From 87af96a9d665354c59a87e5561ae993b9a79a6db Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Fri, 22 Nov 2019 11:26:51 +0100 Subject: [PATCH 1/3] ifcfg: add svSetValueBoolean_cond_true() helper --- src/settings/plugins/ifcfg-rh/shvar.c | 6 ++++++ src/settings/plugins/ifcfg-rh/shvar.h | 1 + 2 files changed, 7 insertions(+) diff --git a/src/settings/plugins/ifcfg-rh/shvar.c b/src/settings/plugins/ifcfg-rh/shvar.c index 5fce7525c1..16b2dd3762 100644 --- a/src/settings/plugins/ifcfg-rh/shvar.c +++ b/src/settings/plugins/ifcfg-rh/shvar.c @@ -1337,6 +1337,12 @@ svSetValueBoolean (shvarFile *s, const char *key, gboolean value) return svSetValue (s, key, value ? "yes" : "no"); } +gboolean +svSetValueBoolean_cond_true (shvarFile *s, const char *key, gboolean value) +{ + return svSetValue (s, key, value ? "yes" : NULL); +} + gboolean svSetValueEnum (shvarFile *s, const char *key, GType gtype, int value) { diff --git a/src/settings/plugins/ifcfg-rh/shvar.h b/src/settings/plugins/ifcfg-rh/shvar.h index 802eb7df8a..c3bbababa8 100644 --- a/src/settings/plugins/ifcfg-rh/shvar.h +++ b/src/settings/plugins/ifcfg-rh/shvar.h @@ -72,6 +72,7 @@ gboolean svGetValueEnum (shvarFile *s, const char *key, gboolean svSetValue (shvarFile *s, const char *key, const char *value); gboolean svSetValueStr (shvarFile *s, const char *key, const char *value); gboolean svSetValueBoolean (shvarFile *s, const char *key, gboolean value); +gboolean svSetValueBoolean_cond_true (shvarFile *s, const char *key, gboolean value); gboolean svSetValueInt64 (shvarFile *s, const char *key, gint64 value); gboolean svSetValueInt64_cond (shvarFile *s, const char *key, gboolean do_set, gint64 value); gboolean svSetValueEnum (shvarFile *s, const char *key, GType gtype, int value); From 2a4fb75d3b03d8d4391b10ad028a991dc6cf78e8 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Fri, 22 Nov 2019 11:23:09 +0100 Subject: [PATCH 2/3] ifcfg: add support for "802-1x.system-ca-certs" setting --- src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 5 +++++ src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c index 00a70bff45..c4c4b344d0 100644 --- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c +++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c @@ -3506,6 +3506,11 @@ next: return NULL; } + g_object_set (s_8021x, + NM_SETTING_802_1X_SYSTEM_CA_CERTS, + svGetValueBoolean (ifcfg, "IEEE_8021X_SYSTEM_CA_CERTS", FALSE), + NULL); + nm_clear_g_free (&value); v = svGetValueStr (ifcfg, "IEEE_8021X_SUBJECT_MATCH", &value); g_object_set (s_8021x, NM_SETTING_802_1X_SUBJECT_MATCH, v, NULL); diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c index 2a82455c66..8d6cb656c9 100644 --- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c +++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c @@ -419,6 +419,10 @@ write_8021x_setting (NMConnection *connection, nm_setting_802_1x_get_password_raw_flags (s_8021x)); g_free (tmp); + svSetValueBoolean_cond_true (ifcfg, + "IEEE_8021X_SYSTEM_CA_CERTS", + nm_setting_802_1x_get_system_ca_certs (s_8021x)); + /* PEAP version */ value = nm_setting_802_1x_get_phase1_peapver (s_8021x); svUnsetValue (ifcfg, "IEEE_8021X_PEAP_VERSION"); From 5028206ec410760c46cc6ac411a6b0c2fb2405a6 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Fri, 22 Nov 2019 11:33:38 +0100 Subject: [PATCH 3/3] ifcfg: various cleanup in ifcfg writer svUnsetValue (ifcfg, KEY); if (condition) svSetValue* (ifcfg, KEY, ...); is not good. It requires first clearing the value, before setting it again. Various cleanup to fix such uses. --- .