libnm-util: add methods for AP-mode security filtering

Add a helper like nm_utils_security_valid() except for access point
mode.  We can't use nm_utils_security_valid() without changing the
arguments, hence the new function.  Plus in AP mode all you care about
are the device capabilities, not AP flags since the device *is*
the AP.

libnm-util/libnm-util.ver

@@ -495,6 +495,7 @@ global:
 	nm_setting_wireless_security_remove_pairwise;
 	nm_setting_wireless_security_remove_proto;
 	nm_setting_wireless_security_set_wep_key;
+	nm_utils_ap_mode_security_valid;
 	nm_utils_deinit;
 	nm_utils_escape_ssid;
 	nm_utils_file_is_pkcs12;

libnm-util/nm-utils.c

@@ -1202,6 +1202,42 @@ device_supports_ap_ciphers (guint32 dev_caps,
 	return (have_pair && have_group);
 }
 
+/**
+ * nm_utils_ap_mode_security_valid:
+ * @type: the security type to check AP flags and device capabilties against,
+ * e.g. #NMU_SEC_STATIC_WEP
+ * @wifi_caps: bitfield of the capabilities of the specific WiFi device, e.g.
+ * #NM_WIFI_DEVICE_CAP_CIPHER_WEP40
+ *
+ * Given a set of device capabilities, and a desired security type to check
+ * against, determines whether the combination of device capabilities and
+ * desired security type are valid for AP/Hotspot connections.
+ *
+ * Returns: TRUE if the device capabilities are compatible with the desired
+ * @type, FALSE if they are not.
+ **/
+gboolean
+nm_utils_ap_mode_security_valid (NMUtilsSecurityType type,
+                                 NMDeviceWifiCapabilities wifi_caps)
+{
+	if (!(wifi_caps & NM_WIFI_DEVICE_CAP_AP))
+		return FALSE;
+
+	/* Return TRUE for any security that wpa_supplicant's lightweight AP
+	 * mode can handle: which is open, WEP, and WPA/WPA2 PSK.
+	 */
+	switch (type) {
+	case NMU_SEC_NONE:
+	case NMU_SEC_STATIC_WEP:
+	case NMU_SEC_WPA_PSK:
+	case NMU_SEC_WPA2_PSK:
+		return TRUE;
+	default:
+		break;
+	}
+	return FALSE;
+}
+
 /**
  * nm_utils_security_valid:
  * @type: the security type to check AP flags and device capabilties against,
@@ -1220,6 +1256,9 @@ device_supports_ap_ciphers (guint32 dev_caps,
  * against, determines whether the combination of device, desired security
  * type, and AP capabilities intersect.
  *
+ * NOTE: this function cannot handle checking security for AP/Hotspot mode;
+ * use nm_utils_wifi_ap_mode_security_valid() instead.
+ *
  * Returns: TRUE if the device capabilities and AP capabilties intersect and are
  * compatible with the desired @type, FALSE if they are not
  **/

libnm-util/nm-utils.h

@@ -87,6 +87,9 @@ gboolean nm_utils_security_valid (NMUtilsSecurityType type,
                                   NM80211ApSecurityFlags ap_wpa,
                                   NM80211ApSecurityFlags ap_rsn);
 
+gboolean nm_utils_ap_mode_security_valid (NMUtilsSecurityType type,
+                                          NMDeviceWifiCapabilities wifi_caps);
+
 GSList *nm_utils_ip4_addresses_from_gvalue (const GValue *value);
 void nm_utils_ip4_addresses_to_gvalue (GSList *list, GValue *value);