From 49fd140493680ef4bef4b51a1682def35d67ef56 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Sat, 29 Dec 2018 21:23:09 +0100
Subject: libnm-core: add _nm_setting_secret_flags_valid() helper

Secret-flags are flags, but most combinations don't actually make sense
and maybe should be rejected. Anyway, that is not done, and most places
just check that there are no unknown flags set.

Add _nm_setting_secret_flags_valid() to perform the check at one place
instead of having the implementation at various places.
---
 libnm-core/nm-core-internal.h | 18 ++++++++++++++----
 libnm-core/nm-setting-vpn.c   |  3 ++-
 libnm-core/nm-setting.c       |  2 +-
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/libnm-core/nm-core-internal.h b/libnm-core/nm-core-internal.h
index f7abfb6c43..1e7ec9bcbc 100644
--- a/libnm-core/nm-core-internal.h
+++ b/libnm-core/nm-core-internal.h
@@ -121,11 +121,21 @@
  */
 #define NM_SETTING_COMPARE_FLAG_NONE ((NMSettingCompareFlags) 0)
 
+/*****************************************************************************/
+
 #define NM_SETTING_SECRET_FLAGS_ALL \
-	(NM_SETTING_SECRET_FLAG_NONE | \
-	 NM_SETTING_SECRET_FLAG_AGENT_OWNED | \
-	 NM_SETTING_SECRET_FLAG_NOT_SAVED | \
-	 NM_SETTING_SECRET_FLAG_NOT_REQUIRED)
+	((NMSettingSecretFlags) (  NM_SETTING_SECRET_FLAG_NONE \
+	                         | NM_SETTING_SECRET_FLAG_AGENT_OWNED \
+	                         | NM_SETTING_SECRET_FLAG_NOT_SAVED \
+	                         | NM_SETTING_SECRET_FLAG_NOT_REQUIRED))
+
+static inline gboolean
+_nm_setting_secret_flags_valid (NMSettingSecretFlags flags)
+{
+	return !NM_FLAGS_ANY (flags, ~NM_SETTING_SECRET_FLAGS_ALL);
+}
+
+/*****************************************************************************/
 
 typedef enum { /*< skip >*/
 	NM_SETTING_PARSE_FLAGS_NONE                     = 0,
diff --git a/libnm-core/nm-setting-vpn.c b/libnm-core/nm-setting-vpn.c
index 5d488e7f07..d485b2a802 100644
--- a/libnm-core/nm-setting-vpn.c
+++ b/libnm-core/nm-setting-vpn.c
@@ -730,7 +730,8 @@ get_secret_flags (NMSetting *setting,
 	}
 
 	i64 = _nm_utils_ascii_str_to_int64 (flags_val, 10, 0, NM_SETTING_SECRET_FLAGS_ALL, -1);
-	if (i64 == -1) {
+	if (   i64 == -1
+	    || !_nm_setting_secret_flags_valid (i64)) {
 		/* The flags keys is set to an unexpected value. That is a configuration
 		 * error. Note that keys named "*-flags" are reserved for secrets. The user
 		 * must not use this for anything but secret flags. Hence, we cannot fail
diff --git a/libnm-core/nm-setting.c b/libnm-core/nm-setting.c
index be3ade3af4..282d1123b4 100644
--- a/libnm-core/nm-setting.c
+++ b/libnm-core/nm-setting.c
@@ -2157,7 +2157,7 @@ nm_setting_set_secret_flags (NMSetting *setting,
 {
 	g_return_val_if_fail (NM_IS_SETTING (setting), FALSE);
 	g_return_val_if_fail (secret_name != NULL, FALSE);
-	g_return_val_if_fail (flags <= NM_SETTING_SECRET_FLAGS_ALL, FALSE);
+	g_return_val_if_fail (_nm_setting_secret_flags_valid (flags), FALSE);
 
 	return NM_SETTING_GET_CLASS (setting)->set_secret_flags (setting, secret_name, flags, error);
 }
-- 
cgit v1.2.1