summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Haller <thaller@redhat.com>2015-03-09 12:52:28 +0100
committerThomas Haller <thaller@redhat.com>2015-03-20 13:01:04 +0100
commitdbbedce21f0dbb2849ed48bd2cee3b98e1ad2135 (patch)
treee9de897b23447724b7771e03d6a570f30ba6a2e4
parent8e58fc742580836df67da84a4bfbf53453e989e5 (diff)
downloadNetworkManager-dbbedce21f0dbb2849ed48bd2cee3b98e1ad2135.tar.gz
libnm: don't check for valid passwords in NMSetting:verify()
We must never fail verification of a connection based on a password because the password is re-requested during activation. Otherwise, if the user enters an invalid password for a (previously) valid connection, the connection becomes invalid. NetworkManager does not expect or handle that requesting password can make a connection invalid. Invalid passwords should be treated as wrong passwords. Only a UI (such as nm-connection-editor or nmcli) should validate passwords against a certain scheme. Note that there is need_secrets() which on the contrary must check for valid passwords. Error scenario: Connect to a WEP Wi-Fi, via `nmcli device wifi connect SSID`. The generated connection has wep-key-type=0 (UNKNOWN) and wep-key-flags=0. When trying to connect, NM will ask for secrets and set the wep-key0 field. After that, verification can fail (e.g. if the password is longer then 64 chars).
Diffstat
-rw-r--r--libnm-core/nm-setting-adsl.c11
-rw-r--r--libnm-core/nm-setting-cdma.c11
-rw-r--r--libnm-core/nm-setting-gsm.c11
-rw-r--r--libnm-core/nm-setting-wireless-security.c52
-rw-r--r--libnm-util/nm-setting-adsl.c11
-rw-r--r--libnm-util/nm-setting-cdma.c11
-rw-r--r--libnm-util/nm-setting-gsm.c11
-rw-r--r--libnm-util/nm-setting-wireless-security.c52
8 files changed, 8 insertions, 162 deletions
diff --git a/libnm-core/nm-setting-adsl.c b/libnm-core/nm-setting-adsl.c
index 00bcef5431..2e71f8e790 100644
--- a/libnm-core/nm-setting-adsl.c
+++ b/libnm-core/nm-setting-adsl.c
@@ -199,15 +199,6 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
return FALSE;
}
- if (priv->password && !strlen (priv->password)) {
- g_set_error_literal (error,
- NM_CONNECTION_ERROR,
- NM_CONNECTION_ERROR_INVALID_PROPERTY,
- _("property is empty"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_ADSL_SETTING_NAME, NM_SETTING_ADSL_PASSWORD);
- return FALSE;
- }
-
if ( !priv->protocol
|| ( strcmp (priv->protocol, NM_SETTING_ADSL_PROTOCOL_PPPOA)
&& strcmp (priv->protocol, NM_SETTING_ADSL_PROTOCOL_PPPOE)
@@ -242,7 +233,7 @@ need_secrets (NMSetting *setting)
NMSettingAdslPrivate *priv = NM_SETTING_ADSL_GET_PRIVATE (setting);
GPtrArray *secrets = NULL;
- if (priv->password)
+ if (priv->password && *priv->password)
return NULL;
if (!(priv->password_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)) {
diff --git a/libnm-core/nm-setting-cdma.c b/libnm-core/nm-setting-cdma.c
index ebbbda740d..ecc387c8f5 100644
--- a/libnm-core/nm-setting-cdma.c
+++ b/libnm-core/nm-setting-cdma.c
@@ -160,15 +160,6 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
return FALSE;
}
- if (priv->password && !strlen (priv->password)) {
- g_set_error_literal (error,
- NM_CONNECTION_ERROR,
- NM_CONNECTION_ERROR_INVALID_PROPERTY,
- _("property is empty"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_CDMA_SETTING_NAME, NM_SETTING_CDMA_PASSWORD);
- return FALSE;
- }
-
return TRUE;
}
@@ -178,7 +169,7 @@ need_secrets (NMSetting *setting)
NMSettingCdmaPrivate *priv = NM_SETTING_CDMA_GET_PRIVATE (setting);
GPtrArray *secrets = NULL;
- if (priv->password)
+ if (priv->password && *priv->password)
return NULL;
if (priv->username) {
diff --git a/libnm-core/nm-setting-gsm.c b/libnm-core/nm-setting-gsm.c
index fb76d18f05..36557a256c 100644
--- a/libnm-core/nm-setting-gsm.c
+++ b/libnm-core/nm-setting-gsm.c
@@ -285,15 +285,6 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
return FALSE;
}
- if (priv->password && !strlen (priv->password)) {
- g_set_error_literal (error,
- NM_CONNECTION_ERROR,
- NM_CONNECTION_ERROR_INVALID_PROPERTY,
- _("property is empty"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_GSM_SETTING_NAME, NM_SETTING_GSM_PASSWORD);
- return FALSE;
- }
-
if (priv->network_id) {
guint32 nid_len = strlen (priv->network_id);
guint32 i;
@@ -331,7 +322,7 @@ need_secrets (NMSetting *setting)
NMSettingGsmPrivate *priv = NM_SETTING_GSM_GET_PRIVATE (setting);
GPtrArray *secrets = NULL;
