NetworkManager r4326 - in trunk: . libnm-util src/supplicant-manager
- From: dcbw svn gnome org
- To: svn-commits-list gnome org
- Subject: NetworkManager r4326 - in trunk: . libnm-util src/supplicant-manager
- Date: Fri, 21 Nov 2008 18:59:38 +0000 (UTC)
Author: dcbw
Date: Fri Nov 21 18:59:37 2008
New Revision: 4326
URL: http://svn.gnome.org/viewvc/NetworkManager?rev=4326&view=rev
Log:
2008-11-21 Dan Williams <dcbw redhat com>
Patch from Tambet Ingo <tambet gmail com>
* configure.in
libnm-util/libnm-util.ver
libnm-util/nm-setting-8021x.c
libnm-util/nm-setting-8021x.h
- Add configure-time option for the system CA path
- Add 'system-ca-certs' option to 802.1x setting, which directs
NetworkManager to use system CA certificates instead of any
connection-defined CA certificates
* src/supplicant-manager/nm-supplicant-config.c
src/supplicant-manager/nm-supplicant-settings-verify.c
- Use system CA certificates if the connection says to do so
Modified:
trunk/ChangeLog
trunk/configure.in
trunk/libnm-util/libnm-util.ver
trunk/libnm-util/nm-setting-8021x.c
trunk/libnm-util/nm-setting-8021x.h
trunk/src/supplicant-manager/nm-supplicant-config.c
trunk/src/supplicant-manager/nm-supplicant-settings-verify.c
Modified: trunk/configure.in
==============================================================================
--- trunk/configure.in (original)
+++ trunk/configure.in Fri Nov 21 18:59:37 2008
@@ -435,6 +435,17 @@
AC_DEFINE_UNQUOTED(RESOLVCONF_PATH, "$RESOLVCONF_PATH", [Define if you have a resolvconf implementation])
fi
+# system CA certificates path
+AC_ARG_WITH(system-ca-path, AS_HELP_STRING([--with-system-ca-path=/path/to/ssl/certs], [path to system CA certificates]))
+if test "x${with_system_ca_path}" = x; then
+ SYSTEM_CA_PATH=/etc/ssl/certs
+else
+ SYSTEM_CA_PATH="$with_system_ca_path"
+fi
+AC_DEFINE_UNQUOTED(SYSTEM_CA_PATH, "$SYSTEM_CA_PATH", [Define to path to system CA certificates])
+AC_SUBST(SYSTEM_CA_PATH)
+
+
AC_ARG_ENABLE(more-warnings,
AS_HELP_STRING([--enable-more-warnings], [Maximum compiler warnings]), set_more_warnings="$enableval",set_more_warnings=yes)
AC_MSG_CHECKING(for more warnings, including -Werror)
Modified: trunk/libnm-util/libnm-util.ver
==============================================================================
--- trunk/libnm-util/libnm-util.ver (original)
+++ trunk/libnm-util/libnm-util.ver Fri Nov 21 18:59:37 2008
@@ -60,6 +60,7 @@
nm_setting_802_1x_get_private_key_password;
nm_setting_802_1x_get_private_key_type;
nm_setting_802_1x_get_psk;
+ nm_setting_802_1x_get_system_ca_certs;
nm_setting_802_1x_get_type;
nm_setting_802_1x_new;
nm_setting_802_1x_remove_eap_method;
Modified: trunk/libnm-util/nm-setting-8021x.c
==============================================================================
--- trunk/libnm-util/nm-setting-8021x.c (original)
+++ trunk/libnm-util/nm-setting-8021x.c Fri Nov 21 18:59:37 2008
@@ -93,6 +93,7 @@
char *private_key_password;
GByteArray *phase2_private_key;
char *phase2_private_key_password;
+ gboolean system_ca_certs;
} NMSetting8021xPrivate;
enum {
@@ -118,6 +119,7 @@
PROP_PHASE2_PRIVATE_KEY_PASSWORD,
PROP_PIN,
PROP_PSK,
+ PROP_SYSTEM_CA_CERTS,
LAST_PROP
};
@@ -268,6 +270,14 @@
return priv->ca_cert != NULL;
}
+gboolean
+nm_setting_802_1x_get_system_ca_certs (NMSetting8021x *setting)
+{
+ g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), FALSE);
+
+ return NM_SETTING_802_1X_GET_PRIVATE (setting)->system_ca_certs;
+}
+
const GByteArray *
nm_setting_802_1x_get_client_cert (NMSetting8021x *setting)
{
@@ -1243,6 +1253,9 @@
g_free (priv->phase2_private_key_password);
priv->phase2_private_key_password = g_value_dup_string (value);
break;
+ case PROP_SYSTEM_CA_CERTS:
+ priv->system_ca_certs = g_value_get_boolean (value);
+ break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -1314,6 +1327,9 @@
