mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2026-05-05 00:38:07 +02:00
ifcfg-rh: handle unquoted passphrases better
Before Sept. 2009 the writer may not have properly quoted passphrases, so handle that.
This commit is contained in:
Dan Williams
parent
cbe313b447
commit
1e1be1cd57
7 changed files with 205 additions and 13 deletions
|
|
@ -1360,6 +1360,7 @@ parse_wpa_psk (shvarFile *ifcfg,
|
|||
{
|
||||
shvarFile *keys_ifcfg;
|
||||
char *psk = NULL, *p, *hashed = NULL;
|
||||
gboolean quoted = FALSE;
|
||||
|
||||
/* Passphrase must be between 10 and 66 characters in length becuase WPA
|
||||
* hex keys are exactly 64 characters (no quoting), and WPA passphrases
|
||||
|
|
@ -1385,21 +1386,11 @@ parse_wpa_psk (shvarFile *ifcfg,
|
|||
}
|
||||
|
||||
p = psk;
|
||||
if (p[0] == '"' && psk[strlen (psk) - 1] == '"') {
|
||||
/* Get rid of the quotes */
|
||||
p++;
|
||||
p[strlen (p) - 1] = '\0';
|
||||
|
||||
/* Length check */
|
||||
if (strlen (p) < 8 || strlen (p) > 63) {
|
||||
g_set_error (error, ifcfg_plugin_error_quark (), 0,
|
||||
"Invalid WPA_PSK (passphrases must be between "
|
||||
"8 and 63 characters long (inclusive))");
|
||||
goto out;
|
||||
}
|
||||
if (p[0] == '"' && psk[strlen (psk) - 1] == '"')
|
||||
quoted = TRUE;
|
||||
|
||||
hashed = g_strdup (p);
|
||||
} else if (strlen (psk) == 64) {
|
||||
if (!quoted && (strlen (psk) == 64)) {
|
||||
/* Verify the hex PSK; 64 digits */
|
||||
while (*p) {
|
||||
if (!isxdigit (*p++)) {
|
||||
|
|
@ -1410,6 +1401,30 @@ parse_wpa_psk (shvarFile *ifcfg,
|
|||
}
|
||||
hashed = g_strdup (psk);
|
||||
} else {
|
||||
/* Prior to 4f6eef9e77265484555663cf666cde4fa8323469 and
|
||||
* 28e2e446868b94b92edc4a82aa0bf1e3eda8ec54 the writer may not have
|
||||
* properly quoted passphrases, so just handle anything that's unquoted
|
||||
* and between 8 and 63 characters as a passphrase.
|
||||
*/
|
||||
|
||||
if (quoted) {
|
||||
/* Get rid of the quotes */
|
||||
p++;
|
||||
p[strlen (p) - 1] = '\0';
|
||||
}
|
||||
|
||||
/* Length check */
|
||||
if (strlen (p) < 8 || strlen (p) > 63) {
|
||||
g_set_error (error, ifcfg_plugin_error_quark (), 0,
|
||||
"Invalid WPA_PSK (passphrases must be between "
|
||||
"8 and 63 characters long (inclusive))");
|
||||
goto out;
|
||||
}
|
||||
|
||||
hashed = g_strdup (p);
|
||||
}
|
||||
|
||||
if (!hashed) {
|
||||
g_set_error (error, ifcfg_plugin_error_quark (), 0,
|
||||
"Invalid WPA_PSK (doesn't look like a passphrase or hex key)");
|
||||
goto out;
|
||||
|
|
|
|||
|
|
@ -31,6 +31,10 @@ EXTRA_DIST = \
|
|||
keys-test-wifi-leap \
|
||||
ifcfg-test-wifi-wpa-psk \
|
||||
keys-test-wifi-wpa-psk \
|
||||
ifcfg-test-wifi-wpa-psk-unquoted \
|
||||
keys-test-wifi-wpa-psk-unquoted \
|
||||
ifcfg-test-wifi-wpa-psk-unquoted2 \
|
||||
keys-test-wifi-wpa-psk-unquoted2 \
|
||||
ifcfg-test-wifi-wpa-psk-adhoc \
|
||||
keys-test-wifi-wpa-psk-adhoc \
|
||||
ifcfg-test-wifi-wpa-psk-hex \
|
||||
|
|
|
|||
|
|
@ -0,0 +1,19 @@
|
|||
TYPE=Wireless
|
||||
DEVICE=eth2
|
||||
HWADDR=00:16:41:11:22:33
|
||||
NM_CONTROLLED=yes
|
||||
BOOTPROTO=dhcp
|
||||
ESSID=blahblah
|
||||
CHANNEL=1
|
||||
MODE=Managed
|
||||
RATE=auto
|
||||
ONBOOT=yes
|
||||
USERCTL=yes
|
||||
PEERDNS=yes
|
||||
IPV6INIT=no
|
||||
CIPHER_PAIRWISE="TKIP CCMP"
|
||||
CIPHER_GROUP="TKIP CCMP WEP40 WEP104"
|
||||
