mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2026-03-23 00:20:43 +01:00
merge: branch 'anonymous-identity-fix' into 'main'
Two fixes related to EAP anonymous identity https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/869
This commit is contained in:
Beniamino Galvani
commit
4eeafaf654
2 changed files with 40 additions and 73 deletions
|
|
@ -1342,6 +1342,27 @@ eap_optional_password_to_iwd_config(GKeyFile * file,
|
|||
}
|
||||
}
|
||||
|
||||
static void
|
||||
eap_phase1_identity_to_iwd_config(GKeyFile *file, const char *iwd_prefix, NMSetting8021x *s_8021x)
|
||||
{
|
||||
const char *phase1_identity = nm_setting_802_1x_get_anonymous_identity(s_8021x);
|
||||
|
||||
if (!phase1_identity) {
|
||||
phase1_identity = nm_setting_802_1x_get_identity(s_8021x);
|
||||
|
||||
if (phase1_identity) {
|
||||
nm_log_info(LOGD_WIFI,
|
||||
"IWD network config will send the same EAP Identity string in "
|
||||
"plaintext in phase 1 as in phase 2 (encrypted) to mimic legacy "
|
||||
"behavior, set [%s].%s=anonymous to prevent exposing the value",
|
||||
NM_SETTING_802_1X_SETTING_NAME,
|
||||
NM_SETTING_802_1X_ANONYMOUS_IDENTITY);
|
||||
}
|
||||
}
|
||||
|
||||
eap_optional_identity_to_iwd_config(file, iwd_prefix, phase1_identity);
|
||||
}
|
||||
|
||||
static gboolean
|
||||
eap_method_config_to_iwd_config(GKeyFile * file,
|
||||
NMSetting8021x *s_8021x,
|
||||
|
|
@ -1367,9 +1388,7 @@ eap_method_config_to_iwd_config(GKeyFile * file,
|
|||
const char *noneap_method = nm_setting_802_1x_get_phase2_auth(s_8021x);
|
||||
|
||||
eap_method_name_to_iwd_config(file, iwd_prefix, "TTLS");
|
||||
eap_optional_identity_to_iwd_config(file,
|
||||
iwd_prefix,
|
||||
nm_setting_802_1x_get_anonymous_identity(s_8021x));
|
||||
eap_phase1_identity_to_iwd_config(file, iwd_prefix, s_8021x);
|
||||
|
||||
if (!eap_certs_to_iwd_config(file,
|
||||
s_8021x,
|
||||
|
|
@ -1423,9 +1442,7 @@ eap_method_config_to_iwd_config(GKeyFile * file,
|
|||
return FALSE;
|
||||
} else if (nm_streq0(method, "peap") && !phase2) {
|
||||
eap_method_name_to_iwd_config(file, iwd_prefix, "PEAP");
|
||||
eap_optional_identity_to_iwd_config(file,
|
||||
iwd_prefix,
|
||||
nm_setting_802_1x_get_anonymous_identity(s_8021x));
|
||||
eap_phase1_identity_to_iwd_config(file, iwd_prefix, s_8021x);
|
||||
|
||||
if (!eap_certs_to_iwd_config(file,
|
||||
s_8021x,
|
||||
|
|
|
|||
|
|
@ -2746,87 +2746,37 @@ verify_ttls(NMSetting8021x *self, gboolean phase2, GError **error)
|
|||
{
|
||||
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE(self);
|
||||
|
||||
if ((!priv->identity || !strlen(priv->identity))
|
||||
&& (!priv->anonymous_identity || !strlen(priv->anonymous_identity))) {
|
||||
if (!priv->identity || !strlen(priv->identity)) {
|
||||
if (!priv->identity) {
|
||||
g_set_error_literal(error,
|
||||
NM_CONNECTION_ERROR,
|
||||
NM_CONNECTION_ERROR_MISSING_PROPERTY,
|
||||
_("property is missing"));
|
||||
g_prefix_error(error,
|
||||
"%s.%s: ",
|
||||
NM_SETTING_802_1X_SETTING_NAME,
|
