summaryrefslogtreecommitdiff
path: root/libnm-core
diff options
context:
space:
mode:
Diffstat (limited to 'libnm-core')
-rw-r--r--libnm-core/nm-keyfile.c5
-rw-r--r--libnm-core/nm-setting-wireguard.c36
-rw-r--r--libnm-core/nm-setting-wireguard.h5
-rw-r--r--libnm-core/tests/test-setting.c6
4 files changed, 35 insertions, 17 deletions
diff --git a/libnm-core/nm-keyfile.c b/libnm-core/nm-keyfile.c
index d756a17733..b82b6bf020 100644
--- a/libnm-core/nm-keyfile.c
+++ b/libnm-core/nm-keyfile.c
@@ -2935,13 +2935,12 @@ _read_setting_wireguard_peer (KeyfileReaderInfo *info)
key = NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY;
str = nm_keyfile_plugin_kf_get_string (info->keyfile, info->group, key, NULL);
if (str) {
- if (!_nm_utils_wireguard_decode_key (str, NM_WIREGUARD_SYMMETRIC_KEY_LEN, NULL)) {
+ if (!nm_wireguard_peer_set_preshared_key (peer, str, FALSE)) {
if (!handle_warn (info, key, NM_KEYFILE_WARN_SEVERITY_WARN,
_("key '%s.%s' is not not a valid 256 bit key in base64 encoding"),
info->group, key))
return;
- } else
- nm_wireguard_peer_set_preshared_key (peer, str);
+ }
nm_clear_g_free (&str);
}
diff --git a/libnm-core/nm-setting-wireguard.c b/libnm-core/nm-setting-wireguard.c
index ad01d4eaff..c1881240a0 100644
--- a/libnm-core/nm-setting-wireguard.c
+++ b/libnm-core/nm-setting-wireguard.c
@@ -346,6 +346,9 @@ nm_wireguard_peer_get_preshared_key (const NMWireGuardPeer *self)
* @self: the unsealed #NMWireGuardPeer instance
* @preshared_key: (allow-none) (transfer none): the new preshared
* key or %NULL to clear the preshared key.
+ * @accept_invalid: whether to allow setting the key to an invalid
+ * value. If %FALSE, @self is unchanged if the key is invalid
+ * and if %FALSE is returned.
*
* Reset the preshared key. Note that if the preshared key is valid, it
* will be normalized (which may or may not modify the set value).
@@ -358,28 +361,41 @@ nm_wireguard_peer_get_preshared_key (const NMWireGuardPeer *self)
*
* It is a bug trying to modify a sealed #NMWireGuardPeer instance.
*
+ * Returns: %TRUE if the preshared-key is valid, otherwise %FALSE.
+ * %NULL is considered a valid value.
+ * If the key is invalid, it depends on @accept_invalid whether the
+ * previous value was reset.
+ *
* Since: 1.16
*/
-void
+gboolean
nm_wireguard_peer_set_preshared_key (NMWireGuardPeer *self,
- const char *preshared_key)
+ const char *preshared_key,
+ gboolean accept_invalid)
{
char *preshared_key_normalized = NULL;
+ gboolean is_valid;
- g_return_if_fail (NM_IS_WIREGUARD_PEER (self, FALSE));
+ g_return_val_if_fail (NM_IS_WIREGUARD_PEER (self, FALSE), FALSE);
if (!preshared_key) {
nm_clear_pointer (&self->preshared_key, nm_free_secret);
- return;
+ return TRUE;
}
- self->preshared_key_valid = _nm_utils_wireguard_normalize_key (preshared_key,
- NM_WIREGUARD_SYMMETRIC_KEY_LEN,
- &preshared_key_normalized);
- nm_assert (self->preshared_key_valid == (preshared_key_normalized != NULL));
+ is_valid = _nm_utils_wireguard_normalize_key (preshared_key,
+ NM_WIREGUARD_SYMMETRIC_KEY_LEN,
+ &preshared_key_normalized);