- if (priv->password)
+ if (priv->password && *priv->password)
return NULL;
if (priv->username) {
diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c
index c95f92435f..a56a8e9757 100644
--- a/libnm-core/nm-setting-wireless-security.c
+++ b/libnm-core/nm-setting-wireless-security.c
@@ -822,7 +822,7 @@ need_secrets (NMSetting *setting)
if ( priv->auth_alg
&& !strcmp (priv->auth_alg, "leap")
&& !strcmp (priv->key_mgmt, "ieee8021x")) {
- if (!priv->leap_password || !strlen (priv->leap_password)) {
+ if (!priv->leap_password || !*priv->leap_password) {
g_ptr_array_add (secrets, NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD);
return secrets;
}
@@ -893,14 +893,6 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME);
return FALSE;
}
- if (priv->leap_password && !strlen (priv->leap_password)) {
- g_set_error_literal (error,
- NM_CONNECTION_ERROR,
- NM_CONNECTION_ERROR_MISSING_PROPERTY,
- _("property is empty"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD);
- return FALSE;
- }
} else {
if ( (strcmp (priv->key_mgmt, "ieee8021x") == 0)
|| (strcmp (priv->key_mgmt, "wpa-eap") == 0)) {
@@ -945,39 +937,6 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
return FALSE;
}
- if (priv->wep_key0 && !nm_utils_wep_key_valid (priv->wep_key0, priv->wep_key_type)) {
- g_set_error_literal (error,
- NM_CONNECTION_ERROR,
- NM_CONNECTION_ERROR_INVALID_PROPERTY,
- _("property is invalid"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY0);
- return FALSE;
- }
- if (priv->wep_key1 && !nm_utils_wep_key_valid (priv->wep_key1, priv->wep_key_type)) {
- g_set_error_literal (error,
- NM_CONNECTION_ERROR,
- NM_CONNECTION_ERROR_INVALID_PROPERTY,
- _("property is invalid"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY1);
- return FALSE;
- }
- if (priv->wep_key2 && !nm_utils_wep_key_valid (priv->wep_key2, priv->wep_key_type)) {
- g_set_error_literal (error,
- NM_CONNECTION_ERROR,
- NM_CONNECTION_ERROR_INVALID_PROPERTY,
- _("property is invalid"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY2);
- return FALSE;
- }
- if (priv->wep_key3 && !nm_utils_wep_key_valid (priv->wep_key3, priv->wep_key_type)) {
- g_set_error_literal (error,
- NM_CONNECTION_ERROR,
- NM_CONNECTION_ERROR_INVALID_PROPERTY,
- _("property is invalid"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY3);
- return FALSE;
- }
-
if (priv->auth_alg && !_nm_utils_string_in_list (priv->auth_alg, valid_auth_algs)) {
g_set_error_literal (error,
NM_CONNECTION_ERROR,
@@ -987,15 +946,6 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
return FALSE;
}
- if (priv->psk && !nm_utils_wpa_psk_valid (priv->psk)) {
- g_set_error_literal (error,
- NM_CONNECTION_ERROR,
- NM_CONNECTION_ERROR_INVALID_PROPERTY,
- _("property is invalid"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_PSK);
- return FALSE;
- }
-
if (priv->proto && !_nm_utils_string_slist_validate (priv->proto, valid_protos)) {
g_set_error_literal (error,
NM_CONNECTION_ERROR,
diff --git a/libnm-util/nm-setting-adsl.c b/libnm-util/nm-setting-adsl.c
index 601ebc2b2a..5355011cd1 100644
--- a/libnm-util/nm-setting-adsl.c
+++ b/libnm-util/nm-setting-adsl.c
@@ -219,15 +219,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE;
}
- if (priv->password && !strlen (priv->password)) {
- g_set_error_literal (error,
- NM_SETTING_ADSL_ERROR,
- NM_SETTING_ADSL_ERROR_INVALID_PROPERTY,
- _("property is empty"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_ADSL_SETTING_NAME, NM_SETTING_ADSL_PASSWORD);
- return FALSE;
- }
-
if ( !priv->protocol
|| ( strcmp (priv->protocol, NM_SETTING_ADSL_PROTOCOL_PPPOA)
&& strcmp (priv->protocol, NM_SETTING_ADSL_PROTOCOL_PPPOE)
@@ -262,7 +253,7 @@ need_secrets (NMSetting *setting)
NMSettingAdslPrivate *priv = NM_SETTING_ADSL_GET_PRIVATE (setting);
GPtrArray *secrets = NULL;
- if (priv->password)
+ if (priv->password && *priv->password)
return NULL;
if (!(priv->password_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)) {
diff --git a/libnm-util/nm-setting-cdma.c b/libnm-util/nm-setting-cdma.c
index 44a893c7bb..53f886ece3 100644
--- a/libnm-util/nm-setting-cdma.c
+++ b/libnm-util/nm-setting-cdma.c
@@ -181,15 +181,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE;
}
- if (priv->password && !strlen (priv->password)) {
- g_set_error_literal (error,
- NM_SETTING_CDMA_ERROR,
- NM_SETTING_CDMA_ERROR_INVALID_PROPERTY,
