diff options
author | Jonas Dreßler <verdre@v0yd.nl> | 2021-04-23 16:33:20 +0200 |
---|---|---|
committer | Beniamino Galvani <bgalvani@redhat.com> | 2021-04-30 07:38:20 +0000 |
commit | aab56adeeace5b8b905519d43e600565a2b45fe0 (patch) | |
tree | d5546932f1b598ab254f9d15e559438c6eb9a387 | |
parent | 97a49430bb41d4ccbe4b8a5134748838d30b4a51 (diff) | |
download | NetworkManager-aab56adeeace5b8b905519d43e600565a2b45fe0.tar.gz |
libnm-core: Correctly check for "sae" or "none" when wifi mesh is used
A small bug sneaked into commit 3ef3733c8139 ('wireless-security: ensure
Mesh networks can't use anything but SAE') during review: Instead of
allowing only "sae" or "none" as key-mgmt, we now disallow "sae" and
"none", but allow anything else. This is obviously not what was
intended, so fix the check.
Also move the valid_key_mgmt check back up to where it was before that
commit, it seems we want to apply that check in all cases.
-rw-r--r-- | src/libnm-core-impl/nm-setting-wireless-security.c | 53 |
1 files changed, 26 insertions, 27 deletions
diff --git a/src/libnm-core-impl/nm-setting-wireless-security.c b/src/libnm-core-impl/nm-setting-wireless-security.c index e5e6b979f4..47a9ca3286 100644 --- a/src/libnm-core-impl/nm-setting-wireless-security.c +++ b/src/libnm-core-impl/nm-setting-wireless-security.c @@ -904,33 +904,32 @@ verify(NMSetting *setting, NMConnection *connection, GError **error) return FALSE; } - if (g_strcmp0(wifi_mode, NM_SETTING_WIRELESS_MODE_MESH) == 0) { - if ((strcmp(priv->key_mgmt, "none") == 0) || (strcmp(priv->key_mgmt, "sae") == 0)) { - g_set_error(error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("'%s' is not a valid value for '%s' mode connections"), - priv->key_mgmt, - NM_SETTING_WIRELESS_MODE_MESH); - g_prefix_error(error, - "%s.%s: ", - NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, - NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); - return FALSE; - } - } else { - if (!g_strv_contains(valid_key_mgmt, priv->key_mgmt)) { - g_set_error(error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("'%s' is not a valid value for the property"), - priv->key_mgmt); - g_prefix_error(error, - "%s.%s: ", - NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, - NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); - return FALSE; - } + if (!g_strv_contains(valid_key_mgmt, priv->key_mgmt)) { + g_set_error(error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("'%s' is not a valid value for the property"), + priv->key_mgmt); + g_prefix_error(error, + "%s.%s: ", + NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, + NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); + return FALSE; + } + + if (NM_IN_STRSET(wifi_mode, NM_SETTING_WIRELESS_MODE_MESH) + && !NM_IN_STRSET(priv->key_mgmt, "none", "sae")) { + g_set_error(error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("'%s' is not a valid value for '%s' mode connections"), + priv->key_mgmt, + NM_SETTING_WIRELESS_MODE_MESH); + g_prefix_error(error, + "%s.%s: ", + NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, + NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); + return FALSE; } if (priv->auth_alg && !strcmp(priv->auth_alg, "leap")) { |