diff options
| author | Lubomir Rintel <lkundrak@v3.sk> | 2017-04-07 18:02:13 +0200 |
|---|---|---|
| committer | Lubomir Rintel <lkundrak@v3.sk> | 2017-04-10 10:33:23 +0200 |
| commit | df0dc912cc6d9252759fb6de22f7607324c7ae0e (patch) | |
| tree | eb5b0c44aebc89b931eb63ff4a7960c8a4cb6cf5 | |
| parent | 0812413c9d495488155feb0427f807e51400345a (diff) | |
| download | NetworkManager-df0dc912cc6d9252759fb6de22f7607324c7ae0e.tar.gz | |
8021x: don't request secrets if they are empty and system owned
Empty secrets are fine. In particular, for PKCS#11 it means that protected
authentication path is used (the secrets are obtained on-demand from the
pinpad).
| -rw-r--r-- | libnm-core/nm-setting-8021x.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c index ab0f5c66e2..b0fbca9df3 100644 --- a/libnm-core/nm-setting-8021x.c +++ b/libnm-core/nm-setting-8021x.c @@ -2778,7 +2778,7 @@ need_private_key_password (GBytes *blob, { NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN; - if (flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) + if (flags == NM_SETTING_SECRET_FLAG_NONE || flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) return FALSE; /* Private key password is required */ @@ -2822,13 +2822,15 @@ need_secrets_tls (NMSetting8021x *self, scheme = nm_setting_802_1x_get_phase2_ca_cert_scheme (self); if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PKCS11 - && !(priv->phase2_ca_cert_password_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) + && !( priv->phase2_ca_cert_password_flags == NM_SETTING_SECRET_FLAG_NONE + || priv->phase2_ca_cert_password_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) && !priv->phase2_ca_cert_password) g_ptr_array_add (secrets, NM_SETTING_802_1X_PHASE2_CA_CERT_PASSWORD); scheme = nm_setting_802_1x_get_phase2_client_cert_scheme (self); if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PKCS11 - && !(priv->phase2_client_cert_password_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) + && !( priv->phase2_client_cert_password_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED + || priv->phase2_client_cert_password_flags == NM_SETTING_SECRET_FLAG_NONE) && !priv->phase2_client_cert_password) g_ptr_array_add (secrets, NM_SETTING_802_1X_PHASE2_CLIENT_CERT_PASSWORD); } else { @@ -2847,13 +2849,15 @@ need_secrets_tls (NMSetting8021x *self, scheme = nm_setting_802_1x_get_ca_cert_scheme (self); if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PKCS11 - && !(priv->ca_cert_password_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) + && !( priv->ca_cert_password_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED + || priv->ca_cert_password_flags == NM_SETTING_SECRET_FLAG_NONE) && !priv->ca_cert_password) g_ptr_array_add (secrets, NM_SETTING_802_1X_CA_CERT_PASSWORD); scheme = nm_setting_802_1x_get_client_cert_scheme (self); if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PKCS11 - && !(priv->client_cert_password_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) + && !( priv->client_cert_password_flags == NM_SETTING_SECRET_FLAG_NONE + || priv->client_cert_password_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) && !priv->client_cert_password) g_ptr_array_add (secrets, NM_SETTING_802_1X_CLIENT_CERT_PASSWORD); } |