TLS uses the 'identity' which previously wasn't read. The private key
password should also only be used for PKCS#12 files, becuase they aren't
decrypted when read into the setting.
Private keys also need to be handled differently; PKCS#12 keys are written
out unchanged (ie, still encrypted) with their corresponding private key.
DER keys are stored in the setting unencrypted, so they are re-encrypted
before being written out to disk. But because the private key password
isn't known for DER keys, a random password must be used to re-encrypt
the key.
So that normal users who have PolicyKit authorization to edit system connections
can read secrets, move system connection secrets logic into the system connection
service from libnm-glib, and protect it with PolicyKit checks. Convert the
ifcfg-rh plugin over to using NMSysconfigConnection so that it can take advantage
of the new PolicyKit protection.
The "Auto ethX" connection that the system settings service creates
for each wired device that does not have an existing backing connection
provided by one of the system settings plugins is now read/write when
at least one plugin has the MODIFY capability.
When the user updates the "Auto ethX" connection, the system settings
service will try to move that connection to a plugin, thereby preserving
the user's changes. It will also then save that device's MAC address
and never create an "Auto ethX" connection for it again.
Fix a few problems... No plugin should return secrets in the GetSettings method,
which some plugins did. When that was committed in the commit "system-settings:
don't return secrets in the settings", it broke those plugins that didn't implement
GetSecrets. Each plugin can actually use the same code for GetSettings and
GetSecrets, so implement those generically in the NMExportedConnection class and
remove plugin-specific implementations that all did the same thing.
To match 'network' service behavior, which would perform reverse
address lookups when the HOSTNAME from /etc/sysconfig/network
was 'localhost' or 'localhost.localdomain'. Just name your machine
already.
Shutdown on SIGTERM, and don't segfault when quitting cleanly. Can't
send signals on an object that's being disposed of, so don't do that.
Fix a memory leak of the Hal manager's priv->devices on shutdown, not
that it matters.
0.7 requires dbus 1.1 or greater (for system bus activation), so make that
explicit, and remove compat code for D-Bus 0.6 and earlier. Consolidate
the various glib pkgconfig checks into one, since most anything will require
gthread, glib, and gobject anyway. Fixup the docs makefile to be more
automake-compatible and let 'make clean' actually work correctly when
docs are built.
