ifcfg-rh: really fix writing the WPA PSK and add testcase for it

2026-02-06 23:20:34 +01:00 · 2009-09-28 15:29:29 -07:00 · 2009-09-28 15:29:29 -07:00 · 28e2e44686
commit 28e2e44686
parent a5de3b9d88
2 changed files with 49 additions and 16 deletions
--- a/system-settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
+++ b/system-settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
@ -4215,7 +4215,8 @@ test_write_wifi_wpa_psk (const char *name,
                         const char *test_name,
                         gboolean wep_group,
                         gboolean wpa,
-                         gboolean wpa2)
+                         gboolean wpa2,
+                         const char *psk)
 {
 	NMConnection *connection;
 	NMConnection *reread;
@ -4233,6 +4234,8 @@ test_write_wifi_wpa_psk (const char *name,
 	GByteArray *ssid;
 	const unsigned char ssid_data[] = "blahblah";

+	g_return_if_fail (psk != NULL);
+
 	connection = nm_connection_new ();
 	ASSERT (connection != NULL,
 	        test_name, "failed to allocate new connection");
@ -4280,7 +4283,7 @@ test_write_wifi_wpa_psk (const char *name,

 	g_object_set (s_wsec,
 	              NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk",
-	              NM_SETTING_WIRELESS_SECURITY_PSK, "7d308b11df1b4243b0f78e5f3fc68cdbb9a264ed0edf4c188edf329ff5b467f0",
+	              NM_SETTING_WIRELESS_SECURITY_PSK, psk,
 	              NULL);

 	if (wep_group) {
@ -5620,6 +5623,9 @@ test_write_mobile_broadband (gboolean gsm)
 #define TEST_IFCFG_WIFI_OPEN_SSID_LONG_QUOTED TEST_IFCFG_DIR"/network-scripts/ifcfg-test-wifi-open-ssid-long-quoted"
 #define TEST_IFCFG_WIFI_OPEN_SSID_LONG_HEX TEST_IFCFG_DIR"/network-scripts/ifcfg-test-wifi-open-ssid-long-hex"

+
+#define DEFAULT_HEX_PSK "7d308b11df1b4243b0f78e5f3fc68cdbb9a264ed0edf4c188edf329ff5b467f0"
+
 int main (int argc, char **argv)
 {
 	GError *error = NULL;
@ -5664,10 +5670,36 @@ int main (int argc, char **argv)
 	test_write_wifi_open_hex_ssid ();
 	test_write_wifi_wep ();
 	test_write_wifi_wep_adhoc ();
-	test_write_wifi_wpa_psk ("Test Write Wifi WPA PSK", "wifi-wpa-psk-write", FALSE, TRUE, FALSE);
-	test_write_wifi_wpa_psk ("Test Write Wifi WPA2 PSK", "wifi-wpa2-psk-write", FALSE, FALSE, TRUE);
-	test_write_wifi_wpa_psk ("Test Write Wifi WPA WPA2 PSK", "wifi-wpa-wpa2-psk-write", FALSE, TRUE, TRUE);
-	test_write_wifi_wpa_psk ("Test Write Wifi WEP WPA WPA2 PSK", "wifi-wep-wpa-wpa2-psk-write", TRUE, TRUE, TRUE);
+	test_write_wifi_wpa_psk ("Test Write Wifi WPA PSK",
+	                         "wifi-wpa-psk-write",
+	                         FALSE,
+	                         TRUE,
+	                         FALSE,
+	                         DEFAULT_HEX_PSK);
+	test_write_wifi_wpa_psk ("Test Write Wifi WPA2 PSK",
+	                         "wifi-wpa2-psk-write",
+	                         FALSE,
+	                         FALSE,
+	                         TRUE,
+	                         DEFAULT_HEX_PSK);
+	test_write_wifi_wpa_psk ("Test Write Wifi WPA WPA2 PSK",
+	                         "wifi-wpa-wpa2-psk-write",
+	                         FALSE,
+	                         TRUE,
+	                         TRUE,
+	                         DEFAULT_HEX_PSK);
+	test_write_wifi_wpa_psk ("Test Write Wifi WEP WPA WPA2 PSK",
+	                         "wifi-wep-wpa-wpa2-psk-write",
+	                         TRUE,
+	                         TRUE,
+	                         TRUE,
+	                         DEFAULT_HEX_PSK);
+	test_write_wifi_wpa_psk ("Test Write Wifi WPA WPA2 PSK Passphrase",
+	                         "wifi-wpa-wpa2-psk-passphrase-write",
+	                         FALSE,
+	                         TRUE,
+	                         TRUE,
+	                         "really insecure passphrase04!");
 	test_write_wifi_wpa_psk_adhoc ();
 	test_write_wifi_wpa_eap_tls ();
 	test_write_wifi_wpa_eap_ttls_tls ();
--- a/system-settings/plugins/ifcfg-rh/writer.c
+++ b/system-settings/plugins/ifcfg-rh/writer.c
@ -48,7 +48,7 @@
 	{ g_warning ("   " pname ": " fmt, ##args); }

 static void
-set_secret (shvarFile *ifcfg, const char *key, const char *value)
+set_secret (shvarFile *ifcfg, const char *key, const char *value, gboolean verbatim)
 {
 	shvarFile *keyfile;
 	
@ -62,7 +62,7 @@ set_secret (shvarFile *ifcfg, const char *key, const char *value)
 	/* Clear the secret from the actual ifcfg */
 	svSetValue (ifcfg, key, NULL, FALSE);

-	svSetValue (keyfile, key, value, FALSE);
+	svSetValue (keyfile, key, value, verbatim);
 	if (svWriteFile (keyfile, 0600)) {
 		PLUGIN_WARN (IFCFG_PLUGIN_NAME, "    warning: could not update key file '%s'",
 		             keyfile->fileName);
@ -397,9 +397,9 @@ write_8021x_certs (NMSetting8021x *s_8021x,

 	/* Private key password */
 	if (phase2)
-		set_secret (ifcfg, "IEEE_8021X_INNER_PRIVATE_KEY_PASSWORD", password);
+		set_secret (ifcfg, "IEEE_8021X_INNER_PRIVATE_KEY_PASSWORD", password, FALSE);
 	else
-		set_secret (ifcfg, "IEEE_8021X_PRIVATE_KEY_PASSWORD", password);
+		set_secret (ifcfg, "IEEE_8021X_PRIVATE_KEY_PASSWORD", password, FALSE);

 	/* Client certificate */
 	if (is_pkcs12) {
@ -475,7 +475,7 @@ write_8021x_setting (NMConnection *connection,
 	            nm_setting_802_1x_get_anonymous_identity (s_8021x),
 	            FALSE);

-	set_secret (ifcfg, "IEEE_8021X_PASSWORD", nm_setting_802_1x_get_password (s_8021x));
+	set_secret (ifcfg, "IEEE_8021X_PASSWORD", nm_setting_802_1x_get_password (s_8021x), FALSE);

 	/* PEAP version */
 	value = nm_setting_802_1x_get_phase1_peapver (s_8021x);
@ -579,7 +579,8 @@ write_wireless_security_setting (NMConnection *connection,
 			            nm_setting_wireless_security_get_leap_username (s_wsec),
 			            FALSE);
 			set_secret (ifcfg, "IEEE_8021X_PASSWORD",
-			            nm_setting_wireless_security_get_leap_password (s_wsec));
+			            nm_setting_wireless_security_get_leap_password (s_wsec),
+			            FALSE);
 			*no_8021x = TRUE;
 		}
 	}
@ -592,11 +593,11 @@ write_wireless_security_setting (NMConnection *connection,
 	}

 	/* WEP keys */
-	set_secret (ifcfg, "KEY", NULL); /* Clear any default key */
+	set_secret (ifcfg, "KEY", NULL, FALSE); /* Clear any default key */
 	for (i = 0; i < 4; i++) {
 		key = nm_setting_wireless_security_get_wep_key (s_wsec, i);
 		tmp = g_strdup_printf ("KEY%d", i + 1);
-		set_secret (ifcfg, tmp, (wep && key) ? key : NULL);
+		set_secret (ifcfg, tmp, (wep && key) ? key : NULL, FALSE);
 		g_free (tmp);
 	}

@ -656,11 +657,11 @@ write_wireless_security_setting (NMConnection *connection,
 			g_string_append (quoted, psk);
 			g_string_append_c (quoted, '"');
 		}
-		set_secret (ifcfg, "WPA_PSK", quoted ? quoted->str : psk);
+		set_secret (ifcfg, "WPA_PSK", quoted ? quoted->str : psk, TRUE);
 		if (quoted)
 			g_string_free (quoted, TRUE);
 	} else
-		set_secret (ifcfg, "WPA_PSK", NULL);
+		set_secret (ifcfg, "WPA_PSK", NULL, FALSE);

 	return TRUE;
 }