It is wrong to move the handling of quotes outside of shvar.h.
The ifcfg-rh core library (shvar.h) should handle quotation
transparently.
It is also wrong to encode meaning of the WPA_PSK depending on whether
the value is quoted or not. A psk that is 64 chars *must* be in hex
representation, and anything else is taken literal.
Also, the special handling of bash-syntax with $' was wrong. Including
the unit test "keys-test-wifi-wpa-psk-2" which contained invalid shell.
Support for $' must be done inside of shvar.h, for all properties alike
not just for WPA_PSK.
Let shvar.h do the escaping/unescaping of the ESSID.
We should not treat a value differently whether it is quoted or not.
Also, cutting away double quotes and calling svUnescape() is just wrong.
Now, we write a value in hex if it contains non-printable characters
or if the reader would treat it like a hex value. Reader treats ESSID
now as hex if it starts with "0x" followed by pairs of hex digits.
svUnescape() has no problem with extremely long strings.
It does not allocate any memory and has O(n) complexity.
No problem.
If somebody has a problem with extremely large files it's
shvarFile itself which caches the entire file in memory.
Also, libnm-core allows team configs to be 1 MB in size.
So, allow that here too.
It's not clear why we would read the CIPHER_GROUP/CIPHER_PAIRWISE
verbatim=TRUE (without shell unescaping). Especially since ifcfg-rh
writer does
svSetValue (ifcfg, "CIPHER_PAIRWISE", str->str, FALSE);
Depending on how arguments are passed to the called function,
this could lead to a crash.
Maybe not on 32 bit machines where the size of the pointer is
the size of an int.
Maybe not on x86_64, where the arguments are passed in registers.
Fixes: b88c309167
The tests were checking that the keyfiles had permission
0600 and there was a check-local target to prepare the permissons
of the tests.
That is inconvenient, and it is unexpected to have a check-local
target for such a case.
Also, the tests were not testing that keyfile reader would
bail out on invalid permissions. So just skip the check for
testing.
In some places we use g_file_set_contents() after a umask() to limit
the permissions of the created file. Unfortunately if the containing
directory has a default ACL the umask will be ignored and the new file
will have a mode equal to the default ACL (since g_file_set_contents()
opens the file with mode 0666).
Calling a chmod() after the file gets created is insecure (see commit
60b7ed3bdc) and so the only solution seems to be to reimplement
g_file_set_contents() and accept a mode as parameter.
We already had similar functions in the tree, consolidate them into a
new generic utility function.
https://bugzilla.gnome.org/show_bug.cgi?id=769702
Don't have the test recompile parts of the settings plugin.
Instead, build one core library that is used both by the test
and the settings plugin.
Advantage: might save some compilation time, but more importantly: the
test use the same object code then NetworkManager itself, avoiding
different behavior due to compilation flags.
We don't need need separate unit tests for basic tests that can
just run in the same test-run. If you really need to run only
a particular set of tests, try
./src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh -p /settings/plugins/ifcfg-rh/utils
Results in less compilation (time), and less binaries to test during
`make check`.
First of all, G_LOG_DOMAIN only matters when using g_log() directly.
Inside core, we always want to log via nm-logging. Every call to a
g_log() is a bug in the first place (like a failed assertion that logs
a g_critical() during g_return_if_fail()).
So, for all practic purposes, the logging domain is not used.
For nm-logging, the G_LOG_DOMAIN has no effect. Unless we find a proper
use of this domain, G_LOG_DOMAIN should not differ from what the rest of
core.
The numeric value of NM_SETTING_PROXY_METHOD_NONE should be zero,
as that is the more natural default.
Also, cast all uses of the enum values in g_object_set() to
(int).
