Hello community, here is the log from the commit of package NetworkManager checked in at Mon Nov 24 16:25:26 CET 2008. -------- --- NetworkManager/NetworkManager.changes 2008-11-10 16:34:37.000000000 +0100 +++ /mounts/work_src_done/STABLE/NetworkManager/NetworkManager.changes 2008-11-21 13:47:59.000000000 +0100 @@ -1,0 +2,20 @@ +Fri Nov 21 14:42:46 EET 2008 - tambet@novell.com + +- Add support to use distro wide CA certificates from + /ets/ssl/certs (bnc #436192). +- Unmount NFS shares when network is deactivated (bnc #341647). +- Recomment NetworkManager-client (bnc #445643). +- Fix the location of dhclient leases file (bnc #446611). +- Add support for having certificate filenames in system + connections. +- Add API reference documentation for libnm-util. +- Handle gateways in different subnets. +- Add support for PKCS#12 certificates (bgo #558982). +- Update translations: es, pl, se + +------------------------------------------------------------------- +Fri Nov 14 12:04:42 EET 2008 - tambet@novell.com + +- Use system CA certificates in case the CA isn't set on connection. + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- NetworkManager-0.7.0.r4274.tar.bz2 NetworkManager-r4274-use-modem-manager.patch nm-dbus-glib-opensuse110.patch New: ---- NetworkManager-0.7.0.r4323.tar.bz2 NetworkManager-r4323-use-modem-manager.patch nm-certificate-formats.patch nm-dhclient-leases-path.patch nm-use-system-ca-certs.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ NetworkManager.spec ++++++ --- /var/tmp/diff_new_pack.R32251/_old 2008-11-24 16:25:04.000000000 +0100 +++ /var/tmp/diff_new_pack.R32251/_new 2008-11-24 16:25:04.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package NetworkManager (Version 0.7.0.r4274) +# spec file for package NetworkManager (Version 0.7.0.r4323) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -19,8 +19,8 @@ Name: NetworkManager Url: http://www.gnome.org/projects/NetworkManager/ -Version: 0.7.0.r4274 -Release: 2 +Version: 0.7.0.r4323 +Release: 1 License: GPL v2 or later BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: PolicyKit-devel dhcp-client gtk-doc hal-devel intltool iproute2 libgcrypt-devel libnl-devel libtool mozilla-nss-devel ppp-devel wireless-tools @@ -30,14 +30,15 @@ Source1: nfs Source2: nm-system-settings.conf Source3: nis -Patch0: NetworkManager-r4274-use-modem-manager.patch -%if 0%{?suse_version} == 1100 -Patch1: nm-dbus-glib-opensuse110.patch -%endif +Patch0: NetworkManager-r4323-use-modem-manager.patch +Patch1: nm-certificate-formats.patch Patch2: nm-pkcs11.patch Patch3: nm-opensuse-merge.patch +Patch4: nm-use-system-ca-certs.patch +Patch5: nm-dhclient-leases-path.patch Requires: wpa_supplicant >= 0.5.8-54 Requires: dhcp-client +Requires: dnsmasq Requires: mozilla-nss Requires: %{name}-glib = %{version} Requires: ModemManager >= 0.1_20080912 @@ -45,6 +46,7 @@ Requires: sysconfig >= 0.71.1 Obsoletes: dhcdbd <= 1.14 Provides: dhcdbd <= 1.14 +Recommends: NetworkManager-client %description NetworkManager attempts to keep an active network connection available @@ -125,11 +127,11 @@ %prep %setup -n %{name}-0.7.0 -q %patch0 -p1 -%if 0%{?suse_version} == 1100 %patch1 -p1 -%endif %patch2 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 pppddir=`ls -1d /usr/%_lib/pppd/2*` test -n "$pppddir" || exit 1 export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" @@ -233,8 +235,24 @@ %defattr(-,root,root) %dir %{_datadir}/gtk-doc/html/libnm-glib %{_datadir}/gtk-doc/html/libnm-glib/* +%dir %{_datadir}/gtk-doc/html/libnm-util +%{_datadir}/gtk-doc/html/libnm-util/* %changelog +* Fri Nov 21 2008 tambet@novell.com +- Add support to use distro wide CA certificates from + /ets/ssl/certs (bnc #436192). +- Unmount NFS shares when network is deactivated (bnc #341647). +- Recomment NetworkManager-client (bnc #445643). +- Fix the location of dhclient leases file (bnc #446611). +- Add support for having certificate filenames in system + connections. +- Add API reference documentation for libnm-util. +- Handle gateways in different subnets. +- Add support for PKCS#12 certificates (bgo #558982). +- Update translations: es, pl, se +* Fri Nov 14 2008 tambet@novell.com +- Use system CA certificates in case the CA isn't set on connection. * Mon Nov 10 2008 tambet@suse.de - Fix the bug where the keyfile system settings plugin would return empty strings for passwords when they're not set. ++++++ NetworkManager-0.7.0.r4274.tar.bz2 -> NetworkManager-0.7.0.r4323.tar.bz2 ++++++ ++++ 38108 lines of diff (skipped) ++++++ NetworkManager-r4274-use-modem-manager.patch -> NetworkManager-r4323-use-modem-manager.patch ++++++ --- NetworkManager/NetworkManager-r4274-use-modem-manager.patch 2008-11-07 14:51:01.000000000 +0100 +++ /mounts/work_src_done/STABLE/NetworkManager/NetworkManager-r4323-use-modem-manager.patch 2008-11-21 11:21:39.000000000 +0100 @@ -1,5 +1,5 @@ diff --git a/configure.in b/configure.in -index 855011d..f7fdb18 100644 +index 0274f17..b9a4da2 100644 --- a/configure.in +++ b/configure.in @@ -477,6 +477,7 @@ src/dhcp-manager/Makefile @@ -3532,10 +3532,10 @@ static void diff --git a/src/nm-hso-gsm-device.c b/src/nm-hso-gsm-device.c deleted file mode 100644 -index c42858e..0000000 +index 15032a3..0000000 --- a/src/nm-hso-gsm-device.c +++ /dev/null -@@ -1,588 +0,0 @@ +@@ -1,593 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ -/* NetworkManager -- Network link manager - * @@ -3942,10 +3942,15 @@ - GSList *updated_settings, - RequestSecretsCaller caller) -{ -- g_return_if_fail (caller == SECRETS_CALLER_HSO_GSM); - g_return_if_fail (nm_device_get_state (device) == NM_DEVICE_STATE_NEED_AUTH); - -- nm_device_activate_schedule_stage2_device_config (device); +- if (caller == SECRETS_CALLER_HSO_GSM) { /* HSO PPP auth */ +- nm_device_activate_schedule_stage2_device_config (device); +- return; +- } +- +- /* Let parent handle other auth like PIN/PUK */ +- NM_DEVICE_CLASS (nm_hso_gsm_device_parent_class)->connection_secrets_updated (device, connection, updated_settings, caller); -} - -static void @@ -4187,7 +4192,7 @@ - -#endif /* NM_HSO_GSM_DEVICE_H */ diff --git a/src/nm-manager.c b/src/nm-manager.c -index 5fc14ff..44e911c 100644 +index 9133368..ba62642 100644 --- a/src/nm-manager.c +++ b/src/nm-manager.c @@ -26,6 +26,7 @@ ++++++ nfs ++++++ --- /var/tmp/diff_new_pack.R32251/_old 2008-11-24 16:25:06.000000000 +0100 +++ /var/tmp/diff_new_pack.R32251/_new 2008-11-24 16:25:06.000000000 +0100 @@ -13,8 +13,7 @@ /etc/init.d/nfs restart ;; down) - # It is too late to stop NFS. Better to do nothing, in - # case we come back up + /bin/umount -alt nfs,nfs4 exit 0 ;; *) ++++++ nm-certificate-formats.patch ++++++
From ac71f8308f20ccb850881da11ae7de5d74f27445 Mon Sep 17 00:00:00 2001 From: Tambet Ingo
Date: Fri, 21 Nov 2008 11:14:24 +0200 Subject: [PATCH] Support multiple formats of certificates.
