From 3bc16323fab78911d7ffd983eb5de65eb609838f Mon Sep 17 00:00:00 2001 From: Andrew Zaborowski Date: Tue, 25 May 2021 20:00:41 +0200 Subject: [PATCH] libnm: Fix error message conditions in verity_ttls In two similar ``if () {} else if () {} else if () {} else {}`` sequences the latter two {} blocks were unreachable. In the identity/anonymous-identity case, anonymous-identity is optional, wpa_supplicant will fall back to identity, so only check that (a likely privacy issue because no NM or wpa_s documentation explains that the "secure" identity is also sent in plaintext if anonymous_identity is missing.) In the phase2_auth/phase2_autheap case change the message to make it clear that exactly one of the properties is expected to be present. Drop the empty string checks because those cases is validated later in verify() anyway. --- src/libnm-core-impl/nm-setting-8021x.c | 84 ++++++-------------------- 1 file changed, 17 insertions(+), 67 deletions(-) diff --git a/src/libnm-core-impl/nm-setting-8021x.c b/src/libnm-core-impl/nm-setting-8021x.c index 72f89f372c..8524a80533 100644 --- a/src/libnm-core-impl/nm-setting-8021x.c +++ b/src/libnm-core-impl/nm-setting-8021x.c @@ -2746,87 +2746,37 @@ verify_ttls(NMSetting8021x *self, gboolean phase2, GError **error) { NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE(self); - if ((!priv->identity || !strlen(priv->identity)) - && (!priv->anonymous_identity || !strlen(priv->anonymous_identity))) { + if (!priv->identity || !strlen(priv->identity)) { if (!priv->identity) { g_set_error_literal(error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_MISSING_PROPERTY, _("property is missing")); - g_prefix_error(error, - "%s.%s: ", - NM_SETTING_802_1X_SETTING_NAME, - NM_SETTING_802_1X_IDENTITY); - } else if (!strlen(priv->identity)) { - g_set_error_literal(error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("property is empty")); - g_prefix_error(error, - "%s.%s: ", - NM_SETTING_802_1X_SETTING_NAME, - NM_SETTING_802_1X_IDENTITY); - } else if (!priv->anonymous_identity) { - g_set_error_literal(error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_MISSING_PROPERTY, - _("property is missing")); - g_prefix_error(error, - "%s.%s: ", - NM_SETTING_802_1X_SETTING_NAME, - NM_SETTING_802_1X_ANONYMOUS_IDENTITY); } else { g_set_error_literal(error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY, _("property is empty")); - g_prefix_error(error, - "%s.%s: ", - NM_SETTING_802_1X_SETTING_NAME, - NM_SETTING_802_1X_ANONYMOUS_IDENTITY); } + g_prefix_error(error, + "%s.%s: ", + NM_SETTING_802_1X_SETTING_NAME, + NM_SETTING_802_1X_IDENTITY); return FALSE; } - if ((!priv->phase2_auth || !strlen(priv->phase2_auth)) - && (!priv->phase2_autheap || !strlen(priv->phase2_autheap))) { - if (!priv->phase2_auth) { - g_set_error_literal(error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_MISSING_PROPERTY, - _("property is missing")); - g_prefix_error(error, - "%s.%s: ", - NM_SETTING_802_1X_SETTING_NAME, - NM_SETTING_802_1X_PHASE2_AUTH); - } else if (!strlen(priv->phase2_auth)) { - g_set_error_literal(error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("property is empty")); - g_prefix_error(error, - "%s.%s: ", - NM_SETTING_802_1X_SETTING_NAME, - NM_SETTING_802_1X_PHASE2_AUTH); - } else if (!priv->phase2_autheap) { - g_set_error_literal(error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_MISSING_PROPERTY, - _("property is missing")); - g_prefix_error(error, - "%s.%s: ", - NM_SETTING_802_1X_SETTING_NAME, - NM_SETTING_802_1X_PHASE2_AUTHEAP); - } else { - g_set_error_literal(error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("property is empty")); - g_prefix_error(error, - "%s.%s: ", - NM_SETTING_802_1X_SETTING_NAME, - NM_SETTING_802_1X_PHASE2_AUTHEAP); - } + if ((!priv->phase2_auth && !priv->phase2_autheap) + || (priv->phase2_auth && priv->phase2_autheap)) { + g_set_error_literal(error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_MISSING_PROPERTY, + _("exactly one property must be set")); + g_prefix_error(error, + "%s.%s, %s.%s: ", + NM_SETTING_802_1X_SETTING_NAME, + NM_SETTING_802_1X_PHASE2_AUTH, + NM_SETTING_802_1X_SETTING_NAME, + NM_SETTING_802_1X_PHASE2_AUTHEAP); return FALSE; }