* libnm-util/libnm-util.ver
libnm-util/nm-connection.c
- (nm_setting_register, nm_setting_unregister): unexport; they are
private and don't have a use outside libnm-util
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4297 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Handle gateways on different subnets
* src/NetworkManagerSystem.c
- (add_ip4_route_to_gateway): gateway route should be link scope and
a host route
- (replace_default_ip4_route): use a destination address too; gateway
address should be /0; don't leak the gateway route object
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4290 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* introspection/nm-settings-system.xml
system-settings/src/dbus-settings.c
system-settings/src/dbus-settings.h
- Add a "CanModify" property to indicate if any plugins support
connection modification
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4286 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/nm-vpnc-service.c
properties/nm-vpnc.c
- Switch default NAT Traversal mode back to Cisco UDP until the plugin
natively supports more vendors (bgo #512675)
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4284 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Add password types to better support OTP/token use-cases, and for people
who want to be asked every time for one or both passwords (bgo #346547).
Heavily based on a patch from Mathieu Trudel-Lapierre <mathieu.tl@gmail.com>
* common-gnome/keyring-helpers.c
common-gnome/keyring-helpers.h
- (keyring_helpers_get_one_secret): accessor to get just one secret
* auth-dialog/gnome-two-password-dialog.c
auth-dialog/gnome-two-password-dialog.h
- (gnome_two_password_dialog_focus_password,
gnome_two_password_dialog_focus_password_secondary): add functions to
focus specific password entries
* auth-dialog/Makefile.am
auth-dialog/main.c
- Retrieve password types from GConf, and handle them correctly when
asking the user for passwords
* properties/nm-vpnc-dialog.glade
properties/nm-vpnc.c
- Add combo boxes for both passwords with options for saving, asking,
or not requiring the password
- (fill_vpn_passwords): handle passwords individually
- (pw_type_changed_helper): disable the password entry when the user
picks "Not Required" or "Always Ask"
- (init_one_pw_combo, init_plugin_ui): set up password combos
- (handle_one_pw_type, update_connection): save password type
- (save_one_password): handle saving/clearing passwords based on what
each password's type is
* src/nm-vpnc-service.c
src/nm-vpnc-service.h
- (validate_one_property): ignore password type properties
- (nm_vpnc_config_write, write_one_property): don't write secrets if
they aren't used
- (real_need_secrets): only ask for secrets when needed
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4283 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* vpn-manager/nm-vpn-connection.c
- (plugin_state_changed): clear VPN secrets on error to ensure they
are always requested from the settings service (rh #429287)
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4282 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Add support for PKCS#12 private keys (bgo #558982)
* libnm-util/crypto.c
libnm-util/crypto.h
- (parse_old_openssl_key_file): rename from parse_key_file(); adapt to
take a GByteArray instead of a filename
- (file_to_g_byte_array): handle private key files too
- (decrypt_key): take a GByteArray rather than data + len
- (crypto_get_private_key_data): refactor crypto_get_private_key() into
one function that takes a filename, and one that takes raw data;
detect pkcs#12 files as well
- (crypto_load_and_verify_certificate): detect file type
- (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection
functions
* libnm-util/crypto_gnutls.c
- (crypto_decrypt): take GByteArray rather than data + len; fix a bug
whereby tail padding was incorrectly handled, leading to erroneous
successes when trying to decrypt the data
- (crypto_verify_cert): rework somewhat
- (crypto_verify_pkcs12): validate pkcs#12 keys
* libnm-util/crypto_nss.c
- (crypto_init): enable various pkcs#12 ciphers
- (crypto_decrypt): take a GByteArray rather than data + len
- (crypto_verify_cert): clean up
- (crypto_verify_pkcs12): validate pkcs#12 keys
* libnm-util/test-crypto.c
- Handle pkcs#12 keys
* libnm-util/nm-setting-8021x.c
libnm-util/nm-setting-8021x.h
libnm-util/libnm-util.ver
- Add two new properties, 'private-key-password' and
'phase2-private-key-password', to be used in conjunction with
pkcs#12 keys
- (nm_setting_802_1x_set_ca_cert_from_file,
nm_setting_802_1x_set_client_cert_from_file,
nm_setting_802_1x_set_phase2_ca_cert_from_file,
nm_setting_802_1x_set_phase2_client_from_file): return certificate
type
- (nm_setting_802_1x_get_private_key_password,
nm_setting_802_1x_get_phase2_private_key_password): return private
key passwords
- (nm_setting_802_1x_set_private_key_from_file,
nm_setting_802_1x_set_phase2_private_key_from_file): set the private
key from a file, and update the private key password at the same time
- (nm_setting_802_1x_get_private_key_type,
nm_setting_802_1x_get_phase2_private_key_type): return the private
key type
* src/supplicant-manager/nm-supplicant-settings-verify.c
- Whitelist private key passwords
* src/supplicant-manager/nm-supplicant-config.c
- (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys,
add the private key password to the supplicant config, but do not
add the client certificate (as required by wpa_supplicant)
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* libnm-util/nm-setting-wireless.c
- (nm_setting_wireless_get_seen_bssid): fix bug from accessor conversion
that cased this function to return garbage, breaking hidden AP
detection
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4278 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Fix deletion of VPN gateway route on DHCP renew (bgo #558133)
* src/NetworkManagerSystem.c
src/NetworkManagerSystem.h
- (nm_system_device_set_ip4_route): return the route that was added
- (nm_system_add_ip4_vpn_gateway_route): make add_vpn_gateway_route()
public, clean up, and return the route that was added
- (nm_system_apply_ip4_config): remove VPN related stuff to simplify,
since nm_system_add_ip4_vpn_gateway_route() is now available; add
flags to allow only certain attributes of the NMIP4Config to be
applied
* src/nm-device.c
- (handle_dhcp_lease_change): don't touch the DHCP4 config on failure
- (nm_device_set_ip4_config): use nm_ip4_config_diff() to only apply
what's really changed between the old and new configs; don't export
the new IP4 config on failure; always send the DNS info to the
named manager
* src/vpn-manager/nm-vpn-connection.c
- (device_ip4_config_changed, nm_vpn_connection_new, dispose): track the
parent device's IP4Config and re-add the VPN gateway route when it
changes
- (nm_vpn_connection_ip4_config_get): add the VPN gateway route (since
nm_system_apply_ip4_config() no longer does) and cache it for later
- (connection_state_changed): move cleanup code to its own function
- (vpn_cleanup): delete any previously added VPN gateway route; and
re-apply the parent device's addresses and routes using
nm_system_apply_ip4_config(), not nm_device_set_ip4_config()
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4277 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/nm-ip4-config.c
src/nm-ip4-config.h
- (nm_ip4_config_diff): new function; return the difference between two
IP4 configs
- (nm_ip4_config_compare): change into nm_ip4_config_diff
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4275 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Fix bgo #559152
* src/nm-pptp-pppd-plugin.c
- (nm_ip_up): remote peer's address is the PTP address, not the external
gateway address
* src/nm-pptp-service.c
- (construct_pppd_args): allow easier PPP debugging
- (service_ip4_config_cb): insert the VPN gateway's public IP address
into the IP4 config
- (real_connect, real_disconnect, state_changed_cb, dispose): cache
the connection so that the VPN gateway's public IP address can be
retrieved from it when the IP4 config comes back from pppd
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4255 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Patch from Carlos Martín Nieto <carlos@cmartin.tk> (and me) (bgo #547582)
* properties/nm-vpnc.c
- (import, fill_vpn_passwords): import passwords too
- (decrypt_cisco_key, child_stdout_data_cb, decrypt_child_finished_cb):
call out to cisco-decrypt if present to de-obfuscate the group
password
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4252 4912f4e0-d625-0410-9fb7-b9a5a253dbdc