[network-manager-applet] wireless-security: don't silently ignore files with invalid keys/certs



commit e0063db110cc0704d1cd0326de9469f866387b50
Author: Beniamino Galvani <bgalvani redhat com>
Date:   Thu Oct 6 13:44:08 2016 +0200

    wireless-security: don't silently ignore files with invalid keys/certs
    
    Instead, show all files with a supported extension. For invalid files
    we already prevent the save of the connection and show an error
    message in the button tooltip.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1318384

 src/wireless-security/eap-method.c |   93 ++++++++++++++++-------------------
 1 files changed, 43 insertions(+), 50 deletions(-)
---
diff --git a/src/wireless-security/eap-method.c b/src/wireless-security/eap-method.c
index c8c2136..3d43ecb 100644
--- a/src/wireless-security/eap-method.c
+++ b/src/wireless-security/eap-method.c
@@ -270,31 +270,6 @@ out:
        return success;
 }
 
-#if !LIBNM_BUILD
-static const char *
-find_tag (const char *tag, const char *buf, gsize len)
-{
-       gsize i, taglen;
-
-       taglen = strlen (tag);
-       if (len < taglen)
-               return NULL;
-
-       for (i = 0; i < len - taglen + 1; i++) {
-               if (memcmp (buf + i, tag, taglen) == 0)
-                       return buf + i;
-       }
-       return NULL;
-}
-
-static const char *pem_rsa_key_begin = "-----BEGIN RSA PRIVATE KEY-----";
-static const char *pem_dsa_key_begin = "-----BEGIN DSA PRIVATE KEY-----";
-static const char *pem_pkcs8_enc_key_begin = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
-static const char *pem_pkcs8_dec_key_begin = "-----BEGIN PRIVATE KEY-----";
-static const char *pem_cert_begin = "-----BEGIN CERTIFICATE-----";
-static const char *proc_type_tag = "Proc-Type: 4,ENCRYPTED";
-static const char *dek_info_tag = "DEK-Info:";
-
 static gboolean
 file_has_extension (const char *filename, const char *extensions[])
 {
@@ -320,6 +295,31 @@ file_has_extension (const char *filename, const char *extensions[])
        return found;
 }
 
+#if !LIBNM_BUILD
+static const char *
+find_tag (const char *tag, const char *buf, gsize len)
+{
+       gsize i, taglen;
+
+       taglen = strlen (tag);
+       if (len < taglen)
+               return NULL;
+
+       for (i = 0; i < len - taglen + 1; i++) {
+               if (memcmp (buf + i, tag, taglen) == 0)
+                       return buf + i;
+       }
+       return NULL;
+}
+
+static const char *pem_rsa_key_begin = "-----BEGIN RSA PRIVATE KEY-----";
+static const char *pem_dsa_key_begin = "-----BEGIN DSA PRIVATE KEY-----";
+static const char *pem_pkcs8_enc_key_begin = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
+static const char *pem_pkcs8_dec_key_begin = "-----BEGIN PRIVATE KEY-----";
+static const char *pem_cert_begin = "-----BEGIN CERTIFICATE-----";
+static const char *proc_type_tag = "Proc-Type: 4,ENCRYPTED";
+static const char *dek_info_tag = "DEK-Info:";
+
 static gboolean
 pem_file_is_encrypted (const char *buffer, gsize bytes_read)
 {
@@ -403,49 +403,28 @@ out:
 static gboolean
 default_filter_privkey (const GtkFileFilterInfo *filter_info, gpointer user_data)
 {
-       _nm_unused const char *extensions[] = { ".der", ".pem", ".p12", ".key", NULL };
-       gboolean require_encrypted = !!user_data;
-       gboolean is_encrypted;
+       const char *extensions[] = { ".der", ".pem", ".p12", ".key", NULL };
 
        if (!filter_info->filename)
                return FALSE;
 
-#if !LIBNM_BUILD
        if (!file_has_extension (filter_info->filename, extensions))
                return FALSE;
 
-       is_encrypted = TRUE;
-       if (   !file_is_der_or_pem (filter_info->filename, TRUE, &is_encrypted)
-           && !nm_utils_file_is_pkcs12 (filter_info->filename))
-               return FALSE;
-#else
-       is_encrypted = FALSE;
-       if (!nm_utils_file_is_private_key (filter_info->filename, &is_encrypted))
-               return FALSE;
-#endif
-
-       return require_encrypted ? is_encrypted : TRUE;
+       return TRUE;
 }
 
 static gboolean
 default_filter_cert (const GtkFileFilterInfo *filter_info, gpointer user_data)
 {
-       _nm_unused const char *extensions[] = { ".der", ".pem", ".crt", ".cer", NULL };
+       const char *extensions[] = { ".der", ".pem", ".crt", ".cer", NULL };
 
        if (!filter_info->filename)
                return FALSE;
 
-#if !LIBNM_BUILD
        if (!file_has_extension (filter_info->filename, extensions))
                return FALSE;
 
-       if (!file_is_der_or_pem (filter_info->filename, FALSE, NULL))
-               return FALSE;
-#else
-       if (!nm_utils_file_is_certificate (filter_info->filename))
-               return FALSE;
-#endif
-
        return TRUE;
 }
 
@@ -469,8 +448,22 @@ gboolean
 eap_method_is_encrypted_private_key (const char *path)
 {
        GtkFileFilterInfo info = { .filename = path };
+       gboolean is_encrypted;
+
+       if (!default_filter_privkey (&info, NULL))
+               return FALSE;
 
-       return default_filter_privkey (&info, (gpointer) TRUE);
+#if LIBNM_BUILD
+       is_encrypted = FALSE;
+       if (!nm_utils_file_is_private_key (path, &is_encrypted))
+               return FALSE;
+#else
+       is_encrypted = TRUE;
+       if (   !file_is_der_or_pem (path, TRUE, &is_encrypted)
+           && !nm_utils_file_is_pkcs12 (path))
+               return FALSE;
+#endif
+       return is_encrypted;
 }
 
 /* Some methods (PEAP, TLS, TTLS) require a CA certificate. The user can choose


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]