From e165511ed8b21014a4974ae462d0ab995b0922e4 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Thu, 3 Mar 2011 17:32:29 -0600 Subject: [PATCH] ifcfg-rh: fix handling of private key password secret flags --- src/settings/plugins/ifcfg-rh/reader.c | 6 +- .../tests/network-scripts/Makefile.am | 2 + .../ifcfg-test-wired-8021x-tls-agent | 14 ++++ .../ifcfg-test-wired-8021x-tls-always | 14 ++++ .../plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 68 ++++++++++++++++++- 5 files changed, 99 insertions(+), 5 deletions(-) create mode 100644 src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-8021x-tls-agent create mode 100644 src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-8021x-tls-always diff --git a/src/settings/plugins/ifcfg-rh/reader.c b/src/settings/plugins/ifcfg-rh/reader.c index 03d2f0ec1c..70d9ed77c2 100644 --- a/src/settings/plugins/ifcfg-rh/reader.c +++ b/src/settings/plugins/ifcfg-rh/reader.c @@ -2070,6 +2070,7 @@ eap_tls_reader (const char *eap_method, const char *pk_key = phase2 ? "IEEE_8021X_INNER_PRIVATE_KEY" : "IEEE_8021X_PRIVATE_KEY"; const char *cli_cert_key = phase2 ? "IEEE_8021X_INNER_CLIENT_CERT" : "IEEE_8021X_CLIENT_CERT"; const char *pk_pw_flags_key = phase2 ? "IEEE_8021X_INNER_PRIVATE_KEY_PASSWORD_FLAGS": "IEEE_8021X_PRIVATE_KEY_PASSWORD_FLAGS"; + const char *pk_pw_flags_prop = phase2 ? NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS : NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS; NMSettingSecretFlags flags; value = svGetValue (ifcfg, "IEEE_8021X_IDENTITY", FALSE); @@ -2111,10 +2112,7 @@ eap_tls_reader (const char *eap_method, /* Read and set private key password flags */ flags = read_secret_flags (ifcfg, pk_pw_flags_key); - g_object_set (s_8021x, - phase2 ? NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS : NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS, - flags, - NULL); + g_object_set (s_8021x, pk_pw_flags_prop, flags, NULL); /* Read the private key password if it's system-owned */ if (flags == NM_SETTING_SECRET_FLAG_NONE) { diff --git a/src/settings/plugins/ifcfg-rh/tests/network-scripts/Makefile.am b/src/settings/plugins/ifcfg-rh/tests/network-scripts/Makefile.am index 63866d9f2a..89760d863e 100644 --- a/src/settings/plugins/ifcfg-rh/tests/network-scripts/Makefile.am +++ b/src/settings/plugins/ifcfg-rh/tests/network-scripts/Makefile.am @@ -14,6 +14,8 @@ EXTRA_DIST = \ network-test-wired-defroute-no-gatewaydev-yes \ ifcfg-test-wired-8021x-peap-mschapv2 \ keys-test-wired-8021x-peap-mschapv2 \ + ifcfg-test-wired-8021x-tls-agent \ + ifcfg-test-wired-8021x-tls-always \ ifcfg-test-onboot-no \ ifcfg-test-wifi-open \ ifcfg-test-wifi-open-auto \ diff --git a/src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-8021x-tls-agent b/src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-8021x-tls-agent new file mode 100644 index 0000000000..052ab425af --- /dev/null +++ b/src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-8021x-tls-agent @@ -0,0 +1,14 @@ +# Intel Corporation 82540EP Gigabit Ethernet Controller (Mobile) +TYPE=Ethernet +DEVICE=eth0 +HWADDR=00:11:22:33:44:ee +BOOTPROTO=dhcp +ONBOOT=yes +NM_CONTROLLED=yes +KEY_MGMT=IEEE8021X +IEEE_8021X_EAP_METHODS=TLS +IEEE_8021X_IDENTITY="David Smith" +IEEE_8021X_CA_CERT=test_ca_cert.pem +IEEE_8021X_CLIENT_CERT=test1_key_and_cert.pem +IEEE_8021X_PRIVATE_KEY=test1_key_and_cert.pem +IEEE_8021X_PRIVATE_KEY_PASSWORD_FLAGS=user diff --git a/src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-8021x-tls-always b/src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-8021x-tls-always new file mode 100644 index 0000000000..5deee06631 --- /dev/null +++ b/src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-8021x-tls-always @@ -0,0 +1,14 @@ +# Intel Corporation 82540EP Gigabit Ethernet Controller (Mobile) +TYPE=Ethernet +DEVICE=eth0 +HWADDR=00:11:22:33:44:ee +BOOTPROTO=dhcp +ONBOOT=yes +NM_CONTROLLED=yes +KEY_MGMT=IEEE8021X +IEEE_8021X_EAP_METHODS=TLS +IEEE_8021X_IDENTITY="David Smith" +IEEE_8021X_CA_CERT=test_ca_cert.pem +IEEE_8021X_CLIENT_CERT=test1_key_and_cert.pem +IEEE_8021X_PRIVATE_KEY=test1_key_and_cert.pem +IEEE_8021X_PRIVATE_KEY_PASSWORD_FLAGS="user ask" diff --git a/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c index 2b4cb09f70..e785e82cb5 100644 --- a/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c +++ b/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c @@ -15,7 +15,7 @@ * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * - * Copyright (C) 2008 - 2010 Red Hat, Inc. + * Copyright (C) 2008 - 2011 Red Hat, Inc. */ #include @@ -2680,6 +2680,69 @@ test_read_wired_8021x_peap_mschapv2 (void) g_object_unref (connection); } +#define TEST_IFCFG_WIRED_8021X_TLS_AGENT TEST_IFCFG_DIR"/network-scripts/ifcfg-test-wired-8021x-tls-agent" +#define TEST_IFCFG_WIRED_8021X_TLS_ALWAYS TEST_IFCFG_DIR"/network-scripts/ifcfg-test-wired-8021x-tls-always" + +static void +test_read_wired_8021x_tls_secret_flags (const char *ifcfg, NMSettingSecretFlags expected_flags) +{ + NMConnection *connection; + NMSettingWired *s_wired; + NMSetting8021x *s_8021x; + char *unmanaged = NULL; + char *keyfile = NULL; + char *routefile = NULL; + char *route6file = NULL; + gboolean ignore_error = FALSE; + GError *error = NULL; + const char *expected_identity = "David Smith"; + gboolean success = FALSE; + char *dirname, *tmp; + + connection = connection_from_file (ifcfg, + NULL, + TYPE_ETHERNET, + NULL, + &unmanaged, + &keyfile, + &routefile, + &route6file, + &error, + &ignore_error); + g_assert_no_error (error); + g_assert (connection); + + success = nm_connection_verify (connection, &error); + g_assert_no_error (error); + g_assert (success); + + /* ===== WIRED SETTING ===== */ + s_wired = (NMSettingWired *) nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRED); + g_assert (s_wired); + + /* ===== 802.1x SETTING ===== */ + s_8021x = (NMSetting8021x *) nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X); + g_assert (s_8021x); + g_assert_cmpint (nm_setting_802_1x_get_num_eap_methods (s_8021x), ==, 1); + g_assert_cmpstr (nm_setting_802_1x_get_eap_method (s_8021x, 0), ==, "tls"); + g_assert_cmpstr (nm_setting_802_1x_get_identity (s_8021x), ==, expected_identity); + g_assert_cmpint (nm_setting_802_1x_get_private_key_password_flags (s_8021x), ==, expected_flags); + + dirname = g_path_get_dirname (ifcfg); + tmp = g_build_path ("/", dirname, "test_ca_cert.pem", NULL); + g_assert_cmpstr (nm_setting_802_1x_get_ca_cert_path (s_8021x), ==, tmp); + g_free (tmp); + + tmp = g_build_path ("/", dirname, "test1_key_and_cert.pem", NULL); + g_assert_cmpstr (nm_setting_802_1x_get_client_cert_path (s_8021x), ==, tmp); + g_assert_cmpstr (nm_setting_802_1x_get_private_key_path (s_8021x), ==, tmp); + g_free (tmp); + + g_free (dirname); + + g_object_unref (connection); +} + #define TEST_IFCFG_WIFI_OPEN TEST_IFCFG_DIR"/network-scripts/ifcfg-test-wifi-open" static void @@ -10422,6 +10485,9 @@ int main (int argc, char **argv) test_read_wired_dhcp6_only (); test_read_onboot_no (); test_read_wired_8021x_peap_mschapv2 (); + test_read_wired_8021x_tls_secret_flags (TEST_IFCFG_WIRED_8021X_TLS_AGENT, NM_SETTING_SECRET_FLAG_AGENT_OWNED); + test_read_wired_8021x_tls_secret_flags (TEST_IFCFG_WIRED_8021X_TLS_ALWAYS, + NM_SETTING_SECRET_FLAG_AGENT_OWNED | NM_SETTING_SECRET_FLAG_NOT_SAVED); test_read_wifi_open (); test_read_wifi_open_auto (); test_read_wifi_open_ssid_hex ();