+ nm_assert (is_valid == (preshared_key_normalized != NULL));
+
+ if ( !is_valid
+ && !accept_invalid)
+ return FALSE;
+ self->preshared_key_valid = is_valid;
nm_free_secret (self->preshared_key);
self->preshared_key = preshared_key_normalized ?: g_strdup (preshared_key);
+ return is_valid;
}
/**
@@ -1543,7 +1559,7 @@ _peers_dbus_only_set (NMSetting *setting,
}
if (g_variant_lookup (peer_var, NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY, "&s", &cstr))
- nm_wireguard_peer_set_preshared_key (peer, cstr);
+ nm_wireguard_peer_set_preshared_key (peer, cstr, TRUE);
if (g_variant_lookup (peer_var, NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY_FLAGS, "u", &u32))
nm_wireguard_peer_set_preshared_key_flags (peer, u32);
@@ -1873,7 +1889,7 @@ update_one_secret (NMSetting *setting,
continue;
peer = nm_wireguard_peer_new_clone (pd->peer, FALSE);
- nm_wireguard_peer_set_preshared_key (peer, cstr);
+ nm_wireguard_peer_set_preshared_key (peer, cstr, TRUE);
if (!_peers_set (priv, peer, pd->idx, FALSE))
nm_assert_not_reached ();
diff --git a/libnm-core/nm-setting-wireguard.h b/libnm-core/nm-setting-wireguard.h
index 17fb4664c3..6f6fc0f0b4 100644
--- a/libnm-core/nm-setting-wireguard.h
+++ b/libnm-core/nm-setting-wireguard.h
@@ -67,8 +67,9 @@ void nm_wireguard_peer_set_public_key (NMWireGuardPeer *self,
NM_AVAILABLE_IN_1_16
const char *nm_wireguard_peer_get_preshared_key (const NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
-void nm_wireguard_peer_set_preshared_key (NMWireGuardPeer *self,
- const char *preshared_key);
+gboolean nm_wireguard_peer_set_preshared_key (NMWireGuardPeer *self,
+ const char *preshared_key,
+ gboolean accept_invalid);
NM_AVAILABLE_IN_1_16
NMSettingSecretFlags nm_wireguard_peer_get_preshared_key_flags (const NMWireGuardPeer *self);
diff --git a/libnm-core/tests/test-setting.c b/libnm-core/tests/test-setting.c
index e59bc4668c..6d089f1ab8 100644
--- a/libnm-core/tests/test-setting.c
+++ b/libnm-core/tests/test-setting.c
@@ -2067,7 +2067,8 @@ _rndt_wg_peers_create (void)
peer = nm_wireguard_peer_new ();
nm_wireguard_peer_set_public_key (peer, public_key);
- nm_wireguard_peer_set_preshared_key (peer, nmtst_rand_select (NULL, preshared_key));
+ if (!nm_wireguard_peer_set_preshared_key (peer, nmtst_rand_select (NULL, preshared_key), TRUE))
+ g_assert_not_reached ();
nm_wireguard_peer_set_preshared_key_flags (peer, nmtst_rand_select (NM_SETTING_SECRET_FLAG_NONE,
NM_SETTING_SECRET_FLAG_NOT_SAVED,
@@ -2245,7 +2246,8 @@ _rndt_wg_peers_fix_secrets (NMSettingWireGuard *s_wg,
g_assert (NM_IN_SET (nm_wireguard_peer_get_preshared_key_flags (a), NM_SETTING_SECRET_FLAG_AGENT_OWNED,
NM_SETTING_SECRET_FLAG_NOT_SAVED));
b_clone = nm_wireguard_peer_new_clone (b, TRUE);
- nm_wireguard_peer_set_preshared_key (b_clone, nm_wireguard_peer_get_preshared_key (a));
+ if (!nm_wireguard_peer_set_preshared_key (b_clone, nm_wireguard_peer_get_preshared_key (a), TRUE))
+ g_assert_not_reached ();
nm_setting_wireguard_set_peer (s_wg, b_clone, i);
b = nm_setting_wireguard_get_peer (s_wg, i);
g_assert (b == b_clone);
View Lorry Controller Status