With supplicant patches, this allows NM to figure out when the supplicant
is performing an unsolicited scan, and thus to not run periodic_update()
when the supplicant is scanning.
This fixes some of the causes of "roaming to none", especially in hidden
SSID networks. In those cases, after NM had requested a broadcast scan,
the hidden SSID AP would likely not show up in the scan results, leading
to the supplicant performing a specific SSID scan that NetworkManager
was unaware of. While that specific SSID scan was going on, NM could
run periodic_update() and pull the wrong frequency off the card,
leading to the "roaming to none" message when the associated AP with
the wrong frequency could not be found in the scan list.
Instead of requiring applets to hash passphrases, just do it in NM instead.
This should fix confusion where people don't understand that they are seeing
their hashed passphrase.
Previously requiring only v1 was possible, but there are apparently
so many different implementations of v1 that sometimes you have to force
v0 instead.
0.7 requires dbus 1.1 or greater (for system bus activation), so make that
explicit, and remove compat code for D-Bus 0.6 and earlier. Consolidate
the various glib pkgconfig checks into one, since most anything will require
gthread, glib, and gobject anyway. Fixup the docs makefile to be more
automake-compatible and let 'make clean' actually work correctly when
docs are built.
Patch from Tambet Ingo <tambet@gmail.com>
* configure.in
libnm-util/libnm-util.ver
libnm-util/nm-setting-8021x.c
libnm-util/nm-setting-8021x.h
- Add configure-time option for the system CA path
- Add 'system-ca-certs' option to 802.1x setting, which directs
NetworkManager to use system CA certificates instead of any
connection-defined CA certificates
* src/supplicant-manager/nm-supplicant-config.c
src/supplicant-manager/nm-supplicant-settings-verify.c
- Use system CA certificates if the connection says to do so
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4326 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Add support for PKCS#12 private keys (bgo #558982)
* libnm-util/crypto.c
libnm-util/crypto.h
- (parse_old_openssl_key_file): rename from parse_key_file(); adapt to
take a GByteArray instead of a filename
- (file_to_g_byte_array): handle private key files too
- (decrypt_key): take a GByteArray rather than data + len
- (crypto_get_private_key_data): refactor crypto_get_private_key() into
one function that takes a filename, and one that takes raw data;
detect pkcs#12 files as well
- (crypto_load_and_verify_certificate): detect file type
- (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection
functions
* libnm-util/crypto_gnutls.c
- (crypto_decrypt): take GByteArray rather than data + len; fix a bug
whereby tail padding was incorrectly handled, leading to erroneous
successes when trying to decrypt the data
- (crypto_verify_cert): rework somewhat
- (crypto_verify_pkcs12): validate pkcs#12 keys
* libnm-util/crypto_nss.c
- (crypto_init): enable various pkcs#12 ciphers
- (crypto_decrypt): take a GByteArray rather than data + len
- (crypto_verify_cert): clean up
- (crypto_verify_pkcs12): validate pkcs#12 keys
* libnm-util/test-crypto.c
- Handle pkcs#12 keys
* libnm-util/nm-setting-8021x.c
libnm-util/nm-setting-8021x.h
libnm-util/libnm-util.ver
- Add two new properties, 'private-key-password' and
'phase2-private-key-password', to be used in conjunction with
pkcs#12 keys
- (nm_setting_802_1x_set_ca_cert_from_file,
nm_setting_802_1x_set_client_cert_from_file,
nm_setting_802_1x_set_phase2_ca_cert_from_file,
nm_setting_802_1x_set_phase2_client_from_file): return certificate
type
- (nm_setting_802_1x_get_private_key_password,
nm_setting_802_1x_get_phase2_private_key_password): return private
key passwords
- (nm_setting_802_1x_set_private_key_from_file,
nm_setting_802_1x_set_phase2_private_key_from_file): set the private
key from a file, and update the private key password at the same time
- (nm_setting_802_1x_get_private_key_type,
nm_setting_802_1x_get_phase2_private_key_type): return the private
key type
* src/supplicant-manager/nm-supplicant-settings-verify.c
- Whitelist private key passwords
* src/supplicant-manager/nm-supplicant-config.c
- (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys,
add the private key password to the supplicant config, but do not
add the client certificate (as required by wpa_supplicant)
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/supplicant-manager/nm-supplicant-interface.c
(nm_supplicant_interface_disconnect): Don't increment the reference
count when disconnecting. The problem is on shutdown, when the replies
to these commands do not arrive before NM exits, resulting on never
calling supplicant interface's dispose(), which removes the interface
from supplicant.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4093 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/supplicant-manager/nm-supplicant-interface.c
- (request_scan_results, nm_supplicant_interface_dispose,
wpas_iface_query_scan_results): cleanup; scan_results_timeout is now
the id of the timeout, not a GSource
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3784 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Fix memory leaks.
* system-settings/src/nm-system-config-hal-manager.c (get_type_for_udi):
Free data returned from dbus method call.
* system-settings/src/nm-polkit-helpers.c (check_polkit_privileges):
dbus_g_method_get_sender() returns a duplicated string, free it
when done.
