fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-20 11:40:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/libnm-util/nm-setting-8021x.c

3277 lines
110 KiB
C
Raw Normal View History

2008-07-27 Dan Williams <dcbw@redhat.com> * libnm-util/* - Relicense to LGPLv2+ git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3859 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-07-27 20:03:46 +00:00
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
/*
* Dan Williams <dcbw@redhat.com>
* Tambet Ingo <tambet@gmail.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA.
*
* (C) Copyright 2007 - 2008 Red Hat, Inc.
* (C) Copyright 2007 - 2008 Novell, Inc.
*/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
#include <string.h>
#include <ctype.h>
#include <dbus/dbus-glib.h>
#include "nm-setting-8021x.h"
#include "nm-param-spec-specialized.h"
#include "nm-utils.h"
2008-03-29 Dan Williams <dcbw@redhat.com> * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-ip4-config.c libnm-util/nm-setting-vpn-properties.c libnm-util/nm-setting-vpn.c libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless.c libnm-util/nm-utils.c src/dhcp-manager/nm-dhcp-manager.c src/nm-activation-request.c src/nm-ip4-config.c src/nm-manager.c src/nm-properties-changed-signal.c src/ppp-manager/nm-pppd-plugin.c src/supplicant-manager/nm-supplicant-interface.c src/vpn-manager/nm-vpn-connection.c - consistently use nm-dbus-glib-types.h git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3514 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-29 21:35:41 +00:00
#include "nm-dbus-glib-types.h"
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
#include "crypto.h"
2008-11-20 Dan Williams <dcbw@redhat.com> * libnm-util/Makefile.am libnm-util/nm-utils-private.h - New header for internal utils private functions * libnm-util/libnm-util.ver libnm-util/nm-utils.c libnm-util/nm-utils.h - Document some functions - (nm_utils_string_in_list, nm_utils_string_list_contains, nm_utils_string_slist_validate): un-export, only used within libnm-util or of limited use in general, and very easy to re-implement by apps if needed * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-wired.c libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless.c - Update for private nm_utils_string_* functions git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4319 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-20 20:17:01 +00:00
#include "nm-utils-private.h"
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
doc: 802-1x doc fixes
2009-09-28 16:55:52 -07:00
* SECTION:nm-setting-8021x
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
* @short_description: Describes 802.1x-authenticated connection properties
* @include: nm-setting-8021x.h
*
* The #NMSetting8021x object is a #NMSetting subclass that describes
* properties necessary for connection to 802.1x-authenticated networks, such as
* WPA and WPA2 Enterprise WiFi networks and wired 802.1x networks. 802.1x
* connections typically use certificates and/or EAP authentication methods to
* securely verify, identify, and authenticate the client to the network itself,
* instead of simply relying on a widely shared static key.
*
* It's a good idea to read up on wpa_supplicant configuration before using this
* setting extensively, since most of the options here correspond closely with
* the relevant wpa_supplicant configuration options.
*
* Furthermore, to get a good idea of 802.1x, EAP, TLS, TTLS, etc and their
* applications to WiFi and wired networks, you'll want to get copies of the
* following books.
*
* 802.11 Wireless Networks: The Definitive Guide, Second Edition
* Author: Matthew Gast
* ISBN: 978-0596100520
*
* Cisco Wireless LAN Security
* Authors: Krishna Sankar, Sri Sundaralingam, Darrin Miller, and Andrew Balinsky
* ISBN: 978-1587051548
**/
#define SCHEME_PATH "file://"
/**
* nm_setting_802_1x_error_quark:
*
* Registers an error quark for #NMSetting8021x if necessary.
*
* Returns: the error quark used for #NMSetting8021x errors.
**/
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
GQuark
nm_setting_802_1x_error_quark (void)
{
static GQuark quark;
if (G_UNLIKELY (!quark))
quark = g_quark_from_static_string ("nm-setting-802-1x-error-quark");
return quark;
}
/* This should really be standard. */
#define ENUM_ENTRY(NAME, DESC) { NAME, "" #NAME "", DESC }
GType
nm_setting_802_1x_error_get_type (void)
{
static GType etype = 0;
if (etype == 0) {
static const GEnumValue values[] = {
/* Unknown error. */
ENUM_ENTRY (NM_SETTING_802_1X_ERROR_UNKNOWN, "UnknownError"),
/* The specified property was invalid. */
ENUM_ENTRY (NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, "InvalidProperty"),
/* The specified property was missing and is required. */
ENUM_ENTRY (NM_SETTING_802_1X_ERROR_MISSING_PROPERTY, "MissingProperty"),
{ 0, 0, 0 }
};
etype = g_enum_register_static ("NMSetting8021xError", values);
}
return etype;
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
G_DEFINE_TYPE (NMSetting8021x, nm_setting_802_1x, NM_TYPE_SETTING)
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
#define NM_SETTING_802_1X_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_SETTING_802_1X, NMSetting8021xPrivate))
typedef struct {
GSList *eap; /* GSList of strings */
char *identity;
char *anonymous_identity;
GByteArray *ca_cert;
char *ca_path;
GByteArray *client_cert;
char *phase1_peapver;
char *phase1_peaplabel;
char *phase1_fast_provisioning;
char *phase2_auth;
char *phase2_autheap;
GByteArray *phase2_ca_cert;
char *phase2_ca_path;
GByteArray *phase2_client_cert;
char *password;
char *pin;
char *psk;
GByteArray *private_key;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
char *private_key_password;
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
GByteArray *phase2_private_key;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
char *phase2_private_key_password;
2008-11-21 Dan Williams <dcbw@redhat.com> Patch from Tambet Ingo <tambet@gmail.com> * configure.in libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Add configure-time option for the system CA path - Add 'system-ca-certs' option to 802.1x setting, which directs NetworkManager to use system CA certificates instead of any connection-defined CA certificates * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-settings-verify.c - Use system CA certificates if the connection says to do so git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4326 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-21 18:59:37 +00:00
gboolean system_ca_certs;
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
} NMSetting8021xPrivate;
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
enum {
PROP_0,
PROP_EAP,
PROP_IDENTITY,
PROP_ANONYMOUS_IDENTITY,
PROP_CA_CERT,
PROP_CA_PATH,
PROP_CLIENT_CERT,
PROP_PHASE1_PEAPVER,
PROP_PHASE1_PEAPLABEL,
PROP_PHASE1_FAST_PROVISIONING,
PROP_PHASE2_AUTH,
PROP_PHASE2_AUTHEAP,
PROP_PHASE2_CA_CERT,
PROP_PHASE2_CA_PATH,
PROP_PHASE2_CLIENT_CERT,
PROP_PASSWORD,
PROP_PRIVATE_KEY,
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
PROP_PRIVATE_KEY_PASSWORD,
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
PROP_PHASE2_PRIVATE_KEY,
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
PROP_PHASE2_PRIVATE_KEY_PASSWORD,
2008-03-17 Dan Williams <dcbw@redhat.com> Split the 802.1x bits out of the wireless-security setting so they are generalized enough for wired 802.1x to use too. * introspection/nm-exported-connection.xml - GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead of just a hash of the secrets for one setting * libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless-security.h - Remove 802.1x-specific stuff - Added leap-username and leap-password properties for old-school LEAP * src/nm-device.c src/nm-device.h - (connection_secrets_updated_cb): take a list of updated settings names, not just one * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-config.h - (nm_supplicant_config_add_setting_wireless_security): remove 802.1x specific stuff; fix for updated LEAP bits; punt 802.1x stuff to nm_supplicant_config_add_setting_8021x() - (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to the supplicant config * src/nm-device-802-11-wireless.c - (build_supplicant_config): pass in the 802.1x setting too, if any - (real_connection_secrets_updated): take a list of updated settings names, not just one * src/nm-device-802-3-ethernet.c src/nm-cdma-device.c src/nm-gsm-device.c - (real_connection_secrets_updated_cb): take a list of updated settings names, not just one * src/nm-activation-request.c src/nm-activation-request.h - (nm_act_request_class_init): the 'connection-secrets-updated' signal now passes a list of updated settings names, not just one - (update_one_setting): new function; handle one updated setting - (get_secrets_cb): handle multiple settings returned from the settings service; have to be careful of ordering here as there are some dependencies between settings (ex. wireless-security and 802.1x in some cases) * src/marshallers/nm-marshal.list - new marshaller for connection-secrets-updated signal * libnm-util/nm-setting-8021x.c - Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth methods - (verify): a valid 'eap' property is now required * libnm-util/nm-connection.c - (register_default_settings): add priorities to settings; there are some dependencies between settings, and during the need_secrets calls this priority needs to be respected. For example, only the wireless-security setting knows whether or not the connection is going to use 802.1x or now, so it must be asked for secrets before any existing 802.1x setting is - (nm_connection_lookup_setting_type): expose * libnm-util/nm-setting-wireless.c - (verify): should verify even if all_settings is NULL; otherwise won't catch the case where there is missing security * libnm-util/nm-setting-wireless-security.c - Remove everything to do with 802.1x - Add old-school LEAP specific properties for username and password - (need_secrets): rework LEAP secrets checking - (verify): rework for LEAP and 802.1x verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-17 19:37:23 +00:00
PROP_PIN,
PROP_PSK,
2008-11-21 Dan Williams <dcbw@redhat.com> Patch from Tambet Ingo <tambet@gmail.com> * configure.in libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Add configure-time option for the system CA path - Add 'system-ca-certs' option to 802.1x setting, which directs NetworkManager to use system CA certificates instead of any connection-defined CA certificates * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-settings-verify.c - Use system CA certificates if the connection says to do so git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4326 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-21 18:59:37 +00:00
PROP_SYSTEM_CA_CERTS,
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
LAST_PROP
};
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_new:
*
* Creates a new #NMSetting8021x object with default values.
*
* Returns: the new empty #NMSetting8021x object
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
NMSetting *
nm_setting_802_1x_new (void)
{
return (NMSetting *) g_object_new (NM_TYPE_SETTING_802_1X, NULL);
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_num_eap_methods:
* @setting: the #NMSetting8021x
*
* Returns the number of eap methods allowed for use when connecting to the
* network. Generally only one EAP method is used. Use the functions
* nm_setting_802_1x_get_eap_method(), nm_setting_802_1x_add_eap_method(),
* and nm_setting_802_1x_remove_eap_method() for adding, removing, and retrieving
* allowed EAP methods.
*
* Returns: the number of allowed EAP methods
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
guint32
nm_setting_802_1x_get_num_eap_methods (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), 0);
return g_slist_length (NM_SETTING_802_1X_GET_PRIVATE (setting)->eap);
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_eap_method:
* @setting: the #NMSetting8021x
* @i: the index of the EAP method name to return
*
* Returns the name of the allowed EAP method at index @i.
*
* Returns: the name of the allowed EAP method at index @i
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char *
nm_setting_802_1x_get_eap_method (NMSetting8021x *setting, guint32 i)
{
NMSetting8021xPrivate *priv;
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
g_return_val_if_fail (i <= g_slist_length (priv->eap), NULL);
return (const char *) g_slist_nth_data (priv->eap, i);
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_add_eap_method:
* @setting: the #NMSetting8021x
* @eap: the name of the EAP method to allow for this connection
*
* Adds an allowed EAP method. The setting is not valid until at least one
* EAP method has been added. See #NMSetting8021x:eap property for a list of
* allowed EAP methods.
*
* Returns: TRUE if the EAP method was successfully added, FALSE if it was
* not a valid method or if it was already allowed.
**/
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
gboolean
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
nm_setting_802_1x_add_eap_method (NMSetting8021x *setting, const char *eap)
{
NMSetting8021xPrivate *priv;
GSList *iter;
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), FALSE);
g_return_val_if_fail (eap != NULL, FALSE);
priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
for (iter = priv->eap; iter; iter = g_slist_next (iter)) {
if (!strcmp (eap, (char *) iter->data))
return FALSE;
}
priv->eap = g_slist_append (priv->eap, g_ascii_strdown (eap, -1));
return TRUE;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_remove_eap_method:
* @setting: the #NMSetting8021x
* @i: the index of the EAP method to remove
*
* Removes the allowed EAP method at the specified index.
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
void
nm_setting_802_1x_remove_eap_method (NMSetting8021x *setting, guint32 i)
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
{
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv;
GSList *elt;
g_return_if_fail (NM_IS_SETTING_802_1X (setting));
priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
elt = g_slist_nth (priv->eap, i);
g_return_if_fail (elt != NULL);
g_free (elt->data);
priv->eap = g_slist_delete_link (priv->eap, elt);
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_clear_eap_methods:
* @setting: the #NMSetting8021x
*
* Clears all allowed EAP methods.
