[network-manager-libreswan/th/vpn-plugin-debug-bgo766872: 6/22] properties: fail import of files that have no "conn" section



commit 9b100bfe907a6bdb5f85cd37cf61718203fda361
Author: Thomas Haller <thaller redhat com>
Date:   Thu May 26 11:02:52 2016 +0200

    properties: fail import of files that have no "conn" section
    
    Previously, import would only consider the lines that it understands,
    ignoring any invalid line.
    
    That means, a completely bogus file was still accepted and a
    NMConnection witout ID was created (which later fails validation).
    
    Do a minimum of validation and require a "conn" section.
    
    Also, there could be multiple "conn" sections within a file.
    Only consider the first and ignore the following.

 properties/nm-libreswan-editor-plugin.c |   23 +++++++++++++++++++----
 shared/nm-default.h                     |    2 ++
 2 files changed, 21 insertions(+), 4 deletions(-)
---
diff --git a/properties/nm-libreswan-editor-plugin.c b/properties/nm-libreswan-editor-plugin.c
index dcc3308..fd74e4a 100644
--- a/properties/nm-libreswan-editor-plugin.c
+++ b/properties/nm-libreswan-editor-plugin.c
@@ -69,8 +69,9 @@ import_from_file (NMVpnEditorPlugin *self,
        NMSettingConnection *s_con;
        NMSettingVpn *s_vpn;
        GIOChannel *chan;
-       gchar *str;
+       char *str_tmp;
        int fd, errsv;
+       gboolean has_conn = FALSE;
 
        fd = g_open (path, O_RDONLY, 0777);
        if (fd == -1) {
@@ -88,10 +89,18 @@ import_from_file (NMVpnEditorPlugin *self,
        g_object_set (s_vpn, NM_SETTING_VPN_SERVICE_TYPE, NM_VPN_SERVICE_TYPE_LIBRESWAN, NULL);
 
        chan = g_io_channel_unix_new (fd);
-       while (g_io_channel_read_line (chan, &str, NULL, NULL, NULL) == G_IO_STATUS_NORMAL) {
+       while (g_io_channel_read_line (chan, &str_tmp, NULL, NULL, NULL) == G_IO_STATUS_NORMAL) {
+               gs_free char *str = str_tmp;
+
                g_strstrip (str);
-               if (g_str_has_prefix (str, "conn "))
+               if (g_str_has_prefix (str, "conn ")) {
+                       if (has_conn) {
+                               /* only accept the frist connection section */
+                               break;
+                       }
+                       has_conn = TRUE;
                        g_object_set (s_con, NM_SETTING_CONNECTION_ID, &str[5], NULL);
+               }
                else if (g_str_has_prefix (str, "leftid=@"))
                        nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_LEFTID, &str[8]);
                else if (g_str_has_prefix (str, "leftxauthusername="))
@@ -107,12 +116,18 @@ import_from_file (NMVpnEditorPlugin *self,
                else {
                        /* unknown tokens are silently ignored. */
                }
-               g_free (str);
        }
        g_io_channel_unref (chan);
 
        g_close (fd, NULL);
 
+       if( !has_conn) {
+               g_set_error (error, NMV_EDITOR_PLUGIN_ERROR, NMV_EDITOR_PLUGIN_ERROR_FILE_NOT_VPN,
+                            _("Missing \"conn\" section in \"%s\""), path);
+               g_object_unref (connection);
+               return NULL;
+       }
+
        return connection;
 }
 
diff --git a/shared/nm-default.h b/shared/nm-default.h
index 299a51a..c46de33 100644
--- a/shared/nm-default.h
+++ b/shared/nm-default.h
@@ -77,6 +77,7 @@
 #define nm_simple_connection_new                    nm_connection_new
 #define NMV_EDITOR_PLUGIN_ERROR                     NM_SETTING_VPN_ERROR
 #define NMV_EDITOR_PLUGIN_ERROR_INVALID_PROPERTY    NM_SETTING_VPN_ERROR_INVALID_PROPERTY
+#define NMV_EDITOR_PLUGIN_ERROR_FILE_NOT_VPN        NM_SETTING_VPN_ERROR_UNKNOWN
 
 #else /* !NM_VPN_OLD */
 
@@ -84,6 +85,7 @@
 
 #define NMV_EDITOR_PLUGIN_ERROR                     NM_CONNECTION_ERROR
 #define NMV_EDITOR_PLUGIN_ERROR_INVALID_PROPERTY    NM_CONNECTION_ERROR_INVALID_PROPERTY
+#define NMV_EDITOR_PLUGIN_ERROR_FILE_NOT_VPN        NM_CONNECTION_ERROR_FAILED
 
 #endif /* NM_VPN_OLD */
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]