cli: hide secret certificate blobs unless --show-secrets is passed

Client certificate and private key blobs should be considered private as other secrets and not shown unless the --show-secrets option is passed. https://bugzilla.redhat.com/show_bug.cgi?id=1184530
author: Beniamino Galvani <bgalvani@redhat.com> 2016-05-12 15:59:23 +0200
committer: Beniamino Galvani <bgalvani@redhat.com> 2016-05-13 11:49:58 +0200
commit: ca6f1e7f25daad1b635a1d7b00056bed10316c49 (patch)
tree: 5a56ead9dd59a863229bb45a6edf1713d87c85e2
parent: 8da3e658f7313f56928d22cfe13f9ab78cc1dd3c (diff)
download: NetworkManager-ca6f1e7f25daad1b635a1d7b00056bed10316c49.tar.gz
1 files changed, 60 insertions, 27 deletions
diff --git a/clients/cli/settings.c b/clients/cli/settings.c
index 741fac1cdc..338270e8f4 100644
--- a/clients/cli/settings.c
+++ b/clients/cli/settings.c
@@ -1045,19 +1045,30 @@ nmc_property_802_1X_get_ca_cert (NMSetting *setting, NmcPropertyGetType get_type
 }
 
 static char *
-nmc_property_802_1X_get_client_cert (NMSetting *setting, NmcPropertyGetType get_type)
+nmc_property_802_1X_get_client_cert (NMSetting *setting,
+                                     NmcPropertyGetType get_type,
+                                     gboolean show_secrets)
 {
 	NMSetting8021x *s_8021X = NM_SETTING_802_1X (setting);
 	NMSetting8021xCKScheme scheme;
-	char *client_cert_str = NULL;
+	char *cert_str = NULL;
 
 	scheme = nm_setting_802_1x_get_client_cert_scheme (s_8021X);
-	if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB)
-		client_cert_str = bytes_to_string (nm_setting_802_1x_get_client_cert_blob (s_8021X));
-	if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH)
-		client_cert_str = g_strdup (nm_setting_802_1x_get_client_cert_path (s_8021X));
+	if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB) {
+		if (show_secrets)
+			cert_str = bytes_to_string (nm_setting_802_1x_get_client_cert_blob (s_8021X));
+		else
+			cert_str = g_strdup (_("<hidden>"));
+	} else if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH)
+		cert_str = g_strdup (nm_setting_802_1x_get_client_cert_path (s_8021X));
 
-	return client_cert_str;
+	return cert_str;
+}
+
+static char *
+nmc_property_802_1X_get_client_cert_full (NMSetting *setting, NmcPropertyGetType get_type)
+{
+	return nmc_property_802_1X_get_client_cert (setting, get_type, TRUE);
 }
 
 static char *
@@ -1077,19 +1088,30 @@ nmc_property_802_1X_get_phase2_ca_cert (NMSetting *setting, NmcPropertyGetType g
 }
 
 static char *
-nmc_property_802_1X_get_phase2_client_cert (NMSetting *setting, NmcPropertyGetType get_type)
+nmc_property_802_1X_get_phase2_client_cert (NMSetting *setting,
+                                            NmcPropertyGetType get_type,
+                                            gboolean show_secrets)
 {
 	NMSetting8021x *s_8021X = NM_SETTING_802_1X (setting);
 	NMSetting8021xCKScheme scheme;
-	char *phase2_client_cert_str = NULL;
+	char *cert_str = NULL;
 
 	scheme = nm_setting_802_1x_get_phase2_client_cert_scheme (s_8021X);
-	if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB)
-		phase2_client_cert_str = bytes_to_string (nm_setting_802_1x_get_phase2_client_cert_blob (s_8021X));
-	if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH)
-		phase2_client_cert_str = g_strdup (nm_setting_802_1x_get_phase2_client_cert_path (s_8021X));
+	if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB) {
+		if (show_secrets)
+			cert_str = bytes_to_string (nm_setting_802_1x_get_phase2_client_cert_blob (s_8021X));
+		else
+			cert_str = g_strdup (_("<hidden>"));
+	} else if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH)
+		cert_str = g_strdup (nm_setting_802_1x_get_phase2_client_cert_path (s_8021X));
 
-	return phase2_client_cert_str;
+	return cert_str;
+}
+
+static char *
+nmc_property_802_1X_get_phase2_client_cert_full (NMSetting *setting, NmcPropertyGetType get_type)
+{
+	return nmc_property_802_1X_get_phase2_client_cert (setting, get_type, TRUE);
 }
 
 static char *
@@ -1100,19 +1122,30 @@ nmc_property_802_1X_get_password_raw (NMSetting *setting, NmcPropertyGetType get
 }
 
 static char *
-nmc_property_802_1X_get_private_key (NMSetting *setting, NmcPropertyGetType get_type)
+nmc_property_802_1X_get_private_key (NMSetting *setting,
+                                     NmcPropertyGetType get_type,
+                                     gboolean show_secrets)
 {
 	NMSetting8021x *s_8021X = NM_SETTING_802_1X (setting);
 	NMSetting8021xCKScheme scheme;
-	char *private_key_str = NULL;
+	char *key_str = NULL;
 
 	scheme = nm_setting_802_1x_get_private_key_scheme (s_8021X);
-	if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB)
-		private_key_str = bytes_to_string (nm_setting_802_1x_get_private_key_blob (s_8021X));
-	if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH)
-		private_key_str = g_strdup (nm_setting_802_1x_get_private_key_path (s_8021X));
+	if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB) {
+		if (show_secrets)
+			key_str = bytes_to_string (nm_setting_802_1x_get_private_key_blob (s_8021X));
+		else
+			key_str = g_strdup (_("<hidden>"));
+	} else if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH)
+		key_str = g_strdup (nm_setting_802_1x_get_private_key_path (s_8021X));
+
+	return key_str;
+}
 
-	return private_key_str;
+static char *
+nmc_property_802_1X_get_private_key_full (NMSetting *setting, NmcPropertyGetType get_type)
+{
+	return nmc_property_802_1X_get_private_key (setting, get_type, TRUE);
 }
 
