From e7a74721bee592b212be6c858c2da99bd3d635f3 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 10 Jun 2020 10:24:42 +0200 Subject: [PATCH 1/8] supplicant: fix verification of key_mgmt config for FT-FILS-SHA{256,384} https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/468 Fixes: d17a0a090555 ('supplicant: allow fast transition for WPA-PSK and WPA-EAP') --- src/supplicant/nm-supplicant-settings-verify.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c index 58dbd73a16..b38f981fdf 100644 --- a/src/supplicant/nm-supplicant-settings-verify.c +++ b/src/supplicant/nm-supplicant-settings-verify.c @@ -55,6 +55,7 @@ static const char *const proto_allowed[] = { "WPA", "RSN", NULL }; static const char *const key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", "FT-PSK", "WPA-EAP", "WPA-EAP-SHA256", "FT-EAP", "FT-EAP-SHA384", "FILS-SHA256", "FILS-SHA384", + "FT-FILS-SHA256", "FT-FILS-SHA384", "IEEE8021X", "SAE", "FT-SAE", "OWE", "NONE", NULL }; static const char *const auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL }; From 03b3e0bfd6922c768587a87f573da74b5e2f5757 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 10 Jun 2020 10:35:11 +0200 Subject: [PATCH 2/8] supplicant: nicer align code in "nm-supplicant-settings-verify.c" Yes, fewer lines of code is often better, if that means the code itself is simpler. Code doesn't get simpler by cramping more in the same line. Have every value on a separate line. Also, vertically align the table. --- .../nm-supplicant-settings-verify.c | 225 +++++++++++------- 1 file changed, 140 insertions(+), 85 deletions(-) diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c index b38f981fdf..f4a9c5edf8 100644 --- a/src/supplicant/nm-supplicant-settings-verify.c +++ b/src/supplicant/nm-supplicant-settings-verify.c @@ -49,94 +49,149 @@ static const struct validate_entry validate_table[] = { { TYPE_KEYWORD, validate_type_keyword }, }; -static const char *const pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL }; -static const char *const group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL }; -static const char *const proto_allowed[] = { "WPA", "RSN", NULL }; -static const char *const key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", "FT-PSK", - "WPA-EAP", "WPA-EAP-SHA256", "FT-EAP", "FT-EAP-SHA384", - "FILS-SHA256", "FILS-SHA384", - "FT-FILS-SHA256", "FT-FILS-SHA384", - "IEEE8021X", "SAE", "FT-SAE", - "OWE", "NONE", NULL }; -static const char *const auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL }; -static const char *const eap_allowed[] = { "LEAP", "MD5", "TLS", "PEAP", "TTLS", "SIM", - "PSK", "FAST", "PWD", NULL }; +static const char *const pairwise_allowed[] = { "CCMP", + "TKIP", + "NONE", + NULL }; -static const char *const phase1_allowed[] = { "peapver=0", "peapver=1", "peaplabel=1", - "peap_outer_success=0", "include_tls_length=1", - "sim_min_num_chal=3", "fast_provisioning=0", - "fast_provisioning=1", "fast_provisioning=2", - "fast_provisioning=3", "tls_disable_tlsv1_0=0", - "tls_disable_tlsv1_0=1", "tls_disable_tlsv1_1=0", - "tls_disable_tlsv1_1=1", "tls_disable_tlsv1_2=0", - "tls_disable_tlsv1_2=1", NULL }; -static const char *const phase2_allowed[] = { "auth=PAP", "auth=CHAP", "auth=MSCHAP", - "auth=MSCHAPV2", "auth=GTC", "auth=OTP", - "auth=MD5", "auth=TLS", "autheap=MD5", - "autheap=MSCHAPV2", "autheap=OTP", - "autheap=GTC", "autheap=TLS", NULL }; +static const char *const group_allowed[] = { "CCMP", + "TKIP", + "WEP104", + "WEP40", + NULL }; + +static const char *const proto_allowed[] = { "WPA", + "RSN", + NULL }; + +static const char *const key_mgmt_allowed[] = { "WPA-PSK", + "WPA-PSK-SHA256", + "FT-PSK", + "WPA-EAP", + "WPA-EAP-SHA256", + "FT-EAP", + "FT-EAP-SHA384", + "FILS-SHA256", + "FILS-SHA384", + "FT-FILS-SHA256", + "FT-FILS-SHA384", + "IEEE8021X", + "SAE", + "FT-SAE", + "OWE", + "NONE", + NULL }; + +static const char *const auth_alg_allowed[] = { "OPEN", + "SHARED", + "LEAP", + NULL }; + +static const char *const eap_allowed[] = { "LEAP", + "MD5", + "TLS", + "PEAP", + "TTLS", + "SIM", + "PSK", + "FAST", + "PWD", + NULL }; + +static const char *const phase1_allowed[] = { "peapver=0", + "peapver=1", + "peaplabel=1", + "peap_outer_success=0", + "include_tls_length=1", + "sim_min_num_chal=3", + "fast_provisioning=0", + "fast_provisioning=1", + "fast_provisioning=2", + "fast_provisioning=3", + "tls_disable_tlsv1_0=0", + "tls_disable_tlsv1_0=1", + "tls_disable_tlsv1_1=0", + "tls_disable_tlsv1_1=1", + "tls_disable_tlsv1_2=0", + "tls_disable_tlsv1_2=1", + NULL }; + +static const char *const phase2_allowed[] = { "auth=PAP", + "auth=CHAP", + "auth=MSCHAP", + "auth=MSCHAPV2", + "auth=GTC", + "auth=OTP", + "auth=MD5", + "auth=TLS", + "autheap=MD5", + "autheap=MSCHAPV2", + "autheap=OTP", + "autheap=GTC", + "autheap=TLS", + NULL }; static const struct Opt opt_table[] = { - { "ssid", TYPE_BYTES, 0, 32,FALSE, NULL }, - { "bssid", TYPE_KEYWORD, 0, 0, FALSE, NULL }, - { "scan_ssid", TYPE_INT, 0, 1, FALSE, NULL }, - { "frequency", TYPE_INT, 2412, 5825, FALSE, NULL }, - { "auth_alg", TYPE_KEYWORD, 0, 0, FALSE, auth_alg_allowed }, - { "psk", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pairwise", TYPE_KEYWORD, 0, 0, FALSE, pairwise_allowed }, - { "group", TYPE_KEYWORD, 0, 0, FALSE, group_allowed }, - { "proto", TYPE_KEYWORD, 0, 0, FALSE, proto_allowed }, - { "key_mgmt", TYPE_KEYWORD, 0, 0, FALSE, key_mgmt_allowed }, - { "wep_key0", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "wep_key1", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "wep_key2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "wep_key3", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "wep_tx_keyidx", TYPE_INT, 0, 3, FALSE, NULL }, - { "eapol_flags", TYPE_INT, 0, 3, FALSE, NULL }, - { "eap", TYPE_KEYWORD, 0, 0, FALSE, eap_allowed }, - { "identity", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "password", TYPE_UTF8, 0, 0, FALSE, NULL }, - { "ca_path", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "subject_match", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "altsubject_match", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "domain_suffix_match",TYPE_BYTES, 0, 0, FALSE, NULL }, - { "domain_match", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "ca_cert", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "client_cert", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "private_key", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "private_key_passwd", TYPE_BYTES, 0, 1024, FALSE, NULL }, - { "phase1", TYPE_KEYWORD, 0, 0, TRUE, phase1_allowed }, - { "phase2", TYPE_KEYWORD, 0, 0, TRUE, phase2_allowed }, - { "anonymous_identity", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "ca_path2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "subject_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "altsubject_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "domain_suffix_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "domain_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "ca_cert2", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "client_cert2", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "private_key2", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "private_key2_passwd",TYPE_BYTES, 0, 1024, FALSE, NULL }, - { "pin", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pcsc", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "nai", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "eappsk", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pac_file", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "engine", TYPE_INT, 0, 1, FALSE, NULL }, - { "engine_id", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "key_id", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "fragment_size", TYPE_INT, 1, 2000, FALSE, NULL }, - { "proactive_key_caching", TYPE_INT, 0, 1, FALSE, NULL }, - { "bgscan", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pac_file", TYPE_BYTES, 0, 1024, FALSE, NULL }, - { "freq_list", TYPE_KEYWORD, 0, 0, FALSE, NULL }, - { "macsec_policy", TYPE_INT, 0, 1, FALSE, NULL }, - { "macsec_integ_only", TYPE_INT, 0, 1, FALSE, NULL }, - { "mka_cak", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "mka_ckn", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "macsec_port", TYPE_INT, 1, 65534, FALSE, NULL }, - { "ieee80211w", TYPE_INT, 0, 2, FALSE, NULL }, - { "ignore_broadcast_ssid", TYPE_INT, 0, 2, FALSE, NULL }, + { "ssid", TYPE_BYTES, 0, 32, FALSE, NULL }, + { "bssid", TYPE_KEYWORD, 0, 0, FALSE, NULL }, + { "scan_ssid", TYPE_INT, 0, 1, FALSE, NULL }, + { "frequency", TYPE_INT, 2412, 5825, FALSE, NULL }, + { "auth_alg", TYPE_KEYWORD, 0, 0, FALSE, auth_alg_allowed }, + { "psk", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "pairwise", TYPE_KEYWORD, 0, 0, FALSE, pairwise_allowed }, + { "group", TYPE_KEYWORD, 0, 0, FALSE, group_allowed }, + { "proto", TYPE_KEYWORD, 0, 0, FALSE, proto_allowed }, + { "key_mgmt", TYPE_KEYWORD, 0, 0, FALSE, key_mgmt_allowed }, + { "wep_key0", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "wep_key1", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "wep_key2", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "wep_key3", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "wep_tx_keyidx", TYPE_INT, 0, 3, FALSE, NULL }, + { "eapol_flags", TYPE_INT, 0, 3, FALSE, NULL }, + { "eap", TYPE_KEYWORD, 0, 0, FALSE, eap_allowed }, + { "identity", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "password", TYPE_UTF8, 0, 0, FALSE, NULL }, + { "ca_path", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "subject_match", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "altsubject_match", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "domain_suffix_match", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "domain_match", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "ca_cert", TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "client_cert", TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "private_key", TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "private_key_passwd", TYPE_BYTES, 0, 1024, FALSE, NULL }, + { "phase1", TYPE_KEYWORD, 0, 0, TRUE, phase1_allowed }, + { "phase2", TYPE_KEYWORD, 0, 0, TRUE, phase2_allowed }, + { "anonymous_identity", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "ca_path2", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "subject_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "altsubject_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "domain_suffix_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "domain_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "ca_cert2", TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "client_cert2", TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "private_key2", TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "private_key2_passwd", TYPE_BYTES, 0, 1024, FALSE, NULL }, + { "pin", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "pcsc", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "nai", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "eappsk", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "pac_file", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "engine", TYPE_INT, 0, 1, FALSE, NULL }, + { "engine_id", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "key_id", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "fragment_size", TYPE_INT, 1, 2000, FALSE, NULL }, + { "proactive_key_caching", TYPE_INT, 0, 1, FALSE, NULL }, + { "bgscan", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "pac_file", TYPE_BYTES, 0, 1024, FALSE, NULL }, + { "freq_list", TYPE_KEYWORD, 0, 0, FALSE, NULL }, + { "macsec_policy", TYPE_INT, 0, 1, FALSE, NULL }, + { "macsec_integ_only", TYPE_INT, 0, 1, FALSE, NULL }, + { "mka_cak", TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "mka_ckn", TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "macsec_port", TYPE_INT, 1, 65534, FALSE, NULL }, + { "ieee80211w", TYPE_INT, 0, 2, FALSE, NULL }, + { "ignore_broadcast_ssid", TYPE_INT, 0, 2, FALSE, NULL }, }; static gboolean From f2f82c13b524d3e9a24d06db9c8f38134514639b Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 10 Jun 2020 11:37:22 +0200 Subject: [PATCH 3/8] supplicant: move strv lists into option meta data Have the string list definition closer to the option where it is used. --- .../nm-supplicant-settings-verify.c | 172 +++++++++--------- 1 file changed, 82 insertions(+), 90 deletions(-) diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c index f4a9c5edf8..9a0b4dcc9d 100644 --- a/src/supplicant/nm-supplicant-settings-verify.c +++ b/src/supplicant/nm-supplicant-settings-verify.c @@ -49,106 +49,67 @@ static const struct validate_entry validate_table[] = { { TYPE_KEYWORD, validate_type_keyword }, }; -static const char *const pairwise_allowed[] = { "CCMP", - "TKIP", - "NONE", - NULL }; - -static const char *const group_allowed[] = { "CCMP", - "TKIP", - "WEP104", - "WEP40", - NULL }; - -static const char *const proto_allowed[] = { "WPA", - "RSN", - NULL }; - -static const char *const key_mgmt_allowed[] = { "WPA-PSK", - "WPA-PSK-SHA256", - "FT-PSK", - "WPA-EAP", - "WPA-EAP-SHA256", - "FT-EAP", - "FT-EAP-SHA384", - "FILS-SHA256", - "FILS-SHA384", - "FT-FILS-SHA256", - "FT-FILS-SHA384", - "IEEE8021X", - "SAE", - "FT-SAE", - "OWE", - "NONE", - NULL }; - -static const char *const auth_alg_allowed[] = { "OPEN", - "SHARED", - "LEAP", - NULL }; - -static const char *const eap_allowed[] = { "LEAP", - "MD5", - "TLS", - "PEAP", - "TTLS", - "SIM", - "PSK", - "FAST", - "PWD", - NULL }; - -static const char *const phase1_allowed[] = { "peapver=0", - "peapver=1", - "peaplabel=1", - "peap_outer_success=0", - "include_tls_length=1", - "sim_min_num_chal=3", - "fast_provisioning=0", - "fast_provisioning=1", - "fast_provisioning=2", - "fast_provisioning=3", - "tls_disable_tlsv1_0=0", - "tls_disable_tlsv1_0=1", - "tls_disable_tlsv1_1=0", - "tls_disable_tlsv1_1=1", - "tls_disable_tlsv1_2=0", - "tls_disable_tlsv1_2=1", - NULL }; - -static const char *const phase2_allowed[] = { "auth=PAP", - "auth=CHAP", - "auth=MSCHAP", - "auth=MSCHAPV2", - "auth=GTC", - "auth=OTP", - "auth=MD5", - "auth=TLS", - "autheap=MD5", - "autheap=MSCHAPV2", - "autheap=OTP", - "autheap=GTC", - "autheap=TLS", - NULL }; - static const struct Opt opt_table[] = { { "ssid", TYPE_BYTES, 0, 32, FALSE, NULL }, { "bssid", TYPE_KEYWORD, 0, 0, FALSE, NULL }, { "scan_ssid", TYPE_INT, 0, 1, FALSE, NULL }, { "frequency", TYPE_INT, 2412, 5825, FALSE, NULL }, - { "auth_alg", TYPE_KEYWORD, 0, 0, FALSE, auth_alg_allowed }, + { "auth_alg", TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( + "OPEN", + "SHARED", + "LEAP", + ) }, { "psk", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pairwise", TYPE_KEYWORD, 0, 0, FALSE, pairwise_allowed }, - { "group", TYPE_KEYWORD, 0, 0, FALSE, group_allowed }, - { "proto", TYPE_KEYWORD, 0, 0, FALSE, proto_allowed }, - { "key_mgmt", TYPE_KEYWORD, 0, 0, FALSE, key_mgmt_allowed }, + { "pairwise", TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( + "CCMP", + "TKIP", + "NONE", + ) }, + { "group", TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( + "CCMP", + "TKIP", + "WEP104", + "WEP40", + ) }, + { "proto", TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( + "WPA", + "RSN", + ) }, + { "key_mgmt", TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( + "WPA-PSK", + "WPA-PSK-SHA256", + "FT-PSK", + "WPA-EAP", + "WPA-EAP-SHA256", + "FT-EAP", + "FT-EAP-SHA384", + "FILS-SHA256", + "FILS-SHA384", + "FT-FILS-SHA256", + "FT-FILS-SHA384", + "IEEE8021X", + "SAE", + "FT-SAE", + "OWE", + "NONE", + ) }, { "wep_key0", TYPE_BYTES, 0, 0, FALSE, NULL }, { "wep_key1", TYPE_BYTES, 0, 0, FALSE, NULL }, { "wep_key2", TYPE_BYTES, 0, 0, FALSE, NULL }, { "wep_key3", TYPE_BYTES, 0, 0, FALSE, NULL }, { "wep_tx_keyidx", TYPE_INT, 0, 3, FALSE, NULL }, { "eapol_flags", TYPE_INT, 0, 3, FALSE, NULL }, - { "eap", TYPE_KEYWORD, 0, 0, FALSE, eap_allowed }, + { "eap", TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( + "LEAP", + "MD5", + "TLS", + "PEAP", + "TTLS", + "SIM", + "PSK", + "FAST", + "PWD", + ) }, { "identity", TYPE_BYTES, 0, 0, FALSE, NULL }, { "password", TYPE_UTF8, 0, 0, FALSE, NULL }, { "ca_path", TYPE_BYTES, 0, 0, FALSE, NULL }, @@ -160,8 +121,39 @@ static const struct Opt opt_table[] = { { "client_cert", TYPE_BYTES, 0, 65536, FALSE, NULL }, { "private_key", TYPE_BYTES, 0, 65536, FALSE, NULL }, { "private_key_passwd", TYPE_BYTES, 0, 1024, FALSE, NULL }, - { "phase1", TYPE_KEYWORD, 0, 0, TRUE, phase1_allowed }, - { "phase2", TYPE_KEYWORD, 0, 0, TRUE, phase2_allowed }, + { "phase1", TYPE_KEYWORD, 0, 0, TRUE, NM_MAKE_STRV ( + "peapver=0", + "peapver=1", + "peaplabel=1", + "peap_outer_success=0", + "include_tls_length=1", + "sim_min_num_chal=3", + "fast_provisioning=0", + "fast_provisioning=1", + "fast_provisioning=2", + "fast_provisioning=3", + "tls_disable_tlsv1_0=0", + "tls_disable_tlsv1_0=1", + "tls_disable_tlsv1_1=0", + "tls_disable_tlsv1_1=1", + "tls_disable_tlsv1_2=0", + "tls_disable_tlsv1_2=1", + ) }, + { "phase2", TYPE_KEYWORD, 0, 0, TRUE, NM_MAKE_STRV ( + "auth=PAP", + "auth=CHAP", + "auth=MSCHAP", + "auth=MSCHAPV2", + "auth=GTC", + "auth=OTP", + "auth=MD5", + "auth=TLS", + "autheap=MD5", + "autheap=MSCHAPV2", + "autheap=OTP", + "autheap=GTC", + "autheap=TLS", + ) }, { "anonymous_identity", TYPE_BYTES, 0, 0, FALSE, NULL }, { "ca_path2", TYPE_BYTES, 0, 0, FALSE, NULL }, { "subject_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, From 97f5c684dcba68e940c9916607cff6a0d2590472 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 10 Jun 2020 11:46:11 +0200 Subject: [PATCH 4/8] supplicant: rename OptType enum to have "NM" prefix Names in header files should have a "NM" prefix. Rename. --- src/supplicant/nm-supplicant-config.c | 32 +- .../nm-supplicant-settings-verify.c | 298 +++++++++--------- .../nm-supplicant-settings-verify.h | 20 +- src/supplicant/tests/test-supplicant-config.c | 130 ++++---- 4 files changed, 240 insertions(+), 240 deletions(-) diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 53b6d360f2..058792d026 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -22,7 +22,7 @@ typedef struct { char *value; guint32 len; - OptType type; + NMSupplOptType type; } ConfigOption; /*****************************************************************************/ @@ -97,14 +97,14 @@ nm_supplicant_config_add_option_with_type (NMSupplicantConfig *self, const char *key, const char *value, gint32 len, - OptType opt_type, + NMSupplOptType opt_type, const char *hidden, GError **error) { NMSupplicantConfigPrivate *priv; ConfigOption *old_opt; ConfigOption *opt; - OptType type; + NMSupplOptType type; g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE); g_return_val_if_fail (key != NULL, FALSE); @@ -116,11 +116,11 @@ nm_supplicant_config_add_option_with_type (NMSupplicantConfig *self, if (len < 0) len = strlen (value); - if (opt_type != TYPE_INVALID) + if (opt_type != NM_SUPPL_OPT_TYPE_INVALID) type = opt_type; else { type = nm_supplicant_settings_verify_setting (key, value, len); - if (type == TYPE_INVALID) { + if (type == NM_SUPPL_OPT_TYPE_INVALID) { gs_free char *str_free = NULL; const char *str; @@ -171,7 +171,7 @@ nm_supplicant_config_add_option (NMSupplicantConfig *self, const char *hidden, GError **error) { - return nm_supplicant_config_add_option_with_type (self, key, value, len, TYPE_INVALID, hidden, error); + return nm_supplicant_config_add_option_with_type (self, key, value, len, NM_SUPPL_OPT_TYPE_INVALID, hidden, error); } static gboolean @@ -184,7 +184,7 @@ nm_supplicant_config_add_blob (NMSupplicantConfig *self, NMSupplicantConfigPrivate *priv; ConfigOption *old_opt; ConfigOption *opt; - OptType type; + NMSupplOptType type; const guint8 *data; gsize data_len; @@ -199,7 +199,7 @@ nm_supplicant_config_add_blob (NMSupplicantConfig *self, priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); type = nm_supplicant_settings_verify_setting (key, (const char *) data, data_len); - if (type == TYPE_INVALID) { + if (type == NM_SUPPL_OPT_TYPE_INVALID) { g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, "key '%s' and/or its contained value is invalid", key); return FALSE; @@ -307,18 +307,18 @@ nm_supplicant_config_to_variant (NMSupplicantConfig *self) g_hash_table_iter_init (&iter, priv->config); while (g_hash_table_iter_next (&iter, (gpointer) &key, (gpointer) &option)) { switch (option->type) { - case TYPE_INT: + case NM_SUPPL_OPT_TYPE_INT: g_variant_builder_add (&builder, "{sv}", key, g_variant_new_int32 (atoi (option->value))); break; - case TYPE_BYTES: - case TYPE_UTF8: + case NM_SUPPL_OPT_TYPE_BYTES: + case NM_SUPPL_OPT_TYPE_UTF8: g_variant_builder_add (&builder, "{sv}", key, g_variant_new_fixed_array (G_VARIANT_TYPE_BYTE, option->value, option->len, 1)); break; - case TYPE_KEYWORD: - case TYPE_STRING: + case NM_SUPPL_OPT_TYPE_KEYWORD: + case NM_SUPPL_OPT_TYPE_STRING: g_variant_builder_add (&builder, "{sv}", key, g_variant_new_string (option->value)); break; default: @@ -831,18 +831,18 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, if (psk_len >= 8 && psk_len <= 63) { - /* Use TYPE_STRING here so that it gets pushed to the + /* Use NM_SUPPL_OPT_TYPE_STRING here so that it gets pushed to the * supplicant as a string, and therefore gets quoted, * and therefore the supplicant will interpret it as a * passphrase and not a hex key. */ - if (!nm_supplicant_config_add_option_with_type (self, "psk", psk, -1, TYPE_STRING, "", error)) + if (!nm_supplicant_config_add_option_with_type (self, "psk", psk, -1, NM_SUPPL_OPT_TYPE_STRING, "", error)) return FALSE; } else if (nm_streq (key_mgmt, "sae")) { /* If the SAE password doesn't comply with WPA-PSK limitation, * we need to call it "sae_password" instead of "psk". */ - if (!nm_supplicant_config_add_option_with_type (self, "sae_password", psk, -1, TYPE_STRING, "", error)) + if (!nm_supplicant_config_add_option_with_type (self, "sae_password", psk, -1, NM_SUPPL_OPT_TYPE_STRING, "", error)) return FALSE; } else if (psk_len == 64) { guint8 buffer[32]; diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c index 9a0b4dcc9d..75781234e0 100644 --- a/src/supplicant/nm-supplicant-settings-verify.c +++ b/src/supplicant/nm-supplicant-settings-verify.c @@ -11,11 +11,11 @@ #include struct Opt { - const char * key; - const OptType type; - const gint32 int_low; /* Inclusive */ - const gint32 int_high; /* Inclusive; max length for strings */ - const gboolean str_allowed_multiple; + const char *key; + const NMSupplOptType type; + const gint32 int_low; /* Inclusive */ + const gint32 int_high; /* Inclusive; max length for strings */ + const gboolean str_allowed_multiple; const char *const*str_allowed; }; @@ -38,152 +38,152 @@ static gboolean validate_type_keyword (const struct Opt * opt, typedef gboolean (*validate_func)(const struct Opt *, const char *, const guint32); struct validate_entry { - const OptType type; + const NMSupplOptType type; const validate_func func; }; static const struct validate_entry validate_table[] = { - { TYPE_INT, validate_type_int }, - { TYPE_BYTES, validate_type_bytes }, - { TYPE_UTF8, validate_type_utf8 }, - { TYPE_KEYWORD, validate_type_keyword }, + { NM_SUPPL_OPT_TYPE_INT, validate_type_int }, + { NM_SUPPL_OPT_TYPE_BYTES, validate_type_bytes }, + { NM_SUPPL_OPT_TYPE_UTF8, validate_type_utf8 }, + { NM_SUPPL_OPT_TYPE_KEYWORD, validate_type_keyword }, }; static const struct Opt opt_table[] = { - { "ssid", TYPE_BYTES, 0, 32, FALSE, NULL }, - { "bssid", TYPE_KEYWORD, 0, 0, FALSE, NULL }, - { "scan_ssid", TYPE_INT, 0, 1, FALSE, NULL }, - { "frequency", TYPE_INT, 2412, 5825, FALSE, NULL }, - { "auth_alg", TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( - "OPEN", - "SHARED", - "LEAP", - ) }, - { "psk", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pairwise", TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( - "CCMP", - "TKIP", - "NONE", - ) }, - { "group", TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( - "CCMP", - "TKIP", - "WEP104", - "WEP40", - ) }, - { "proto", TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( - "WPA", - "RSN", - ) }, - { "key_mgmt", TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( - "WPA-PSK", - "WPA-PSK-SHA256", - "FT-PSK", - "WPA-EAP", - "WPA-EAP-SHA256", - "FT-EAP", - "FT-EAP-SHA384", - "FILS-SHA256", - "FILS-SHA384", - "FT-FILS-SHA256", - "FT-FILS-SHA384", - "IEEE8021X", - "SAE", - "FT-SAE", - "OWE", - "NONE", - ) }, - { "wep_key0", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "wep_key1", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "wep_key2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "wep_key3", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "wep_tx_keyidx", TYPE_INT, 0, 3, FALSE, NULL }, - { "eapol_flags", TYPE_INT, 0, 3, FALSE, NULL }, - { "eap", TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( - "LEAP", - "MD5", - "TLS", - "PEAP", - "TTLS", - "SIM", - "PSK", - "FAST", - "PWD", - ) }, - { "identity", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "password", TYPE_UTF8, 0, 0, FALSE, NULL }, - { "ca_path", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "subject_match", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "altsubject_match", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "domain_suffix_match", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "domain_match", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "ca_cert", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "client_cert", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "private_key", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "private_key_passwd", TYPE_BYTES, 0, 1024, FALSE, NULL }, - { "phase1", TYPE_KEYWORD, 0, 0, TRUE, NM_MAKE_STRV ( - "peapver=0", - "peapver=1", - "peaplabel=1", - "peap_outer_success=0", - "include_tls_length=1", - "sim_min_num_chal=3", - "fast_provisioning=0", - "fast_provisioning=1", - "fast_provisioning=2", - "fast_provisioning=3", - "tls_disable_tlsv1_0=0", - "tls_disable_tlsv1_0=1", - "tls_disable_tlsv1_1=0", - "tls_disable_tlsv1_1=1", - "tls_disable_tlsv1_2=0", - "tls_disable_tlsv1_2=1", - ) }, - { "phase2", TYPE_KEYWORD, 0, 0, TRUE, NM_MAKE_STRV ( - "auth=PAP", - "auth=CHAP", - "auth=MSCHAP", - "auth=MSCHAPV2", - "auth=GTC", - "auth=OTP", - "auth=MD5", - "auth=TLS", - "autheap=MD5", - "autheap=MSCHAPV2", - "autheap=OTP", - "autheap=GTC", - "autheap=TLS", - ) }, - { "anonymous_identity", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "ca_path2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "subject_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "altsubject_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "domain_suffix_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "domain_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "ca_cert2", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "client_cert2", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "private_key2", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "private_key2_passwd", TYPE_BYTES, 0, 1024, FALSE, NULL }, - { "pin", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pcsc", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "nai", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "eappsk", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pac_file", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "engine", TYPE_INT, 0, 1, FALSE, NULL }, - { "engine_id", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "key_id", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "fragment_size", TYPE_INT, 1, 2000, FALSE, NULL }, - { "proactive_key_caching", TYPE_INT, 0, 1, FALSE, NULL }, - { "bgscan", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pac_file", TYPE_BYTES, 0, 1024, FALSE, NULL }, - { "freq_list", TYPE_KEYWORD, 0, 0, FALSE, NULL }, - { "macsec_policy", TYPE_INT, 0, 1, FALSE, NULL }, - { "macsec_integ_only", TYPE_INT, 0, 1, FALSE, NULL }, - { "mka_cak", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "mka_ckn", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "macsec_port", TYPE_INT, 1, 65534, FALSE, NULL }, - { "ieee80211w", TYPE_INT, 0, 2, FALSE, NULL }, - { "ignore_broadcast_ssid", TYPE_INT, 0, 2, FALSE, NULL }, + { "ssid", NM_SUPPL_OPT_TYPE_BYTES, 0, 32, FALSE, NULL }, + { "bssid", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NULL }, + { "scan_ssid", NM_SUPPL_OPT_TYPE_INT, 0, 1, FALSE, NULL }, + { "frequency", NM_SUPPL_OPT_TYPE_INT, 2412, 5825, FALSE, NULL }, + { "auth_alg", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( + "OPEN", + "SHARED", + "LEAP", + ) }, + { "psk", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "pairwise", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( + "CCMP", + "TKIP", + "NONE", + ) }, + { "group", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( + "CCMP", + "TKIP", + "WEP104", + "WEP40", + ) }, + { "proto", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( + "WPA", + "RSN", + ) }, + { "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( + "WPA-PSK", + "WPA-PSK-SHA256", + "FT-PSK", + "WPA-EAP", + "WPA-EAP-SHA256", + "FT-EAP", + "FT-EAP-SHA384", + "FILS-SHA256", + "FILS-SHA384", + "FT-FILS-SHA256", + "FT-FILS-SHA384", + "IEEE8021X", + "SAE", + "FT-SAE", + "OWE", + "NONE", + ) }, + { "wep_key0", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "wep_key1", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "wep_key2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "wep_key3", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "wep_tx_keyidx", NM_SUPPL_OPT_TYPE_INT, 0, 3, FALSE, NULL }, + { "eapol_flags", NM_SUPPL_OPT_TYPE_INT, 0, 3, FALSE, NULL }, + { "eap", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( + "LEAP", + "MD5", + "TLS", + "PEAP", + "TTLS", + "SIM", + "PSK", + "FAST", + "PWD", + ) }, + { "identity", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "password", NM_SUPPL_OPT_TYPE_UTF8, 0, 0, FALSE, NULL }, + { "ca_path", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "subject_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "altsubject_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "domain_suffix_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "domain_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "ca_cert", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "client_cert", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "private_key", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "private_key_passwd", NM_SUPPL_OPT_TYPE_BYTES, 0, 1024, FALSE, NULL }, + { "phase1", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, TRUE, NM_MAKE_STRV ( + "peapver=0", + "peapver=1", + "peaplabel=1", + "peap_outer_success=0", + "include_tls_length=1", + "sim_min_num_chal=3", + "fast_provisioning=0", + "fast_provisioning=1", + "fast_provisioning=2", + "fast_provisioning=3", + "tls_disable_tlsv1_0=0", + "tls_disable_tlsv1_0=1", + "tls_disable_tlsv1_1=0", + "tls_disable_tlsv1_1=1", + "tls_disable_tlsv1_2=0", + "tls_disable_tlsv1_2=1", + ) }, + { "phase2", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, TRUE, NM_MAKE_STRV ( + "auth=PAP", + "auth=CHAP", + "auth=MSCHAP", + "auth=MSCHAPV2", + "auth=GTC", + "auth=OTP", + "auth=MD5", + "auth=TLS", + "autheap=MD5", + "autheap=MSCHAPV2", + "autheap=OTP", + "autheap=GTC", + "autheap=TLS", + ) }, + { "anonymous_identity", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "ca_path2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "subject_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "altsubject_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "domain_suffix_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "domain_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "ca_cert2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "client_cert2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "private_key2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "private_key2_passwd", NM_SUPPL_OPT_TYPE_BYTES, 0, 1024, FALSE, NULL }, + { "pin", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "pcsc", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "nai", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "eappsk", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "pac_file", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "engine", NM_SUPPL_OPT_TYPE_INT, 0, 1, FALSE, NULL }, + { "engine_id", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "key_id", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "fragment_size", NM_SUPPL_OPT_TYPE_INT, 1, 2000, FALSE, NULL }, + { "proactive_key_caching", NM_SUPPL_OPT_TYPE_INT, 0, 1, FALSE, NULL }, + { "bgscan", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, + { "pac_file", NM_SUPPL_OPT_TYPE_BYTES, 0, 1024, FALSE, NULL }, + { "freq_list", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NULL }, + { "macsec_policy", NM_SUPPL_OPT_TYPE_INT, 0, 1, FALSE, NULL }, + { "macsec_integ_only", NM_SUPPL_OPT_TYPE_INT, 0, 1, FALSE, NULL }, + { "mka_cak", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "mka_ckn", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "macsec_port", NM_SUPPL_OPT_TYPE_INT, 1, 65534, FALSE, NULL }, + { "ieee80211w", NM_SUPPL_OPT_TYPE_INT, 0, 2, FALSE, NULL }, + { "ignore_broadcast_ssid", NM_SUPPL_OPT_TYPE_INT, 0, 2, FALSE, NULL }, }; static gboolean @@ -280,12 +280,12 @@ validate_type_keyword (const struct Opt * opt, } } -OptType +NMSupplOptType nm_supplicant_settings_verify_setting (const char * key, const char * value, const guint32 len) { - OptType type = TYPE_INVALID; + NMSupplOptType type = NM_SUPPL_OPT_TYPE_INVALID; int opt_count = sizeof (opt_table) / sizeof (opt_table[0]); int val_count = sizeof (validate_table) / sizeof (validate_table[0]); int i, j; @@ -295,10 +295,10 @@ nm_supplicant_settings_verify_setting (const char * key, if (strcmp (key, "mode") == 0) { if (len != 1) - return TYPE_INVALID; + return NM_SUPPL_OPT_TYPE_INVALID; if (!NM_IN_SET (value[0], '1', '2', '5')) - return TYPE_INVALID; - return TYPE_INT; + return NM_SUPPL_OPT_TYPE_INVALID; + return NM_SUPPL_OPT_TYPE_INT; } for (i = 0; i < opt_count; i++) { diff --git a/src/supplicant/nm-supplicant-settings-verify.h b/src/supplicant/nm-supplicant-settings-verify.h index fe1480ccde..3059b89c3a 100644 --- a/src/supplicant/nm-supplicant-settings-verify.h +++ b/src/supplicant/nm-supplicant-settings-verify.h @@ -7,16 +7,16 @@ #define __NETWORKMANAGER_SUPPLICANT_SETTINGS_VERIFY_H__ typedef enum { - TYPE_INVALID = 0, - TYPE_INT, - TYPE_BYTES, - TYPE_UTF8, - TYPE_KEYWORD, - TYPE_STRING -} OptType; + NM_SUPPL_OPT_TYPE_INVALID = 0, + NM_SUPPL_OPT_TYPE_INT, + NM_SUPPL_OPT_TYPE_BYTES, + NM_SUPPL_OPT_TYPE_UTF8, + NM_SUPPL_OPT_TYPE_KEYWORD, + NM_SUPPL_OPT_TYPE_STRING +} NMSupplOptType; -OptType nm_supplicant_settings_verify_setting (const char * key, - const char * value, - const guint32 len); +NMSupplOptType nm_supplicant_settings_verify_setting (const char *key, + const char *value, + const guint32 len); #endif /* __NETWORKMANAGER_SUPPLICANT_SETTINGS_VERIFY_H__ */ diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c index f9c71f1251..099af949f7 100644 --- a/src/supplicant/tests/test-supplicant-config.c +++ b/src/supplicant/tests/test-supplicant-config.c @@ -29,7 +29,7 @@ static gboolean validate_opt (const char *detail, GVariant *config, const char *key, - OptType val_type, + NMSupplOptType val_type, gconstpointer expected) { char *config_key; @@ -44,12 +44,12 @@ validate_opt (const char *detail, if (!strcmp (key, config_key)) { found = TRUE; switch (val_type) { - case TYPE_INT: { + case NM_SUPPL_OPT_TYPE_INT: { g_assert (g_variant_is_of_type (config_value, G_VARIANT_TYPE_INT32)); g_assert_cmpint (g_variant_get_int32 (config_value), ==, GPOINTER_TO_INT (expected)); break; } - case TYPE_BYTES: { + case NM_SUPPL_OPT_TYPE_BYTES: { const guint8 *expected_bytes; gsize expected_len = 0; const guint8 *config_bytes; @@ -61,8 +61,8 @@ validate_opt (const char *detail, g_assert_cmpmem (config_bytes, config_len, expected_bytes, expected_len); break; } - case TYPE_KEYWORD: - case TYPE_STRING: { + case NM_SUPPL_OPT_TYPE_KEYWORD: + case NM_SUPPL_OPT_TYPE_STRING: { const char *expected_str = expected; const char *config_str; @@ -198,10 +198,10 @@ test_wifi_open (void) g_test_assert_expected_messages (); g_assert (config_dict); - validate_opt ("wifi-open", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1)); - validate_opt ("wifi-open", config_dict, "ssid", TYPE_BYTES, ssid); - validate_opt ("wifi-open", config_dict, "bssid", TYPE_KEYWORD, bssid_str); - validate_opt ("wifi-open", config_dict, "key_mgmt", TYPE_KEYWORD, "NONE"); + validate_opt ("wifi-open", config_dict, "scan_ssid", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER (1)); + validate_opt ("wifi-open", config_dict, "ssid", NM_SUPPL_OPT_TYPE_BYTES, ssid); + validate_opt ("wifi-open", config_dict, "bssid", NM_SUPPL_OPT_TYPE_KEYWORD, bssid_str); + validate_opt ("wifi-open", config_dict, "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, "NONE"); } static void @@ -255,16 +255,16 @@ test_wifi_wep_key (const char *detail, g_test_assert_expected_messages (); g_assert (config_dict); - validate_opt (detail, config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1)); - validate_opt (detail, config_dict, "ssid", TYPE_BYTES, ssid); + validate_opt (detail, config_dict, "scan_ssid", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER (1)); + validate_opt (detail, config_dict, "ssid", NM_SUPPL_OPT_TYPE_BYTES, ssid); if (test_bssid) - validate_opt (detail, config_dict, "bssid", TYPE_KEYWORD, bssid_str); + validate_opt (detail, config_dict, "bssid", NM_SUPPL_OPT_TYPE_KEYWORD, bssid_str); else - validate_opt (detail, config_dict, "bgscan", TYPE_BYTES, bgscan); + validate_opt (detail, config_dict, "bgscan", NM_SUPPL_OPT_TYPE_BYTES, bgscan); - validate_opt (detail, config_dict, "key_mgmt", TYPE_KEYWORD, "NONE"); - validate_opt (detail, config_dict, "wep_tx_keyidx", TYPE_INT, GINT_TO_POINTER (0)); - validate_opt (detail, config_dict, "wep_key0", TYPE_BYTES, wep_key_bytes); + validate_opt (detail, config_dict, "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, "NONE"); + validate_opt (detail, config_dict, "wep_tx_keyidx", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER (0)); + validate_opt (detail, config_dict, "wep_key0", NM_SUPPL_OPT_TYPE_BYTES, wep_key_bytes); } static void @@ -295,7 +295,7 @@ test_wifi_wep (void) static void test_wifi_wpa_psk (const char *detail, - OptType key_type, + NMSupplOptType key_type, const char *key_data, const unsigned char *expected, size_t expected_size, @@ -356,16 +356,16 @@ test_wifi_wpa_psk (const char *detail, g_test_assert_expected_messages (); g_assert (config_dict); - validate_opt (detail, config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1)); - validate_opt (detail, config_dict, "ssid", TYPE_BYTES, ssid); - validate_opt (detail, config_dict, "bssid", TYPE_KEYWORD, bssid_str); - validate_opt (detail, config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-PSK WPA-PSK-SHA256"); - validate_opt (detail, config_dict, "proto", TYPE_KEYWORD, "WPA RSN"); - validate_opt (detail, config_dict, "pairwise", TYPE_KEYWORD, "TKIP CCMP"); - validate_opt (detail, config_dict, "group", TYPE_KEYWORD, "TKIP CCMP"); - if (key_type == TYPE_BYTES) + validate_opt (detail, config_dict, "scan_ssid", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER (1)); + validate_opt (detail, config_dict, "ssid", NM_SUPPL_OPT_TYPE_BYTES, ssid); + validate_opt (detail, config_dict, "bssid", NM_SUPPL_OPT_TYPE_KEYWORD, bssid_str); + validate_opt (detail, config_dict, "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, "WPA-PSK WPA-PSK-SHA256"); + validate_opt (detail, config_dict, "proto", NM_SUPPL_OPT_TYPE_KEYWORD, "WPA RSN"); + validate_opt (detail, config_dict, "pairwise", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP"); + validate_opt (detail, config_dict, "group", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP"); + if (key_type == NM_SUPPL_OPT_TYPE_BYTES) validate_opt (detail, config_dict, "psk", key_type, wpa_psk_bytes); - else if (key_type == TYPE_STRING) + else if (key_type == NM_SUPPL_OPT_TYPE_STRING) validate_opt (detail, config_dict, "psk", key_type, expected); else g_assert_not_reached (); @@ -420,17 +420,17 @@ test_wifi_sae_psk (const char *psk) g_test_assert_expected_messages (); g_assert (config_dict); - validate_opt ("wifi-sae", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1)); - validate_opt ("wifi-sae", config_dict, "ssid", TYPE_BYTES, ssid); - validate_opt ("wifi-sae", config_dict, "bssid", TYPE_KEYWORD, bssid_str); - validate_opt ("wifi-sae", config_dict, "key_mgmt", TYPE_KEYWORD, "SAE"); - validate_opt ("wifi-sae", config_dict, "proto", TYPE_KEYWORD, "RSN"); - validate_opt ("wifi-sae", config_dict, "pairwise", TYPE_KEYWORD, "TKIP CCMP"); - validate_opt ("wifi-sae", config_dict, "group", TYPE_KEYWORD, "TKIP CCMP"); + validate_opt ("wifi-sae", config_dict, "scan_ssid", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER (1)); + validate_opt ("wifi-sae", config_dict, "ssid", NM_SUPPL_OPT_TYPE_BYTES, ssid); + validate_opt ("wifi-sae", config_dict, "bssid", NM_SUPPL_OPT_TYPE_KEYWORD, bssid_str); + validate_opt ("wifi-sae", config_dict, "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, "SAE"); + validate_opt ("wifi-sae", config_dict, "proto", NM_SUPPL_OPT_TYPE_KEYWORD, "RSN"); + validate_opt ("wifi-sae", config_dict, "pairwise", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP"); + validate_opt ("wifi-sae", config_dict, "group", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP"); if (short_psk) - validate_opt ("wifi-sae", config_dict, "sae_password", TYPE_KEYWORD, psk); + validate_opt ("wifi-sae", config_dict, "sae_password", NM_SUPPL_OPT_TYPE_KEYWORD, psk); else - validate_opt ("wifi-sae", config_dict, "psk", TYPE_KEYWORD, psk); + validate_opt ("wifi-sae", config_dict, "psk", NM_SUPPL_OPT_TYPE_KEYWORD, psk); } static void @@ -450,11 +450,11 @@ test_wifi_wpa_psk_types (void) 0x6c, 0x2f, 0x11, 0x60, 0x5a, 0x16, 0x08, 0x93 }; const char *key2 = "r34lly l33t wp4 p4ssphr4s3 for t3st1ng"; - test_wifi_wpa_psk ("wifi-wpa-psk-hex", TYPE_BYTES, key1, key1_expected, + test_wifi_wpa_psk ("wifi-wpa-psk-hex", NM_SUPPL_OPT_TYPE_BYTES, key1, key1_expected, sizeof (key1_expected), NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL); - test_wifi_wpa_psk ("wifi-wep-psk-passphrase", TYPE_STRING, key2, + test_wifi_wpa_psk ("wifi-wep-psk-passphrase", NM_SUPPL_OPT_TYPE_STRING, key2, (gconstpointer) key2, strlen (key2), NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED); - test_wifi_wpa_psk ("pmf-disabled", TYPE_STRING, key2, + test_wifi_wpa_psk ("pmf-disabled", NM_SUPPL_OPT_TYPE_STRING, key2, (gconstpointer) key2, strlen (key2), NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE); } @@ -527,15 +527,15 @@ test_wifi_eap_locked_bssid (void) g_test_assert_expected_messages (); g_assert (config_dict); - validate_opt ("wifi-eap", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1)); - validate_opt ("wifi-eap", config_dict, "ssid", TYPE_BYTES, ssid); - validate_opt ("wifi-eap", config_dict, "bssid", TYPE_KEYWORD, bssid_str); - validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP"); - validate_opt ("wifi-eap", config_dict, "eap", TYPE_KEYWORD, "TLS"); - validate_opt ("wifi-eap", config_dict, "proto", TYPE_KEYWORD, "WPA RSN"); - validate_opt ("wifi-eap", config_dict, "pairwise", TYPE_KEYWORD, "TKIP CCMP"); - validate_opt ("wifi-eap", config_dict, "group", TYPE_KEYWORD, "TKIP CCMP"); - validate_opt ("wifi-eap", config_dict, "fragment_size", TYPE_INT, GINT_TO_POINTER(mtu-14)); + validate_opt ("wifi-eap", config_dict, "scan_ssid", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER (1)); + validate_opt ("wifi-eap", config_dict, "ssid", NM_SUPPL_OPT_TYPE_BYTES, ssid); + validate_opt ("wifi-eap", config_dict, "bssid", NM_SUPPL_OPT_TYPE_KEYWORD, bssid_str); + validate_opt ("wifi-eap", config_dict, "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, "WPA-EAP"); + validate_opt ("wifi-eap", config_dict, "eap", NM_SUPPL_OPT_TYPE_KEYWORD, "TLS"); + validate_opt ("wifi-eap", config_dict, "proto", NM_SUPPL_OPT_TYPE_KEYWORD, "WPA RSN"); + validate_opt ("wifi-eap", config_dict, "pairwise", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP"); + validate_opt ("wifi-eap", config_dict, "group", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP"); + validate_opt ("wifi-eap", config_dict, "fragment_size", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER(mtu-14)); } static void @@ -568,15 +568,15 @@ test_wifi_eap_unlocked_bssid (void) g_test_assert_expected_messages (); g_assert (config_dict); - validate_opt ("wifi-eap", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1)); - validate_opt ("wifi-eap", config_dict, "ssid", TYPE_BYTES, ssid); - validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "FILS-SHA256 FILS-SHA384"); - validate_opt ("wifi-eap", config_dict, "eap", TYPE_KEYWORD, "TLS"); - validate_opt ("wifi-eap", config_dict, "proto", TYPE_KEYWORD, "WPA RSN"); - validate_opt ("wifi-eap", config_dict, "pairwise", TYPE_KEYWORD, "TKIP CCMP"); - validate_opt ("wifi-eap", config_dict, "group", TYPE_KEYWORD, "TKIP CCMP"); - validate_opt ("wifi-eap", config_dict, "fragment_size", TYPE_INT, GINT_TO_POINTER(mtu-14)); - validate_opt ("wifi-eap", config_dict, "bgscan", TYPE_BYTES, bgscan); + validate_opt ("wifi-eap", config_dict, "scan_ssid", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER (1)); + validate_opt ("wifi-eap", config_dict, "ssid", NM_SUPPL_OPT_TYPE_BYTES, ssid); + validate_opt ("wifi-eap", config_dict, "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, "FILS-SHA256 FILS-SHA384"); + validate_opt ("wifi-eap", config_dict, "eap", NM_SUPPL_OPT_TYPE_KEYWORD, "TLS"); + validate_opt ("wifi-eap", config_dict, "proto", NM_SUPPL_OPT_TYPE_KEYWORD, "WPA RSN"); + validate_opt ("wifi-eap", config_dict, "pairwise", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP"); + validate_opt ("wifi-eap", config_dict, "group", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP"); + validate_opt ("wifi-eap", config_dict, "fragment_size", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER(mtu-14)); + validate_opt ("wifi-eap", config_dict, "bgscan", NM_SUPPL_OPT_TYPE_BYTES, bgscan); } static void @@ -609,15 +609,15 @@ test_wifi_eap_fils_disabled (void) g_test_assert_expected_messages (); g_assert (config_dict); - validate_opt ("wifi-eap", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1)); - validate_opt ("wifi-eap", config_dict, "ssid", TYPE_BYTES, ssid); - validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP WPA-EAP-SHA256"); - validate_opt ("wifi-eap", config_dict, "eap", TYPE_KEYWORD, "TLS"); - validate_opt ("wifi-eap", config_dict, "proto", TYPE_KEYWORD, "WPA RSN"); - validate_opt ("wifi-eap", config_dict, "pairwise", TYPE_KEYWORD, "TKIP CCMP"); - validate_opt ("wifi-eap", config_dict, "group", TYPE_KEYWORD, "TKIP CCMP"); - validate_opt ("wifi-eap", config_dict, "fragment_size", TYPE_INT, GINT_TO_POINTER(mtu-14)); - validate_opt ("wifi-eap", config_dict, "bgscan", TYPE_BYTES, bgscan); + validate_opt ("wifi-eap", config_dict, "scan_ssid", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER (1)); + validate_opt ("wifi-eap", config_dict, "ssid", NM_SUPPL_OPT_TYPE_BYTES, ssid); + validate_opt ("wifi-eap", config_dict, "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, "WPA-EAP WPA-EAP-SHA256"); + validate_opt ("wifi-eap", config_dict, "eap", NM_SUPPL_OPT_TYPE_KEYWORD, "TLS"); + validate_opt ("wifi-eap", config_dict, "proto", NM_SUPPL_OPT_TYPE_KEYWORD, "WPA RSN"); + validate_opt ("wifi-eap", config_dict, "pairwise", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP"); + validate_opt ("wifi-eap", config_dict, "group", NM_SUPPL_OPT_TYPE_KEYWORD, "TKIP CCMP"); + validate_opt ("wifi-eap", config_dict, "fragment_size", NM_SUPPL_OPT_TYPE_INT, GINT_TO_POINTER(mtu-14)); + validate_opt ("wifi-eap", config_dict, "bgscan", NM_SUPPL_OPT_TYPE_BYTES, bgscan); } /*****************************************************************************/ From 941277a9d6d384955dfb5613eb643e408809649f Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 10 Jun 2020 12:15:38 +0200 Subject: [PATCH 5/8] supplicant: remove unused, duplicate "pac_file" entry from opt_table --- src/supplicant/nm-supplicant-settings-verify.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c index 75781234e0..6453188ef4 100644 --- a/src/supplicant/nm-supplicant-settings-verify.c +++ b/src/supplicant/nm-supplicant-settings-verify.c @@ -175,7 +175,6 @@ static const struct Opt opt_table[] = { { "fragment_size", NM_SUPPL_OPT_TYPE_INT, 1, 2000, FALSE, NULL }, { "proactive_key_caching", NM_SUPPL_OPT_TYPE_INT, 0, 1, FALSE, NULL }, { "bgscan", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pac_file", NM_SUPPL_OPT_TYPE_BYTES, 0, 1024, FALSE, NULL }, { "freq_list", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NULL }, { "macsec_policy", NM_SUPPL_OPT_TYPE_INT, 0, 1, FALSE, NULL }, { "macsec_integ_only", NM_SUPPL_OPT_TYPE_INT, 0, 1, FALSE, NULL }, From 1fc1a40dd50336871345176720dc5362159ff8cf Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 10 Jun 2020 12:53:51 +0200 Subject: [PATCH 6/8] supplicant: remove unused str_allowed_multiple field from options --- .../nm-supplicant-settings-verify.c | 267 +++++++++--------- 1 file changed, 133 insertions(+), 134 deletions(-) diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c index 6453188ef4..3d841f957d 100644 --- a/src/supplicant/nm-supplicant-settings-verify.c +++ b/src/supplicant/nm-supplicant-settings-verify.c @@ -15,7 +15,6 @@ struct Opt { const NMSupplOptType type; const gint32 int_low; /* Inclusive */ const gint32 int_high; /* Inclusive; max length for strings */ - const gboolean str_allowed_multiple; const char *const*str_allowed; }; @@ -50,139 +49,139 @@ static const struct validate_entry validate_table[] = { }; static const struct Opt opt_table[] = { - { "ssid", NM_SUPPL_OPT_TYPE_BYTES, 0, 32, FALSE, NULL }, - { "bssid", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NULL }, - { "scan_ssid", NM_SUPPL_OPT_TYPE_INT, 0, 1, FALSE, NULL }, - { "frequency", NM_SUPPL_OPT_TYPE_INT, 2412, 5825, FALSE, NULL }, - { "auth_alg", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( - "OPEN", - "SHARED", - "LEAP", - ) }, - { "psk", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pairwise", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( - "CCMP", - "TKIP", - "NONE", - ) }, - { "group", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( - "CCMP", - "TKIP", - "WEP104", - "WEP40", - ) }, - { "proto", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( - "WPA", - "RSN", - ) }, - { "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( - "WPA-PSK", - "WPA-PSK-SHA256", - "FT-PSK", - "WPA-EAP", - "WPA-EAP-SHA256", - "FT-EAP", - "FT-EAP-SHA384", - "FILS-SHA256", - "FILS-SHA384", - "FT-FILS-SHA256", - "FT-FILS-SHA384", - "IEEE8021X", - "SAE", - "FT-SAE", - "OWE", - "NONE", - ) }, - { "wep_key0", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "wep_key1", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "wep_key2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "wep_key3", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "wep_tx_keyidx", NM_SUPPL_OPT_TYPE_INT, 0, 3, FALSE, NULL }, - { "eapol_flags", NM_SUPPL_OPT_TYPE_INT, 0, 3, FALSE, NULL }, - { "eap", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NM_MAKE_STRV ( - "LEAP", - "MD5", - "TLS", - "PEAP", - "TTLS", - "SIM", - "PSK", - "FAST", - "PWD", - ) }, - { "identity", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "password", NM_SUPPL_OPT_TYPE_UTF8, 0, 0, FALSE, NULL }, - { "ca_path", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "subject_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "altsubject_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "domain_suffix_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "domain_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "ca_cert", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "client_cert", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "private_key", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "private_key_passwd", NM_SUPPL_OPT_TYPE_BYTES, 