fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-31 03:10:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

supplicant: merge branch 'th/supplicant-config-verify'

Browse source 
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/468

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/535
This commit is contained in:
Thomas Haller 2020-06-11 11:06:37 +02:00
commit 82faec5875
No known key found for this signature in database
GPG key ID: 29C2366E4DFC5728
4 changed files with 303 additions and 246 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
src/supplicant/nm-supplicant-config.c
View file

@ -22,7 +22,7 @@
typedef struct {
char *value;
guint32 len;
OptType type;
NMSupplOptType type;
} ConfigOption;
/*****************************************************************************/
@ -97,14 +97,14 @@ nm_supplicant_config_add_option_with_type (NMSupplicantConfig *self,
const char *key,
const char *value,
gint32 len,
OptType opt_type,
NMSupplOptType opt_type,
const char *hidden,
GError **error)
{
NMSupplicantConfigPrivate *priv;
ConfigOption *old_opt;
ConfigOption *opt;
OptType type;
NMSupplOptType type;
g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE);
g_return_val_if_fail (key != NULL, FALSE);
@ -116,11 +116,11 @@ nm_supplicant_config_add_option_with_type (NMSupplicantConfig *self,
if (len < 0)
len = strlen (value);
if (opt_type != TYPE_INVALID)
if (opt_type != NM_SUPPL_OPT_TYPE_INVALID)
type = opt_type;
else {
type = nm_supplicant_settings_verify_setting (key, value, len);
if (type == TYPE_INVALID) {
if (type == NM_SUPPL_OPT_TYPE_INVALID) {
gs_free char *str_free = NULL;
const char *str;
@ -171,7 +171,7 @@ nm_supplicant_config_add_option (NMSupplicantConfig *self,
const char *hidden,
GError **error)
{
return nm_supplicant_config_add_option_with_type (self, key, value, len, TYPE_INVALID, hidden, error);
return nm_supplicant_config_add_option_with_type (self, key, value, len, NM_SUPPL_OPT_TYPE_INVALID, hidden, error);
}
static gboolean
@ -184,7 +184,7 @@ nm_supplicant_config_add_blob (NMSupplicantConfig *self,
NMSupplicantConfigPrivate *priv;
ConfigOption *old_opt;
ConfigOption *opt;
OptType type;
NMSupplOptType type;
const guint8 *data;
gsize data_len;
@ -199,7 +199,7 @@ nm_supplicant_config_add_blob (NMSupplicantConfig *self,
priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self);
type = nm_supplicant_settings_verify_setting (key, (const char *) data, data_len);
if (type == TYPE_INVALID) {
if (type == NM_SUPPL_OPT_TYPE_INVALID) {
g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG,
"key '%s' and/or its contained value is invalid", key);
return FALSE;
@ -307,18 +307,18 @@ nm_supplicant_config_to_variant (NMSupplicantConfig *self)
g_hash_table_iter_init (&iter, priv->config);
while (g_hash_table_iter_next (&iter, (gpointer) &key, (gpointer) &option)) {
switch (option->type) {
case TYPE_INT:
case NM_SUPPL_OPT_TYPE_INT:
g_variant_builder_add (&builder, "{sv}", key, g_variant_new_int32 (atoi (option->value)));
break;
case TYPE_BYTES:
case TYPE_UTF8:
case NM_SUPPL_OPT_TYPE_BYTES:
case NM_SUPPL_OPT_TYPE_UTF8:
g_variant_builder_add (&builder, "{sv}",
key,
g_variant_new_fixed_array (G_VARIANT_TYPE_BYTE,
option->value, option->len, 1));
break;
case TYPE_KEYWORD:
case TYPE_STRING:
case NM_SUPPL_OPT_TYPE_KEYWORD:
case NM_SUPPL_OPT_TYPE_STRING:
g_variant_builder_add (&builder, "{sv}", key, g_variant_new_string (option->value));
break;
default:
@ -831,18 +831,18 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
if (psk_len >= 8 && psk_len <= 63) {
/* Use TYPE_STRING here so that it gets pushed to the
/* Use NM_SUPPL_OPT_TYPE_STRING here so that it gets pushed to the
* supplicant as a string, and therefore gets quoted,
* and therefore the supplicant will interpret it as a
* passphrase and not a hex key.
*/
if (!nm_supplicant_config_add_option_with_type (self, "psk", psk, -1, TYPE_STRING, "<hidden>", error))
if (!nm_supplicant_config_add_option_with_type (self, "psk", psk, -1, NM_SUPPL_OPT_TYPE_STRING, "<hidden>", error))
return FALSE;
} else if (nm_streq (key_mgmt, "sae")) {
/* If the SAE password doesn't comply with WPA-PSK limitation,
* we need to call it "sae_password" instead of "psk".
*/
if (!nm_supplicant_config_add_option_with_type (self, "sae_password", psk, -1, TYPE_STRING, "<hidden>", error))
if (!nm_supplicant_config_add_option_with_type (self, "sae_password", psk, -1, NM_SUPPL_OPT_TYPE_STRING, "<hidden>", error))
return FALSE;
} else if (psk_len == 64) {
guint8 buffer[32];

366
src/supplicant/nm-supplicant-settings-verify.c
View file

@ -11,131 +11,154 @@
#include <stdlib.h>
struct Opt {
const char * key;
const OptType type;
const gint32 int_low; /* Inclusive */
const gint32 int_high; /* Inclusive; max length for strings */
const gboolean str_allowed_multiple;
const char *key;
const char *const*str_allowed;
const NMSupplOptType type;
const guint32 int_low; /* Inclusive */
const guint32 int_high; /* Inclusive; max length for strings */
};
static gboolean validate_type_int (const struct Opt * opt,
const char * value,
const guint32 len);
typedef gboolean (*validate_func) (const struct Opt *, const char *, const guint32);
static gboolean validate_type_bytes (const struct Opt * opt,
const char * value,
const guint32 len);
static gboolean validate_type_utf8 (const struct Opt *opt,
const char * value,
const guint32 len);
static gboolean validate_type_keyword (const struct Opt * opt,
const char * value,
const guint32 len);
typedef gboolean (*validate_func)(const struct Opt *, const char *, const guint32);
struct validate_entry {
const OptType type;
const validate_func func;
};
static const struct validate_entry validate_table[] = {
{ TYPE_INT, validate_type_int },
{ TYPE_BYTES, validate_type_bytes },
{ TYPE_UTF8, validate_type_utf8 },
{ TYPE_KEYWORD, validate_type_keyword },
};
static const char *const pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL };
static const char *const group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL };
static const char *const proto_allowed[] = { "WPA", "RSN", NULL };
static const char *const key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", "FT-PSK",
"WPA-EAP", "WPA-EAP-SHA256", "FT-EAP", "FT-EAP-SHA384",
"FILS-SHA256", "FILS-SHA384",
"IEEE8021X", "SAE", "FT-SAE",
"OWE", "NONE", NULL };
static const char *const auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL };
static const char *const eap_allowed[] = { "LEAP", "MD5", "TLS", "PEAP", "TTLS", "SIM",
"PSK", "FAST", "PWD", NULL };
static const char *const phase1_allowed[] = { "peapver=0", "peapver=1", "peaplabel=1",
"peap_outer_success=0", "include_tls_length=1",
"sim_min_num_chal=3", "fast_provisioning=0",
"fast_provisioning=1", "fast_provisioning=2",
"fast_provisioning=3", "tls_disable_tlsv1_0=0",
"tls_disable_tlsv1_0=1", "tls_disable_tlsv1_1=0",
"tls_disable_tlsv1_1=1", "tls_disable_tlsv1_2=0",
"tls_disable_tlsv1_2=1", NULL };
static const char *const phase2_allowed[] = { "auth=PAP", "auth=CHAP", "auth=MSCHAP",
"auth=MSCHAPV2", "auth=GTC", "auth=OTP",
"auth=MD5", "auth=TLS", "autheap=MD5",
"autheap=MSCHAPV2", "autheap=OTP",
"autheap=GTC", "autheap=TLS", NULL };
#define OPT_INT( _key, _int_low, _int_high) { .key = _key, .type = NM_SUPPL_OPT_TYPE_INT, .int_high = _int_high, .int_low = _int_low, }
#define OPT_BYTES( _key, _int_high) { .key = _key, .type = NM_SUPPL_OPT_TYPE_BYTES, .int_high = _int_high, }
#define OPT_UTF8( _key, _int_high) { .key = _key, .type = NM_SUPPL_OPT_TYPE_UTF8, .int_high = _int_high, }
#define OPT_KEYWORD(_key, _str_allowed) { .key = _key, .type = NM_SUPPL_OPT_TYPE_KEYWORD, .str_allowed = _str_allowed, }
static const struct Opt opt_table[] = {
{ "ssid", TYPE_BYTES, 0, 32,FALSE, NULL },
{ "bssid", TYPE_KEYWORD, 0, 0, FALSE, NULL },
{ "scan_ssid", TYPE_INT, 0, 1, FALSE, NULL },
{ "frequency", TYPE_INT, 2412, 5825, FALSE, NULL },
{ "auth_alg", TYPE_KEYWORD, 0, 0, FALSE, auth_alg_allowed },
{ "psk", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "pairwise", TYPE_KEYWORD, 0, 0, FALSE, pairwise_allowed },
{ "group", TYPE_KEYWORD, 0, 0, FALSE, group_allowed },
