for verifying the secrets, because it is not done in plain nm_setting_verify().
For simple verification of free-form string secrets,
_nm_setting_verify_secret_string() helper is used.
return success;
}
+/**
+ * nm_connection_verify_secrets:
+ * @connection: the #NMConnection to verify in
+ * @error: location to store error, or %NULL
+ *
+ * Verifies the secrets in the connection.
+ *
+ * Returns: %TRUE if the secrets are valid, %FALSE if they are not
+ *
+ * Since: 1.2
+ **/
+gboolean
+nm_connection_verify_secrets (NMConnection *connection, GError **error)
+{
+ GHashTableIter iter;
+ NMSetting *setting;
+
+ g_return_val_if_fail (NM_IS_CONNECTION (connection), FALSE);
+ g_return_val_if_fail (!error || !*error, FALSE);
+
+ g_hash_table_iter_init (&iter, NM_CONNECTION_GET_PRIVATE (connection)->settings);
+ while (g_hash_table_iter_next (&iter, NULL, (gpointer) &setting)) {
+ if (!nm_setting_verify_secrets (setting, connection, error))
+ return FALSE;
+ }
+ return TRUE;
+}
+
/**
* nm_connection_normalize:
* @connection: the #NMConnection to normalize
GHashTable **out_settings);
gboolean nm_connection_verify (NMConnection *connection, GError **error);
+NM_AVAILABLE_IN_1_2
+gboolean nm_connection_verify_secrets (NMConnection *connection, GError **error);
gboolean nm_connection_normalize (NMConnection *connection,
GHashTable *parameters,
gboolean *modified,
return TRUE;
}
+static gboolean
+verify_secrets (NMSetting *setting, NMConnection *connection, GError **error)
+{
+ return _nm_setting_verify_secret_string (NM_SETTING_ADSL_GET_PRIVATE (setting)->password,
+ NM_SETTING_ADSL_SETTING_NAME,
+ NM_SETTING_ADSL_PASSWORD,
+ error);
+}
+
static GPtrArray *
need_secrets (NMSetting *setting)
{
object_class->get_property = get_property;
object_class->finalize = finalize;
parent_class->verify = verify;
+ parent_class->verify_secrets = verify_secrets;
parent_class->need_secrets = need_secrets;
/* Properties */
return TRUE;
}
+static gboolean
+verify_secrets (NMSetting *setting, NMConnection *connection, GError **error)
+{
+ return _nm_setting_verify_secret_string (NM_SETTING_CDMA_GET_PRIVATE (setting)->password,
+ NM_SETTING_CDMA_SETTING_NAME,
+ NM_SETTING_CDMA_PASSWORD,
+ error);
+}
+
static GPtrArray *
need_secrets (NMSetting *setting)
{
object_class->get_property = get_property;
object_class->finalize = finalize;
parent_class->verify = verify;
+ parent_class->verify_secrets = verify_secrets;
parent_class->need_secrets = need_secrets;
/* Properties */
return TRUE;
}
+static gboolean
+verify_secrets (NMSetting *setting, NMConnection *connection, GError **error)
+{
+ return _nm_setting_verify_secret_string (NM_SETTING_GSM_GET_PRIVATE (setting)->password,
+ NM_SETTING_GSM_SETTING_NAME,
+ NM_SETTING_GSM_PASSWORD,
+ error);
+}
+
static GPtrArray *
need_secrets (NMSetting *setting)
{
object_class->get_property = get_property;
object_class->finalize = finalize;
parent_class->verify = verify;
+ parent_class->verify_secrets = verify_secrets;
parent_class->need_secrets = need_secrets;
/* Properties */
NMConnection *connection,
GError **error);
+gboolean _nm_setting_verify_secret_string (const char *str,
+ const char *setting_name,
+ const char *property,
+ GError **error);
+
gboolean _nm_setting_slave_type_is_valid (const char *slave_type, const char **out_port_type);
GVariant *_nm_setting_to_dbus (NMSetting *setting,
return TRUE;
}
+static gboolean
+_verify_wep_key (const char *wep_key,
+ NMWepKeyType wep_key_type,
+ const char *property,
+ GError **error)
+{
+ if (wep_key && !nm_utils_wep_key_valid (wep_key, wep_key_type)) {
+ g_set_error_literal (error,
+ NM_CONNECTION_ERROR,
+ NM_CONNECTION_ERROR_INVALID_PROPERTY,
+ _("property is invalid"));
+ g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, property);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+static gboolean
+verify_secrets (NMSetting *setting, NMConnection *connection, GError **error)
+{
+ NMSettingWirelessSecurity *self = NM_SETTING_WIRELESS_SECURITY (setting);
+ NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (self);
+
+ /* LEAP */
+ if ( priv->auth_alg
+ && !strcmp (priv->auth_alg, "leap")
+ && !strcmp (priv->key_mgmt, "ieee8021x")) {