0, 1024, FALSE, NULL }, - { "phase1", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, TRUE, NM_MAKE_STRV ( - "peapver=0", - "peapver=1", - "peaplabel=1", - "peap_outer_success=0", - "include_tls_length=1", - "sim_min_num_chal=3", - "fast_provisioning=0", - "fast_provisioning=1", - "fast_provisioning=2", - "fast_provisioning=3", - "tls_disable_tlsv1_0=0", - "tls_disable_tlsv1_0=1", - "tls_disable_tlsv1_1=0", - "tls_disable_tlsv1_1=1", - "tls_disable_tlsv1_2=0", - "tls_disable_tlsv1_2=1", - ) }, - { "phase2", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, TRUE, NM_MAKE_STRV ( - "auth=PAP", - "auth=CHAP", - "auth=MSCHAP", - "auth=MSCHAPV2", - "auth=GTC", - "auth=OTP", - "auth=MD5", - "auth=TLS", - "autheap=MD5", - "autheap=MSCHAPV2", - "autheap=OTP", - "autheap=GTC", - "autheap=TLS", - ) }, - { "anonymous_identity", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "ca_path2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "subject_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "altsubject_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "domain_suffix_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "domain_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "ca_cert2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "client_cert2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "private_key2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "private_key2_passwd", NM_SUPPL_OPT_TYPE_BYTES, 0, 1024, FALSE, NULL }, - { "pin", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pcsc", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "nai", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "eappsk", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pac_file", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "engine", NM_SUPPL_OPT_TYPE_INT, 0, 1, FALSE, NULL }, - { "engine_id", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "key_id", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "fragment_size", NM_SUPPL_OPT_TYPE_INT, 1, 2000, FALSE, NULL }, - { "proactive_key_caching", NM_SUPPL_OPT_TYPE_INT, 0, 1, FALSE, NULL }, - { "bgscan", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, FALSE, NULL }, - { "freq_list", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, FALSE, NULL }, - { "macsec_policy", NM_SUPPL_OPT_TYPE_INT, 0, 1, FALSE, NULL }, - { "macsec_integ_only", NM_SUPPL_OPT_TYPE_INT, 0, 1, FALSE, NULL }, - { "mka_cak", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "mka_ckn", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "macsec_port", NM_SUPPL_OPT_TYPE_INT, 1, 65534, FALSE, NULL }, - { "ieee80211w", NM_SUPPL_OPT_TYPE_INT, 0, 2, FALSE, NULL }, - { "ignore_broadcast_ssid", NM_SUPPL_OPT_TYPE_INT, 0, 2, FALSE, NULL }, + { "ssid", NM_SUPPL_OPT_TYPE_BYTES, 0, 32, NULL }, + { "bssid", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NULL }, + { "scan_ssid", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, + { "frequency", NM_SUPPL_OPT_TYPE_INT, 2412, 5825, NULL }, + { "auth_alg", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( + "OPEN", + "SHARED", + "LEAP", + ) }, + { "psk", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "pairwise", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( + "CCMP", + "TKIP", + "NONE", + ) }, + { "group", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( + "CCMP", + "TKIP", + "WEP104", + "WEP40", + ) }, + { "proto", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( + "WPA", + "RSN", + ) }, + { "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( + "WPA-PSK", + "WPA-PSK-SHA256", + "FT-PSK", + "WPA-EAP", + "WPA-EAP-SHA256", + "FT-EAP", + "FT-EAP-SHA384", + "FILS-SHA256", + "FILS-SHA384", + "FT-FILS-SHA256", + "FT-FILS-SHA384", + "IEEE8021X", + "SAE", + "FT-SAE", + "OWE", + "NONE", + ) }, + { "wep_key0", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "wep_key1", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "wep_key2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "wep_key3", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "wep_tx_keyidx", NM_SUPPL_OPT_TYPE_INT, 0, 3, NULL }, + { "eapol_flags", NM_SUPPL_OPT_TYPE_INT, 0, 3, NULL }, + { "eap", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( + "LEAP", + "MD5", + "TLS", + "PEAP", + "TTLS", + "SIM", + "PSK", + "FAST", + "PWD", + ) }, + { "identity", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "password", NM_SUPPL_OPT_TYPE_UTF8, 0, 0, NULL }, + { "ca_path", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "subject_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "altsubject_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "domain_suffix_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "domain_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "ca_cert", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, + { "client_cert", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, + { "private_key", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, + { "private_key_passwd", NM_SUPPL_OPT_TYPE_BYTES, 0, 1024, NULL }, + { "phase1", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( + "peapver=0", + "peapver=1", + "peaplabel=1", + "peap_outer_success=0", + "include_tls_length=1", + "sim_min_num_chal=3", + "fast_provisioning=0", + "fast_provisioning=1", + "fast_provisioning=2", + "fast_provisioning=3", + "tls_disable_tlsv1_0=0", + "tls_disable_tlsv1_0=1", + "tls_disable_tlsv1_1=0", + "tls_disable_tlsv1_1=1", + "tls_disable_tlsv1_2=0", + "tls_disable_tlsv1_2=1", + ) }, + { "phase2", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( + "auth=PAP", + "auth=CHAP", + "auth=MSCHAP", + "auth=MSCHAPV2", + "auth=GTC", + "auth=OTP", + "auth=MD5", + "auth=TLS", + "autheap=MD5", + "autheap=MSCHAPV2", + "autheap=OTP", + "autheap=GTC", + "autheap=TLS", + ) }, + { "anonymous_identity", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "ca_path2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "subject_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "altsubject_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "domain_suffix_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "domain_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "ca_cert2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, + { "client_cert2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, + { "private_key2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, + { "private_key2_passwd", NM_SUPPL_OPT_TYPE_BYTES, 0, 1024, NULL }, + { "pin", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "pcsc", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "nai", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "eappsk", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "pac_file", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "engine", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, + { "engine_id", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "key_id", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "fragment_size", NM_SUPPL_OPT_TYPE_INT, 1, 2000, NULL }, + { "proactive_key_caching", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, + { "bgscan", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "freq_list", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NULL }, + { "macsec_policy", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, + { "macsec_integ_only", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, + { "mka_cak", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, + { "mka_ckn", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, + { "macsec_port", NM_SUPPL_OPT_TYPE_INT, 1, 65534, NULL }, + { "ieee80211w", NM_SUPPL_OPT_TYPE_INT, 0, 2, NULL }, + { "ignore_broadcast_ssid", NM_SUPPL_OPT_TYPE_INT, 0, 2, NULL }, }; static gboolean From 4afd62246b34ca196817e53b4b04fcab61926b21 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 10 Jun 2020 12:15:58 +0200 Subject: [PATCH 7/8] supplicant: use binary search to lookup option in "nm-supplicant-settings-verify" --- .../nm-supplicant-settings-verify.c | 267 +++++++++--------- .../nm-supplicant-settings-verify.h | 3 +- 2 files changed, 138 insertions(+), 132 deletions(-) diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c index 3d841f957d..a71677ccec 100644 --- a/src/supplicant/nm-supplicant-settings-verify.c +++ b/src/supplicant/nm-supplicant-settings-verify.c @@ -13,67 +13,62 @@ struct Opt { const char *key; const NMSupplOptType type; - const gint32 int_low; /* Inclusive */ - const gint32 int_high; /* Inclusive; max length for strings */ + const guint32 int_low; /* Inclusive */ + const guint32 int_high; /* Inclusive; max length for strings */ const char *const*str_allowed; }; -static gboolean validate_type_int (const struct Opt * opt, - const char * value, - const guint32 len); - -static gboolean validate_type_bytes (const struct Opt * opt, - const char * value, - const guint32 len); - -static gboolean validate_type_utf8 (const struct Opt *opt, - const char * value, - const guint32 len); - -static gboolean validate_type_keyword (const struct Opt * opt, - const char * value, - const guint32 len); - -typedef gboolean (*validate_func)(const struct Opt *, const char *, const guint32); - -struct validate_entry { - const NMSupplOptType type; - const validate_func func; -}; - -static const struct validate_entry validate_table[] = { - { NM_SUPPL_OPT_TYPE_INT, validate_type_int }, - { NM_SUPPL_OPT_TYPE_BYTES, validate_type_bytes }, - { NM_SUPPL_OPT_TYPE_UTF8, validate_type_utf8 }, - { NM_SUPPL_OPT_TYPE_KEYWORD, validate_type_keyword }, -}; +typedef gboolean (*validate_func) (const struct Opt *, const char *, const guint32); static const struct Opt opt_table[] = { - { "ssid", NM_SUPPL_OPT_TYPE_BYTES, 0, 32, NULL }, - { "bssid", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NULL }, - { "scan_ssid", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, - { "frequency", NM_SUPPL_OPT_TYPE_INT, 2412, 5825, NULL }, + { "altsubject_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "altsubject_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "anonymous_identity", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, { "auth_alg", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( "OPEN", "SHARED", "LEAP", ) }, - { "psk", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "pairwise", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( - "CCMP", - "TKIP", - "NONE", + { "bgscan", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "bssid", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NULL }, + { "ca_cert", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, + { "ca_cert2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, + { "ca_path", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "ca_path2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "client_cert", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, + { "client_cert2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, + { "domain_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "domain_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "domain_suffix_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "domain_suffix_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "eap", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( + "LEAP", + "MD5", + "TLS", + "PEAP", + "TTLS", + "SIM", + "PSK", + "FAST", + "PWD", ) }, + { "eapol_flags", NM_SUPPL_OPT_TYPE_INT, 0, 3, NULL }, + { "eappsk", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "engine", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, + { "engine_id", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "fragment_size", NM_SUPPL_OPT_TYPE_INT, 1, 2000, NULL }, + { "freq_list", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NULL }, + { "frequency", NM_SUPPL_OPT_TYPE_INT, 2412, 5825, NULL }, { "group", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( "CCMP", "TKIP", "WEP104", "WEP40", ) }, - { "proto", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( - "WPA", - "RSN", - ) }, + { "identity", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "ieee80211w", NM_SUPPL_OPT_TYPE_INT, 0, 2, NULL }, + { "ignore_broadcast_ssid", NM_SUPPL_OPT_TYPE_INT, 0, 2, NULL }, + { "key_id", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, { "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( "WPA-PSK", "WPA-PSK-SHA256", @@ -92,34 +87,20 @@ static const struct Opt opt_table[] = { "OWE", "NONE", ) }, - { "wep_key0", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "wep_key1", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "wep_key2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "wep_key3", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "wep_tx_keyidx", NM_SUPPL_OPT_TYPE_INT, 0, 3, NULL }, - { "eapol_flags", NM_SUPPL_OPT_TYPE_INT, 0, 3, NULL }, - { "eap", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( - "LEAP", - "MD5", - "TLS", - "PEAP", - "TTLS", - "SIM", - "PSK", - "FAST", - "PWD", + { "macsec_integ_only", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, + { "macsec_policy", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, + { "macsec_port", NM_SUPPL_OPT_TYPE_INT, 1, 65534, NULL }, + { "mka_cak", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, + { "mka_ckn", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, + { "nai", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "pac_file", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "pairwise", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( + "CCMP", + "TKIP", + "NONE", ) }, - { "identity", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, { "password", NM_SUPPL_OPT_TYPE_UTF8, 0, 0, NULL }, - { "ca_path", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "subject_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "altsubject_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "domain_suffix_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "domain_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "ca_cert", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, - { "client_cert", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, - { "private_key", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, - { "private_key_passwd", NM_SUPPL_OPT_TYPE_BYTES, 0, 1024, NULL }, + { "pcsc", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, { "phase1", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( "peapver=0", "peapver=1", @@ -153,35 +134,26 @@ static const struct Opt opt_table[] = { "autheap=GTC", "autheap=TLS", ) }, - { "anonymous_identity", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "ca_path2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "subject_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "altsubject_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "domain_suffix_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "domain_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "ca_cert2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, - { "client_cert2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, + { "pin", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "private_key", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, { "private_key2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, { "private_key2_passwd", NM_SUPPL_OPT_TYPE_BYTES, 0, 1024, NULL }, - { "pin", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "pcsc", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "nai", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "eappsk", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "pac_file", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "engine", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, - { "engine_id", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "key_id", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "fragment_size", NM_SUPPL_OPT_TYPE_INT, 1, 2000, NULL }, + { "private_key_passwd", NM_SUPPL_OPT_TYPE_BYTES, 0, 1024, NULL }, { "proactive_key_caching", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, - { "bgscan", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "freq_list", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NULL }, - { "macsec_policy", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, - { "macsec_integ_only", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, - { "mka_cak", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, - { "mka_ckn", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, - { "macsec_port", NM_SUPPL_OPT_TYPE_INT, 1, 65534, NULL }, - { "ieee80211w", NM_SUPPL_OPT_TYPE_INT, 0, 2, NULL }, - { "ignore_broadcast_ssid", NM_SUPPL_OPT_TYPE_INT, 0, 2, NULL }, + { "proto", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( + "WPA", + "RSN", + ) }, + { "psk", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "scan_ssid", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, + { "ssid", NM_SUPPL_OPT_TYPE_BYTES, 0, 32, NULL }, + { "subject_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "subject_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "wep_key0", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "wep_key1", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "wep_key2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "wep_key3", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, + { "wep_tx_keyidx", NM_SUPPL_OPT_TYPE_INT, 0, 3, NULL }, }; static gboolean @@ -191,8 +163,8 @@ validate_type_int (const struct Opt * opt, { gint64 v; - g_return_val_if_fail (opt != NULL, FALSE); - g_return_val_if_fail (value != NULL, FALSE); + nm_assert (opt); + nm_assert (value); v = _nm_utils_ascii_str_to_int64 (value, 10, opt->int_low, opt->int_high, G_MININT64); return v != G_MININT64 || errno == 0; @@ -205,8 +177,8 @@ validate_type_bytes (const struct Opt * opt, { guint32 check_len; - g_return_val_if_fail (opt != NULL, FALSE); - g_return_val_if_fail (value != NULL, FALSE); + nm_assert (opt); + nm_assert (value); check_len = opt->int_high ?: 255; if (len > check_len) @@ -222,8 +194,8 @@ validate_type_utf8 (const struct Opt *opt, { guint32 check_len; - g_return_val_if_fail (opt != NULL, FALSE); - g_return_val_if_fail (value != NULL, FALSE); + nm_assert (opt); + nm_assert (value); check_len = opt->int_high ?: 255; /* Note that we deliberately don't validate the UTF-8, because @@ -242,8 +214,8 @@ validate_type_keyword (const struct Opt * opt, { gs_free char *value_free = NULL; - g_return_val_if_fail (opt != NULL, FALSE); - g_return_val_if_fail (value != NULL, FALSE); + nm_assert (opt); + nm_assert (value); /* Allow everything */ if (!opt->str_allowed) @@ -279,40 +251,73 @@ validate_type_keyword (const struct Opt * opt, } NMSupplOptType -nm_supplicant_settings_verify_setting (const char * key, - const char * value, +nm_supplicant_settings_verify_setting (const char *key, + const char *value, const guint32 len) { - NMSupplOptType type = NM_SUPPL_OPT_TYPE_INVALID; - int opt_count = sizeof (opt_table) / sizeof (opt_table[0]); - int val_count = sizeof (validate_table) / sizeof (validate_table[0]); - int i, j; + static const validate_func validate_table[_NM_SUPPL_OPT_TYPE_NUM - 1] = { + [NM_SUPPL_OPT_TYPE_INT - 1] = validate_type_int, + [NM_SUPPL_OPT_TYPE_BYTES - 1] = validate_type_bytes, + [NM_SUPPL_OPT_TYPE_UTF8 - 1] = validate_type_utf8, + [NM_SUPPL_OPT_TYPE_KEYWORD - 1] = validate_type_keyword, + }; + const struct Opt *opt; + gssize opt_idx; - g_return_val_if_fail (key != NULL, FALSE); - g_return_val_if_fail (value != NULL, FALSE); + g_return_val_if_fail (key, FALSE); + g_return_val_if_fail (value, FALSE); - if (strcmp (key, "mode") == 0) { - if (len != 1) - return NM_SUPPL_OPT_TYPE_INVALID; - if (!NM_IN_SET (value[0], '1', '2', '5')) - return NM_SUPPL_OPT_TYPE_INVALID; - return NM_SUPPL_OPT_TYPE_INT; - } + if (NM_MORE_ASSERT_ONCE (5)) { + gsize i; - for (i = 0; i < opt_count; i++) { - if (strcmp (opt_table[i].key, key) != 0) - continue; + for (i = 0; i < G_N_ELEMENTS (opt_table); i++) { + opt = &opt_table[i]; - for (j = 0; j < val_count; j++) { - if (validate_table[j].type == opt_table[i].type) { - if ((*(validate_table[j].func))(&opt_table[i], value, len)) { - type = opt_table[i].type; - break; - } - } + nm_assert (opt->key); + nm_assert (opt->type > NM_SUPPL_OPT_TYPE_INVALID); + nm_assert (opt->type < _NM_SUPPL_OPT_TYPE_NUM); + if (i > 0) + nm_assert (strcmp (opt[-1].key, opt->key) < 0); + nm_assert (validate_table[opt->type - 1]); + + nm_assert ( !opt->str_allowed + || (opt->type == NM_SUPPL_OPT_TYPE_KEYWORD)); + nm_assert ( !opt->str_allowed + || NM_PTRARRAY_LEN (opt->str_allowed) > 0); + + nm_assert ( opt->int_low == 0 + || opt->type == NM_SUPPL_OPT_TYPE_INT); + + nm_assert ( opt->int_high == 0 + || NM_IN_SET (opt->type, NM_SUPPL_OPT_TYPE_INT, + NM_SUPPL_OPT_TYPE_UTF8, + NM_SUPPL_OPT_TYPE_BYTES)); + + nm_assert ( opt->type != NM_SUPPL_OPT_TYPE_INT + || opt->int_low < opt->int_high); } } - return type; -} + opt_idx = nm_utils_array_find_binary_search (opt_table, + sizeof (opt_table[0]), + G_N_ELEMENTS (opt_table), + &key, + nm_strcmp_p_with_data, + NULL); + if (opt_idx < 0) { + if (nm_streq (key, "mode")) { + if (len != 1) + return NM_SUPPL_OPT_TYPE_INVALID; + if (!NM_IN_SET (value[0], '1', '2', '5')) + return NM_SUPPL_OPT_TYPE_INVALID; + return NM_SUPPL_OPT_TYPE_INT; + } + return NM_SUPPL_OPT_TYPE_INVALID; + } + opt = &opt_table[opt_idx]; + if (!((validate_table[opt->type - 1]) (opt, value, len))) + return NM_SUPPL_OPT_TYPE_INVALID; + + return opt->type; +} diff --git a/src/supplicant/nm-supplicant-settings-verify.h b/src/supplicant/nm-supplicant-settings-verify.h index 3059b89c3a..d804a97ebd 100644 --- a/src/supplicant/nm-supplicant-settings-verify.h +++ b/src/supplicant/nm-supplicant-settings-verify.h @@ -12,7 +12,8 @@ typedef enum { NM_SUPPL_OPT_TYPE_BYTES, NM_SUPPL_OPT_TYPE_UTF8, NM_SUPPL_OPT_TYPE_KEYWORD, - NM_SUPPL_OPT_TYPE_STRING + NM_SUPPL_OPT_TYPE_STRING, + _NM_SUPPL_OPT_TYPE_NUM, } NMSupplOptType; NMSupplOptType nm_supplicant_settings_verify_setting (const char *key, From 505aee6598af75e14229b6ee05512886dc9b9f32 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 10 Jun 2020 12:52:26 +0200 Subject: [PATCH 8/8] supplicant: use macros to initialize config options --- .../nm-supplicant-settings-verify.c | 273 +++++++++--------- 1 file changed, 139 insertions(+), 134 deletions(-) diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c index a71677ccec..954a4649e2 100644 --- a/src/supplicant/nm-supplicant-settings-verify.c +++ b/src/supplicant/nm-supplicant-settings-verify.c @@ -12,148 +12,153 @@ struct Opt { const char *key; + const char *const*str_allowed; const NMSupplOptType type; const guint32 int_low; /* Inclusive */ const guint32 int_high; /* Inclusive; max length for strings */ - const char *const*str_allowed; }; typedef gboolean (*validate_func) (const struct Opt *, const char *, const guint32); +#define OPT_INT( _key, _int_low, _int_high) { .key = _key, .type = NM_SUPPL_OPT_TYPE_INT, .int_high = _int_high, .int_low = _int_low, } +#define OPT_BYTES( _key, _int_high) { .key = _key, .type = NM_SUPPL_OPT_TYPE_BYTES, .int_high = _int_high, } +#define OPT_UTF8( _key, _int_high) { .key = _key, .type = NM_SUPPL_OPT_TYPE_UTF8, .int_high = _int_high, } +#define OPT_KEYWORD(_key, _str_allowed) { .key = _key, .type = NM_SUPPL_OPT_TYPE_KEYWORD, .str_allowed = _str_allowed, } + static const struct Opt opt_table[] = { - { "altsubject_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "altsubject_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "anonymous_identity", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "auth_alg", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( - "OPEN", - "SHARED", - "LEAP", - ) }, - { "bgscan", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "bssid", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NULL }, - { "ca_cert", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, - { "ca_cert2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, - { "ca_path", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "ca_path2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "client_cert", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, - { "client_cert2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, - { "domain_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "domain_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "domain_suffix_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "domain_suffix_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "eap", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( - "LEAP", - "MD5", - "TLS", - "PEAP", - "TTLS", - "SIM", - "PSK", - "FAST", - "PWD", - ) }, - { "eapol_flags", NM_SUPPL_OPT_TYPE_INT, 0, 3, NULL }, - { "eappsk", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "engine", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, - { "engine_id", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "fragment_size", NM_SUPPL_OPT_TYPE_INT, 1, 2000, NULL }, - { "freq_list", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NULL }, - { "frequency", NM_SUPPL_OPT_TYPE_INT, 2412, 5825, NULL }, - { "group", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( - "CCMP", - "TKIP", - "WEP104", - "WEP40", - ) }, - { "identity", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "ieee80211w", NM_SUPPL_OPT_TYPE_INT, 0, 2, NULL }, - { "ignore_broadcast_ssid", NM_SUPPL_OPT_TYPE_INT, 0, 2, NULL }, - { "key_id", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "key_mgmt", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( - "WPA-PSK", - "WPA-PSK-SHA256", - "FT-PSK", - "WPA-EAP", - "WPA-EAP-SHA256", - "FT-EAP", - "FT-EAP-SHA384", - "FILS-SHA256", - "FILS-SHA384", - "FT-FILS-SHA256", - "FT-FILS-SHA384", - "IEEE8021X", - "SAE", - "FT-SAE", - "OWE", - "NONE", - ) }, - { "macsec_integ_only", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, - { "macsec_policy", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, - { "macsec_port", NM_SUPPL_OPT_TYPE_INT, 1, 65534, NULL }, - { "mka_cak", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, - { "mka_ckn", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, - { "nai", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "pac_file", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "pairwise", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( - "CCMP", - "TKIP", - "NONE", - ) }, - { "password", NM_SUPPL_OPT_TYPE_UTF8, 0, 0, NULL }, - { "pcsc", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "phase1", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( - "peapver=0", - "peapver=1", - "peaplabel=1", - "peap_outer_success=0", - "include_tls_length=1", - "sim_min_num_chal=3", - "fast_provisioning=0", - "fast_provisioning=1", - "fast_provisioning=2", - "fast_provisioning=3", - "tls_disable_tlsv1_0=0", - "tls_disable_tlsv1_0=1", - "tls_disable_tlsv1_1=0", - "tls_disable_tlsv1_1=1", - "tls_disable_tlsv1_2=0", - "tls_disable_tlsv1_2=1", - ) }, - { "phase2", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( - "auth=PAP", - "auth=CHAP", - "auth=MSCHAP", - "auth=MSCHAPV2", - "auth=GTC", - "auth=OTP", - "auth=MD5", - "auth=TLS", - "autheap=MD5", - "autheap=MSCHAPV2", - "autheap=OTP", - "autheap=GTC", - "autheap=TLS", - ) }, - { "pin", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "private_key", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, - { "private_key2", NM_SUPPL_OPT_TYPE_BYTES, 0, 65536, NULL }, - { "private_key2_passwd", NM_SUPPL_OPT_TYPE_BYTES, 0, 1024, NULL }, - { "private_key_passwd", NM_SUPPL_OPT_TYPE_BYTES, 0, 1024, NULL }, - { "proactive_key_caching", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, - { "proto", NM_SUPPL_OPT_TYPE_KEYWORD, 0, 0, NM_MAKE_STRV ( - "WPA", - "RSN", - ) }, - { "psk", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "scan_ssid", NM_SUPPL_OPT_TYPE_INT, 0, 1, NULL }, - { "ssid", NM_SUPPL_OPT_TYPE_BYTES, 0, 32, NULL }, - { "subject_match", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "subject_match2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "wep_key0", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "wep_key1", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "wep_key2", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "wep_key3", NM_SUPPL_OPT_TYPE_BYTES, 0, 0, NULL }, - { "wep_tx_keyidx", NM_SUPPL_OPT_TYPE_INT, 0, 3, NULL }, + OPT_BYTES ("altsubject_match", 0), + OPT_BYTES ("altsubject_match2", 0), + OPT_BYTES ("anonymous_identity", 0), + OPT_KEYWORD ("auth_alg", NM_MAKE_STRV ( + "OPEN", + "SHARED", + "LEAP", + )), + OPT_BYTES ("bgscan", 0), + OPT_KEYWORD ("bssid", NULL), + OPT_BYTES ("ca_cert", 65536), + OPT_BYTES ("ca_cert2", 65536), + OPT_BYTES ("ca_path", 0), + OPT_BYTES ("ca_path2", 0), + OPT_BYTES ("client_cert", 65536), + OPT_BYTES ("client_cert2", 65536), + OPT_BYTES ("domain_match", 0), + OPT_BYTES ("domain_match2", 0), + OPT_BYTES ("domain_suffix_match", 0), + OPT_BYTES ("domain_suffix_match2", 0), + OPT_KEYWORD ("eap", NM_MAKE_STRV ( + "LEAP", + "MD5", + "TLS", + "PEAP", + "TTLS", + "SIM", + "PSK", + "FAST", + "PWD", + )), + OPT_INT ("eapol_flags", 0, 3), + OPT_BYTES ("eappsk", 0), + OPT_INT ("engine", 0, 1), + OPT_BYTES ("engine_id", 0), + OPT_INT ("fragment_size", 1, 2000), + OPT_KEYWORD ("freq_list", NULL), + OPT_INT ("frequency", 2412, 5825), + OPT_KEYWORD ("group", NM_MAKE_STRV ( + "CCMP", + "TKIP", + "WEP104", + "WEP40", + )), + OPT_BYTES ("identity", 0), + OPT_INT ("ieee80211w", 0, 2), + OPT_INT ("ignore_broadcast_ssid", 0, 2), + OPT_BYTES ("key_id", 0), + OPT_KEYWORD ("key_mgmt", NM_MAKE_STRV ( + "WPA-PSK", + "WPA-PSK-SHA256", + "FT-PSK", + "WPA-EAP", + "WPA-EAP-SHA256", + "FT-EAP", + "FT-EAP-SHA384", + "FILS-SHA256", + "FILS-SHA384", + "FT-FILS-SHA256", + "FT-FILS-SHA384", + "IEEE8021X", + "SAE", + "FT-SAE", + "OWE", + "NONE", + )), + OPT_INT ("macsec_integ_only", 0, 1), + OPT_INT ("macsec_policy", 0, 1), + OPT_INT ("macsec_port", 1, 65534), + OPT_BYTES ("mka_cak", 65536), + OPT_BYTES ("mka_ckn", 65536), + OPT_BYTES ("nai", 0), + OPT_BYTES ("pac_file", 0), + OPT_KEYWORD ("pairwise", NM_MAKE_STRV ( + "CCMP", + "TKIP", + "NONE", + )), + OPT_UTF8 ("password", 0), + OPT_BYTES ("pcsc", 0), + OPT_KEYWORD ("phase1", NM_MAKE_STRV ( + "peapver=0", + "peapver=1", + "peaplabel=1", + "peap_outer_success=0", + "include_tls_length=1", + "sim_min_num_chal=3", + "fast_provisioning=0", + "fast_provisioning=1", + "fast_provisioning=2", + "fast_provisioning=3", + "tls_disable_tlsv1_0=0", + "tls_disable_tlsv1_0=1", + "tls_disable_tlsv1_1=0", + "tls_disable_tlsv1_1=1", + "tls_disable_tlsv1_2=0", + "tls_disable_tlsv1_2=1", + )), + OPT_KEYWORD ("phase2", NM_MAKE_STRV ( + "auth=PAP", + "auth=CHAP", + "auth=MSCHAP", + "auth=MSCHAPV2", + "auth=GTC", + "auth=OTP", + "auth=MD5", + "auth=TLS", + "autheap=MD5", + "autheap=MSCHAPV2", + "autheap=OTP", + "autheap=GTC", + "autheap=TLS", + )), + OPT_BYTES ("pin", 0), + OPT_BYTES ("private_key", 65536), + OPT_BYTES ("private_key2", 65536), + OPT_BYTES ("private_key2_passwd", 1024), + OPT_BYTES ("private_key_passwd", 1024), + OPT_INT ("proactive_key_caching", 0, 1), + OPT_KEYWORD ("proto", NM_MAKE_STRV ( + "WPA", + "RSN", + )), + OPT_BYTES ("psk", 0), + OPT_INT ("scan_ssid", 0, 1), + OPT_BYTES ("ssid", 32), + OPT_BYTES ("subject_match", 0), + OPT_BYTES ("subject_match2", 0), + OPT_BYTES ("wep_key0", 0), + OPT_BYTES ("wep_key1", 0), + OPT_BYTES ("wep_key2", 0), + OPT_BYTES ("wep_key3", 0), + OPT_INT ("wep_tx_keyidx", 0, 3), }; static gboolean