ifcfg-rh plugin was not able to reset MTU to "automatic" if it had been
set to a value, for wired connection. This fix removes "MTU" variable
from the ifcfg-* file when mtu is 0.
Otherwise it causes connections that we don't want exported to leak
out and be shown in the connection editor even though the device
isn't supposed to be managed.
ifup/ifdown, nmcli, and possibly other tools need a way to get the
internally generated connection UUID and possibly it's path given
just the ifcfg file path. Not all ifcfg files have the UUID in
the file, so ifcfg-rh generates one. But external tools don't know
what that UUID is or what the logic that NM uses to generate it is.
Help them out a bit so that ifup/ifdown can easily poke NM given
just the ifcfg file.
keys- and route- files weren't passing the should_ignore_file()
check in dir_changed() because should_ignore_file() was only
taking ifcfg- files into account. Generalize most of the ifcfg name
handling functions so that should_ignore_file() will now handle
all three variants.
Add testcases to ensure that the name handling does what we want
it to, and optimize memory usage of utils_get_ifcfg_name() a bit.
Since openSUSE 11.1 NetworkManager does not support reading yast network
setup. It's for your own good - you either want to use static configuration
(yast) or dynamic (NetworkManager). Mixing the two has never worked very well
and has caused a lot of confusion. The only exception to this is hostname
handling, which is handled by ifcfg-suse plugin.
Since one test read in a file, wrote it out, and read it in again, we
have to be careful of whether srcdir == builddir or not. If it doesn't,
then we need to remove the written-out connection file. If it does, then
we don't want to remove that written-out connection file because it's
tracked by SCM. Avoid the whole problem by writing it out to a separate
directory that we can always delete it from.
And remove cargo-culted internal stuff which is no longer needed.
The ifcfg-rh sha1 stuff wasn't even used anymore after the move to
certificate paths.
nm_connection_replace_settings() replaces the connection's settings
but doesn't allow interception of the new settings. Plugins would then
send out the update signal, but secrets are scrubbed out of them to
ensure secrets aren't leaked out into D-Bus signals.
With NM 0.8 the system settings service was integrated into NM and
thus nm_connection_clear_secrets() acts directly on the system
settings plugins' NMConnection objects. So when NM cleared secrets
(for example after determining that they might be bad in a device's
stage2 handler), we completely lost the secrets forever.
Adding this function allows the system settings service to hook into
the connection updates when the plugin connection's backing storage
(like config files or whatever) changes and cache the secrets for
use in NMSettingsConnectionInterface get_secrets() requestes.
To be backwards compatible clients need to handle both paths to private
keys and the decrypted private key data, which is what used to get passed
in the private-key and phase2-private-key attributes of the 802.1x setting.
When moving a connection around between system-settings and user-settings,
if the private key is decrypted data, the settings service needs to store
that decrypted data somewhere so that the key can be sent to NM during
the connection process.
But we don't want to store the decrypted private key data, so we have to
re-encrypt it (possibly generating a private key password if one wasn't
sent with the decrypted data) and save it to disk, then send NM a path
to that private key during connection.
To help clients do this, and so that they don't have to carry around
multiple crypto implementations depending on whether they want to use
NSS or gnutls/gcrypt, add a helper to libnm-util.
Furthermore, I misunderstood a bunch of stuff with crypto padding when
writing the encrypt/decrypt functions long ago, so fix that up. Don't
return padding as part of the decrypted data, and make sure to verify
the padding's expected lengths and values when decrypting. Many thanks
to Nalin Dahyabhai for pointing me in the right direction.
Overload the certificate and key properties to allow paths to the
certificates and keys using a special prefix for the property data.
Add API to libnm-util for easy certificate path handling, and
documentation for NMSetting8021x.
