| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Thus they can also be used on other places, like VPN plugins.
|
| | |
|
| |
|
|
|
| |
Because it is actually not a new connection, rather it denotes that we edit the
connection as opposed to just providing password(s).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Storing secrets system-wide can be a security breach. Because such a secret is
available to all users on the system.
So we default to NM_SETTING_SECRET_FLAG_AGENT_OWNED flag for all passwords,
regardless whether the connection profile itself is available to all users or
not. And we add a popup menu for password entries that allows users to override
password storage. This is useful e.g. for the case when a user (admin) needs
the connection profile to be usable at boot time.
There and two pieces of data to store:
profile storage/availability - it is influenced with "Available to all users"
secret storage/availability - it is influenced with secret flags
This commit decouples these two things, so that they are independent now.
Test case:
Alice creates a connection profile for her WPA Wi-Fi access point. When she
logouts, Bobs comes in, logs into his own account and he is able to connect to
Alice's AP, because the profile contains the password, and it is available for
Bob (and all users).
https://bugzilla.redhat.com/show_bug.cgi?id=879566
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
connections"
This reverts commit 3021ce121b162fc69ec2fd800776a5dd28d72042.
For EAP connections it usually does not make sense to validate the
certificate with the system CA store. User mostly either want to
provide the one exact certificate (ca-cert) or don't do any validation
at all.
Previously, nm-connection-editor set the property system-ca-certs=true
for new connections, but there was no field in the UI to unset this
setting. This effectively meant, that if the user did not provide a
valid ca-cert (or put the certificate in the system wide store) the
connection could not be established.
Change the behavior, so that new connections created by nm-c-e don't
have system-ca-certs set.
The system-ca-certs property cannot be configured from the UI and nm-c-e
will not touch it in existing connection. This makes sense, because referring
to the system store is not a common use case. On the other hand, users who
*really* want to use this option, can do so using e.g. nmcli. In that case,
nm-c-e will not tamper with the setting.
Connections that were created by older versions of nm-c-e might be
unable to connect. The system-ca-certs option can be unset with:
$ nmcli connection modify id "$ID" 802-1x.system-ca-certs false
https://bugzilla.gnome.org/show_bug.cgi?id=702608
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1025894#c3
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Warn the user when a bond or team connection contains multiple slaves
on the same physical port.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
With the previous commit, the "Connect" button in the "Connect to Hidden
Network" is disabled, if the EAP connection does not validate.
Before, the user was able to click on the "Connect" button and the
assert in eap_method_ca_cert_not_required_toggled failed.
Still, the assert is too strict, so remove it.
Also fix an invalid warning in eap-method-tls.c
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When opening the "Connect to Hidden Network" dialog for a connection
without CA authority, the ca_cert_ignore checkbox was not properly loaded
and always stayed unchecked.
With this change, EAP connections without ca_cert_ignore flag will be
validate as erroneous and the "Connect" button in the "Connect to Hidden
Network" dialog stays disabled.
Previously, the behaviour was indeterministic, and also it might trigger
an assert in eap_method_ca_cert_not_required_toggled.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
| |
and define a log domain so you can use G_MESSAGES_DEBUG=nm-applet to
enable them.
https://bugzilla.gnome.org/show_bug.cgi?id=709419
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Change the shell interaction code so that we only create an
NMSecretAgent if the shell is not running, and we permanently destroy
it if the shell ever starts up.
Revert the change to not run nm-applet under GNOME 3 now, since it
should be safe to do so, and this solves the problem for users who
need the GSM PIN unlock dialog.
https://bugzilla.gnome.org/show_bug.cgi?id=709419
|
| | |
|
| |
|
|
|
|
| |
Such bridges are useful e.g. for virtualization.
https://bugzilla.gnome.org/show_bug.cgi?id=700948
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Else the user could close the connection window and the dialog still referring
to it would make the editor crash.
Top level window fixed up by dcbw:
The widget may not be in a window at page init time, but is when the widget
is realized. Get the toplevel parent at realize time.
|
| | |
|
| |
|
|
|
|
|
|
| |
"response" signal is sufficient. It is issued for dialog closing too (Cancel,
Esc, Alt-F4, ...).
Trying to destroy dialog as a response to "close" signal caused:
GLib-GObject-CRITICAL **: g_object_ref: assertion `G_IS_OBJECT (object)' failed
|
| | |
|
| |\
| |
| |
| | |
https://bugzilla.gnome.org/show_bug.cgi?id=708245
|
| | |
| |
| |
| |
| |
| | |
Compatible slaves:
- InfiniBand
- ethernet, Wi-Fi, VLAN
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
and allow importing the config from a file.
libteam configuration is a string that can be quite long, and simple GEntry is
not much appropriate for it. This commit uses GTextView instead, so that
structured multiline JSON config can be typed. In addition to that, the import
button allows selecting a file whose content will be imported as the config
text.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The previous algorithm for choosing the team_num is not deterministic.
It does neither choose one of
(a) MAX(existing team_nums) + 1
(b) MIN(unused team_nums)
What it actually chooses depends on the order how the existing
connections are returned. For example:
[0 2] => 1
[2 0] => 3
Change it to use (a).
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| | | |
|
| | | |
|
| |/
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The user cannot input a %scope-id in this field because this parameter
would be ignored anyway. NetworkManager automatically scopes link-local
addresses to the connecting device.
https://bugzilla.redhat.com/show_bug.cgi?id=962449
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not allow to input unexpected (ascii) characters as DNS servers,
both for IPv4 and IPv6.
This especially disallows to add a %scope-id suffix for IPv6 link-local
addresses (because '%' is not allowed). The reason to disallow this is
that link-local addresses are always scoped to the connecting device
anyway, so this parameter would get ignored anyway.
This is related to bug
https://bugzilla.redhat.com/show_bug.cgi?id=962449
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some GtkEntry only allow certain characters. This code was duplicated
over several places. Refactor them and add a function
utils_filter_editable_on_insert_text to implement the filtering.
This also fixes some minor hitches:
- at some places, the is<type> functions from ctype.h were used. These
functions behave differently depending on the locale, but we ~really~
want to check for ASCII characters (in the UTF-8) string.
- at several places, the allocated memory for `result` did not include
the terminating zero caracter. This was not a real bug, because
gtk_editable_insert_text was called with the `count` parameter and
nowhere the terminating zero was actually needed.
- adjust the signature of the *_filter_cb functions to the insert-text
signal.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
| |
The return value of gtk_editable_get_chars is owned by the caller, so
calling g_strdup leaks memory.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Due to a typo, the created setting contained wrong fields for
IP4 and IP6.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous algorithm for choosing bond_num/bridge_num is not deterministic.
It does neither choose one of
(a) MAX(existing nums) + 1
(b) MIN(unused nums)
What it actually chooses depends on the order how the existing
connections are returned. For example:
[0 2] => 1
[2 0] => 3
This commit changes the algorithm to use (a).
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
| |
The values were removed from the allowed 'pairwise' property values by
5f61594585b22cdb72ee5279de5a8d9e86b125cf commit.
Anyway, both 'pairwise' and 'group' property (ciphers) are only valid for WPA.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
inner_auth_combo_changed_cb():
model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo));
gtk_combo_box_get_active_iter (GTK_COMBO_BOX (combo), &iter);
gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
g_assert (eap);
gtk_combo_box_get_model() failed and thus g_assert (eap) failed as well.
On some circumstances type_id resets to 0 in eap_method_get_g_type(). It makes
g_boxed_type_register_static() be called again, which results in failing
assertion 'g_type_form_name (name) == 0' and thus eap_method_get_g_type()
returns 0 instead of proper GType. Later using 0 make gtk_list_store_new()
fail to get proper GListStore:
inner_auth_combo_init:
auth_model = gtk_list_store_new (2, G_TYPE_STRING, eap_method_get_type ())
Even if this patch is right, the problem is not solved, because instead of
the crash a deadlock may occur. It might be the same issue as described in
https://bugzilla.gnome.org/show_bug.cgi?id=674885.
https://bugzilla.redhat.com/show_bug.cgi?id=979123
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
eap_method_init/wireless_security_init
When 'eap_method_init' or 'wireless_security_init' fails to read the
UI xml file, it calls 'eap_method_unref' or 'wireless_security_unref',
respectively. The unref methods call the destroy handler, but they
should not do it in this case, because the objects were not fully
constructed.
Fix this, be setting the destroy handler only at the end of
the init methods.
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
