[network-manager-openvpn/th/utf8safe-bgo763039: 4/5] all: check for UTF-8 encoding and escape invalid characters in filenames
- From: Thomas Haller <thaller src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-openvpn/th/utf8safe-bgo763039: 4/5] all: check for UTF-8 encoding and escape invalid characters in filenames
- Date: Thu, 3 Mar 2016 12:16:12 +0000 (UTC)
commit 70f4dbc7093ebded729075304748d7a1c3d6c8ee
Author: Thomas Haller <thaller redhat com>
Date: Thu Mar 3 09:47:04 2016 +0100
all: check for UTF-8 encoding and escape invalid characters in filenames
NMSettingVpn is a dictionary of strings which gets serialized over
D-Bus. Thus all values must be UTF-8.
Ensure that during import we only set UTF-8 values.
Certain properties, like the device name and filenames are not in a specific
encoding. Rather they are NUL terminated C-string that are directly
passed to the encoding-agnostic C/kernel API (like open() or the interface
name).
These properties are not plain UTF-8 strings but must be escaped using
the nmv_utils_str_utf8safe_*() functions. With this, unless a string
contains a non-UTF-8 character or the escaping character '\\', they
look just like regular UTF-8 values.
From a UI point of view, the user can now edit arbitrary names
in the input field by using backslash escapes. The GTK file chooser
should be adjusted to properly convert back and forth. This is not yet
done.
The following properties are utf8safe escaped:
- NM_OPENVPN_KEY_DEV
- NM_OPENVPN_KEY_CA
- NM_OPENVPN_KEY_CERT
- NM_OPENVPN_KEY_KEY
- NM_OPENVPN_KEY_STATIC_KEY
- NM_OPENVPN_KEY_TA
properties/import-export.c | 172 ++++++++++++++++++++++++++++++++------------
src/nm-openvpn-service.c | 39 ++++++++--
2 files changed, 157 insertions(+), 54 deletions(-)
---
diff --git a/properties/import-export.c b/properties/import-export.c
index d617012..ae27715 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -156,6 +156,46 @@ setting_vpn_add_data_item (NMSettingVpn *setting,
nm_setting_vpn_add_data_item (setting, key, value);
}
+static void
+setting_vpn_add_data_item_escape (NMSettingVpn *setting,
+ const char *key,
+ const char *value)
+{
+ gs_free char *s = NULL;
+
+ g_return_if_fail (NM_IS_SETTING_VPN (setting));
+ g_return_if_fail (key && key[0]);
+ g_return_if_fail (value && value[0]);
+
+ nm_setting_vpn_add_data_item (setting, key,
+ nmv_utils_str_utf8safe_escape_c (value, &s));
+}
+
+static void
+setting_vpn_add_data_item_path (NMSettingVpn *setting,
+ const char *key,
+ const char *value)
+{
+ setting_vpn_add_data_item_escape (setting, key, value);
+}
+
+static gboolean
+setting_vpn_eq_data_item_escaped (NMSettingVpn *setting,
+ const char *key,
+ const char *expected_value)
+{
+ gs_free char *s_free = NULL;
+ const char *s;
+
+ s = nm_setting_vpn_get_data_item (setting, key);
+ if (!s)
+ return expected_value == NULL;
+
+ if (!expected_value)
+ return FALSE;
+ return nm_streq (expected_value, nmv_utils_str_utf8safe_unescape_c (s, &s_free));
+}
+
static gboolean
args_params_check_nargs_minmax (const char **params, guint nargs_min, guint nargs_max, char **out_error)
{
@@ -188,6 +228,39 @@ args_params_check_nargs_n (const char **params, guint nargs, char **out_error)
}
static gboolean
+args_params_check_arg_nonempty (const char **params,
+ guint n_param,
+ const char *argument_name,
+ char **out_error)
+{
+ g_return_val_if_fail (params, FALSE);
+ g_return_val_if_fail (params[0], FALSE);
+ g_return_val_if_fail (n_param > 0 && n_param < g_strv_length ((char **) params), FALSE);
+ g_return_val_if_fail (out_error && !*out_error, FALSE);
+
+ if (params[n_param][0] == '\0') {
+ *out_error = g_strdup_printf (_("argument%s%s of \"%s\" can not be empty"), argument_name ? "
" : "", argument_name ?: "", params[0]);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+static gboolean
+args_params_check_arg_utf8 (const char **params,
+ guint n_param,
+ const char *argument_name,
+ char **out_error)
+{
+ if (!args_params_check_arg_nonempty (params, n_param, argument_name, out_error))
+ return FALSE;
+ if (!_is_utf8 (params[n_param])) {
+ *out_error = g_strdup_printf (_("argument%s%s of \"%s\" must be UTF-8 encoded"),
argument_name ? " " : "", argument_name ?: "", params[0]);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+static gboolean
args_params_parse_int64 (const char **params,
guint n_param,
gint64 min,
@@ -544,6 +617,14 @@ parse_http_proxy_auth (const char *default_path,
g_clear_pointer (out_pass, g_free);
return FALSE;
}
+
+ if ( !_is_utf8 (*out_user)
+ || !_is_utf8 (*out_pass)) {
+ *out_error = g_strdup_printf (_("user/password from HTTP proxy auth file must be UTF-8
encoded"));
+ g_clear_pointer (out_user, g_free);
+ g_clear_pointer (out_pass, g_free);
+ return FALSE;
+ }
return TRUE;
}
@@ -779,11 +860,9 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
if (NM_IN_STRSET (params[0], TAG_DEV)) {
if (!args_params_check_nargs_n (params, 1, &line_error))
goto handle_line_error;
- if (params[1][0] == '\0') {
- line_error = args_params_error_message_invalid_arg (params, 1);
+ if (!args_params_check_arg_nonempty (params, 1, NULL, &line_error))
goto handle_line_error;
- }
- setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_DEV, params[1]);
+ setting_vpn_add_data_item_escape (s_vpn, NM_OPENVPN_KEY_DEV, params[1]);
continue;
}
@@ -896,10 +975,8 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
goto handle_line_error;
}
- if (params[1][0] == '\0') {
- line_error = g_strdup_printf (_("empty %s service argument"), proxy_type);
+ if (!args_params_check_arg_utf8 (params, 1, "service", &line_error))
goto handle_line_error;
- }
if (params[2]) {
if (!args_params_parse_port (params, 2, &port, &line_error))
@@ -936,10 +1013,8 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
if (!args_params_check_nargs_minmax (params, 1, 3, &line_error))
goto handle_line_error;
- if (!params[1][0]) {
- line_error = g_strdup_printf (_("missing remote argument"));
+ if (!args_params_check_arg_utf8 (params, 1, NULL, &line_error))
goto handle_line_error;
- }
if (strchr (params[1], ' ')) {
line_error = g_strdup_printf (_("remote cannot contain space"));
goto handle_line_error;
@@ -1044,12 +1119,10 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
if (!args_params_check_nargs_minmax (params, 1, can_have_direction ? 2 : 1,
&line_error))
goto handle_line_error;
- file = params[1];
- if (file[0] == '\0') {
- line_error = g_strdup_printf (_("missing certificate file name"));
+ if (!args_params_check_arg_nonempty (params, 1, NULL, &line_error))
goto handle_line_error;
- }
+ file = params[1];
if (params[2]) {
if (!args_params_parse_key_direction (params, 2, &s_direction, &line_error))
@@ -1061,22 +1134,22 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
file = file_free = g_build_filename (default_path, file, NULL);
if (NM_IN_STRSET (params[0], TAG_PKCS12)) {
- setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_CA, file);
- setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_CERT, file);
- setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_KEY, file);
+ setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_CA, file);
+ setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_CERT, file);
+ setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_KEY, file);
} else if (NM_IN_STRSET (params[0], TAG_CA))
- setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_CA, file);
+ setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_CA, file);
else if (NM_IN_STRSET (params[0], TAG_CERT))
- setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_CERT, file);
+ setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_CERT, file);
else if (NM_IN_STRSET (params[0], TAG_KEY))
- setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_KEY, file);
+ setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_KEY, file);
else if (NM_IN_STRSET (params[0], TAG_SECRET)) {
- setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY, file);
+ setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_STATIC_KEY, file);
if (s_direction)
setting_vpn_add_data_item (s_vpn,
NM_OPENVPN_KEY_STATIC_KEY_DIRECTION, s_direction);
have_sk = TRUE;
} else if (NM_IN_STRSET (params[0], TAG_TLS_AUTH)) {
- setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TA, file);
+ setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_TA, file);
if (s_direction)
setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR, s_direction);
} else
@@ -1087,6 +1160,8 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
if (NM_IN_STRSET (params[0], TAG_CIPHER)) {
if (!args_params_check_nargs_n (params, 1, &line_error))
goto handle_line_error;
+ if (!args_params_check_arg_utf8 (params, 1, NULL, &line_error))
+ goto handle_line_error;
setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_CIPHER, params[1]);
continue;
}
@@ -1117,10 +1192,8 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
if (NM_IN_STRSET (params[0], TAG_TLS_REMOTE)) {
if (!args_params_check_nargs_n (params, 1, &line_error))
goto handle_line_error;
- if (params[1][0] == '\0') {
- line_error = g_strdup_printf (_("empty tls-remote argument"));
+ if (!args_params_check_arg_utf8 (params, 1, NULL, &line_error))
goto handle_line_error;
- }
setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TLS_REMOTE, params[1]);
continue;
}
@@ -1139,6 +1212,10 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
if (NM_IN_STRSET (params[0], TAG_IFCONFIG)) {
if (!args_params_check_nargs_n (params, 2, &line_error))
goto handle_line_error;
+ if (!args_params_check_arg_utf8 (params, 1, "local", &line_error))
+ goto handle_line_error;
+ if (!args_params_check_arg_utf8 (params, 2, "remote", &line_error))
+ goto handle_line_error;
setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_LOCAL_IP, params[1]);
setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_IP, params[2]);
continue;
@@ -1154,6 +1231,8 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
if (NM_IN_STRSET (params[0], TAG_AUTH)) {
if (!args_params_check_nargs_n (params, 1, &line_error))
goto handle_line_error;
+ if (!args_params_check_arg_utf8 (params, 1, NULL, &line_error))
+ goto handle_line_error;
setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_AUTH, params[1]);
continue;
}
@@ -1295,12 +1374,12 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
contents_cur_line = my_contents_cur_line;
if (key)
- setting_vpn_add_data_item (s_vpn, key, f_path);
+ setting_vpn_add_data_item_path (s_vpn, key, f_path);
else {
nm_assert (nm_streq (token, INLINE_BLOB_PKCS12));
- setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_CA, f_path);
- setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_CERT, f_path);
- setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_KEY, f_path);
+ setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_CA, f_path);
+ setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_CERT, f_path);
+ setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_KEY, f_path);
}
if ( can_have_direction
&& last_seen_key_direction)
@@ -1373,10 +1452,11 @@ handle_line_error:
NULL);
}
if (have_certs) {
+ gs_free char *key_path_free = NULL;
const char *key_path;
key_path = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY);
- if (key_path && is_encrypted (key_path)) {
+ if (is_encrypted (nmv_utils_str_utf8safe_unescape_c (key_path, &key_path_free))) {
/* If there should be a private key password, default it to
* being agent-owned.
*/
@@ -1393,12 +1473,12 @@ handle_line_error:
/* Check whether the setting was not overwritten by a later entry in the config-file. */
if (nm_streq (data->token, INLINE_BLOB_PKCS12)) {
- if ( !nm_streq0 (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CA),
data->path)
- && !nm_streq0 (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CERT),
data->path)
- && !nm_streq0 (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY),
data->path))
+ if ( !setting_vpn_eq_data_item_escaped (s_vpn, NM_OPENVPN_KEY_CA, data->path)
+ && !setting_vpn_eq_data_item_escaped (s_vpn, NM_OPENVPN_KEY_CERT, data->path)
+ && !setting_vpn_eq_data_item_escaped (s_vpn, NM_OPENVPN_KEY_KEY, data->path))
continue;
} else {
- if (!nm_streq0 (nm_setting_vpn_get_data_item (s_vpn, data->key), data->path))
+ if (!setting_vpn_eq_data_item_escaped (s_vpn, data->key, data->path))
continue;
}
if (!inline_blob_write_out (sl_iter->data, error))
@@ -1427,11 +1507,11 @@ do_export (const char *path, NMConnection *connection, GError **error)
const char *gateways = NULL;
char **gw_list, **gw_iter;
const char *cipher = NULL;
- const char *cacert = NULL;
+ gs_free char *cacert = NULL;
const char *connection_type = NULL;
- const char *user_cert = NULL;
- const char *private_key = NULL;
- const char *static_key = NULL;
+ gs_free char *user_cert = NULL;
+ gs_free char *private_key = NULL;
+ gs_free char *static_key = NULL;
const char *static_key_direction = NULL;
const char *port = NULL;
const char *ping = NULL;
@@ -1441,9 +1521,9 @@ do_export (const char *path, NMConnection *connection, GError **error)
const char *remote_ip = NULL;
const char *tls_remote = NULL;
const char *remote_cert_tls = NULL;
- const char *tls_auth = NULL;
+ gs_free char *tls_auth = NULL;
const char *tls_auth_dir = NULL;
- const char *device = NULL;
+ gs_free char *device = NULL;
const char *device_type = NULL;
const char *device_default = "tun";
gboolean success = FALSE;
@@ -1499,24 +1579,24 @@ do_export (const char *path, NMConnection *connection, GError **error)
|| !strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CA);
if (value && strlen (value))
- cacert = value;
+ cacert = nmv_utils_str_utf8safe_unescape (value);
}
if ( !strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS)
|| !strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CERT);
if (value && strlen (value))
- user_cert = value;
+ user_cert = nmv_utils_str_utf8safe_unescape (value);
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY);
if (value && strlen (value))
- private_key = value;
+ private_key = nmv_utils_str_utf8safe_unescape (value);
}
if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_STATIC_KEY)) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY);
if (value && strlen (value))
- static_key = value;
+ static_key = nmv_utils_str_utf8safe_unescape (value);
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY_DIRECTION);
if (value && strlen (value))
@@ -1557,7 +1637,7 @@ do_export (const char *path, NMConnection *connection, GError **error)
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_DEV);
if (value && strlen (value))
- device = value;
+ device = nmv_utils_str_utf8safe_unescape (value);
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_DEV_TYPE);
if (value && strlen (value))
@@ -1596,7 +1676,7 @@ do_export (const char *path, NMConnection *connection, GError **error)
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA);
if (value && strlen (value))
- tls_auth = value;
+ tls_auth = nmv_utils_str_utf8safe_unescape (value);
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR);
if (value && strlen (value))
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 812bd2b..bd16634 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -911,7 +911,20 @@ add_openvpn_arg (GPtrArray *args, const char *arg)
g_return_if_fail (args != NULL);
g_return_if_fail (arg != NULL);
- g_ptr_array_add (args, (gpointer) g_strdup (arg));
+ g_ptr_array_add (args, g_strdup (arg));
+}
+
+static const char *
+add_openvpn_arg_unescape (GPtrArray *args, const char *arg)
+{
+ char *arg_unescaped;
+
+ g_return_val_if_fail (args, NULL);
+ g_return_val_if_fail (arg, NULL);
+
+ arg_unescaped = nmv_utils_str_utf8safe_unescape (arg);
+ g_ptr_array_add (args, arg_unescaped);
+ return arg_unescaped;
}
static gboolean
@@ -937,13 +950,18 @@ static void
add_cert_args (GPtrArray *args, NMSettingVpn *s_vpn)
{
const char *ca, *cert, *key;
+ gs_free char *ca_free = NULL, *cert_free = NULL, *key_free = NULL;
g_return_if_fail (args != NULL);
g_return_if_fail (s_vpn != NULL);
- ca = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CA);
+ ca = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CA);
cert = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CERT);
- key = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY);
+ key = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY);
+
+ ca = nmv_utils_str_utf8safe_unescape_c (ca, &ca_free);
+ cert = nmv_utils_str_utf8safe_unescape_c (cert, &cert_free);
+ key = nmv_utils_str_utf8safe_unescape_c (key, &key_free);
if ( ca && strlen (ca)
&& cert && strlen (cert)
@@ -1286,8 +1304,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
tmp3 = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TAP_DEV);
add_openvpn_arg (args, "--dev");
if (tmp) {
- add_openvpn_arg (args, tmp);
- dev_type_is_tap = g_str_has_prefix (tmp, "tap");
+ const char *tmp_unescaped;
+
+ tmp_unescaped = add_openvpn_arg_unescape (args, tmp);
+ dev_type_is_tap = g_str_has_prefix (tmp_unescaped, "tap");
} else if (tmp2) {
add_openvpn_arg (args, tmp2);
dev_type_is_tap = FALSE; /* will be reset below (avoid maybe-uninitialized warning) */
@@ -1339,7 +1359,7 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA);
if (tmp && strlen (tmp)) {
add_openvpn_arg (args, "--tls-auth");
- add_openvpn_arg (args, tmp);
+ add_openvpn_arg_unescape (args, tmp);
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR);
if (tmp && strlen (tmp))
@@ -1479,7 +1499,7 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY);
if (tmp && strlen (tmp)) {
add_openvpn_arg (args, "--secret");
- add_openvpn_arg (args, tmp);
+ add_openvpn_arg_unescape (args, tmp);
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY_DIRECTION);
if (tmp && strlen (tmp))
@@ -1520,7 +1540,7 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CA);
if (tmp && strlen (tmp)) {
add_openvpn_arg (args, "--ca");
- add_openvpn_arg (args, tmp);
+ add_openvpn_arg_unescape (args, tmp);
}
} else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
add_openvpn_arg (args, "--client");
@@ -1628,6 +1648,7 @@ check_need_secrets (NMSettingVpn *s_vpn, gboolean *need_secrets)
{
const char *tmp, *key, *ctype;
NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE;
+ gs_free char *key_free = NULL;
g_return_val_if_fail (s_vpn != NULL, FALSE);
g_return_val_if_fail (need_secrets != NULL, FALSE);
@@ -1642,6 +1663,7 @@ check_need_secrets (NMSettingVpn *s_vpn, gboolean *need_secrets)
if (!strcmp (ctype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
/* Will require a password and maybe private key password */
key = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY);
+ key = nmv_utils_str_utf8safe_unescape_c (key, &key_free);
if (is_encrypted (key) && !nm_setting_vpn_get_secret (s_vpn, NM_OPENVPN_KEY_CERTPASS))
*need_secrets = TRUE;
@@ -1664,6 +1686,7 @@ check_need_secrets (NMSettingVpn *s_vpn, gboolean *need_secrets)
} else if (!strcmp (ctype, NM_OPENVPN_CONTYPE_TLS)) {
/* May require private key password */
key = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY);
+ key = nmv_utils_str_utf8safe_unescape_c (key, &key_free);
if (is_encrypted (key) && !nm_setting_vpn_get_secret (s_vpn, NM_OPENVPN_KEY_CERTPASS))
*need_secrets = TRUE;
} else {
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
