fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-07 00:50:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

libnm-core: 8021x: fix check on private key password

Browse source 
Commit df0dc912cc ("8021x: don't request secrets if they are empty
and system owned") changed need_private_key_password() to return FALSE
when flags are NONE. This broke authentication using an encrypted
private key because after this the key password is never added to the
applied connection.

Don't require a password with NONE flags only for the PKCS11 scheme.

Fixes: df0dc912cc
This commit is contained in:
Beniamino Galvani 2017-06-27 10:11:36 +02:00
parent 65a0208ba0
commit 699492c1a5
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
libnm-core/nm-setting-8021x.c
View file

@ -2772,13 +2772,18 @@ need_secrets_sim (NMSetting8021x *self,
static gboolean
need_private_key_password (GBytes *blob,
NMSetting8021xCKScheme scheme,
const char *path,
const char *password,
NMSettingSecretFlags flags)
{
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
if (flags == NM_SETTING_SECRET_FLAG_NONE || flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)
if (flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)
return FALSE;
if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PKCS11
&& flags == NM_SETTING_SECRET_FLAG_NONE)
return FALSE;
/* Private key password is required */
@ -2815,7 +2820,7 @@ need_secrets_tls (NMSetting8021x *self,
else if (scheme != NM_SETTING_802_1X_CK_SCHEME_PKCS11)
g_warning ("%s: unknown phase2 private key scheme %d", __func__, scheme);
if (need_private_key_password (blob, path,
if (need_private_key_password (blob, scheme, path,
priv->phase2_private_key_password,
priv->phase2_private_key_password_flags))
g_ptr_array_add (secrets, NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD);
@ -2842,7 +2847,7 @@ need_secrets_tls (NMSetting8021x *self,
else if (scheme != NM_SETTING_802_1X_CK_SCHEME_PKCS11)
g_warning ("%s: unknown private key scheme %d", __func__, scheme);
if (need_private_key_password (blob, path,
if (need_private_key_password (blob, scheme, path,
priv->private_key_password,
priv->private_key_password_flags))
g_ptr_array_add (secrets, NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD);