fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-06-06 23:28:20 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/libnm-core
History
Thomas Haller 068d316822 libnm/802-1x: refactor setting certificate from path 
NMSetting8021x has various utility functions to set
the certificate:
  - nm_setting_802_1x_set_ca_cert()
  - nm_setting_802_1x_set_client_cert()
  - nm_setting_802_1x_set_private_key()
  - nm_setting_802_1x_set_phase2_ca_cert()
  - nm_setting_802_1x_set_phase2_client_cert()
  - nm_setting_802_1x_set_phase2_private_key()

They support:

 - accepting a plain PKCS11 URI, with scheme set to
   NM_SETTING_802_1X_CK_SCHEME_PKCS11.
 - accepting a filename, with scheme set to
   NM_SETTING_802_1X_CK_SCHEME_BLOB or
   NM_SETTING_802_1X_CK_SCHEME_PATH.

In the latter case, the function tries to load the file and verify it.
In case of the private-key setters, this also involves accepting a
password. Depending on whether the scheme is BLOB or PATH, the function
will either set the certificate to a PATH blob, or take the blob that
was read from file.

The functions seem misdesigned to me, because their behavior is
rather obscure. E.g. they behave fundamentally different, depending
on whether scheme is PKCS11 or BLOB/PATH.

Anyway, improve them:

- refactor the common code into a function _cert_impl_set(). Previously,
  their non-trivial implementations were copy+pasted several times,
  now they all use the same implementation.
- if the function is going to fail, don't touch the setting. Previously,
  the functions would first clear the certificate before trying to
  validate the input. It's more logical, that if a functions is going
  to fail to check for failure first and don't modify the settings.
- not every blob can be represented. For example, if we have a blob
  which starts with "file://", then there is no way to set it, simply
  because we don't support a prefix for blobs (like "data:;base64,").
  This means, if we try to set the certificate to a particular binary,
  we must check that the binary is interpreted with the expected scheme.
  Add this check.
2018-09-04 07:38:30 +02:00
..
tests libnm/802-1x: refactor setting certificate from path 2018-09-04 07:38:30 +02:00
meson.build build: enable building both crypto backends for tests 2018-09-04 07:38:30 +02:00
nm-connection-private.h build: refine the NETWORKMANAGER_COMPILATION define 2018-01-08 12:38:53 +01:00
nm-connection.c all: add connection.multi-connect property for wildcard profiles 2018-08-08 11:24:29 +02:00
nm-connection.h libnm-core: add SR-IOV setting 2018-07-11 16:16:22 +02:00
nm-core-enum-types.c.template core: add NMSettingWpan 2018-06-26 16:21:54 +02:00
nm-core-enum-types.h.template build: use template files for enum types' sources generation 2017-12-18 11:25:06 +01:00
nm-core-internal.h libnm/crypto: move and mark nm_utils_rsa_key_encrypt() as test code 2018-09-04 07:38:30 +02:00
nm-core-types-internal.h platform: rename instances of Wireguard to WireGuard 2018-08-06 08:34:27 +02:00
nm-core-types.h all: add 'match' setting 2018-08-11 09:41:07 +02:00
nm-crypto-gnutls.c libnm/crypto: clean crypto implementations for gnutls/nss 2018-09-04 07:38:30 +02:00
nm-crypto-impl.h libnm/crypto: refactor to use enum for supported ciphers 2018-09-04 07:38:30 +02:00
nm-crypto-nss.c libnm/crypto: clean crypto implementations for gnutls/nss 2018-09-04 07:38:30 +02:00
nm-crypto.c libnm/802-1x: refactor setting certificate from path 2018-09-04 07:38:30 +02:00
nm-crypto.h libnm/crypto: mark nm_crypto_make_des_aes_key() as test-only function 2018-09-04 07:38:30 +02:00
nm-dbus-interface.h all: add connection.multi-connect property for wildcard profiles 2018-08-08 11:24:29 +02:00
nm-dbus-utils.c all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-errors.c all: use NM_CACHED_QUARK_FCN() instead of G_DEFINE_QUARK() 2017-02-10 14:33:52 +01:00
nm-errors.h all: add new D-Bus API org.freedesktop.NetworkManager.Settings.Connection.Update2() 2017-12-05 11:50:52 +01:00
nm-json.c libnm-core: don't use RTLD_DEEPBIND when building with asan 2018-02-15 15:34:03 +01:00
nm-json.h libnm: only include "nm-jansson.h" from "nm-json.h" 2018-01-16 14:47:24 +01:00
nm-keyfile-internal.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-keyfile-utils.c all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-keyfile-utils.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-keyfile.c libnm/keyfile: avoid GByteArray to construct path uri in nm_keyfile_detect_unqualified_path_scheme() 2018-09-04 07:38:30 +02:00
nm-property-compare.c all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-property-compare.h build: refine the NETWORKMANAGER_COMPILATION define 2018-01-08 12:38:53 +01:00
nm-setting-6lowpan.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-6lowpan.h libnm-core: add NMSetting{6Lowpan,Wpan}Class to a public header 2018-06-29 22:34:23 +02:00
nm-setting-8021x.c libnm/802-1x: refactor setting certificate from path 2018-09-04 07:38:30 +02:00
nm-setting-8021x.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-setting-adsl.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-adsl.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-bluetooth.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-bluetooth.h core/bluetooth: add NAP type 2017-05-31 20:15:52 +02:00
nm-setting-bond.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-bond.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-bridge-port.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-bridge-port.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-bridge.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-bridge.h bridge: introduce a bridge.group-forward-mask connection property 2017-07-27 09:35:11 +02:00
nm-setting-cdma.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-cdma.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-connection.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-connection.h all: add connection.multi-connect property for wildcard profiles 2018-08-08 11:24:29 +02:00
nm-setting-dcb.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-dcb.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-setting-dummy.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-dummy.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-ethtool.c libnm, cli, ifcfg-rh: add NMSettingEthtool setting 2018-08-10 10:38:19 +02:00
nm-setting-ethtool.h all/ethtool: add support for all currently supported kernel features 2018-08-10 10:38:19 +02:00
nm-setting-generic.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-generic.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-gsm.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-gsm.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-infiniband.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-infiniband.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-ip-config.c libnm-core: remove wrong annotation in NMSettingIPConfig 2018-08-11 09:41:07 +02:00
nm-setting-ip-config.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-setting-ip-tunnel.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ip-tunnel.h ip-tunnel: add support for tunnel flags 2018-01-05 18:25:08 +01:00
nm-setting-ip4-config.c ip4-config: fix a typo 2018-08-19 13:56:14 +02:00
nm-setting-ip4-config.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-ip6-config.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ip6-config.h libnm-core: add ipv6.dhcp-duid property 2018-06-08 18:23:31 +02:00
nm-setting-macsec.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-macsec.h macsec: enable send-sci by default and make the option configurable 2018-06-14 15:13:11 +02:00
nm-setting-macvlan.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-macvlan.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-match.c all: add 'match' setting 2018-08-11 09:41:07 +02:00
nm-setting-match.h all: add 'match' setting 2018-08-11 09:41:07 +02:00
nm-setting-olpc-mesh.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-olpc-mesh.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-ovs-bridge.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ovs-bridge.h libnm-core: add ovs-bridge setting 2017-10-30 17:40:08 +01:00
nm-setting-ovs-interface.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ovs-interface.h libnm-core: add ovs-interface setting 2017-10-30 17:40:08 +01:00
nm-setting-ovs-patch.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ovs-patch.h libnm-core: add ovs-patch setting 2017-10-30 17:40:08 +01:00
nm-setting-ovs-port.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ovs-port.h libnm-core: add ovs-port setting 2017-10-30 17:40:08 +01:00
nm-setting-ppp.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ppp.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-pppoe.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-pppoe.h libnm,clients: add 'parent' property to PPPoE setting 2017-08-05 08:03:15 +02:00
nm-setting-private.h libnm: add generic-data for implementing NMSetting 2018-08-10 10:38:19 +02:00
nm-setting-proxy.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-proxy.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-serial.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-serial.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-sriov.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-sriov.h libnm-core: add SR-IOV setting 2018-07-11 16:16:22 +02:00
nm-setting-tc-config.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-tc-config.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-setting-team-port.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-team-port.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-setting-team.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-team.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-setting-tun.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-tun.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-user.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-user.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-setting-vlan.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-vlan.h all: replace "it's" with "its" where needed 2018-04-18 14:14:07 +02:00
nm-setting-vpn.c shared: add nm-secret-utils.h helper 2018-09-04 07:38:30 +02:00
nm-setting-vpn.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-setting-vxlan.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-vxlan.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-wimax.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-wimax.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-wired.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-wired.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-wireless-security.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-wireless-security.h wifi: add support for FILS 2018-01-16 15:01:59 +01:00
nm-setting-wireless.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-wireless.h libnm-core: add wake-on-wlan configuration items 2018-06-15 09:46:26 +02:00
nm-setting-wpan.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-wpan.h libnm-core: add NMSetting{6Lowpan,Wpan}Class to a public header 2018-06-29 22:34:23 +02:00
nm-setting.c libnm: replace _nm_utils_bytes_to_dbus() with nm_utils_gbytes_get_variant_ay() 2018-08-22 10:49:34 +02:00
nm-setting.h libnm: add generic-data for implementing NMSetting 2018-08-10 10:38:19 +02:00
nm-simple-connection.c docs: provide soft descriptions for NM{Simple,Remote}Connection 2018-06-28 20:38:52 +02:00
nm-simple-connection.h include: use double-quotes to include our own headers 2017-03-09 14:12:35 +01:00
nm-utils-private.h libnm: replace _nm_utils_bytes_to_dbus() with nm_utils_gbytes_get_variant_ay() 2018-08-22 10:49:34 +02:00
nm-utils.c libnm/crypto: move and mark nm_utils_rsa_key_encrypt() as test code 2018-09-04 07:38:30 +02:00
nm-utils.h libnm-core: add SR-IOV setting 2018-07-11 16:16:22 +02:00
nm-version.h release: bump version to 1.13.0 (development) 2018-06-15 17:16:18 +02:00
nm-vpn-dbus-interface.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-vpn-editor-plugin.c build: qualify plugin dir name with a version string 2018-05-14 16:05:12 +02:00
nm-vpn-editor-plugin.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-vpn-plugin-info.c all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-vpn-plugin-info.h gobject-introspection: made several fixes to the annotations 2018-03-26 12:45:49 +02:00