mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-15 12:34:55 +00:00
keyfile: add support for pkcs11: URI scheme
This commit is contained in:
parent
690e33bdf2
commit
faed200b2b
|
@ -29,8 +29,9 @@
|
|||
|
||||
/*****************************************************************************/
|
||||
|
||||
#define NM_KEYFILE_CERT_SCHEME_PREFIX_BLOB "data:;base64,"
|
||||
#define NM_KEYFILE_CERT_SCHEME_PREFIX_PATH "file://"
|
||||
#define NM_KEYFILE_CERT_SCHEME_PREFIX_PKCS11 "pkcs11:"
|
||||
#define NM_KEYFILE_CERT_SCHEME_PREFIX_BLOB "data:;base64,"
|
||||
|
||||
char *nm_keyfile_detect_unqualified_path_scheme (const char *base_dir,
|
||||
gconstpointer pdata,
|
||||
|
@ -147,6 +148,7 @@ typedef struct {
|
|||
NMSetting8021xCKFormat (*format_func) (NMSetting8021x *setting);
|
||||
const char * (*path_func) (NMSetting8021x *setting);
|
||||
GBytes * (*blob_func) (NMSetting8021x *setting);
|
||||
const char * (*uri_func) (NMSetting8021x *setting);
|
||||
} NMKeyfileWriteTypeDataCert;
|
||||
|
||||
|
||||
|
|
|
@ -961,6 +961,16 @@ handle_as_scheme (KeyfileReaderInfo *info, GBytes *bytes, NMSetting *setting, co
|
|||
}
|
||||
return TRUE;
|
||||
}
|
||||
if ( data_len >= NM_STRLEN (NM_KEYFILE_CERT_SCHEME_PREFIX_PKCS11)
|
||||
&& g_str_has_prefix (data, NM_KEYFILE_CERT_SCHEME_PREFIX_PKCS11)) {
|
||||
if (nm_setting_802_1x_check_cert_scheme (data, data_len + 1, NULL) == NM_SETTING_802_1X_CK_SCHEME_PKCS11) {
|
||||
g_object_set (setting, key, bytes, NULL);
|
||||
} else {
|
||||
handle_warn (info, key, NM_KEYFILE_WARN_SEVERITY_WARN,
|
||||
_("invalid PKCS#11 URI \"%s\""), data);
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
if ( data_len > NM_STRLEN (NM_KEYFILE_CERT_SCHEME_PREFIX_BLOB)
|
||||
&& g_str_has_prefix (data, NM_KEYFILE_CERT_SCHEME_PREFIX_BLOB)) {
|
||||
const char *cdata = data + NM_STRLEN (NM_KEYFILE_CERT_SCHEME_PREFIX_BLOB);
|
||||
|
|
|
@ -380,6 +380,7 @@ typedef struct ObjectType {
|
|||
NMSetting8021xCKFormat (*format_func) (NMSetting8021x *setting);
|
||||
const char * (*path_func) (NMSetting8021x *setting);
|
||||
GBytes * (*blob_func) (NMSetting8021x *setting);
|
||||
const char * (*uri_func) (NMSetting8021x *setting);
|
||||
} ObjectType;
|
||||
|
||||
static const ObjectType objtypes[10] = {
|
||||
|
@ -388,42 +389,48 @@ static const ObjectType objtypes[10] = {
|
|||
nm_setting_802_1x_get_ca_cert_scheme,
|
||||
NULL,
|
||||
nm_setting_802_1x_get_ca_cert_path,
|
||||
nm_setting_802_1x_get_ca_cert_blob },
|
||||
nm_setting_802_1x_get_ca_cert_blob,
|
||||
nm_setting_802_1x_get_ca_cert_uri },
|
||||
|
||||
{ NM_SETTING_802_1X_PHASE2_CA_CERT,
|
||||
"inner-ca-cert",
|
||||
nm_setting_802_1x_get_phase2_ca_cert_scheme,
|
||||
NULL,
|
||||
nm_setting_802_1x_get_phase2_ca_cert_path,
|
||||
nm_setting_802_1x_get_phase2_ca_cert_blob },
|
||||
nm_setting_802_1x_get_phase2_ca_cert_blob,
|
||||
nm_setting_802_1x_get_phase2_ca_cert_uri },
|
||||
|
||||
{ NM_SETTING_802_1X_CLIENT_CERT,
|
||||
"client-cert",
|
||||
