fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-20 23:20:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/libnm-util/nm-setting-8021x.h

293 lines
16 KiB
C
Raw Normal View History

2008-07-27 Dan Williams <dcbw@redhat.com> * libnm-util/* - Relicense to LGPLv2+ git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3859 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-07-27 20:03:46 +00:00
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
/*
* Dan Williams <dcbw@redhat.com>
* Tambet Ingo <tambet@gmail.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA.
*
libnm-util: add 'pac-file' property for 8021x setting (used in EAP-FAST)
2012-01-20 15:10:30 +01:00
* (C) Copyright 2007 - 2012 Red Hat, Inc.
2008-07-27 Dan Williams <dcbw@redhat.com> * libnm-util/* - Relicense to LGPLv2+ git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3859 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-07-27 20:03:46 +00:00
* (C) Copyright 2007 - 2008 Novell, Inc.
*/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
#ifndef NM_SETTING_8021X_H
#define NM_SETTING_8021X_H
#include <nm-setting.h>
G_BEGIN_DECLS
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
/**
* NMSetting8021xCKFormat:
* @NM_SETTING_802_1X_CK_FORMAT_UNKNOWN: unknown file format
* @NM_SETTING_802_1X_CK_FORMAT_X509: file contains an X.509 format certificate
* @NM_SETTING_802_1X_CK_FORMAT_RAW_KEY: file contains an old-style OpenSSL PEM
* or DER private key
* @NM_SETTING_802_1X_CK_FORMAT_PKCS12: file contains a PKCS#12 certificate
* and private key
*
* #NMSetting8021xCKFormat values indicate the general type of a certificate
* or private key
*/
Use glib-mkenums to generate enum types Rather than generating enum classes by hand (and complaining in each file that "this should really be standard"), use glib-mkenums. Unfortunately, we need a very new version of glib-mkenums in order to deal with NM's naming conventions and to fix a few other bugs, so just import that into the source tree temporarily. Also, to simplify the use of glib-mkenums, import Makefile.glib from https://bugzilla.gnome.org/654395. To avoid having to run glib-mkenums for every subdirectory of src/, add a new "generated" directory, and put the generated enums files there. Finally, use Makefile.glib for marshallers too, and generate separate ones for libnm-glib and NetworkManager.
2012-02-08 12:56:52 -05:00
typedef enum { /*< underscore_name=nm_setting_802_1x_ck_format >*/
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NM_SETTING_802_1X_CK_FORMAT_UNKNOWN = 0,
NM_SETTING_802_1X_CK_FORMAT_X509,
NM_SETTING_802_1X_CK_FORMAT_RAW_KEY,
NM_SETTING_802_1X_CK_FORMAT_PKCS12
} NMSetting8021xCKFormat;
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
/**
* NMSetting8021xCKScheme:
* @NM_SETTING_802_1X_CK_SCHEME_UNKNOWN: unknown certificate or private key
* scheme
* @NM_SETTING_802_1X_CK_SCHEME_BLOB: certificate or key is stored as the raw
* item data
* @NM_SETTING_802_1X_CK_SCHEME_PATH: certificate or key is stored as a path
* to a file containing the certificate or key data
*
* #NMSetting8021xCKScheme values indicate how a certificate or private key is
* stored in the setting properties, either as a blob of the item's data, or as
* a path to a certificate or private key file on the filesystem
*/
Use glib-mkenums to generate enum types Rather than generating enum classes by hand (and complaining in each file that "this should really be standard"), use glib-mkenums. Unfortunately, we need a very new version of glib-mkenums in order to deal with NM's naming conventions and to fix a few other bugs, so just import that into the source tree temporarily. Also, to simplify the use of glib-mkenums, import Makefile.glib from https://bugzilla.gnome.org/654395. To avoid having to run glib-mkenums for every subdirectory of src/, add a new "generated" directory, and put the generated enums files there. Finally, use Makefile.glib for marshallers too, and generate separate ones for libnm-glib and NetworkManager.
2012-02-08 12:56:52 -05:00
typedef enum { /*< underscore_name=nm_setting_802_1x_ck_scheme >*/
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NM_SETTING_802_1X_CK_SCHEME_UNKNOWN = 0,
NM_SETTING_802_1X_CK_SCHEME_BLOB,
NM_SETTING_802_1X_CK_SCHEME_PATH
} NMSetting8021xCKScheme;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
#define NM_TYPE_SETTING_802_1X (nm_setting_802_1x_get_type ())
#define NM_SETTING_802_1X(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_SETTING_802_1X, NMSetting8021x))
#define NM_SETTING_802_1X_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_SETTING_802_1X, NMSetting8021xClass))
#define NM_IS_SETTING_802_1X(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_SETTING_802_1X))
#define NM_IS_SETTING_802_1X_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((obj), NM_TYPE_SETTING_802_1X))
#define NM_SETTING_802_1X_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_SETTING_802_1X, NMSetting8021xClass))
2008-03-17 Dan Williams <dcbw@redhat.com> Split the 802.1x bits out of the wireless-security setting so they are generalized enough for wired 802.1x to use too. * introspection/nm-exported-connection.xml - GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead of just a hash of the secrets for one setting * libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless-security.h - Remove 802.1x-specific stuff - Added leap-username and leap-password properties for old-school LEAP * src/nm-device.c src/nm-device.h - (connection_secrets_updated_cb): take a list of updated settings names, not just one * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-config.h - (nm_supplicant_config_add_setting_wireless_security): remove 802.1x specific stuff; fix for updated LEAP bits; punt 802.1x stuff to nm_supplicant_config_add_setting_8021x() - (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to the supplicant config * src/nm-device-802-11-wireless.c - (build_supplicant_config): pass in the 802.1x setting too, if any - (real_connection_secrets_updated): take a list of updated settings names, not just one * src/nm-device-802-3-ethernet.c src/nm-cdma-device.c src/nm-gsm-device.c - (real_connection_secrets_updated_cb): take a list of updated settings names, not just one * src/nm-activation-request.c src/nm-activation-request.h - (nm_act_request_class_init): the 'connection-secrets-updated' signal now passes a list of updated settings names, not just one - (update_one_setting): new function; handle one updated setting - (get_secrets_cb): handle multiple settings returned from the settings service; have to be careful of ordering here as there are some dependencies between settings (ex. wireless-security and 802.1x in some cases) * src/marshallers/nm-marshal.list - new marshaller for connection-secrets-updated signal * libnm-util/nm-setting-8021x.c - Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth methods - (verify): a valid 'eap' property is now required * libnm-util/nm-connection.c - (register_default_settings): add priorities to settings; there are some dependencies between settings, and during the need_secrets calls this priority needs to be respected. For example, only the wireless-security setting knows whether or not the connection is going to use 802.1x or now, so it must be asked for secrets before any existing 802.1x setting is - (nm_connection_lookup_setting_type): expose * libnm-util/nm-setting-wireless.c - (verify): should verify even if all_settings is NULL; otherwise won't catch the case where there is missing security * libnm-util/nm-setting-wireless-security.c - Remove everything to do with 802.1x - Add old-school LEAP specific properties for username and password - (need_secrets): rework LEAP secrets checking - (verify): rework for LEAP and 802.1x verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-17 19:37:23 +00:00
#define NM_SETTING_802_1X_SETTING_NAME "802-1x"
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
libnm-util: update 802.1x setting documentation
2011-07-02 15:38:41 -05:00
/**
* NMSetting8021xError:
* @NM_SETTING_802_1X_ERROR_UNKNOWN: unknown or unclassified error
* @NM_SETTING_802_1X_ERROR_INVALID_PROPERTY: the property was invalid
* @NM_SETTING_802_1X_ERROR_MISSING_PROPERTY: the property was missing and is
* required
*/
Use glib-mkenums to generate enum types Rather than generating enum classes by hand (and complaining in each file that "this should really be standard"), use glib-mkenums. Unfortunately, we need a very new version of glib-mkenums in order to deal with NM's naming conventions and to fix a few other bugs, so just import that into the source tree temporarily. Also, to simplify the use of glib-mkenums, import Makefile.glib from https://bugzilla.gnome.org/654395. To avoid having to run glib-mkenums for every subdirectory of src/, add a new "generated" directory, and put the generated enums files there. Finally, use Makefile.glib for marshallers too, and generate separate ones for libnm-glib and NetworkManager.
2012-02-08 12:56:52 -05:00
typedef enum { /*< underscore_name=nm_setting_802_1x_error >*/
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
NM_SETTING_802_1X_ERROR_UNKNOWN = 0,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY
} NMSetting8021xError;
#define NM_SETTING_802_1X_ERROR nm_setting_802_1x_error_quark ()
GQuark nm_setting_802_1x_error_quark (void);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
#define NM_SETTING_802_1X_EAP "eap"
#define NM_SETTING_802_1X_IDENTITY "identity"
#define NM_SETTING_802_1X_ANONYMOUS_IDENTITY "anonymous-identity"
libnm-util: add 'pac-file' property for 8021x setting (used in EAP-FAST)
2012-01-20 15:10:30 +01:00
#define NM_SETTING_802_1X_PAC_FILE "pac-file"
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
#define NM_SETTING_802_1X_CA_CERT "ca-cert"
#define NM_SETTING_802_1X_CA_PATH "ca-path"
settings: add 802.1X setting properties for subject and altsubject matches Includes subject_match and phase2_subject_match (string) parameters, and altsubject_matches and phase2_altsubject_matches (list of string) parameters. subject_match is matched against a substring of the subject from the certificate presented by the remote authentication server. If this option is unset, no subject verification is performed. altsubject_matches are each tested against the alternate subject name (altSubjectName) of the certificate presented by the remote authentication server. If this option is unset, no verification of the altSubjectName is performed.
2011-07-29 12:38:23 -07:00
#define NM_SETTING_802_1X_SUBJECT_MATCH "subject-match"
#define NM_SETTING_802_1X_ALTSUBJECT_MATCHES "altsubject-matches"
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
#define NM_SETTING_802_1X_CLIENT_CERT "client-cert"
#define NM_SETTING_802_1X_PHASE1_PEAPVER "phase1-peapver"
#define NM_SETTING_802_1X_PHASE1_PEAPLABEL "phase1-peaplabel"
#define NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING "phase1-fast-provisioning"
#define NM_SETTING_802_1X_PHASE2_AUTH "phase2-auth"
#define NM_SETTING_802_1X_PHASE2_AUTHEAP "phase2-autheap"
#define NM_SETTING_802_1X_PHASE2_CA_CERT "phase2-ca-cert"
#define NM_SETTING_802_1X_PHASE2_CA_PATH "phase2-ca-path"
settings: add 802.1X setting properties for subject and altsubject matches Includes subject_match and phase2_subject_match (string) parameters, and altsubject_matches and phase2_altsubject_matches (list of string) parameters. subject_match is matched against a substring of the subject from the certificate presented by the remote authentication server. If this option is unset, no subject verification is performed. altsubject_matches are each tested against the alternate subject name (altSubjectName) of the certificate presented by the remote authentication server. If this option is unset, no verification of the altSubjectName is performed.
2011-07-29 12:38:23 -07:00
#define NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH "phase2-subject-match"
#define NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES "phase2-altsubject-matches"
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
#define NM_SETTING_802_1X_PHASE2_CLIENT_CERT "phase2-client-cert"
#define NM_SETTING_802_1X_PASSWORD "password"
libnm-util: add secret flags for each secret describing how the secret is stored This allows the necessary flexibility when handling secrets; otherwise it wouldn't be known when NM should save secrets returned from agents to backing storage, or when the agents should store the secrets. We can't simply use lack of a secret in persistent storage as the indicator of this, as (for example) when creating a new connection without secrets the storage method would be abmiguous. At the same time, fold in "always ask" functionality for OTP tokens so user agents don't have to store that attribute themselves out-of-band.