||||
NM_SETTING_802_1X_IDENTITY);
|
||||
} else if (!strlen(priv->identity)) {
|
||||
g_set_error_literal(error,
|
||||
NM_CONNECTION_ERROR,
|
||||
NM_CONNECTION_ERROR_INVALID_PROPERTY,
|
||||
_("property is empty"));
|
||||
g_prefix_error(error,
|
||||
"%s.%s: ",
|
||||
NM_SETTING_802_1X_SETTING_NAME,
|
||||
NM_SETTING_802_1X_IDENTITY);
|
||||
} else if (!priv->anonymous_identity) {
|
||||
g_set_error_literal(error,
|
||||
NM_CONNECTION_ERROR,
|
||||
NM_CONNECTION_ERROR_MISSING_PROPERTY,
|
||||
_("property is missing"));
|
||||
g_prefix_error(error,
|
||||
"%s.%s: ",
|
||||
NM_SETTING_802_1X_SETTING_NAME,
|
||||
NM_SETTING_802_1X_ANONYMOUS_IDENTITY);
|
||||
} else {
|
||||
g_set_error_literal(error,
|
||||
NM_CONNECTION_ERROR,
|
||||
NM_CONNECTION_ERROR_INVALID_PROPERTY,
|
||||
_("property is empty"));
|
||||
g_prefix_error(error,
|
||||
"%s.%s: ",
|
||||
NM_SETTING_802_1X_SETTING_NAME,
|
||||
NM_SETTING_802_1X_ANONYMOUS_IDENTITY);
|
||||
}
|
||||
g_prefix_error(error,
|
||||
"%s.%s: ",
|
||||
NM_SETTING_802_1X_SETTING_NAME,
|
||||
NM_SETTING_802_1X_IDENTITY);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if ((!priv->phase2_auth || !strlen(priv->phase2_auth))
|
||||
&& (!priv->phase2_autheap || !strlen(priv->phase2_autheap))) {
|
||||
if (!priv->phase2_auth) {
|
||||
g_set_error_literal(error,
|
||||
NM_CONNECTION_ERROR,
|
||||
NM_CONNECTION_ERROR_MISSING_PROPERTY,
|
||||
_("property is missing"));
|
||||
g_prefix_error(error,
|
||||
"%s.%s: ",
|
||||
NM_SETTING_802_1X_SETTING_NAME,
|
||||
NM_SETTING_802_1X_PHASE2_AUTH);
|
||||
} else if (!strlen(priv->phase2_auth)) {
|
||||
g_set_error_literal(error,
|
||||
NM_CONNECTION_ERROR,
|
||||
NM_CONNECTION_ERROR_INVALID_PROPERTY,
|
||||
_("property is empty"));
|
||||
g_prefix_error(error,
|
||||
"%s.%s: ",
|
||||
NM_SETTING_802_1X_SETTING_NAME,
|
||||
NM_SETTING_802_1X_PHASE2_AUTH);
|
||||
} else if (!priv->phase2_autheap) {
|
||||
g_set_error_literal(error,
|
||||
NM_CONNECTION_ERROR,
|
||||
NM_CONNECTION_ERROR_MISSING_PROPERTY,
|
||||
_("property is missing"));
|
||||
g_prefix_error(error,
|
||||
"%s.%s: ",
|
||||
NM_SETTING_802_1X_SETTING_NAME,
|
||||
NM_SETTING_802_1X_PHASE2_AUTHEAP);
|
||||
} else {
|
||||
g_set_error_literal(error,
|
||||
NM_CONNECTION_ERROR,
|
||||
NM_CONNECTION_ERROR_INVALID_PROPERTY,
|
||||
_("property is empty"));
|
||||
g_prefix_error(error,
|
||||
"%s.%s: ",
|
||||
NM_SETTING_802_1X_SETTING_NAME,
|
||||
NM_SETTING_802_1X_PHASE2_AUTHEAP);
|
||||
}
|
||||
if ((!priv->phase2_auth && !priv->phase2_autheap)
|
||||
|| (priv->phase2_auth && priv->phase2_autheap)) {
|
||||
g_set_error_literal(error,
|
||||
NM_CONNECTION_ERROR,
|
||||
NM_CONNECTION_ERROR_MISSING_PROPERTY,
|
||||
_("exactly one property must be set"));
|
||||
g_prefix_error(error,
|
||||
"%s.%s, %s.%s: ",
|
||||
NM_SETTING_802_1X_SETTING_NAME,
|
||||
NM_SETTING_802_1X_PHASE2_AUTH,
|
||||
NM_SETTING_802_1X_SETTING_NAME,
|
||||
NM_SETTING_802_1X_PHASE2_AUTHEAP);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue