fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-06 03:50:17 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

libnm/802-1x: don't verify certificates in GObject property setter

Browse source 
First of all, g_warning() is not a suitable error handling. In
particular, note how this code is reached when obtaining a setting
from D-Bus, that is, the user is not at fault.

The proper way to handle this, is allowing the setter to set the invalid
value. Only later, during verify() we will fail. This way,
NetworkManager can extend the format and older libnm clients don't
break. This is how forward-compatibility (with older libnm vs. newer
daemon) is supposed to work.
This commit is contained in:
Thomas Haller 2018-08-31 21:04:17 +02:00
parent 53ca365407
commit 5ab6875d4e
1 changed files with 6 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
libnm-core/nm-setting-8021x.c
View file

@ -3259,24 +3259,6 @@ need_secrets (NMSetting *setting)
/*****************************************************************************/
static GBytes *
set_cert_prop_helper (const GValue *value, const char *prop_name, GError **error)
{
gboolean valid;
GBytes *bytes = NULL;
bytes = g_value_dup_boxed (value);
/* Verify the new data */
if (bytes) {
valid = verify_cert (bytes, prop_name, NULL, NULL, error);
if (!valid)
g_clear_pointer (&bytes, g_bytes_unref);
}
return bytes;
}
/*****************************************************************************/
static void
get_property (GObject *object, guint prop_id,
GValue *value, GParamSpec *pspec)
@ -3429,7 +3411,6 @@ set_property (GObject *object, guint prop_id,
{
NMSetting8021x *setting = NM_SETTING_802_1X (object);
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
GError *error = NULL;
switch (prop_id) {
case PROP_EAP:
@ -3450,11 +3431,7 @@ set_property (GObject *object, guint prop_id,
break;
case PROP_CA_CERT:
g_bytes_unref (priv->ca_cert);
priv->ca_cert = set_cert_prop_helper (value, NM_SETTING_802_1X_CA_CERT, &error);
if (error) {
g_warning ("Error setting certificate (invalid data): %s", error->message);
g_error_free (error);
}
priv->ca_cert = g_value_dup_boxed (value);
break;
case PROP_CA_CERT_PASSWORD:
g_free (priv->ca_cert_password);
@ -3481,11 +3458,7 @@ set_property (GObject *object, guint prop_id,
break;
case PROP_CLIENT_CERT:
g_bytes_unref (priv->client_cert);
priv->client_cert = set_cert_prop_helper (value, NM_SETTING_802_1X_CLIENT_CERT, &error);
if (error) {
g_warning ("Error setting certificate (invalid data): %s", error->message);
g_error_free (error);
}
priv->client_cert = g_value_dup_boxed (value);
break;
case PROP_CLIENT_CERT_PASSWORD:
g_free (priv->client_cert_password);
@ -3519,11 +3492,7 @@ set_property (GObject *object, guint prop_id,
break;
case PROP_PHASE2_CA_CERT:
g_bytes_unref (priv->phase2_ca_cert);
priv->phase2_ca_cert = set_cert_prop_helper (value, NM_SETTING_802_1X_PHASE2_CA_CERT, &error);
if (error) {
g_warning ("Error setting certificate (invalid data): %s", error->message);
g_error_free (error);
}
priv->phase2_ca_cert = g_value_dup_boxed (value);
break;
case PROP_PHASE2_CA_CERT_PASSWORD:
g_free (priv->phase2_ca_cert_password);
@ -3550,11 +3519,7 @@ set_property (GObject *object, guint prop_id,
break;
case PROP_PHASE2_CLIENT_CERT:
g_bytes_unref (priv->phase2_client_cert);
priv->phase2_client_cert = set_cert_prop_helper (value, NM_SETTING_802_1X_PHASE2_CLIENT_CERT, &error);
if (error) {
g_warning ("Error setting certificate (invalid data): %s", error->message);
g_error_free (error);
}
priv->phase2_client_cert = g_value_dup_boxed (value);
break;
case PROP_PHASE2_CLIENT_CERT_PASSWORD:
g_free (priv->phase2_client_cert_password);
@ -3579,11 +3544,7 @@ set_property (GObject *object, guint prop_id,
break;
case PROP_PRIVATE_KEY:
g_bytes_unref (priv->private_key);
priv->private_key = set_cert_prop_helper (value, NM_SETTING_802_1X_PRIVATE_KEY, &error);
if (error) {
g_warning ("Error setting private key (invalid data): %s", error->message);
g_error_free (error);
}
priv->private_key = g_value_dup_boxed (value);
break;
case PROP_PRIVATE_KEY_PASSWORD:
nm_free_secret (priv->private_key_password);
@ -3594,11 +3555,7 @@ set_property (GObject *object, guint prop_id,
break;
case PROP_PHASE2_PRIVATE_KEY:
g_bytes_unref (priv->phase2_private_key);
priv->phase2_private_key = set_cert_prop_helper (value, NM_SETTING_802_1X_PHASE2_PRIVATE_KEY, &error);
if (error) {
g_warning ("Error setting private key (invalid data): %s", error->message);
g_error_free (error);
}
priv->phase2_private_key = g_value_dup_boxed (value);
break;
case PROP_PHASE2_PRIVATE_KEY_PASSWORD:
nm_free_secret (priv->phase2_private_key_password);