It turns out we need a way to ignore transient (agent-owned or unsaved)
secrets during connection comparison. For example, if the user is
connecting to a network where the password is not saved, other
changes could trigger a writeout of that connection to disk when
connecting, which would the connection back in due to inotify, and the
re-read connection would then no longer be recognized as the same as
the in-memory connection due to the transient secret which obviously
wasn't read in from disk.
Adding these compare flags allows the code to not bother writing the
connection out to disk when the only difference between the on-disk
and in-memory connections are secrets that shouldn't get written to
disk anyway.
The ETSI specs state that valid characters are only ASCII alphanumeric
characters, but then state that APNs should generally follow DNS
naming rules. Well, that means a lot more characters are allowed,
but modems don't like many of them. So let's slowly allow more
characters as people find ones that actually are used. The restriction
was originally put in place to disallow spaces, because they
certainly aren't allowed APN characters and modems and the
network puke when they see spaces.
Neither gnutls nor NSS fully support PKCS#8 so we don't have complete
support here, but at least recognize the keys and make an attempt to
check the private key if we can.
Unfortunately, GObject Introspection can no longer describe deeper
types, like those inside nested hash tables, which NM uses extensively
for the NMConnection type and other places. So we have to remove
those descriptions. But this moves us back into compliance with
GOI annotation formats.
Clarify that these are supposed to be paths in the argument name;
this shouldn't break API as it's just an argument rename. Helps
users figure out what the argument should be without as much trouble
as 'value', which is what it was before.
The current check caught stuff in the .ver file that was outdated, but
didn't quite get stuff that was supposed to be exported but wasn't,
in some cases. Update the regex to ensure that symbols that are
not exported, but that start with "nm_" (and aren't GObject
boilerplate) get flagged during the check.
Update internal code to return to a previous pattern of treating symbols
that start with "_" internal, and expecting symbols that start with
"nm_" to be exported.
Also fixes cases where random glibc symbols would get flagged:
00040ff4 l O *ABS* 00000000 .hidden _GLOBAL_OFFSET_TABLE_
00041380 l O .data 00000000 .hidden __dso_handle
000406e8 l O .dtors 00000000 .hidden __DTOR_END__
0000fbe4 l F .text 00000000 .hidden __i686.get_pc_thunk.cx
0002f980 l F .text 00000014 .hidden __stack_chk_fail_local
0000b1e7 l F .text 00000000 .hidden __i686.get_pc_thunk.bx
00040e60 l O *ABS* 00000000 .hidden _DYNAMIC
Because we can't ever know if we're the last user of NSS or gnutls
when nm_utils_deinit() is called, just don't bother deiniting
the crypto providers. And atexit handlers are generally frowned
upon for the exact same reason. You never know what library linked
into your process might be also using NSS or gnutls, so basically
if these libraries suck enough to use global data and not reference
count it, just let the data leak. If we do clean stuff up that
can lead to crashes when other libraries might try to use NSS or
gnutls after the atexit handler or nm_utils_deinit() has been run.
See also: https://bugzilla.mozilla.org/show_bug.cgi?id=54189#c1
By 'base type' I mean a hardware-related type that can actually be used
to activate the connection, like wifi, wired, gsm, cdma, wimax, bluetooth,
etc, but not ipv4, ipv6, 8021x, etc.
It's easier to be able to pass both a whole hashed connection, or just
a hashed setting to the function, and have it figure out what needs
to be updated based on the given setting_name.
Add some testcases to make sure that all works correctly too.
First, it was not easily possible to set a private key without
also providing a password. This used to be OK, but now with
secret flags it may be the case that when the connection is read,
there's no private key password. So functions that set the
private key must account for NULL passwords.
Unfortunately, the crytpo code did not handle this case well.
We need to be able to independently (a) verify that a file looks
like a certificate or private key and (b) that a given password
decrypts a private key. Previously the crypto code would fail
to verify the file when the password was NULL.
So this change fixes up the crytpo code for a more distinct
split between these two operations, such that if no password is
given, the file is still checked to ensure that it's a private
key or a certificate. If a password is given, the password is
checked against the private key file.
This commit also changes how private keys and certificates were
handled with the BLOB scheme. Previously only the first certificate
or first private key was included in the property data, while now
the entire file is encoded in the data. This is intended to fix
cases where multiple private keys or certificates are present in
a PEM file. It also allows clients to push certificate data to
NetworkManager for storage in system settings locations, which was
not as flexible before when only part of the certificate or key
was sent as the data.
Clients need to do their own logging using glib or whatever; these
macros while somewhat helpful were not flexible and are not a
substitute for actual logging in the client. g_warning, g_message,
and g_error are more suitable anyway.
It's always used with a GByteArray anyway, as are most
functions in nm-utils.h. Even better, we can skip the
memcpy since it turns out to be pointless.