{ "proto", TYPE_KEYWORD, 0, 0, FALSE, proto_allowed },
{ "key_mgmt", TYPE_KEYWORD, 0, 0, FALSE, key_mgmt_allowed },
{ "wep_key0", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "wep_key1", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "wep_key2", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "wep_key3", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "wep_tx_keyidx", TYPE_INT, 0, 3, FALSE, NULL },
{ "eapol_flags", TYPE_INT, 0, 3, FALSE, NULL },
{ "eap", TYPE_KEYWORD, 0, 0, FALSE, eap_allowed },
{ "identity", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "password", TYPE_UTF8, 0, 0, FALSE, NULL },
{ "ca_path", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "subject_match", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "altsubject_match", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "domain_suffix_match",TYPE_BYTES, 0, 0, FALSE, NULL },
{ "domain_match", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "ca_cert", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "client_cert", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "private_key", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "private_key_passwd", TYPE_BYTES, 0, 1024, FALSE, NULL },
{ "phase1", TYPE_KEYWORD, 0, 0, TRUE, phase1_allowed },
{ "phase2", TYPE_KEYWORD, 0, 0, TRUE, phase2_allowed },
{ "anonymous_identity", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "ca_path2", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "subject_match2", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "altsubject_match2", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "domain_suffix_match2", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "domain_match2", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "ca_cert2", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "client_cert2", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "private_key2", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "private_key2_passwd",TYPE_BYTES, 0, 1024, FALSE, NULL },
{ "pin", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "pcsc", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "nai", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "eappsk", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "pac_file", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "engine", TYPE_INT, 0, 1, FALSE, NULL },
{ "engine_id", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "key_id", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "fragment_size", TYPE_INT, 1, 2000, FALSE, NULL },
{ "proactive_key_caching", TYPE_INT, 0, 1, FALSE, NULL },
{ "bgscan", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "pac_file", TYPE_BYTES, 0, 1024, FALSE, NULL },
{ "freq_list", TYPE_KEYWORD, 0, 0, FALSE, NULL },
{ "macsec_policy", TYPE_INT, 0, 1, FALSE, NULL },
{ "macsec_integ_only", TYPE_INT, 0, 1, FALSE, NULL },
{ "mka_cak", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "mka_ckn", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "macsec_port", TYPE_INT, 1, 65534, FALSE, NULL },
{ "ieee80211w", TYPE_INT, 0, 2, FALSE, NULL },
{ "ignore_broadcast_ssid", TYPE_INT, 0, 2, FALSE, NULL },
OPT_BYTES ("altsubject_match", 0),
OPT_BYTES ("altsubject_match2", 0),
OPT_BYTES ("anonymous_identity", 0),
OPT_KEYWORD ("auth_alg", NM_MAKE_STRV (
"OPEN",
"SHARED",
"LEAP",
)),
OPT_BYTES ("bgscan", 0),
OPT_KEYWORD ("bssid", NULL),
OPT_BYTES ("ca_cert", 65536),
OPT_BYTES ("ca_cert2", 65536),
OPT_BYTES ("ca_path", 0),
OPT_BYTES ("ca_path2", 0),
OPT_BYTES ("client_cert", 65536),
OPT_BYTES ("client_cert2", 65536),
OPT_BYTES ("domain_match", 0),
OPT_BYTES ("domain_match2", 0),
OPT_BYTES ("domain_suffix_match", 0),
OPT_BYTES ("domain_suffix_match2", 0),
OPT_KEYWORD ("eap", NM_MAKE_STRV (
"LEAP",
"MD5",
"TLS",
"PEAP",
"TTLS",
"SIM",
"PSK",
"FAST",
"PWD",
)),
OPT_INT ("eapol_flags", 0, 3),
OPT_BYTES ("eappsk", 0),
OPT_INT ("engine", 0, 1),
OPT_BYTES ("engine_id", 0),
OPT_INT ("fragment_size", 1, 2000),
OPT_KEYWORD ("freq_list", NULL),
OPT_INT ("frequency", 2412, 5825),
OPT_KEYWORD ("group", NM_MAKE_STRV (
"CCMP",
"TKIP",
"WEP104",
"WEP40",
)),
OPT_BYTES ("identity", 0),
OPT_INT ("ieee80211w", 0, 2),
OPT_INT ("ignore_broadcast_ssid", 0, 2),
OPT_BYTES ("key_id", 0),
OPT_KEYWORD ("key_mgmt", NM_MAKE_STRV (
"WPA-PSK",
"WPA-PSK-SHA256",
"FT-PSK",
"WPA-EAP",
"WPA-EAP-SHA256",
"FT-EAP",
"FT-EAP-SHA384",
"FILS-SHA256",
"FILS-SHA384",
"FT-FILS-SHA256",
"FT-FILS-SHA384",
"IEEE8021X",
"SAE",
"FT-SAE",
"OWE",
"NONE",
)),
OPT_INT ("macsec_integ_only", 0, 1),
OPT_INT ("macsec_policy", 0, 1),
OPT_INT ("macsec_port", 1, 65534),
OPT_BYTES ("mka_cak", 65536),
OPT_BYTES ("mka_ckn", 65536),
OPT_BYTES ("nai", 0),
OPT_BYTES ("pac_file", 0),
OPT_KEYWORD ("pairwise", NM_MAKE_STRV (
"CCMP",
"TKIP",
"NONE",
)),
OPT_UTF8 ("password", 0),
OPT_BYTES ("pcsc", 0),
OPT_KEYWORD ("phase1", NM_MAKE_STRV (
"peapver=0",
"peapver=1",
"peaplabel=1",
"peap_outer_success=0",
"include_tls_length=1",
"sim_min_num_chal=3",
"fast_provisioning=0",
"fast_provisioning=1",
"fast_provisioning=2",
"fast_provisioning=3",
"tls_disable_tlsv1_0=0",
"tls_disable_tlsv1_0=1",
"tls_disable_tlsv1_1=0",
"tls_disable_tlsv1_1=1",
"tls_disable_tlsv1_2=0",
"tls_disable_tlsv1_2=1",
)),
OPT_KEYWORD ("phase2", NM_MAKE_STRV (
"auth=PAP",
"auth=CHAP",
"auth=MSCHAP",
"auth=MSCHAPV2",
"auth=GTC",
"auth=OTP",
"auth=MD5",
"auth=TLS",
"autheap=MD5",
"autheap=MSCHAPV2",
"autheap=OTP",
"autheap=GTC",
"autheap=TLS",
)),
OPT_BYTES ("pin", 0),
OPT_BYTES ("private_key", 65536),
OPT_BYTES ("private_key2", 65536),
OPT_BYTES ("private_key2_passwd", 1024),
OPT_BYTES ("private_key_passwd", 1024),
OPT_INT ("proactive_key_caching", 0, 1),
OPT_KEYWORD ("proto", NM_MAKE_STRV (
"WPA",
"RSN",
)),
OPT_BYTES ("psk", 0),
OPT_INT ("scan_ssid", 0, 1),
OPT_BYTES ("ssid", 32),
OPT_BYTES ("subject_match", 0),
OPT_BYTES ("subject_match2", 0),
OPT_BYTES ("wep_key0", 0),
OPT_BYTES ("wep_key1", 0),
OPT_BYTES ("wep_key2", 0),
OPT_BYTES ("wep_key3", 0),
OPT_INT ("wep_tx_keyidx", 0, 3),
};
static gboolean
@ -145,8 +168,8 @@ validate_type_int (const struct Opt * opt,
{
gint64 v;
g_return_val_if_fail (opt != NULL, FALSE);
g_return_val_if_fail (value != NULL, FALSE);
nm_assert (opt);
nm_assert (value);
v = _nm_utils_ascii_str_to_int64 (value, 10, opt->int_low, opt->int_high, G_MININT64);
return v != G_MININT64 || errno == 0;
@ -159,8 +182,8 @@ validate_type_bytes (const struct Opt * opt,
{
guint32 check_len;
g_return_val_if_fail (opt != NULL, FALSE);
g_return_val_if_fail (value != NULL, FALSE);
nm_assert (opt);
nm_assert (value);
check_len = opt->int_high ?: 255;
if (len > check_len)
@ -176,8 +199,8 @@ validate_type_utf8 (const struct Opt *opt,
{
guint32 check_len;
g_return_val_if_fail (opt != NULL, FALSE);
g_return_val_if_fail (value != NULL, FALSE);
nm_assert (opt);
nm_assert (value);
check_len = opt->int_high ?: 255;
/* Note that we deliberately don't validate the UTF-8, because
@ -196,8 +219,8 @@ validate_type_keyword (const struct Opt * opt,
{
gs_free char *value_free = NULL;
g_return_val_if_fail (opt != NULL, FALSE);
g_return_val_if_fail (value != NULL, FALSE);
nm_assert (opt);
nm_assert (value);
/* Allow everything */
if (!opt->str_allowed)
@ -232,41 +255,74 @@ validate_type_keyword (const struct Opt * opt,
}
}
OptType
nm_supplicant_settings_verify_setting (const char * key,
const char * value,
NMSupplOptType
nm_supplicant_settings_verify_setting (const char *key,
const char *value,
const guint32 len)
{
OptType type = TYPE_INVALID;
int opt_count = sizeof (opt_table) / sizeof (opt_table[0]);
int val_count = sizeof (validate_table) / sizeof (validate_table[0]);
int i, j;
static const validate_func validate_table[_NM_SUPPL_OPT_TYPE_NUM - 1] = {
[NM_SUPPL_OPT_TYPE_INT - 1] = validate_type_int,