 static char *
@@ -5715,7 +5748,7 @@ nmc_properties_init (void)
 	                    NULL,
 	                    NULL);
 	nmc_add_prop_funcs (GLUE (802_1X, CLIENT_CERT),
-	                    nmc_property_802_1X_get_client_cert,
+	                    nmc_property_802_1X_get_client_cert_full,
 	                    nmc_property_802_1X_set_client_cert,
 	                    NULL,
 	                    nmc_property_802_1X_describe_client_cert,
@@ -5792,7 +5825,7 @@ nmc_properties_init (void)
 	                    NULL,
 	                    NULL);
 	nmc_add_prop_funcs (GLUE (802_1X, PHASE2_CLIENT_CERT),
-	                    nmc_property_802_1X_get_phase2_client_cert,
+	                    nmc_property_802_1X_get_phase2_client_cert_full,
 	                    nmc_property_802_1X_set_phase2_client_cert,
 	                    NULL,
 	                    nmc_property_802_1X_describe_phase2_client_cert,
@@ -5827,7 +5860,7 @@ nmc_properties_init (void)
 	                    NULL,
 	                    NULL);
 	nmc_add_prop_funcs (GLUE (802_1X, PRIVATE_KEY),
-	                    nmc_property_802_1X_get_private_key,
+	                    nmc_property_802_1X_get_private_key_full,
 	                    nmc_property_802_1X_set_private_key,
 	                    NULL,
 	                    nmc_property_802_1X_describe_private_key,
@@ -8019,7 +8052,7 @@ setting_802_1X_details (NMSetting *setting, NmCli *nmc,  const char *one_prop, g
 	set_val_str (arr, 7, nmc_property_802_1X_get_subject_match (setting, NMC_PROPERTY_GET_PRETTY));
 	set_val_str (arr, 8, nmc_property_802_1X_get_altsubject_matches (setting, NMC_PROPERTY_GET_PRETTY));
 	set_val_str (arr, 9, nmc_property_802_1X_get_domain_suffix_match (setting, NMC_PROPERTY_GET_PRETTY));
-	set_val_str (arr, 10, nmc_property_802_1X_get_client_cert (setting, NMC_PROPERTY_GET_PRETTY));
+	set_val_str (arr, 10, nmc_property_802_1X_get_client_cert (setting, NMC_PROPERTY_GET_PRETTY, secrets));
 	set_val_str (arr, 11, nmc_property_802_1X_get_phase1_peapver (setting, NMC_PROPERTY_GET_PRETTY));
 	set_val_str (arr, 12, nmc_property_802_1X_get_phase1_peaplabel (setting, NMC_PROPERTY_GET_PRETTY));
 	set_val_str (arr, 13, nmc_property_802_1X_get_phase1_fast_provisioning (setting, NMC_PROPERTY_GET_PRETTY));
@@ -8030,12 +8063,12 @@ setting_802_1X_details (NMSetting *setting, NmCli *nmc,  const char *one_prop, g
 	set_val_str (arr, 18, nmc_property_802_1X_get_phase2_subject_match (setting, NMC_PROPERTY_GET_PRETTY));
 	set_val_str (arr, 19, nmc_property_802_1X_get_phase2_altsubject_matches (setting, NMC_PROPERTY_GET_PRETTY));
 	set_val_str (arr, 20, nmc_property_802_1X_get_phase2_domain_suffix_match (setting, NMC_PROPERTY_GET_PRETTY));
-	set_val_str (arr, 21, nmc_property_802_1X_get_phase2_client_cert (setting, NMC_PROPERTY_GET_PRETTY));
+	set_val_str (arr, 21, nmc_property_802_1X_get_phase2_client_cert (setting, NMC_PROPERTY_GET_PRETTY, secrets));
 	set_val_str (arr, 22, GET_SECRET (secrets, setting, nmc_property_802_1X_get_password));
 	set_val_str (arr, 23, nmc_property_802_1X_get_password_flags (setting, NMC_PROPERTY_GET_PRETTY));
 	set_val_str (arr, 24, GET_SECRET (secrets, setting, nmc_property_802_1X_get_password_raw));
 	set_val_str (arr, 25, nmc_property_802_1X_get_password_raw_flags (setting, NMC_PROPERTY_GET_PRETTY));
-	set_val_str (arr, 26, nmc_property_802_1X_get_private_key (setting, NMC_PROPERTY_GET_PRETTY));
+	set_val_str (arr, 26, nmc_property_802_1X_get_private_key (setting, NMC_PROPERTY_GET_PRETTY, secrets));
 	set_val_str (arr, 27, GET_SECRET (secrets, setting, nmc_property_802_1X_get_private_key_password));
 	set_val_str (arr, 28, nmc_property_802_1X_get_private_key_password_flags (setting, NMC_PROPERTY_GET_PRETTY));
 	set_val_str (arr, 29, nmc_property_802_1X_get_phase2_private_key (setting, NMC_PROPERTY_GET_PRETTY));
author	Beniamino Galvani <bgalvani@redhat.com>	2016-05-12 15:59:23 +0200
committer	Beniamino Galvani <bgalvani@redhat.com>	2016-05-13 11:49:58 +0200
commit	ca6f1e7f25daad1b635a1d7b00056bed10316c49 (patch)
tree	5a56ead9dd59a863229bb45a6edf1713d87c85e2
parent	8da3e658f7313f56928d22cfe13f9ab78cc1dd3c (diff)
download	NetworkManager-ca6f1e7f25daad1b635a1d7b00056bed10316c49.tar.gz