diff options
| author | Thomas Haller <thaller@redhat.com> | 2015-03-09 12:52:28 +0100 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2015-03-20 13:01:04 +0100 |
| commit | dbbedce21f0dbb2849ed48bd2cee3b98e1ad2135 (patch) | |
| tree | e9de897b23447724b7771e03d6a570f30ba6a2e4 /libnm-util | |
| parent | 8e58fc742580836df67da84a4bfbf53453e989e5 (diff) | |
| download | NetworkManager-dbbedce21f0dbb2849ed48bd2cee3b98e1ad2135.tar.gz | |
libnm: don't check for valid passwords in NMSetting:verify()
We must never fail verification of a connection based on a password
because the password is re-requested during activation.
Otherwise, if the user enters an invalid password for a (previously)
valid connection, the connection becomes invalid. NetworkManager does
not expect or handle that requesting password can make a connection
invalid.
Invalid passwords should be treated as wrong passwords. Only a UI
(such as nm-connection-editor or nmcli) should validate passwords
against a certain scheme.
Note that there is need_secrets() which on the contrary must check for
valid passwords.
Error scenario:
Connect to a WEP Wi-Fi, via `nmcli device wifi connect SSID`. The
generated connection has wep-key-type=0 (UNKNOWN) and wep-key-flags=0.
When trying to connect, NM will ask for secrets and set the wep-key0
field. After that, verification can fail (e.g. if the password is longer
then 64 chars).
Diffstat (limited to 'libnm-util')
| -rw-r--r-- | libnm-util/nm-setting-adsl.c | 11 | ||||
| -rw-r--r-- | libnm-util/nm-setting-cdma.c | 11 | ||||
| -rw-r--r-- | libnm-util/nm-setting-gsm.c | 11 | ||||
| -rw-r--r-- | libnm-util/nm-setting-wireless-security.c | 52 |
4 files changed, 4 insertions, 81 deletions
diff --git a/libnm-util/nm-setting-adsl.c b/libnm-util/nm-setting-adsl.c index 601ebc2b2a..5355011cd1 100644 --- a/libnm-util/nm-setting-adsl.c +++ b/libnm-util/nm-setting-adsl.c @@ -219,15 +219,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) return FALSE; } - if (priv->password && !strlen (priv->password)) { - g_set_error_literal (error, - NM_SETTING_ADSL_ERROR, - NM_SETTING_ADSL_ERROR_INVALID_PROPERTY, - _("property is empty")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_ADSL_SETTING_NAME, NM_SETTING_ADSL_PASSWORD); - return FALSE; - } - if ( !priv->protocol || ( strcmp (priv->protocol, NM_SETTING_ADSL_PROTOCOL_PPPOA) && strcmp (priv->protocol, NM_SETTING_ADSL_PROTOCOL_PPPOE) @@ -262,7 +253,7 @@ need_secrets (NMSetting *setting) NMSettingAdslPrivate *priv = NM_SETTING_ADSL_GET_PRIVATE (setting); GPtrArray *secrets = NULL; - if (priv->password) + if (priv->password && *priv->password) return NULL; if (!(priv->password_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)) { diff --git a/libnm-util/nm-setting-cdma.c b/libnm-util/nm-setting-cdma.c index 44a893c7bb..53f886ece3 100644 --- a/libnm-util/nm-setting-cdma.c +++ b/libnm-util/nm-setting-cdma.c @@ -181,15 +181,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) return FALSE; } - if (priv->password && !strlen (priv->password)) { - g_set_error_literal (error, - NM_SETTING_CDMA_ERROR, - NM_SETTING_CDMA_ERROR_INVALID_PROPERTY, - _("property is empty")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_CDMA_SETTING_NAME, NM_SETTING_CDMA_PASSWORD); - return FALSE; - } - return TRUE; } @@ -199,7 +190,7 @@ need_secrets (NMSetting *setting) NMSettingCdmaPrivate *priv = NM_SETTING_CDMA_GET_PRIVATE (setting); GPtrArray *secrets = NULL; - if (priv->password) + if (priv->password && *priv->password) return NULL; if (priv->username) { diff --git a/libnm-util/nm-setting-gsm.c b/libnm-util/nm-setting-gsm.c index 95c7a103df..e422c92e61 100644 --- a/libnm-util/nm-setting-gsm.c +++ b/libnm-util/nm-setting-gsm.c @@ -342,15 +342,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) return