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
void
nm_setting_802_1x_clear_eap_methods (NMSetting8021x *setting)
{
NMSetting8021xPrivate *priv;
g_return_if_fail (NM_IS_SETTING_802_1X (setting));
priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
nm_utils_slist_free (priv->eap, g_free);
priv->eap = NULL;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_identity:
* @setting: the #NMSetting8021x
*
* Returns the identifier used by some EAP methods (like TLS) to
* authenticate the user. Often this is a username or login name.
*
* Returns: the user identifier
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char *
nm_setting_802_1x_get_identity (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->identity;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_anonymous_identity:
* @setting: the #NMSetting8021x
*
* Returns the anonymous identifier used by some EAP methods (like TTLS) to
* authenticate the user in the outer unencrypted "phase 1" authentication. The
* inner "phase 2" authentication will use the #NMSetting8021x:identity in
* a secure form, if applicable for that EAP method.
*
* Returns: the anonymous identifier
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char *
nm_setting_802_1x_get_anonymous_identity (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->anonymous_identity;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_ca_path:
* @setting: the #NMSetting8021x
*
* Returns the path of the CA certificate directory if previously set. Systems
* will often have a directory that contains multiple individual CA certificates
* which the supplicant can then add to the verification chain. This may be
* used in addition to the #NMSetting8021x:ca-cert property to add more CA
* certificates for verifying the network to client.
*
* Returns: the CA certificate directory path
**/
const char *
nm_setting_802_1x_get_ca_path (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->ca_path;
}
/**
* nm_setting_802_1x_get_system_ca_certs:
* @setting: the #NMSetting8021x
*
* Sets the #NMSetting8021x:system-ca-certs property. The
* #NMSetting8021x:ca-path and #NMSetting8021x:phase2-ca-path
* properties are ignored if the #NMSetting8021x:system-ca-certs property is
* TRUE, in which case a system-wide CA certificate directory specified at
* compile time (using the --system-ca-path configure option) is used in place
* of these properties.
*
* Returns: TRUE if a system CA certificate path should be used, FALSE if not
**/
gboolean
nm_setting_802_1x_get_system_ca_certs (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), FALSE);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->system_ca_certs;
}
static NMSetting8021xCKScheme
get_cert_scheme (GByteArray *array)
{
if (!array || !array->len)
return NM_SETTING_802_1X_CK_SCHEME_UNKNOWN;
if ( (array->len > strlen (SCHEME_PATH))
&& !memcmp (array->data, SCHEME_PATH, strlen (SCHEME_PATH)))
return NM_SETTING_802_1X_CK_SCHEME_PATH;
return NM_SETTING_802_1X_CK_SCHEME_BLOB;
}
/**
* nm_setting_802_1x_get_ca_cert_scheme:
* @setting: the #NMSetting8021x
*
* Returns the scheme used to store the CA certificate. If the returned scheme
* is %NM_SETTING_802_1X_CK_SCHEME_BLOB, use nm_setting_802_1x_get_ca_cert_blob();
* if %NM_SETTING_802_1X_CK_SCHEME_PATH, use nm_setting_802_1x_get_ca_cert_path().
*
* Returns: scheme used to store the CA certificate (blob or path)
**/
NMSetting8021xCKScheme
nm_setting_802_1x_get_ca_cert_scheme (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NM_SETTING_802_1X_CK_SCHEME_UNKNOWN);
return get_cert_scheme (NM_SETTING_802_1X_GET_PRIVATE (setting)->ca_cert);
}
/**
* nm_setting_802_1x_get_ca_cert_blob:
* @setting: the #NMSetting8021x
*
* Returns the CA certificate blob if the CA certificate is stored using the
* %NM_SETTING_802_1X_CK_SCHEME_BLOB scheme. Not all EAP methods use a
* CA certificate (LEAP for example), and those that can take advantage of the
* CA certificate allow it to be unset. Note that lack of a CA certificate
* reduces security by allowing man-in-the-middle attacks, because the identity
* of the network cannot be confirmed by the client.
*
* Returns: the CA certificate data
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const GByteArray *
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
nm_setting_802_1x_get_ca_cert_blob (NMSetting8021x *setting)
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
{
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme;
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
scheme = nm_setting_802_1x_get_ca_cert_scheme (setting);
g_return_val_if_fail (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB, NULL);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
return NM_SETTING_802_1X_GET_PRIVATE (setting)->ca_cert;
}
libnm-util: add 0.7 cert/key functions back Since there's a more or less direct mapping between the 0.7.x and the 0.8.x certificate and key operations, we might as well just deprecate them instead of removing them entirely.
2009-09-25 16:00:19 -07:00
/**
* nm_setting_802_1x_get_ca_cert:
* @setting: the #NMSetting8021x
*
* Returns the CA certificate blob if the CA certificate is stored using the
* %NM_SETTING_802_1X_CK_SCHEME_BLOB scheme. Not all EAP methods use a
* CA certificate (LEAP for example), and those that can take advantage of the
* CA certificate allow it to be unset. Note that lack of a CA certificate
* reduces security by allowing man-in-the-middle attacks, because the identity
* of the network cannot be confirmed by the client.
*
* Deprecated: 0.8: This function has been deprecated and should
* not be used in newly written code. Calling this function is
* equivalent to calling nm_setting_802_1x_get_ca_cert_blob().
*
* Returns: the CA certificate data
**/
const GByteArray *
nm_setting_802_1x_get_ca_cert (NMSetting8021x *setting)
{
return nm_setting_802_1x_get_ca_cert_blob (setting);
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_ca_cert_path:
* @setting: the #NMSetting8021x
*
* Returns the CA certificate path if the CA certificate is stored using the
* %NM_SETTING_802_1X_CK_SCHEME_PATH scheme. Not all EAP methods use a
* CA certificate (LEAP for example), and those that can take advantage of the
* CA certificate allow it to be unset. Note that lack of a CA certificate
* reduces security by allowing man-in-the-middle attacks, because the identity
* of the network cannot be confirmed by the client.
*
* Returns: path to the CA certificate file
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char *
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
nm_setting_802_1x_get_ca_cert_path (NMSetting8021x *setting)
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
{
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme;
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
scheme = nm_setting_802_1x_get_ca_cert_scheme (setting);
g_return_val_if_fail (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH, NULL);
return (const char *) (NM_SETTING_802_1X_GET_PRIVATE (setting)->ca_cert->data + strlen (SCHEME_PATH));
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_set_ca_cert:
* @setting: the #NMSetting8021x
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
* @value: when @scheme is set to either %NM_SETTING_802_1X_CK_SCHEME_PATH or
* %NM_SETTING_802_1X_CK_SCHEME_BLOB, pass the path of the CA certificate file
* (PEM or DER format). The path must be UTF-8 encoded; use
* g_filename_to_utf8() to convert if needed. Passing NULL with any @scheme
* clears the CA certificate.
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
* @scheme: desired storage scheme for the certificate
* @out_format: on successful return, the type of the certificate added
* @error: on unsuccessful return, an error
*
* Reads a certificate from disk and sets the #NMSetting8021x:ca-cert property
* with the raw certificate data if using the %NM_SETTING_802_1X_CK_SCHEME_BLOB
* scheme, or with the path to the certificate file if using the
* %NM_SETTING_802_1X_CK_SCHEME_PATH scheme.
*
* Returns: TRUE if the operation succeeded, FALSE if it was unsuccessful
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
gboolean
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
nm_setting_802_1x_set_ca_cert (NMSetting8021x *self,
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
const char *value,
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme,
NMSetting8021xCKFormat *out_format,
GError **error)
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
{
NMSetting8021xPrivate *priv;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
GByteArray *data;
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
if (value) {
g_return_val_if_fail (g_utf8_validate (value, -1, NULL), FALSE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_return_val_if_fail ( scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB
|| scheme == NM_SETTING_802_1X_CK_SCHEME_PATH,
FALSE);
}
if (out_format)
g_return_val_if_fail (*out_format == NM_SETTING_802_1X_CK_FORMAT_UNKNOWN, FALSE);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
priv = NM_SETTING_802_1X_GET_PRIVATE (self);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/* Clear out any previous ca_cert blob */
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
if (priv->ca_cert) {
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_free (priv->ca_cert, TRUE);
priv->ca_cert = NULL;
}
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
if (!value)
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
return TRUE;
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
data = crypto_load_and_verify_certificate (value, &format, error);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (data) {
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
/* wpa_supplicant can only use raw x509 CA certs */
switch (format) {
case NM_CRYPTO_FILE_FORMAT_X509:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (out_format)
*out_format = NM_SETTING_802_1X_CK_FORMAT_X509;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
break;
default:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_free (data, TRUE);
data = NULL;
g_set_error (error,
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_CA_CERT);
break;
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
}
if (data) {
if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB)
priv->ca_cert = data;
else if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
/* Add the path scheme tag to the front, then the fielname */
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
priv->ca_cert = g_byte_array_sized_new (strlen (value) + strlen (SCHEME_PATH) + 1);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_append (priv->ca_cert, (const guint8 *) SCHEME_PATH, strlen (SCHEME_PATH));
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
g_byte_array_append (priv->ca_cert, (const guint8 *) value, strlen (value));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_append (priv->ca_cert, (const guint8 *) "\0", 1);
} else
g_assert_not_reached ();
}
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
}
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
return priv->ca_cert != NULL;
}
libnm-util: add 0.7 cert/key functions back Since there's a more or less direct mapping between the 0.7.x and the 0.8.x certificate and key operations, we might as well just deprecate them instead of removing them entirely.
2009-09-25 16:00:19 -07:00
static NMSetting8021xCKType
ck_format_to_type (NMSetting8021xCKFormat format)
{
switch (format) {
case NM_SETTING_802_1X_CK_FORMAT_X509:
return NM_SETTING_802_1X_CK_TYPE_X509;
case NM_SETTING_802_1X_CK_FORMAT_RAW_KEY:
return NM_SETTING_802_1X_CK_TYPE_RAW_KEY;
case NM_SETTING_802_1X_CK_FORMAT_PKCS12:
return NM_SETTING_802_1X_CK_TYPE_PKCS12;
default:
break;
}
return NM_SETTING_802_1X_CK_TYPE_UNKNOWN;
}
/**
* nm_setting_802_1x_set_ca_cert_from_file:
* @setting: the #NMSetting8021x
* @filename: the path of the CA certificate file (PEM or DER format). Passing
* NULL clears the CA certificate.
* @out_ck_type: on successful return, the type of the certificate added
* @error: on unsuccessful return, an error
*
* Reads a certificate from disk and sets the #NMSetting8021x:ca-cert property
* with the raw certificate data using the %NM_SETTING_802_1X_CK_SCHEME_BLOB
* scheme.
*
* Deprecated: 0.8: This function has been deprecated and should
* not be used in newly written code. Calling this function is
* equivalent to calling nm_setting_802_1x_set_ca_cert() with the
* %NM_SETTING_802_1X_CK_SCHEME_BLOB scheme.
*
* Returns: TRUE if the operation succeeded, FALSE if it was unsuccessful
**/
gboolean
nm_setting_802_1x_set_ca_cert_from_file (NMSetting8021x *setting,
const char *filename,
NMSetting8021xCKType *out_ck_type,
GError **error)
{
gboolean success;
NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
success = nm_setting_802_1x_set_ca_cert (setting,
filename,
NM_SETTING_802_1X_CK_SCHEME_BLOB,
&format,
error);
if (success && out_ck_type)
*out_ck_type = ck_format_to_type (format);
return success;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_client_cert_scheme:
* @setting: the #NMSetting8021x
*
* Returns the scheme used to store the client certificate. If the returned scheme
* is %NM_SETTING_802_1X_CK_SCHEME_BLOB, use nm_setting_802_1x_get_client_cert_blob();
* if %NM_SETTING_802_1X_CK_SCHEME_PATH, use nm_setting_802_1x_get_client_cert_path().
*
* Returns: scheme used to store the client certificate (blob or path)
**/
NMSetting8021xCKScheme
nm_setting_802_1x_get_client_cert_scheme (NMSetting8021x *setting)
2008-11-21 Dan Williams <dcbw@redhat.com> Patch from Tambet Ingo <tambet@gmail.com> * configure.in libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Add configure-time option for the system CA path - Add 'system-ca-certs' option to 802.1x setting, which directs NetworkManager to use system CA certificates instead of any connection-defined CA certificates * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-settings-verify.c - Use system CA certificates if the connection says to do so git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4326 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-21 18:59:37 +00:00
{
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NM_SETTING_802_1X_CK_SCHEME_UNKNOWN);
2008-11-21 Dan Williams <dcbw@redhat.com> Patch from Tambet Ingo <tambet@gmail.com> * configure.in libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Add configure-time option for the system CA path - Add 'system-ca-certs' option to 802.1x setting, which directs NetworkManager to use system CA certificates instead of any connection-defined CA certificates * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-settings-verify.c - Use system CA certificates if the connection says to do so git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4326 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-21 18:59:37 +00:00
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
return get_cert_scheme (NM_SETTING_802_1X_GET_PRIVATE (setting)->client_cert);
2008-11-21 Dan Williams <dcbw@redhat.com> Patch from Tambet Ingo <tambet@gmail.com> * configure.in libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Add configure-time option for the system CA path - Add 'system-ca-certs' option to 802.1x setting, which directs NetworkManager to use system CA certificates instead of any connection-defined CA certificates * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-settings-verify.c - Use system CA certificates if the connection says to do so git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4326 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-21 18:59:37 +00:00
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_client_cert_blob:
* @setting: the #NMSetting8021x
*
* Client certificates are used to identify the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Returns: the client certificate data
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const GByteArray *
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
nm_setting_802_1x_get_client_cert_blob (NMSetting8021x *setting)
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
{
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme;
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
scheme = nm_setting_802_1x_get_client_cert_scheme (setting);
g_return_val_if_fail (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB, NULL);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
return NM_SETTING_802_1X_GET_PRIVATE (setting)->client_cert;
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
}
libnm-util: add 0.7 cert/key functions back Since there's a more or less direct mapping between the 0.7.x and the 0.8.x certificate and key operations, we might as well just deprecate them instead of removing them entirely.
