[network-manager-openvpn/jk/key-password-require-bgo756638] properties: do not require password for always-ask, not-required (bgo #756638)
- From: Jiří Klimeš <jklimes src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-openvpn/jk/key-password-require-bgo756638] properties: do not require password for always-ask, not-required (bgo #756638)
- Date: Fri, 16 Oct 2015 12:57:56 +0000 (UTC)
commit e3de6bc5b3f756584d0cda4711f04edb24df1fbf
Author: Jiří Klimeš <jklimes redhat com>
Date: Fri Oct 16 14:42:11 2015 +0200
properties: do not require password for always-ask, not-required (bgo #756638)
If password is marked as always-ask or not-required, do not insist on having a
password.
Actually we might detect password requirement incorrectly, because we regard
all PKCS#12 private keys as encrypted. Thus we require a password even if
the private key is not really encrypted. This commit allows user to override
the bad detection.
https://bugzilla.gnome.org/show_bug.cgi?id=756638
properties/auth-helpers.c | 22 ++++++++++++++--------
1 files changed, 14 insertions(+), 8 deletions(-)
---
diff --git a/properties/auth-helpers.c b/properties/auth-helpers.c
index 209cc03..40049e1 100644
--- a/properties/auth-helpers.c
+++ b/properties/auth-helpers.c
@@ -434,7 +434,8 @@ validate_tls (GtkBuilder *builder, const char *prefix, GError **error)
char *tmp;
gboolean valid, encrypted = FALSE;
GtkWidget *widget;
- char *str;
+ NMSettingSecretFlags pw_flags;
+ gboolean secrets_required = TRUE;
tmp = g_strdup_printf ("%s_ca_cert_chooser", prefix);
valid = validate_file_chooser (builder, tmp);
@@ -471,14 +472,19 @@ validate_tls (GtkBuilder *builder, const char *prefix, GError **error)
}
/* Encrypted certificates require a password */
- str = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
- encrypted = is_encrypted (str);
- g_free (str);
- if (encrypted) {
- tmp = g_strdup_printf ("%s_private_key_password_entry", prefix);
- widget = GTK_WIDGET (gtk_builder_get_object (builder, tmp));
- g_free (tmp);
+ tmp = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
+ encrypted = is_encrypted (tmp);
+ g_free (tmp);
+
+ tmp = g_strdup_printf ("%s_private_key_password_entry", prefix);
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, tmp));
+ g_free (tmp);
+ pw_flags = nma_utils_menu_to_secret_flags (widget);
+ if ( pw_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED
+ || pw_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)
+ secrets_required = FALSE;
+ if (encrypted && secrets_required) {
if (!gtk_entry_get_text_length (GTK_ENTRY (widget))) {
g_set_error (error,
OPENVPN_PLUGIN_UI_ERROR,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]