diff options
| author | Thomas Haller <thaller@redhat.com> | 2018-06-11 12:27:03 +0200 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2018-06-12 14:45:40 +0200 |
| commit | 6d06a0e1b0c2732155a61289736fc95e2275db98 (patch) | |
| tree | 7bd6f3d696194594f77208816805e293845d55c1 | |
| parent | 8bb1aed2ad1a0beb8f7036a0f3b54da6fc5b0ba5 (diff) | |
| download | NetworkManager-6d06a0e1b0c2732155a61289736fc95e2275db98.tar.gz | |
device: handle failure in generate_duid_from_machine_id() in dhcp6_get_duid()
dhcp6_get_duid() already handles failure to generate the DUID in a
sensible manner. No reason to duplicate the error handling in
generate_duid_from_machine_id().
Especially, because generate_duid_from_machine_id() used to cache the
random DUID in memory and reuse it from then on. There is no reason to do
that, /etc/machine-id must be available to NetworkManager. We still
handle such a grave error gracefully by generating a random DUID.
| -rw-r--r-- | src/devices/nm-device.c | 40 | ||||
| -rw-r--r-- | src/nm-core-utils.c | 6 |
2 files changed, 19 insertions, 27 deletions
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c index 4198a9dd68..db3b15a53b 100644 --- a/src/devices/nm-device.c +++ b/src/devices/nm-device.c @@ -7797,18 +7797,14 @@ generate_duid_from_machine_id (void) return g_bytes_ref (global_duid); machine_id_s = nm_utils_machine_id_read (); - if (nm_utils_machine_id_parse (machine_id_s, uuid)) { - /* Hash the machine ID so it's not leaked to the network */ - sum = g_checksum_new (G_CHECKSUM_SHA256); - g_checksum_update (sum, (const guchar *) &uuid, sizeof (uuid)); - g_checksum_get_digest (sum, sha256_digest, &len); - g_checksum_free (sum); - } else { - nm_log_warn (LOGD_IP6, "global duid: failed to read " SYSCONFDIR "/machine-id " - "or " LOCALSTATEDIR "/lib/dbus/machine-id to generate " - "DHCPv6 DUID; creating non-persistent random DUID."); - nm_utils_random_bytes (sha256_digest, len); - } + if (!nm_utils_machine_id_parse (machine_id_s, uuid)) + return NULL; + + /* Hash the machine ID so it's not leaked to the network */ + sum = g_checksum_new (G_CHECKSUM_SHA256); + g_checksum_update (sum, (const guchar *) &uuid, sizeof (uuid)); + g_checksum_get_digest (sum, sha256_digest, &len); + g_checksum_free (sum); global_duid = generate_duid_uuid (sha256_digest, len); return g_bytes_ref (global_duid); @@ -7824,7 +7820,7 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, NMDhcp GBytes *duid_out = NULL; guint8 sha256_digest[32]; gsize len = sizeof (sha256_digest); - NMDhcpDuidEnforce duid_enforce = NM_DHCP_DUID_ENFORCE_NEVER; + NMDhcpDuidEnforce duid_enforce = NM_DHCP_DUID_ENFORCE_ALWAYS; s_ip6 = nm_connection_get_setting_ip6_config (connection); duid = nm_setting_ip6_config_get_dhcp_duid (NM_SETTING_IP6_CONFIG (s_ip6)); @@ -7836,12 +7832,13 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, NMDhcp } if (!duid || nm_streq (duid, "lease")) { + duid_enforce = NM_DHCP_DUID_ENFORCE_NEVER; duid_out = generate_duid_from_machine_id (); + if (!duid_out) + duid_error = "failure to read machine-id"; goto end; } - duid_enforce = NM_DHCP_DUID_ENFORCE_ALWAYS; - if (!_nm_utils_dhcp_duid_valid (duid, &duid_out)) { duid_error = "invalid duid"; goto end; @@ -7868,11 +7865,8 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, NMDhcp gsize secret_key_len; stable_id = _get_stable_id (self, connection, &stable_type); - if (!stable_id) { - nm_assert_not_reached (); - duid_error = "cannot retrieve the stable id"; - goto end; - } + if (!stable_id) + g_return_val_if_reached (NULL); salted_header = htonl (670531087 + stable_type); @@ -7933,8 +7927,7 @@ end: if (!duid_out) { guint8 uuid[16]; - if (duid_error) - _LOGW (LOGD_IP6, "duid-gen (%s): %s. Fallback to random DUID-UUID.", duid, duid_error); + _LOGW (LOGD_IP6, "duid-gen (%s): %s. Fallback to random DUID-UUID.", duid, duid_error); nm_utils_random_bytes (uuid, sizeof (uuid)); duid_out = generate_duid_uuid (uuid, sizeof (uuid)); @@ -7945,7 +7938,6 @@ end: (duid_enforce == NM_DHCP_DUID_ENFORCE_ALWAYS) ? "enforcing" : "fallback"); NM_SET_OUT (out_enforce, duid_enforce); - return duid_out; } @@ -7956,7 +7948,7 @@ dhcp6_start_with_link_ready (NMDevice *self, NMConnection *connection) NMSettingIPConfig *s_ip6; gs_unref_bytes GBytes *hwaddr = NULL; gs_unref_bytes GBytes *duid = NULL; - NMDhcpDuidEnforce enforce_duid; + NMDhcpDuidEnforce enforce_duid = NM_DHCP_DUID_ENFORCE_NEVER; const NMPlatformIP6Address *ll_addr = NULL; diff --git a/src/nm-core-utils.c b/src/nm-core-utils.c index 09b465a07e..54ccdb836d 100644 --- a/src/nm-core-utils.c +++ b/src/nm-core-utils.c @@ -2521,20 +2521,20 @@ nm_utils_machine_id_read (void) */ if ( !g_file_get_contents ("/etc/machine-id", &contents, NULL, NULL) && !g_file_get_contents (LOCALSTATEDIR "/lib/dbus/machine-id", &contents, NULL, NULL)) - return FALSE; + return NULL; contents = g_strstrip (contents); for (i = 0; i < 32; i++) { if (!g_ascii_isxdigit (contents[i])) - return FALSE; + return NULL; if (contents[i] >= 'A' && contents[i] <= 'F') { /* canonicalize to lower-case */ contents[i] = 'a' + (contents[i] - 'A'); } } if (contents[i] != '\0') - return FALSE; + return NULL; return g_steal_pointer (&contents); } |