fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-26 21:40:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/libnm-core
History
Thomas Haller e3ac45c026 ifcfg-rh: don't use 802-1x certifcate setter functions 
The certificate setter function like nm_setting_802_1x_set_ca_cert()
actually load the file from disk, and validate whether it is a valid
certificate. That is very wrong to do.

For one, the certificates are external files, which are not embedded
into the NMConnection. That means, strongly validating the files while
loading the ifcfg files, is wrong because:
 - if validation fails, loading the file fails in its entirety with
   a warning in the log. That is not helpful to the user, who now
   can no longer use nmcli to fix the path of the certificate (because
   the profile failed to load in the first place).
 - even if the certificate is valid at load-time, there is no guarantee
   that it is valid later on, when we actually try to use the file. What
   good does such a validation do? nm_setting_802_1x_set_ca_cert() might
   make sense during nmcli_connection_modify(). At the moment when we
   create or update the profile, we do want to validate the input and
   be helpful to the user. Validating the file later on, when reloading
   the profile from disk seems undesirable.
 - note how keyfile also does not perform such validations (for good
   reasons, I presume).

Also, there is so much wrong with how ifcfg reader handles EAP files.
There is a lot of duplication, and trying to be too smart. I find it
wrong how the "eap_readers" are nested. E.g. both eap_peap_reader() and
"tls" method call to eap_tls_reader(), making it look like that
NMSetting8021x can handle multiple EAP profiles separately. But it cannot. The
802-1x profile is a flat set of properties like ca-cert and others. All
EAP methods share these properties, so having this complex parsing
is not only complicated, but also wrong. The reader should simply parse
the shell variables, and let NMSetting8021x::verify() handle validation
of the settings. Anyway, the patch does not address that.

Also, the setting of the likes of NM_SETTING_802_1X_CLIENT_CERT_PASSWORD was
awkwardly only done when
     privkey_format != NM_SETTING_802_1X_CK_FORMAT_PKCS12
  && scheme == NM_SETTING_802_1X_CK_SCHEME_PKCS11
It is too smart. Just read it from file, if it contains invalid data, let
verify() reject it. That is only partly addressed.

Also note, how writer never actually writes the likes of
IEEE_8021X_CLIENT_CERT_PASSWORD. That is another bug and not fixed
either.
2018-09-04 07:38:30 +02:00
..
tests libnm/802-1x: refactor setting certificate from path 2018-09-04 07:38:30 +02:00
meson.build build: enable building both crypto backends for tests 2018-09-04 07:38:30 +02:00
nm-connection-private.h build: refine the NETWORKMANAGER_COMPILATION define 2018-01-08 12:38:53 +01:00
nm-connection.c all: add connection.multi-connect property for wildcard profiles 2018-08-08 11:24:29 +02:00
nm-connection.h libnm-core: add SR-IOV setting 2018-07-11 16:16:22 +02:00
nm-core-enum-types.c.template core: add NMSettingWpan 2018-06-26 16:21:54 +02:00
nm-core-enum-types.h.template build: use template files for enum types' sources generation 2017-12-18 11:25:06 +01:00
nm-core-internal.h ifcfg-rh: don't use 802-1x certifcate setter functions 2018-09-04 07:38:30 +02:00
nm-core-types-internal.h platform: rename instances of Wireguard to WireGuard 2018-08-06 08:34:27 +02:00
nm-core-types.h all: add 'match' setting 2018-08-11 09:41:07 +02:00
nm-crypto-gnutls.c libnm/crypto: clean crypto implementations for gnutls/nss 2018-09-04 07:38:30 +02:00
nm-crypto-impl.h libnm/crypto: refactor to use enum for supported ciphers 2018-09-04 07:38:30 +02:00
nm-crypto-nss.c libnm/crypto: clean crypto implementations for gnutls/nss 2018-09-04 07:38:30 +02:00
nm-crypto.c libnm/802-1x: refactor setting certificate from path 2018-09-04 07:38:30 +02:00
nm-crypto.h libnm/crypto: mark nm_crypto_make_des_aes_key() as test-only function 2018-09-04 07:38:30 +02:00
nm-dbus-interface.h all: add connection.multi-connect property for wildcard profiles 2018-08-08 11:24:29 +02:00
nm-dbus-utils.c all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-errors.c all: use NM_CACHED_QUARK_FCN() instead of G_DEFINE_QUARK() 2017-02-10 14:33:52 +01:00
nm-errors.h all: add new D-Bus API org.freedesktop.NetworkManager.Settings.Connection.Update2() 2017-12-05 11:50:52 +01:00
nm-json.c libnm-core: don't use RTLD_DEEPBIND when building with asan 2018-02-15 15:34:03 +01:00
nm-json.h libnm: only include "nm-jansson.h" from "nm-json.h" 2018-01-16 14:47:24 +01:00
nm-keyfile-internal.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-keyfile-utils.c all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-keyfile-utils.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-keyfile.c libnm/keyfile: clear memory when reading certificates from keyfile 2018-09-04 07:38:30 +02:00
nm-property-compare.c all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-property-compare.h build: refine the NETWORKMANAGER_COMPILATION define 2018-01-08 12:38:53 +01:00
nm-setting-6lowpan.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-6lowpan.h libnm-core: add NMSetting{6Lowpan,Wpan}Class to a public header 2018-06-29 22:34:23 +02:00
nm-setting-8021x.c ifcfg-rh: don't use 802-1x certifcate setter functions 2018-09-04 07:38:30 +02:00
nm-setting-8021x.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-setting-adsl.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-adsl.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-bluetooth.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-bluetooth.h core/bluetooth: add NAP type 2017-05-31 20:15:52 +02:00
nm-setting-bond.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-bond.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-bridge-port.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-bridge-port.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-bridge.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-bridge.h bridge: introduce a bridge.group-forward-mask connection property 2017-07-27 09:35:11 +02:00
nm-setting-cdma.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-cdma.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-connection.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-connection.h all: add connection.multi-connect property for wildcard profiles 2018-08-08 11:24:29 +02:00
nm-setting-dcb.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-dcb.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-setting-dummy.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-dummy.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-ethtool.c libnm, cli, ifcfg-rh: add NMSettingEthtool setting 2018-08-10 10:38:19 +02:00
nm-setting-ethtool.h all/ethtool: add support for all currently supported kernel features 2018-08-10 10:38:19 +02:00
nm-setting-generic.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-generic.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-gsm.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-gsm.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-infiniband.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-infiniband.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-ip-config.c libnm-core: remove wrong annotation in NMSettingIPConfig 2018-08-11 09:41:07 +02:00
nm-setting-ip-config.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-setting-ip-tunnel.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ip-tunnel.h ip-tunnel: add support for tunnel flags 2018-01-05 18:25:08 +01:00
nm-setting-ip4-config.c ip4-config: fix a typo 2018-08-19 13:56:14 +02:00
nm-setting-ip4-config.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-ip6-config.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ip6-config.h libnm-core: add ipv6.dhcp-duid property 2018-06-08 18:23:31 +02:00
nm-setting-macsec.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-macsec.h macsec: enable send-sci by default and make the option configurable 2018-06-14 15:13:11 +02:00
nm-setting-macvlan.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-macvlan.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-match.c all: add 'match' setting 2018-08-11 09:41:07 +02:00
nm-setting-match.h all: add 'match' setting 2018-08-11 09:41:07 +02:00
nm-setting-olpc-mesh.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-olpc-mesh.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-ovs-bridge.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ovs-bridge.h libnm-core: add ovs-bridge setting 2017-10-30 17:40:08 +01:00
nm-setting-ovs-interface.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ovs-interface.h libnm-core: add ovs-interface setting 2017-10-30 17:40:08 +01:00
nm-setting-ovs-patch.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ovs-patch.h libnm-core: add ovs-patch setting 2017-10-30 17:40:08 +01:00
nm-setting-ovs-port.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ovs-port.h libnm-core: add ovs-port setting 2017-10-30 17:40:08 +01:00
nm-setting-ppp.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-ppp.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-pppoe.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-pppoe.h libnm,clients: add 'parent' property to PPPoE setting 2017-08-05 08:03:15 +02:00
nm-setting-private.h libnm: add generic-data for implementing NMSetting 2018-08-10 10:38:19 +02:00
nm-setting-proxy.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-proxy.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-serial.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-serial.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-sriov.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-sriov.h libnm-core: add SR-IOV setting 2018-07-11 16:16:22 +02:00
nm-setting-tc-config.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-tc-config.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-setting-team-port.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-team-port.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-setting-team.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-team.h all: don't use gchar/gshort/gint/glong but C types 2018-07-11 12:02:06 +02:00
nm-setting-tun.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-tun.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-user.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-user.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-setting-vlan.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-vlan.h all: replace "it's" with "its" where needed 2018-04-18 14:14:07 +02:00
nm-setting-vpn.c shared: add nm-secret-utils.h helper 2018-09-04 07:38:30 +02:00
nm-setting-vpn.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-setting-vxlan.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-vxlan.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-wimax.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-wimax.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-wired.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-wired.h libnm-core: sensible docstrings for NMSettings* 2017-03-17 10:15:11 +01:00
nm-setting-wireless-security.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-wireless-security.h wifi: add support for FILS 2018-01-16 15:01:59 +01:00
nm-setting-wireless.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-wireless.h libnm-core: add wake-on-wlan configuration items 2018-06-15 09:46:26 +02:00
nm-setting-wpan.c libnm: rework setting metadata for property handling 2018-08-10 10:38:19 +02:00
nm-setting-wpan.h libnm-core: add NMSetting{6Lowpan,Wpan}Class to a public header 2018-06-29 22:34:23 +02:00
nm-setting.c libnm: replace _nm_utils_bytes_to_dbus() with nm_utils_gbytes_get_variant_ay() 2018-08-22 10:49:34 +02:00
nm-setting.h libnm: add generic-data for implementing NMSetting 2018-08-10 10:38:19 +02:00
nm-simple-connection.c docs: provide soft descriptions for NM{Simple,Remote}Connection 2018-06-28 20:38:52 +02:00
nm-simple-connection.h include: use double-quotes to include our own headers 2017-03-09 14:12:35 +01:00
nm-utils-private.h libnm: replace _nm_utils_bytes_to_dbus() with nm_utils_gbytes_get_variant_ay() 2018-08-22 10:49:34 +02:00
nm-utils.c libnm-core: expose _nm_utils_str2bin_full() as internal API 2018-09-04 07:38:30 +02:00
nm-utils.h libnm-core: add SR-IOV setting 2018-07-11 16:16:22 +02:00
nm-version.h release: bump version to 1.13.0 (development) 2018-06-15 17:16:18 +02:00
nm-vpn-dbus-interface.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-vpn-editor-plugin.c build: qualify plugin dir name with a version string 2018-05-14 16:05:12 +02:00
nm-vpn-editor-plugin.h all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-vpn-plugin-info.c all: remove consecutive empty lines 2018-04-30 16:24:52 +02:00
nm-vpn-plugin-info.h gobject-introspection: made several fixes to the annotations 2018-03-26 12:45:49 +02:00