+ if (!_nm_setting_verify_secret_string (priv->leap_password,
+ NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
+ NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD,
+ error))
+ return FALSE;
+ }
+
+ /* WEP */
+ if (!_verify_wep_key (priv->wep_key0, priv->wep_key_type, NM_SETTING_WIRELESS_SECURITY_WEP_KEY0, error))
+ return FALSE;
+ if (!_verify_wep_key (priv->wep_key1, priv->wep_key_type, NM_SETTING_WIRELESS_SECURITY_WEP_KEY1, error))
+ return FALSE;
+ if (!_verify_wep_key (priv->wep_key2, priv->wep_key_type, NM_SETTING_WIRELESS_SECURITY_WEP_KEY2, error))
+ return FALSE;
+ if (!_verify_wep_key (priv->wep_key3, priv->wep_key_type, NM_SETTING_WIRELESS_SECURITY_WEP_KEY3, error))
+ return FALSE;
+
+ /* WPA-PSK */
+ if (priv->psk && !nm_utils_wpa_psk_valid (priv->psk)) {
+ g_set_error_literal (error,
+ NM_CONNECTION_ERROR,
+ NM_CONNECTION_ERROR_INVALID_PROPERTY,
+ _("property is invalid"));
+ g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_PSK);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
static gboolean
get_secret_flags (NMSetting *setting,
const char *secret_name,
object_class->finalize = finalize;
parent_class->verify = verify;
+ parent_class->verify_secrets = verify_secrets;
parent_class->need_secrets = need_secrets;
parent_class->get_secret_flags = get_secret_flags;
parent_class->set_secret_flags = set_secret_flags;
return NM_SETTING_VERIFY_SUCCESS;
}
+/**
+ * nm_setting_verify_secrets:
+ * @setting: the #NMSetting to verify secrets in
+ * @connection: (allow-none): the #NMConnection that @setting came from, or
+ * %NULL if @setting is being verified in isolation.
+ * @error: location to store error, or %NULL
+ *
+ * Verifies the secrets in the setting.
+ * The returned #GError contains information about which secret of the setting
+ * failed validation, and in what way that secret failed validation.
+ * The secret validation is done separately from main setting validation, because
+ * in some cases connection failure is not desired just for the secrets.
+ *
+ * Returns: %TRUE if the setting secrets are valid, %FALSE if they are not
+ *
+ * Since: 1.2
+ **/
+gboolean
+nm_setting_verify_secrets (NMSetting *setting, NMConnection *connection, GError **error)
+{
+ g_return_val_if_fail (NM_IS_SETTING (setting), NM_SETTING_VERIFY_ERROR);
+ g_return_val_if_fail (!connection || NM_IS_CONNECTION (connection), NM_SETTING_VERIFY_ERROR);
+ g_return_val_if_fail (!error || *error == NULL, NM_SETTING_VERIFY_ERROR);
+
+ if (NM_SETTING_GET_CLASS (setting)->verify_secrets)
+ return NM_SETTING_GET_CLASS (setting)->verify_secrets (setting, connection, error);
+
+ return NM_SETTING_VERIFY_SUCCESS;
+}
+
+gboolean
+_nm_setting_verify_secret_string (const char *str,
+ const char *setting_name,
+ const char *property,
+ GError **error)
+{
+ if (str && !*str) {
+ g_set_error_literal (error,
+ NM_CONNECTION_ERROR,
+ NM_CONNECTION_ERROR_INVALID_PROPERTY,
+ _("property is empty"));
+ g_prefix_error (error, "%s.%s: ", setting_name, property);
+ return FALSE;
+ }
+ return TRUE;
+}
+
static gboolean
compare_property (NMSetting *setting,
NMSetting *other,
NMConnection *connection,
GError **error);
+ gboolean (*verify_secrets) (NMSetting *setting,
+ NMConnection *connection,
+ GError **error);
+
GPtrArray *(*need_secrets) (NMSetting *setting);
int (*update_one_secret) (NMSetting *setting,
NMSettingCompareFlags flags);
/*< private >*/
- gpointer padding[8];
+ gpointer padding[7];
} NMSettingClass;
/**
NMConnection *connection,
GError **error);
+NM_AVAILABLE_IN_1_2
+gboolean nm_setting_verify_secrets (NMSetting *setting,
+ NMConnection *connection,
+ GError **error);
+
gboolean nm_setting_compare (NMSetting *a,
NMSetting *b,
NMSettingCompareFlags flags);
libnm_1_2_0 {
global:
nm_access_point_get_last_seen;
+ nm_connection_verify_secrets;
nm_device_ethernet_get_s390_subchannels;
nm_device_get_lldp_neighbors;
nm_device_get_metered;
nm_setting_ip_config_remove_dns_option;
nm_setting_ip_config_remove_dns_option_by_value;
nm_setting_mac_randomization_get_type;
+ nm_setting_verify_secrets;
nm_setting_vpn_get_timeout;
nm_setting_wired_get_wake_on_lan;
nm_setting_wired_get_wake_on_lan_password;