2009-09-25 16:00:19 -07:00
/**
* nm_setting_802_1x_get_client_cert:
* @setting: the #NMSetting8021x
*
* Client certificates are used to identify the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Deprecated: 0.8: This function has been deprecated and should
* not be used in newly written code. Calling this function is
* equivalent to calling nm_setting_802_1x_get_client_cert_blob().
*
* Returns: the client certificate data
**/
const GByteArray *
nm_setting_802_1x_get_client_cert (NMSetting8021x *setting)
{
return nm_setting_802_1x_get_client_cert_blob (setting);
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_client_cert_path:
* @setting: the #NMSetting8021x
*
* Client certificates are used to identify the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Returns: path to the client certificate file
**/
const char *
nm_setting_802_1x_get_client_cert_path (NMSetting8021x *setting)
{
NMSetting8021xCKScheme scheme;
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
scheme = nm_setting_802_1x_get_client_cert_scheme (setting);
g_return_val_if_fail (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH, NULL);
return (const char *) (NM_SETTING_802_1X_GET_PRIVATE (setting)->client_cert->data + strlen (SCHEME_PATH));
}
/**
* nm_setting_802_1x_set_client_cert:
* @setting: the #NMSetting8021x
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
* @value: when @scheme is set to either %NM_SETTING_802_1X_CK_SCHEME_PATH or
* %NM_SETTING_802_1X_CK_SCHEME_BLOB, pass the path of the client certificate
* file (PEM, DER, or PKCS#12 format). The path must be UTF-8 encoded; use
* g_filename_to_utf8() to convert if needed. Passing NULL with any @scheme
* clears the client certificate.
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
* @scheme: desired storage scheme for the certificate
* @out_format: on successful return, the type of the certificate added
* @error: on unsuccessful return, an error
*
* Reads a certificate from disk and sets the #NMSetting8021x:client-cert
* property with the raw certificate data if using the
* %NM_SETTING_802_1X_CK_SCHEME_BLOB scheme, or with the path to the certificate
* file if using the %NM_SETTING_802_1X_CK_SCHEME_PATH scheme.
*
* Client certificates are used to identify the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Returns: TRUE if the operation succeeded, FALSE if it was unsuccessful
**/
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
gboolean
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
nm_setting_802_1x_set_client_cert (NMSetting8021x *self,
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
const char *value,
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme,
NMSetting8021xCKFormat *out_format,
GError **error)
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
{
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
GByteArray *data;
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
if (value) {
g_return_val_if_fail (g_utf8_validate (value, -1, NULL), FALSE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_return_val_if_fail ( scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB
|| scheme == NM_SETTING_802_1X_CK_SCHEME_PATH,
FALSE);
}
if (out_format)
g_return_val_if_fail (*out_format == NM_SETTING_802_1X_CK_FORMAT_UNKNOWN, FALSE);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
priv = NM_SETTING_802_1X_GET_PRIVATE (self);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/* Clear out any previous ca_cert blob */
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
if (priv->client_cert) {
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_free (priv->client_cert, TRUE);
priv->client_cert = NULL;
}
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
if (!value)
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
return TRUE;
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
data = crypto_load_and_verify_certificate (value, &format, error);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (data) {
/* wpa_supplicant can only use raw x509 CA certs */
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
switch (format) {
case NM_CRYPTO_FILE_FORMAT_X509:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (out_format)
*out_format = NM_SETTING_802_1X_CK_FORMAT_X509;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
break;
case NM_CRYPTO_FILE_FORMAT_PKCS12:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (out_format)
*out_format = NM_SETTING_802_1X_CK_FORMAT_PKCS12;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
break;
default:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_free (data, TRUE);
data = NULL;
g_set_error (error,
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_CLIENT_CERT);
break;
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
}
if (data) {
if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB)
priv->client_cert = data;
else if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
/* Add the path scheme tag to the front, then the fielname */
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
priv->client_cert = g_byte_array_sized_new (strlen (value) + strlen (SCHEME_PATH) + 1);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_append (priv->client_cert, (const guint8 *) SCHEME_PATH, strlen (SCHEME_PATH));
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
g_byte_array_append (priv->client_cert, (const guint8 *) value, strlen (value));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_append (priv->client_cert, (const guint8 *) "\0", 1);
} else
g_assert_not_reached ();
}
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
}
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
return priv->client_cert != NULL;
}
libnm-util: add 0.7 cert/key functions back Since there's a more or less direct mapping between the 0.7.x and the 0.8.x certificate and key operations, we might as well just deprecate them instead of removing them entirely.
2009-09-25 16:00:19 -07:00
/**
* nm_setting_802_1x_set_client_cert_from_file:
* @setting: the #NMSetting8021x
* @filename: the path of the client certificate file (PEM, DER, or
* PKCS#12 format). Passing NULL clears the client certificate.
* @out_ck_type: on successful return, the type of the certificate added
* @error: on unsuccessful return, an error
*
* Reads a certificate from disk and sets the #NMSetting8021x:client-cert
* property with the raw certificate data.
*
* Client certificates are used to identify the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Deprecated: 0.8: This function has been deprecated and should
* not be used in newly written code. Calling this function is
* equivalent to calling nm_setting_802_1x_set_client_cert() with the
* %NM_SETTING_802_1X_CK_SCHEME_BLOB scheme.
*
* Returns: TRUE if the operation succeeded, FALSE if it was unsuccessful
**/
gboolean
nm_setting_802_1x_set_client_cert_from_file (NMSetting8021x *setting,
const char *filename,
NMSetting8021xCKType *out_ck_type,
GError **error)
{
gboolean success;
NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
success = nm_setting_802_1x_set_client_cert (setting,
filename,
NM_SETTING_802_1X_CK_SCHEME_BLOB,
&format,
error);
if (success && out_ck_type)
*out_ck_type = ck_format_to_type (format);
return success;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_phase1_peapver:
* @setting: the #NMSetting8021x
*
* Returns: the "phase 1" PEAP version to be used when authenticating with
* EAP-PEAP as contained in the #NMSetting8021x:phase1-peapver property. Valid
* values are NULL (unset), "0" (PEAP version 0), and "1" (PEAP version 1).
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char *
nm_setting_802_1x_get_phase1_peapver (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase1_peapver;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_phase1_peaplabel:
* @setting: the #NMSetting8021x
*
* Returns: whether the "phase 1" PEAP label is new-style or old-style, to be
* used when authenticating with EAP-PEAP, as contained in the
* #NMSetting8021x:phase1-peaplabel property. Valid values are NULL (unset),
* "0" (use old-style label), and "1" (use new-style label). See the
* wpa_supplicant documentation for more details.
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char *
nm_setting_802_1x_get_phase1_peaplabel (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase1_peaplabel;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_phase1_fast_provisioning:
* @setting: the #NMSetting8021x
*
* Returns: whether "phase 1" PEAP fast provisioning should be used, as specified
* by the #NMSetting8021x:phase1-fast-provisioning property. See the
* wpa_supplicant documentation for more details.
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char *
nm_setting_802_1x_get_phase1_fast_provisioning (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase1_fast_provisioning;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_phase2_auth:
* @setting: the #NMSetting8021x
*
* Returns: the "phase 2" non-EAP (ex MD5) allowed authentication method as
* specified by the #NMSetting8021x:phase2-auth property.
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char *
nm_setting_802_1x_get_phase2_auth (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_auth;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_phase2_autheap:
* @setting: the #NMSetting8021x
*
* Returns: the "phase 2" EAP-based (ex TLS) allowed authentication method as
* specified by the #NMSetting8021x:phase2-autheap property.
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char *
nm_setting_802_1x_get_phase2_autheap (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_autheap;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_phase2_ca_path:
* @setting: the #NMSetting8021x
*
* Returns the path of the "phase 2" CA certificate directory if previously set.
* Systems will often have a directory that contains multiple individual CA
* certificates which the supplicant can then add to the verification chain.
* This may be used in addition to the #NMSetting8021x:phase2-ca-cert property
* to add more CA certificates for verifying the network to client.
*
* Returns: the "phase 2" CA certificate directory path
**/
const char *
nm_setting_802_1x_get_phase2_ca_path (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_ca_path;
}
/**
* nm_setting_802_1x_get_phase2_ca_cert_scheme:
* @setting: the #NMSetting8021x
*
* Returns the scheme used to store the "phase 2" CA certificate. If the
* returned scheme is %NM_SETTING_802_1X_CK_SCHEME_BLOB, use
* nm_setting_802_1x_get_ca_cert_blob(); if %NM_SETTING_802_1X_CK_SCHEME_PATH,
* use nm_setting_802_1x_get_ca_cert_path().
*
* Returns: scheme used to store the "phase 2" CA certificate (blob or path)
**/
NMSetting8021xCKScheme
nm_setting_802_1x_get_phase2_ca_cert_scheme (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NM_SETTING_802_1X_CK_SCHEME_UNKNOWN);
return get_cert_scheme (NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_ca_cert);
}
/**
* nm_setting_802_1x_get_phase2_ca_cert_blob:
* @setting: the #NMSetting8021x
*
* Returns the "phase 2" CA certificate blob if the CA certificate is stored
* using the %NM_SETTING_802_1X_CK_SCHEME_BLOB scheme. Not all EAP methods use
* a CA certificate (LEAP for example), and those that can take advantage of the
* CA certificate allow it to be unset. Note that lack of a CA certificate
* reduces security by allowing man-in-the-middle attacks, because the identity
* of the network cannot be confirmed by the client.
*
* Returns: the "phase 2" CA certificate data
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const GByteArray *
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
nm_setting_802_1x_get_phase2_ca_cert_blob (NMSetting8021x *setting)
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
{
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme;
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
scheme = nm_setting_802_1x_get_phase2_ca_cert_scheme (setting);
g_return_val_if_fail (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB, NULL);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_ca_cert;
}
libnm-util: add 0.7 cert/key functions back Since there's a more or less direct mapping between the 0.7.x and the 0.8.x certificate and key operations, we might as well just deprecate them instead of removing them entirely.
2009-09-25 16:00:19 -07:00
/**
* nm_setting_802_1x_get_phase2_ca_cert:
* @setting: the #NMSetting8021x
*
* Returns the "phase 2" CA certificate blob. Not all EAP methods use
* a CA certificate (LEAP for example), and those that can take advantage of the
* CA certificate allow it to be unset. Note that lack of a CA certificate
* reduces security by allowing man-in-the-middle attacks, because the identity
* of the network cannot be confirmed by the client.
*
* Deprecated: 0.8: This function has been deprecated and should
* not be used in newly written code. Calling this function is
* equivalent to calling nm_setting_802_1x_get_phase2_ca_cert_blob().
*
* Returns: the "phase 2" CA certificate data
**/
const GByteArray *
nm_setting_802_1x_get_phase2_ca_cert (NMSetting8021x *setting)
{
return nm_setting_802_1x_get_phase2_ca_cert_blob (setting);
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_phase2_ca_cert_path:
* @setting: the #NMSetting8021x
*
* Returns the "phase 2" CA certificate path if the CA certificate is stored
* using the %NM_SETTING_802_1X_CK_SCHEME_PATH scheme. Not all EAP methods use
* a CA certificate (LEAP for example), and those that can take advantage of the
* CA certificate allow it to be unset. Note that lack of a CA certificate
* reduces security by allowing man-in-the-middle attacks, because the identity
* of the network cannot be confirmed by the client.
*
* Returns: path to the "phase 2" CA certificate file
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char *
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
nm_setting_802_1x_get_phase2_ca_cert_path (NMSetting8021x *setting)
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
{
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme;
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
scheme = nm_setting_802_1x_get_phase2_ca_cert_scheme (setting);
g_return_val_if_fail (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH, NULL);
return (const char *) (NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_ca_cert->data + strlen (SCHEME_PATH));
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_set_phase2_ca_cert:
* @setting: the #NMSetting8021x
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
* @value: when @scheme is set to either %NM_SETTING_802_1X_CK_SCHEME_PATH or
* %NM_SETTING_802_1X_CK_SCHEME_BLOB, pass the path of the "phase2" CA
* certificate file (PEM or DER format). The path must be UTF-8 encoded; use
* g_filename_to_utf8() to convert if needed. Passing NULL with any @scheme
* clears the "phase2" CA certificate.