2011-01-29 13:34:24 -06:00
#define NM_SETTING_802_1X_PASSWORD_FLAGS "password-flags"
settings: Add new password-raw and password-raw-flags properties to 8021x. In cases where the actual password is non-ASCII, it may not be possible to deliver the 802.1x password as a D-Bus string. Instead provide an alternate field holding the password as a byte array. In cases where both a password and password-raw are supplied, password is preferred.
2011-11-17 16:36:16 -08:00
#define NM_SETTING_802_1X_PASSWORD_RAW "password-raw"
#define NM_SETTING_802_1X_PASSWORD_RAW_FLAGS "password-raw-flags"
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
#define NM_SETTING_802_1X_PRIVATE_KEY "private-key"
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
#define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD "private-key-password"
libnm-util: add secret flags for each secret describing how the secret is stored This allows the necessary flexibility when handling secrets; otherwise it wouldn't be known when NM should save secrets returned from agents to backing storage, or when the agents should store the secrets. We can't simply use lack of a secret in persistent storage as the indicator of this, as (for example) when creating a new connection without secrets the storage method would be abmiguous. At the same time, fold in "always ask" functionality for OTP tokens so user agents don't have to store that attribute themselves out-of-band.
2011-01-29 13:34:24 -06:00
#define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS "private-key-password-flags"
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
#define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY "phase2-private-key"
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
#define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD "phase2-private-key-password"
libnm-util: add secret flags for each secret describing how the secret is stored This allows the necessary flexibility when handling secrets; otherwise it wouldn't be known when NM should save secrets returned from agents to backing storage, or when the agents should store the secrets. We can't simply use lack of a secret in persistent storage as the indicator of this, as (for example) when creating a new connection without secrets the storage method would be abmiguous. At the same time, fold in "always ask" functionality for OTP tokens so user agents don't have to store that attribute themselves out-of-band.
2011-01-29 13:34:24 -06:00
#define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS "phase2-private-key-password-flags"
2008-03-17 Dan Williams <dcbw@redhat.com> Split the 802.1x bits out of the wireless-security setting so they are generalized enough for wired 802.1x to use too. * introspection/nm-exported-connection.xml - GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead of just a hash of the secrets for one setting * libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless-security.h - Remove 802.1x-specific stuff - Added leap-username and leap-password properties for old-school LEAP * src/nm-device.c src/nm-device.h - (connection_secrets_updated_cb): take a list of updated settings names, not just one * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-config.h - (nm_supplicant_config_add_setting_wireless_security): remove 802.1x specific stuff; fix for updated LEAP bits; punt 802.1x stuff to nm_supplicant_config_add_setting_8021x() - (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to the supplicant config * src/nm-device-802-11-wireless.c - (build_supplicant_config): pass in the 802.1x setting too, if any - (real_connection_secrets_updated): take a list of updated settings names, not just one * src/nm-device-802-3-ethernet.c src/nm-cdma-device.c src/nm-gsm-device.c - (real_connection_secrets_updated_cb): take a list of updated settings names, not just one * src/nm-activation-request.c src/nm-activation-request.h - (nm_act_request_class_init): the 'connection-secrets-updated' signal now passes a list of updated settings names, not just one - (update_one_setting): new function; handle one updated setting - (get_secrets_cb): handle multiple settings returned from the settings service; have to be careful of ordering here as there are some dependencies between settings (ex. wireless-security and 802.1x in some cases) * src/marshallers/nm-marshal.list - new marshaller for connection-secrets-updated signal * libnm-util/nm-setting-8021x.c - Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth methods - (verify): a valid 'eap' property is now required * libnm-util/nm-connection.c - (register_default_settings): add priorities to settings; there are some dependencies between settings, and during the need_secrets calls this priority needs to be respected. For example, only the wireless-security setting knows whether or not the connection is going to use 802.1x or now, so it must be asked for secrets before any existing 802.1x setting is - (nm_connection_lookup_setting_type): expose * libnm-util/nm-setting-wireless.c - (verify): should verify even if all_settings is NULL; otherwise won't catch the case where there is missing security * libnm-util/nm-setting-wireless-security.c - Remove everything to do with 802.1x - Add old-school LEAP specific properties for username and password - (need_secrets): rework LEAP secrets checking - (verify): rework for LEAP and 802.1x verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-17 19:37:23 +00:00
#define NM_SETTING_802_1X_PIN "pin"
libnm-util: add secret flags for each secret describing how the secret is stored This allows the necessary flexibility when handling secrets; otherwise it wouldn't be known when NM should save secrets returned from agents to backing storage, or when the agents should store the secrets. We can't simply use lack of a secret in persistent storage as the indicator of this, as (for example) when creating a new connection without secrets the storage method would be abmiguous. At the same time, fold in "always ask" functionality for OTP tokens so user agents don't have to store that attribute themselves out-of-band.