[NM_SUPPL_OPT_TYPE_BYTES - 1] = validate_type_bytes,
[NM_SUPPL_OPT_TYPE_UTF8 - 1] = validate_type_utf8,
[NM_SUPPL_OPT_TYPE_KEYWORD - 1] = validate_type_keyword,
};
const struct Opt *opt;
gssize opt_idx;
g_return_val_if_fail (key != NULL, FALSE);
g_return_val_if_fail (value != NULL, FALSE);
g_return_val_if_fail (key, FALSE);
g_return_val_if_fail (value, FALSE);
if (strcmp (key, "mode") == 0) {
if (len != 1)
return TYPE_INVALID;
if (!NM_IN_SET (value[0], '1', '2', '5'))
return TYPE_INVALID;
return TYPE_INT;
}
if (NM_MORE_ASSERT_ONCE (5)) {
gsize i;
for (i = 0; i < opt_count; i++) {
if (strcmp (opt_table[i].key, key) != 0)
continue;
for (i = 0; i < G_N_ELEMENTS (opt_table); i++) {
opt = &opt_table[i];
for (j = 0; j < val_count; j++) {
if (validate_table[j].type == opt_table[i].type) {
if ((*(validate_table[j].func))(&opt_table[i], value, len)) {
type = opt_table[i].type;
break;
}
}
nm_assert (opt->key);
nm_assert (opt->type > NM_SUPPL_OPT_TYPE_INVALID);
nm_assert (opt->type < _NM_SUPPL_OPT_TYPE_NUM);
if (i > 0)
nm_assert (strcmp (opt[-1].key, opt->key) < 0);
nm_assert (validate_table[opt->type - 1]);
nm_assert ( !opt->str_allowed
|| (opt->type == NM_SUPPL_OPT_TYPE_KEYWORD));
nm_assert ( !opt->str_allowed
|| NM_PTRARRAY_LEN (opt->str_allowed) > 0);
nm_assert ( opt->int_low == 0
|| opt->type == NM_SUPPL_OPT_TYPE_INT);
nm_assert ( opt->int_high == 0
|| NM_IN_SET (opt->type, NM_SUPPL_OPT_TYPE_INT,
NM_SUPPL_OPT_TYPE_UTF8,
NM_SUPPL_OPT_TYPE_BYTES));
nm_assert ( opt->type != NM_SUPPL_OPT_TYPE_INT
|| opt->int_low < opt->int_high);
}
}
return type;
}
opt_idx = nm_utils_array_find_binary_search (opt_table,
sizeof (opt_table[0]),
G_N_ELEMENTS (opt_table),
&key,
nm_strcmp_p_with_data,
NULL);
if (opt_idx < 0) {
if (nm_streq (key, "mode")) {
if (len != 1)
return NM_SUPPL_OPT_TYPE_INVALID;
if (!NM_IN_SET (value[0], '1', '2', '5'))
return NM_SUPPL_OPT_TYPE_INVALID;
return NM_SUPPL_OPT_TYPE_INT;
}
return NM_SUPPL_OPT_TYPE_INVALID;
}
opt = &opt_table[opt_idx];
if (!((validate_table[opt->type - 1]) (opt, value, len)))
return NM_SUPPL_OPT_TYPE_INVALID;
return opt->type;
}

21
src/supplicant/nm-supplicant-settings-verify.h
View file

@ -7,16 +7,17 @@
#define __NETWORKMANAGER_SUPPLICANT_SETTINGS_VERIFY_H__
typedef enum {
TYPE_INVALID = 0,
TYPE_INT,
TYPE_BYTES,
TYPE_UTF8,
TYPE_KEYWORD,
TYPE_STRING
} OptType;
NM_SUPPL_OPT_TYPE_INVALID = 0,
NM_SUPPL_OPT_TYPE_INT,
NM_SUPPL_OPT_TYPE_BYTES,
NM_SUPPL_OPT_TYPE_UTF8,
NM_SUPPL_OPT_TYPE_KEYWORD,
NM_SUPPL_OPT_TYPE_STRING,
_NM_SUPPL_OPT_TYPE_NUM,
} NMSupplOptType;
OptType nm_supplicant_settings_verify_setting (const char * key,
const char * value,
const guint32 len);
NMSupplOptType nm_supplicant_settings_verify_setting (const char *key,
const char *value,
const guint32 len);
#endif /* __NETWORKMANAGER_SUPPLICANT_SETTINGS_VERIFY_H__ */

130
src/supplicant/tests/test-supplicant-config.c
View file

@ -29,7 +29,7 @@ static gboolean
validate_opt (const char *detail,
GVariant *config,
const char *key,
OptType val_type,
NMSupplOptType val_type,
gconstpointer expected)
{
char *config_key;
@ -44,12 +44,12 @@ validate_opt (const char *detail,
if (!strcmp (key, config_key)) {
found = TRUE;
switch (val_type) {
case TYPE_INT: {
case NM_SUPPL_OPT_TYPE_INT: {
g_assert (g_variant_is_of_type (config_value, G_VARIANT_TYPE_INT32));
g_assert_cmpint (g_variant_get_int32 (config_value), ==, GPOINTER_TO_INT (expected));
break;
}
case TYPE_BYTES: {
case NM_SUPPL_OPT_TYPE_BYTES: {
const guint8 *expected_bytes;
gsize expected_len = 0;
const guint8 *config_bytes;
@ -61,8 +61,8 @@ validate_opt (const char *detail,
g_assert_cmpmem (config_bytes, config_len, expected_bytes, expected_len);
break;
}
case TYPE_KEYWORD:
case TYPE_STRING: {
case NM_SUPPL_OPT_TYPE_KEYWORD:
case NM_SUPPL_OPT_TYPE_STRING: {
const char *expected_str = expected;
const char *config_str;
@ -198,10 +198,10 @@ test_wifi_open (void)
g_test_assert_expected_messages ();