KEY_MGMT=WPA-PSK
|
||||
WPA_ALLOW_WPA=yes
|
||||
WPA_ALLOW_WPA2=yes
|
||||
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
TYPE=Wireless
|
||||
DEVICE=eth2
|
||||
HWADDR=00:16:41:11:22:33
|
||||
NM_CONTROLLED=yes
|
||||
BOOTPROTO=dhcp
|
||||
ESSID=blahblah
|
||||
CHANNEL=1
|
||||
MODE=Managed
|
||||
RATE=auto
|
||||
ONBOOT=yes
|
||||
USERCTL=yes
|
||||
PEERDNS=yes
|
||||
IPV6INIT=no
|
||||
CIPHER_PAIRWISE="TKIP CCMP"
|
||||
CIPHER_GROUP="TKIP CCMP WEP40 WEP104"
|
||||
KEY_MGMT=WPA-PSK
|
||||
WPA_ALLOW_WPA=yes
|
||||
WPA_ALLOW_WPA2=yes
|
||||
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
WPA_PSK=54336845e2f3f321c4c7
|
||||
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
WPA_PSK="a5d4d45e78e1455d8e6124e81ea137f9a5d4d45e78e1455d8e6124e81ea137f9"
|
||||
|
||||
|
|
@ -3206,6 +3206,135 @@ test_read_wifi_wpa_psk (void)
|
|||
g_object_unref (connection);
|
||||
}
|
||||
|
||||
#define TEST_IFCFG_WIFI_WPA_PSK_UNQUOTED TEST_IFCFG_DIR"/network-scripts/ifcfg-test-wifi-wpa-psk-unquoted"
|
||||
|
||||
static void
|
||||
test_read_wifi_wpa_psk_unquoted (void)
|
||||
{
|
||||
NMConnection *connection;
|
||||
NMSettingConnection *s_con;
|
||||
NMSettingWireless *s_wireless;
|
||||
NMSettingWirelessSecurity *s_wsec;
|
||||
char *unmanaged = NULL;
|
||||
char *keyfile = NULL;
|
||||
char *routefile = NULL;
|
||||
gboolean ignore_error = FALSE;
|
||||
GError *error = NULL;
|
||||
const char *tmp;
|
||||
const char *expected_id = "System blahblah (test-wifi-wpa-psk-unquoted)";
|
||||
const char *expected_psk = "54336845e2f3f321c4c7";
|
||||
|
||||
connection = connection_from_file (TEST_IFCFG_WIFI_WPA_PSK_UNQUOTED,
|
||||
NULL,
|
||||
TYPE_WIRELESS,
|
||||
NULL,
|
||||
&unmanaged,
|
||||
&keyfile,
|
||||
&routefile,
|
||||
&error,
|
||||
&ignore_error);
|
||||
ASSERT (connection != NULL,
|
||||
"wifi-wpa-psk-unquoted-read", "failed to read %s: %s", TEST_IFCFG_WIFI_WPA_PSK_UNQUOTED, error->message);
|
||||
|
||||
ASSERT (nm_connection_verify (connection, &error),
|
||||
"wifi-wpa-psk-unquoted-verify", "failed to verify %s: %s", TEST_IFCFG_WIFI_WPA_PSK_UNQUOTED, error->message);
|
||||
|
||||
/* ===== CONNECTION SETTING ===== */
|
||||
|
||||
s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION));
|
||||
ASSERT (s_con != NULL,
|
||||
"wifi-wpa-psk-unquoted-verify-connection", "failed to verify %s: missing %s setting",
|
||||
TEST_IFCFG_WIFI_WPA_PSK_UNQUOTED,
|
||||
NM_SETTING_CONNECTION_SETTING_NAME);
|
||||
|
||||
/* ID */
|
||||
tmp = nm_setting_connection_get_id (s_con);
|
||||
ASSERT (tmp != NULL,
|
||||
"wifi-wpa-psk-unquoted-verify-connection", "failed to verify %s: missing %s / %s key",
|
||||
TEST_IFCFG_WIFI_WPA_PSK_UNQUOTED,
|
||||
NM_SETTING_CONNECTION_SETTING_NAME,
|
||||
NM_SETTING_CONNECTION_ID);
|
||||
ASSERT (strcmp (tmp, expected_id) == 0,
|
||||
"wifi-wpa-psk-unquoted-verify-connection", "failed to verify %s: unexpected %s / %s key value",
|
||||
TEST_IFCFG_WIFI_WPA_PSK_UNQUOTED,
|
||||
NM_SETTING_CONNECTION_SETTING_NAME,
|
||||
NM_SETTING_CONNECTION_ID);
|
||||
|
||||
/* ===== WIRELESS SETTING ===== */
|
||||
|
||||
s_wireless = NM_SETTING_WIRELESS (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS));
|
||||
ASSERT (s_wireless != NULL,
|
||||
"wifi-wpa-psk-unquoted-verify-wireless", "failed to verify %s: missing %s setting",
|
||||
