Create a new exported Bluetooth device object for any usable Bluez device
that has at least one corresponding NMConnection somewhere. Clean up
UUID/Capability confusion too.
NMSettingBluetooth represents the local connection, and thus should
use "PANU" not NAP, because the local adapter will be in PANU mode.
For now, NAP is only relevant when talking about the *remote* device
in NMDeviceBt or NMBluezDevice.
With supplicant patches, this allows NM to figure out when the supplicant
is performing an unsolicited scan, and thus to not run periodic_update()
when the supplicant is scanning.
This fixes some of the causes of "roaming to none", especially in hidden
SSID networks. In those cases, after NM had requested a broadcast scan,
the hidden SSID AP would likely not show up in the scan results, leading
to the supplicant performing a specific SSID scan that NetworkManager
was unaware of. While that specific SSID scan was going on, NM could
run periodic_update() and pull the wrong frequency off the card,
leading to the "roaming to none" message when the associated AP with
the wrong frequency could not be found in the scan list.
Fix a few issues here:
- nm_utils_merge_ip4_config() didn't reset domains, which would cause domains
to still be used even if the user elected to ignore DHCP-provided DNS
- nm_ip4_config_add_domain() and nm_ip4_config_add_search() didn't filter
duplicates
- nm_ip4_config_reset_searches() leaked everything
- If the user had specified an appended search in the connection, that search
would be added to the 'searches' field in resolv.conf, but any server
returned domains in 'domain_name' would be ignored because at least one
search existed.
When root is at_console, the at_console stuff overrides the user=root
section. Since the default section will deny-by-default, explicitly
allow certain D-Bus interfaces to be usable by at_console users (including
root when root is at_console) prevents root from being denied access to
those interfaces when root is at_console.
Instead of requiring applets to hash passphrases, just do it in NM instead.
This should fix confusion where people don't understand that they are seeing
their hashed passphrase.
Use AC_GNU_SOURCE macro instead of setting -D_GNU_SOURCE manually.
The macro will add the _GNU_SOURCE define to config.h for systems that
have the GNU extensions.
The plugin called nm_exported_connection_update() which ended up checking
PolicyKit for authorization to update the connection, which of course fails
completely when it's just an inotify-triggered update. inotify-triggered
updates don't need authorization because they require root access anyway.
TLS uses the 'identity' which previously wasn't read. The private key
password should also only be used for PKCS#12 files, becuase they aren't
decrypted when read into the setting.
Private keys also need to be handled differently; PKCS#12 keys are written
out unchanged (ie, still encrypted) with their corresponding private key.
DER keys are stored in the setting unencrypted, so they are re-encrypted
before being written out to disk. But because the private key password
isn't known for DER keys, a random password must be used to re-encrypt
the key.
