• Thomas Haller's avatar
    ifcfg-rh: don't use 802-1x certifcate setter functions · e3ac45c0
    Thomas Haller authored
    The certificate setter function like nm_setting_802_1x_set_ca_cert()
    actually load the file from disk, and validate whether it is a valid
    certificate. That is very wrong to do.
    
    For one, the certificates are external files, which are not embedded
    into the NMConnection. That means, strongly validating the files while
    loading the ifcfg files, is wrong because:
     - if validation fails, loading the file fails in its entirety with
       a warning in the log. That is not helpful to the user, who now
       can no longer use nmcli to fix the path of the certificate (because
       the profile failed to load in the first place).
     - even if the certificate is valid at load-time, there is no guarantee
       that it is valid later on, when we actually try to use the file. What
       good does such a validation do? nm_setting_802_1x_set_ca_cert() might
       make sense during nmcli_connection_modify(). At the moment when we
       create or update the profile, we do want to validate the input and
       be helpful to the user. Validating the file later on, when reloading
       the profile from disk seems undesirable.
     - note how keyfile also does not perform such validations (for good
       reasons, I presume).
    
    Also, there is so much wrong with how ifcfg reader handles EAP files.
    There is a lot of duplication, and trying to be too smart. I find it
    wrong how the "eap_readers" are nested. E.g. both eap_peap_reader() and
    "tls" method call to eap_tls_reader(), making it look like that
    NMSetting8021x can handle multiple EAP profiles separately. But it cannot. The
    802-1x profile is a flat set of properties like ca-cert and others. All
    EAP methods share these properties, so having this complex parsing
    is not only complicated, but also wrong. The reader should simply parse
    the shell variables, and let NMSetting8021x::verify() handle validation
    of the settings. Anyway, the patch does not address that.
    
    Also, the setting of the likes of NM_SETTING_802_1X_CLIENT_CERT_PASSWORD was
    awkwardly only done when
         privkey_format != NM_SETTING_802_1X_CK_FORMAT_PKCS12
      && scheme == NM_SETTING_802_1X_CK_SCHEME_PKCS11
    It is too smart. Just read it from file, if it contains invalid data, let
    verify() reject it. That is only partly addressed.
    
    Also note, how writer never actually writes the likes of
    IEEE_8021X_CLIENT_CERT_PASSWORD. That is another bug and not fixed
    either.
    e3ac45c0
nms-ifcfg-rh-reader.c 176 KB