File nm-don-t-consider-not-needed-secrets-for-has_system_secr.diff of Package NetworkManager

From 7e3c0930ff594c3e6b08c221dedadc9235006d9f Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Fri, 7 Oct 2011 13:58:48 +0200
Subject: [PATCH 3/3] don't consider not needed secrets for has_system_secrets()

---
 src/settings/nm-agent-manager.c |   56 +++++++++++++++++++++++++++++++++++---
 1 files changed, 51 insertions(+), 5 deletions(-)

Index: NetworkManager-0.9.8.0/src/settings/nm-agent-manager.c
===================================================================
--- NetworkManager-0.9.8.0.orig/src/settings/nm-agent-manager.c
+++ NetworkManager-0.9.8.0/src/settings/nm-agent-manager.c
@@ -847,6 +847,11 @@ get_agent_modify_auth_cb (NMAuthChain *c
 	nm_auth_chain_unref (chain);
 }
 
+struct system_secrets_cb_data {
+	GHashTable *hash;
+	gboolean *has_system;
+};
+
 static void
 check_system_secrets_cb (NMSetting *setting,
                          const char *key,
@@ -855,11 +860,17 @@ check_system_secrets_cb (NMSetting *sett
                          gpointer user_data)
 {
 	NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE;
-	gboolean *has_system = user_data;
+	struct system_secrets_cb_data *data = user_data;
+	gboolean has_system = FALSE;
 
 	if (!(flags & NM_SETTING_PARAM_SECRET))
 		return;
 
+	if (!g_hash_table_lookup(data->hash, key)) {
+		nm_log_dbg (LOGD_AGENTS, "%s: %s not needed", __FUNCTION__, key);
+		return;
+	}
+
 	/* Clear out system-owned or always-ask secrets */
 	if (NM_IS_SETTING_VPN (setting) && !strcmp (key, NM_SETTING_VPN_SECRETS)) {
 		GHashTableIter iter;
@@ -871,21 +882,44 @@ check_system_secrets_cb (NMSetting *sett
 			secret_flags = NM_SETTING_SECRET_FLAG_NONE;
 			nm_setting_get_secret_flags (setting, secret_name, &secret_flags, NULL);
 			if (secret_flags == NM_SETTING_SECRET_FLAG_NONE)
-				*has_system = TRUE;
+				has_system = TRUE;
 		}
 	} else {
 		nm_setting_get_secret_flags (setting, key, &secret_flags, NULL);
 		if (secret_flags == NM_SETTING_SECRET_FLAG_NONE)
-			*has_system = TRUE;
+			has_system = TRUE;
 	}
+	nm_log_dbg (LOGD_AGENTS, "%s: %s has_system=%d", __FUNCTION__, key, has_system);
+	*data->has_system = has_system;
 }
 
 static gboolean
 has_system_secrets (NMConnection *connection)
 {
 	gboolean has_system = FALSE;
+	GPtrArray *hints = NULL;
+	const char *setting_name;
+	unsigned i;
+	struct system_secrets_cb_data data = {
+		NULL,
+		&has_system,
+	};
+
+	setting_name = nm_connection_need_secrets (connection, &hints);
+	/* some secrets should be needed at this point */
+	g_return_val_if_fail(setting_name != NULL, has_system);
+	g_return_val_if_fail(hints != NULL, has_system);
+
+	data.hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
+	for (i = 0; i < hints->len; i++) {
+		g_hash_table_insert (data.hash, g_strdup ((const char*)g_ptr_array_index(hints, i)), (void*)(long)1);
+	}
+
+	nm_connection_for_each_setting_value (connection, check_system_secrets_cb, &data);
+
+	g_hash_table_destroy (data.hash);
+	g_ptr_array_free(hints, TRUE);
 
-	nm_connection_for_each_setting_value (connection, check_system_secrets_cb, &has_system);
 	return has_system;
 }
 
@@ -894,20 +928,32 @@ get_next_cb (Request *req)
 {
 	NMSettingConnection *s_con;
 	const char *agent_dbus_owner, *perm;
+	gboolean has_system = FALSE;
 
 	if (!next_generic (req, "getting"))
 		return;
 
 	agent_dbus_owner = nm_secret_agent_get_dbus_owner (NM_SECRET_AGENT (req->current));
 
+	has_system = has_system_secrets (req->connection);
+	nm_log_dbg (LOGD_AGENTS, "flags %d, existing %p, has_system %d",
+			req->flags, req->existing_secrets, has_system);
+
 	/* If the request flags allow user interaction, and there are existing
 	 * system secrets (or blank secrets that are supposed to be system-owned),
 	 * check whether the agent has the 'modify' permission before sending those
 	 * secrets to the agent.  We shouldn't leak system-owned secrets to
 	 * unprivileged users.
 	 */
+	/* XXX: there needs to be a way to determine whether there
+	 * are missing system secrets (ie user clicked on a network
+	 * and wants to connect for the first time). Later we should
+	 * not ask for modifying system secrets. The connection
+	 * should simply fail then. Setting new secrets is a job for
+	 * the connection edit dialog.
+	 */
 	if (   (req->flags != NM_SETTINGS_GET_SECRETS_FLAG_NONE)
-	    && (req->existing_secrets || has_system_secrets (req->connection))) {
+	    && (req->existing_secrets || has_system)) {
 		nm_log_dbg (LOGD_AGENTS, "(%p/%s) request has system secrets; checking agent %s for MODIFY",
 		            req, req->setting_name, agent_dbus_owner);