g_assert (config_dict);
validate_opt ("wifi-open", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1));
validate_opt ("wifi-open", config_dict, "ssid", TYPE_BYTES, ssid);
validate_opt ("wifi-open", config_dict, "bssid", TYPE_KEYWORD, bssid_str);
validate_opt ("wifi-open", config_dict, "key_mgmt", TYPE_KEYWORD, "NONE");
validate_opt ("wifi-open", config_dict, "scan_ssid", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER (1));
validate_opt ("wifi-open", config_dict, "ssid", NM_SUPPL_OPT_TYPE_BYTES, ssid);
validate_opt ("wifi-open", config_dict, "bssid", NM_SUPPL_OPT_TYPE_KEYWORD, bssid_str);
validate_opt ("wifi-open", config_dict, "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, "NONE");
}
static void
@ -255,16 +255,16 @@ test_wifi_wep_key (const char *detail,
g_test_assert_expected_messages ();
g_assert (config_dict);
validate_opt (detail, config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1));
validate_opt (detail, config_dict, "ssid", TYPE_BYTES, ssid);
validate_opt (detail, config_dict, "scan_ssid", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER (1));
validate_opt (detail, config_dict, "ssid", NM_SUPPL_OPT_TYPE_BYTES, ssid);
if (test_bssid)
validate_opt (detail, config_dict, "bssid", TYPE_KEYWORD, bssid_str);
validate_opt (detail, config_dict, "bssid", NM_SUPPL_OPT_TYPE_KEYWORD, bssid_str);
else
validate_opt (detail, config_dict, "bgscan", TYPE_BYTES, bgscan);
validate_opt (detail, config_dict, "bgscan", NM_SUPPL_OPT_TYPE_BYTES, bgscan);
validate_opt (detail, config_dict, "key_mgmt", TYPE_KEYWORD, "NONE");
validate_opt (detail, config_dict, "wep_tx_keyidx", TYPE_INT, GINT_TO_POINTER (0));
validate_opt (detail, config_dict, "wep_key0", TYPE_BYTES, wep_key_bytes);
validate_opt (detail, config_dict, "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, "NONE");
validate_opt (detail, config_dict, "wep_tx_keyidx", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER (0));
validate_opt (detail, config_dict, "wep_key0", NM_SUPPL_OPT_TYPE_BYTES, wep_key_bytes);
}
static void
@ -295,7 +295,7 @@ test_wifi_wep (void)
static void
test_wifi_wpa_psk (const char *detail,
OptType key_type,
NMSupplOptType key_type,
const char *key_data,
const unsigned char *expected,
size_t expected_size,
@ -356,16 +356,16 @@ test_wifi_wpa_psk (const char *detail,
g_test_assert_expected_messages ();
g_assert (config_dict);
validate_opt (detail, config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1));
validate_opt (detail, config_dict, "ssid", TYPE_BYTES, ssid);
validate_opt (detail, config_dict, "bssid", TYPE_KEYWORD, bssid_str);
validate_opt (detail, config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-PSK WPA-PSK-SHA256");
validate_opt (detail, config_dict, "proto", TYPE_KEYWORD, "WPA RSN");
validate_opt (detail, config_dict, "pairwise", TYPE_KEYWORD, "TKIP CCMP");
validate_opt (detail, config_dict, "group", TYPE_KEYWORD, "TKIP CCMP");
if (key_type == TYPE_BYTES)
validate_opt (detail, config_dict, "scan_ssid", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER (1));
validate_opt (detail, config_dict, "ssid", NM_SUPPL_OPT_TYPE_BYTES, ssid);
validate_opt (detail, config_dict, "bssid", NM_SUPPL_OPT_TYPE_KEYWORD, bssid_str);
validate_opt (detail, config_dict, "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, "WPA-PSK WPA-PSK-SHA256");
validate_opt (detail, config_dict, "proto", NM_SUPPL_OPT_TYPE_KEYWORD, "WPA RSN");
validate_opt (detail, config_dict, "pairwise", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP");
validate_opt (detail, config_dict, "group", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP");
if (key_type == NM_SUPPL_OPT_TYPE_BYTES)
validate_opt (detail, config_dict, "psk", key_type, wpa_psk_bytes);
else if (key_type == TYPE_STRING)
else if (key_type == NM_SUPPL_OPT_TYPE_STRING)
validate_opt (detail, config_dict, "psk", key_type, expected);
else