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
* @scheme: desired storage scheme for the certificate
* @out_format: on successful return, the type of the certificate added
* @error: on unsuccessful return, an error
*
* Reads a certificate from disk and sets the #NMSetting8021x:phase2-ca-cert
* property with the raw certificate data if using the
* %NM_SETTING_802_1X_CK_SCHEME_BLOB scheme, or with the path to the certificate
* file if using the %NM_SETTING_802_1X_CK_SCHEME_PATH scheme.
*
* Returns: TRUE if the operation succeeded, FALSE if it was unsuccessful
**/
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
gboolean
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
nm_setting_802_1x_set_phase2_ca_cert (NMSetting8021x *self,
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
const char *value,
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme,
NMSetting8021xCKFormat *out_format,
GError **error)
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
{
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
GByteArray *data;
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
if (value) {
g_return_val_if_fail (g_utf8_validate (value, -1, NULL), FALSE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_return_val_if_fail ( scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB
|| scheme == NM_SETTING_802_1X_CK_SCHEME_PATH,
FALSE);
}
if (out_format)
g_return_val_if_fail (*out_format == NM_SETTING_802_1X_CK_FORMAT_UNKNOWN, FALSE);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
priv = NM_SETTING_802_1X_GET_PRIVATE (self);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/* Clear out any previous ca_cert blob */
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
if (priv->phase2_ca_cert) {
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_free (priv->phase2_ca_cert, TRUE);
priv->phase2_ca_cert = NULL;
}
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
if (!value)
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
return TRUE;
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
data = crypto_load_and_verify_certificate (value, &format, error);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (data) {
/* wpa_supplicant can only use raw x509 CA certs */
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
switch (format) {
case NM_CRYPTO_FILE_FORMAT_X509:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (out_format)
*out_format = NM_SETTING_802_1X_CK_FORMAT_X509;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
break;
default:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_free (data, TRUE);
data = NULL;
g_set_error (error,
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_PHASE2_CA_CERT);
break;
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
}
if (data) {
if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB)
priv->phase2_ca_cert = data;
else if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
/* Add the path scheme tag to the front, then the fielname */
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
priv->phase2_ca_cert = g_byte_array_sized_new (strlen (value) + strlen (SCHEME_PATH) + 1);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_append (priv->phase2_ca_cert, (const guint8 *) SCHEME_PATH, strlen (SCHEME_PATH));
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
g_byte_array_append (priv->phase2_ca_cert, (const guint8 *) value, strlen (value));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_append (priv->phase2_ca_cert, (const guint8 *) "\0", 1);
} else
g_assert_not_reached ();
}
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
}
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
return priv->phase2_ca_cert != NULL;
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
}
libnm-util: add 0.7 cert/key functions back Since there's a more or less direct mapping between the 0.7.x and the 0.8.x certificate and key operations, we might as well just deprecate them instead of removing them entirely.
2009-09-25 16:00:19 -07:00
/**
* nm_setting_802_1x_set_phase2_ca_cert_from_file:
* @setting: the #NMSetting8021x
* @filename: the path of the "phase2" CA certificate file (PEM or DER format).
* Passing NULL with any @scheme clears the "phase2" CA certificate.
* @out_ck_type: on successful return, the type of the certificate added
* @error: on unsuccessful return, an error
*
* Reads a certificate from disk and sets the #NMSetting8021x:phase2-ca-cert
* property with the raw certificate data.
*
* Deprecated: 0.8: This function has been deprecated and should
* not be used in newly written code. Calling this function is
* equivalent to calling nm_setting_802_1x_set_phase2_ca_cert().
* with the %NM_SETTING_802_1X_CK_SCHEME_BLOB scheme.
*
* Returns: TRUE if the operation succeeded, FALSE if it was unsuccessful
**/
gboolean
nm_setting_802_1x_set_phase2_ca_cert_from_file (NMSetting8021x *setting,
const char *filename,
NMSetting8021xCKType *out_ck_type,
GError **error)
{
gboolean success;
NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
success = nm_setting_802_1x_set_phase2_ca_cert (setting,
filename,
NM_SETTING_802_1X_CK_SCHEME_BLOB,
&format,
error);
if (success && out_ck_type)
*out_ck_type = ck_format_to_type (format);
return success;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_phase2_client_cert_scheme:
* @setting: the #NMSetting8021x
*
* Returns the scheme used to store the "phase 2" client certificate. If the
* returned scheme is %NM_SETTING_802_1X_CK_SCHEME_BLOB, use
* nm_setting_802_1x_get_client_cert_blob(); if
* %NM_SETTING_802_1X_CK_SCHEME_PATH, use
* nm_setting_802_1x_get_client_cert_path().
*
* Returns: scheme used to store the "phase 2" client certificate (blob or path)
**/
NMSetting8021xCKScheme
nm_setting_802_1x_get_phase2_client_cert_scheme (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NM_SETTING_802_1X_CK_SCHEME_UNKNOWN);
return get_cert_scheme (NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_client_cert);
}
/**
* nm_setting_802_1x_get_phase2_client_cert_blob:
* @setting: the #NMSetting8021x
*
* Client certificates are used to identify the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Returns: the "phase 2" client certificate data
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const GByteArray *
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
nm_setting_802_1x_get_phase2_client_cert_blob (NMSetting8021x *setting)
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
{
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme;
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
scheme = nm_setting_802_1x_get_phase2_client_cert_scheme (setting);
g_return_val_if_fail (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB, NULL);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_client_cert;
}
libnm-util: add 0.7 cert/key functions back Since there's a more or less direct mapping between the 0.7.x and the 0.8.x certificate and key operations, we might as well just deprecate them instead of removing them entirely.
2009-09-25 16:00:19 -07:00
/**
* nm_setting_802_1x_get_phase2_client_cert:
* @setting: the #NMSetting8021x
*
* Client certificates are used to identify the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Deprecated: 0.8: This function has been deprecated and should
* not be used in newly written code. Calling this function is
* equivalent to calling nm_setting_802_1x_get_phase2_client_cert_blob().
*
* Returns: the "phase 2" client certificate data
**/
const GByteArray *
nm_setting_802_1x_get_phase2_client_cert (NMSetting8021x *setting)
{
return nm_setting_802_1x_get_phase2_client_cert_blob (setting);
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_phase2_client_cert_path:
* @setting: the #NMSetting8021x
*
* Client certificates are used to identify the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Returns: path to the "phase 2" client certificate file
**/
const char *
nm_setting_802_1x_get_phase2_client_cert_path (NMSetting8021x *setting)
{
NMSetting8021xCKScheme scheme;
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
scheme = nm_setting_802_1x_get_phase2_client_cert_scheme (setting);
g_return_val_if_fail (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH, NULL);
return (const char *) (NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_client_cert->data + strlen (SCHEME_PATH));
}
/**
* nm_setting_802_1x_set_phase2_client_cert:
* @setting: the #NMSetting8021x
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
* @value: when @scheme is set to either %NM_SETTING_802_1X_CK_SCHEME_PATH or
* %NM_SETTING_802_1X_CK_SCHEME_BLOB, pass the path of the "phase2" client
* certificate file (PEM, DER, or PKCS#12 format). The path must be UTF-8
* encoded; use g_filename_to_utf8() to convert if needed. Passing NULL with
* any @scheme clears the "phase2" client certificate.
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
* @scheme: desired storage scheme for the certificate
* @out_format: on successful return, the type of the certificate added
* @error: on unsuccessful return, an error
*
* Reads a certificate from disk and sets the #NMSetting8021x:phase2-client-cert
* property with the raw certificate data if using the
* %NM_SETTING_802_1X_CK_SCHEME_BLOB scheme, or with the path to the certificate
* file if using the %NM_SETTING_802_1X_CK_SCHEME_PATH scheme.
*
* Client certificates are used to identify the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Returns: TRUE if the operation succeeded, FALSE if it was unsuccessful
**/
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
gboolean
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
nm_setting_802_1x_set_phase2_client_cert (NMSetting8021x *self,
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
const char *value,
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme,
NMSetting8021xCKFormat *out_format,
GError **error)
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
{
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
GByteArray *data;
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
if (value) {
g_return_val_if_fail (g_utf8_validate (value, -1, NULL), FALSE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_return_val_if_fail ( scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB
|| scheme == NM_SETTING_802_1X_CK_SCHEME_PATH,
FALSE);
}
if (out_format)
g_return_val_if_fail (*out_format == NM_SETTING_802_1X_CK_FORMAT_UNKNOWN, FALSE);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
priv = NM_SETTING_802_1X_GET_PRIVATE (self);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/* Clear out any previous ca_cert blob */
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
if (priv->phase2_client_cert) {
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_free (priv->phase2_client_cert, TRUE);
priv->phase2_client_cert = NULL;
}
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
if (!value)
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
return TRUE;
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
data = crypto_load_and_verify_certificate (value, &format, error);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (data) {
/* wpa_supplicant can only use raw x509 CA certs */
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
switch (format) {
case NM_CRYPTO_FILE_FORMAT_X509:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (out_format)
*out_format = NM_SETTING_802_1X_CK_FORMAT_X509;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
break;
case NM_CRYPTO_FILE_FORMAT_PKCS12:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (out_format)
*out_format = NM_SETTING_802_1X_CK_FORMAT_PKCS12;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
break;
default:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_free (data, TRUE);
data = NULL;
g_set_error (error,
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NM_SETTING_802_1X_PHASE2_CLIENT_CERT);
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
break;
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
}
if (data) {
if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB)
priv->phase2_client_cert = data;
else if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
/* Add the path scheme tag to the front, then the fielname */
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
priv->phase2_client_cert = g_byte_array_sized_new (strlen (value) + strlen (SCHEME_PATH) + 1);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_append (priv->phase2_client_cert, (const guint8 *) SCHEME_PATH, strlen (SCHEME_PATH));
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
g_byte_array_append (priv->phase2_client_cert, (const guint8 *) value, strlen (value));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_append (priv->phase2_client_cert, (const guint8 *) "\0", 1);
} else
g_assert_not_reached ();
}
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
}
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
return priv->phase2_client_cert != NULL;
}
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
libnm-util: add 0.7 cert/key functions back Since there's a more or less direct mapping between the 0.7.x and the 0.8.x certificate and key operations, we might as well just deprecate them instead of removing them entirely.
2009-09-25 16:00:19 -07:00
/**
* nm_setting_802_1x_set_phase2_client_cert_from_file:
* @setting: the #NMSetting8021x
* @filename: pass the path of the "phase2" client certificate file (PEM, DER,
* or PKCS#12 format). Passing NULL clears the "phase2" client certificate.
* @out_ck_type: on successful return, the type of the certificate added
* @error: on unsuccessful return, an error
*
* Reads a certificate from disk and sets the #NMSetting8021x:phase2-client-cert
* property with the raw certificate data.
*
* Client certificates are used to identify the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Deprecated: 0.8: This function has been deprecated and should
* not be used in newly written code. Calling this function is
* equivalent to calling nm_setting_802_1x_set_phase2_client_cert() with the.
* %NM_SETTING_802_1X_CK_SCHEME_BLOB scheme.
*
* Returns: TRUE if the operation succeeded, FALSE if it was unsuccessful
**/
gboolean
nm_setting_802_1x_set_phase2_client_cert_from_file (NMSetting8021x *setting,
const char *filename,
NMSetting8021xCKType *out_ck_type,
GError **error)
{
gboolean success;
NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
success = nm_setting_802_1x_set_phase2_client_cert (setting,
filename,
NM_SETTING_802_1X_CK_SCHEME_BLOB,
&format,
error);
if (success && out_ck_type)
*out_ck_type = ck_format_to_type (format);
return success;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_password:
* @setting: the #NMSetting8021x
*
* Returns: the password used by the authentication method, if any, as specified
* by the #NMSetting8021x:password property
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char *
nm_setting_802_1x_get_password (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
return NM_SETTING_802_1X_GET_PRIVATE (setting)->password;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_pin:
* @setting: the #NMSetting8021x
*
* Returns: the PIN used by the authentication method, if any, as specified
* by the #NMSetting8021x:pin property
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char *
nm_setting_802_1x_get_pin (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->pin;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_psk:
* @setting: the #NMSetting8021x
*
* Returns: the Pre-Shared-Key used by the authentication method, if any, as
* specified by the #NMSetting8021x:psk property
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const char *
nm_setting_802_1x_get_psk (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->psk;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_private_key_scheme:
* @setting: the #NMSetting8021x
*
* Returns the scheme used to store the private key. If the returned scheme is
* %NM_SETTING_802_1X_CK_SCHEME_BLOB, use
* nm_setting_802_1x_get_client_cert_blob(); if
* %NM_SETTING_802_1X_CK_SCHEME_PATH, use
* nm_setting_802_1x_get_client_cert_path().
