1. 01 Aug, 2014 4 commits
    • Dan Winship's avatar
      libnm: add NetworkManager.h, disallow including individual headers · d0b05b34
      Dan Winship authored
      Add NetworkManager.h, which includes all of the other NM header, and
      require all external users of libnm to use that rather than the
      individual headers.
      (An exception is made for nm-dbus-interface.h,
      nm-vpn-dbus-interface.h, and nm-version.h, which can be included
    • Dan Winship's avatar
      libnm: fix up class struct reserved slots · 2fc55941
      Dan Winship authored
      Add reserved slots to those classes that were missing them (or had run
      out), and sync up the number of slots across classes:
        - 8 slots for "important" classes, abstract base classes, and
          classes we expect we might need to add new virtual methods or
          signals to later.
        - 4 for everything else
      Also, rearrange the class elements in a few places into standard order
      (signals first, then methods).
    • Dan Winship's avatar
      libnm: remove Since tags and NM_AVAILABLE_IN_* attributes · b4ae6eae
      Dan Winship authored
      Everything currently in libnm has always been there.
    • Dan Winship's avatar
      libnm: add libnm/libnm-core (part 1) · d595f784
      Dan Winship authored
      This commit begins creating the new "libnm", which will replace
      libnm-util and libnm-glib.
      The main reason for the libnm-util/libnm-glib split is that the daemon
      needs to link to libnm-util (to get NMSettings, NMConnection, etc),
      but can't link to libnm-glib (because it uses many of the same type
      names as the NetworkManager daemon. eg, NMDevice). So the daemon links
      to only libnm-util, but basically all clients link to both.
      With libnm, there will be only a single client-visible library, and
      NetworkManager will internally link against a private "libnm-core"
      containing the parts that used to be in libnm-util.
      (The "libnm-core" parts still need to be in their own directory so
      that the daemon can see those header files without also seeing the
      ones in libnm/ that conflict with its own headers.)
      [This commit just copies the source code from libnm-util/ to
      libnm-core/, and libnm-glib/ to libnm/:
        mkdir -p libnm-core/tests/
        mkdir -p libnm/tests/
        cp libnm-util/*.[ch] libnm-util/nm-version.h.in libnm-core/
        rm -f libnm-core/nm-version.h libnm-core/nm-setting-template.[ch] libnm-core/nm-utils-enum-types.[ch]
        cp libnm-util/tests/*.[ch] libnm-core/tests/
        cp libnm-glib/*.[ch] libnm/
        rm -f libnm/libnm_glib.[ch] libnm/libnm-glib-test.c libnm/nm-glib-enum-types.[ch]
        cp libnm-glib/tests/*.[ch] libnm/tests/
  2. 15 Jul, 2014 1 commit
    • Dan Winship's avatar
      libnm-util, libnm-glib: standardize copyright/license headers · cb7e1893
      Dan Winship authored
      - Remove list of authors from files that had them; these serve no
        purpose except to quickly get out of date (and were only used in
        libnm-util and not libnm-glib anyway).
      - Just say "Copyright", not "(C) Copyright" or "Copyright (C)"
      - Put copyright statement after the license, not before
      - Remove "NetworkManager - Network link manager" from the few files
        that contained it, and "libnm_glib -- Access network status &
        information from glib applications" from the many files that
        contained it.
      - Remove vim modeline from nm-device-olpc-mesh.[ch], add emacs modeline
        to files that were missing it.
  3. 28 Feb, 2014 1 commit
  4. 27 Jul, 2012 1 commit
  5. 12 Mar, 2012 1 commit
    • Dan Winship's avatar
      Fix names of error enum values · 54ef8f32
      Dan Winship authored
      When NM was registering all of its enum types by hand, it was using
      NamesLikeThis rather than the default names-like-this for the "nick"
      values. When we switched to using glib-mkenums, this resulted in
      dbus-glib using different strings for the D-Bus error names, causing
      compatibility problems.
      Fix this by using glib-mkenums annotations to manually fix all the
      enum values back to what they were before. (This can't be done in a
      more automated way, because the old names aren't 100% consistent. Eg,
      "UNKNOWN" frequently becomes "UnknownError" rather than just
  6. 15 Feb, 2012 1 commit
    • Dan Winship's avatar
      Use glib-mkenums to generate enum types · 839eab55
      Dan Winship authored
      Rather than generating enum classes by hand (and complaining in each
      file that "this should really be standard"), use glib-mkenums.
      Unfortunately, we need a very new version of glib-mkenums in order to
      deal with NM's naming conventions and to fix a few other bugs, so just
      import that into the source tree temporarily.
      Also, to simplify the use of glib-mkenums, import Makefile.glib from
      To avoid having to run glib-mkenums for every subdirectory of src/,
      add a new "generated" directory, and put the generated enums files
      Finally, use Makefile.glib for marshallers too, and generate separate
      ones for libnm-glib and NetworkManager.
  7. 27 Jan, 2012 1 commit
  8. 22 Nov, 2011 1 commit
  9. 19 Aug, 2011 1 commit
    • Evan Broder's avatar
      settings: add 802.1X setting properties for subject and altsubject matches · 4f38f02a
      Evan Broder authored
      Includes subject_match and phase2_subject_match (string) parameters,
      and altsubject_matches and phase2_altsubject_matches (list of string)
      subject_match is matched against a substring of the subject from the
      certificate presented by the remote authentication server. If this
      option is unset, no subject verification is performed.
      altsubject_matches are each tested against the alternate subject name
      (altSubjectName) of the certificate presented by the remote
      authentication server. If this option is unset, no verification of the
      altSubjectName is performed.
  10. 02 Jul, 2011 1 commit
  11. 10 May, 2011 1 commit
    • Dan Williams's avatar
      libnm-util: clarify certificate and key argument names · ab56b8e9
      Dan Williams authored
      Clarify that these are supposed to be paths in the argument name;
      this shouldn't break API as it's just an argument rename.  Helps
      users figure out what the argument should be without as much trouble
      as 'value', which is what it was before.
  12. 02 Mar, 2011 1 commit
    • Dan Williams's avatar
      libnm-util: rework certificate and private key handling · 28e6523b
      Dan Williams authored
      First, it was not easily possible to set a private key without
      also providing a password.  This used to be OK, but now with
      secret flags it may be the case that when the connection is read,
      there's no private key password.  So functions that set the
      private key must account for NULL passwords.
      Unfortunately, the crytpo code did not handle this case well.
      We need to be able to independently (a) verify that a file looks
      like a certificate or private key and (b) that a given password
      decrypts a private key.  Previously the crypto code would fail
      to verify the file when the password was NULL.
      So this change fixes up the crytpo code for a more distinct
      split between these two operations, such that if no password is
      given, the file is still checked to ensure that it's a private
      key or a certificate.  If a password is given, the password is
      checked against the private key file.
      This commit also changes how private keys and certificates were
      handled with the BLOB scheme.  Previously only the first certificate
      or first private key was included in the property data, while now
      the entire file is encoded in the data.  This is intended to fix
      cases where multiple private keys or certificates are present in
      a PEM file.  It also allows clients to push certificate data to
      NetworkManager for storage in system settings locations, which was
      not as flexible before when only part of the certificate or key
      was sent as the data.
  13. 29 Jan, 2011 1 commit
    • Dan Williams's avatar
      libnm-util: add secret flags for each secret describing how the secret is stored · 5a7cf39a
      Dan Williams authored
      This allows the necessary flexibility when handling secrets; otherwise
      it wouldn't be known when NM should save secrets returned from agents
      to backing storage, or when the agents should store the secrets. We
      can't simply use lack of a secret in persistent storage as the indicator
      of this, as (for example) when creating a new connection without
      secrets the storage method would be abmiguous.
      At the same time, fold in "always ask" functionality for OTP tokens
      so user agents don't have to store that attribute themselves out-of-band.
  14. 28 Jan, 2011 2 commits
  15. 30 Sep, 2009 1 commit
  16. 25 Sep, 2009 1 commit
    • Dan Williams's avatar
      libnm-util: add 0.7 cert/key functions back · 71219015
      Dan Williams authored
      Since there's a more or less direct mapping between the 0.7.x and
      the 0.8.x certificate and key operations, we might as well just
      deprecate them instead of removing them entirely.
  17. 16 Sep, 2009 1 commit
  18. 04 Sep, 2009 1 commit
    • Dan Williams's avatar
      libnm-util: allow certificate/key paths · e5ed391f
      Dan Williams authored
      Overload the certificate and key properties to allow paths to the
      certificates and keys using a special prefix for the property data.
      Add API to libnm-util for easy certificate path handling, and
      documentation for NMSetting8021x.
  19. 21 Nov, 2008 1 commit
    • Dan Williams's avatar
      2008-11-21 Dan Williams <dcbw@redhat.com> · f30fba23
      Dan Williams authored
      	Patch from Tambet Ingo  <tambet@gmail.com>
      	* configure.in
      		- Add configure-time option for the system CA path
      		- Add 'system-ca-certs' option to 802.1x setting, which directs
      			NetworkManager to use system CA certificates instead of any
      			connection-defined CA certificates
      	* src/supplicant-manager/nm-supplicant-config.c
      		- Use system CA certificates if the connection says to do so
      git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4326 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
  20. 13 Nov, 2008 1 commit
    • Dan Williams's avatar
      2008-11-13 Dan Williams <dcbw@redhat.com> · e2f65ce1
      Dan Williams authored
      	Add support for PKCS#12 private keys (bgo #558982)
      	* libnm-util/crypto.c
      		- (parse_old_openssl_key_file): rename from parse_key_file(); adapt to
      			take a GByteArray instead of a filename
      		- (file_to_g_byte_array): handle private key files too
      		- (decrypt_key): take a GByteArray rather than data + len
      		- (crypto_get_private_key_data): refactor crypto_get_private_key() into
      			one function that takes a filename, and one that takes raw data;
      			detect pkcs#12 files as well
      		- (crypto_load_and_verify_certificate): detect file type
      		- (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection
      	* libnm-util/crypto_gnutls.c
      		- (crypto_decrypt): take GByteArray rather than data + len; fix a bug
      			whereby tail padding was incorrectly handled, leading to erroneous
      			successes when trying to decrypt the data
      		- (crypto_verify_cert): rework somewhat
      		- (crypto_verify_pkcs12): validate pkcs#12 keys
      	* libnm-util/crypto_nss.c
      		- (crypto_init): enable various pkcs#12 ciphers
      		- (crypto_decrypt): take a GByteArray rather than data + len
      		- (crypto_verify_cert): clean up
      		- (crypto_verify_pkcs12): validate pkcs#12 keys
      	* libnm-util/test-crypto.c
      		- Handle pkcs#12 keys
      	* libnm-util/nm-setting-8021x.c
      		- Add two new properties, 'private-key-password' and
      			'phase2-private-key-password', to be used in conjunction with
      			pkcs#12 keys
      		- (nm_setting_802_1x_set_ca_cert_from_file,
      		   nm_setting_802_1x_set_phase2_client_from_file): return certificate
      		- (nm_setting_802_1x_get_private_key_password,
      		   nm_setting_802_1x_get_phase2_private_key_password): return private
      			key passwords
      		- (nm_setting_802_1x_set_private_key_from_file,
      		   nm_setting_802_1x_set_phase2_private_key_from_file): set the private
      			key from a file, and update the private key password at the same time
      		- (nm_setting_802_1x_get_private_key_type,
      		   nm_setting_802_1x_get_phase2_private_key_type): return the private
      			key type
      	* src/supplicant-manager/nm-supplicant-settings-verify.c
      		- Whitelist private key passwords
      	* src/supplicant-manager/nm-supplicant-config.c
      		- (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys,
      			add the private key password to the supplicant config, but do not
      			add the client certificate (as required by wpa_supplicant)
      git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
  21. 30 Oct, 2008 1 commit
  22. 27 Jul, 2008 1 commit
  23. 12 Jun, 2008 1 commit
  24. 19 May, 2008 1 commit
    • Tambet Ingo's avatar
      2008-05-15 Tambet Ingo <tambet@gmail.com> · 40a69f98
      Tambet Ingo authored
      	Move crypto functions from nm-applet to libnm-util.
      	* libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert)
      	(nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate
      	file (or private key and it's password), read the certificate data.
      	* libnm-util/crypto_nss.c:
      	* libnm-util/crypto_gnutls.c:
      	* libnm-util/crypto.[ch]: Move here from nm-applet.
      	* configure.in: Check for NSS and gnutls here (moved here from nm-applet).
      	* system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings):
      	Imlement WPA-EAP configuration reading from sysconfig.
      git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
  25. 17 Mar, 2008 1 commit
    • Dan Williams's avatar
      2008-03-17 Dan Williams <dcbw@redhat.com> · 70e79d60
      Dan Williams authored
      	Split the 802.1x bits out of the wireless-security setting so they are
      	generalized enough for wired 802.1x to use too.
      	* introspection/nm-exported-connection.xml
      		- GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead
      			of just a hash of the secrets for one setting
      	* libnm-util/nm-setting-wireless-security.c
      		- Remove 802.1x-specific stuff
      		- Added leap-username and leap-password properties for old-school LEAP
      	* src/nm-device.c
      		- (connection_secrets_updated_cb): take a list of updated settings names,
      			not just one
      	* src/supplicant-manager/nm-supplicant-config.c
      		- (nm_supplicant_config_add_setting_wireless_security): remove 802.1x
      			specific stuff; fix for updated LEAP bits; punt 802.1x stuff
      			to nm_supplicant_config_add_setting_8021x()
      		- (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to
      			the supplicant config
      	* src/nm-device-802-11-wireless.c
      		- (build_supplicant_config): pass in the 802.1x setting too, if any
      		- (real_connection_secrets_updated): take a list of updated settings
      			names, not just one
      	* src/nm-device-802-3-ethernet.c
      		- (real_connection_secrets_updated_cb): take a list of updated settings
      			names, not just one
      	* src/nm-activation-request.c
      		- (nm_act_request_class_init): the 'connection-secrets-updated' signal
      			now passes a list of updated settings names, not just one
      		- (update_one_setting): new function; handle one updated setting
      		- (get_secrets_cb): handle multiple settings returned from the
      			settings service; have to be careful of ordering here as there are
      			some dependencies between settings (ex. wireless-security and 802.1x
      			in some cases)
      	* src/marshallers/nm-marshal.list
      		- new marshaller for connection-secrets-updated signal
      	* libnm-util/nm-setting-8021x.c
      		- Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth
      		- (verify): a valid 'eap' property is now required
      	* libnm-util/nm-connection.c
      		- (register_default_settings): add priorities to settings; there are
      			some dependencies between settings, and during the need_secrets
      			calls this priority needs to be respected.  For example, only the
      			wireless-security setting knows whether or not the connection is
      			going to use 802.1x or now, so it must be asked for secrets before
      			any existing 802.1x setting is
      		- (nm_connection_lookup_setting_type): expose
      	* libnm-util/nm-setting-wireless.c
      		- (verify): should verify even if all_settings is NULL; otherwise won't
      			catch the case where there is missing security
      	* libnm-util/nm-setting-wireless-security.c
      		- Remove everything to do with 802.1x
      		- Add old-school LEAP specific properties for username and password
      		- (need_secrets): rework LEAP secrets checking
      		- (verify): rework for LEAP and 802.1x verification
      git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
  26. 14 Mar, 2008 1 commit