g_assert_not_reached ();
@ -420,17 +420,17 @@ test_wifi_sae_psk (const char *psk)
g_test_assert_expected_messages ();
g_assert (config_dict);
validate_opt ("wifi-sae", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1));
validate_opt ("wifi-sae", config_dict, "ssid", TYPE_BYTES, ssid);
validate_opt ("wifi-sae", config_dict, "bssid", TYPE_KEYWORD, bssid_str);
validate_opt ("wifi-sae", config_dict, "key_mgmt", TYPE_KEYWORD, "SAE");
validate_opt ("wifi-sae", config_dict, "proto", TYPE_KEYWORD, "RSN");
validate_opt ("wifi-sae", config_dict, "pairwise", TYPE_KEYWORD, "TKIP CCMP");
validate_opt ("wifi-sae", config_dict, "group", TYPE_KEYWORD, "TKIP CCMP");
validate_opt ("wifi-sae", config_dict, "scan_ssid", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER (1));
validate_opt ("wifi-sae", config_dict, "ssid", NM_SUPPL_OPT_TYPE_BYTES, ssid);
validate_opt ("wifi-sae", config_dict, "bssid", NM_SUPPL_OPT_TYPE_KEYWORD, bssid_str);
validate_opt ("wifi-sae", config_dict, "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, "SAE");
validate_opt ("wifi-sae", config_dict, "proto", NM_SUPPL_OPT_TYPE_KEYWORD, "RSN");
validate_opt ("wifi-sae", config_dict, "pairwise", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP");
validate_opt ("wifi-sae", config_dict, "group", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP");
if (short_psk)
validate_opt ("wifi-sae", config_dict, "sae_password", TYPE_KEYWORD, psk);
validate_opt ("wifi-sae", config_dict, "sae_password", NM_SUPPL_OPT_TYPE_KEYWORD, psk);
else
validate_opt ("wifi-sae", config_dict, "psk", TYPE_KEYWORD, psk);
validate_opt ("wifi-sae", config_dict, "psk", NM_SUPPL_OPT_TYPE_KEYWORD, psk);
}
static void
@ -450,11 +450,11 @@ test_wifi_wpa_psk_types (void)
0x6c, 0x2f, 0x11, 0x60, 0x5a, 0x16, 0x08, 0x93 };
const char *key2 = "r34lly l33t wp4 p4ssphr4s3 for t3st1ng";
test_wifi_wpa_psk ("wifi-wpa-psk-hex", TYPE_BYTES, key1, key1_expected,
test_wifi_wpa_psk ("wifi-wpa-psk-hex", NM_SUPPL_OPT_TYPE_BYTES, key1, key1_expected,
sizeof (key1_expected), NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL);
test_wifi_wpa_psk ("wifi-wep-psk-passphrase", TYPE_STRING, key2,
test_wifi_wpa_psk ("wifi-wep-psk-passphrase", NM_SUPPL_OPT_TYPE_STRING, key2,
(gconstpointer) key2, strlen (key2), NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED);
test_wifi_wpa_psk ("pmf-disabled", TYPE_STRING, key2,
test_wifi_wpa_psk ("pmf-disabled", NM_SUPPL_OPT_TYPE_STRING, key2,
(gconstpointer) key2, strlen (key2), NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE);
}
@ -527,15 +527,15 @@ test_wifi_eap_locked_bssid (void)
g_test_assert_expected_messages ();
g_assert (config_dict);
validate_opt ("wifi-eap", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1));
validate_opt ("wifi-eap", config_dict, "ssid", TYPE_BYTES, ssid);
validate_opt ("wifi-eap", config_dict, "bssid", TYPE_KEYWORD, bssid_str);
validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP");
validate_opt ("wifi-eap", config_dict, "eap", TYPE_KEYWORD, "TLS");
validate_opt ("wifi-eap", config_dict, "proto", TYPE_KEYWORD, "WPA RSN");
validate_opt ("wifi-eap", config_dict, "pairwise", TYPE_KEYWORD, "TKIP CCMP");
validate_opt ("wifi-eap", config_dict, "group", TYPE_KEYWORD, "TKIP CCMP");
validate_opt ("wifi-eap", config_dict, "fragment_size", TYPE_INT, GINT_TO_POINTER(mtu-14));
validate_opt ("wifi-eap", config_dict, "scan_ssid", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER (1));
validate_opt ("wifi-eap", config_dict, "ssid", NM_SUPPL_OPT_TYPE_BYTES, ssid);
validate_opt ("wifi-eap", config_dict, "bssid", NM_SUPPL_OPT_TYPE_KEYWORD, bssid_str);
validate_opt ("wifi-eap", config_dict, "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, "WPA-EAP");
validate_opt ("wifi-eap", config_dict, "eap", NM_SUPPL_OPT_TYPE_KEYWORD, "TLS");
validate_opt ("wifi-eap", config_dict, "proto", NM_SUPPL_OPT_TYPE_KEYWORD, "WPA RSN");