FALSE; } - if (priv->password && !strlen (priv->password)) { - g_set_error_literal (error, - NM_SETTING_GSM_ERROR, - NM_SETTING_GSM_ERROR_INVALID_PROPERTY, - _("property is empty")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_GSM_SETTING_NAME, NM_SETTING_GSM_PASSWORD); - return FALSE; - } - if (priv->network_id) { guint32 nid_len = strlen (priv->network_id); guint32 i; @@ -388,7 +379,7 @@ need_secrets (NMSetting *setting) NMSettingGsmPrivate *priv = NM_SETTING_GSM_GET_PRIVATE (setting); GPtrArray *secrets = NULL; - if (priv->password) + if (priv->password && *priv->password) return NULL; if (priv->username) { diff --git a/libnm-util/nm-setting-wireless-security.c b/libnm-util/nm-setting-wireless-security.c index 5e3456cebc..574ff3bd52 100644 --- a/libnm-util/nm-setting-wireless-security.c +++ b/libnm-util/nm-setting-wireless-security.c @@ -852,7 +852,7 @@ need_secrets (NMSetting *setting) if ( priv->auth_alg && !strcmp (priv->auth_alg, "leap") && !strcmp (priv->key_mgmt, "ieee8021x")) { - if (!priv->leap_password || !strlen (priv->leap_password)) { + if (!priv->leap_password || !*priv->leap_password) { g_ptr_array_add (secrets, NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD); return secrets; } @@ -923,14 +923,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME); return FALSE; } - if (priv->leap_password && !strlen (priv->leap_password)) { - g_set_error_literal (error, - NM_SETTING_WIRELESS_SECURITY_ERROR, - NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - _("property is empty")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD); - return FALSE; - } } else { if ( (strcmp (priv->key_mgmt, "ieee8021x") == 0) || (strcmp (priv->key_mgmt, "wpa-eap") == 0)) { @@ -975,39 +967,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) return FALSE; } - if (priv->wep_key0 && !nm_utils_wep_key_valid (priv->wep_key0, priv->wep_key_type)) { - g_set_error_literal (error, - NM_SETTING_WIRELESS_SECURITY_ERROR, - NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - _("property is invalid")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY0); - return FALSE; - } - if (priv->wep_key1 && !nm_utils_wep_key_valid (priv->wep_key1, priv->wep_key_type)) { - g_set_error_literal (error, - NM_SETTING_WIRELESS_SECURITY_ERROR, - NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - _("property is invalid")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY1); - return FALSE; - } - if (priv->wep_key2 && !nm_utils_wep_key_valid (priv->wep_key2, priv->wep_key_type)) { - g_set_error_literal (error, - NM_SETTING_WIRELESS_SECURITY_ERROR, - NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - _("property is invalid")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY2); - return FALSE; - } - if (priv->wep_key3 && !nm_utils_wep_key_valid (priv->wep_key3, priv->wep_key_type)) { - g_set_error_literal (error, - NM_SETTING_WIRELESS_SECURITY_ERROR, - NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - _("property is invalid")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY3); - return FALSE; - } - if (priv->auth_alg && !_nm_utils_string_in_list (priv->auth_alg, valid_auth_algs)) { g_set_error_literal (error, NM_SETTING_WIRELESS_SECURITY_ERROR, @@ -1017,15 +976,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) return FALSE; } - if (priv->psk && !nm_utils_wpa_psk_valid (priv->psk)) { - g_set_error_literal (error, - NM_SETTING_WIRELESS_SECURITY_ERROR, - NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - _("property is invalid")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_PSK); - return FALSE; - } - if (priv->proto && !_nm_utils_string_slist_validate (priv->proto, valid_protos)) { g_set_error_literal (error, NM_SETTING_WIRELESS_SECURITY_ERROR, |