*
* Returns: scheme used to store the private key (blob or path)
**/
NMSetting8021xCKScheme
nm_setting_802_1x_get_private_key_scheme (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NM_SETTING_802_1X_CK_SCHEME_UNKNOWN);
return get_cert_scheme (NM_SETTING_802_1X_GET_PRIVATE (setting)->private_key);
}
/**
* nm_setting_802_1x_get_private_key_blob:
* @setting: the #NMSetting8021x
*
* Private keys are used to authenticate the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Returns: the private key data
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const GByteArray *
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
nm_setting_802_1x_get_private_key_blob (NMSetting8021x *setting)
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
{
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme;
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
scheme = nm_setting_802_1x_get_private_key_scheme (setting);
g_return_val_if_fail (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB, NULL);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
return NM_SETTING_802_1X_GET_PRIVATE (setting)->private_key;
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
}
libnm-util: add 0.7 cert/key functions back Since there's a more or less direct mapping between the 0.7.x and the 0.8.x certificate and key operations, we might as well just deprecate them instead of removing them entirely.
2009-09-25 16:00:19 -07:00
/**
* nm_setting_802_1x_get_private_key:
* @setting: the #NMSetting8021x
*
* Private keys are used to authenticate the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Deprecated: 0.8: This function has been deprecated and should
* not be used in newly written code. Calling this function is
* equivalent to calling nm_setting_802_1x_get_private_key_blob().
*
* Returns: the private key data
**/
const GByteArray *
nm_setting_802_1x_get_private_key (NMSetting8021x *setting)
{
return nm_setting_802_1x_get_private_key_blob (setting);
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_private_key_path:
* @setting: the #NMSetting8021x
*
* Private keys are used to authenticate the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Returns: path to the private key file
**/
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
const char *
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
nm_setting_802_1x_get_private_key_path (NMSetting8021x *setting)
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
{
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
scheme = nm_setting_802_1x_get_private_key_scheme (setting);
g_return_val_if_fail (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH, NULL);
return (const char *) (NM_SETTING_802_1X_GET_PRIVATE (setting)->private_key->data + strlen (SCHEME_PATH));
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_set_private_key:
* @setting: the #NMSetting8021x
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
* @value: when @scheme is set to either %NM_SETTING_802_1X_CK_SCHEME_PATH or
* %NM_SETTING_802_1X_CK_SCHEME_BLOB, pass the path of the private key file
* (PEM, DER, or PKCS#12 format). The path must be UTF-8 encoded; use
* g_filename_to_utf8() to convert if needed. Passing NULL with any @scheme
* clears the private key.
libnm-util: doc fixes
2009-09-28 16:00:30 -07:00
* @password: password used to decrypt the private key
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
* @scheme: desired storage scheme for the private key
* @out_format: on successful return, the type of the private key added
* @error: on unsuccessful return, an error
*
* Reads a private key from disk and sets the #NMSetting8021x:private-key
* property with the raw private key data if using the
* %NM_SETTING_802_1X_CK_SCHEME_BLOB scheme, or with the path to the private key
* file if using the %NM_SETTING_802_1X_CK_SCHEME_PATH scheme.
*
* Private keys are used to authenticate the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Returns: TRUE if the operation succeeded, FALSE if it was unsuccessful
**/
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
gboolean
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
nm_setting_802_1x_set_private_key (NMSetting8021x *self,
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
const char *value,
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
const char *password,
NMSetting8021xCKScheme scheme,
NMSetting8021xCKFormat *out_format,
GError **error)
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
{
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
libnm-util: verify private keys with passwords; pkcs#12 crash fix For private keys, don't just verify that the key can be read; try to decrypt it to ensure that the password is actually valid. Also fix a stupid {} mistake that caused crashes when setting pkcs#12 certificates because the check for PATH scheme wouldn't happen and the private key would be NULL when trying to set the client cert to the same data as the private key.
2009-09-16 12:42:52 -07:00
NMCryptoKeyType key_type = NM_CRYPTO_KEY_TYPE_UNKNOWN;
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
GByteArray *data;
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
if (value) {
g_return_val_if_fail (g_utf8_validate (value, -1, NULL), FALSE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_return_val_if_fail ( scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB
|| scheme == NM_SETTING_802_1X_CK_SCHEME_PATH,
FALSE);
}
if (out_format)
g_return_val_if_fail (*out_format == NM_SETTING_802_1X_CK_FORMAT_UNKNOWN, FALSE);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
priv = NM_SETTING_802_1X_GET_PRIVATE (self);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/* Clear out any previous private key blob */
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
if (priv->private_key) {
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/* Try not to leave the private key around in memory */
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
memset (priv->private_key, 0, priv->private_key->len);
g_byte_array_free (priv->private_key, TRUE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
priv->private_key = NULL;
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
}
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
g_free (priv->private_key_password);
priv->private_key_password = NULL;
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
if (!value)
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
return TRUE;
libnm-util: verify private keys with passwords; pkcs#12 crash fix For private keys, don't just verify that the key can be read; try to decrypt it to ensure that the password is actually valid. Also fix a stupid {} mistake that caused crashes when setting pkcs#12 certificates because the check for PATH scheme wouldn't happen and the private key would be NULL when trying to set the client cert to the same data as the private key.
2009-09-16 12:42:52 -07:00
/* First verify private key password */
data = crypto_get_private_key (value,
password,
&key_type,
&format,
error);
if (!data) {
/* As a special case for private keys, even if the decrypt fails,
* return the key's file type.
*/
if (out_format && crypto_is_pkcs12_file (value, NULL))
*out_format = NM_SETTING_802_1X_CK_FORMAT_PKCS12;
return FALSE;
}
memset (data->data, 0, data->len);
g_byte_array_free (data, TRUE);
/* Regular file verification */
format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
data = crypto_load_and_verify_certificate (value, &format, error);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (data) {
/* wpa_supplicant can only use raw x509 CA certs */
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
switch (format) {
case NM_CRYPTO_FILE_FORMAT_RAW_KEY:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (out_format)
*out_format = NM_SETTING_802_1X_CK_FORMAT_RAW_KEY;
break;
case NM_CRYPTO_FILE_FORMAT_X509:
if (out_format)
*out_format = NM_SETTING_802_1X_CK_FORMAT_X509;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
break;
case NM_CRYPTO_FILE_FORMAT_PKCS12:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (out_format)
*out_format = NM_SETTING_802_1X_CK_FORMAT_PKCS12;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
break;
default:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_free (data, TRUE);
data = NULL;
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_PRIVATE_KEY);
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
break;
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
}
if (data) {
libnm-util: verify private keys with passwords; pkcs#12 crash fix For private keys, don't just verify that the key can be read; try to decrypt it to ensure that the password is actually valid. Also fix a stupid {} mistake that caused crashes when setting pkcs#12 certificates because the check for PATH scheme wouldn't happen and the private key would be NULL when trying to set the client cert to the same data as the private key.
2009-09-16 12:42:52 -07:00
if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB) {
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
priv->private_key = data;
/* Always update the private key for blob + pkcs12 since the
* pkcs12 files are encrypted
*/
if (format == NM_CRYPTO_FILE_FORMAT_PKCS12)
priv->private_key_password = g_strdup (password);
libnm-util: verify private keys with passwords; pkcs#12 crash fix For private keys, don't just verify that the key can be read; try to decrypt it to ensure that the password is actually valid. Also fix a stupid {} mistake that caused crashes when setting pkcs#12 certificates because the check for PATH scheme wouldn't happen and the private key would be NULL when trying to set the client cert to the same data as the private key.
2009-09-16 12:42:52 -07:00
} else if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/* Add the path scheme tag to the front, then the fielname */
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
priv->private_key = g_byte_array_sized_new (strlen (value) + strlen (SCHEME_PATH) + 1);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_append (priv->private_key, (const guint8 *) SCHEME_PATH, strlen (SCHEME_PATH));
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
g_byte_array_append (priv->private_key, (const guint8 *) value, strlen (value));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_append (priv->private_key, (const guint8 *) "\0", 1);
/* Always update the private key with paths since the key the
* cert refers to is encrypted.
*/
priv->private_key_password = g_strdup (password);
} else
g_assert_not_reached ();
/* As required by NM and wpa_supplicant, set the client-cert
* property to the same PKCS#12 data.
*/
if (format == NM_CRYPTO_FILE_FORMAT_PKCS12) {
if (priv->client_cert)
g_byte_array_free (priv->client_cert, TRUE);
priv->client_cert = g_byte_array_sized_new (priv->private_key->len);
g_byte_array_append (priv->client_cert, priv->private_key->data, priv->private_key->len);
}
}
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
} else {
/* As a special case for private keys, even if the decrypt fails,
* return the key's file type.
*/
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
if (out_format && crypto_is_pkcs12_file (value, NULL))
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
*out_format = NM_SETTING_802_1X_CK_FORMAT_PKCS12;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
}
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
return priv->private_key != NULL;
}
libnm-util: add 0.7 cert/key functions back Since there's a more or less direct mapping between the 0.7.x and the 0.8.x certificate and key operations, we might as well just deprecate them instead of removing them entirely.
2009-09-25 16:00:19 -07:00
/**
* nm_setting_802_1x_set_private_key_from_file:
* @setting: the #NMSetting8021x
* @filename: the path of the private key file (PEM, DER, or PKCS#12 format).
* Passing NULL clears the private key.
* @password: password used to decrypt the private key
* @out_ck_type: on successful return, the type of the private key added
* @error: on unsuccessful return, an error
*
* Reads a private key from disk and sets the #NMSetting8021x:private-key
* property with the raw private key data.
*
* Private keys are used to authenticate the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Deprecated: 0.8: This function has been deprecated and should
* not be used in newly written code. Calling this function is
* equivalent to calling nm_setting_802_1x_set_private_key() with.
* the %NM_SETTING_802_1X_CK_SCHEME_BLOB scheme.
*
* Returns: TRUE if the operation succeeded, FALSE if it was unsuccessful
**/
gboolean
nm_setting_802_1x_set_private_key_from_file (NMSetting8021x *setting,
const char *filename,
const char *password,
NMSetting8021xCKType *out_ck_type,
GError **error)
{
gboolean success;
NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
success = nm_setting_802_1x_set_private_key (setting,
filename,
password,
NM_SETTING_802_1X_CK_SCHEME_BLOB,
&format,
error);
if (success && out_ck_type)
*out_ck_type = ck_format_to_type (format);
return success;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_private_key_password:
* @setting: the #NMSetting8021x
*
* Returns: the private key password used to decrypt the private key if
* previously set with nm_setting_802_1x_set_private_key_from_file(),
* nm_setting_802_1x_set_private_key_path(), or the
* #NMSetting8021x:private-key-password property.
**/
const char *
nm_setting_802_1x_get_private_key_password (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->private_key_password;
}
/**
* nm_setting_802_1x_get_private_key_format:
* @setting: the #NMSetting8021x
*
* Returns: the data format of the private key data stored in the
* #NMSetting8021x:private-key property
**/
NMSetting8021xCKFormat
nm_setting_802_1x_get_private_key_format (NMSetting8021x *setting)
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
{
NMSetting8021xPrivate *priv;
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
const char *path;
GError *error = NULL;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NM_SETTING_802_1X_CK_FORMAT_UNKNOWN);
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
if (!priv->private_key)
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
return NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
switch (nm_setting_802_1x_get_private_key_scheme (setting)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
if (crypto_is_pkcs12_data (priv->private_key))
return NM_SETTING_802_1X_CK_FORMAT_PKCS12;
return NM_SETTING_802_1X_CK_FORMAT_X509;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
path = nm_setting_802_1x_get_private_key_path (setting);
if (crypto_is_pkcs12_file (path, &error))
return NM_SETTING_802_1X_CK_FORMAT_PKCS12;
if (error) {
/* Couldn't read the file or something */
g_error_free (error);
return NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
}
return NM_SETTING_802_1X_CK_FORMAT_X509;
default:
break;
}
return NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
}
libnm-util: add 0.7 cert/key functions back Since there's a more or less direct mapping between the 0.7.x and the 0.8.x certificate and key operations, we might as well just deprecate them instead of removing them entirely.
2009-09-25 16:00:19 -07:00
/**
* nm_setting_802_1x_get_private_key_type:
* @setting: the #NMSetting8021x
*
* Deprecated: 0.8: This function has been deprecated and should
* not be used in newly written code. Calling this function is
* equivalent to calling nm_setting_802_1x_get_private_key_format().
