1. 30 Apr, 2018 1 commit
  2. 09 Mar, 2017 1 commit
    • Thomas Haller's avatar
      include: use double-quotes to include our own headers · 831286df
      Thomas Haller authored
      In practice, this should only matter when there are multiple
      header files with the same name. That is something we try
      to avoid already, by giving headers a distinct name.
      
      When building NetworkManager itself, we clearly want to use
      double-quotes for including our own headers.
      But we also want to do that in our public headers. For example:
      
        ./a.c
          #include <stdio.h>
          #include <nm-1.h>
          void main() {
              printf ("INCLUDED %s/nm-2.h\n", SYMB);
          }
      
        ./1/nm-1.h
          #include <nm-2.h>
      
        ./1/nm-2.h
          #define SYMB "1"
      
        ./2/nm-2.h
          #define SYMB "2"
      
      $ cc -I./2 -I./1 ./a.c
      $ ./a.out
      INCLUDED 2/nm-2.h
      
      Exceptions to this are
        - headers in "shared/nm-utils" that include <NetworkManager.h>. These
          headers are copied into projects and hence used like headers owned by
          those projects.
        - examples/C
      831286df
  3. 18 Dec, 2014 1 commit
  4. 15 Jul, 2014 1 commit
    • Dan Winship's avatar
      libnm-util, libnm-glib: standardize copyright/license headers · cb7e1893
      Dan Winship authored
      - Remove list of authors from files that had them; these serve no
        purpose except to quickly get out of date (and were only used in
        libnm-util and not libnm-glib anyway).
      
      - Just say "Copyright", not "(C) Copyright" or "Copyright (C)"
      
      - Put copyright statement after the license, not before
      
      - Remove "NetworkManager - Network link manager" from the few files
        that contained it, and "libnm_glib -- Access network status &
        information from glib applications" from the many files that
        contained it.
      
      - Remove vim modeline from nm-device-olpc-mesh.[ch], add emacs modeline
        to files that were missing it.
      cb7e1893
  5. 28 Feb, 2014 1 commit
  6. 27 Jul, 2012 1 commit
  7. 12 Mar, 2012 1 commit
    • Dan Winship's avatar
      Fix names of error enum values · 54ef8f32
      Dan Winship authored
      When NM was registering all of its enum types by hand, it was using
      NamesLikeThis rather than the default names-like-this for the "nick"
      values. When we switched to using glib-mkenums, this resulted in
      dbus-glib using different strings for the D-Bus error names, causing
      compatibility problems.
      
      Fix this by using glib-mkenums annotations to manually fix all the
      enum values back to what they were before. (This can't be done in a
      more automated way, because the old names aren't 100% consistent. Eg,
      "UNKNOWN" frequently becomes "UnknownError" rather than just
      "Unknown".)
      54ef8f32
  8. 15 Feb, 2012 1 commit
    • Dan Winship's avatar
      Use glib-mkenums to generate enum types · 839eab55
      Dan Winship authored
      Rather than generating enum classes by hand (and complaining in each
      file that "this should really be standard"), use glib-mkenums.
      
      Unfortunately, we need a very new version of glib-mkenums in order to
      deal with NM's naming conventions and to fix a few other bugs, so just
      import that into the source tree temporarily.
      
      Also, to simplify the use of glib-mkenums, import Makefile.glib from
      https://bugzilla.gnome.org/654395.
      
      To avoid having to run glib-mkenums for every subdirectory of src/,
      add a new "generated" directory, and put the generated enums files
      there.
      
      Finally, use Makefile.glib for marshallers too, and generate separate
      ones for libnm-glib and NetworkManager.
      839eab55
  9. 27 Jan, 2012 1 commit
  10. 22 Nov, 2011 1 commit
  11. 19 Aug, 2011 1 commit
    • Evan Broder's avatar
      settings: add 802.1X setting properties for subject and altsubject matches · 4f38f02a
      Evan Broder authored
      Includes subject_match and phase2_subject_match (string) parameters,
      and altsubject_matches and phase2_altsubject_matches (list of string)
      parameters.
      
      subject_match is matched against a substring of the subject from the
      certificate presented by the remote authentication server. If this
      option is unset, no subject verification is performed.
      
      altsubject_matches are each tested against the alternate subject name
      (altSubjectName) of the certificate presented by the remote
      authentication server. If this option is unset, no verification of the
      altSubjectName is performed.
      4f38f02a
  12. 02 Jul, 2011 1 commit
  13. 10 May, 2011 1 commit
    • Dan Williams's avatar
      libnm-util: clarify certificate and key argument names · ab56b8e9
      Dan Williams authored
      Clarify that these are supposed to be paths in the argument name;
      this shouldn't break API as it's just an argument rename.  Helps
      users figure out what the argument should be without as much trouble
      as 'value', which is what it was before.
      ab56b8e9
  14. 02 Mar, 2011 1 commit
    • Dan Williams's avatar
      libnm-util: rework certificate and private key handling · 28e6523b
      Dan Williams authored
      First, it was not easily possible to set a private key without
      also providing a password.  This used to be OK, but now with
      secret flags it may be the case that when the connection is read,
      there's no private key password.  So functions that set the
      private key must account for NULL passwords.
      
      Unfortunately, the crytpo code did not handle this case well.
      We need to be able to independently (a) verify that a file looks
      like a certificate or private key and (b) that a given password
      decrypts a private key.  Previously the crypto code would fail
      to verify the file when the password was NULL.
      
      So this change fixes up the crytpo code for a more distinct
      split between these two operations, such that if no password is
      given, the file is still checked to ensure that it's a private
      key or a certificate.  If a password is given, the password is
      checked against the private key file.
      
      This commit also changes how private keys and certificates were
      handled with the BLOB scheme.  Previously only the first certificate
      or first private key was included in the property data, while now
      the entire file is encoded in the data.  This is intended to fix
      cases where multiple private keys or certificates are present in
      a PEM file.  It also allows clients to push certificate data to
      NetworkManager for storage in system settings locations, which was
      not as flexible before when only part of the certificate or key
      was sent as the data.
      28e6523b
  15. 29 Jan, 2011 1 commit
    • Dan Williams's avatar
      libnm-util: add secret flags for each secret describing how the secret is stored · 5a7cf39a
      Dan Williams authored
      This allows the necessary flexibility when handling secrets; otherwise
      it wouldn't be known when NM should save secrets returned from agents
      to backing storage, or when the agents should store the secrets. We
      can't simply use lack of a secret in persistent storage as the indicator
      of this, as (for example) when creating a new connection without
      secrets the storage method would be abmiguous.
      
      At the same time, fold in "always ask" functionality for OTP tokens
      so user agents don't have to store that attribute themselves out-of-band.
      5a7cf39a
  16. 28 Jan, 2011 2 commits
  17. 30 Sep, 2009 1 commit
  18. 25 Sep, 2009 1 commit
    • Dan Williams's avatar
      libnm-util: add 0.7 cert/key functions back · 71219015
      Dan Williams authored
      Since there's a more or less direct mapping between the 0.7.x and
      the 0.8.x certificate and key operations, we might as well just
      deprecate them instead of removing them entirely.
      71219015
  19. 16 Sep, 2009 1 commit
  20. 04 Sep, 2009 1 commit
    • Dan Williams's avatar
      libnm-util: allow certificate/key paths · e5ed391f
      Dan Williams authored
      Overload the certificate and key properties to allow paths to the
      certificates and keys using a special prefix for the property data.
      Add API to libnm-util for easy certificate path handling, and
      documentation for NMSetting8021x.
      e5ed391f
  21. 21 Nov, 2008 1 commit
    • Dan Williams's avatar
      2008-11-21 Dan Williams <dcbw@redhat.com> · f30fba23
      Dan Williams authored
      	Patch from Tambet Ingo  <tambet@gmail.com>
      
      	* configure.in
      	  libnm-util/libnm-util.ver
      	  libnm-util/nm-setting-8021x.c
      	  libnm-util/nm-setting-8021x.h
      		- Add configure-time option for the system CA path
      		- Add 'system-ca-certs' option to 802.1x setting, which directs
      			NetworkManager to use system CA certificates instead of any
      			connection-defined CA certificates
      
      	* src/supplicant-manager/nm-supplicant-config.c
      	  src/supplicant-manager/nm-supplicant-settings-verify.c
      		- Use system CA certificates if the connection says to do so
      
      
      
      git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4326 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
      f30fba23
  22. 13 Nov, 2008 1 commit
    • Dan Williams's avatar
      2008-11-13 Dan Williams <dcbw@redhat.com> · e2f65ce1
      Dan Williams authored
      	Add support for PKCS#12 private keys (bgo #558982)
      
      	* libnm-util/crypto.c
      	  libnm-util/crypto.h
      		- (parse_old_openssl_key_file): rename from parse_key_file(); adapt to
      			take a GByteArray instead of a filename
      		- (file_to_g_byte_array): handle private key files too
      		- (decrypt_key): take a GByteArray rather than data + len
      		- (crypto_get_private_key_data): refactor crypto_get_private_key() into
      			one function that takes a filename, and one that takes raw data;
      			detect pkcs#12 files as well
      		- (crypto_load_and_verify_certificate): detect file type
      		- (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection
      			functions
      
      	* libnm-util/crypto_gnutls.c
      		- (crypto_decrypt): take GByteArray rather than data + len; fix a bug
      			whereby tail padding was incorrectly handled, leading to erroneous
      			successes when trying to decrypt the data
      		- (crypto_verify_cert): rework somewhat
      		- (crypto_verify_pkcs12): validate pkcs#12 keys
      
      	* libnm-util/crypto_nss.c
      		- (crypto_init): enable various pkcs#12 ciphers
      		- (crypto_decrypt): take a GByteArray rather than data + len
      		- (crypto_verify_cert): clean up
      		- (crypto_verify_pkcs12): validate pkcs#12 keys
      
      	* libnm-util/test-crypto.c
      		- Handle pkcs#12 keys
      
      	* libnm-util/nm-setting-8021x.c
      	  libnm-util/nm-setting-8021x.h
      	  libnm-util/libnm-util.ver
      		- Add two new properties, 'private-key-password' and
      			'phase2-private-key-password', to be used in conjunction with
      			pkcs#12 keys
      		- (nm_setting_802_1x_set_ca_cert_from_file,
      		   nm_setting_802_1x_set_client_cert_from_file,
      		   nm_setting_802_1x_set_phase2_ca_cert_from_file,
      		   nm_setting_802_1x_set_phase2_client_from_file): return certificate
      			type
      		- (nm_setting_802_1x_get_private_key_password,
      		   nm_setting_802_1x_get_phase2_private_key_password): return private
      			key passwords
      		- (nm_setting_802_1x_set_private_key_from_file,
      		   nm_setting_802_1x_set_phase2_private_key_from_file): set the private
      			key from a file, and update the private key password at the same time
      		- (nm_setting_802_1x_get_private_key_type,
      		   nm_setting_802_1x_get_phase2_private_key_type): return the private
      			key type
      
      	* src/supplicant-manager/nm-supplicant-settings-verify.c
      		- Whitelist private key passwords
      
      	* src/supplicant-manager/nm-supplicant-config.c
      		- (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys,
      			add the private key password to the supplicant config, but do not
      			add the client certificate (as required by wpa_supplicant)
      
      
      
      git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
      e2f65ce1
  23. 30 Oct, 2008 1 commit
  24. 27 Jul, 2008 1 commit
  25. 12 Jun, 2008 1 commit
  26. 19 May, 2008 1 commit
    • Tambet Ingo's avatar
      2008-05-15 Tambet Ingo <tambet@gmail.com> · 40a69f98
      Tambet Ingo authored
      	Move crypto functions from nm-applet to libnm-util.
      
      	* libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert)
      	(nm_setting_802_1x_set_client_cert)
      	(nm_setting_802_1x_set_phase2_ca_cert)
      	(nm_setting_802_1x_set_phase2_client_cert)
      	(nm_setting_802_1x_set_private_key)
      	(nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate
      	file (or private key and it's password), read the certificate data.
      
      	* libnm-util/crypto_nss.c:
      	* libnm-util/crypto_gnutls.c:
      	* libnm-util/crypto.[ch]: Move here from nm-applet.
      
      	* configure.in: Check for NSS and gnutls here (moved here from nm-applet).
      
      	* system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings):
      	Imlement WPA-EAP configuration reading from sysconfig.
      
      
      git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
      40a69f98
  27. 17 Mar, 2008 1 commit
    • Dan Williams's avatar
      2008-03-17 Dan Williams <dcbw@redhat.com> · 70e79d60
      Dan Williams authored
      	Split the 802.1x bits out of the wireless-security setting so they are
      	generalized enough for wired 802.1x to use too.
      
      	* introspection/nm-exported-connection.xml
      		- GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead
      			of just a hash of the secrets for one setting
      
      	* libnm-util/nm-setting-wireless-security.c
      	  libnm-util/nm-setting-wireless-security.h
      		- Remove 802.1x-specific stuff
      		- Added leap-username and leap-password properties for old-school LEAP
      
      	* src/nm-device.c
      	  src/nm-device.h
      		- (connection_secrets_updated_cb): take a list of updated settings names,
      			not just one
      
      	* src/supplicant-manager/nm-supplicant-config.c
      	  src/supplicant-manager/nm-supplicant-config.h
      		- (nm_supplicant_config_add_setting_wireless_security): remove 802.1x
      			specific stuff; fix for updated LEAP bits; punt 802.1x stuff
      			to nm_supplicant_config_add_setting_8021x()
      		- (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to
      			the supplicant config
      
      	* src/nm-device-802-11-wireless.c
      		- (build_supplicant_config): pass in the 802.1x setting too, if any
      		- (real_connection_secrets_updated): take a list of updated settings
      			names, not just one
      
      	* src/nm-device-802-3-ethernet.c
      	  src/nm-cdma-device.c
      	  src/nm-gsm-device.c
      		- (real_connection_secrets_updated_cb): take a list of updated settings
      			names, not just one
      
      	* src/nm-activation-request.c
      	  src/nm-activation-request.h
      		- (nm_act_request_class_init): the 'connection-secrets-updated' signal
      			now passes a list of updated settings names, not just one
      		- (update_one_setting): new function; handle one updated setting
      		- (get_secrets_cb): handle multiple settings returned from the
      			settings service; have to be careful of ordering here as there are
      			some dependencies between settings (ex. wireless-security and 802.1x
      			in some cases)
      
      	* src/marshallers/nm-marshal.list
      		- new marshaller for connection-secrets-updated signal
      
      	* libnm-util/nm-setting-8021x.c
      		- Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth
      			methods
      		- (verify): a valid 'eap' property is now required
      
      	* libnm-util/nm-connection.c
      		- (register_default_settings): add priorities to settings; there are
      			some dependencies between settings, and during the need_secrets
      			calls this priority needs to be respected.  For example, only the
      			wireless-security setting knows whether or not the connection is
      			going to use 802.1x or now, so it must be asked for secrets before
      			any existing 802.1x setting is
      		- (nm_connection_lookup_setting_type): expose
      
      	* libnm-util/nm-setting-wireless.c
      		- (verify): should verify even if all_settings is NULL; otherwise won't
      			catch the case where there is missing security
      
      	* libnm-util/nm-setting-wireless-security.c
      		- Remove everything to do with 802.1x
      		- Add old-school LEAP specific properties for username and password
      		- (need_secrets): rework LEAP secrets checking
      		- (verify): rework for LEAP and 802.1x verification
      
      
      
      git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
      70e79d60
  28. 14 Mar, 2008 1 commit