diff options
author | Beniamino Galvani <bgalvani@redhat.com> | 2017-06-27 10:11:36 +0200 |
---|---|---|
committer | Beniamino Galvani <bgalvani@redhat.com> | 2017-06-27 10:11:44 +0200 |
commit | 699492c1a5509083aa87e770cc1df7de1a52f1ed (patch) | |
tree | 01404620821a573c163e7d452b1456f077847d81 | |
parent | 65a0208ba0a6ef6faa6120dc537f9b5de6fecfad (diff) | |
download | NetworkManager-699492c1a5509083aa87e770cc1df7de1a52f1ed.tar.gz |
libnm-core: 8021x: fix check on private key password
Commit df0dc912cc6d ("8021x: don't request secrets if they are empty
and system owned") changed need_private_key_password() to return FALSE
when flags are NONE. This broke authentication using an encrypted
private key because after this the key password is never added to the
applied connection.
Don't require a password with NONE flags only for the PKCS11 scheme.
Fixes: df0dc912cc6d9252759fb6de22f7607324c7ae0e
-rw-r--r-- | libnm-core/nm-setting-8021x.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c index 0050a7420b..31a72fe17f 100644 --- a/libnm-core/nm-setting-8021x.c +++ b/libnm-core/nm-setting-8021x.c @@ -2772,13 +2772,18 @@ need_secrets_sim (NMSetting8021x *self, static gboolean need_private_key_password (GBytes *blob, + NMSetting8021xCKScheme scheme, const char *path, const char *password, NMSettingSecretFlags flags) { NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN; - if (flags == NM_SETTING_SECRET_FLAG_NONE || flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) + if (flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) + return FALSE; + + if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PKCS11 + && flags == NM_SETTING_SECRET_FLAG_NONE) return FALSE; /* Private key password is required */ @@ -2815,7 +2820,7 @@ need_secrets_tls (NMSetting8021x *self, else if (scheme != NM_SETTING_802_1X_CK_SCHEME_PKCS11) g_warning ("%s: unknown phase2 private key scheme %d", __func__, scheme); - if (need_private_key_password (blob, path, + if (need_private_key_password (blob, scheme, path, priv->phase2_private_key_password, priv->phase2_private_key_password_flags)) g_ptr_array_add (secrets, NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD); @@ -2842,7 +2847,7 @@ need_secrets_tls (NMSetting8021x *self, else if (scheme != NM_SETTING_802_1X_CK_SCHEME_PKCS11) g_warning ("%s: unknown private key scheme %d", __func__, scheme); - if (need_private_key_password (blob, path, + if (need_private_key_password (blob, scheme, path, priv->private_key_password, priv->private_key_password_flags)) g_ptr_array_add (secrets, NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD); |