From dbbedce21f0dbb2849ed48bd2cee3b98e1ad2135 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Mon, 9 Mar 2015 12:52:28 +0100 Subject: [PATCH] libnm: don't check for valid passwords in NMSetting:verify() We must never fail verification of a connection based on a password because the password is re-requested during activation. Otherwise, if the user enters an invalid password for a (previously) valid connection, the connection becomes invalid. NetworkManager does not expect or handle that requesting password can make a connection invalid. Invalid passwords should be treated as wrong passwords. Only a UI (such as nm-connection-editor or nmcli) should validate passwords against a certain scheme. Note that there is need_secrets() which on the contrary must check for valid passwords. Error scenario: Connect to a WEP Wi-Fi, via `nmcli device wifi connect SSID`. The generated connection has wep-key-type=0 (UNKNOWN) and wep-key-flags=0. When trying to connect, NM will ask for secrets and set the wep-key0 field. After that, verification can fail (e.g. if the password is longer then 64 chars). --- libnm-core/nm-setting-adsl.c | 11 +---- libnm-core/nm-setting-cdma.c | 11 +---- libnm-core/nm-setting-gsm.c | 11 +---- libnm-core/nm-setting-wireless-security.c | 52 +---------------------- libnm-util/nm-setting-adsl.c | 11 +---- libnm-util/nm-setting-cdma.c | 11 +---- libnm-util/nm-setting-gsm.c | 11 +---- libnm-util/nm-setting-wireless-security.c | 52 +---------------------- 8 files changed, 8 insertions(+), 162 deletions(-) diff --git a/libnm-core/nm-setting-adsl.c b/libnm-core/nm-setting-adsl.c index 00bcef543..2e71f8e79 100644 --- a/libnm-core/nm-setting-adsl.c +++ b/libnm-core/nm-setting-adsl.c @@ -199,15 +199,6 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) return FALSE; } - if (priv->password && !strlen (priv->password)) { - g_set_error_literal (error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("property is empty")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_ADSL_SETTING_NAME, NM_SETTING_ADSL_PASSWORD); - return FALSE; - } - if ( !priv->protocol || ( strcmp (priv->protocol, NM_SETTING_ADSL_PROTOCOL_PPPOA) && strcmp (priv->protocol, NM_SETTING_ADSL_PROTOCOL_PPPOE) @@ -242,7 +233,7 @@ need_secrets (NMSetting *setting) NMSettingAdslPrivate *priv = NM_SETTING_ADSL_GET_PRIVATE (setting); GPtrArray *secrets = NULL; - if (priv->password) + if (priv->password && *priv->password) return NULL; if (!(priv->password_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)) { diff --git a/libnm-core/nm-setting-cdma.c b/libnm-core/nm-setting-cdma.c index ebbbda740..ecc387c8f 100644 --- a/libnm-core/nm-setting-cdma.c +++ b/libnm-core/nm-setting-cdma.c @@ -160,15 +160,6 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) return FALSE; } - if (priv->password && !strlen (priv->password)) { - g_set_error_literal (error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("property is empty")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_CDMA_SETTING_NAME, NM_SETTING_CDMA_PASSWORD); - return FALSE; - } - return TRUE; } @@ -178,7 +169,7 @@ need_secrets (NMSetting *setting) NMSettingCdmaPrivate *priv = NM_SETTING_CDMA_GET_PRIVATE (setting); GPtrArray *secrets = NULL; - if (priv->password) + if (priv->password && *priv->password) return NULL; if (priv->username) { diff --git a/libnm-core/nm-setting-gsm.c b/libnm-core/nm-setting-gsm.c index fb76d18f0..36557a256 100644 --- a/libnm-core/nm-setting-gsm.c +++ b/libnm-core/nm-setting-gsm.c @@ -285,15 +285,6 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) return FALSE; } - if (priv->password && !strlen (priv->password)) { - g_set_error_literal (error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("property is empty")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_GSM_SETTING_NAME, NM_SETTING_GSM_PASSWORD); - return FALSE; - } - if (priv->network_id) { guint32 nid_len = strlen (priv->network_id); guint32 i; @@ -331,7 +322,7 @@ need_secrets (NMSetting *setting) NMSettingGsmPrivate *priv = NM_SETTING_GSM_GET_PRIVATE (setting); GPtrArray *secrets = NULL; - if (priv->password) + if (priv->password && *priv->password) return NULL; if (priv->username) { diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c index c95f92435..a56a8e975 100644 --- a/libnm-core/nm-setting-wireless-security.c +++ b/libnm-core/nm-setting-wireless-security.c @@ -822,7 +822,7 @@ need_secrets (NMSetting *setting) if ( priv->auth_alg && !strcmp (priv->auth_alg, "leap") && !strcmp (priv->key_mgmt, "ieee8021x")) { - if (!priv->leap_password || !strlen (priv->leap_password)) { + if (!priv->leap_password || !