From aab56adeeace5b8b905519d43e600565a2b45fe0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Dre=C3=9Fler?= Date: Fri, 23 Apr 2021 16:33:20 +0200 Subject: [PATCH] libnm-core: Correctly check for "sae" or "none" when wifi mesh is used A small bug sneaked into commit 3ef3733c8139 ('wireless-security: ensure Mesh networks can't use anything but SAE') during review: Instead of allowing only "sae" or "none" as key-mgmt, we now disallow "sae" and "none", but allow anything else. This is obviously not what was intended, so fix the check. Also move the valid_key_mgmt check back up to where it was before that commit, it seems we want to apply that check in all cases. --- .../nm-setting-wireless-security.c | 53 +++++++++---------- 1 file changed, 26 insertions(+), 27 deletions(-) diff --git a/src/libnm-core-impl/nm-setting-wireless-security.c b/src/libnm-core-impl/nm-setting-wireless-security.c index e5e6b979f4..47a9ca3286 100644 --- a/src/libnm-core-impl/nm-setting-wireless-security.c +++ b/src/libnm-core-impl/nm-setting-wireless-security.c @@ -904,33 +904,32 @@ verify(NMSetting *setting, NMConnection *connection, GError **error) return FALSE; } - if (g_strcmp0(wifi_mode, NM_SETTING_WIRELESS_MODE_MESH) == 0) { - if ((strcmp(priv->key_mgmt, "none") == 0) || (strcmp(priv->key_mgmt, "sae") == 0)) { - g_set_error(error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("'%s' is not a valid value for '%s' mode connections"), - priv->key_mgmt, - NM_SETTING_WIRELESS_MODE_MESH); - g_prefix_error(error, - "%s.%s: ", - NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, - NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); - return FALSE; - } - } else { - if (!g_strv_contains(valid_key_mgmt, priv->key_mgmt)) { - g_set_error(error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("'%s' is not a valid value for the property"), - priv->key_mgmt); - g_prefix_error(error, - "%s.%s: ", - NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, - NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); - return FALSE; - } + if (!g_strv_contains(valid_key_mgmt, priv->key_mgmt)) { + g_set_error(error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("'%s' is not a valid value for the property"), + priv->key_mgmt); + g_prefix_error(error, + "%s.%s: ", + NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, + NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); + return FALSE; + } + + if (NM_IN_STRSET(wifi_mode, NM_SETTING_WIRELESS_MODE_MESH) + && !NM_IN_STRSET(priv->key_mgmt, "none", "sae")) { + g_set_error(error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("'%s' is not a valid value for '%s' mode connections"), + priv->key_mgmt, + NM_SETTING_WIRELESS_MODE_MESH); + g_prefix_error(error, + "%s.%s: ", + NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, + NM_SETTING_WIRELESS_SECURITY_KEY_MGMT); + return FALSE; } if (priv->auth_alg && !strcmp(priv->auth_alg, "leap")) {