---
libnm-util/nm-setting-8021x.c | 15 +-
libnm-util/nm-setting-8021x.h | 3 +
libnm-util/nm-setting.h | 1 +
src/supplicant-manager/nm-supplicant-config.c | 198 ++++++++++++++++----
.../nm-supplicant-settings-verify.c | 6 +
.../plugins/keyfile/nm-keyfile-connection.c | 12 ++
system-settings/plugins/keyfile/reader.c | 79 ++++++--
7 files changed, 250 insertions(+), 64 deletions(-)
diff --git a/libnm-util/nm-setting-8021x.c b/libnm-util/nm-setting-8021x.c
index 04d2905..e7bb8eb 100644
--- a/libnm-util/nm-setting-8021x.c
+++ b/libnm-util/nm-setting-8021x.c
@@ -707,6 +707,9 @@ need_private_key_password (GByteArray *key, const char *password)
GError *error = NULL;
gboolean needed = TRUE;
+ if (key && key->data && g_str_has_prefix ((char *) key->data, NM_SETTING_802_1X_CK_FORMAT_FILE))
+ return FALSE;
+
/* See if a private key password is needed, which basically is whether
* or not the private key is a PKCS#12 file or not, since PKCS#1 files
* are decrypted by the settings service.
@@ -1368,7 +1371,7 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
"CA certificate",
"CA certificate",
DBUS_TYPE_G_UCHAR_ARRAY,
- G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
+ G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_CERTIFICATE));
g_object_class_install_property
(object_class, PROP_CA_PATH,
@@ -1384,7 +1387,7 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
"Client certificate",
"Client certificate",
DBUS_TYPE_G_UCHAR_ARRAY,
- G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
+ G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_CERTIFICATE));
g_object_class_install_property
(object_class, PROP_PHASE1_PEAPVER,
@@ -1432,7 +1435,7 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
"Phase2 CA certificate",
"Phase2 CA certificate",
DBUS_TYPE_G_UCHAR_ARRAY,
- G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
+ G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_CERTIFICATE));
g_object_class_install_property
(object_class, PROP_PHASE2_CA_PATH,
@@ -1448,7 +1451,7 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
"Phase2 client certificate",
"Phase2 client certificate",
DBUS_TYPE_G_UCHAR_ARRAY,
- G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
+ G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_CERTIFICATE));
g_object_class_install_property
(object_class, PROP_PASSWORD,
@@ -1464,7 +1467,7 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
"Private key",
"Private key",
DBUS_TYPE_G_UCHAR_ARRAY,
- G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_SECRET));
+ G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_SECRET | NM_SETTING_PARAM_CERTIFICATE));
g_object_class_install_property
(object_class, PROP_PRIVATE_KEY_PASSWORD,
@@ -1480,7 +1483,7 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
"Phase2 private key",
"Phase2 private key",
DBUS_TYPE_G_UCHAR_ARRAY,
- G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_SECRET));
+ G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_SECRET | NM_SETTING_PARAM_CERTIFICATE));
g_object_class_install_property
(object_class, PROP_PHASE2_PRIVATE_KEY_PASSWORD,
diff --git a/libnm-util/nm-setting-8021x.h b/libnm-util/nm-setting-8021x.h
index 91d494d..2c063b9 100644
--- a/libnm-util/nm-setting-8021x.h
+++ b/libnm-util/nm-setting-8021x.h
@@ -82,6 +82,9 @@ GQuark nm_setting_802_1x_error_quark (void);
#define NM_SETTING_802_1X_PIN "pin"
#define NM_SETTING_802_1X_PSK "psk"
+#define NM_SETTING_802_1X_CK_FORMAT_ID "id:"
+#define NM_SETTING_802_1X_CK_FORMAT_FILE "file:"
+
typedef struct {
NMSetting parent;
} NMSetting8021x;
diff --git a/libnm-util/nm-setting.h b/libnm-util/nm-setting.h
index 8303c74..77f8d4b 100644
--- a/libnm-util/nm-setting.h
+++ b/libnm-util/nm-setting.h
@@ -56,6 +56,7 @@ GQuark nm_setting_error_quark (void);
#define NM_SETTING_PARAM_REQUIRED (1 << (1 + G_PARAM_USER_SHIFT))
#define NM_SETTING_PARAM_SECRET (1 << (2 + G_PARAM_USER_SHIFT))
#define NM_SETTING_PARAM_FUZZY_IGNORE (1 << (3 + G_PARAM_USER_SHIFT))
+#define NM_SETTING_PARAM_CERTIFICATE (1 << (4 + G_PARAM_USER_SHIFT))
#define NM_SETTING_NAME "name"
diff --git a/src/supplicant-manager/nm-supplicant-config.c b/src/supplicant-manager/nm-supplicant-config.c
index d087b2c..a80cc93 100644
--- a/src/supplicant-manager/nm-supplicant-config.c
+++ b/src/supplicant-manager/nm-supplicant-config.c
@@ -554,6 +554,165 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
return TRUE;
}
+static gboolean
+add_certificates (NMSupplicantConfig *self, NMSetting8021x *setting, const char *connection_uid)
+{
+ const GByteArray *array;
+ const char *str;
+ char *value;
+ gboolean send_private_key_passwd;
+ gboolean send_client_cert;
+ gboolean success;
+
+ array = nm_setting_802_1x_get_ca_cert (setting);
+ if (array && array->data) {
+ str = (char *) array->data;
+
+ if (g_str_has_prefix (str, NM_SETTING_802_1X_CK_FORMAT_ID))
+ nm_supplicant_config_add_option (self, "ca_cert_id",
+ str + strlen (NM_SETTING_802_1X_CK_FORMAT_ID),
+ -1, FALSE);
+ else if (g_str_has_prefix (str, NM_SETTING_802_1X_CK_FORMAT_FILE))
+ nm_supplicant_config_add_option (self, "ca_cert",
+ str + strlen (NM_SETTING_802_1X_CK_FORMAT_FILE),
+ -1, FALSE);
+ else {
+ ADD_BLOB_VAL (array, "ca_cert", connection_uid);
+ }
+ }
+
+ array = nm_setting_802_1x_get_private_key (setting);
+ if (array && array->data) {
+ str = (char *) array->data;
+
+ if (g_str_has_prefix (str, NM_SETTING_802_1X_CK_FORMAT_ID)) {
+ nm_supplicant_config_add_option (self, "key_id",
+ str + strlen (NM_SETTING_802_1X_CK_FORMAT_ID),
+ -1, FALSE);
+
+ send_private_key_passwd = FALSE;
+ send_client_cert = TRUE;
+ } else if (g_str_has_prefix (str, NM_SETTING_802_1X_CK_FORMAT_FILE)) {
+ nm_supplicant_config_add_option (self, "private_key",
+ str + strlen (NM_SETTING_802_1X_CK_FORMAT_FILE),
+ -1, FALSE);
+
+ send_private_key_passwd = TRUE;
+ send_client_cert = TRUE;
+ } else {
+ ADD_BLOB_VAL (array, "private_key", connection_uid);
+
+ if (nm_setting_802_1x_get_private_key_type (setting) == NM_SETTING_802_1X_CK_TYPE_PKCS12) {
+ send_private_key_passwd = TRUE;
+ send_client_cert = FALSE;
+ } else {
+ send_private_key_passwd = FALSE;
+ send_client_cert = TRUE;
+ }
+ }
+ }
+
+ if (send_private_key_passwd) {
+ ADD_STRING_VAL (nm_setting_802_1x_get_private_key_password (setting),
+ "private_key_passwd", FALSE, FALSE, TRUE);
+ }
+
+ if (send_client_cert) {
+ array = nm_setting_802_1x_get_client_cert (setting);
+ if (array && array->data) {
+ str = (char *) array->data;
+
+ if (g_str_has_prefix (str, NM_SETTING_802_1X_CK_FORMAT_ID))
+ nm_supplicant_config_add_option (self, "cert_id",
+ str + strlen (NM_SETTING_802_1X_CK_FORMAT_ID),
+ -1, FALSE);
+ else if (g_str_has_prefix (str, NM_SETTING_802_1X_CK_FORMAT_FILE))
+ nm_supplicant_config_add_option (self, "client_cert",
+ str + strlen (NM_SETTING_802_1X_CK_FORMAT_FILE),
+ -1, FALSE);
+ else {
+ ADD_BLOB_VAL (array, "client_cert", connection_uid);
+ }
+ }
+ }
+
+ /* phase 2 */
+
+ array = nm_setting_802_1x_get_phase2_ca_cert (setting);
+ if (array && array->data) {
+ str = (char *) array->data;
+
+ if (g_str_has_prefix (str, NM_SETTING_802_1X_CK_FORMAT_ID)) {
+ nm_supplicant_config_add_option (self, "ca_cert2_id",
+ str + strlen (NM_SETTING_802_1X_CK_FORMAT_ID),
+ -1, FALSE);
+ } else if (g_str_has_prefix (str, NM_SETTING_802_1X_CK_FORMAT_FILE)) {
+ nm_supplicant_config_add_option (self, "ca_cert2",
+ str + strlen (NM_SETTING_802_1X_CK_FORMAT_FILE),
+ -1, FALSE);
+ } else {
+ ADD_BLOB_VAL (array, "ca_cert", connection_uid);
+ }
+ }
+
+ array = nm_setting_802_1x_get_phase2_private_key (setting);
+ if (array && array->data) {
+ str = (char *) array->data;
+
+ if (g_str_has_prefix (str, NM_SETTING_802_1X_CK_FORMAT_ID)) {
+ nm_supplicant_config_add_option (self, "key2_id",
+ str + strlen (NM_SETTING_802_1X_CK_FORMAT_ID),
+ -1, FALSE);
+
+ send_private_key_passwd = FALSE;
+ send_client_cert = TRUE;
+ } else if (g_str_has_prefix (str, NM_SETTING_802_1X_CK_FORMAT_FILE)) {
+ nm_supplicant_config_add_option (self, "private_key2",
+ str + strlen (NM_SETTING_802_1X_CK_FORMAT_FILE),
+ -1, FALSE);
+
+ send_private_key_passwd = TRUE;
+ send_client_cert = TRUE;
+ } else {
+ ADD_BLOB_VAL (array, "private_key2", connection_uid);
+
+ if (nm_setting_802_1x_get_phase2_private_key_type (setting) == NM_SETTING_802_1X_CK_TYPE_PKCS12) {
+ send_private_key_passwd = TRUE;
+ send_client_cert = FALSE;
+ } else {
+ send_private_key_passwd = FALSE;
+ send_client_cert = TRUE;
+ }
+ }
+ }
+
+ if (send_private_key_passwd) {
+ ADD_STRING_VAL (nm_setting_802_1x_get_phase2_private_key_password (setting),
+ "private_key2_passwd", FALSE, FALSE, TRUE);
+ }
+
+ if (send_client_cert) {
+ array = nm_setting_802_1x_get_phase2_client_cert (setting);
+ if (array && array->data) {
+ str = (char *) array->data;
+
+ if (g_str_has_prefix (str, NM_SETTING_802_1X_CK_FORMAT_ID)) {
+ nm_supplicant_config_add_option (self, "cert2_id",
+ str + strlen (NM_SETTING_802_1X_CK_FORMAT_ID),
+ -1, FALSE);
+ } else if (g_str_has_prefix (str, NM_SETTING_802_1X_CK_FORMAT_FILE)) {
+ nm_supplicant_config_add_option (self, "client_cert2",
+ str + strlen (NM_SETTING_802_1X_CK_FORMAT_FILE),
+ -1, FALSE);
+ } else {
+ ADD_BLOB_VAL (array, "client_cert2", connection_uid);
+ }
+ }
+ }
+
+ return TRUE;
+}
+
gboolean
nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
NMSetting8021x *setting,
@@ -564,7 +723,6 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
char *value, *tmp;
gboolean success;
GString *phase1, *phase2;
- const GByteArray *array;
g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE);
g_return_val_if_fail (setting != NULL, FALSE);
@@ -620,45 +778,11 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
ADD_STRING_VAL (phase2->str, "phase2", FALSE, FALSE, FALSE);
g_string_free (phase2, TRUE);
- ADD_BLOB_VAL (nm_setting_802_1x_get_ca_cert (setting), "ca_cert", connection_uid);
-
- array = nm_setting_802_1x_get_private_key (setting);
- if (array) {
- ADD_BLOB_VAL (array, "private_key", connection_uid);
-
- switch (nm_setting_802_1x_get_private_key_type (setting)) {
- case NM_SETTING_802_1X_CK_TYPE_PKCS12:
- /* Only add the private key password for PKCS#12 keys */
- ADD_STRING_VAL (nm_setting_802_1x_get_private_key_password (setting), "private_key_passwd", FALSE, FALSE, TRUE);
- break;
- default:
- /* Only add the client cert if the private key is not PKCS#12 */
- ADD_BLOB_VAL (nm_setting_802_1x_get_client_cert (setting), "client_cert", connection_uid);
- break;
- }
- }
-
- ADD_BLOB_VAL (nm_setting_802_1x_get_phase2_ca_cert (setting), "ca_cert2", connection_uid);
-
- array = nm_setting_802_1x_get_phase2_private_key (setting);
- if (array) {
- ADD_BLOB_VAL (array, "private_key2", connection_uid);
-
- switch (nm_setting_802_1x_get_phase2_private_key_type (setting)) {
- case NM_SETTING_802_1X_CK_TYPE_PKCS12:
- /* Only add the private key password for PKCS#12 keys */
- ADD_STRING_VAL (nm_setting_802_1x_get_phase2_private_key_password (setting), "private_key2_passwd", FALSE, FALSE, TRUE);
- break;
- default:
- /* Only add the client cert if the private key is not PKCS#12 */
- ADD_BLOB_VAL (nm_setting_802_1x_get_phase2_client_cert (setting), "client_cert2", connection_uid);
- break;
- }
- }
-
ADD_STRING_VAL (nm_setting_802_1x_get_identity (setting), "identity", FALSE, FALSE, FALSE);
ADD_STRING_VAL (nm_setting_802_1x_get_anonymous_identity (setting), "anonymous_identity", FALSE, FALSE, FALSE);
+ add_certificates (self, setting, connection_uid);
+
return TRUE;
}
diff --git a/src/supplicant-manager/nm-supplicant-settings-verify.c b/src/supplicant-manager/nm-supplicant-settings-verify.c
index b8bd9fc..71b16da 100644
--- a/src/supplicant-manager/nm-supplicant-settings-verify.c
+++ b/src/supplicant-manager/nm-supplicant-settings-verify.c
@@ -102,16 +102,22 @@ static const struct Opt opt_table[] = {
{ "identity", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "password", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "ca_cert", TYPE_BYTES, 0, 65536, FALSE, NULL },
+ { "ca_cert_id", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "client_cert", TYPE_BYTES, 0, 65536, FALSE, NULL },
+ { "cert_id", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "private_key", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "private_key_passwd", TYPE_BYTES, 0, 1024, FALSE, NULL },
+ { "key_id", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "phase1", TYPE_KEYWORD, 0, 0, TRUE, phase1_allowed },
{ "phase2", TYPE_KEYWORD, 0, 0, TRUE, phase2_allowed },
{ "anonymous_identity", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "ca_cert2", TYPE_BYTES, 0, 65536, FALSE, NULL },
+ { "ca_cert2_id", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "client_cert2", TYPE_BYTES, 0, 65536, FALSE, NULL },
+ { "cert2_id", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "private_key2", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "private_key2_passwd",TYPE_BYTES, 0, 1024, FALSE, NULL },
+ { "key2_id", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "pin", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "pcsc", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "nai", TYPE_BYTES, 0, 0, FALSE, NULL },
diff --git a/system-settings/plugins/keyfile/nm-keyfile-connection.c b/system-settings/plugins/keyfile/nm-keyfile-connection.c
index c65b1b6..4b7cb0d 100644
--- a/system-settings/plugins/keyfile/nm-keyfile-connection.c
+++ b/system-settings/plugins/keyfile/nm-keyfile-connection.c
@@ -114,6 +114,18 @@ add_secrets (NMSetting *setting,
} else if (G_VALUE_HOLDS (value, DBUS_TYPE_G_MAP_OF_STRING)) {
/* Flatten the string hash by pulling its keys/values out */
g_hash_table_foreach (g_value_get_boxed (value), copy_one_secret, secrets);
+ } else if (G_VALUE_HOLDS (value, DBUS_TYPE_G_UCHAR_ARRAY)) {
+ const GByteArray *array;
+
+ array = (GByteArray *) g_value_get_boxed (value);
+ if (array && array->len > 0) {
+ GValue *v;
+
+ v = g_slice_new0 (GValue);
+ g_value_init (v, DBUS_TYPE_G_UCHAR_ARRAY);
+ g_value_copy (value, v);
+ g_hash_table_insert (secrets, g_strdup (key), v);
+ }
} else
g_message ("%s: unhandled secret %s type %s", __func__, key, G_VALUE_TYPE_NAME (value));
}
diff --git a/system-settings/plugins/keyfile/reader.c b/system-settings/plugins/keyfile/reader.c
index 9efd130..b8c4099 100644
--- a/system-settings/plugins/keyfile/reader.c
+++ b/system-settings/plugins/keyfile/reader.c
@@ -29,6 +29,7 @@
#include
From c590748a04fbb4c690423eea11bc496add2151d6 Mon Sep 17 00:00:00 2001 From: Tambet Ingo
Date: Fri, 21 Nov 2008 11:51:09 +0200 Subject: [PATCH] DHCP client leases directory.
---
src/dhcp-manager/nm-dhcp-dhclient.c | 6 +-----
1 files changed, 1 insertions(+), 5 deletions(-)
diff --git a/src/dhcp-manager/nm-dhcp-dhclient.c b/src/dhcp-manager/nm-dhcp-dhclient.c
index f529315..06a6a77 100644
--- a/src/dhcp-manager/nm-dhcp-dhclient.c
+++ b/src/dhcp-manager/nm-dhcp-dhclient.c
@@ -57,11 +57,7 @@ get_pidfile_for_iface (const char * iface)
static char *
get_leasefile_for_iface (const char * iface)
{
- return g_strdup_printf ("%s/%s-%s.%s",
- NM_DHCP_MANAGER_LEASE_DIR,
- NM_DHCP_MANAGER_LEASE_FILENAME,
- iface,
- NM_DHCP_MANAGER_LEASE_FILE_EXT);
+ return g_strdup_printf ("/var/lib/dhcp/dhclient.leases");
}
--
1.6.0.2
++++++ nm-pkcs11.patch ++++++
--- /var/tmp/diff_new_pack.R32251/_old 2008-11-24 16:25:06.000000000 +0100
+++ /var/tmp/diff_new_pack.R32251/_new 2008-11-24 16:25:06.000000000 +0100
@@ -1,64 +1,61 @@
+From d04ea4e27f98d005b4d1c0d7e8d306cc4e080533 Mon Sep 17 00:00:00 2001
+From: Tambet Ingo
From 49773f74497922a551e60d8c4d09b882dc3042d6 Mon Sep 17 00:00:00 2001 From: Tambet Ingo
Date: Fri, 21 Nov 2008 11:33:57 +0200 Subject: [PATCH] Use system CA certs.
---
configure.in | 11 ++++++
libnm-util/libnm-util.ver | 1 +
libnm-util/nm-setting-8021x.c | 24 +++++++++++++
libnm-util/nm-setting-8021x.h | 3 ++
src/supplicant-manager/nm-supplicant-config.c | 36 ++++++++++++--------
.../nm-supplicant-settings-verify.c | 1 +
6 files changed, 62 insertions(+), 14 deletions(-)
diff --git a/configure.in b/configure.in
index b9a4da2..c9e2304 100644
--- a/configure.in
+++ b/configure.in
@@ -435,6 +435,17 @@ if test -n "${RESOLVCONF_PATH}"; then
AC_DEFINE_UNQUOTED(RESOLVCONF_PATH, "$RESOLVCONF_PATH", [Define if you have a resolvconf implementation])
fi
+# system CA certificates path
+AC_ARG_WITH(system-ca-path, AS_HELP_STRING([--with-system-ca-path=/path/to/ssl/certs], [path to system CA certificates]))
+if test "x${with_system_ca_path}" = x; then
+ SYSTEM_CA_PATH=/etc/ssl/certs
+else
+ SYSTEM_CA_PATH="$with_system_ca_path"
+fi
+AC_DEFINE_UNQUOTED(SYSTEM_CA_PATH, "$SYSTEM_CA_PATH", [Define to path to system CA certificates])
+AC_SUBST(SYSTEM_CA_PATH)
+
+
AC_ARG_ENABLE(more-warnings,
AS_HELP_STRING([--enable-more-warnings], [Maximum compiler warnings]), set_more_warnings="$enableval",set_more_warnings=yes)
AC_MSG_CHECKING(for more warnings, including -Werror)
diff --git a/libnm-util/libnm-util.ver b/libnm-util/libnm-util.ver
index fab0950..2fe187d 100644
--- a/libnm-util/libnm-util.ver
+++ b/libnm-util/libnm-util.ver
@@ -64,6 +64,7 @@ global:
nm_setting_802_1x_get_private_key_password;
nm_setting_802_1x_get_private_key_type;
nm_setting_802_1x_get_psk;
+ nm_setting_802_1x_get_system_ca_certs;
nm_setting_802_1x_get_type;
nm_setting_802_1x_new;
nm_setting_802_1x_remove_eap_method;
diff --git a/libnm-util/nm-setting-8021x.c b/libnm-util/nm-setting-8021x.c
index 36ce41c..161c72e 100644
--- a/libnm-util/nm-setting-8021x.c
+++ b/libnm-util/nm-setting-8021x.c
@@ -97,6 +97,7 @@ typedef struct {
char *pkcs11_module_path;
char *pkcs11_module_init_args;
guint pkcs11_slot;
