system/NetworkManager
system/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager synced 2024-10-04 15:21:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

2008-10-30 Dan Williams <dcbw@redhat.com>

Browse source 
* libnm-util/libnm-util.ver
	  libnm-util/nm-setting-8021x.c
	  libnm-util/nm-setting-8021x.h
		- Make properties private and add accessor functions

	* src/supplicant-manager/nm-supplicant-config.c
	  system-settings/plugins/ifcfg-suse/parser.c
		- Use 802.1x setting accessors



git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
This commit is contained in:
Dan Williams 2008-10-30 18:12:46 +00:00
parent f8d151a20d
commit 2c78fb12b6
6 changed files with 586 additions and 277 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
ChangeLog
View file

@ -1,3 +1,14 @@
2008-10-30 Dan Williams <dcbw@redhat.com>
* libnm-util/libnm-util.ver
libnm-util/nm-setting-8021x.c
libnm-util/nm-setting-8021x.h
- Make properties private and add accessor functions
* src/supplicant-manager/nm-supplicant-config.c
system-settings/plugins/ifcfg-suse/parser.c
- Use 802.1x setting accessors
2008-10-30 Dan Williams <dcbw@redhat.com>
* libnm-util/libnm-util.ver

35
libnm-util/libnm-util.ver
View file

@ -26,16 +26,39 @@ global:
nm_connection_to_hash;
nm_connection_update_secrets;
nm_connection_verify;
nm_setting_802_1x_add_eap_method;
nm_setting_802_1x_clear_eap_methods;
nm_setting_802_1x_error_get_type;
nm_setting_802_1x_error_quark;
nm_setting_802_1x_get_anonymous_identity;
nm_setting_802_1x_get_ca_cert;
nm_setting_802_1x_set_ca_cert_from_file;
nm_setting_802_1x_get_ca_path;
nm_setting_802_1x_get_client_cert;
nm_setting_802_1x_set_client_cert_from_file;
nm_setting_802_1x_get_eap_method;
nm_setting_802_1x_get_identity;
nm_setting_802_1x_get_num_eap_methods;
nm_setting_802_1x_get_password;
nm_setting_802_1x_get_phase1_fast_provisioning;
nm_setting_802_1x_get_phase1_peaplabel;
nm_setting_802_1x_get_phase1_peapver;
nm_setting_802_1x_get_phase2_auth;
nm_setting_802_1x_get_phase2_autheap;
nm_setting_802_1x_get_phase2_ca_cert;
nm_setting_802_1x_set_phase2_ca_cert_from_file;
nm_setting_802_1x_get_phase2_ca_path;
nm_setting_802_1x_get_phase2_client_cert;
nm_setting_802_1x_set_phase2_client_cert_from_file;
nm_setting_802_1x_get_phase2_private_key;
nm_setting_802_1x_set_phase2_private_key_from_file;
nm_setting_802_1x_get_pin;
nm_setting_802_1x_get_private_key;
nm_setting_802_1x_set_private_key_from_file;
nm_setting_802_1x_get_psk;
nm_setting_802_1x_get_type;
nm_setting_802_1x_new;
nm_setting_802_1x_set_ca_cert;
nm_setting_802_1x_set_client_cert;
nm_setting_802_1x_set_phase2_ca_cert;
nm_setting_802_1x_set_phase2_client_cert;
nm_setting_802_1x_set_phase2_private_key;
nm_setting_802_1x_set_private_key;
nm_setting_802_1x_remove_eap_method;
nm_setting_cdma_error_get_type;
nm_setting_cdma_error_quark;
nm_setting_cdma_get_type;

602
libnm-util/nm-setting-8021x.c
View file

@ -68,6 +68,30 @@ nm_setting_802_1x_error_get_type (void)
G_DEFINE_TYPE (NMSetting8021x, nm_setting_802_1x, NM_TYPE_SETTING)
#define NM_SETTING_802_1X_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_SETTING_802_1X, NMSetting8021xPrivate))
typedef struct {
GSList *eap; /* GSList of strings */
char *identity;
char *anonymous_identity;
GByteArray *ca_cert;
char *ca_path;
GByteArray *client_cert;
char *phase1_peapver;
char *phase1_peaplabel;
char *phase1_fast_provisioning;
char *phase2_auth;
char *phase2_autheap;
GByteArray *phase2_ca_cert;
char *phase2_ca_path;
GByteArray *phase2_client_cert;
char *password;
char *pin;
char *psk;
GByteArray *private_key;
GByteArray *phase2_private_key;
} NMSetting8021xPrivate;
enum {
PROP_0,
PROP_EAP,
@ -99,115 +123,343 @@ nm_setting_802_1x_new (void)
return (NMSetting *) g_object_new (NM_TYPE_SETTING_802_1X, NULL);
}
gboolean
nm_setting_802_1x_set_ca_cert (NMSetting8021x *self,
const char *filename,
GError **err)
guint32
nm_setting_802_1x_get_num_eap_methods (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
g_return_val_if_fail (filename != NULL, FALSE);
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), 0);
if (self->ca_cert)
g_byte_array_free (self->ca_cert, TRUE);
return g_slist_length (NM_SETTING_802_1X_GET_PRIVATE (setting)->eap);
}
self->ca_cert = crypto_load_and_verify_certificate (filename, err);
const char *
nm_setting_802_1x_get_eap_method (NMSetting8021x *setting, guint32 i)
{
NMSetting8021xPrivate *priv;
return self->ca_cert != NULL;
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
g_return_val_if_fail (i <= g_slist_length (priv->eap), NULL);
return (const char *) g_slist_nth_data (priv->eap, i);
}
gboolean
nm_setting_802_1x_set_client_cert (NMSetting8021x *self,
const char *filename,
GError **err)
nm_setting_802_1x_add_eap_method (NMSetting8021x *setting, const char *eap)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
g_return_val_if_fail (filename != NULL, FALSE);
NMSetting8021xPrivate *priv;
GSList *iter;
if (self->client_cert)
g_byte_array_free (self->client_cert, TRUE);
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), FALSE);
g_return_val_if_fail (eap != NULL, FALSE);
self->client_cert = crypto_load_and_verify_certificate (filename, err);
priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
for (iter = priv->eap; iter; iter = g_slist_next (iter)) {
if (!strcmp (eap, (char *) iter->data))
return FALSE;
}
return self->client_cert != NULL;
priv->eap = g_slist_append (priv->eap, g_ascii_strdown (eap, -1));
return TRUE;
}
void
nm_setting_802_1x_remove_eap_method (NMSetting8021x *setting, guint32 i)
{
NMSetting8021xPrivate *priv;
GSList *elt;
g_return_if_fail (NM_IS_SETTING_802_1X (setting));
priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
elt = g_slist_nth (priv->eap, i);
g_return_if_fail (elt != NULL);
g_free (elt->data);
priv->eap = g_slist_delete_link (priv->eap, elt);
}
void
nm_setting_802_1x_clear_eap_methods (NMSetting8021x *setting)
{
NMSetting8021xPrivate *priv;
g_return_if_fail (NM_IS_SETTING_802_1X (setting));
priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
nm_utils_slist_free (priv->eap, g_free);
priv->eap = NULL;
}
const char *
nm_setting_802_1x_get_identity (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->identity;
}
const char *
nm_setting_802_1x_get_anonymous_identity (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->anonymous_identity;
}
const GByteArray *
nm_setting_802_1x_get_ca_cert (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->ca_cert;
}
const char *
nm_setting_802_1x_get_ca_path (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->ca_path;
}
gboolean
nm_setting_802_1x_set_phase2_ca_cert (NMSetting8021x *self,
const char *filename,
GError **err)
nm_setting_802_1x_set_ca_cert_from_file (NMSetting8021x *self,
const char *filename,
GError **err)
{
NMSetting8021xPrivate *priv;
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
g_return_val_if_fail (filename != NULL, FALSE);
if (self->phase2_ca_cert)
g_byte_array_free (self->phase2_ca_cert, TRUE);
priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (priv->ca_cert)
g_byte_array_free (priv->ca_cert, TRUE);
self->phase2_ca_cert = crypto_load_and_verify_certificate (filename, err);
priv->ca_cert = crypto_load_and_verify_certificate (filename, err);
return self->phase2_ca_cert != NULL;
return priv->ca_cert != NULL;
}
const GByteArray *
nm_setting_802_1x_get_client_cert (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->client_cert;
}
gboolean
nm_setting_802_1x_set_phase2_client_cert (NMSetting8021x *self,
const char *filename,
GError **err)
nm_setting_802_1x_set_client_cert_from_file (NMSetting8021x *self,
const char *filename,
GError **err)
{
NMSetting8021xPrivate *priv;
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
g_return_val_if_fail (filename != NULL, FALSE);
if (self->phase2_client_cert)
g_byte_array_free (self->phase2_client_cert, TRUE);
priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (priv->client_cert)
g_byte_array_free (priv->client_cert, TRUE);
self->phase2_client_cert = crypto_load_and_verify_certificate (filename, err);
priv->client_cert = crypto_load_and_verify_certificate (filename, err);
return self->phase2_client_cert != NULL;
return priv->client_cert != NULL;
}
const char *
nm_setting_802_1x_get_phase1_peapver (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase1_peapver;
}
const char *
nm_setting_802_1x_get_phase1_peaplabel (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase1_peaplabel;
}
const char *
nm_setting_802_1x_get_phase1_fast_provisioning (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase1_fast_provisioning;
}
const char *
nm_setting_802_1x_get_phase2_auth (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_auth;
}
const char *
nm_setting_802_1x_get_phase2_autheap (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_autheap;
}
const GByteArray *
nm_setting_802_1x_get_phase2_ca_cert (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_ca_cert;
}
const char *
nm_setting_802_1x_get_phase2_ca_path (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_ca_path;
}
gboolean
nm_setting_802_1x_set_private_key (NMSetting8021x *self,
const char *filename,
const char *password,
GError **err)
nm_setting_802_1x_set_phase2_ca_cert_from_file (NMSetting8021x *self,
const char *filename,
GError **err)
{
NMSetting8021xPrivate *priv;
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
g_return_val_if_fail (filename != NULL, FALSE);
priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (priv->phase2_ca_cert)
g_byte_array_free (priv->phase2_ca_cert, TRUE);
priv->phase2_ca_cert = crypto_load_and_verify_certificate (filename, err);
