keyfile: better handle cert/key files that don't exist (bgo #649807)
authorDan Williams <dcbw@redhat.com>
Wed, 1 Jun 2011 21:44:02 +0000 (16:44 -0500)
committerDan Williams <dcbw@redhat.com>
Wed, 1 Jun 2011 21:51:47 +0000 (16:51 -0500)
commitd2ae0bac82d6239849d92c959bb707f9245e4fd6
tree2c250f3f6d938077ca11fc97dba0641bb27fa460
parent0f37efd77b65b8cabeb03a455e55524f81a8b4e5
keyfile: better handle cert/key files that don't exist (bgo #649807)

The keyfile code has to handle a few different formats of cert/key values,
and wasn't doing a good enough job of detecting plain paths as values.  By
default the writer will write out a plain path (ie, not prefixed with file://)
and the reader will handle that correctly, *unless* that file does not
exist, at which the reader assumed it was a byte array.  This caused the
read-in keyfile not to match the in-memory connection (since the in-memory
connection though the cert/key held a path, but the read-in one thought it
contained a blob) and this seems to eventually have triggered a write-out
with the new values (as a blob), which would then drop a .pem file into
system-connections/ containing the path that should have been in the
keyfile in the first place.

This all happened because we assumed that the given path for the cert or
key would actually be valid, which doesn't seem to be the case for a lot
of people.  Clearly these connections won't work (since the certificate or
key does not exist) but the keyfile plugin shouldn't be messing up the
connection's settings at the very least.

Fix that by handling the check of whether the cert/key data is a path or
not in a less restrictive manner and add some testcases to make sure that
everything works as we expect.
src/settings/plugins/keyfile/reader.c
src/settings/plugins/keyfile/tests/keyfiles/Makefile.am
src/settings/plugins/keyfile/tests/keyfiles/Test_Wired_TLS_Blob [new file with mode: 0644]
src/settings/plugins/keyfile/tests/keyfiles/Test_Wired_TLS_Path_Missing [new file with mode: 0644]
src/settings/plugins/keyfile/tests/test-keyfile.c