Skip to content
Find file Blame History Permalink
  • Thomas Haller's avatar
    ifcfg-rh: don't use 802-1x certifcate setter functions · e3ac45c0
    Thomas Haller authored 
    The certificate setter function like nm_setting_802_1x_set_ca_cert()
actually load the file from disk, and validate whether it is a valid
certificate. That is very wrong to do.

For one, the certificates are external files, which are not embedded
into the NMConnection. That means, strongly validating the files while
loading the ifcfg files, is wrong because:
 - if validation fails, loading the file fails in its entirety with
   a warning in the log. That is not helpful to the user, who now
   can no longer use nmcli to fix the path of the certificate (because
   the profile failed to load in the first place).
 - even if the certificate is valid at load-time, there is no guarantee
   that it is valid later on, when we actually try to use the file. What
   good does such a validation do? nm_setting_802_1x_set_ca_cert() might
   make sense during nmcli_connection_modify(). At the moment when we
   create or update the profile, we do want to validate the input and
   be helpful to the user. Validating the file later on, when reloading
   the profile from disk seems undesirable.
 - note how keyfile also does not perform such validations (for good
   reasons, I presume).

Also, there is so much wrong with how ifcfg reader handles EAP files.
There is a lot of duplication, and trying to be too smart. I find it
wrong how the "eap_readers" are nested. E.g. both eap_peap_reader() and
"tls" method call to eap_tls_reader(), making it look like that
NMSetting8021x can handle multiple EAP profiles separately. But it cannot. The
802-1x profile is a flat set of properties like ca-cert and others. All
EAP methods share these properties, so having this complex parsing
is not only complicated, but also wrong. The reader should simply parse
the shell variables, and let NMSetting8021x::verify() handle validation
of the settings. Anyway, the patch does not address that.

Also, the setting of the likes of NM_SETTING_802_1X_CLIENT_CERT_PASSWORD was
awkwardly only done when
     privkey_format != NM_SETTING_802_1X_CK_FORMAT_PKCS12
  && scheme == NM_SETTING_802_1X_CK_SCHEME_PKCS11
It is too smart. Just read it from file, if it contains invalid data, let
verify() reject it. That is only partly addressed.

Also note, how writer never actually writes the likes of
IEEE_8021X_CLIENT_CERT_PASSWORD. That is another bug and not fixed
either.
    e3ac45c0