validate_opt ("wifi-eap", config_dict, "pairwise", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP");
validate_opt ("wifi-eap", config_dict, "group", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP");
validate_opt ("wifi-eap", config_dict, "fragment_size", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER(mtu-14));
}
static void
@ -568,15 +568,15 @@ test_wifi_eap_unlocked_bssid (void)
g_test_assert_expected_messages ();
g_assert (config_dict);
validate_opt ("wifi-eap", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1));
validate_opt ("wifi-eap", config_dict, "ssid", TYPE_BYTES, ssid);
validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "FILS-SHA256 FILS-SHA384");
validate_opt ("wifi-eap", config_dict, "eap", TYPE_KEYWORD, "TLS");
validate_opt ("wifi-eap", config_dict, "proto", TYPE_KEYWORD, "WPA RSN");
validate_opt ("wifi-eap", config_dict, "pairwise", TYPE_KEYWORD, "TKIP CCMP");
validate_opt ("wifi-eap", config_dict, "group", TYPE_KEYWORD, "TKIP CCMP");
validate_opt ("wifi-eap", config_dict, "fragment_size", TYPE_INT, GINT_TO_POINTER(mtu-14));
validate_opt ("wifi-eap", config_dict, "bgscan", TYPE_BYTES, bgscan);
validate_opt ("wifi-eap", config_dict, "scan_ssid", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER (1));
validate_opt ("wifi-eap", config_dict, "ssid", NM_SUPPL_OPT_TYPE_BYTES, ssid);
validate_opt ("wifi-eap", config_dict, "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, "FILS-SHA256 FILS-SHA384");
validate_opt ("wifi-eap", config_dict, "eap", NM_SUPPL_OPT_TYPE_KEYWORD, "TLS");
validate_opt ("wifi-eap", config_dict, "proto", NM_SUPPL_OPT_TYPE_KEYWORD, "WPA RSN");
validate_opt ("wifi-eap", config_dict, "pairwise", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP");
validate_opt ("wifi-eap", config_dict, "group", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP");
validate_opt ("wifi-eap", config_dict, "fragment_size", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER(mtu-14));
validate_opt ("wifi-eap", config_dict, "bgscan", NM_SUPPL_OPT_TYPE_BYTES, bgscan);
}
static void
@ -609,15 +609,15 @@ test_wifi_eap_fils_disabled (void)
g_test_assert_expected_messages ();
g_assert (config_dict);
validate_opt ("wifi-eap", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1));
validate_opt ("wifi-eap", config_dict, "ssid", TYPE_BYTES, ssid);
validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP WPA-EAP-SHA256");
validate_opt ("wifi-eap", config_dict, "eap", TYPE_KEYWORD, "TLS");
validate_opt ("wifi-eap", config_dict, "proto", TYPE_KEYWORD, "WPA RSN");
validate_opt ("wifi-eap", config_dict, "pairwise", TYPE_KEYWORD, "TKIP CCMP");
validate_opt ("wifi-eap", config_dict, "group", TYPE_KEYWORD, "TKIP CCMP");
validate_opt ("wifi-eap", config_dict, "fragment_size", TYPE_INT, GINT_TO_POINTER(mtu-14));
validate_opt ("wifi-eap", config_dict, "bgscan", TYPE_BYTES, bgscan);
validate_opt ("wifi-eap", config_dict, "scan_ssid", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER (1));
validate_opt ("wifi-eap", config_dict, "ssid", NM_SUPPL_OPT_TYPE_BYTES, ssid);
validate_opt ("wifi-eap", config_dict, "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, "WPA-EAP WPA-EAP-SHA256");
validate_opt ("wifi-eap", config_dict, "eap", NM_SUPPL_OPT_TYPE_KEYWORD, "TLS");
validate_opt ("wifi-eap", config_dict, "proto", NM_SUPPL_OPT_TYPE_KEYWORD, "WPA RSN");
validate_opt ("wifi-eap", config_dict, "pairwise", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP");
validate_opt ("wifi-eap", config_dict, "group", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP");
validate_opt ("wifi-eap", config_dict, "fragment_size", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER(mtu-14));
validate_opt ("wifi-eap", config_dict, "bgscan", NM_SUPPL_OPT_TYPE_BYTES, bgscan);
}
/*****************************************************************************/