libnm-core: Correctly check for "sae" or "none" when wifi mesh is used

A small bug sneaked into commit 3ef3733c81 ('wireless-security: ensure Mesh networks can't use anything but SAE') during review: Instead of allowing only "sae" or "none" as key-mgmt, we now disallow "sae" and "none", but allow anything else. This is obviously not what was intended, so fix the check. Also move the valid_key_mgmt check back up to where it was before that commit, it seems we want to apply that check in all cases.
2025-12-28 09:50:09 +01:00 · 2021-04-23 16:33:20 +02:00 · 2021-04-23 16:33:20 +02:00 · aab56adeea
commit aab56adeea
parent 97a49430bb
1 changed files with 26 additions and 27 deletions
--- a/src/libnm-core-impl/nm-setting-wireless-security.c
+++ b/src/libnm-core-impl/nm-setting-wireless-security.c
@ -904,33 +904,32 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
        return FALSE;
    }

-    if (g_strcmp0(wifi_mode, NM_SETTING_WIRELESS_MODE_MESH) == 0) {
-        if ((strcmp(priv->key_mgmt, "none") == 0) || (strcmp(priv->key_mgmt, "sae") == 0)) {
-            g_set_error(error,
-                        NM_CONNECTION_ERROR,
-                        NM_CONNECTION_ERROR_INVALID_PROPERTY,
-                        _("'%s' is not a valid value for '%s' mode connections"),
-                        priv->key_mgmt,
-                        NM_SETTING_WIRELESS_MODE_MESH);
-            g_prefix_error(error,
-                           "%s.%s: ",
-                           NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
-                           NM_SETTING_WIRELESS_SECURITY_KEY_MGMT);
-            return FALSE;
-        }
-    } else {
-        if (!g_strv_contains(valid_key_mgmt, priv->key_mgmt)) {
-            g_set_error(error,
-                        NM_CONNECTION_ERROR,
-                        NM_CONNECTION_ERROR_INVALID_PROPERTY,
-                        _("'%s' is not a valid value for the property"),
-                        priv->key_mgmt);
-            g_prefix_error(error,
-                           "%s.%s: ",
-                           NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
-                           NM_SETTING_WIRELESS_SECURITY_KEY_MGMT);
-            return FALSE;
-        }
+    if (!g_strv_contains(valid_key_mgmt, priv->key_mgmt)) {
+        g_set_error(error,
+                    NM_CONNECTION_ERROR,
+                    NM_CONNECTION_ERROR_INVALID_PROPERTY,
+                    _("'%s' is not a valid value for the property"),
+                    priv->key_mgmt);
+        g_prefix_error(error,
+                       "%s.%s: ",
+                       NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
+                       NM_SETTING_WIRELESS_SECURITY_KEY_MGMT);
+        return FALSE;
+    }
+
+    if (NM_IN_STRSET(wifi_mode, NM_SETTING_WIRELESS_MODE_MESH)
+        && !NM_IN_STRSET(priv->key_mgmt, "none", "sae")) {
+        g_set_error(error,
+                    NM_CONNECTION_ERROR,
+                    NM_CONNECTION_ERROR_INVALID_PROPERTY,
+                    _("'%s' is not a valid value for '%s' mode connections"),
+                    priv->key_mgmt,
+                    NM_SETTING_WIRELESS_MODE_MESH);
+        g_prefix_error(error,
+                       "%s.%s: ",
+                       NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
+                       NM_SETTING_WIRELESS_SECURITY_KEY_MGMT);
+        return FALSE;
    }

    if (priv->auth_alg && !strcmp(priv->auth_alg, "leap")) {