case PROP_PHASE2_PRIVATE_KEY_PASSWORD:
g_value_set_string (value, priv->phase2_private_key_password);
break;
+ case PROP_SYSTEM_CA_CERTS:
+ g_value_set_boolean (value, priv->system_ca_certs);
+ break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -1490,6 +1506,14 @@
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_SECRET));
+ g_object_class_install_property
+ (object_class, PROP_SYSTEM_CA_CERTS,
+ g_param_spec_boolean (NM_SETTING_802_1X_SYSTEM_CA_CERTS,
+ "Use system CA certificates",
+ "Use system CA certificates",
+ FALSE,
+ G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
+
/* Initialize crypto lbrary. */
if (!nm_utils_init (&error)) {
g_warning ("Couldn't initilize nm-utils/crypto system: %d %s",
Modified: trunk/libnm-util/nm-setting-8021x.h
==============================================================================
--- trunk/libnm-util/nm-setting-8021x.h (original)
+++ trunk/libnm-util/nm-setting-8021x.h Fri Nov 21 18:59:37 2008
@@ -81,6 +81,7 @@
#define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD "phase2-private-key-password"
#define NM_SETTING_802_1X_PIN "pin"
#define NM_SETTING_802_1X_PSK "psk"
+#define NM_SETTING_802_1X_SYSTEM_CA_CERTS "system-ca-certs"
typedef struct {
NMSetting parent;
@@ -133,6 +134,7 @@
const char *filename,
NMSetting8021xCKType *out_ck_type,
GError **err);
+gboolean nm_setting_802_1x_get_system_ca_certs (NMSetting8021x *setting);
const GByteArray *nm_setting_802_1x_get_phase2_client_cert (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_phase2_client_cert_from_file (NMSetting8021x *setting,
Modified: trunk/src/supplicant-manager/nm-supplicant-config.c
==============================================================================
--- trunk/src/supplicant-manager/nm-supplicant-config.c (original)
+++ trunk/src/supplicant-manager/nm-supplicant-config.c Fri Nov 21 18:59:37 2008
@@ -19,6 +19,10 @@
* Copyright (C) 2007 - 2008 Novell, Inc.
*/
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
#include <string.h>
#include <stdlib.h>
#include <glib.h>
@@ -620,7 +624,11 @@
ADD_STRING_VAL (phase2->str, "phase2", FALSE, FALSE, FALSE);
g_string_free (phase2, TRUE);
- ADD_BLOB_VAL (nm_setting_802_1x_get_ca_cert (setting), "ca_cert", connection_uid);
+ if (nm_setting_802_1x_get_system_ca_certs (setting)) {
+ ADD_STRING_VAL (SYSTEM_CA_PATH, "ca_path", FALSE, FALSE, FALSE);
+ } else {
+ ADD_BLOB_VAL (nm_setting_802_1x_get_ca_cert (setting), "ca_cert", connection_uid);
+ }
array = nm_setting_802_1x_get_private_key (setting);
if (array) {
@@ -638,7 +646,11 @@
}
}
- ADD_BLOB_VAL (nm_setting_802_1x_get_phase2_ca_cert (setting), "ca_cert2", connection_uid);
+ if (nm_setting_802_1x_get_system_ca_certs (setting)) {
+ ADD_STRING_VAL (SYSTEM_CA_PATH, "ca_path2", FALSE, FALSE, FALSE);
+ } else {
+ ADD_BLOB_VAL (nm_setting_802_1x_get_phase2_ca_cert (setting), "ca_cert2", connection_uid);
+ }
array = nm_setting_802_1x_get_phase2_private_key (setting);
if (array) {
Modified: trunk/src/supplicant-manager/nm-supplicant-settings-verify.c
==============================================================================
--- trunk/src/supplicant-manager/nm-supplicant-settings-verify.c (original)
+++ trunk/src/supplicant-manager/nm-supplicant-settings-verify.c Fri Nov 21 18:59:37 2008
@@ -101,6 +101,7 @@
{ "eap", TYPE_KEYWORD, 0, 0, FALSE, eap_allowed },
{ "identity", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "password", TYPE_BYTES, 0, 0, FALSE, NULL },
+ { "ca_path", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "ca_cert", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "client_cert", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "private_key", TYPE_BYTES, 0, 65536, FALSE, NULL },
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
