mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-07 08:40:59 +00:00
libnm/macsec: tighten up verification and normalize mka_cak/mka_ckn properties
This commit is contained in:
parent
cfa89feb5e
commit
474a0dbfbe
|
@ -1124,6 +1124,29 @@ _normalize_wireless_mac_address_randomization (NMConnection *self, GHashTable *p
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
static gboolean
|
||||
_normalize_macsec (NMConnection *self, GHashTable *parameters)
|
||||
{
|
||||
NMSettingMacsec *s_macsec = nm_connection_get_setting_macsec (self);
|
||||
gboolean changed = FALSE;
|
||||
|
||||
if (!s_macsec)
|
||||
return FALSE;
|
||||
|
||||
if (nm_setting_macsec_get_mode (s_macsec) != NM_SETTING_MACSEC_MODE_PSK) {
|
||||
if (nm_setting_macsec_get_mka_cak (s_macsec)) {
|
||||
g_object_set (s_macsec, NM_SETTING_MACSEC_MKA_CAK, NULL, NULL);
|
||||
changed = TRUE;
|
||||
}
|
||||
if (nm_setting_macsec_get_mka_ckn (s_macsec)) {
|
||||
g_object_set (s_macsec, NM_SETTING_MACSEC_MKA_CKN, NULL, NULL);
|
||||
changed = TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
return changed;
|
||||
}
|
||||
|
||||
static gboolean
|
||||
_normalize_team_config (NMConnection *self, GHashTable *parameters)
|
||||
{
|
||||
|
@ -1564,6 +1587,7 @@ nm_connection_normalize (NMConnection *connection,
|
|||
was_modified |= _normalize_bond_mode (connection, parameters);
|
||||
was_modified |= _normalize_bond_options (connection, parameters);
|
||||
was_modified |= _normalize_wireless_mac_address_randomization (connection, parameters);
|
||||
was_modified |= _normalize_macsec (connection, parameters);
|
||||
was_modified |= _normalize_team_config (connection, parameters);
|
||||
was_modified |= _normalize_team_port_config (connection, parameters);
|
||||
was_modified |= _normalize_bluetooth_type (connection, parameters);
|
||||
|
|
|
@ -256,7 +256,7 @@ verify_macsec_key (const char *key, gboolean cak, GError **error)
|
|||
req_len = cak ?
|
||||
NM_SETTING_MACSEC_MKA_CAK_LENGTH :
|
||||
NM_SETTING_MACSEC_MKA_CKN_LENGTH;
|
||||
if (strlen (key) != req_len) {
|
||||
if (strlen (key) != (gsize) req_len) {
|
||||
g_set_error (error,
|
||||
NM_CONNECTION_ERROR,
|
||||
NM_CONNECTION_ERROR_INVALID_PROPERTY,
|
||||
|
@ -342,6 +342,10 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
|
|||
g_prefix_error (error, "%s.%s: ", NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_MKA_CKN);
|
||||
return FALSE;
|
||||
}
|
||||
if (!verify_macsec_key (priv->mka_cak, TRUE, error)) {
|
||||
g_prefix_error (error, "%s.%s: ", NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_MKA_CAK);
|
||||
return FALSE;
|
||||
}
|
||||
} else if (priv->mode == NM_SETTING_MACSEC_MODE_EAP) {
|
||||
if (!s_8021x) {
|
||||
g_set_error (error,
|
||||
|
@ -352,6 +356,13 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
|
|||
g_prefix_error (error, "%s: ", NM_SETTING_MACSEC_SETTING_NAME);
|
||||
return FALSE;
|
||||
}
|
||||
} else {
|
||||
g_set_error_literal (error,
|
||||
NM_CONNECTION_ERROR,
|
||||
NM_CONNECTION_ERROR_INVALID_PROPERTY,
|
||||
_("must be either psk (0) or eap (1)"));
|
||||
g_prefix_error (error, "%s.%s: ", NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_MODE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (priv->port <= 0 || priv->port > 65534) {
|
||||
|
@ -364,6 +375,17 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
if ( priv->mode != NM_SETTING_MACSEC_MODE_PSK
|
||||
&& (priv->mka_cak || priv->mka_ckn)) {
|
||||
g_set_error_literal (error,
|
||||
NM_CONNECTION_ERROR,
|
||||
NM_CONNECTION_ERROR_INVALID_PROPERTY,
|
||||
_("only valid for psk mode"));
|
||||
g_prefix_error (error, "%s.%s: ", NM_SETTING_MACSEC_SETTING_NAME,
|
||||
priv->mka_cak ? NM_SETTING_MACSEC_MKA_CAK : NM_SETTING_MACSEC_MKA_CKN);
|
||||
return NM_SETTING_VERIFY_NORMALIZABLE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue