Overload the certificate and key properties to allow paths to the
certificates and keys using a special prefix for the property data.
Add API to libnm-util for easy certificate path handling, and
documentation for NMSetting8021x.
This caused the 'autoconnect' property of NMSettingConnection to not
get updated in some cases (as when a system setting plugin noticed a
change to autoconnect=true and emitted the Updated signal, which wouldn't
contain the new value). Add a testcase for setting default values too.
Patch from Tambet Ingo <tambet@gmail.com>
* configure.in
libnm-util/libnm-util.ver
libnm-util/nm-setting-8021x.c
libnm-util/nm-setting-8021x.h
- Add configure-time option for the system CA path
- Add 'system-ca-certs' option to 802.1x setting, which directs
NetworkManager to use system CA certificates instead of any
connection-defined CA certificates
* src/supplicant-manager/nm-supplicant-config.c
src/supplicant-manager/nm-supplicant-settings-verify.c
- Use system CA certificates if the connection says to do so
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4326 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* libnm-util/Makefile.am
libnm-util/nm-utils-private.h
- New header for internal utils private functions
* libnm-util/libnm-util.ver
libnm-util/nm-utils.c
libnm-util/nm-utils.h
- Document some functions
- (nm_utils_string_in_list, nm_utils_string_list_contains,
nm_utils_string_slist_validate): un-export, only used within
libnm-util or of limited use in general, and very easy to
re-implement by apps if needed
* libnm-util/nm-setting-8021x.c
libnm-util/nm-setting-wired.c
libnm-util/nm-setting-wireless-security.c
libnm-util/nm-setting-wireless.c
- Update for private nm_utils_string_* functions
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4319 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Add support for PKCS#12 private keys (bgo #558982)
* libnm-util/crypto.c
libnm-util/crypto.h
- (parse_old_openssl_key_file): rename from parse_key_file(); adapt to
take a GByteArray instead of a filename
- (file_to_g_byte_array): handle private key files too
- (decrypt_key): take a GByteArray rather than data + len
- (crypto_get_private_key_data): refactor crypto_get_private_key() into
one function that takes a filename, and one that takes raw data;
detect pkcs#12 files as well
- (crypto_load_and_verify_certificate): detect file type
- (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection
functions
* libnm-util/crypto_gnutls.c
- (crypto_decrypt): take GByteArray rather than data + len; fix a bug
whereby tail padding was incorrectly handled, leading to erroneous
successes when trying to decrypt the data
- (crypto_verify_cert): rework somewhat
- (crypto_verify_pkcs12): validate pkcs#12 keys
* libnm-util/crypto_nss.c
- (crypto_init): enable various pkcs#12 ciphers
- (crypto_decrypt): take a GByteArray rather than data + len
- (crypto_verify_cert): clean up
- (crypto_verify_pkcs12): validate pkcs#12 keys
* libnm-util/test-crypto.c
- Handle pkcs#12 keys
* libnm-util/nm-setting-8021x.c
libnm-util/nm-setting-8021x.h
libnm-util/libnm-util.ver
- Add two new properties, 'private-key-password' and
'phase2-private-key-password', to be used in conjunction with
pkcs#12 keys
- (nm_setting_802_1x_set_ca_cert_from_file,
nm_setting_802_1x_set_client_cert_from_file,
nm_setting_802_1x_set_phase2_ca_cert_from_file,
nm_setting_802_1x_set_phase2_client_from_file): return certificate
type
- (nm_setting_802_1x_get_private_key_password,
nm_setting_802_1x_get_phase2_private_key_password): return private
key passwords
- (nm_setting_802_1x_set_private_key_from_file,
nm_setting_802_1x_set_phase2_private_key_from_file): set the private
key from a file, and update the private key password at the same time
- (nm_setting_802_1x_get_private_key_type,
nm_setting_802_1x_get_phase2_private_key_type): return the private
key type
* src/supplicant-manager/nm-supplicant-settings-verify.c
- Whitelist private key passwords
* src/supplicant-manager/nm-supplicant-config.c
- (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys,
add the private key password to the supplicant config, but do not
add the client certificate (as required by wpa_supplicant)
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Patch from Alexander Sack <asac@ubuntu.com>
* libnm-util/crypto_gnutls.c
libnm-util/crypto_nss.c
- (crypto_init, crypto_deinit): just use a boolean instead of a refcount
* libnm-util/nm-utils.c
libnm-util/nm-utils.h
libnm-util/libnm-util.ver
- (nm_utils_init): initialize libnm-util
- (nm_utils_deinit): de-initialize libnm-util and clean up resources
* libnm-util/nm-setting-8021x.c
- (nm_setting_802_1x_class_init): init libnm-util when needed
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4047 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Add a GError argument to nm_connection_verify() and nm_setting_verify(),
and add error enums to each NMSetting subclass. Each NMSetting subclass now
returns a descriptive GError when verification fails.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Move crypto functions from nm-applet to libnm-util.
* libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert)
(nm_setting_802_1x_set_client_cert)
(nm_setting_802_1x_set_phase2_ca_cert)
(nm_setting_802_1x_set_phase2_client_cert)
(nm_setting_802_1x_set_private_key)
(nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate
file (or private key and it's password), read the certificate data.
* libnm-util/crypto_nss.c:
* libnm-util/crypto_gnutls.c:
* libnm-util/crypto.[ch]: Move here from nm-applet.
* configure.in: Check for NSS and gnutls here (moved here from nm-applet).
* system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings):
Imlement WPA-EAP configuration reading from sysconfig.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Split the 802.1x bits out of the wireless-security setting so they are
generalized enough for wired 802.1x to use too.
* introspection/nm-exported-connection.xml
- GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead
of just a hash of the secrets for one setting
* libnm-util/nm-setting-wireless-security.c
libnm-util/nm-setting-wireless-security.h
- Remove 802.1x-specific stuff
- Added leap-username and leap-password properties for old-school LEAP
* src/nm-device.c
src/nm-device.h
- (connection_secrets_updated_cb): take a list of updated settings names,
not just one
* src/supplicant-manager/nm-supplicant-config.c
src/supplicant-manager/nm-supplicant-config.h
- (nm_supplicant_config_add_setting_wireless_security): remove 802.1x
specific stuff; fix for updated LEAP bits; punt 802.1x stuff
to nm_supplicant_config_add_setting_8021x()
- (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to
the supplicant config
* src/nm-device-802-11-wireless.c
- (build_supplicant_config): pass in the 802.1x setting too, if any
- (real_connection_secrets_updated): take a list of updated settings
names, not just one
* src/nm-device-802-3-ethernet.c
src/nm-cdma-device.c
src/nm-gsm-device.c
- (real_connection_secrets_updated_cb): take a list of updated settings
names, not just one
* src/nm-activation-request.c
src/nm-activation-request.h
- (nm_act_request_class_init): the 'connection-secrets-updated' signal
now passes a list of updated settings names, not just one
- (update_one_setting): new function; handle one updated setting
- (get_secrets_cb): handle multiple settings returned from the
settings service; have to be careful of ordering here as there are
some dependencies between settings (ex. wireless-security and 802.1x
in some cases)
* src/marshallers/nm-marshal.list
- new marshaller for connection-secrets-updated signal
* libnm-util/nm-setting-8021x.c
- Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth
methods
- (verify): a valid 'eap' property is now required
* libnm-util/nm-connection.c
- (register_default_settings): add priorities to settings; there are
some dependencies between settings, and during the need_secrets
calls this priority needs to be respected. For example, only the
wireless-security setting knows whether or not the connection is
going to use 802.1x or now, so it must be asked for secrets before
any existing 802.1x setting is
- (nm_connection_lookup_setting_type): expose
* libnm-util/nm-setting-wireless.c
- (verify): should verify even if all_settings is NULL; otherwise won't
catch the case where there is missing security
* libnm-util/nm-setting-wireless-security.c
- Remove everything to do with 802.1x
- Add old-school LEAP specific properties for username and password
- (need_secrets): rework LEAP secrets checking
- (verify): rework for LEAP and 802.1x verification
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