return priv->phase2_ca_cert != NULL;
}
const GByteArray *
nm_setting_802_1x_get_phase2_client_cert (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_client_cert;
}
gboolean
nm_setting_802_1x_set_phase2_client_cert_from_file (NMSetting8021x *self,
const char *filename,
GError **err)
{
NMSetting8021xPrivate *priv;
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
g_return_val_if_fail (filename != NULL, FALSE);
priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (priv->phase2_client_cert)
g_byte_array_free (priv->phase2_client_cert, TRUE);
priv->phase2_client_cert = crypto_load_and_verify_certificate (filename, err);
return priv->phase2_client_cert != NULL;
}
const char *
nm_setting_802_1x_get_password (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->password;
}
const char *
nm_setting_802_1x_get_pin (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->pin;
}
const char *
nm_setting_802_1x_get_psk (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->psk;
}
const GByteArray *
nm_setting_802_1x_get_private_key (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->private_key;
}
gboolean
nm_setting_802_1x_set_private_key_from_file (NMSetting8021x *self,
const char *filename,
const char *password,
GError **err)
{
NMSetting8021xPrivate *priv;
guint32 ignore;
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
g_return_val_if_fail (filename != NULL, FALSE);
g_return_val_if_fail (password != NULL, FALSE);
if (self->private_key) {
priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (priv->private_key) {
/* Try not to leave the decrypted private key around in memory */
memset (self->private_key, 0, self->private_key->len);
g_byte_array_free (self->private_key, TRUE);
memset (priv->private_key, 0, priv->private_key->len);
g_byte_array_free (priv->private_key, TRUE);
}
self->private_key = crypto_get_private_key (filename, password, &ignore, err);
priv->private_key = crypto_get_private_key (filename, password, &ignore, err);
return self->private_key != NULL;
return priv->private_key != NULL;
}
const GByteArray *
nm_setting_802_1x_get_phase2_private_key (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_private_key;
}
gboolean
nm_setting_802_1x_set_phase2_private_key (NMSetting8021x *self,
const char *filename,
const char *password,
GError **err)
nm_setting_802_1x_set_phase2_private_key_from_file (NMSetting8021x *self,
const char *filename,
const char *password,
GError **err)
{
NMSetting8021xPrivate *priv;
guint32 ignore;
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
g_return_val_if_fail (filename != NULL, FALSE);
g_return_val_if_fail (password != NULL, FALSE);
if (self->phase2_private_key) {
priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (priv->phase2_private_key) {
/* Try not to leave the decrypted private key around in memory */
memset (self->phase2_private_key, 0, self->phase2_private_key->len);
g_byte_array_free (self->phase2_private_key, TRUE);
memset (priv->phase2_private_key, 0, priv->phase2_private_key->len);
g_byte_array_free (priv->phase2_private_key, TRUE);
}
self->phase2_private_key = crypto_get_private_key (filename, password, &ignore, err);
priv->phase2_private_key = crypto_get_private_key (filename, password, &ignore, err);
return self->phase2_private_key != NULL;
return priv->phase2_private_key != NULL;
}
static void
@ -215,7 +467,9 @@ need_secrets_password (NMSetting8021x *self,
GPtrArray *secrets,
gboolean phase2)
{
if (!self->password || !strlen (self->password))
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (!priv->password || !strlen (priv->password))
g_ptr_array_add (secrets, NM_SETTING_802_1X_PASSWORD);
}
@ -224,7 +478,9 @@ need_secrets_sim (NMSetting8021x *self,
GPtrArray *secrets,
gboolean phase2)
{
if (!self->pin || !strlen (self->pin))
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (!priv->pin || !strlen (priv->pin))
g_ptr_array_add (secrets, NM_SETTING_802_1X_PIN);
}
@ -233,13 +489,15 @@ need_secrets_tls (NMSetting8021x *self,
GPtrArray *secrets,
gboolean phase2)
{
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (phase2) {
if ( self->phase2_client_cert
&& (!self->phase2_private_key || !self->phase2_private_key->len))
if ( priv->phase2_client_cert
&& (!priv->phase2_private_key || !priv->phase2_private_key->len))
g_ptr_array_add (secrets, NM_SETTING_802_1X_PHASE2_PRIVATE_KEY);
} else {
if (self->client_cert
&& (!self->private_key || !self->private_key->len))
if (priv->client_cert
&& (!priv->private_key || !priv->private_key->len))
g_ptr_array_add (secrets, NM_SETTING_802_1X_PRIVATE_KEY);
}
}
@ -247,14 +505,16 @@ need_secrets_tls (NMSetting8021x *self,
static gboolean
verify_tls (NMSetting8021x *self, gboolean phase2, GError **error)
{
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (phase2) {
if (!self->phase2_client_cert) {
if (!priv->phase2_client_cert) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_PHASE2_CLIENT_CERT);
return FALSE;
} else if (!self->phase2_client_cert->len) {
} else if (!priv->phase2_client_cert->len) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@ -262,13 +522,13 @@ verify_tls (NMSetting8021x *self, gboolean phase2, GError **error)
return FALSE;
}
} else {
if (!self->client_cert) {
if (!priv->client_cert) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_CLIENT_CERT);
return FALSE;
} else if (!self->client_cert->len) {
} else if (!priv->client_cert->len) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@ -283,19 +543,21 @@ verify_tls (NMSetting8021x *self, gboolean phase2, GError **error)
static gboolean
verify_ttls (NMSetting8021x *self, gboolean phase2, GError **error)
{
if ( (!self->identity || !strlen (self->identity))
&& (!self->anonymous_identity || !strlen (self->anonymous_identity))) {
if (!self->identity) {
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if ( (!priv->identity || !strlen (priv->identity))
&& (!priv->anonymous_identity || !strlen (priv->anonymous_identity))) {
if (!priv->identity) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_IDENTITY);
} else if (!strlen (self->identity)) {
} else if (!strlen (priv->identity)) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_IDENTITY);
} else if (!self->anonymous_identity) {
} else if (!priv->anonymous_identity) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
@ -309,19 +571,19 @@ verify_ttls (NMSetting8021x *self, gboolean phase2, GError **error)
return FALSE;
}
if ( (!self->phase2_auth || !strlen (self->phase2_auth))
&& (!self->phase2_autheap || !strlen (self->phase2_autheap))) {
if (!self->phase2_auth) {
if ( (!priv->phase2_auth || !strlen (priv->phase2_auth))
&& (!priv->phase2_autheap || !strlen (priv->phase2_autheap))) {
if (!priv->phase2_auth) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_PHASE2_AUTH);
} else if (!strlen (self->phase2_auth)) {
} else if (!strlen (priv->phase2_auth)) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_PHASE2_AUTH);
} else if (!self->phase2_autheap) {
} else if (!priv->phase2_autheap) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
@ -341,12 +603,14 @@ verify_ttls (NMSetting8021x *self, gboolean phase2, GError **error)
static gboolean
verify_identity (NMSetting8021x *self, gboolean phase2, GError **error)
{
if (!self->identity) {
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (!priv->identity) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_IDENTITY);
} else if (!strlen (self->identity)) {
} else if (!strlen (priv->identity)) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@ -398,15 +662,16 @@ need_secrets_phase2 (NMSetting8021x *self,
GPtrArray *secrets,
gboolean phase2)
{
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
char *method = NULL;
int i;
g_return_if_fail (phase2 == FALSE);
/* Check phase2_auth and phase2_autheap */
method = self->phase2_auth;
if (!method && self->phase2_autheap)
method = self->phase2_autheap;
method = priv->phase2_auth;
if (!method && priv->phase2_autheap)
method = priv->phase2_autheap;
if (!method) {
g_warning ("Couldn't find EAP method.");
@ -430,6 +695,7 @@ static GPtrArray *
need_secrets (NMSetting *setting)
{
NMSetting8021x *self = NM_SETTING_802_1X (setting);
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
GSList *iter;
GPtrArray *secrets;
gboolean eap_method_found = FALSE;
@ -437,7 +703,7 @@ need_secrets (NMSetting *setting)
secrets = g_ptr_array_sized_new (4);
/* Ask each configured EAP method if it needs secrets */
for (iter = self->eap; iter && !eap_method_found; iter = g_slist_next (iter)) {
for (iter = priv->eap; iter && !eap_method_found; iter = g_slist_next (iter)) {
const char *method = (const char *) iter->data;
int i;
@ -469,6 +735,7 @@ static gboolean
verify (NMSetting *setting, GSList *all_settings, GError **error)
{
NMSetting8021x *self = NM_SETTING_802_1X (setting);
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
const char *valid_eap[] = { "leap", "md5", "tls", "peap", "ttls", "sim", "fast", NULL };
const char *valid_phase1_peapver[] = { "0", "1", NULL };
const char *valid_phase1_peaplabel[] = { "0", "1", NULL };
@ -479,7 +746,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
if (error)
g_return_val_if_fail (*error == NULL, FALSE);
if (!self->eap) {
if (!priv->eap) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
@ -487,7 +754,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE;
}
if (!nm_utils_string_slist_validate (self->eap, valid_eap)) {
if (!nm_utils_string_slist_validate (priv->eap, valid_eap)) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@ -496,7 +763,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
}
/* Ask each configured EAP method if its valid */
for (iter = self->eap; iter; iter = g_slist_next (iter)) {
for (iter = priv->eap; iter; iter = g_slist_next (iter)) {
const char *method = (const char *) iter->data;
int i;
@ -511,7 +778,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
}
}
if (self->phase1_peapver && !nm_utils_string_in_list (self->phase1_peapver, valid_phase1_peapver)) {
if (priv->phase1_peapver && !nm_utils_string_in_list (priv->phase1_peapver, valid_phase1_peapver)) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@ -519,7 +786,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE;
}
if (self->phase1_peaplabel && !nm_utils_string_in_list (self->phase1_peaplabel, valid_phase1_peaplabel)) {
if (priv->phase1_peaplabel && !nm_utils_string_in_list (priv->phase1_peaplabel, valid_phase1_peaplabel)) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@ -527,7 +794,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE;
}
if (self->phase1_fast_provisioning && strcmp (self->phase1_fast_provisioning, "1")) {
if (priv->phase1_fast_provisioning && strcmp (priv->phase1_fast_provisioning, "1")) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@ -535,7 +802,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE;
}
if (self->phase2_auth && !nm_utils_string_in_list (self->phase2_auth, valid_phase2_auth)) {
if (priv->phase2_auth && !nm_utils_string_in_list (priv->phase2_auth, valid_phase2_auth)) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@ -543,7 +810,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE;
}
if (self->phase2_autheap && !nm_utils_string_in_list (self->phase2_autheap, valid_phase2_autheap)) {
if (priv->phase2_autheap && !nm_utils_string_in_list (priv->phase2_autheap, valid_phase2_autheap)) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@ -566,34 +833,35 @@ static void
finalize (GObject *object)
{
NMSetting8021x *self = NM_SETTING_802_1X (object);
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
/* Strings first. g_free() already checks for NULLs so we don't have to */
g_free (self->identity);
g_free (self->anonymous_identity);
g_free (self->ca_path);
g_free (self->phase1_peapver);
g_free (self->phase1_peaplabel);
g_free (self->phase1_fast_provisioning);
g_free (self->phase2_auth);
g_free (self->phase2_autheap);
g_free (self->phase2_ca_path);
g_free (self->password);
g_free (priv->identity);
g_free (priv->anonymous_identity);
g_free (priv->ca_path);
g_free (priv->phase1_peapver);
g_free (priv->phase1_peaplabel);
g_free (priv->phase1_fast_provisioning);
g_free (priv->phase2_auth);
g_free (priv->phase2_autheap);
g_free (priv->phase2_ca_path);
g_free (priv->password);
nm_utils_slist_free (self->eap, g_free);
nm_utils_slist_free (priv->eap, g_free);
if (self->ca_cert)
g_byte_array_free (self->ca_cert, TRUE);
if (self->client_cert)
g_byte_array_free (self->client_cert, TRUE);
if (self->private_key)
g_byte_array_free (self->private_key, TRUE);
if (self->phase2_ca_cert)
g_byte_array_free (self->phase2_ca_cert, TRUE);
if (self->phase2_client_cert)
g_byte_array_free (self->phase2_client_cert, TRUE);
if (self->phase2_private_key)
g_byte_array_free (self->phase2_private_key, TRUE);
if (priv->ca_cert)
g_byte_array_free (priv->ca_cert, TRUE);
if (priv->client_cert)
g_byte_array_free (priv->client_cert, TRUE);
if (priv->private_key)
g_byte_array_free (priv->private_key, TRUE);
if (priv->phase2_ca_cert)
g_byte_array_free (priv->phase2_ca_cert, TRUE);
if (priv->phase2_client_cert)
g_byte_array_free (priv->phase2_client_cert, TRUE);
if (priv->phase2_private_key)
g_byte_array_free (priv->phase2_private_key, TRUE);
G_OBJECT_CLASS (nm_setting_802_1x_parent_class)->finalize (object);
}
@ -603,81 +871,82 @@ set_property (GObject *object, guint prop_id,
const GValue *value, GParamSpec *pspec)
{
NMSetting8021x *setting = NM_SETTING_802_1X (object);
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
switch (prop_id) {
case PROP_EAP:
nm_utils_slist_free (setting->eap, g_free);
setting->eap = g_value_dup_boxed (value);
nm_utils_slist_free (priv->eap, g_free);
priv->eap = g_value_dup_boxed (value);
break;
case PROP_IDENTITY:
g_free (setting->identity);
setting->identity = g_value_dup_string (value);
g_free (priv->identity);
priv->identity = g_value_dup_string (value);
break;
case PROP_ANONYMOUS_IDENTITY:
g_free (setting->anonymous_identity);
setting->anonymous_identity = g_value_dup_string (value);
g_free (priv->anonymous_identity);
priv->anonymous_identity = g_value_dup_string (value);
break;
case PROP_CA_CERT:
if (setting->ca_cert)
g_byte_array_free (setting->ca_cert, TRUE);
setting->ca_cert = g_value_dup_boxed (value);
if (priv->ca_cert)
g_byte_array_free (priv->ca_cert, TRUE);
priv->ca_cert = g_value_dup_boxed (value);
break;
case PROP_CA_PATH:
g_free (setting->ca_path);
setting->ca_path = g_value_dup_string (value);
g_free (priv->ca_path);
priv->ca_path = g_value_dup_string (value);
break;
case PROP_CLIENT_CERT:
if (setting->client_cert)
g_byte_array_free (setting->client_cert, TRUE);
setting->client_cert = g_value_dup_boxed (value);
if (priv->client_cert)
g_byte_array_free (priv->client_cert, TRUE);
priv->client_cert = g_value_dup_boxed (value);
break;
case PROP_PHASE1_PEAPVER:
g_free (setting->phase1_peapver);
setting->phase1_peapver = g_value_dup_string (value);
g_free (priv->phase1_peapver);
priv->phase1_peapver = g_value_dup_string (value);
break;
case PROP_PHASE1_PEAPLABEL:
g_free (setting->phase1_peaplabel);
setting->phase1_peaplabel = g_value_dup_string (value);
g_free (priv->phase1_peaplabel);
priv->phase1_peaplabel = g_value_dup_string (value);
break;
case PROP_PHASE1_FAST_PROVISIONING:
g_free (setting->phase1_fast_provisioning);
setting->phase1_fast_provisioning = g_value_dup_string (value);
g_free (priv->phase1_fast_provisioning);
priv->phase1_fast_provisioning = g_value_dup_string (value);
break;
case PROP_PHASE2_AUTH:
g_free (setting->phase2_auth);
setting->phase2_auth = g_value_dup_string (value);
g_free (priv->phase2_auth);
priv->phase2_auth = g_value_dup_string (value);
break;
case PROP_PHASE2_AUTHEAP:
g_free (setting->phase2_autheap);
setting->phase2_autheap = g_value_dup_string (value);
g_free (priv->phase2_autheap);
priv->phase2_autheap = g_value_dup_string (value);
break;
case PROP_PHASE2_CA_CERT:
if (setting->phase2_ca_cert)
g_byte_array_free (setting->phase2_ca_cert, TRUE);
setting->phase2_ca_cert = g_value_dup_boxed (value);
if (priv->phase2_ca_cert)
g_byte_array_free (priv->phase2_ca_cert, TRUE);
priv->phase2_ca_cert = g_value_dup_boxed (value);
break;
case PROP_PHASE2_CA_PATH:
g_free (setting->phase2_ca_path);
setting->phase2_ca_path = g_value_dup_string (value);
g_free (priv->phase2_ca_path);
priv->phase2_ca_path = g_value_dup_string (value);
break;
case PROP_PHASE2_CLIENT_CERT:
if (setting->phase2_client_cert)
g_byte_array_free (setting->phase2_client_cert, TRUE);
setting->phase2_client_cert = g_value_dup_boxed (value);
if (priv->phase2_client_cert)
g_byte_array_free (priv->phase2_client_cert, TRUE);
priv->phase2_client_cert = g_value_dup_boxed (value);
break;
case PROP_PASSWORD:
g_free (setting->password);
setting->password = g_value_dup_string (value);
g_free (priv->password);
priv->password = g_value_dup_string (value);
break;
case PROP_PRIVATE_KEY:
if (setting->private_key)
g_byte_array_free (setting->private_key, TRUE);
setting->private_key = g_value_dup_boxed (value);
if (priv->private_key)
g_byte_array_free (priv->private_key, TRUE);
priv->private_key = g_value_dup_boxed (value);
break;
case PROP_PHASE2_PRIVATE_KEY:
if (setting->phase2_private_key)
g_byte_array_free (setting->phase2_private_key, TRUE);
setting->phase2_private_key = g_value_dup_boxed (value);
if (priv->phase2_private_key)
g_byte_array_free (priv->phase2_private_key, TRUE);
priv->phase2_private_key = g_value_dup_boxed (value);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
@ -690,58 +959,59 @@ get_property (GObject *object, guint prop_id,
GValue *value, GParamSpec *pspec)
{
NMSetting8021x *setting = NM_SETTING_802_1X (object);
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
switch (prop_id) {
case PROP_EAP:
g_value_set_boxed (value, setting->eap);
g_value_set_boxed (value, priv->eap);
break;
case PROP_IDENTITY:
g_value_set_string (value, setting->identity);
g_value_set_string (value, priv->identity);
break;
case PROP_ANONYMOUS_IDENTITY:
g_value_set_string (value, setting->anonymous_identity);
g_value_set_string (value, priv->anonymous_identity);
break;
case PROP_CA_CERT:
g_value_set_boxed (value, setting->ca_cert);
g_value_set_boxed (value, priv->ca_cert);
break;
case PROP_CA_PATH:
g_value_set_string (value, setting->ca_path);
g_value_set_string (value, priv->ca_path);
break;
case PROP_CLIENT_CERT:
g_value_set_boxed (value, setting->client_cert);
g_value_set_boxed (value, priv->client_cert);
break;
case PROP_PHASE1_PEAPVER:
g_value_set_string (value, setting->phase1_peapver);
g_value_set_string (value, priv->phase1_peapver);
break;
case PROP_PHASE1_PEAPLABEL:
g_value_set_string (value, setting->phase1_peaplabel);
g_value_set_string (value, priv->phase1_peaplabel);
break;
case PROP_PHASE1_FAST_PROVISIONING:
g_value_set_string (value, setting->phase1_fast_provisioning);
g_value_set_string (value, priv->phase1_fast_provisioning);
break;
case PROP_PHASE2_AUTH:
g_value_set_string (value, setting->phase2_auth);
g_value_set_string (value, priv->phase2_auth);
break;
case PROP_PHASE2_AUTHEAP:
g_value_set_string (value, setting->phase2_autheap);
g_value_set_string (value, priv->phase2_autheap);
break;
case PROP_PHASE2_CA_CERT:
g_value_set_boxed (value, setting->phase2_ca_cert);
g_value_set_boxed (value, priv->phase2_ca_cert);
break;
case PROP_PHASE2_CA_PATH:
g_value_set_string (value, setting->phase2_ca_path);
g_value_set_string (value, priv->phase2_ca_path);
break;
case PROP_PHASE2_CLIENT_CERT:
g_value_set_boxed (value, setting->phase2_client_cert);
g_value_set_boxed (value, priv->phase2_client_cert);
break;
case PROP_PASSWORD:
g_value_set_string (value, setting->password);
g_value_set_string (value, priv->password);
break;
case PROP_PRIVATE_KEY:
g_value_set_boxed (value, setting->private_key);
g_value_set_boxed (value, priv->private_key);
break;
case PROP_PHASE2_PRIVATE_KEY:
g_value_set_boxed (value, setting->phase2_private_key);
g_value_set_boxed (value, priv->phase2_private_key);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
@ -756,6 +1026,8 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
NMSettingClass *parent_class = NM_SETTING_CLASS (setting_class);
GError *error = NULL;
g_type_class_add_private (setting_class, sizeof (NMSetting8021xPrivate));
/* virtual methods */
object_class->set_property = set_property;
object_class->get_property = get_property;

94
libnm-util/nm-setting-8021x.h
View file

@ -75,26 +75,6 @@ GQuark nm_setting_802_1x_error_quark (void);
typedef struct {
NMSetting parent;
GSList *eap; /* GSList of strings */
char *identity;
char *anonymous_identity;
GByteArray *ca_cert;
char *ca_path;
GByteArray *client_cert;
char *phase1_peapver;
char *phase1_peaplabel;
char *phase1_fast_provisioning;
char *phase2_auth;
char *phase2_autheap;
GByteArray *phase2_ca_cert;
char *phase2_ca_path;
GByteArray *phase2_client_cert;
char *password;
char *pin;
char *psk;
GByteArray *private_key;
GByteArray *phase2_private_key;
} NMSetting8021x;
typedef struct {
@ -105,31 +85,65 @@ GType nm_setting_802_1x_get_type (void);
NMSetting *nm_setting_802_1x_new (void);
gboolean nm_setting_802_1x_set_ca_cert (NMSetting8021x *self,
const char *filename,
GError **err);
guint32 nm_setting_802_1x_get_num_eap_methods (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_eap_method (NMSetting8021x *setting, guint32 i);
gboolean nm_setting_802_1x_add_eap_method (NMSetting8021x *setting, const char *eap);
void nm_setting_802_1x_remove_eap_method (NMSetting8021x *setting, guint32 i);
void nm_setting_802_1x_clear_eap_methods (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_client_cert (NMSetting8021x *self,
const char *filename,
GError **err);
const char * nm_setting_802_1x_get_identity (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_phase2_ca_cert (NMSetting8021x *self,
const char *filename,
GError **err);
const char * nm_setting_802_1x_get_anonymous_identity (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_phase2_client_cert (NMSetting8021x *self,
const char *filename,
GError **err);
const GByteArray *nm_setting_802_1x_get_ca_cert (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_ca_path (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_ca_cert_from_file (NMSetting8021x *setting,
const char *filename,
GError **err);
gboolean nm_setting_802_1x_set_private_key (NMSetting8021x *self,
const char *filename,
const char *password,
GError **err);
const GByteArray *nm_setting_802_1x_get_client_cert (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_client_cert_from_file (NMSetting8021x *setting,
const char *filename,
GError **err);
gboolean nm_setting_802_1x_set_phase2_private_key (NMSetting8021x *self,
const char *filename,
const char *password,
GError **err);
const char * nm_setting_802_1x_get_phase1_peapver (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase1_peaplabel (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase1_fast_provisioning (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase2_auth (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase2_autheap (NMSetting8021x *setting);
const GByteArray *nm_setting_802_1x_get_phase2_ca_cert (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase2_ca_path (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_phase2_ca_cert_from_file (NMSetting8021x *setting,
const char *filename,
GError **err);
const GByteArray *nm_setting_802_1x_get_phase2_client_cert (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_phase2_client_cert_from_file (NMSetting8021x *setting,
const char *filename,
GError **err);
const char * nm_setting_802_1x_get_password (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_pin (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_psk (NMSetting8021x *setting);
const GByteArray *nm_setting_802_1x_get_private_key (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_private_key_from_file (NMSetting8021x *setting,
const char *filename,
const char *password,
GError **err);
const GByteArray *nm_setting_802_1x_get_phase2_private_key (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_phase2_private_key_from_file (NMSetting8021x *setting,
const char *filename,
const char *password,
GError **err);
G_END_DECLS

89
src/supplicant-manager/nm-supplicant-config.c
View file

@ -426,12 +426,12 @@ nm_supplicant_config_add_setting_wireless (NMSupplicantConfig * self,
} \
}
#define ADD_STRING_LIST_VAL(setting, field, field_plural, name, ucase, secret) \
if (nm_setting_wireless_security_get_num_##field_plural (setting)) { \
#define ADD_STRING_LIST_VAL(setting, setting_name, field, field_plural, name, ucase, secret) \
if (nm_setting_##setting_name##_get_num_##field_plural (setting)) { \
guint32 k; \
GString *str = g_string_new (NULL); \
for (k = 0; k < nm_setting_wireless_security_get_num_##field_plural (setting); k++) { \
const char *item = nm_setting_wireless_security_get_##field (setting, k); \
for (k = 0; k < nm_setting_##setting_name##_get_num_##field_plural (setting); k++) { \
const char *item = nm_setting_##setting_name##_get_##field (setting, k); \
if (!str->len) { \
g_string_append (str, item); \
} else { \
@ -504,9 +504,9 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
if ( !strcmp (key_mgmt, "wpa-none")
|| !strcmp (key_mgmt, "wpa-psk")
|| !strcmp (key_mgmt, "wpa-eap")) {
ADD_STRING_LIST_VAL (setting, proto, protos, "proto", TRUE, FALSE);
ADD_STRING_LIST_VAL (setting, pairwise, pairwise, "pairwise", TRUE, FALSE);
ADD_STRING_LIST_VAL (setting, group, groups, "group", TRUE, FALSE);
ADD_STRING_LIST_VAL (setting, wireless_security, proto, protos, "proto", TRUE, FALSE);
ADD_STRING_LIST_VAL (setting, wireless_security, pairwise, pairwise, "pairwise", TRUE, FALSE);
ADD_STRING_LIST_VAL (setting, wireless_security, group, groups, "group", TRUE, FALSE);
}
/* WEP keys if required */
@ -572,8 +572,8 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self);
ADD_STRING_VAL (setting->password, "password", FALSE, FALSE, TRUE);
ADD_STRING_VAL (setting->pin, "pin", FALSE, FALSE, TRUE);
ADD_STRING_VAL (nm_setting_802_1x_get_password (setting), "password", FALSE, FALSE, TRUE);
ADD_STRING_VAL (nm_setting_802_1x_get_pin (setting), "pin", FALSE, FALSE, TRUE);
if (wired) {
ADD_STRING_VAL ("IEEE8021X", "key_mgmt", TRUE, FALSE, FALSE);
@ -581,51 +581,20 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
ADD_STRING_VAL ("0", "eapol_flags", FALSE, FALSE, FALSE);
}
/* Private key passwords are never passed to wpa_supplicant because the
* user agent is responsible for decoding and decrypting the private key,
* and file paths are never passed to wpa_supplicant to ensure that
* the supplicant can be locked down and doesn't try to read stuff from
* all over the drive.
*/
/* FIXME: go back to using ADD_STRING_LIST_VAL when 802.1x setting is
* converted to accessors */
if (setting->eap) {
GSList *elt;
GString *str = g_string_new (NULL);
for (elt = setting->eap; elt; elt = g_slist_next (elt)) {
if (!str->len) {
g_string_append (str, elt->data);
} else {
g_string_append_c (str, ' ');
g_string_append (str, elt->data);
}
}
g_string_ascii_up (str);
if (str->len)
success = nm_supplicant_config_add_option (self, "eap", str->str, -1, FALSE);
else
success = TRUE;
g_string_free (str, TRUE);
if (!success) {
nm_warning ("Error adding %s to supplicant config.", "eap");
return FALSE;
}
}
ADD_STRING_LIST_VAL (setting, 802_1x, eap_method, eap_methods, "eap", TRUE, FALSE);
/* Drop the fragment size a bit for better compatibility */
if (!nm_supplicant_config_add_option (self, "fragment_size", "1300", -1, FALSE))
return FALSE;
phase1 = g_string_new (NULL);
if (setting->phase1_peapver)
g_string_append_printf (phase1, "peapver=%s", setting->phase1_peapver);
if (nm_setting_802_1x_get_phase1_peapver (setting))
g_string_append_printf (phase1, "peapver=%s", nm_setting_802_1x_get_phase1_peapver (setting));
if (setting->phase1_peaplabel) {
if (nm_setting_802_1x_get_phase1_peaplabel (setting)) {
if (phase1->len)
g_string_append_c (phase1, ' ');
g_string_append_printf (phase1, "peaplabel=%s", setting->phase1_peaplabel);
g_string_append_printf (phase1, "peaplabel=%s", nm_setting_802_1x_get_phase1_peaplabel (setting));
}
if (phase1->len)
@ -633,16 +602,16 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
g_string_free (phase1, TRUE);
phase2 = g_string_new (NULL);
if (setting->phase2_auth) {
tmp = g_ascii_strup (setting->phase2_auth, -1);
if (nm_setting_802_1x_get_phase2_auth (setting)) {
tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_auth (setting), -1);
g_string_append_printf (phase2, "auth=%s", tmp);
g_free (tmp);
}
if (setting->phase2_autheap) {
if (nm_setting_802_1x_get_phase2_autheap (setting)) {
if (phase2->len)
g_string_append_c (phase2, ' ');
tmp = g_ascii_strup (setting->phase2_autheap, -1);
tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_autheap (setting), -1);
g_string_append_printf (phase2, "autheap=%s", tmp);
g_free (tmp);
}
@ -651,15 +620,21 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
ADD_STRING_VAL (phase2->str, "phase2", FALSE, FALSE, FALSE);
g_string_free (phase2, TRUE);
ADD_BLOB_VAL (setting->ca_cert, "ca_cert", connection_uid);
ADD_BLOB_VAL (setting->client_cert, "client_cert", connection_uid);
ADD_BLOB_VAL (setting->private_key, "private_key", connection_uid);
ADD_BLOB_VAL (setting->phase2_ca_cert, "ca_cert2", connection_uid);
ADD_BLOB_VAL (setting->phase2_client_cert, "client_cert2", connection_uid);
ADD_BLOB_VAL (setting->phase2_private_key, "private_key2", connection_uid);
/* Private key passwords are never passed to wpa_supplicant because the
* user agent is responsible for decoding and decrypting the private key,
* and file paths are never passed to wpa_supplicant to ensure that
* the supplicant can be locked down and doesn't try to read stuff from
* all over the drive.
*/
ADD_BLOB_VAL (nm_setting_802_1x_get_ca_cert (setting), "ca_cert", connection_uid);
ADD_BLOB_VAL (nm_setting_802_1x_get_client_cert (setting), "client_cert", connection_uid);
ADD_BLOB_VAL (nm_setting_802_1x_get_private_key (setting), "private_key", connection_uid);
ADD_BLOB_VAL (nm_setting_802_1x_get_phase2_ca_cert (setting), "ca_cert2", connection_uid);
ADD_BLOB_VAL (nm_setting_802_1x_get_phase2_client_cert (setting), "client_cert2", connection_uid);
ADD_BLOB_VAL (nm_setting_802_1x_get_phase2_private_key (setting), "private_key2", connection_uid);
ADD_STRING_VAL (setting->identity, "identity", FALSE, FALSE, FALSE);
ADD_STRING_VAL (setting->anonymous_identity, "anonymous_identity", FALSE, FALSE, FALSE);
ADD_STRING_VAL (nm_setting_802_1x_get_identity (setting), "identity", FALSE, FALSE, FALSE);
ADD_STRING_VAL (nm_setting_802_1x_get_anonymous_identity (setting), "anonymous_identity", FALSE, FALSE, FALSE);
return TRUE;
}

32
system-settings/plugins/ifcfg-suse/parser.c
View file

@ -440,21 +440,35 @@ read_wpa_eap_settings (shvarFile *ifcfg)
pieces = g_strsplit (str, " ", 0);
for (i = 0; pieces[i]; i++)
s_802_1x->eap = g_slist_append (s_802_1x->eap, pieces[i]);
nm_setting_802_1x_add_eap_method (s_802_1x, pieces[i]);
g_free (pieces);
g_free (str);
}
s_802_1x->anonymous_identity = svGetValue (ifcfg, "WIRELESS_WPA_ANONID");
s_802_1x->phase1_peapver = svGetValue (ifcfg, "WIRELESS_PEAP_VERSION");
s_802_1x->phase2_auth = svGetValue (ifcfg, "WIRELESS_EAP_AUTH");
s_802_1x->identity = svGetValue (ifcfg, "WIRELESS_WPA_IDENTITY");
s_802_1x->password = svGetValue (ifcfg, "WIRELESS_WPA_PASSWORD");
str = svGetValue (ifcfg, "WIRELESS_WPA_ANONID");
g_object_set (s_802_1x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, str, NULL);
g_free (str);
str = svGetValue (ifcfg, "WIRELESS_PEAP_VERSION");
g_object_set (s_802_1x, NM_SETTING_802_1X_PHASE1_PEAPVER, str, NULL);
g_free (str);
str = svGetValue (ifcfg, "WIRELESS_EAP_AUTH");
g_object_set (s_802_1x, NM_SETTING_802_1X_PHASE2_AUTH, str, NULL);
g_free (str);
str = svGetValue (ifcfg, "WIRELESS_WPA_IDENTITY");
g_object_set (s_802_1x, NM_SETTING_802_1X_IDENTITY, str, NULL);
g_free (str);
str = svGetValue (ifcfg, "WIRELESS_WPA_PASSWORD");
g_object_set (s_802_1x, NM_SETTING_802_1X_PASSWORD, str, NULL);
g_free (str);
str = svGetValue (ifcfg, "WIRELESS_CA_CERT");
if (str) {
nm_setting_802_1x_set_ca_cert (s_802_1x, str, &err);
nm_setting_802_1x_set_ca_cert_from_file (s_802_1x, str, &err);
if (err) {
g_warning ("Error loading WIRELESS_CA_CERT: %s", err->message);
g_error_free (err);
@ -465,7 +479,7 @@ read_wpa_eap_settings (shvarFile *ifcfg)
str = svGetValue (ifcfg, "WIRELESS_CLIENT_CERT");
if (str) {
nm_setting_802_1x_set_client_cert (s_802_1x, str, &err);
nm_setting_802_1x_set_client_cert_from_file (s_802_1x, str, &err);
if (err) {
g_warning ("Error loading WIRELESS_CLIENT_CERT: %s", err->message);
g_error_free (err);
@ -480,7 +494,7 @@ read_wpa_eap_settings (shvarFile *ifcfg)
password = svGetValue (ifcfg, "WIRELESS_CLIENT_KEY_PASSWORD");
if (password) {
nm_setting_802_1x_set_private_key (s_802_1x, str, password, &err);
nm_setting_802_1x_set_private_key_from_file (s_802_1x, str, password, &err);
if (err) {
g_warning ("Error loading WIRELESS_CLIENT_KEY: %s", err->message);
g_error_free (err);