- _("property is empty"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_CDMA_SETTING_NAME, NM_SETTING_CDMA_PASSWORD);
- return FALSE;
- }
-
return TRUE;
}
@@ -199,7 +190,7 @@ need_secrets (NMSetting *setting)
NMSettingCdmaPrivate *priv = NM_SETTING_CDMA_GET_PRIVATE (setting);
GPtrArray *secrets = NULL;
- if (priv->password)
+ if (priv->password && *priv->password)
return NULL;
if (priv->username) {
diff --git a/libnm-util/nm-setting-gsm.c b/libnm-util/nm-setting-gsm.c
index 95c7a103df..e422c92e61 100644
--- a/libnm-util/nm-setting-gsm.c
+++ b/libnm-util/nm-setting-gsm.c
@@ -342,15 +342,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE;
}
- if (priv->password && !strlen (priv->password)) {
- g_set_error_literal (error,
- NM_SETTING_GSM_ERROR,
- NM_SETTING_GSM_ERROR_INVALID_PROPERTY,
- _("property is empty"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_GSM_SETTING_NAME, NM_SETTING_GSM_PASSWORD);
- return FALSE;
- }
-
if (priv->network_id) {
guint32 nid_len = strlen (priv->network_id);
guint32 i;
@@ -388,7 +379,7 @@ need_secrets (NMSetting *setting)
NMSettingGsmPrivate *priv = NM_SETTING_GSM_GET_PRIVATE (setting);
GPtrArray *secrets = NULL;
- if (priv->password)
+ if (priv->password && *priv->password)
return NULL;
if (priv->username) {
diff --git a/libnm-util/nm-setting-wireless-security.c b/libnm-util/nm-setting-wireless-security.c
index 5e3456cebc..574ff3bd52 100644
--- a/libnm-util/nm-setting-wireless-security.c
+++ b/libnm-util/nm-setting-wireless-security.c
@@ -852,7 +852,7 @@ need_secrets (NMSetting *setting)
if ( priv->auth_alg
&& !strcmp (priv->auth_alg, "leap")
&& !strcmp (priv->key_mgmt, "ieee8021x")) {
- if (!priv->leap_password || !strlen (priv->leap_password)) {
+ if (!priv->leap_password || !*priv->leap_password) {
g_ptr_array_add (secrets, NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD);
return secrets;
}
@@ -923,14 +923,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME);
return FALSE;
}
- if (priv->leap_password && !strlen (priv->leap_password)) {
- g_set_error_literal (error,
- NM_SETTING_WIRELESS_SECURITY_ERROR,
- NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY,
- _("property is empty"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD);
- return FALSE;
- }
} else {
if ( (strcmp (priv->key_mgmt, "ieee8021x") == 0)
|| (strcmp (priv->key_mgmt, "wpa-eap") == 0)) {
@@ -975,39 +967,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE;
}
- if (priv->wep_key0 && !nm_utils_wep_key_valid (priv->wep_key0, priv->wep_key_type)) {
- g_set_error_literal (error,
- NM_SETTING_WIRELESS_SECURITY_ERROR,
- NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY,
- _("property is invalid"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY0);
- return FALSE;
- }
- if (priv->wep_key1 && !nm_utils_wep_key_valid (priv->wep_key1, priv->wep_key_type)) {
- g_set_error_literal (error,
- NM_SETTING_WIRELESS_SECURITY_ERROR,
- NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY,
- _("property is invalid"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY1);
- return FALSE;
- }
- if (priv->wep_key2 && !nm_utils_wep_key_valid (priv->wep_key2, priv->wep_key_type)) {
- g_set_error_literal (error,
- NM_SETTING_WIRELESS_SECURITY_ERROR,
- NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY,
- _("property is invalid"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY2);
- return FALSE;
- }
- if (priv->wep_key3 && !nm_utils_wep_key_valid (priv->wep_key3, priv->wep_key_type)) {
- g_set_error_literal (error,
- NM_SETTING_WIRELESS_SECURITY_ERROR,
- NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY,
- _("property is invalid"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY3);
- return FALSE;
- }
-
if (priv->auth_alg && !_nm_utils_string_in_list (priv->auth_alg, valid_auth_algs)) {
g_set_error_literal (error,
NM_SETTING_WIRELESS_SECURITY_ERROR,
@@ -1017,15 +976,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE;
}
- if (priv->psk && !nm_utils_wpa_psk_valid (priv->psk)) {
- g_set_error_literal (error,
- NM_SETTING_WIRELESS_SECURITY_ERROR,
- NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY,
- _("property is invalid"));
- g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_PSK);
- return FALSE;
- }
-
if (priv->proto && !_nm_utils_string_slist_validate (priv->proto, valid_protos)) {
g_set_error_literal (error,
NM_SETTING_WIRELESS_SECURITY_ERROR,
View Lorry Controller Status