nm_setting_802_1x_get_client_cert_scheme,
|
||||
NULL,
|
||||
nm_setting_802_1x_get_client_cert_path,
|
||||
nm_setting_802_1x_get_client_cert_blob },
|
||||
nm_setting_802_1x_get_client_cert_blob,
|
||||
nm_setting_802_1x_get_client_cert_uri },
|
||||
|
||||
{ NM_SETTING_802_1X_PHASE2_CLIENT_CERT,
|
||||
"inner-client-cert",
|
||||
nm_setting_802_1x_get_phase2_client_cert_scheme,
|
||||
NULL,
|
||||
nm_setting_802_1x_get_phase2_client_cert_path,
|
||||
nm_setting_802_1x_get_phase2_client_cert_blob },
|
||||
nm_setting_802_1x_get_phase2_client_cert_blob,
|
||||
nm_setting_802_1x_get_phase2_client_cert_uri },
|
||||
|
||||
{ NM_SETTING_802_1X_PRIVATE_KEY,
|
||||
"private-key",
|
||||
nm_setting_802_1x_get_private_key_scheme,
|
||||
nm_setting_802_1x_get_private_key_format,
|
||||
nm_setting_802_1x_get_private_key_path,
|
||||
nm_setting_802_1x_get_private_key_blob },
|
||||
nm_setting_802_1x_get_private_key_blob,
|
||||
nm_setting_802_1x_get_private_key_uri },
|
||||
|
||||
{ NM_SETTING_802_1X_PHASE2_PRIVATE_KEY,
|
||||
"inner-private-key",
|
||||
nm_setting_802_1x_get_phase2_private_key_scheme,
|
||||
nm_setting_802_1x_get_phase2_private_key_format,
|
||||
nm_setting_802_1x_get_phase2_private_key_path,
|
||||
nm_setting_802_1x_get_phase2_private_key_blob },
|
||||
nm_setting_802_1x_get_phase2_private_key_blob,
|
||||
nm_setting_802_1x_get_phase2_private_key_uri },
|
||||
|
||||
{ NULL },
|
||||
};
|
||||
|
@ -487,6 +494,9 @@ cert_writer_default (NMConnection *connection,
|
|||
nm_keyfile_plugin_kf_set_string (file, setting_name, cert_data->property_name, val);
|
||||
g_free (val);
|
||||
g_free (blob_base64);
|
||||
} else if (scheme == NM_SETTING_802_1X_CK_SCHEME_PKCS11) {
|
||||
nm_keyfile_plugin_kf_set_string (file, setting_name, cert_data->property_name,
|
||||
cert_data->uri_func (cert_data->setting));
|
||||
} else {
|
||||
/* scheme_func() returns UNKNOWN in all other cases. The only valid case
|
||||
* where a scheme is allowed to be UNKNOWN, is unsetting the value. In this
|
||||
|
@ -524,6 +534,7 @@ cert_writer (KeyfileWriterInfo *info,
|
|||
type_data.format_func = objtype->format_func;
|
||||
type_data.path_func = objtype->path_func;
|
||||
type_data.blob_func = objtype->blob_func;
|
||||
type_data.uri_func = objtype->uri_func;
|
||||
|
||||
if (info->handler) {
|
||||
if (info->handler (info->connection,
|
||||
|
|
|
@ -94,6 +94,9 @@ cert_writer (NMConnection *connection,
|
|||
accepted_path = tmp = g_strconcat (NM_KEYFILE_CERT_SCHEME_PREFIX_PATH, path, NULL);
|
||||
nm_keyfile_plugin_kf_set_string (file, setting_name, cert_data->property_name, accepted_path);
|
||||
g_free (tmp);
|
||||
} else if (scheme == NM_SETTING_802_1X_CK_SCHEME_PKCS11) {
|
||||
nm_keyfile_plugin_kf_set_string (file, setting_name, cert_data->property_name,
|
||||
cert_data->uri_func (cert_data->setting));
|
||||
} else if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB) {
|
||||
GBytes *blob;
|
||||
const guint8 *blob_data;
|
||||
|
|
Loading…
Reference in a new issue