*
* Returns: the data format of the private key data stored in the
* #NMSetting8021x:private-key property
**/
NMSetting8021xCKType
nm_setting_802_1x_get_private_key_type (NMSetting8021x *setting)
{
return ck_format_to_type (nm_setting_802_1x_get_private_key_format (setting));
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_phase2_private_key_password:
* @setting: the #NMSetting8021x
*
* Returns: the private key password used to decrypt the private key if
* previously set with nm_setting_802_1x_set_phase2_private_key_from_file(),
* nm_setting_802_1x_set_phase2_private_key_path(), or the
* #NMSetting8021x:phase2-private-key-password property.
**/
const char *
nm_setting_802_1x_get_phase2_private_key_password (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_private_key_password;
}
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_phase2_private_key_scheme:
* @setting: the #NMSetting8021x
*
* Returns the scheme used to store the "phase 2" private key. If the returned
* scheme is %NM_SETTING_802_1X_CK_SCHEME_BLOB, use
* nm_setting_802_1x_get_client_cert_blob(); if
* %NM_SETTING_802_1X_CK_SCHEME_PATH, use
* nm_setting_802_1x_get_client_cert_path().
*
* Returns: scheme used to store the "phase 2" private key (blob or path)
**/
NMSetting8021xCKScheme
nm_setting_802_1x_get_phase2_private_key_scheme (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NM_SETTING_802_1X_CK_SCHEME_UNKNOWN);
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
return get_cert_scheme (NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_private_key);
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_phase2_private_key_blob:
* @setting: the #NMSetting8021x
*
* Private keys are used to authenticate the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Returns: the "phase 2" private key data
**/
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
const GByteArray *
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
nm_setting_802_1x_get_phase2_private_key_blob (NMSetting8021x *setting)
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
{
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme;
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
scheme = nm_setting_802_1x_get_phase2_private_key_scheme (setting);
g_return_val_if_fail (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB, NULL);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_private_key;
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
}
libnm-util: add 0.7 cert/key functions back Since there's a more or less direct mapping between the 0.7.x and the 0.8.x certificate and key operations, we might as well just deprecate them instead of removing them entirely.
2009-09-25 16:00:19 -07:00
/**
* nm_setting_802_1x_get_phase2_private_key:
* @setting: the #NMSetting8021x
*
* Private keys are used to authenticate the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Deprecated: 0.8: This function has been deprecated and should
* not be used in newly written code. Calling this function is
* equivalent to calling nm_setting_802_1x_get_private_key_blob().
*
* Returns: the "phase 2" private key data
**/
const GByteArray *
nm_setting_802_1x_get_phase2_private_key (NMSetting8021x *setting)
{
return nm_setting_802_1x_get_phase2_private_key_blob (setting);
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_phase2_private_key_path:
* @setting: the #NMSetting8021x
*
* Private keys are used to authenticate the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Returns: path to the "phase 2" private key file
**/
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
const char *
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
nm_setting_802_1x_get_phase2_private_key_path (NMSetting8021x *setting)
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
{
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
NMSetting8021xCKScheme scheme;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
scheme = nm_setting_802_1x_get_phase2_private_key_scheme (setting);
g_return_val_if_fail (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH, NULL);
return (const char *) (NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_private_key->data + strlen (SCHEME_PATH));
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_set_phase2_private_key:
* @setting: the #NMSetting8021x
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
* @value: when @scheme is set to either %NM_SETTING_802_1X_CK_SCHEME_PATH or
* %NM_SETTING_802_1X_CK_SCHEME_BLOB, pass the path of the "phase2" private
* key file (PEM, DER, or PKCS#12 format). The path must be UTF-8 encoded;
* use g_filename_to_utf8() to convert if needed. Passing NULL with any
* @scheme clears the "phase2" private key.
libnm-util: doc fixes
2009-09-28 16:00:30 -07:00
* @password: password used to decrypt the private key
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
* @scheme: desired storage scheme for the private key
* @out_format: on successful return, the type of the private key added
* @error: on unsuccessful return, an error
*
* Reads a "phase 2" private key from disk and sets the
* #NMSetting8021x:phase2-private-key property with the raw private key data if
* using the %NM_SETTING_802_1X_CK_SCHEME_BLOB scheme, or with the path to the
* private key file if using the %NM_SETTING_802_1X_CK_SCHEME_PATH scheme.
*
* Private keys are used to authenticate the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Returns: TRUE if the operation succeeded, FALSE if it was unsuccessful
**/
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
gboolean
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
nm_setting_802_1x_set_phase2_private_key (NMSetting8021x *self,
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
const char *value,
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
const char *password,
NMSetting8021xCKScheme scheme,
NMSetting8021xCKFormat *out_format,
GError **error)
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
{
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
libnm-util: verify private keys with passwords; pkcs#12 crash fix For private keys, don't just verify that the key can be read; try to decrypt it to ensure that the password is actually valid. Also fix a stupid {} mistake that caused crashes when setting pkcs#12 certificates because the check for PATH scheme wouldn't happen and the private key would be NULL when trying to set the client cert to the same data as the private key.
2009-09-16 12:42:52 -07:00
NMCryptoKeyType key_type = NM_CRYPTO_KEY_TYPE_UNKNOWN;
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
GByteArray *data;
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
if (value) {
g_return_val_if_fail (g_utf8_validate (value, -1, NULL), FALSE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_return_val_if_fail ( scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB
|| scheme == NM_SETTING_802_1X_CK_SCHEME_PATH,
FALSE);
}
if (out_format)
g_return_val_if_fail (*out_format == NM_SETTING_802_1X_CK_FORMAT_UNKNOWN, FALSE);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
priv = NM_SETTING_802_1X_GET_PRIVATE (self);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/* Clear out any previous private key blob */
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
if (priv->phase2_private_key) {
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/* Try not to leave the private key around in memory */
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
memset (priv->phase2_private_key, 0, priv->phase2_private_key->len);
g_byte_array_free (priv->phase2_private_key, TRUE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
priv->phase2_private_key = NULL;
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
}
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
g_free (priv->phase2_private_key_password);
priv->phase2_private_key_password = NULL;
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
if (!value)
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
return TRUE;
libnm-util: verify private keys with passwords; pkcs#12 crash fix For private keys, don't just verify that the key can be read; try to decrypt it to ensure that the password is actually valid. Also fix a stupid {} mistake that caused crashes when setting pkcs#12 certificates because the check for PATH scheme wouldn't happen and the private key would be NULL when trying to set the client cert to the same data as the private key.
2009-09-16 12:42:52 -07:00
/* First verify private key password */
data = crypto_get_private_key (value,
password,
&key_type,
&format,
error);
if (!data) {
/* As a special case for private keys, even if the decrypt fails,
* return the key's file type.
*/
if (out_format && crypto_is_pkcs12_file (value, NULL))
*out_format = NM_SETTING_802_1X_CK_FORMAT_PKCS12;
return FALSE;
}
memset (data->data, 0, data->len);
g_byte_array_free (data, TRUE);
format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
data = crypto_load_and_verify_certificate (value, &format, error);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (data) {
/* wpa_supplicant can only use raw x509 CA certs */
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
switch (format) {
case NM_CRYPTO_FILE_FORMAT_RAW_KEY:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (out_format)
*out_format = NM_SETTING_802_1X_CK_FORMAT_RAW_KEY;
break;
case NM_CRYPTO_FILE_FORMAT_X509:
if (out_format)
*out_format = NM_SETTING_802_1X_CK_FORMAT_X509;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
break;
case NM_CRYPTO_FILE_FORMAT_PKCS12:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (out_format)
*out_format = NM_SETTING_802_1X_CK_FORMAT_PKCS12;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
break;
default:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_free (data, TRUE);
data = NULL;
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_PHASE2_PRIVATE_KEY);
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
break;
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
}
if (data) {
libnm-util: verify private keys with passwords; pkcs#12 crash fix For private keys, don't just verify that the key can be read; try to decrypt it to ensure that the password is actually valid. Also fix a stupid {} mistake that caused crashes when setting pkcs#12 certificates because the check for PATH scheme wouldn't happen and the private key would be NULL when trying to set the client cert to the same data as the private key.
2009-09-16 12:42:52 -07:00
if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB) {
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
priv->phase2_private_key = data;
/* Always update the private key for blob + pkcs12 since the
* pkcs12 files are encrypted
*/
if (format == NM_CRYPTO_FILE_FORMAT_PKCS12)
priv->phase2_private_key_password = g_strdup (password);
libnm-util: verify private keys with passwords; pkcs#12 crash fix For private keys, don't just verify that the key can be read; try to decrypt it to ensure that the password is actually valid. Also fix a stupid {} mistake that caused crashes when setting pkcs#12 certificates because the check for PATH scheme wouldn't happen and the private key would be NULL when trying to set the client cert to the same data as the private key.
2009-09-16 12:42:52 -07:00
} else if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/* Add the path scheme tag to the front, then the fielname */
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
priv->phase2_private_key = g_byte_array_sized_new (strlen (value) + strlen (SCHEME_PATH) + 1);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_append (priv->phase2_private_key, (const guint8 *) SCHEME_PATH, strlen (SCHEME_PATH));
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
g_byte_array_append (priv->phase2_private_key, (const guint8 *) value, strlen (value));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_byte_array_append (priv->phase2_private_key, (const guint8 *) "\0", 1);
/* Always update the private key with paths since the key the
* cert refers to is encrypted.
*/
priv->phase2_private_key_password = g_strdup (password);
} else
g_assert_not_reached ();
/* As required by NM and wpa_supplicant, set the client-cert
* property to the same PKCS#12 data.
*/
if (format == NM_CRYPTO_FILE_FORMAT_PKCS12) {
if (priv->phase2_client_cert)
g_byte_array_free (priv->phase2_client_cert, TRUE);
priv->phase2_client_cert = g_byte_array_sized_new (priv->phase2_private_key->len);
g_byte_array_append (priv->phase2_client_cert, priv->phase2_private_key->data, priv->phase2_private_key->len);
}
}
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
} else {
/* As a special case for private keys, even if the decrypt fails,
* return the key's file type.
*/
libnm-util: clarify certificate/key path argument usage In the future we'll allow cert/key IDs too, so don't lock ourselves into filenames, but use the 'scheme' argument to specify what 'value' means.
2009-09-16 10:30:31 -07:00
if (out_format && crypto_is_pkcs12_file (value, NULL))
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
*out_format = NM_SETTING_802_1X_CK_FORMAT_PKCS12;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
}
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
return priv->phase2_private_key != NULL;
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
}
libnm-util: add 0.7 cert/key functions back Since there's a more or less direct mapping between the 0.7.x and the 0.8.x certificate and key operations, we might as well just deprecate them instead of removing them entirely.
2009-09-25 16:00:19 -07:00
/**
libnm-util: doc fixes
2009-09-28 16:00:30 -07:00
* nm_setting_802_1x_set_phase2_private_key_from_file:
libnm-util: add 0.7 cert/key functions back Since there's a more or less direct mapping between the 0.7.x and the 0.8.x certificate and key operations, we might as well just deprecate them instead of removing them entirely.
2009-09-25 16:00:19 -07:00
* @setting: the #NMSetting8021x
* @filename: the path of the "phase2" private key file (PEM, DER, or PKCS#12
* format). Passing NULL clears the "phase2" private key.
* @password: password used to decrypt the private key
* @out_ck_type: on successful return, the type of the private key added
* @error: on unsuccessful return, an error
*
* Reads a "phase 2" private key from disk and sets the
* #NMSetting8021x:phase2-private-key property with the raw private key data.
*
* Private keys are used to authenticate the connecting client to the network
* when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x
* authentication method.
*
* Deprecated: 0.8: This function has been deprecated and should
* not be used in newly written code. Calling this function is
* equivalent to calling nm_setting_802_1x_set_phase2_private_key() with
* the %NM_SETTING_802_1X_CK_SCHEME_BLOB scheme.
*
* Returns: TRUE if the operation succeeded, FALSE if it was unsuccessful
**/
gboolean
nm_setting_802_1x_set_phase2_private_key_from_file (NMSetting8021x *setting,
const char *filename,
const char *password,
NMSetting8021xCKType *out_ck_type,
GError **error)
{
gboolean success;
NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
success = nm_setting_802_1x_set_phase2_private_key (setting,
filename,
password,
NM_SETTING_802_1X_CK_SCHEME_BLOB,
&format,
error);
if (success && out_ck_type)
*out_ck_type = ck_format_to_type (format);
return success;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* nm_setting_802_1x_get_phase2_private_key_format:
* @setting: the #NMSetting8021x
*
* Returns: the data format of the "phase 2" private key data stored in the
* #NMSetting8021x:phase2-private-key property
**/
NMSetting8021xCKFormat
nm_setting_802_1x_get_phase2_private_key_format (NMSetting8021x *setting)
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
{
NMSetting8021xPrivate *priv;
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
const char *path;
GError *error = NULL;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NM_SETTING_802_1X_CK_FORMAT_UNKNOWN);
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
if (!priv->phase2_private_key)
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
return NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
switch (nm_setting_802_1x_get_phase2_private_key_scheme (setting)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
if (crypto_is_pkcs12_data (priv->phase2_private_key))
return NM_SETTING_802_1X_CK_FORMAT_PKCS12;
return NM_SETTING_802_1X_CK_FORMAT_X509;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
path = nm_setting_802_1x_get_phase2_private_key_path (setting);
if (crypto_is_pkcs12_file (path, &error))
return NM_SETTING_802_1X_CK_FORMAT_PKCS12;
if (error) {
/* Couldn't read the file or something */
g_error_free (error);
return NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
}
return NM_SETTING_802_1X_CK_FORMAT_X509;
default:
break;
}
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
return NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
}
libnm-util: add 0.7 cert/key functions back Since there's a more or less direct mapping between the 0.7.x and the 0.8.x certificate and key operations, we might as well just deprecate them instead of removing them entirely.
