Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge branch 'jb47237' into 'master'
Implement option to explicitly keep VPN agent credentials.

See merge request mer-core/lipstick!120
  • Loading branch information
rainemak committed Sep 12, 2019
2 parents 8def78c + 59533d7 commit 9ff8bae
Showing 1 changed file with 30 additions and 4 deletions.
34 changes: 30 additions & 4 deletions src/vpnagent.cpp
@@ -1,7 +1,7 @@
/***************************************************************************
**
** Copyright (C) 2016 Jolla Ltd.
** Contact: Matt Vogt <matthew.vogt@jollamobile.com>
** Copyright (C) 2016 - 2019 Jolla Ltd.
** Copyright (C) 2019 Open Mobile Platform LLC.
**
** This file is part of lipstick.
**
Expand Down Expand Up @@ -72,6 +72,7 @@ bool VpnAgent::windowVisible() const
void VpnAgent::respond(const QString &path, const QVariantMap &details)
{
bool storeCredentials = false;
bool keepCredentials = false;

// Marshall our response
QVariantMap response;
Expand All @@ -85,6 +86,10 @@ void VpnAgent::respond(const QString &path, const QVariantMap &details)
&& (fieldRequirement == QStringLiteral("control"))
&& (fieldType == QStringLiteral("boolean"))) {
storeCredentials = fieldValue.toBool();
} else if ((name == QStringLiteral("keepCredentials"))
&& (fieldRequirement == QStringLiteral("control"))
&& (fieldType == QStringLiteral("boolean"))) {
keepCredentials = fieldValue.toBool();
} else {
if (fieldRequirement == QStringLiteral("mandatory") ||
(fieldRequirement != QStringLiteral("informational")
Expand All @@ -97,7 +102,7 @@ void VpnAgent::respond(const QString &path, const QVariantMap &details)

if (storeCredentials) {
m_connections->setConnectionCredentials(path, response);
} else {
} else if (!keepCredentials) { // Clearing explicitly disabled
m_connections->disableConnectionCredentials(path);
}

Expand Down Expand Up @@ -214,6 +219,13 @@ QVariantMap VpnAgent::RequestInput(const QDBusObjectPath &path, const QVariantMa

const bool allowCredentialStorage(ExtractRequestBool(extracted, "AllowStoreCredentials", true));
const bool allowCredentialRetrieval(ExtractRequestBool(extracted, "AllowRetrieveCredentials", true));
/*
* When the second request is something else that is to be kept in memory
* only and is not for VPN agent to keep, the requester can set this flag
* to avoid the credentials from being cleared out. By default this is false
* and in such case is not saved.
*/
const bool keepCredentials(ExtractRequestBool(extracted, "KeepCredentials", false));

// Can we supply the requested data from stored credentials?
const QString objectPath(path.path());
Expand Down Expand Up @@ -254,7 +266,7 @@ QVariantMap VpnAgent::RequestInput(const QDBusObjectPath &path, const QVariantMa
}
}

if (failureIt != extracted.end()) {
if (failureIt != extracted.end() && !keepCredentials) {
// Hide this property from the user agent
extracted.erase(failureIt);
} else {
Expand Down Expand Up @@ -283,6 +295,20 @@ QVariantMap VpnAgent::RequestInput(const QDBusObjectPath &path, const QVariantMa
extracted.insert(QStringLiteral("storeCredentials"), field);
}

/*
* By default this is false if not set. This value needs to be explicitely
* set to retain the credentials although storing and retrieval is disabled.
* This is used with Private Key passwords, which are stored in memory but
* not in VPN agent and the actual credentials are required to be stored.
*/
if (keepCredentials) {
QVariantMap field;
field.insert(QStringLiteral("Requirement"), QVariant::fromValue(QStringLiteral("control")));
field.insert(QStringLiteral("Type"), QVariant::fromValue(QStringLiteral("boolean")));
field.insert(QStringLiteral("Value"), QVariant::fromValue(keepCredentials));
extracted.insert(QStringLiteral("keepCredentials"), field);
}

// Inform the caller that the reponse will be asynchronous
QDBusContext::setDelayedReply(true);

Expand Down

0 comments on commit 9ff8bae

Please sign in to comment.