2011-01-29 13:34:24 -06:00
#define NM_SETTING_802_1X_PIN_FLAGS "pin-flags"
2008-11-21 Dan Williams <dcbw@redhat.com> Patch from Tambet Ingo <tambet@gmail.com> * configure.in libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Add configure-time option for the system CA path - Add 'system-ca-certs' option to 802.1x setting, which directs NetworkManager to use system CA certificates instead of any connection-defined CA certificates * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-settings-verify.c - Use system CA certificates if the connection says to do so git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4326 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-21 18:59:37 +00:00
#define NM_SETTING_802_1X_SYSTEM_CA_CERTS "system-ca-certs"
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/* PRIVATE KEY NOTE: when setting PKCS#12 private keys directly via properties
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
* using the "blob" scheme, the data must be passed in PKCS#12 binary format.
* In this case, the appropriate "client-cert" (or "phase2-client-cert")
* property of the NMSetting8021x object must also contain the exact same
* PKCS#12 binary data that the private key does. This is because the
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
* PKCS#12 file contains both the private key and client certificate, so both
* properties need to be set to the same thing. When using the "path" scheme,
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
* just set both the private-key and client-cert properties to the same path.
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
*
* When setting OpenSSL-derived "traditional" format (ie S/MIME style, not
* PKCS#8) RSA and DSA keys directly via properties with the "blob" scheme, they
libnm-util: add secret flags for each secret describing how the secret is stored This allows the necessary flexibility when handling secrets; otherwise it wouldn't be known when NM should save secrets returned from agents to backing storage, or when the agents should store the secrets. We can't simply use lack of a secret in persistent storage as the indicator of this, as (for example) when creating a new connection without secrets the storage method would be abmiguous. At the same time, fold in "always ask" functionality for OTP tokens so user agents don't have to store that attribute themselves out-of-band.
2011-01-29 13:34:24 -06:00
* should be passed to NetworkManager in PEM format with the "DEK-Info" and
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
* "Proc-Type" tags intact. Decrypted private keys should not be used as this
* is insecure and could allow unprivileged users to access the decrypted
* private key data.
libnm-util: add secret flags for each secret describing how the secret is stored This allows the necessary flexibility when handling secrets; otherwise it wouldn't be known when NM should save secrets returned from agents to backing storage, or when the agents should store the secrets. We can't simply use lack of a secret in persistent storage as the indicator of this, as (for example) when creating a new connection without secrets the storage method would be abmiguous. At the same time, fold in "always ask" functionality for OTP tokens so user agents don't have to store that attribute themselves out-of-band.
2011-01-29 13:34:24 -06:00
*
* When using the "path" scheme, just set the private-key and client-cert
libnm-util: rework certificate and private key handling First, it was not easily possible to set a private key without also providing a password. This used to be OK, but now with secret flags it may be the case that when the connection is read, there's no private key password. So functions that set the private key must account for NULL passwords. Unfortunately, the crytpo code did not handle this case well. We need to be able to independently (a) verify that a file looks like a certificate or private key and (b) that a given password decrypts a private key. Previously the crypto code would fail to verify the file when the password was NULL. So this change fixes up the crytpo code for a more distinct split between these two operations, such that if no password is given, the file is still checked to ensure that it's a private key or a certificate. If a password is given, the password is checked against the private key file. This commit also changes how private keys and certificates were handled with the BLOB scheme. Previously only the first certificate or first private key was included in the property data, while now the entire file is encoded in the data. This is intended to fix cases where multiple private keys or certificates are present in a PEM file. It also allows clients to push certificate data to NetworkManager for storage in system settings locations, which was not as flexible before when only part of the certificate or key was sent as the data.
