mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-01 13:55:36 +00:00
2008-11-21 Dan Williams <dcbw@redhat.com>
Patch from Tambet Ingo <tambet@gmail.com> * configure.in libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Add configure-time option for the system CA path - Add 'system-ca-certs' option to 802.1x setting, which directs NetworkManager to use system CA certificates instead of any connection-defined CA certificates * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-settings-verify.c - Use system CA certificates if the connection says to do so git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4326 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
This commit is contained in:
parent
9ea3dafe7d
commit
f30fba23ee
17
ChangeLog
17
ChangeLog
|
@ -1,3 +1,20 @@
|
|||
2008-11-21 Dan Williams <dcbw@redhat.com>
|
||||
|
||||
Patch from Tambet Ingo <tambet@gmail.com>
|
||||
|
||||
* configure.in
|
||||
libnm-util/libnm-util.ver
|
||||
libnm-util/nm-setting-8021x.c
|
||||
libnm-util/nm-setting-8021x.h
|
||||
- Add configure-time option for the system CA path
|
||||
- Add 'system-ca-certs' option to 802.1x setting, which directs
|
||||
NetworkManager to use system CA certificates instead of any
|
||||
connection-defined CA certificates
|
||||
|
||||
* src/supplicant-manager/nm-supplicant-config.c
|
||||
src/supplicant-manager/nm-supplicant-settings-verify.c
|
||||
- Use system CA certificates if the connection says to do so
|
||||
|
||||
2008-11-21 Dan Williams <dcbw@redhat.com>
|
||||
|
||||
* src/nm-dbus-manager.c
|
||||
|
|
11
configure.in
11
configure.in
|
@ -435,6 +435,17 @@ if test -n "${RESOLVCONF_PATH}"; then
|
|||
AC_DEFINE_UNQUOTED(RESOLVCONF_PATH, "$RESOLVCONF_PATH", [Define if you have a resolvconf implementation])
|
||||
fi
|
||||
|
||||
# system CA certificates path
|
||||
AC_ARG_WITH(system-ca-path, AS_HELP_STRING([--with-system-ca-path=/path/to/ssl/certs], [path to system CA certificates]))
|
||||
if test "x${with_system_ca_path}" = x; then
|
||||
SYSTEM_CA_PATH=/etc/ssl/certs
|
||||
else
|
||||
SYSTEM_CA_PATH="$with_system_ca_path"
|
||||
fi
|
||||
AC_DEFINE_UNQUOTED(SYSTEM_CA_PATH, "$SYSTEM_CA_PATH", [Define to path to system CA certificates])
|
||||
AC_SUBST(SYSTEM_CA_PATH)
|
||||
|
||||
|
||||
AC_ARG_ENABLE(more-warnings,
|
||||
AS_HELP_STRING([--enable-more-warnings], [Maximum compiler warnings]), set_more_warnings="$enableval",set_more_warnings=yes)
|
||||
AC_MSG_CHECKING(for more warnings, including -Werror)
|
||||
|
|
|
@ -60,6 +60,7 @@ global:
|
|||
nm_setting_802_1x_get_private_key_password;
|
||||
nm_setting_802_1x_get_private_key_type;
|
||||
nm_setting_802_1x_get_psk;
|
||||
nm_setting_802_1x_get_system_ca_certs;
|
||||
nm_setting_802_1x_get_type;
|
||||
nm_setting_802_1x_new;
|
||||
nm_setting_802_1x_remove_eap_method;
|
||||
|
|
|
@ -93,6 +93,7 @@ typedef struct {
|
|||
char *private_key_password;
|
||||
GByteArray *phase2_private_key;
|
||||
char *phase2_private_key_password;
|
||||
gboolean system_ca_certs;
|
||||
} NMSetting8021xPrivate;
|
||||
|
||||
enum {
|
||||
|
@ -118,6 +119,7 @@ enum {
|
|||
PROP_PHASE2_PRIVATE_KEY_PASSWORD,
|
||||
PROP_PIN,
|
||||
PROP_PSK,
|
||||
PROP_SYSTEM_CA_CERTS,
|
||||
|
||||
LAST_PROP
|
||||
};
|
||||
|
@ -268,6 +270,14 @@ nm_setting_802_1x_set_ca_cert_from_file (NMSetting8021x *self,
|
|||
return priv->ca_cert != NULL;
|
||||
}
|
||||
|
||||
gboolean
|
||||
nm_setting_802_1x_get_system_ca_certs (NMSetting8021x *setting)
|
||||
{
|
||||
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), FALSE);
|
||||
|
||||
return NM_SETTING_802_1X_GET_PRIVATE (setting)->system_ca_certs;
|
||||
}
|
||||
|
||||
const GByteArray *
|
||||
nm_setting_802_1x_get_client_cert (NMSetting8021x *setting)
|
||||
{
|
||||
|
@ -1243,6 +1253,9 @@ set_property (GObject *object, guint prop_id,
|
|||
g_free (priv->phase2_private_key_password);
|
||||
priv->phase2_private_key_password = g_value_dup_string (value);
|
||||
break;
|
||||
case PROP_SYSTEM_CA_CERTS:
|
||||
priv->system_ca_certs = g_value_get_boolean (value);
|
||||
break;
|
||||
default:
|
||||
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
|
||||
break;
|
||||
|
@ -1314,6 +1327,9 @@ get_property (GObject *object, guint prop_id,
|
|||
case PROP_PHASE2_PRIVATE_KEY_PASSWORD:
|
||||
g_value_set_string (value, priv->phase2_private_key_password);
|
||||
break;
|
||||
case PROP_SYSTEM_CA_CERTS:
|
||||
g_value_set_boolean (value, priv->system_ca_certs);
|
||||
break;
|
||||
default:
|
||||
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
|
||||
break;
|
||||
|
@ -1490,6 +1506,14 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
|
|||
NULL,
|
||||
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_SECRET));
|
||||
|
||||
g_object_class_install_property
|
||||
(object_class, PROP_SYSTEM_CA_CERTS,
|
||||
g_param_spec_boolean (NM_SETTING_802_1X_SYSTEM_CA_CERTS,
|
||||
"Use system CA certificates",
|
||||
"Use system CA certificates",
|
||||
FALSE,
|
||||
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
|
||||
|
||||
/* Initialize crypto lbrary. */
|
||||
if (!nm_utils_init (&error)) {
|
||||
g_warning ("Couldn't initilize nm-utils/crypto system: %d %s",
|
||||
|
|
|
@ -81,6 +81,7 @@ GQuark nm_setting_802_1x_error_quark (void);
|
|||
#define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD "phase2-private-key-password"
|
||||
#define NM_SETTING_802_1X_PIN "pin"
|
||||
#define NM_SETTING_802_1X_PSK "psk"
|
||||
#define NM_SETTING_802_1X_SYSTEM_CA_CERTS "system-ca-certs"
|
||||
|
||||
typedef struct {
|
||||
NMSetting parent;
|
||||
|
@ -133,6 +134,7 @@ gboolean nm_setting_802_1x_set_phase2_ca_cert_from_file (NMSetting8
|
|||
const char *filename,
|
||||
NMSetting8021xCKType *out_ck_type,
|
||||
GError **err);
|
||||
gboolean nm_setting_802_1x_get_system_ca_certs (NMSetting8021x *setting);
|
||||
|
||||
const GByteArray *nm_setting_802_1x_get_phase2_client_cert (NMSetting8021x *setting);
|
||||
gboolean nm_setting_802_1x_set_phase2_client_cert_from_file (NMSetting8021x *setting,
|
||||
|
|
|
@ -19,6 +19,10 @@
|
|||
* Copyright (C) 2007 - 2008 Novell, Inc.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <glib.h>
|
||||
|
@ -620,7 +624,11 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
|
|||
ADD_STRING_VAL (phase2->str, "phase2", FALSE, FALSE, FALSE);
|
||||
g_string_free (phase2, TRUE);
|
||||
|
||||
ADD_BLOB_VAL (nm_setting_802_1x_get_ca_cert (setting), "ca_cert", connection_uid);
|
||||
if (nm_setting_802_1x_get_system_ca_certs (setting)) {
|
||||
ADD_STRING_VAL (SYSTEM_CA_PATH, "ca_path", FALSE, FALSE, FALSE);
|
||||
} else {
|
||||
ADD_BLOB_VAL (nm_setting_802_1x_get_ca_cert (setting), "ca_cert", connection_uid);
|
||||
}
|
||||
|
||||
array = nm_setting_802_1x_get_private_key (setting);
|
||||
if (array) {
|
||||
|
@ -638,7 +646,11 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
|
|||
}
|
||||
}
|
||||
|
||||
ADD_BLOB_VAL (nm_setting_802_1x_get_phase2_ca_cert (setting), "ca_cert2", connection_uid);
|
||||
if (nm_setting_802_1x_get_system_ca_certs (setting)) {
|
||||
ADD_STRING_VAL (SYSTEM_CA_PATH, "ca_path2", FALSE, FALSE, FALSE);
|
||||
} else {
|
||||
ADD_BLOB_VAL (nm_setting_802_1x_get_phase2_ca_cert (setting), "ca_cert2", connection_uid);
|
||||
}
|
||||
|
||||
array = nm_setting_802_1x_get_phase2_private_key (setting);
|
||||
if (array) {
|
||||
|
|
|
@ -101,6 +101,7 @@ static const struct Opt opt_table[] = {
|
|||
{ "eap", TYPE_KEYWORD, 0, 0, FALSE, eap_allowed },
|
||||
{ "identity", TYPE_BYTES, 0, 0, FALSE, NULL },
|
||||
{ "password", TYPE_BYTES, 0, 0, FALSE, NULL },
|
||||
{ "ca_path", TYPE_BYTES, 0, 0, FALSE, NULL },
|
||||
{ "ca_cert", TYPE_BYTES, 0, 65536, FALSE, NULL },
|
||||
{ "client_cert", TYPE_BYTES, 0, 65536, FALSE, NULL },
|
||||
{ "private_key", TYPE_BYTES, 0, 65536, FALSE, NULL },
|
||||
|
|
Loading…
Reference in a new issue