2009-09-25 16:00:19 -07:00
/**
* nm_setting_802_1x_get_phase2_private_key_type:
* @setting: the #NMSetting8021x
*
* Deprecated: 0.8: This function has been deprecated and should
* not be used in newly written code. Calling this function is
* equivalent to calling nm_setting_802_1x_get_phase2_private_key_format().
*
* Returns: the data format of the private key data stored in the
* #NMSetting8021x:phase2-private-key property
**/
NMSetting8021xCKType
nm_setting_802_1x_get_phase2_private_key_type (NMSetting8021x *setting)
{
return ck_format_to_type (nm_setting_802_1x_get_phase2_private_key_format (setting));
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
static void
need_secrets_password (NMSetting8021x *self,
GPtrArray *secrets,
gboolean phase2)
{
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (!priv->password || !strlen (priv->password))
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_ptr_array_add (secrets, NM_SETTING_802_1X_PASSWORD);
}
2008-03-17 Dan Williams <dcbw@redhat.com> Split the 802.1x bits out of the wireless-security setting so they are generalized enough for wired 802.1x to use too. * introspection/nm-exported-connection.xml - GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead of just a hash of the secrets for one setting * libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless-security.h - Remove 802.1x-specific stuff - Added leap-username and leap-password properties for old-school LEAP * src/nm-device.c src/nm-device.h - (connection_secrets_updated_cb): take a list of updated settings names, not just one * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-config.h - (nm_supplicant_config_add_setting_wireless_security): remove 802.1x specific stuff; fix for updated LEAP bits; punt 802.1x stuff to nm_supplicant_config_add_setting_8021x() - (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to the supplicant config * src/nm-device-802-11-wireless.c - (build_supplicant_config): pass in the 802.1x setting too, if any - (real_connection_secrets_updated): take a list of updated settings names, not just one * src/nm-device-802-3-ethernet.c src/nm-cdma-device.c src/nm-gsm-device.c - (real_connection_secrets_updated_cb): take a list of updated settings names, not just one * src/nm-activation-request.c src/nm-activation-request.h - (nm_act_request_class_init): the 'connection-secrets-updated' signal now passes a list of updated settings names, not just one - (update_one_setting): new function; handle one updated setting - (get_secrets_cb): handle multiple settings returned from the settings service; have to be careful of ordering here as there are some dependencies between settings (ex. wireless-security and 802.1x in some cases) * src/marshallers/nm-marshal.list - new marshaller for connection-secrets-updated signal * libnm-util/nm-setting-8021x.c - Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth methods - (verify): a valid 'eap' property is now required * libnm-util/nm-connection.c - (register_default_settings): add priorities to settings; there are some dependencies between settings, and during the need_secrets calls this priority needs to be respected. For example, only the wireless-security setting knows whether or not the connection is going to use 802.1x or now, so it must be asked for secrets before any existing 802.1x setting is - (nm_connection_lookup_setting_type): expose * libnm-util/nm-setting-wireless.c - (verify): should verify even if all_settings is NULL; otherwise won't catch the case where there is missing security * libnm-util/nm-setting-wireless-security.c - Remove everything to do with 802.1x - Add old-school LEAP specific properties for username and password - (need_secrets): rework LEAP secrets checking - (verify): rework for LEAP and 802.1x verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-17 19:37:23 +00:00
static void
need_secrets_sim (NMSetting8021x *self,
GPtrArray *secrets,
gboolean phase2)
{
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (!priv->pin || !strlen (priv->pin))
2008-03-17 Dan Williams <dcbw@redhat.com> Split the 802.1x bits out of the wireless-security setting so they are generalized enough for wired 802.1x to use too. * introspection/nm-exported-connection.xml - GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead of just a hash of the secrets for one setting * libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless-security.h - Remove 802.1x-specific stuff - Added leap-username and leap-password properties for old-school LEAP * src/nm-device.c src/nm-device.h - (connection_secrets_updated_cb): take a list of updated settings names, not just one * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-config.h - (nm_supplicant_config_add_setting_wireless_security): remove 802.1x specific stuff; fix for updated LEAP bits; punt 802.1x stuff to nm_supplicant_config_add_setting_8021x() - (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to the supplicant config * src/nm-device-802-11-wireless.c - (build_supplicant_config): pass in the 802.1x setting too, if any - (real_connection_secrets_updated): take a list of updated settings names, not just one * src/nm-device-802-3-ethernet.c src/nm-cdma-device.c src/nm-gsm-device.c - (real_connection_secrets_updated_cb): take a list of updated settings names, not just one * src/nm-activation-request.c src/nm-activation-request.h - (nm_act_request_class_init): the 'connection-secrets-updated' signal now passes a list of updated settings names, not just one - (update_one_setting): new function; handle one updated setting - (get_secrets_cb): handle multiple settings returned from the settings service; have to be careful of ordering here as there are some dependencies between settings (ex. wireless-security and 802.1x in some cases) * src/marshallers/nm-marshal.list - new marshaller for connection-secrets-updated signal * libnm-util/nm-setting-8021x.c - Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth methods - (verify): a valid 'eap' property is now required * libnm-util/nm-connection.c - (register_default_settings): add priorities to settings; there are some dependencies between settings, and during the need_secrets calls this priority needs to be respected. For example, only the wireless-security setting knows whether or not the connection is going to use 802.1x or now, so it must be asked for secrets before any existing 802.1x setting is - (nm_connection_lookup_setting_type): expose * libnm-util/nm-setting-wireless.c - (verify): should verify even if all_settings is NULL; otherwise won't catch the case where there is missing security * libnm-util/nm-setting-wireless-security.c - Remove everything to do with 802.1x - Add old-school LEAP specific properties for username and password - (need_secrets): rework LEAP secrets checking - (verify): rework for LEAP and 802.1x verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-17 19:37:23 +00:00
g_ptr_array_add (secrets, NM_SETTING_802_1X_PIN);
}
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
static gboolean
need_private_key_password (GByteArray *key, const char *password)
{
GError *error = NULL;
gboolean needed = TRUE;
/* See if a private key password is needed, which basically is whether
* or not the private key is a PKCS#12 file or not, since PKCS#1 files
* are decrypted by the settings service.
*/
if (!crypto_is_pkcs12_data (key))
return FALSE;
if (crypto_verify_pkcs12 (key, password, &error))
return FALSE; /* pkcs#12 validation successful */
/* If the error was a decryption error then a password is needed */
if (!error || g_error_matches (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED))
needed = TRUE;
g_clear_error (&error);
return needed;
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
static void
need_secrets_tls (NMSetting8021x *self,
GPtrArray *secrets,
gboolean phase2)
{
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
if (phase2) {
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
if (!priv->phase2_private_key || !priv->phase2_private_key->len)
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_ptr_array_add (secrets, NM_SETTING_802_1X_PHASE2_PRIVATE_KEY);
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
else if (need_private_key_password (priv->phase2_private_key, priv->phase2_private_key_password))
g_ptr_array_add (secrets, NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
} else {
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
if (!priv->private_key || !priv->private_key->len)
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_ptr_array_add (secrets, NM_SETTING_802_1X_PRIVATE_KEY);
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
else if (need_private_key_password (priv->private_key, priv->private_key_password))
g_ptr_array_add (secrets, NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
}
}
static gboolean
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
verify_tls (NMSetting8021x *self, gboolean phase2, GError **error)
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
{
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
if (phase2) {
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
if (!priv->phase2_client_cert) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_PHASE2_CLIENT_CERT);
return FALSE;
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
} else if (!priv->phase2_client_cert->len) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_PHASE2_CLIENT_CERT);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
return FALSE;
2008-04-15 Dan Williams <dcbw@redhat.com> * nm-setting-ip4-config.c - (ip4_addresses_from_gvalue): handle NULL address array * nm-setting-8021x.c - (verify_tls, verify_ttls): warn on failed verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3559 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-04-15 14:09:56 +00:00
}
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
/* If the private key is PKCS#12, check that it matches the client cert */
if (priv->phase2_private_key && crypto_is_pkcs12_data (priv->phase2_private_key)) {
if (priv->phase2_private_key->len != priv->phase2_client_cert->len) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_PHASE2_CLIENT_CERT);
return FALSE;
}
if (memcmp (priv->phase2_private_key->data,
priv->phase2_client_cert->data,
priv->phase2_private_key->len)) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_PHASE2_CLIENT_CERT);
return FALSE;
}
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
} else {
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
if (!priv->client_cert) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_CLIENT_CERT);
return FALSE;
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
} else if (!priv->client_cert->len) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_CLIENT_CERT);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
return FALSE;
2008-04-15 Dan Williams <dcbw@redhat.com> * nm-setting-ip4-config.c - (ip4_addresses_from_gvalue): handle NULL address array * nm-setting-8021x.c - (verify_tls, verify_ttls): warn on failed verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3559 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-04-15 14:09:56 +00:00
}
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
/* If the private key is PKCS#12, check that it matches the client cert */
if (priv->private_key && crypto_is_pkcs12_data (priv->private_key)) {
if (priv->private_key->len != priv->client_cert->len) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_CLIENT_CERT);
return FALSE;
}
if (memcmp (priv->private_key->data,
priv->client_cert->data,
priv->private_key->len)) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_CLIENT_CERT);
return FALSE;
}
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
}
return TRUE;
}
static gboolean
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
verify_ttls (NMSetting8021x *self, gboolean phase2, GError **error)
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
{
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if ( (!priv->identity || !strlen (priv->identity))
&& (!priv->anonymous_identity || !strlen (priv->anonymous_identity))) {
if (!priv->identity) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_IDENTITY);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
} else if (!strlen (priv->identity)) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_IDENTITY);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
} else if (!priv->anonymous_identity) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_ANONYMOUS_IDENTITY);
} else {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_ANONYMOUS_IDENTITY);
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
return FALSE;
2008-04-15 Dan Williams <dcbw@redhat.com> * nm-setting-ip4-config.c - (ip4_addresses_from_gvalue): handle NULL address array * nm-setting-8021x.c - (verify_tls, verify_ttls): warn on failed verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3559 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-04-15 14:09:56 +00:00
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
if ( (!priv->phase2_auth || !strlen (priv->phase2_auth))
&& (!priv->phase2_autheap || !strlen (priv->phase2_autheap))) {
if (!priv->phase2_auth) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_PHASE2_AUTH);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
} else if (!strlen (priv->phase2_auth)) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_PHASE2_AUTH);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
} else if (!priv->phase2_autheap) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_PHASE2_AUTHEAP);
} else {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_PHASE2_AUTHEAP);
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
return FALSE;
2008-04-15 Dan Williams <dcbw@redhat.com> * nm-setting-ip4-config.c - (ip4_addresses_from_gvalue): handle NULL address array * nm-setting-8021x.c - (verify_tls, verify_ttls): warn on failed verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3559 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-04-15 14:09:56 +00:00
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
return TRUE;
}
static gboolean
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
verify_identity (NMSetting8021x *self, gboolean phase2, GError **error)
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
{
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (!priv->identity) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_IDENTITY);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
} else if (!strlen (priv->identity)) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_IDENTITY);
}
return TRUE;
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
}
/* Implemented below... */
static void need_secrets_phase2 (NMSetting8021x *self,
GPtrArray *secrets,
gboolean phase2);
typedef void (*EAPMethodNeedSecretsFunc) (NMSetting8021x *self,
GPtrArray *secrets,
gboolean phase2);
typedef gboolean (*EAPMethodValidateFunc)(NMSetting8021x *self,
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
gboolean phase2,
GError **error);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
typedef struct {
const char *method;
EAPMethodNeedSecretsFunc ns_func;
EAPMethodValidateFunc v_func;
} EAPMethodsTable;
static EAPMethodsTable eap_methods_table[] = {
{ "leap", need_secrets_password, verify_identity },
{ "md5", need_secrets_password, verify_identity },
{ "pap", need_secrets_password, verify_identity },
{ "chap", need_secrets_password, verify_identity },
{ "mschap", need_secrets_password, verify_identity },
