Don't immediately tear down an active wired connection when the carrier
flips to off, but wait a few seconds for it to come back before breaking
the user's network.
This reverts commit 5b90df0737.
Since commit 71219015ea adds all the
0.7.x certificate and key functions back, we can revert the soname
change and preserve API/ABI.
Since there's a more or less direct mapping between the 0.7.x and
the 0.8.x certificate and key operations, we might as well just
deprecate them instead of removing them entirely.
In the past networkmanager did not allow to manually disconnect devices.
Manually disconnected devices will not be automatically reconnected until one
of the following events occur:
1. user activates a connection for the currently disconnected device
2. network manager awakes from hibernate/suspend
3. network manager is restarted (e.g. reboot)
Add a Disconnect method to generic NMDevice dbus interface; set a new private
autoconnect_inhibit flag if Disconnect method is called through dbus.
Based on this auto activation for devices gets inhibited until one
of the above events occur.
For private keys, don't just verify that the key can be read; try to
decrypt it to ensure that the password is actually valid.
Also fix a stupid {} mistake that caused crashes when setting pkcs#12
certificates because the check for PATH scheme wouldn't happen and
the private key would be NULL when trying to set the client cert to
the same data as the private key.
To be backwards compatible clients need to handle both paths to private
keys and the decrypted private key data, which is what used to get passed
in the private-key and phase2-private-key attributes of the 802.1x setting.
When moving a connection around between system-settings and user-settings,
if the private key is decrypted data, the settings service needs to store
that decrypted data somewhere so that the key can be sent to NM during
the connection process.
But we don't want to store the decrypted private key data, so we have to
re-encrypt it (possibly generating a private key password if one wasn't
sent with the decrypted data) and save it to disk, then send NM a path
to that private key during connection.
To help clients do this, and so that they don't have to carry around
multiple crypto implementations depending on whether they want to use
NSS or gnutls/gcrypt, add a helper to libnm-util.
Furthermore, I misunderstood a bunch of stuff with crypto padding when
writing the encrypt/decrypt functions long ago, so fix that up. Don't
return padding as part of the decrypted data, and make sure to verify
the padding's expected lengths and values when decrypting. Many thanks
to Nalin Dahyabhai for pointing me in the right direction.
