Previously, we would check that all characters are ASCII. But we would
also accept NUL characters (and truncate on the first NUL).
Now:
- reject any NUL characters inside the string (except trailing NUL).
- accept all characters, and if necessary backslash-encode non UTF-8.
The hostname is in the end a string, which means it must be in a known,
sensible encoding (UTF-8). Previously, we would not ensure the encoding,
nor that the hostname was valid.
Fix that. Follow what systemd does with lease_parse_domain().
See-also: https://tools.ietf.org/html/rfc2132#section-3.14
It's not clear why the option argument would be optional.
Also, it's not optional for nm_dhcp_option_take_option().
Add an nm_assert() to catch such wrong uses.
NMStrBuf's API is all about convenience. When you reset the buffer,
is it convenient to immediately append a new string?
It seems not. Make nm_str_buf_reset() simpler by doing only one thing.
If previously the profile would track two addresses ("10.116.1.130/24",
"10.116.1.65/24"), and during an update the second address was removed
(leaving "10.116.1.130/24"), then the addresses of the profile were
wrongly not changed.
The effect is that removing a secondary IP address might not take
effect.
Fix that.
https://bugzilla.redhat.com/show_bug.cgi?id=1920838
Fixes: 69f048bf0c ('cloud-setup: add tool for automatic IP configuration in cloud')
No big change, but eventually I' like to move all source
directories under src/. That must be done one after the other,
so the first step is to move libnm-core/ into src/. If libnm
gets loaded in between, that causes odd ordering.
"src/core" should not depend on "libnm" and vice versa, so this
should have little effect for now.
IWD's "open" networks can be either unsecured or use OWE and "psk"
networks may be using WPA2 personal or WPA3 personal so when looking for
an exsiting NMSettingsConnection matching an IWD KnownNetwork, also
check for these connection key_mgmt types.
Add explicit checks for AP and ADHOC connection modes to exclude OWE and
SAE as they're not supported by IWD in those modes and we don't want to
make it appear like a connection of this type was successfully
activated.
In Infrastructure mode there's won't be any way to know whether IWDxi
established an OWE or unsecured connection (or WPA2-PSK vs. SAE)
regardless of what was set in the NMConnection and it's not considered
to be meaningful (also isn't normally exposed in a GUI) although you
could argue OWE vs. unsecured is a big difference.
IWD doesn't expose on D-Bus, or in the network profile files, the
information on whether a network has no security or uses OWE so they
should be the same thing to the iwd backend (similarly WPA2-Personal and
WPA3-Personal/SAE). But OWE implies some security against some attacks
so the NONE naming could be misleading.
phase2-auth applies for EAP-TTLS and EAP-PEAP but the interpretation is
different for one than for the other, clarify the difference.
phase2-auth is for the non-EAP inner methods of EAP-TTLS but is also for
the EAP inner methods of EAP-PEAP. EAP-PEAP doesn't use phase2-autheap
and doesn't support any non-EAP methods.
Given how complicated EAP configuration is it's likely that people just
use example configurations rather than look at the docs. The example
configuration in man/nm-settings-keyfile.xsl is correct in using PEAP
together with phase2-auth=mschapv2.
[thaller@redhat.com: regenerate documentation files]
We redefine G_VARIANT_TYPE() because we don't want to pay a run time
check for what should be a simple cast.
But this is strictly tied to glib, and it must only be done after glib.h
was included. Move it to the right place.
"nm-version-macros.h" is used directly by libnm-core and indirectly by
libnm and core.
Let's not have it randomly under shared/. Move it closer to where it's
used.
Before there was a licensing conflict between the keyfile code
(libnm-keyfile) and libnm. The latter would require LGPL-2.1+ while
keyfile code was GPL-2.0+.
Consequently we were linking libnm-keyfile into the daemon, but not in
libnm.so.
This conflict has been resolved and keyfile API is part of libnm.so.
There is no more need to build a separate (intermediary) library. Merge
them.
This also makes sense because keyfile code needs access to private code
from libnm-core. It is closely tied to libnm-core, so that building them
separate makes no sense (anymore).