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 39 +++++++++---------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c index 8d6cb656c9..c457b810ea 100644 --- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c +++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c @@ -423,35 +423,33 @@ write_8021x_setting (NMConnection *connection, "IEEE_8021X_SYSTEM_CA_CERTS", nm_setting_802_1x_get_system_ca_certs (s_8021x)); - /* PEAP version */ value = nm_setting_802_1x_get_phase1_peapver (s_8021x); - svUnsetValue (ifcfg, "IEEE_8021X_PEAP_VERSION"); - if (value && (!strcmp (value, "0") || !strcmp (value, "1"))) + if (NM_IN_STRSET (value, "0", "1")) svSetValueStr (ifcfg, "IEEE_8021X_PEAP_VERSION", value); + else + svUnsetValue (ifcfg, "IEEE_8021X_PEAP_VERSION"); - /* Force new PEAP label */ - value = nm_setting_802_1x_get_phase1_peaplabel (s_8021x); - svUnsetValue (ifcfg, "IEEE_8021X_PEAP_FORCE_NEW_LABEL"); - if (value && !strcmp (value, "1")) - svSetValueStr (ifcfg, "IEEE_8021X_PEAP_FORCE_NEW_LABEL", "yes"); + svSetValueBoolean_cond_true (ifcfg, + "IEEE_8021X_PEAP_FORCE_NEW_LABEL", + nm_streq0 (nm_setting_802_1x_get_phase1_peaplabel (s_8021x), "1")); - /* PAC file */ - value = nm_setting_802_1x_get_pac_file (s_8021x); - svUnsetValue (ifcfg, "IEEE_8021X_PAC_FILE"); - if (value) - svSetValueStr (ifcfg, "IEEE_8021X_PAC_FILE", value); + svSetValueStr (ifcfg, + "IEEE_8021X_PAC_FILE", + nm_setting_802_1x_get_pac_file (s_8021x)); /* FAST PAC provisioning */ value = nm_setting_802_1x_get_phase1_fast_provisioning (s_8021x); - svUnsetValue (ifcfg, "IEEE_8021X_FAST_PROVISIONING"); if (value) { if (strcmp (value, "1") == 0) - svSetValueStr (ifcfg, "IEEE_8021X_FAST_PROVISIONING", "allow-unauth"); + value = "allow-unauth"; else if (strcmp (value, "2") == 0) - svSetValueStr (ifcfg, "IEEE_8021X_FAST_PROVISIONING", "allow-auth"); + value = "allow-auth"; else if (strcmp (value, "3") == 0) - svSetValueStr (ifcfg, "IEEE_8021X_FAST_PROVISIONING", "allow-unauth allow-auth"); + value = "allow-unauth allow-auth"; + else + value = NULL; } + svSetValueStr (ifcfg, "IEEE_8021X_FAST_PROVISIONING", value); /* Phase2 auth methods */ svUnsetValue (ifcfg, "IEEE_8021X_INNER_AUTH_METHODS"); @@ -528,10 +526,9 @@ write_8021x_setting (NMConnection *connection, vint = nm_setting_802_1x_get_auth_timeout (s_8021x); svSetValueInt64_cond (ifcfg, "IEEE_8021X_AUTH_TIMEOUT", vint > 0, vint); - if (nm_setting_802_1x_get_optional (s_8021x)) - svSetValueBoolean (ifcfg, "IEEE_8021X_OPTIONAL", TRUE); - else - svUnsetValue (ifcfg, "IEEE_8021X_OPTIONAL"); + svSetValueBoolean_cond_true (ifcfg, + "IEEE_8021X_OPTIONAL", + nm_setting_802_1x_get_optional (s_8021x)); if (!write_8021x_certs (s_8021x, secrets, blobs, FALSE, ifcfg, error)) return FALSE;