+ gboolean system_ca_certs;
} NMSetting8021xPrivate;
enum {
@@ -126,6 +127,7 @@ enum {
PROP_PKCS11_MODULE_PATH,
PROP_PKCS11_MODULE_INIT_ARGS,
PROP_PKCS11_SLOT,
+ PROP_SYSTEM_CA_CERTS,
LAST_PROP
};
@@ -719,6 +721,14 @@ nm_setting_802_1x_get_pkcs11_slot (NMSetting8021x *setting)
return NM_SETTING_802_1X_GET_PRIVATE (setting)->pkcs11_slot;
}
+gboolean
+nm_setting_802_1x_get_system_ca_certs (NMSetting8021x *setting)
+{
+ g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), FALSE);
+
+ return NM_SETTING_802_1X_GET_PRIVATE (setting)->system_ca_certs;
+}
+
static void
need_secrets_password (NMSetting8021x *self,
GPtrArray *secrets,
@@ -1312,6 +1322,9 @@ set_property (GObject *object, guint prop_id,
case PROP_PKCS11_SLOT:
priv->pkcs11_slot = g_value_get_uint (value);
break;
+ case PROP_SYSTEM_CA_CERTS:
+ priv->system_ca_certs = g_value_get_boolean (value);
+ break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -1398,6 +1411,9 @@ get_property (GObject *object, guint prop_id,
case PROP_PKCS11_SLOT:
g_value_set_uint (value, priv->pkcs11_slot);
break;
+ case PROP_SYSTEM_CA_CERTS:
+ g_value_set_boolean (value, priv->system_ca_certs);
+ break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -1614,6 +1630,14 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
0, 1000, 0,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
+ g_object_class_install_property
+ (object_class, PROP_SYSTEM_CA_CERTS,
+ g_param_spec_boolean (NM_SETTING_802_1X_SYSTEM_CA_CERTS,
+ "Use system CA certificates",
+ "Use system CA certificates",
+ FALSE,
+ G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
+
/* Initialize crypto lbrary. */
if (!nm_utils_init (&error)) {
g_warning ("Couldn't initilize nm-utils/crypto system: %d %s",
diff --git a/libnm-util/nm-setting-8021x.h b/libnm-util/nm-setting-8021x.h
index e327de3..6e33626 100644
--- a/libnm-util/nm-setting-8021x.h
+++ b/libnm-util/nm-setting-8021x.h
@@ -85,6 +85,7 @@ GQuark nm_setting_802_1x_error_quark (void);
#define NM_SETTING_802_1X_PKCS11_MODULE_PATH "pkcs11-module-path"
#define NM_SETTING_802_1X_PKCS11_MODULE_INIT_ARGS "pkcs11-module-init-args"
#define NM_SETTING_802_1X_PKCS11_SLOT "pkcs11-slot"
+#define NM_SETTING_802_1X_SYSTEM_CA_CERTS "system-ca-certs"
#define NM_SETTING_802_1X_CK_FORMAT_ID "id:"
#define NM_SETTING_802_1X_CK_FORMAT_FILE "file:"
@@ -118,6 +119,8 @@ gboolean nm_setting_802_1x_set_ca_cert_from_file (NMSetting8
NMSetting8021xCKType *out_ck_type,
GError **err);
+gboolean nm_setting_802_1x_get_system_ca_certs (NMSetting8021x *setting);
+
const GByteArray *nm_setting_802_1x_get_client_cert (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_client_cert_from_file (NMSetting8021x *setting,
const char *filename,
diff --git a/src/supplicant-manager/nm-supplicant-config.c b/src/supplicant-manager/nm-supplicant-config.c
index d128487..c849cdf 100644
--- a/src/supplicant-manager/nm-supplicant-config.c
+++ b/src/supplicant-manager/nm-supplicant-config.c
@@ -19,6 +19,10 @@
* Copyright (C) 2007 - 2008 Novell, Inc.
*/
+#ifdef HAVE_CONFIG_H
+#include