*priv->leap_password) { g_ptr_array_add (secrets, NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD); return secrets; } @@ -893,14 +893,6 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME); return FALSE; } - if (priv->leap_password && !strlen (priv->leap_password)) { - g_set_error_literal (error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_MISSING_PROPERTY, - _("property is empty")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD); - return FALSE; - } } else { if ( (strcmp (priv->key_mgmt, "ieee8021x") == 0) || (strcmp (priv->key_mgmt, "wpa-eap") == 0)) { @@ -945,39 +937,6 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) return FALSE; } - if (priv->wep_key0 && !nm_utils_wep_key_valid (priv->wep_key0, priv->wep_key_type)) { - g_set_error_literal (error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("property is invalid")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY0); - return FALSE; - } - if (priv->wep_key1 && !nm_utils_wep_key_valid (priv->wep_key1, priv->wep_key_type)) { - g_set_error_literal (error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("property is invalid")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY1); - return FALSE; - } - if (priv->wep_key2 && !nm_utils_wep_key_valid (priv->wep_key2, priv->wep_key_type)) { - g_set_error_literal (error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("property is invalid")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY2); - return FALSE; - } - if (priv->wep_key3 && !nm_utils_wep_key_valid (priv->wep_key3, priv->wep_key_type)) { - g_set_error_literal (error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("property is invalid")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY3); - return FALSE; - } - if (priv->auth_alg && !_nm_utils_string_in_list (priv->auth_alg, valid_auth_algs)) { g_set_error_literal (error, NM_CONNECTION_ERROR, @@ -987,15 +946,6 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) return FALSE; } - if (priv->psk && !nm_utils_wpa_psk_valid (priv->psk)) { - g_set_error_literal (error, - NM_CONNECTION_ERROR, - NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("property is invalid")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_PSK); - return FALSE; - } - if (priv->proto && !_nm_utils_string_slist_validate (priv->proto, valid_protos)) { g_set_error_literal (error, NM_CONNECTION_ERROR, diff --git a/libnm-util/nm-setting-adsl.c b/libnm-util/nm-setting-adsl.c index 601ebc2b2..5355011cd 100644 --- a/libnm-util/nm-setting-adsl.c +++ b/libnm-util/nm-setting-adsl.c @@ -219,15 +219,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) return FALSE; } - if (priv->password && !strlen (priv->password)) { - g_set_error_literal (error, - NM_SETTING_ADSL_ERROR, - NM_SETTING_ADSL_ERROR_INVALID_PROPERTY, - _("property is empty")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_ADSL_SETTING_NAME, NM_SETTING_ADSL_PASSWORD); - return FALSE; - } - if ( !priv->protocol || ( strcmp (priv->protocol, NM_SETTING_ADSL_PROTOCOL_PPPOA) && strcmp (priv->protocol, NM_SETTING_ADSL_PROTOCOL_PPPOE) @@ -262,7 +253,7 @@ need_secrets (NMSetting *setting) NMSettingAdslPrivate *priv = NM_SETTING_ADSL_GET_PRIVATE (setting); GPtrArray *secrets = NULL; - if (priv->password) + if (priv->password && *priv->password) return NULL; if (!