_name) { diff --git a/src/libnm-core-intern/nm-core-internal.h b/src/libnm-core-intern/nm-core-internal.h index fc157c5881..084b1b39bc 100644 --- a/src/libnm-core-intern/nm-core-internal.h +++ b/src/libnm-core-intern/nm-core-internal.h @@ -122,6 +122,8 @@ _nm_setting_secret_flags_valid(NMSettingSecretFlags flags) return !NM_FLAGS_ANY(flags, ~NM_SETTING_SECRET_FLAG_ALL); } +gboolean _nm_setting_secret_fix_hint_tag(NMSetting *setting, const char **secret_name); + /*****************************************************************************/ const char *