diff options
-rw-r--r-- | ChangeLog | 17 | ||||
-rw-r--r-- | configure.in | 11 | ||||
-rw-r--r-- | libnm-util/libnm-util.ver | 1 | ||||
-rw-r--r-- | libnm-util/nm-setting-8021x.c | 24 | ||||
-rw-r--r-- | libnm-util/nm-setting-8021x.h | 2 | ||||
-rw-r--r-- | src/supplicant-manager/nm-supplicant-config.c | 16 | ||||
-rw-r--r-- | src/supplicant-manager/nm-supplicant-settings-verify.c | 1 |
7 files changed, 70 insertions, 2 deletions
@@ -1,5 +1,22 @@ 2008-11-21 Dan Williams <dcbw@redhat.com> + Patch from Tambet Ingo <tambet@gmail.com> + + * configure.in + libnm-util/libnm-util.ver + libnm-util/nm-setting-8021x.c + libnm-util/nm-setting-8021x.h + - Add configure-time option for the system CA path + - Add 'system-ca-certs' option to 802.1x setting, which directs + NetworkManager to use system CA certificates instead of any + connection-defined CA certificates + + * src/supplicant-manager/nm-supplicant-config.c + src/supplicant-manager/nm-supplicant-settings-verify.c + - Use system CA certificates if the connection says to do so + +2008-11-21 Dan Williams <dcbw@redhat.com> + * src/nm-dbus-manager.c src/nm-dbus-manager.h - (nm_dbus_manager_get_name_owner): return error diff --git a/configure.in b/configure.in index 0274f17872..b11cc10977 100644 --- a/configure.in +++ b/configure.in @@ -435,6 +435,17 @@ if test -n "${RESOLVCONF_PATH}"; then AC_DEFINE_UNQUOTED(RESOLVCONF_PATH, "$RESOLVCONF_PATH", [Define if you have a resolvconf implementation]) fi +# system CA certificates path +AC_ARG_WITH(system-ca-path, AS_HELP_STRING([--with-system-ca-path=/path/to/ssl/certs], [path to system CA certificates])) +if test "x${with_system_ca_path}" = x; then + SYSTEM_CA_PATH=/etc/ssl/certs +else + SYSTEM_CA_PATH="$with_system_ca_path" +fi +AC_DEFINE_UNQUOTED(SYSTEM_CA_PATH, "$SYSTEM_CA_PATH", [Define to path to system CA certificates]) +AC_SUBST(SYSTEM_CA_PATH) + + AC_ARG_ENABLE(more-warnings, AS_HELP_STRING([--enable-more-warnings], [Maximum compiler warnings]), set_more_warnings="$enableval",set_more_warnings=yes) AC_MSG_CHECKING(for more warnings, including -Werror) diff --git a/libnm-util/libnm-util.ver b/libnm-util/libnm-util.ver index 642ff02e2f..483da9e439 100644 --- a/libnm-util/libnm-util.ver +++ b/libnm-util/libnm-util.ver @@ -60,6 +60,7 @@ global: nm_setting_802_1x_get_private_key_password; nm_setting_802_1x_get_private_key_type; nm_setting_802_1x_get_psk; + nm_setting_802_1x_get_system_ca_certs; nm_setting_802_1x_get_type; nm_setting_802_1x_new; nm_setting_802_1x_remove_eap_method; diff --git a/libnm-util/nm-setting-8021x.c b/libnm-util/nm-setting-8021x.c index 04d29057a8..062cb7af84 100644 --- a/libnm-util/nm-setting-8021x.c +++ b/libnm-util/nm-setting-8021x.c @@ -93,6 +93,7 @@ typedef struct { char *private_key_password; GByteArray *phase2_private_key; char *phase2_private_key_password; + gboolean system_ca_certs; } NMSetting8021xPrivate; enum { @@ -118,6 +119,7 @@ enum { PROP_PHASE2_PRIVATE_KEY_PASSWORD, PROP_PIN, PROP_PSK, + PROP_SYSTEM_CA_CERTS, LAST_PROP }; @@ -268,6 +270,14 @@ nm_setting_802_1x_set_ca_cert_from_file (NMSetting8021x *self, return priv->ca_cert != NULL; } +gboolean +nm_setting_802_1x_get_system_ca_certs (NMSetting8021x *setting) +{ + g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), FALSE); + + return NM_SETTING_802_1X_GET_PRIVATE (setting)->system_ca_certs; +} + const GByteArray * nm_setting_802_1x_get_client_cert (NMSetting8021x *setting) { @@ -1243,6 +1253,9 @@ set_property (GObject *object, guint prop_id, g_free (priv->phase2_private_key_password); priv->phase2_private_key_password = g_value_dup_string (value); break; + case PROP_SYSTEM_CA_CERTS: + priv->system_ca_certs = g_value_get_boolean (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -1314,6 +1327,9 @@ get_property (GObject *object, guint prop_id, case PROP_PHASE2_PRIVATE_KEY_PASSWORD: g_value_set_string (value, priv->phase2_private_key_password); break; + case PROP_SYSTEM_CA_CERTS: + g_value_set_boolean (value, priv->system_ca_certs); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -1490,6 +1506,14 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class) NULL, G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_SECRET)); + g_object_class_install_property + (object_class, PROP_SYSTEM_CA_CERTS, + g_param_spec_boolean (NM_SETTING_802_1X_SYSTEM_CA_CERTS, + "Use system CA certificates", + "Use system CA certificates", + FALSE, + G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE)); + /* Initialize crypto lbrary. */ if (!nm_utils_init (&error)) { g_warning ("Couldn't initilize nm-utils/crypto system: %d %s", diff --git a/libnm-util/nm-setting-8021x.h b/libnm-util/nm-setting-8021x.h index 91d494d9b3..e956e685ae 100644 --- a/libnm-util/nm-setting-8021x.h +++ b/libnm-util/nm-setting-8021x.h @@ -81,6 +81,7 @@ GQuark nm_setting_802_1x_error_quark (void); #define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD "phase2-private-key-password" #define NM_SETTING_802_1X_PIN "pin" #define NM_SETTING_802_1X_PSK "psk" +#define NM_SETTING_802_1X_SYSTEM_CA_CERTS "system-ca-certs" typedef struct { NMSetting parent; @@ -133,6 +134,7 @@ gboolean nm_setting_802_1x_set_phase2_ca_cert_from_file (NMSetting8 const char *filename, NMSetting8021xCKType *out_ck_type, GError **err); +gboolean nm_setting_802_1x_get_system_ca_certs (NMSetting8021x *setting); const GByteArray *nm_setting_802_1x_get_phase2_client_cert (NMSetting8021x *setting); gboolean nm_setting_802_1x_set_phase2_client_cert_from_file (NMSetting8021x *setting, diff --git a/src/supplicant-manager/nm-supplicant-config.c b/src/supplicant-manager/nm-supplicant-config.c index d087b2c227..2918504598 100644 --- a/src/supplicant-manager/nm-supplicant-config.c +++ b/src/supplicant-manager/nm-supplicant-config.c @@ -19,6 +19,10 @@ * Copyright (C) 2007 - 2008 Novell, Inc. */ +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + #include <string.h> #include <stdlib.h> #include <glib.h> @@ -620,7 +624,11 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, ADD_STRING_VAL (phase2->str, "phase2", FALSE, FALSE, FALSE); g_string_free (phase2, TRUE); - ADD_BLOB_VAL (nm_setting_802_1x_get_ca_cert (setting), "ca_cert", connection_uid); + if (nm_setting_802_1x_get_system_ca_certs (setting)) { + ADD_STRING_VAL (SYSTEM_CA_PATH, "ca_path", FALSE, FALSE, FALSE); + } else { + ADD_BLOB_VAL (nm_setting_802_1x_get_ca_cert (setting), "ca_cert", connection_uid); + } array = nm_setting_802_1x_get_private_key (setting); if (array) { @@ -638,7 +646,11 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, } } - ADD_BLOB_VAL (nm_setting_802_1x_get_phase2_ca_cert (setting), "ca_cert2", connection_uid); + if (nm_setting_802_1x_get_system_ca_certs (setting)) { + ADD_STRING_VAL (SYSTEM_CA_PATH, "ca_path2", FALSE, FALSE, FALSE); + } else { + ADD_BLOB_VAL (nm_setting_802_1x_get_phase2_ca_cert (setting), "ca_cert2", connection_uid); + } array = nm_setting_802_1x_get_phase2_private_key (setting); if (array) { diff --git a/src/supplicant-manager/nm-supplicant-settings-verify.c b/src/supplicant-manager/nm-supplicant-settings-verify.c index b8bd9fc4c0..5e3079547b 100644 --- a/src/supplicant-manager/nm-supplicant-settings-verify.c +++ b/src/supplicant-manager/nm-supplicant-settings-verify.c @@ -101,6 +101,7 @@ static const struct Opt opt_table[] = { { "eap", TYPE_KEYWORD, 0, 0, FALSE, eap_allowed }, { "identity", TYPE_BYTES, 0, 0, FALSE, NULL }, { "password", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "ca_path", TYPE_BYTES, 0, 0, FALSE, NULL }, { "ca_cert", TYPE_BYTES, 0, 65536, FALSE, NULL }, { "client_cert", TYPE_BYTES, 0, 65536, FALSE, NULL }, { "private_key", TYPE_BYTES, 0, 65536, FALSE, NULL }, |