(priv->password_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)) { diff --git a/libnm-util/nm-setting-cdma.c b/libnm-util/nm-setting-cdma.c index 44a893c7b..53f886ece 100644 --- a/libnm-util/nm-setting-cdma.c +++ b/libnm-util/nm-setting-cdma.c @@ -181,15 +181,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) return FALSE; } - if (priv->password && !strlen (priv->password)) { - g_set_error_literal (error, - NM_SETTING_CDMA_ERROR, - NM_SETTING_CDMA_ERROR_INVALID_PROPERTY, - _("property is empty")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_CDMA_SETTING_NAME, NM_SETTING_CDMA_PASSWORD); - return FALSE; - } - return TRUE; } @@ -199,7 +190,7 @@ need_secrets (NMSetting *setting) NMSettingCdmaPrivate *priv = NM_SETTING_CDMA_GET_PRIVATE (setting); GPtrArray *secrets = NULL; - if (priv->password) + if (priv->password && *priv->password) return NULL; if (priv->username) { diff --git a/libnm-util/nm-setting-gsm.c b/libnm-util/nm-setting-gsm.c index 95c7a103d..e422c92e6 100644 --- a/libnm-util/nm-setting-gsm.c +++ b/libnm-util/nm-setting-gsm.c @@ -342,15 +342,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) return FALSE; } - if (priv->password && !strlen (priv->password)) { - g_set_error_literal (error, - NM_SETTING_GSM_ERROR, - NM_SETTING_GSM_ERROR_INVALID_PROPERTY, - _("property is empty")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_GSM_SETTING_NAME, NM_SETTING_GSM_PASSWORD); - return FALSE; - } - if (priv->network_id) { guint32 nid_len = strlen (priv->network_id); guint32 i; @@ -388,7 +379,7 @@ need_secrets (NMSetting *setting) NMSettingGsmPrivate *priv = NM_SETTING_GSM_GET_PRIVATE (setting); GPtrArray *secrets = NULL; - if (priv->password) + if (priv->password && *priv->password) return NULL; if (priv->username) { diff --git a/libnm-util/nm-setting-wireless-security.c b/libnm-util/nm-setting-wireless-security.c index 5e3456ceb..574ff3bd5 100644 --- a/libnm-util/nm-setting-wireless-security.c +++ b/libnm-util/nm-setting-wireless-security.c @@ -852,7 +852,7 @@ need_secrets (NMSetting *setting) if ( priv->auth_alg && !strcmp (priv->auth_alg, "leap") && !strcmp (priv->key_mgmt, "ieee8021x")) { - if (!priv->leap_password || !strlen (priv->leap_password)) { + if (!priv->leap_password || !*priv->leap_password) { g_ptr_array_add (secrets, NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD); return secrets; } @@ -923,14 +923,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME); return FALSE; } - if (priv->leap_password && !strlen (priv->leap_password)) { - g_set_error_literal (error, - NM_SETTING_WIRELESS_SECURITY_ERROR, - NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - _("property is empty")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD); - return FALSE; - } } else { if ( (strcmp (priv->key_mgmt, "ieee8021x") == 0) || (strcmp (priv->key_mgmt, "wpa-eap") == 0)) { @@ -975,39 +967,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) return FALSE; } - if (priv->wep_key0 && !nm_utils_wep_key_valid (priv->wep_key0, priv->wep_key_type)) { - g_set_error_literal (error, - NM_SETTING_WIRELESS_SECURITY_ERROR, - NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - _("property is invalid")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY0); - return FALSE; - } - if (priv->wep_key1 && !nm_utils_wep_key_valid (priv->wep_key1, priv->wep_key_type)) { - g_set_error_literal (error, - NM_SETTING_WIRELESS_SECURITY_ERROR, - NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - _("property is invalid")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY1); - return FALSE; - } - if (priv->wep_key2 && !nm_utils_wep_key_valid (priv->wep_key2, priv->wep_key_type)) { - g_set_error_literal (error, - NM_SETTING_WIRELESS_SECURITY_ERROR, - NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - _("property is invalid")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY2); - return FALSE; - } - if (priv->wep_key3 && !nm_utils_wep_key_valid (priv->wep_key3, priv->wep_key_type)) { - g_set_error_literal (error, - NM_SETTING_WIRELESS_SECURITY_ERROR, - NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - _("property is invalid")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY3); - return FALSE; - } - if (priv->auth_alg && !_nm_utils_string_in_list (priv->auth_alg, valid_auth_algs)) { g_set_error_literal (error, NM_SETTING_WIRELESS_SECURITY_ERROR, @@ -1017,15 +976,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) return FALSE; } - if (priv->psk && !nm_utils_wpa_psk_valid (priv->psk)) { - g_set_error_literal (error, - NM_SETTING_WIRELESS_SECURITY_ERROR, - NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, - _("property is invalid")); - g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_PSK); - return FALSE; - } - if (priv->proto && !_nm_utils_string_slist_validate (priv->proto, valid_protos)) { g_set_error_literal (error, NM_SETTING_WIRELESS_SECURITY_ERROR,