Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:mcepl
NetworkManager-openvpn
73-auth-dialog_encrypted-key-file.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 73-auth-dialog_encrypted-key-file.patch of Package NetworkManager-openvpn
From 49c11dd21930cc7fe3f4aac5842d188a472493c7 Mon Sep 17 00:00:00 2001 From: Martin Wilck <mwilck@suse.com> Date: Thu, 25 Jan 2024 16:50:14 +0100 Subject: [PATCH] auth-dialog: assume encrypted key file if the file can't be read For openvpn with TLS and password, get_passwords_required() checks if the key file is encrypted. If the key file can't be opened (e.g. because it's owned by root with permissions 0600), is_encrypted() returns FALSE. The user will not be asked for a certificate password in this case, and left clueless about the reason. If the keyfile is not readable, print an error message and assume that the password is required. While the error message will only be observed by nmcli users, this will allow users with encrypted keys to activate their connection. Users with unencrypted keys can just enter anything into the 2nd password prompt and will still be able to connect. Such users might be confused, but this is better than not being able to connect at all. --- auth-dialog/main.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/auth-dialog/main.c b/auth-dialog/main.c index 459802a8..31adf988 100644 --- a/auth-dialog/main.c +++ b/auth-dialog/main.c @@ -415,8 +415,14 @@ get_passwords_required (GHashTable *data, /* Encrypted private key password */ val = g_hash_table_lookup (data, NM_OPENVPN_KEY_KEY); - if (val) - *out_need_certpass = is_encrypted (val); + if (val) { + if (access (val, R_OK) == 0) + *out_need_certpass = is_encrypted (val); + else { + fprintf (stderr, "WARNING: unable to open key file %s - missing permissions?\n", val); + *out_need_certpass = TRUE; + } + } } else if (!strcmp (ctype, NM_OPENVPN_CONTYPE_PASSWORD)) { flags = NM_SETTING_SECRET_FLAG_NONE; nm_vpn_service_plugin_get_secret_flags (data, NM_OPENVPN_KEY_PASSWORD, &flags); -- GitLab
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor