From 21849d73ee292018cb06245c0c9d357e72589e21 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Thu, 26 Feb 2015 10:12:11 +0100 Subject: [PATCH] libnm: add function nm_setting_802_1x_check_cert_scheme() When setting the certificate glib properties directly, we raise a g_warning() when the binary data is invalid. But since the caller has no access to the validation function, he cannot easily check whether his action will result in a warning. Add nm_setting_802_1x_check_cert_scheme() for that. While backporting, hide public API from 1.2. (cherry picked from commit 15926e9eb359d84a4bc039e4a5e3c20604a3d4f7) --- libnm-core/nm-setting-8021x.c | 30 +++++++++++++++++++++++++----- libnm-core/nm-setting-private.h | 2 ++ 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c index 3306228316..2c201b3933 100644 --- a/libnm-core/nm-setting-8021x.c +++ b/libnm-core/nm-setting-8021x.c @@ -416,7 +416,30 @@ get_cert_scheme (GBytes *bytes, GError **error) } data = g_bytes_get_data (bytes, &length); - if (!length) { + return nm_setting_802_1x_check_cert_scheme (data, length, error); +} + +/** + * nm_setting_802_1x_check_cert_scheme: + * @pdata: (allow-none): the data pointer + * @length: the length of the data + * @error: (allow-none): (out): validation reason + * + * Determines and verifies the blob type. + * When setting certificate properties of NMSetting8021x + * the blob must be not UNKNOWN (or NULL). + * + * Returns: the scheme of the blob or %NM_SETTING_802_1X_CK_SCHEME_UNKNOWN. + * For NULL it also returns NM_SETTING_802_1X_CK_SCHEME_UNKNOWN. + **/ +NMSetting8021xCKScheme +nm_setting_802_1x_check_cert_scheme (gconstpointer pdata, gsize length, GError **error) +{ + const char *data = pdata; + + g_return_val_if_fail (!length || data, NM_SETTING_802_1X_CK_SCHEME_UNKNOWN); + + if (!length || !data) { g_set_error_literal (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY, @@ -484,11 +507,8 @@ load_and_verify_certificate (const char *cert_path, * file://. * If that's the case, coerce the format to UNKNOWN. The callers will take care * of that and not set the blob. */ - GBytes *bytes = g_bytes_new_static (array->data, array->len); - - if (get_cert_scheme (bytes, NULL) != NM_SETTING_802_1X_CK_SCHEME_BLOB) + if (nm_setting_802_1x_check_cert_scheme (array->data, array->len, NULL) != NM_SETTING_802_1X_CK_SCHEME_BLOB) format = NM_CRYPTO_FILE_FORMAT_UNKNOWN; - g_bytes_unref (bytes); } if (out_file_format) diff --git a/libnm-core/nm-setting-private.h b/libnm-core/nm-setting-private.h index 2d34d509a5..955608fae5 100644 --- a/libnm-core/nm-setting-private.h +++ b/libnm-core/nm-setting-private.h @@ -155,4 +155,6 @@ gboolean _nm_setting_use_legacy_property (NMSetting *setting, GPtrArray *_nm_setting_need_secrets (NMSetting *setting); +NMSetting8021xCKScheme nm_setting_802_1x_check_cert_scheme (gconstpointer pdata, gsize length, GError **error); + #endif /* NM_SETTING_PRIVATE_H */