(check_polkit_privileges): Looks like policykit sometimes returns
error and non-null return value, don't leak errors in that case.
* system-settings/src/main.c (find_plugin): Don't leak existing
plugin names.
(load_stuff): Don't leak device list and list items.
(have_connection_for_device): Don't leak connection list.
* system-settings/plugins/keyfile/reader.c (read_one_setting_value):
Free the data received from g_keyfile_get_*.
* system-settings/plugins/ifcfg-suse/parser.c (READ_WEP_KEY): Free
the key when the security object is updated.
* src/supplicant-manager/nm-supplicant-interface.c (scan_results_cb):
Free data returned from dbus method call.
(iface_state_cb): Ditto.
(add_network_cb): Ditto.
(nm_supplicant_interface_add_cb): Don't make another copy of already
duplicated object path.
(nm_supplicant_interface_add_to_supplicant): Free the driver GValue
when done.
* src/supplicant-manager/nm-supplicant-config.c
(ADD_STRING_LIST_VAL): Fix a memory leak.
* src/nm-manager.c (free_get_settings_info): Free the allocated
memory slice.
(list_connections_cb): Free data returned from dbus method call.
(system_settings_get_unmanaged_devices_cb): Ditto.
* src/nm-device-802-11-wireless.c (device_cleanup): Free ssid.
* system-settings/plugins/ifcfg-suse/shvar.c (svCloseFile):
* system-settings/plugins/ifcfg-fedora/shvar.c (svCloseFile):
* src/backends/shvar.c (svCloseFile): Free the duplicated content
of the GList.
* libnm-util/nm-setting.c (nm_setting_from_hash): Free the constructor
arguments after the object is created.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3721 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/supplicant-manager/nm-supplicant-settings-verify.c
- Switch 'bssid' from bytes to keyword type
- (validate_type_keyword): allow NULL keyword lists
* src/supplicant-manager/nm-supplicant-config.c
- (nm_supplicant_config_add_setting_wireless): convert the bssid from
a byte array to string form, which is what the supplicant expects
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3686 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Split the 802.1x bits out of the wireless-security setting so they are
generalized enough for wired 802.1x to use too.
* introspection/nm-exported-connection.xml
- GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead
of just a hash of the secrets for one setting
* libnm-util/nm-setting-wireless-security.c
libnm-util/nm-setting-wireless-security.h
- Remove 802.1x-specific stuff
- Added leap-username and leap-password properties for old-school LEAP
* src/nm-device.c
src/nm-device.h
- (connection_secrets_updated_cb): take a list of updated settings names,
not just one
* src/supplicant-manager/nm-supplicant-config.c
src/supplicant-manager/nm-supplicant-config.h
- (nm_supplicant_config_add_setting_wireless_security): remove 802.1x
specific stuff; fix for updated LEAP bits; punt 802.1x stuff
to nm_supplicant_config_add_setting_8021x()
- (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to
the supplicant config
* src/nm-device-802-11-wireless.c
- (build_supplicant_config): pass in the 802.1x setting too, if any
- (real_connection_secrets_updated): take a list of updated settings
names, not just one
* src/nm-device-802-3-ethernet.c
src/nm-cdma-device.c
src/nm-gsm-device.c
- (real_connection_secrets_updated_cb): take a list of updated settings
names, not just one
* src/nm-activation-request.c
src/nm-activation-request.h
- (nm_act_request_class_init): the 'connection-secrets-updated' signal
now passes a list of updated settings names, not just one
- (update_one_setting): new function; handle one updated setting
- (get_secrets_cb): handle multiple settings returned from the
settings service; have to be careful of ordering here as there are
some dependencies between settings (ex. wireless-security and 802.1x
in some cases)
* src/marshallers/nm-marshal.list
- new marshaller for connection-secrets-updated signal
* libnm-util/nm-setting-8021x.c
- Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth
methods
- (verify): a valid 'eap' property is now required
* libnm-util/nm-connection.c
- (register_default_settings): add priorities to settings; there are
some dependencies between settings, and during the need_secrets
calls this priority needs to be respected. For example, only the
wireless-security setting knows whether or not the connection is
going to use 802.1x or now, so it must be asked for secrets before
any existing 802.1x setting is
- (nm_connection_lookup_setting_type): expose
* libnm-util/nm-setting-wireless.c
- (verify): should verify even if all_settings is NULL; otherwise won't
catch the case where there is missing security
* libnm-util/nm-setting-wireless-security.c
- Remove everything to do with 802.1x
- Add old-school LEAP specific properties for username and password
- (need_secrets): rework LEAP secrets checking
- (verify): rework for LEAP and 802.1x verification
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/supplicant-manager/nm-supplicant-manager.c
- (poke_supplicant_cb): reschedule the poke as a timeout, don't let
glib automatically reschedule
- (nm_supplicant_manager_init): immediately try to start the supplicant
- (nm_supplicant_manager_name_owner_changed): immediately try to restart
the supplicant
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3285 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Fix gnome.org #464215. Requires the kernel patch titled
"Introduce WEXT scan capabilities" but will handle the patch not being
present, you'll just continue to have problems with hidden SSIDs when
using mac80211-based drivers.
