mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-07-21 18:24:49 +00:00
![]() Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc |
||
---|---|---|
callouts | ||
docs | ||
examples/python | ||
gfilemonitor | ||
include | ||
initscript | ||
introspection | ||
libnm-glib | ||
libnm-util | ||
man | ||
marshallers | ||
po | ||
policy | ||
src | ||
system-settings | ||
test | ||
tools | ||
vpn-daemons | ||
.cvsignore | ||
.gitignore | ||
AUTHORS | ||
autogen.sh | ||
ChangeLog | ||
configure.in | ||
CONTRIBUTING | ||
COPYING | ||
MAINTAINERS | ||
Makefile.am | ||
NetworkManager.pc.in | ||
NEWS | ||
README | ||
TODO |
THEORY OF OPERATION: NetworkManager attempts to keep an active network connection available at all times. The point of NetworkManager is to make networking configuration and setup as painless and automatic as possible. If using DHCP, NetworkManager is _intended_ to replace default routes, obtain IP addresses from a DHCP server, and change nameservers whenever it sees fit. In effect, the goal of NetworkManager is to make networking Just Work. If you have special needs, we'd like to hear about them, but understand that NetworkManager is not intended to serve the needs of all users. From a list of all adapters currently installed on the system, NetworkManager will first try a wired and then a wireless adapter. Wireless adapters that support wireless scanning are preferred over ones that cannot. NetworkManager does not try to keep a connection up as long as possible, meaning that plugging into a wired network will switch the connection to the wired network away from the wireless one. For wireless networking support, NetworkManager keeps a list of wireless networks, the preferred list. Preferred Networks are wireless networks that the user has explicitly made NetworkManager associate with at some previous time. So if the user walks into a Starbucks and explicitly asks NetworkManager to associate with that Starbucks network, NetworkManager will remember the Starbucks network information from that point on. Upon returning to that Starbucks, NetworkManager will attempt to associate _automatically_ with the Starbucks network since it is now in the Preferred Networks list. The point of this is to ensure that only the user can determine which wireless networks to associate with, and that the user is aware which networks are security risks and which are not. STRUCTURE: NetworkManager runs as a root-user system level daemon, since it must manipulate hardware directly. It communicates over DBUS with a desktop-level per-user process, nm-applet. Since Preferred Networks are user-specific, there must be some mechanism of getting this information per-user. NetworkManager cannot store that information as it is user-specific, and therefore communicates over DBUS to the user daemon which provides those lists. NetworkManager also provides an API over DBUS for any DBUS-aware application to determine the current state of the network, including available wireless networks the computer is aware of and specific details about those networks. This API also provides the means for forcing NetworkManager to associate with a specific wireless network. Use of DBUS allows separation of NetworkManager, which requires no user-interface, and the parts of the user interface which might be desktop environment specific. The nm-applet provides a DBUS service called NetworkManagerInfo, which should provide to NetworkManager the Preferred Networks lists upon request. It also should be able to display a dialog to retrieve a WEP/WPA key or passphrase from the user when NetworkManager requests it. The GNOME version of NetworkManagerInfo, for example, stores Preferred Networks in GConf and WEP/WPA keys in gnome-keyring, and proxies that information to NetworkManager upon request.