2011-03-02 12:00:47 -06:00
* properties to the paths to their respective objects.
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
*/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
typedef struct {
NMSetting parent;
} NMSetting8021x;
typedef struct {
NMSettingClass parent;
libnm-util: add class padding for future expansion
2009-09-30 09:11:54 -07:00
/* Padding for future expansion */
void (*_reserved1) (void);
void (*_reserved2) (void);
void (*_reserved3) (void);
void (*_reserved4) (void);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
} NMSetting8021xClass;
GType nm_setting_802_1x_get_type (void);
NMSetting *nm_setting_802_1x_new (void);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
guint32 nm_setting_802_1x_get_num_eap_methods (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_eap_method (NMSetting8021x *setting, guint32 i);
gboolean nm_setting_802_1x_add_eap_method (NMSetting8021x *setting, const char *eap);
void nm_setting_802_1x_remove_eap_method (NMSetting8021x *setting, guint32 i);
void nm_setting_802_1x_clear_eap_methods (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_identity (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_anonymous_identity (NMSetting8021x *setting);
libnm-util: add 'pac-file' property for 8021x setting (used in EAP-FAST)
2012-01-20 15:10:30 +01:00
const char * nm_setting_802_1x_get_pac_file (NMSetting8021x *setting);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
gboolean nm_setting_802_1x_get_system_ca_certs (NMSetting8021x *setting);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char * nm_setting_802_1x_get_ca_path (NMSetting8021x *setting);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
const char * nm_setting_802_1x_get_phase2_ca_path (NMSetting8021x *setting);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme nm_setting_802_1x_get_ca_cert_scheme (NMSetting8021x *setting);
const GByteArray * nm_setting_802_1x_get_ca_cert_blob (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_ca_cert_path (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_ca_cert (NMSetting8021x *setting,
libnm-util: clarify certificate and key argument names Clarify that these are supposed to be paths in the argument name; this shouldn't break API as it's just an argument rename. Helps users figure out what the argument should be without as much trouble as 'value', which is what it was before.
2011-05-10 12:44:01 -05:00
const char *cert_path,
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme,
NMSetting8021xCKFormat *out_format,
GError **error);
settings: add 802.1X setting properties for subject and altsubject matches Includes subject_match and phase2_subject_match (string) parameters, and altsubject_matches and phase2_altsubject_matches (list of string) parameters. subject_match is matched against a substring of the subject from the certificate presented by the remote authentication server. If this option is unset, no subject verification is performed. altsubject_matches are each tested against the alternate subject name (altSubjectName) of the certificate presented by the remote authentication server. If this option is unset, no verification of the altSubjectName is performed.
2011-07-29 12:38:23 -07:00
const char * nm_setting_802_1x_get_subject_match (NMSetting8021x *setting);
guint32 nm_setting_802_1x_get_num_altsubject_matches (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_altsubject_match (NMSetting8021x *setting,
guint32 i);
gboolean nm_setting_802_1x_add_altsubject_match (NMSetting8021x *setting,
const char *altsubject_match);
void nm_setting_802_1x_remove_altsubject_match (NMSetting8021x *setting,
guint32 i);
void nm_setting_802_1x_clear_altsubject_matches (NMSetting8021x *setting);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme nm_setting_802_1x_get_client_cert_scheme (NMSetting8021x *setting);
const GByteArray * nm_setting_802_1x_get_client_cert_blob (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_client_cert_path (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_client_cert (NMSetting8021x *setting,
libnm-util: clarify certificate and key argument names Clarify that these are supposed to be paths in the argument name; this shouldn't break API as it's just an argument rename. Helps users figure out what the argument should be without as much trouble as 'value', which is what it was before.
2011-05-10 12:44:01 -05:00
const char *cert_path,
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme,
NMSetting8021xCKFormat *out_format,
GError **error);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char * nm_setting_802_1x_get_phase1_peapver (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase1_peaplabel (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase1_fast_provisioning (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase2_auth (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase2_autheap (NMSetting8021x *setting);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_ca_cert_scheme (NMSetting8021x *setting);
const GByteArray * nm_setting_802_1x_get_phase2_ca_cert_blob (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase2_ca_cert_path (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_phase2_ca_cert (NMSetting8021x *setting,
libnm-util: clarify certificate and key argument names Clarify that these are supposed to be paths in the argument name; this shouldn't break API as it's just an argument rename. Helps users figure out what the argument should be without as much trouble as 'value', which is what it was before.
2011-05-10 12:44:01 -05:00
const char *cert_path,
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme,
NMSetting8021xCKFormat *out_format,
GError **error);
settings: add 802.1X setting properties for subject and altsubject matches Includes subject_match and phase2_subject_match (string) parameters, and altsubject_matches and phase2_altsubject_matches (list of string) parameters. subject_match is matched against a substring of the subject from the certificate presented by the remote authentication server. If this option is unset, no subject verification is performed. altsubject_matches are each tested against the alternate subject name (altSubjectName) of the certificate presented by the remote authentication server. If this option is unset, no verification of the altSubjectName is performed.
2011-07-29 12:38:23 -07:00
const char * nm_setting_802_1x_get_phase2_subject_match (NMSetting8021x *setting);
guint32 nm_setting_802_1x_get_num_phase2_altsubject_matches (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase2_altsubject_match (NMSetting8021x *setting,
guint32 i);
gboolean nm_setting_802_1x_add_phase2_altsubject_match (NMSetting8021x *setting,
const char *phase2_altsubject_match);
void nm_setting_802_1x_remove_phase2_altsubject_match (NMSetting8021x *setting,
guint32 i);
void nm_setting_802_1x_clear_phase2_altsubject_matches (NMSetting8021x *setting);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_client_cert_scheme (NMSetting8021x *setting);
const GByteArray * nm_setting_802_1x_get_phase2_client_cert_blob (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase2_client_cert_path (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_phase2_client_cert (NMSetting8021x *setting,
libnm-util: clarify certificate and key argument names Clarify that these are supposed to be paths in the argument name; this shouldn't break API as it's just an argument rename. Helps users figure out what the argument should be without as much trouble as 'value', which is what it was before.
2011-05-10 12:44:01 -05:00
const char *cert_path,
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme,
NMSetting8021xCKFormat *out_format,
GError **error);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char * nm_setting_802_1x_get_password (NMSetting8021x *setting);
libnm-util: add secret flags for each secret describing how the secret is stored This allows the necessary flexibility when handling secrets; otherwise it wouldn't be known when NM should save secrets returned from agents to backing storage, or when the agents should store the secrets. We can't simply use lack of a secret in persistent storage as the indicator of this, as (for example) when creating a new connection without secrets the storage method would be abmiguous. At the same time, fold in "always ask" functionality for OTP tokens so user agents don't have to store that attribute themselves out-of-band.
2011-01-29 13:34:24 -06:00
NMSettingSecretFlags nm_setting_802_1x_get_password_flags (NMSetting8021x *setting);
settings: Add new password-raw and password-raw-flags properties to 8021x. In cases where the actual password is non-ASCII, it may not be possible to deliver the 802.1x password as a D-Bus string. Instead provide an alternate field holding the password as a byte array. In cases where both a password and password-raw are supplied, password is preferred.
2011-11-17 16:36:16 -08:00
const GByteArray * nm_setting_802_1x_get_password_raw (NMSetting8021x *setting);
NMSettingSecretFlags nm_setting_802_1x_get_password_raw_flags (NMSetting8021x *setting);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char * nm_setting_802_1x_get_pin (NMSetting8021x *setting);
libnm-util: add secret flags for each secret describing how the secret is stored This allows the necessary flexibility when handling secrets; otherwise it wouldn't be known when NM should save secrets returned from agents to backing storage, or when the agents should store the secrets. We can't simply use lack of a secret in persistent storage as the indicator of this, as (for example) when creating a new connection without secrets the storage method would be abmiguous. At the same time, fold in "always ask" functionality for OTP tokens so user agents don't have to store that attribute themselves out-of-band.
2011-01-29 13:34:24 -06:00
NMSettingSecretFlags nm_setting_802_1x_get_pin_flags (NMSetting8021x *setting);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme nm_setting_802_1x_get_private_key_scheme (NMSetting8021x *setting);
const GByteArray * nm_setting_802_1x_get_private_key_blob (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_private_key_path (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_private_key (NMSetting8021x *setting,
libnm-util: clarify certificate and key argument names Clarify that these are supposed to be paths in the argument name; this shouldn't break API as it's just an argument rename. Helps users figure out what the argument should be without as much trouble as 'value', which is what it was before.
2011-05-10 12:44:01 -05:00
const char *key_path,
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
const char *password,
NMSetting8021xCKScheme scheme,
NMSetting8021xCKFormat *out_format,
GError **error);
const char * nm_setting_802_1x_get_private_key_password (NMSetting8021x *setting);
libnm-util: add secret flags for each secret describing how the secret is stored This allows the necessary flexibility when handling secrets; otherwise it wouldn't be known when NM should save secrets returned from agents to backing storage, or when the agents should store the secrets. We can't simply use lack of a secret in persistent storage as the indicator of this, as (for example) when creating a new connection without secrets the storage method would be abmiguous. At the same time, fold in "always ask" functionality for OTP tokens so user agents don't have to store that attribute themselves out-of-band.
2011-01-29 13:34:24 -06:00
NMSettingSecretFlags nm_setting_802_1x_get_private_key_password_flags (NMSetting8021x *setting);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKFormat nm_setting_802_1x_get_private_key_format (NMSetting8021x *setting);
NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_private_key_scheme (NMSetting8021x *setting);
const GByteArray * nm_setting_802_1x_get_phase2_private_key_blob (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase2_private_key_path (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_phase2_private_key (NMSetting8021x *setting,
libnm-util: clarify certificate and key argument names Clarify that these are supposed to be paths in the argument name; this shouldn't break API as it's just an argument rename. Helps users figure out what the argument should be without as much trouble as 'value', which is what it was before.
2011-05-10 12:44:01 -05:00
const char *key_path,
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
const char *password,
NMSetting8021xCKScheme scheme,
NMSetting8021xCKFormat *out_format,
GError **error);
const char * nm_setting_802_1x_get_phase2_private_key_password (NMSetting8021x *setting);
libnm-util: add secret flags for each secret describing how the secret is stored This allows the necessary flexibility when handling secrets; otherwise it wouldn't be known when NM should save secrets returned from agents to backing storage, or when the agents should store the secrets. We can't simply use lack of a secret in persistent storage as the indicator of this, as (for example) when creating a new connection without secrets the storage method would be abmiguous. At the same time, fold in "always ask" functionality for OTP tokens so user agents don't have to store that attribute themselves out-of-band.
2011-01-29 13:34:24 -06:00
NMSettingSecretFlags nm_setting_802_1x_get_phase2_private_key_password_flags (NMSetting8021x *setting);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKFormat nm_setting_802_1x_get_phase2_private_key_format (NMSetting8021x *setting);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
libnm-util: add 0.7 cert/key functions back Since there's a more or less direct mapping between the 0.7.x and the 0.8.x certificate and key operations, we might as well just deprecate them instead of removing them entirely.
2009-09-25 16:00:19 -07:00
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
G_END_DECLS
#endif /* NM_SETTING_8021X_H */
Reference in a new issue Copy permalink