mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2026-05-06 10:18:03 +02:00
libnm-core: 8021x: fix check on private key password
Commitdf0dc912cc("8021x: don't request secrets if they are empty and system owned") changed need_private_key_password() to return FALSE when flags are NONE. This broke authentication using an encrypted private key because after this the key password is never added to the applied connection. Don't require a password with NONE flags only for the PKCS11 scheme. Fixes:df0dc912cc
This commit is contained in:
Beniamino Galvani
parent
65a0208ba0
commit
699492c1a5
1 changed files with 8 additions and 3 deletions
|
|
@ -2772,13 +2772,18 @@ need_secrets_sim (NMSetting8021x *self,
|
||||||
|
|
||||||
static gboolean
|
static gboolean
|
||||||
need_private_key_password (GBytes *blob,
|
need_private_key_password (GBytes *blob,
|
||||||
|
NMSetting8021xCKScheme scheme,
|
||||||
const char *path,
|
const char *path,
|
||||||
const char *password,
|
const char *password,
|
||||||
NMSettingSecretFlags flags)
|
NMSettingSecretFlags flags)
|
||||||
{
|
{
|
||||||
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
|
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
|
||||||
|
|
||||||
if (flags == NM_SETTING_SECRET_FLAG_NONE || flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)
|
if (flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
|
if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PKCS11
|
||||||
|
&& flags == NM_SETTING_SECRET_FLAG_NONE)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
/* Private key password is required */
|
/* Private key password is required */
|
||||||
|
|
@ -2815,7 +2820,7 @@ need_secrets_tls (NMSetting8021x *self,
|
||||||
else if (scheme != NM_SETTING_802_1X_CK_SCHEME_PKCS11)
|
else if (scheme != NM_SETTING_802_1X_CK_SCHEME_PKCS11)
|
||||||
g_warning ("%s: unknown phase2 private key scheme %d", __func__, scheme);
|
g_warning ("%s: unknown phase2 private key scheme %d", __func__, scheme);
|
||||||
|
|
||||||
if (need_private_key_password (blob, path,
|
if (need_private_key_password (blob, scheme, path,
|
||||||
priv->phase2_private_key_password,
|
priv->phase2_private_key_password,
|
||||||
priv->phase2_private_key_password_flags))
|
priv->phase2_private_key_password_flags))
|
||||||
g_ptr_array_add (secrets, NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD);
|
g_ptr_array_add (secrets, NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD);
|
||||||
|
|
@ -2842,7 +2847,7 @@ need_secrets_tls (NMSetting8021x *self,
|
||||||
else if (scheme != NM_SETTING_802_1X_CK_SCHEME_PKCS11)
|
else if (scheme != NM_SETTING_802_1X_CK_SCHEME_PKCS11)
|
||||||
g_warning ("%s: unknown private key scheme %d", __func__, scheme);
|
g_warning ("%s: unknown private key scheme %d", __func__, scheme);
|
||||||
|
|
||||||
if (need_private_key_password (blob, path,
|
if (need_private_key_password (blob, scheme, path,
|
||||||
priv->private_key_password,
|
priv->private_key_password,
|
||||||
priv->private_key_password_flags))
|
priv->private_key_password_flags))
|
||||||
g_ptr_array_add (secrets, NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD);
|
g_ptr_array_add (secrets, NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD);
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue