nm_keyfile_plugin_kf_get_integer_list() should always set
@length to zero when returning no integer list. So, this
is probably correct. Still, just to be explicit, anticipate
and handle a missing @tmp_list.
When setting the certificate glib properties directly,
we raise a g_warning() when the binary data is invalid.
But since the caller has no access to the validation function,
he cannot easily check whether his action will result
in a warning. Add nm_setting_802_1x_check_cert_scheme() for
that.
A valid blob cannot start with "file://", otherwise it would
break the implementation of the certificate properties in
NMSetting8021x. Simply reject every blob in nm_setting_802_1x_set_ca_cert()
et al. that is not valid according to get_cert_scheme().
get_cert_scheme() would return PATH scheme for binary data that
later will be rejected by verify_cert(). Even worse, get_cert_scheme()
would not check whether the path is NUL terminated, hence the following
can crash for an invalid connection:
if (nm_setting_802_1x_get_ca_cert_scheme (s_8021x) == NM_SETTING_802_1X_CK_SCHEME_PATH)
g_print ("path: %s", nm_setting_802_1x_get_ca_cert_path (s_8021x))
Combine the two functions so that already get_cert_scheme() does
the same validation as verify_cert().
Also change behavior and be more strict about invalid paths:
- Now, the value is considered a PATH candidate if it starts with "file://",
(sans NUL character).
A change is that before, the "file://" (without NUL) would have
been treated as BLOB, now it is an invalid PATH (UNKNOWN).
- If the binary starts with "file://" it is considered as PATH but it
is only valid, if all the fllowing is true:
(a) the last character must be NUL.
(b) there is no other intermediate NUL character.
Before, an intermediate NUL character would have been accepted
and the remainder would be ignored.
(c) there is at least one non-NUL character after "file://".
(d) the string must be fully valid utf8.
The conditions (b) and (c) are new and some invalid(?) paths
might no longer validate.
Checking (d) moved from verify_cert() to get_cert_scheme().
As set_cert_prop_helper() already called verify_cert(), this
causes no additional change beyond (b).
The supplicant interface's proxy may outlive the interface object
itself, so we must ensure that all signal handlers are disconnected.
Fixes a crash on suspend/resume.
Fixes: 59c8192b22
Just a refactoring, doesn't make any actual difference. It is consistent with
IPv4 and will make it easier to implement a policy to recover from incorrect
MTUs settings.
The previous change turned out to be wrong despite it was nothing more
than a reversion of the respective lines.
Acked-By: Thomas Haller <thaller@redhat.com>
reimport systemd dhcp code to bring patch cc22955cfefb4bd6e7a135f1ec95fb5a07ba9ce3.
sd-dhcp6-client: delay setting the DUID and don't fail constructor
sd_dhcp6_client_new() tried to set the DUID based on the machine id.
If the host has no /etc/machine-id, the constructor would fail
making it impossible to create an sd_dhcp6_client instance.
Relax this and create a DUID only later as needed. This way a caller
caller can workaround a missing machine-id file and set a DUID of his
choosing via sd_dhcp6_client_set_duid().
Conflicts:
src/dhcp-manager/systemd-dhcp/src/libsystemd-network/sd-dhcp6-client.c
Of special note is the new D-Bus rule to allow root to talk to
org.freedesktop.NetworkManager.VPN.Plugin, without which NetworkManager
would not hear signals from the VPN plugins. Oddly, this worked
fine with dbus-glib...
https://bugzilla.gnome.org/show_bug.cgi?id=745307
The Interface held a reference to the manager to listen for the 'available'
signal. Instead of that, let's make the child unaware of the master to
keep the inheritance cleaner.
rpmbuild buils NM with -fexceptions, which causes -Wmaybe-uninitialized
warnings for auto variables that have a cleanup function.
Maybe we should not build RPM packages with -fexceptions,
but anyway, for now just fix the build.
This reverts partly commit 4a58425dbf
and adds more fixes of uninitialized variables.
Update internal dhcp library with new code from upstream systemd.
HEAD=117cb022b13cedf4035e2a778b8d61528075a8b4
MERGE=$(git rev-list --merges -n1 $HEAD)
# how did we modify the systemd code?
git diffs $MERGE^1 $HEAD -- :/src/dhcp-manager/systemd-dhcp/
# what changed in systemd since last merge:
git diffs $MERGE^2 $HEAD -- :/src/dhcp-manager/systemd-dhcp/src/libsystemd-network/
https://bugzilla.gnome.org/show_bug.cgi?id=742719
