| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, NMACertChooser::constructor() would re-inject the actual
type based on the flags property, thus, instead of creating an instance
of type NMACertChooser, it would create an NMAFileCertChooser or
NMAPkcs11CertChooser.
Don't do that. Don't delegate using inheritence and NMACertChooserClass,
instead delegate using a vtable structure.
Also, hide the actual implementation of NMACertChooser and
NMACertChooserClass from public headers. This means, the classes
cannot be subclassed, but that is something that is not planned
to be supported (at least for the moment).
Co-authored-by: Lubomir Rintel <lkundrak@v3.sk>
|
|
|
|
|
| |
This makes it support PKCS#11 tokens for certificates and keys. Also, it
supports PIN entry for the relevant objects.
|
|
|
|
|
|
|
|
|
| |
Default to it unless Gcr support is unavailable or an application
indicateas it only supports certificates in plain files.
This one is libnma only. The libnm-gtk can still utilize the
NMAFileCertChooser. Since libnm-glib doesn't support PKCS#11 tokens it
wouldn't make too much sense anyway.
|
|
|
|
|
| |
Allows choosing a PKCS#11 token to select a certificate or a key from,
optionally selecting one from a file system.
|
|
|
|
|
| |
Selects a key or a password from a PKCS#11 token and returns an URI.
Allows unlocking the token with a PIN.
|
|
|
|
|
| |
Unlock a PKCS#11 with a PIN. Will be useful for PKCS#11 certificate
chooser.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will be useful for the PKCS#11 token support.
Unfortunatelly, GCR API is declared subject to change despite being in
active use and not having changed in years. This is not a problem --
if GCR ever deprecates this API, chances are it will provide a
certificate chooser too and we'll be just able to drop ours. It doesn't
seem like happening anytime soon.
Let's do an extensive check of how good the available GCR version is and
disable it if it's not good enough. We'll provide a sensible fallback
anyway.
|
|
|
|
|
|
|
|
| |
This is a simple certificate chooser that allows selecting the
certificate and key pair from plain files.
This one is available from libnm-gtk too, otherwise the cert chooser
interface alone would be useless.
|
|
|
|
|
|
| |
They're going to be useful elsewhere.
Co-authored-by: Thomas Haller <thaller@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A grid with certificate & key pair optionally with passwords.
The idea is to provide reusable interface for the 802.1x and VPN plugins
that can be backed by a simple file-base chooser or a PKCS#11 based
chooser. The API is designed with possible future Gcr certificate chooser
in mind.
This is available from libnm-gtk too, since the wireless-security
library will make use for it. It still resides in the libnma/ tree not
to introduce complexity into how the tree is organized for the sake of a
legacy component.
|
| |
|
|
|
|
| |
Let's modernize the UI file a bit before we extend it.
|
|
|
|
| |
It provides a better error reporting too.
|
| |
|
|
|
|
| |
Ensure all features we support build without a warning.
|
|
|
|
| |
We'll need the NetworkManager 1.8 functionality to get the PKCS#11 support.
|
|
|
|
| |
...so that we won't accidentally use features of newer Gtk version.
|
| |
|
| |
|
| |
|
|\
| |
| |
| | |
Check permissions before showing 802.1x wifi new-connection dialog.
|
| |
| |
| |
| |
| | |
If the permission check fails, we never run the callback: return FALSE
so that the caller can free resources.
|
| |
| |
| |
| |
| | |
They are not needed since commit 9b002809514a ("applet: remove usage
of dbus-glib and private session D-Bus API").
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In most places, we (or NM) check permissions before performing actions.
One place we don't is when we need more information when connecting to
and 802.1x network. In that case we pop up a dialog to ask for more
information before initiaing the connection.
The dialog contains a GTK+ filechooser. We don't want unprivileged users
to have access to this as it allows opening files.
Check for MODIFY_SYSTEM or MODIFY_OWN before showing the dialog for
802.1x connections. If the user doesn't have or can't get it, don't show
the dialog. They wouldn't have been able to create the connection
anyway.
This fixes CVE-2017-6590.
https://mail.gnome.org/archives/networkmanager-list/2017-March/msg00032.html
https://bugs.launchpad.net/bugs/1668321
[bgalvani@redhat.com: changed commit subject line, added links]
|
|
|
|
|
|
|
|
|
| |
gettext("str") expands to dcgettext(NULL, "str") which gets
translations from the last used domain, while _("str") is equivalent
to g_dgettext(GETTEXT_PACKAGE, "str") which uses the library's
translations.
https://bugzilla.gnome.org/show_bug.cgi?id=772362
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libnma uses libnm, and not libnm-util/libnm-glib. Hence, the python bindings
must load "NM" and not "NMClient"/"NetworkManager".
As it was, the generated bindings for libnma were unusable and loading
them would fail with
libnm-ERROR **: libnm-util symbols detected; Mixing libnm with libnm-util/libnm-glib is not supported
https://bugzilla.gnome.org/show_bug.cgi?id=779153
Fixes: 76a12beac4e8692f30071169e11e2b521ec4eab7
|
| |
|
| |
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| | |
It's not like we could change or drop the API.
|
| | |
|
| | |
|
|/
|
|
|
| |
It doesn't really improve the documentation, but at least makes gtk-doc
happy.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
src/wireless-security/libwireless-security-libnm.la already links with
src/utils/libutils-libnm.la, thus we have the symobols ready.
|
| |
|
| |
|
|\
| |
| |
| | |
https://bugzilla.gnome.org/show_bug.cgi?id=778400
|
| |
| |
| |
| | |
Fixes: a4fa0bf297dbb148bb8ca1818eacaaaef85c803a
|
| |
| |
| |
| | |
https://bugzilla.gnome.org/show_bug.cgi?id=760887
|