TEST_IFCFG_WIFI_WPA_PSK_UNQUOTED,
|
||||
NM_SETTING_WIRELESS_SETTING_NAME);
|
||||
|
||||
/* Security */
|
||||
tmp = nm_setting_wireless_get_security (s_wireless);
|
||||
ASSERT (tmp != NULL,
|
||||
"wifi-wpa-psk-unquoted-verify-wireless", "failed to verify %s: missing %s / %s key",
|
||||
TEST_IFCFG_WIFI_WPA_PSK_UNQUOTED,
|
||||
NM_SETTING_WIRELESS_SETTING_NAME,
|
||||
NM_SETTING_WIRELESS_SEC);
|
||||
ASSERT (strcmp (tmp, NM_SETTING_WIRELESS_SECURITY_SETTING_NAME) == 0,
|
||||
"wifi-wpa-psk-unquoted-verify-wireless", "failed to verify %s: unexpected %s / %s key value",
|
||||
TEST_IFCFG_WIFI_WPA_PSK_UNQUOTED,
|
||||
NM_SETTING_WIRELESS_SETTING_NAME,
|
||||
NM_SETTING_WIRELESS_SEC);
|
||||
|
||||
/* ===== WIRELESS SECURITY SETTING ===== */
|
||||
|
||||
s_wsec = NM_SETTING_WIRELESS_SECURITY (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS_SECURITY));
|
||||
ASSERT (s_wsec != NULL,
|
||||
"wifi-wpa-psk-unquoted-verify-wireless", "failed to verify %s: missing %s setting",
|
||||
TEST_IFCFG_WIFI_WPA_PSK_UNQUOTED,
|
||||
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME);
|
||||
|
||||
/* PSK */
|
||||
tmp = nm_setting_wireless_security_get_psk (s_wsec);
|
||||
ASSERT (tmp != NULL,
|
||||
"wifi-wpa-psk-unquoted-verify-wireless", "failed to verify %s: missing %s / %s key",
|
||||
TEST_IFCFG_WIFI_WPA_PSK_UNQUOTED,
|
||||
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
|
||||
NM_SETTING_WIRELESS_SECURITY_PSK);
|
||||
ASSERT (strcmp (tmp, expected_psk) == 0,
|
||||
"wifi-wpa-psk-unquoted-verify-wireless", "failed to verify %s: unexpected %s / %s key value",
|
||||
TEST_IFCFG_WIFI_WPA_PSK_UNQUOTED,
|
||||
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
|
||||
NM_SETTING_WIRELESS_SECURITY_PSK);
|
||||
|
||||
g_object_unref (connection);
|
||||
}
|
||||
|
||||
#define TEST_IFCFG_WIFI_WPA_PSK_UNQUOTED2 TEST_IFCFG_DIR"/network-scripts/ifcfg-test-wifi-wpa-psk-unquoted2"
|
||||
|
||||
static void
|
||||
test_read_wifi_wpa_psk_unquoted2 (void)
|
||||
{
|
||||
NMConnection *connection;
|
||||
char *unmanaged = NULL;
|
||||
char *keyfile = NULL;
|
||||
char *routefile = NULL;
|
||||
gboolean ignore_error = FALSE;
|
||||
GError *error = NULL;
|
||||
|
||||
/* Ensure a quoted 64-character WPA passphrase will fail since passphrases
|
||||
* must be between 8 and 63 ASCII characters inclusive per the WPA spec.
|
||||
*/
|
||||
|
||||
connection = connection_from_file (TEST_IFCFG_WIFI_WPA_PSK_UNQUOTED2,
|
||||
NULL,
|
||||
TYPE_WIRELESS,
|
||||
NULL,
|
||||
&unmanaged,
|
||||
&keyfile,
|
||||
&routefile,
|
||||
&error,
|
||||
&ignore_error);
|
||||
ASSERT (connection == NULL,
|
||||
"wifi-wpa-psk-unquoted-read", "unexpected success reading %s", TEST_IFCFG_WIFI_WPA_PSK_UNQUOTED2);
|
||||
g_clear_error (&error);
|
||||
}
|
||||
|
||||
#define TEST_IFCFG_WIFI_WPA_PSK_ADHOC TEST_IFCFG_DIR"/network-scripts/ifcfg-test-wifi-wpa-psk-adhoc"
|
||||
|
||||
static void
|
||||
|
|
@ -6809,6 +6938,8 @@ int main (int argc, char **argv)
|
|||
test_read_wifi_wep_adhoc ();
|
||||
test_read_wifi_leap ();
|
||||
test_read_wifi_wpa_psk ();
|
||||
test_read_wifi_wpa_psk_unquoted ();
|
||||
test_read_wifi_wpa_psk_unquoted2 ();
|
||||
test_read_wifi_wpa_psk_adhoc ();
|
||||
test_read_wifi_wpa_psk_hex ();
|
||||
test_read_wifi_wpa_eap_tls ();
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue