system/NetworkManager
system/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager synced 2024-09-06 17:14:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

cli: macsec support

Browse source
This commit is contained in:
Beniamino Galvani 2016-07-01 11:56:33 +02:00
parent 808b1a0f61
commit d197c0626a
4 changed files with 263 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
clients/cli/connections.c
View file

@ -169,9 +169,10 @@ NmcOutputField nmc_fields_settings_names[] = {
SETTING_FIELD (NM_SETTING_DCB_SETTING_NAME, nmc_fields_setting_dcb + 1), /* 24 */
SETTING_FIELD (NM_SETTING_TUN_SETTING_NAME, nmc_fields_setting_tun + 1), /* 25 */
SETTING_FIELD (NM_SETTING_IP_TUNNEL_SETTING_NAME, nmc_fields_setting_ip_tunnel + 1), /* 26 */
SETTING_FIELD (NM_SETTING_MACVLAN_SETTING_NAME, nmc_fields_setting_macvlan + 1), /* 27 */
SETTING_FIELD (NM_SETTING_VXLAN_SETTING_NAME, nmc_fields_setting_vxlan + 1), /* 28 */
SETTING_FIELD (NM_SETTING_PROXY_SETTING_NAME, nmc_fields_setting_proxy + 1), /* 29 */
SETTING_FIELD (NM_SETTING_MACSEC_SETTING_NAME, nmc_fields_setting_macsec + 1), /* 27 */
SETTING_FIELD (NM_SETTING_MACVLAN_SETTING_NAME, nmc_fields_setting_macvlan + 1), /* 28 */
SETTING_FIELD (NM_SETTING_VXLAN_SETTING_NAME, nmc_fields_setting_vxlan + 1), /* 29 */
SETTING_FIELD (NM_SETTING_PROXY_SETTING_NAME, nmc_fields_setting_proxy + 1), /* 30 */
{NULL, NULL, 0, NULL, NULL, FALSE, FALSE, 0}
};
#define NMC_FIELDS_SETTINGS_NAMES_ALL_X NM_SETTING_CONNECTION_SETTING_NAME","\
@ -200,6 +201,7 @@ NmcOutputField nmc_fields_settings_names[] = {
NM_SETTING_DCB_SETTING_NAME"," \
NM_SETTING_TUN_SETTING_NAME"," \
NM_SETTING_IP_TUNNEL_SETTING_NAME"," \
NM_SETTING_MACSEC_SETTING_NAME"," \
NM_SETTING_MACVLAN_SETTING_NAME"," \
NM_SETTING_VXLAN_SETTING_NAME"," \
NM_SETTING_PROXY_SETTING_NAME
@ -450,6 +452,11 @@ usage_connection_add (void)
" remote <remote endpoint IP>\n"
" [local <local endpoint IP>]\n"
" [dev <parent device (ifname or connection UUID)>]\n\n"
" macsec: dev <parent device (connection UUID, ifname, or MAC)>\n"
" mode <psk|eap>\n"
" [cak <key> ckn <key>]\n"
" [encrypt yes|no]\n"
" [port 1-65534]\n\n\n"
" macvlan: dev <parent device (connection UUID, ifname, or MAC)>\n"
" mode vepa|bridge|private|passthru|source\n"
" [tap yes|no]\n\n"
@ -3028,6 +3035,14 @@ static const NameItem nmc_ip_tunnel_settings [] = {
{ NULL, NULL, NULL, FALSE }
};
static const NameItem nmc_macsec_settings [] = {
{ NM_SETTING_CONNECTION_SETTING_NAME, NULL, NULL, TRUE },
{ NM_SETTING_WIRED_SETTING_NAME, "ethernet", NULL, FALSE },
{ NM_SETTING_802_1X_SETTING_NAME, NULL, NULL, FALSE },
{ NM_SETTING_MACSEC_SETTING_NAME, NULL, NULL, TRUE },
{ NULL, NULL, NULL, FALSE }
};
static const NameItem nmc_macvlan_settings [] = {
{ NM_SETTING_CONNECTION_SETTING_NAME, NULL, NULL, TRUE },
{ NM_SETTING_WIRED_SETTING_NAME, "ethernet", NULL, FALSE },
@ -3066,6 +3081,7 @@ static const NameItem nmc_valid_connection_types[] = {
{ "no-slave", NULL, nmc_no_slave_settings },
{ NM_SETTING_TUN_SETTING_NAME, NULL, nmc_tun_settings },
{ NM_SETTING_IP_TUNNEL_SETTING_NAME, NULL, nmc_ip_tunnel_settings },
{ NM_SETTING_MACSEC_SETTING_NAME, NULL, nmc_macsec_settings },
{ NM_SETTING_MACVLAN_SETTING_NAME, NULL, nmc_macvlan_settings },
{ NM_SETTING_VXLAN_SETTING_NAME, NULL, nmc_vxlan_settings },
{ NULL, NULL, NULL }
@ -3877,6 +3893,17 @@ gen_func_ip_tunnel_mode (const char *text, int state)
return nmc_rl_gen_func_basic (text, state, words);
}
static char *
gen_func_macsec_mode (const char *text, int state)
{
gs_free const char **words = NULL;
words = nm_utils_enum_get_values (nm_setting_macsec_mode_get_type (),
G_MININT,
G_MAXINT);
return nmc_rl_gen_func_basic (text, state, words);
}
static char *
gen_func_macvlan_mode (const char *text, int state)
{
@ -4292,6 +4319,13 @@ static OptionInfo option_info[] = {
{ NM_SETTING_ADSL_SETTING_NAME, NM_SETTING_ADSL_PASSWORD, "password", OPTION_NONE, N_("Password [none]"), NULL, NULL, NULL },
{ NM_SETTING_ADSL_SETTING_NAME, NM_SETTING_ADSL_ENCAPSULATION, "encapsulation", OPTION_NONE, PROMPT_ADSL_ENCAP, PROMPT_ADSL_ENCAP_CHOICES,
NULL, gen_func_adsl_encap },
{ NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_PARENT, "dev", OPTION_REQD, N_("MACsec parent device or connection UUID"), NULL, NULL, NULL },
{ NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_MODE, "mode", OPTION_REQD, N_("Mode"), NULL, NULL, gen_func_macsec_mode },
{ NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_ENCRYPT, "encrypt", OPTION_NONE, N_("Enable encryption [yes]"), NULL, set_yes_no, gen_func_bool_values_l10n },
{ NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_MKA_CAK, "cak", OPTION_NONE, N_("MKA CAK"), NULL, NULL, NULL },
{ NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_MKA_CKN, "ckn", OPTION_NONE, N_("MKA_CKN"), NULL, NULL, NULL },
{ NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_PORT, "port", OPTION_NONE, N_("SCI port [1]"), NULL, NULL, NULL },
{ NM_SETTING_MACVLAN_SETTING_NAME, NM_SETTING_MACVLAN_PARENT, "dev", OPTION_REQD, N_("MACVLAN parent device or connection UUID"), NULL,
NULL, nmc_rl_gen_func_ifnames },
{ NM_SETTING_MACVLAN_SETTING_NAME, NM_SETTING_MACVLAN_MODE, "mode", OPTION_REQD, PROMPT_MACVLAN_MODE, NULL,
@ -4823,6 +4857,8 @@ setting_name_to_name (const char *name)
return _("OLPC Mesh connection");
if (strcmp (name, NM_SETTING_ADSL_SETTING_NAME) == 0)
return _("ADSL connection");
if (strcmp (name, NM_SETTING_MACSEC_SETTING_NAME) == 0)
return _("MACsec connection");
if (strcmp (name, NM_SETTING_MACVLAN_SETTING_NAME) == 0)
return _("macvlan connection");
if (strcmp (name, NM_SETTING_VXLAN_SETTING_NAME) == 0)

203
clients/cli/settings.c
View file

@ -743,6 +743,29 @@ NmcOutputField nmc_fields_setting_ip_tunnel[] = {
NM_SETTING_IP_TUNNEL_FLOW_LABEL","\
NM_SETTING_IP_TUNNEL_MTU
/* Available fields for NM_SETTING_MACSEC_SETTING_NAME */
NmcOutputField nmc_fields_setting_macsec[] = {
SETTING_FIELD ("name"), /* 0 */
SETTING_FIELD (NM_SETTING_MACSEC_PARENT), /* 1 */
SETTING_FIELD (NM_SETTING_MACSEC_MODE), /* 2 */
SETTING_FIELD (NM_SETTING_MACSEC_ENCRYPT), /* 3 */
SETTING_FIELD (NM_SETTING_MACSEC_MKA_CAK), /* 4 */
SETTING_FIELD (NM_SETTING_MACSEC_MKA_CAK_FLAGS), /* 5 */
SETTING_FIELD (NM_SETTING_MACSEC_MKA_CKN), /* 6 */
SETTING_FIELD (NM_SETTING_MACSEC_PORT), /* 7 */
SETTING_FIELD (NM_SETTING_MACSEC_VALIDATION), /* 8 */
{NULL, NULL, 0, NULL, FALSE, FALSE, 0}
};
#define NMC_FIELDS_SETTING_MACSEC_ALL "name"","\
NM_SETTING_MACSEC_PARENT","\
NM_SETTING_MACSEC_MODE","\
NM_SETTING_MACSEC_ENCRYPT","\
NM_SETTING_MACSEC_MKA_CAK","\
NM_SETTING_MACSEC_MKA_CAK_FLAGS","\
NM_SETTING_MACSEC_MKA_CKN","\
NM_SETTING_MACSEC_PORT","\
NM_SETTING_MACSEC_VALIDATION
/* Available fields for NM_SETTING_MACVLAN_SETTING_NAME */
NmcOutputField nmc_fields_setting_macvlan[] = {
SETTING_FIELD ("name"), /* 0 */
@ -2115,6 +2138,94 @@ nmc_property_wifi_sec_get_wep_key_type (NMSetting *setting, NmcPropertyGetType g
return wep_key_type_to_string (nm_setting_wireless_security_get_wep_key_type (s_wireless_sec));
}
/* --- NM_SETTING_MACSEC_SETTING_NAME property get functions --- */
DEFINE_GETTER (nmc_property_macsec_get_parent, NM_SETTING_MACSEC_PARENT)
DEFINE_GETTER (nmc_property_macsec_get_encrypt, NM_SETTING_MACSEC_ENCRYPT)
DEFINE_GETTER (nmc_property_macsec_get_mka_cak, NM_SETTING_MACSEC_MKA_CAK)
DEFINE_SECRET_FLAGS_GETTER (nmc_property_macsec_get_mka_cak_flags, NM_SETTING_MACSEC_MKA_CAK_FLAGS)
DEFINE_GETTER (nmc_property_macsec_get_mka_ckn, NM_SETTING_MACSEC_MKA_CKN)
DEFINE_GETTER (nmc_property_macsec_get_port, NM_SETTING_MACSEC_PORT)
/* 'mode' */
static char *
nmc_property_macsec_get_mode (NMSetting *setting, NmcPropertyGetType get_type)
{
NMSettingMacsec *s_macsec = NM_SETTING_MACSEC (setting);
NMSettingMacsecMode mode;
mode = nm_setting_macsec_get_mode (s_macsec);
return nm_utils_enum_to_str (nm_setting_macsec_mode_get_type (), mode);
}
static gboolean
nmc_property_macsec_set_mode (NMSetting *setting, const char *prop,
const char *val, GError **error)
{
NMSettingMacsecMode mode;
gs_free char *options = NULL;
if (!nm_utils_enum_from_str (nm_setting_macsec_mode_get_type (), val,
(int *) &mode, NULL)) {
options = g_strjoinv (",",
(char **) nm_utils_enum_get_values (nm_setting_macsec_mode_get_type (),
G_MININT,
G_MAXINT));
g_set_error (error, 1, 0, _("invalid option '%s', use one of [%s]"),
val, options);
return FALSE;
}
g_object_set (setting, prop, mode, NULL);
return TRUE;
}
/* 'mode' */
static char *
nmc_property_macsec_get_validation (NMSetting *setting, NmcPropertyGetType get_type)
{
NMSettingMacsec *s_macsec = NM_SETTING_MACSEC (setting);
NMSettingMacsecValidation validation;
validation = nm_setting_macsec_get_validation (s_macsec);
return nm_utils_enum_to_str (nm_setting_macsec_validation_get_type (), validation);
}
static gboolean
nmc_property_macsec_set_validation (NMSetting *setting, const char *prop,
const char *val, GError **error)
{
NMSettingMacsecMode validation;
gs_free char *options = NULL;
if (!nm_utils_enum_from_str (nm_setting_macsec_validation_get_type (), val,
(int *) &validation, NULL)) {
options = g_strjoinv (",",
(char **) nm_utils_enum_get_values (nm_setting_macsec_validation_get_type (),
G_MININT,
G_MAXINT));
g_set_error (error, 1, 0, _("invalid option '%s', use one of [%s]"),
val, options);
return FALSE;
}
g_object_set (setting, prop, validation, NULL);
return TRUE;
}
static const char **
nmc_property_macsec_allowed_validation (NMSetting *setting, const char *prop)
{
static const char **words = NULL;
if (!words)
words = nm_utils_enum_get_values (nm_setting_macsec_validation_get_type(),
G_MININT,
G_MAXINT);
return words;
}
/* --- NM_SETTING_MACVLAN_SETTING_NAME property get functions --- */
DEFINE_GETTER (nmc_property_macvlan_get_parent, NM_SETTING_MACVLAN_PARENT)
DEFINE_GETTER (nmc_property_macvlan_get_promiscuous, NM_SETTING_MACVLAN_PROMISCUOUS)
@ -7836,6 +7947,64 @@ nmc_properties_init (void)
NULL,
NULL);
/* Add editable properties for NM_SETTING_MACSEC_SETTING_NAME */
nmc_add_prop_funcs (GLUE (MACSEC, PARENT),
nmc_property_macsec_get_parent,
nmc_property_set_string,
NULL,
NULL,
NULL,
NULL);
nmc_add_prop_funcs (GLUE (MACSEC, MODE),
nmc_property_macsec_get_mode,
nmc_property_macsec_set_mode,
NULL,
NULL,
NULL,
NULL);
nmc_add_prop_funcs (GLUE (MACSEC, ENCRYPT),
nmc_property_macsec_get_encrypt,
nmc_property_set_bool,
NULL,
NULL,
NULL,
NULL);
nmc_add_prop_funcs (GLUE (MACSEC, MKA_CAK),
nmc_property_macsec_get_mka_cak,
nmc_property_set_string,
NULL,
NULL,
NULL,
NULL);
nmc_add_prop_funcs (GLUE (MACSEC, MKA_CAK_FLAGS),
nmc_property_macsec_get_mka_cak_flags,
nmc_property_set_secret_flags,
NULL,
NULL,
NULL,
NULL);
nmc_add_prop_funcs (GLUE (MACSEC, MKA_CKN),
nmc_property_macsec_get_mka_ckn,
nmc_property_set_string,
NULL,
NULL,
NULL,
NULL);
nmc_add_prop_funcs (GLUE (MACSEC, PORT),
nmc_property_macsec_get_port,
nmc_property_set_int,
NULL,
NULL,
NULL,
NULL);
nmc_add_prop_funcs (GLUE (MACSEC, VALIDATION),
nmc_property_macsec_get_validation,
nmc_property_macsec_set_validation,
NULL,
NULL,
nmc_property_macsec_allowed_validation,
NULL);
/* Add editable properties for NM_SETTING_MACVLAN_SETTING_NAME */
nmc_add_prop_funcs (GLUE (MACVLAN, PARENT),
nmc_property_macvlan_get_parent,
@ -9232,6 +9401,39 @@ setting_ip_tunnel_details (NMSetting *setting, NmCli *nmc, const char *one_prop
return TRUE;
}
static gboolean
setting_macsec_details (NMSetting *setting, NmCli *nmc, const char *one_prop, gboolean secrets)
{
NMSettingMacsec *s_macsec = NM_SETTING_MACSEC (setting);
NmcOutputField *tmpl, *arr;
size_t tmpl_len;
g_return_val_if_fail (NM_IS_SETTING_MACSEC (s_macsec), FALSE);
tmpl = nmc_fields_setting_macsec;
tmpl_len = sizeof (nmc_fields_setting_macsec);
nmc->print_fields.indices = parse_output_fields (one_prop ? one_prop : NMC_FIELDS_SETTING_MACSEC_ALL,
tmpl, FALSE, NULL, NULL);
arr = nmc_dup_fields_array (tmpl, tmpl_len, NMC_OF_FLAG_FIELD_NAMES);
g_ptr_array_add (nmc->output_data, arr);
arr = nmc_dup_fields_array (tmpl, tmpl_len, NMC_OF_FLAG_SECTION_PREFIX);
set_val_str (arr, 0, g_strdup (nm_setting_get_name (setting)));
set_val_str (arr, 1, nmc_property_macsec_get_parent (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 2, nmc_property_macsec_get_mode (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 3, nmc_property_macsec_get_encrypt (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 4, GET_SECRET (secrets, setting, nmc_property_macsec_get_mka_cak));
set_val_str (arr, 5, nmc_property_macsec_get_mka_cak_flags (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 6, nmc_property_macsec_get_mka_ckn (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 7, nmc_property_macsec_get_port (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 8, nmc_property_macsec_get_validation (setting, NMC_PROPERTY_GET_PRETTY));
g_ptr_array_add (nmc->output_data, arr);
print_data (nmc); /* Print all data */
return TRUE;
}
static gboolean
setting_macvlan_details (NMSetting *setting, NmCli *nmc, const char *one_prop, gboolean secrets)
{
@ -9364,6 +9566,7 @@ static const SettingDetails detail_printers[] = {
{ NM_SETTING_DCB_SETTING_NAME, setting_dcb_details },
{ NM_SETTING_TUN_SETTING_NAME, setting_tun_details },
{ NM_SETTING_IP_TUNNEL_SETTING_NAME, setting_ip_tunnel_details },
{ NM_SETTING_MACSEC_SETTING_NAME, setting_macsec_details },
{ NM_SETTING_MACVLAN_SETTING_NAME, setting_macvlan_details },
{ NM_SETTING_VXLAN_SETTING_NAME, setting_vxlan_details },
{ NM_SETTING_PROXY_SETTING_NAME, setting_proxy_details },

1
clients/cli/settings.h
View file

@ -92,6 +92,7 @@ extern NmcOutputField nmc_fields_setting_dcb[];
extern NmcOutputField nmc_fields_setting_tun[];
extern NmcOutputField nmc_fields_setting_ip_tunnel[];
extern NmcOutputField nmc_fields_setting_macvlan[];
extern NmcOutputField nmc_fields_setting_macsec[];
extern NmcOutputField nmc_fields_setting_vxlan[];
extern NmcOutputField nmc_fields_setting_proxy[];

21
clients/common/nm-secret-agent-simple.c
View file

@ -492,7 +492,7 @@ request_secrets_from_ui (NMSecretAgentSimpleRequest *request)
secret = nm_secret_agent_simple_secret_new (_("PIN"),
NM_SETTING (s_gsm),
NM_SETTING_GSM_PIN,
NULL,
NULL,
NULL,
FALSE);
g_ptr_array_add (secrets, secret);
@ -509,6 +509,25 @@ request_secrets_from_ui (NMSecretAgentSimpleRequest *request)
TRUE);
g_ptr_array_add (secrets, secret);
}
} else if (nm_connection_is_type (request->connection, NM_SETTING_MACSEC_SETTING_NAME)) {
NMSettingMacsec *s_macsec = nm_connection_get_setting_macsec (request->connection);
msg = g_strdup_printf (_("Secrets are required to access the MACsec network '%s'"),
nm_connection_get_id (request->connection));
if (nm_setting_macsec_get_mode (s_macsec) == NM_SETTING_MACSEC_MODE_PSK) {
title = _("MACsec PSK authentication");
secret = nm_secret_agent_simple_secret_new (_("MKA CAK"),
NM_SETTING (s_macsec),
NM_SETTING_MACSEC_MKA_CAK,
NULL,
NULL,
TRUE);
g_ptr_array_add (secrets, secret);
} else {
title = _("MACsec EAP authentication");
ok = add_8021x_secrets (request, secrets);
}
} else if (nm_connection_is_type (request->connection, NM_SETTING_CDMA_SETTING_NAME)) {
NMSettingCdma *s_cdma = nm_connection_get_setting_cdma (request->connection);