fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-05-09 02:28:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

libnm: change nm_wireguard_peer_set_public_key() API to allow validation

Browse source 
This is an API break since 1.16-rc1.

Similar to previous commit.

(cherry picked from commit 7962653918)
This commit is contained in:
Thomas Haller 2019-03-01 15:52:19 +01:00
parent 7682826229
commit 6452d2d0e5
5 changed files with 30 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
examples/python/gi/nm-wg-set
View file

@ -343,7 +343,7 @@ def do_set(nm_client, conn, argv):
else: else:
peer_idx = None peer_idx = None
peer = NM.WireGuardPeer() peer = NM.WireGuardPeer()
peer.set_public_key(public_key) peer.set_public_key(public_key, True)
wg_peer_is_valid(peer, 'public key "%s" is invalid' % (public_key)) wg_peer_is_valid(peer, 'public key "%s" is invalid' % (public_key))
peer_remove = False peer_remove = False
idx += 2 idx += 2

2
libnm-core/nm-keyfile.c
View file

@ -2929,7 +2929,7 @@ _read_setting_wireguard_peer (KeyfileReaderInfo *info)
info->group); info->group);
return; return;
} }
nm_wireguard_peer_set_public_key (peer, cstr); nm_wireguard_peer_set_public_key (peer, cstr, TRUE);
nm_clear_g_free (&str); nm_clear_g_free (&str);
key = NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY; key = NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY;

33
libnm-core/nm-setting-wireguard.c
View file

@ -280,34 +280,48 @@ nm_wireguard_peer_get_public_key (const NMWireGuardPeer *self)
* @self: the unsealed #NMWireGuardPeer instance * @self: the unsealed #NMWireGuardPeer instance
* @public_key: (allow-none) (transfer none): the new public * @public_key: (allow-none) (transfer none): the new public
* key or %NULL to clear the public key. * key or %NULL to clear the public key.
* @accept_invalid: if %TRUE and @public_key is not %NULL and
* invalid, then do not modify the instance.
* *
* Reset the public key. Note that if the public key is valid, it * Reset the public key. Note that if the public key is valid, it
* will be normalized (which may or may not modify the set value). * will be normalized (which may or may not modify the set value).
* *
* It is a bug trying to modify a sealed #NMWireGuardPeer instance. * It is a bug trying to modify a sealed #NMWireGuardPeer instance.
* *
* Returns: %TRUE if the key was valid or %NULL. Returns
* %FALSE for invalid keys. Depending on @accept_invalid
* will an invalid key be set or not.
*
* Since: 1.16 * Since: 1.16
*/ */
void gboolean
nm_wireguard_peer_set_public_key (NMWireGuardPeer *self, nm_wireguard_peer_set_public_key (NMWireGuardPeer *self,
const char *public_key) const char *public_key,
gboolean accept_invalid)
{ {
char *public_key_normalized = NULL; char *public_key_normalized = NULL;
gboolean is_valid;
g_return_if_fail (NM_IS_WIREGUARD_PEER (self, FALSE)); g_return_val_if_fail (NM_IS_WIREGUARD_PEER (self, FALSE), FALSE);
if (!public_key) { if (!public_key) {
nm_clear_g_free (&self->public_key); nm_clear_g_free (&self->public_key);
return; return TRUE;
} }
self->public_key_valid = _nm_utils_wireguard_normalize_key (public_key, is_valid = _nm_utils_wireguard_normalize_key (public_key,
NM_WIREGUARD_PUBLIC_KEY_LEN, NM_WIREGUARD_PUBLIC_KEY_LEN,
&public_key_normalized); &public_key_normalized);
nm_assert (self->public_key_valid == (public_key_normalized != NULL)); nm_assert (is_valid == (public_key_normalized != NULL));
if ( !is_valid
&& !accept_invalid)
return FALSE;
self->public_key_valid = is_valid;
g_free (self->public_key); g_free (self->public_key);
self->public_key = public_key_normalized ?: g_strdup (public_key); self->public_key = public_key_normalized ?: g_strdup (public_key);
return is_valid;
} }
void void
@ -1532,8 +1546,7 @@ _peers_dbus_only_set (NMSetting *setting,
} }
peer = nm_wireguard_peer_new (); peer = nm_wireguard_peer_new ();
nm_wireguard_peer_set_public_key (peer, cstr); if (!nm_wireguard_peer_set_public_key (peer, cstr, TRUE)) {
if (!peer->public_key_valid) {
if (NM_FLAGS_HAS (parse_flags, NM_SETTING_PARSE_FLAGS_STRICT)) { if (NM_FLAGS_HAS (parse_flags, NM_SETTING_PARSE_FLAGS_STRICT)) {
g_set_error (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_MISSING_PROPERTY, g_set_error (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_MISSING_PROPERTY,
_("peer #%u has invalid public-key"), _("peer #%u has invalid public-key"),

5
libnm-core/nm-setting-wireguard.h
View file

@ -61,8 +61,9 @@ gboolean nm_wireguard_peer_is_sealed (const NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16 NM_AVAILABLE_IN_1_16
const char *nm_wireguard_peer_get_public_key (const NMWireGuardPeer *self); const char *nm_wireguard_peer_get_public_key (const NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16 NM_AVAILABLE_IN_1_16
void nm_wireguard_peer_set_public_key (NMWireGuardPeer *self, gboolean nm_wireguard_peer_set_public_key (NMWireGuardPeer *self,
const char *public_key); const char *public_key,
gboolean accept_invalid);
NM_AVAILABLE_IN_1_16 NM_AVAILABLE_IN_1_16
const char *nm_wireguard_peer_get_preshared_key (const NMWireGuardPeer *self); const char *nm_wireguard_peer_get_preshared_key (const NMWireGuardPeer *self);

3
libnm-core/tests/test-setting.c
View file

@ -2065,7 +2065,8 @@ _rndt_wg_peers_create (void)
s_endpoint = _create_random_ipaddr (AF_UNSPEC, TRUE); s_endpoint = _create_random_ipaddr (AF_UNSPEC, TRUE);
peer = nm_wireguard_peer_new (); peer = nm_wireguard_peer_new ();
nm_wireguard_peer_set_public_key (peer, public_key); if (!nm_wireguard_peer_set_public_key (peer, public_key, TRUE))
g_assert_not_reached ();
if (!nm_wireguard_peer_set_preshared_key (peer, nmtst_rand_select (NULL, preshared_key), TRUE)) if (!nm_wireguard_peer_set_preshared_key (peer, nmtst_rand_select (NULL, preshared_key), TRUE))
g_assert_not_reached (); g_assert_not_reached ();