* src/supplicant-manager/nm-supplicant-config.h
src/supplicant-manager/nm-supplicant-config.c
- (nm_supplicant_config_add_setting_wireless): new parameter to indicate
whether the driver supports SSID scans or not. If it does, and if
the AP is hidden, use ap_scan=1 instead of ap_scan=2
* src/nm-device-802-11-wireless.c
- (constructor): check whether or not the driver supports SSID scans
- (build_supplicant_config): pass driver SSID scan capability when
building the wireless bits of the supplicant config
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3230 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/supplicant-manager/nm-supplicant-settings-verify.c
- Allow 'frequency' network property
* src/supplicant-manager/nm-supplicant-config.c
src/supplicant-manager/nm-supplicant-config.h
- (nm_supplicant_config_add_setting_wireless): add 'adhoc_freq' argument
for callers to specify the frequency an Ad-Hoc network should operate
on. Some drivers require this to successfully create an Ad-Hoc
network.
* src/nm-device-802-11-wireless.c
- (iw_freq_to_uint32): new function; convert a struct iw_freq into a
guint32 value in MHz
- (constructor, nm_device_802_11_wireless_get_frequency): use
iw_freq_to_uint32()
- (find_supported_frequency): new function; find a free supported
frequency for a user-created Ad-Hoc network
- (build_supplicant_config): if no frequency was specified for a user-
created Ad-Hoc network, find a free one to use
- (real_act_stage1_prepare): mark Ad-Hoc connections that don't have
a specific object as user-created
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3196 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/supplicant-manager/nm-supplicant-config.c
- (nm_supplicant_config_add_setting_wireless_security): reorganize a bit
to only send some options when they make sense; also send phase2
option to the supplicant (possible fix for rh #399631)
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3143 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/supplicant-manager/nm-supplicant-settings-verify.c
- Allow fragment_size option
* src/supplicant-manager/nm-supplicant-settings-verify.c
- (nm_supplicant_config_add_setting_wireless_security): use a lower
EAP fragment size than the default to help some TLS connections
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3081 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Make certs actually work. The private key is now a secret, and should be
decrypted when requested by NM. The private key and phase2 private key
passwords are no longer interesting to NM because they should be used by
the settings service to decrypt the private key itself before passing it
to NM, and hence have been removed as fields.
* libnm-util/nm-setting-wireless-security.h
libnm-util/nm-setting-wireless-security.c
- Remove private-key-passwd and phase2-private-key-passwd from
properties
- (need_secrets_password, need_secrets_eappsk, need_secrets_sim,
need_secrets): use property #defines instead strings to keep things
consistent
- (need_secrets_tls): if a client certificate is present but no
private key, request the private key
- (set_property, get_property, nm_setting_wireless_security_class_init):
remove private key password stuff, mark private keys as secret
* src/supplicant-manager/nm-supplicant-settings-verify.c
- Remove private_key_passwd and private_key2_passwd from opt_table
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3080 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/supplicant-manager/nm-supplicant-config.c
- (nm_supplicant_config_add_setting_wireless_security): private key
passwords are never sent to wpa_supplicant, because the supplicant
should never be reading random files from the disk. Clients like
the applet are required to decrypt the private keys and send NM
the decrypted blobs.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3076 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Rework NMSetting structures: Move each setting to it's own file.
Convert to GObject. Remove home grown setting types and use
GTypes.
Use GObject property introspection for hash conversion,
enumerating
properties, etc.
* libnm-util/nm-setting-connection.[ch]
* libnm-util/nm-setting-ip4-config.[ch]
* libnm-util/nm-setting-ppp.[ch]
* libnm-util/nm-setting-vpn.[ch]
* libnm-util/nm-setting-vpn-properties.[ch]
* libnm-util/nm-setting-wired.[ch]
* libnm-util/nm-setting-wireless.[ch]
* libnm-util/nm-setting-wireless-security.[ch]
New files, each containing a setting.
* libnm-util/nm-setting-template.[ch]: A template for creating
* new
settings. To use it, just replace 'template' with the new
setting
name, and you're half-way done.
* libnm-util/nm-setting.c: Convert to GObject and use GObject
introspection instead of internal types and tables.
* libnm-util/nm-connection.c: Adapt the new NMSetting work.
* libnm-util/nm-param-spec-specialized.[ch]: Implement. Handles
GValue types defined by dbus-glib for composed types like
collections,
structures and maps.
* src/*: The API of NMSetting and NMConnection changed a bit:
* Getting
a setting from connection takes the setting type now. Also,
since
the settings are in multiple files, include relevant settings.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3068 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/supplicant-manager/nm-supplicant-config.c
- (nm_supplicant_config_add_blob): pass blob data and length for
verification
- (get_hash_cb): use GByteArrays rather than GArrays; easier to follow
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3020 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/supplicant-manager/nm-supplicant-interface.c
- (blob_free): correctly free blob data after use
- (call_set_blobs): use the right D-Bus interfaace for setBlobs
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3018 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