{ "mschapv2", need_secrets_password, verify_identity },
{ "fast", need_secrets_password, verify_identity },
{ "tls", need_secrets_tls, verify_tls },
2008-11-05 Tambet Ingo <tambet@gmail.com> * libnm-util/nm-setting-8021x.c: Verify PEAP settings as well. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4263 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-05 07:09:55 +00:00
{ "peap", need_secrets_phase2, verify_ttls },
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
{ "ttls", need_secrets_phase2, verify_ttls },
2008-03-17 Dan Williams <dcbw@redhat.com> Split the 802.1x bits out of the wireless-security setting so they are generalized enough for wired 802.1x to use too. * introspection/nm-exported-connection.xml - GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead of just a hash of the secrets for one setting * libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless-security.h - Remove 802.1x-specific stuff - Added leap-username and leap-password properties for old-school LEAP * src/nm-device.c src/nm-device.h - (connection_secrets_updated_cb): take a list of updated settings names, not just one * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-config.h - (nm_supplicant_config_add_setting_wireless_security): remove 802.1x specific stuff; fix for updated LEAP bits; punt 802.1x stuff to nm_supplicant_config_add_setting_8021x() - (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to the supplicant config * src/nm-device-802-11-wireless.c - (build_supplicant_config): pass in the 802.1x setting too, if any - (real_connection_secrets_updated): take a list of updated settings names, not just one * src/nm-device-802-3-ethernet.c src/nm-cdma-device.c src/nm-gsm-device.c - (real_connection_secrets_updated_cb): take a list of updated settings names, not just one * src/nm-activation-request.c src/nm-activation-request.h - (nm_act_request_class_init): the 'connection-secrets-updated' signal now passes a list of updated settings names, not just one - (update_one_setting): new function; handle one updated setting - (get_secrets_cb): handle multiple settings returned from the settings service; have to be careful of ordering here as there are some dependencies between settings (ex. wireless-security and 802.1x in some cases) * src/marshallers/nm-marshal.list - new marshaller for connection-secrets-updated signal * libnm-util/nm-setting-8021x.c - Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth methods - (verify): a valid 'eap' property is now required * libnm-util/nm-connection.c - (register_default_settings): add priorities to settings; there are some dependencies between settings, and during the need_secrets calls this priority needs to be respected. For example, only the wireless-security setting knows whether or not the connection is going to use 802.1x or now, so it must be asked for secrets before any existing 802.1x setting is - (nm_connection_lookup_setting_type): expose * libnm-util/nm-setting-wireless.c - (verify): should verify even if all_settings is NULL; otherwise won't catch the case where there is missing security * libnm-util/nm-setting-wireless-security.c - Remove everything to do with 802.1x - Add old-school LEAP specific properties for username and password - (need_secrets): rework LEAP secrets checking - (verify): rework for LEAP and 802.1x verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-17 19:37:23 +00:00
{ "sim", need_secrets_sim, NULL },
peap: add GTC as a recognized phase2 method (bgo #565065) (rh #451027) (lp #284211)
2009-07-29 14:08:54 -04:00
{ "gtc", need_secrets_password, verify_identity },
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
{ "otp", NULL, NULL }, // FIXME: implement
{ NULL, NULL, NULL }
};
static void
need_secrets_phase2 (NMSetting8021x *self,
GPtrArray *secrets,
gboolean phase2)
{
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
char *method = NULL;
int i;
g_return_if_fail (phase2 == FALSE);
/* Check phase2_auth and phase2_autheap */
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
method = priv->phase2_auth;
if (!method && priv->phase2_autheap)
method = priv->phase2_autheap;
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
if (!method) {
g_warning ("Couldn't find EAP method.");
g_assert_not_reached();
return;
}
/* Ask the configured phase2 method if it needs secrets */
for (i = 0; eap_methods_table[i].method; i++) {
if (eap_methods_table[i].ns_func == NULL)
continue;
if (strcmp (eap_methods_table[i].method, method)) {
(*eap_methods_table[i].ns_func) (self, secrets, TRUE);
break;
}
}
}
static GPtrArray *
need_secrets (NMSetting *setting)
{
NMSetting8021x *self = NM_SETTING_802_1X (setting);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
GSList *iter;
GPtrArray *secrets;
gboolean eap_method_found = FALSE;
secrets = g_ptr_array_sized_new (4);
/* Ask each configured EAP method if it needs secrets */
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
for (iter = priv->eap; iter && !eap_method_found; iter = g_slist_next (iter)) {
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
const char *method = (const char *) iter->data;
int i;
for (i = 0; eap_methods_table[i].method; i++) {
if (eap_methods_table[i].ns_func == NULL)
continue;
if (!strcmp (eap_methods_table[i].method, method)) {
(*eap_methods_table[i].ns_func) (self, secrets, FALSE);
/* Only break out of the outer loop if this EAP method
* needed secrets.
*/
if (secrets->len > 0)
eap_method_found = TRUE;
break;
}
}
}
if (secrets->len == 0) {
g_ptr_array_free (secrets, TRUE);
secrets = NULL;
}
return secrets;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
static gboolean
verify_cert (GByteArray *array, const char *prop_name, GError **error)
{
if (!array)
return TRUE;
switch (get_cert_scheme (array)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
return TRUE;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
/* For path-based schemes, verify that the path is zero-terminated */
if (array->data[array->len - 1] == '\0') {
/* And ensure it's UTF-8 valid too so we can pass it through
* D-Bus and stuff like that.
*/
if (g_utf8_validate ((const char *) (array->data + strlen (SCHEME_PATH)), -1, NULL))
return TRUE;
}
break;
default:
break;
}
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
prop_name);
return FALSE;
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
static gboolean
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
verify (NMSetting *setting, GSList *all_settings, GError **error)
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
{
NMSetting8021x *self = NM_SETTING_802_1X (setting);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
2008-03-17 Dan Williams <dcbw@redhat.com> Split the 802.1x bits out of the wireless-security setting so they are generalized enough for wired 802.1x to use too. * introspection/nm-exported-connection.xml - GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead of just a hash of the secrets for one setting * libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless-security.h - Remove 802.1x-specific stuff - Added leap-username and leap-password properties for old-school LEAP * src/nm-device.c src/nm-device.h - (connection_secrets_updated_cb): take a list of updated settings names, not just one * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-config.h - (nm_supplicant_config_add_setting_wireless_security): remove 802.1x specific stuff; fix for updated LEAP bits; punt 802.1x stuff to nm_supplicant_config_add_setting_8021x() - (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to the supplicant config * src/nm-device-802-11-wireless.c - (build_supplicant_config): pass in the 802.1x setting too, if any - (real_connection_secrets_updated): take a list of updated settings names, not just one * src/nm-device-802-3-ethernet.c src/nm-cdma-device.c src/nm-gsm-device.c - (real_connection_secrets_updated_cb): take a list of updated settings names, not just one * src/nm-activation-request.c src/nm-activation-request.h - (nm_act_request_class_init): the 'connection-secrets-updated' signal now passes a list of updated settings names, not just one - (update_one_setting): new function; handle one updated setting - (get_secrets_cb): handle multiple settings returned from the settings service; have to be careful of ordering here as there are some dependencies between settings (ex. wireless-security and 802.1x in some cases) * src/marshallers/nm-marshal.list - new marshaller for connection-secrets-updated signal * libnm-util/nm-setting-8021x.c - Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth methods - (verify): a valid 'eap' property is now required * libnm-util/nm-connection.c - (register_default_settings): add priorities to settings; there are some dependencies between settings, and during the need_secrets calls this priority needs to be respected. For example, only the wireless-security setting knows whether or not the connection is going to use 802.1x or now, so it must be asked for secrets before any existing 802.1x setting is - (nm_connection_lookup_setting_type): expose * libnm-util/nm-setting-wireless.c - (verify): should verify even if all_settings is NULL; otherwise won't catch the case where there is missing security * libnm-util/nm-setting-wireless-security.c - Remove everything to do with 802.1x - Add old-school LEAP specific properties for username and password - (need_secrets): rework LEAP secrets checking - (verify): rework for LEAP and 802.1x verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-17 19:37:23 +00:00
const char *valid_eap[] = { "leap", "md5", "tls", "peap", "ttls", "sim", "fast", NULL };
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
const char *valid_phase1_peapver[] = { "0", "1", NULL };
2008-07-02 Dan Williams <dcbw@redhat.com> * libnm-util/nm-setting-8021x.c - (verify): allow forcing the PEAP label to 0 git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3800 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-07-02 16:08:04 +00:00
const char *valid_phase1_peaplabel[] = { "0", "1", NULL };
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
const char *valid_phase1_fast_pac[] = { "0", "1", "2", "3", NULL };
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
const char *valid_phase2_auth[] = { "pap", "chap", "mschap", "mschapv2", "gtc", "otp", "md5", "tls", NULL };
const char *valid_phase2_autheap[] = { "md5", "mschapv2", "otp", "gtc", "tls", NULL };
2008-03-17 Dan Williams <dcbw@redhat.com> Split the 802.1x bits out of the wireless-security setting so they are generalized enough for wired 802.1x to use too. * introspection/nm-exported-connection.xml - GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead of just a hash of the secrets for one setting * libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless-security.h - Remove 802.1x-specific stuff - Added leap-username and leap-password properties for old-school LEAP * src/nm-device.c src/nm-device.h - (connection_secrets_updated_cb): take a list of updated settings names, not just one * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-config.h - (nm_supplicant_config_add_setting_wireless_security): remove 802.1x specific stuff; fix for updated LEAP bits; punt 802.1x stuff to nm_supplicant_config_add_setting_8021x() - (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to the supplicant config * src/nm-device-802-11-wireless.c - (build_supplicant_config): pass in the 802.1x setting too, if any - (real_connection_secrets_updated): take a list of updated settings names, not just one * src/nm-device-802-3-ethernet.c src/nm-cdma-device.c src/nm-gsm-device.c - (real_connection_secrets_updated_cb): take a list of updated settings names, not just one * src/nm-activation-request.c src/nm-activation-request.h - (nm_act_request_class_init): the 'connection-secrets-updated' signal now passes a list of updated settings names, not just one - (update_one_setting): new function; handle one updated setting - (get_secrets_cb): handle multiple settings returned from the settings service; have to be careful of ordering here as there are some dependencies between settings (ex. wireless-security and 802.1x in some cases) * src/marshallers/nm-marshal.list - new marshaller for connection-secrets-updated signal * libnm-util/nm-setting-8021x.c - Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth methods - (verify): a valid 'eap' property is now required * libnm-util/nm-connection.c - (register_default_settings): add priorities to settings; there are some dependencies between settings, and during the need_secrets calls this priority needs to be respected. For example, only the wireless-security setting knows whether or not the connection is going to use 802.1x or now, so it must be asked for secrets before any existing 802.1x setting is - (nm_connection_lookup_setting_type): expose * libnm-util/nm-setting-wireless.c - (verify): should verify even if all_settings is NULL; otherwise won't catch the case where there is missing security * libnm-util/nm-setting-wireless-security.c - Remove everything to do with 802.1x - Add old-school LEAP specific properties for username and password - (need_secrets): rework LEAP secrets checking - (verify): rework for LEAP and 802.1x verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-17 19:37:23 +00:00
GSList *iter;
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
if (error)
g_return_val_if_fail (*error == NULL, FALSE);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
if (!priv->eap) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_EAP);
2008-03-17 Dan Williams <dcbw@redhat.com> Split the 802.1x bits out of the wireless-security setting so they are generalized enough for wired 802.1x to use too. * introspection/nm-exported-connection.xml - GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead of just a hash of the secrets for one setting * libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless-security.h - Remove 802.1x-specific stuff - Added leap-username and leap-password properties for old-school LEAP * src/nm-device.c src/nm-device.h - (connection_secrets_updated_cb): take a list of updated settings names, not just one * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-config.h - (nm_supplicant_config_add_setting_wireless_security): remove 802.1x specific stuff; fix for updated LEAP bits; punt 802.1x stuff to nm_supplicant_config_add_setting_8021x() - (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to the supplicant config * src/nm-device-802-11-wireless.c - (build_supplicant_config): pass in the 802.1x setting too, if any - (real_connection_secrets_updated): take a list of updated settings names, not just one * src/nm-device-802-3-ethernet.c src/nm-cdma-device.c src/nm-gsm-device.c - (real_connection_secrets_updated_cb): take a list of updated settings names, not just one * src/nm-activation-request.c src/nm-activation-request.h - (nm_act_request_class_init): the 'connection-secrets-updated' signal now passes a list of updated settings names, not just one - (update_one_setting): new function; handle one updated setting - (get_secrets_cb): handle multiple settings returned from the settings service; have to be careful of ordering here as there are some dependencies between settings (ex. wireless-security and 802.1x in some cases) * src/marshallers/nm-marshal.list - new marshaller for connection-secrets-updated signal * libnm-util/nm-setting-8021x.c - Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth methods - (verify): a valid 'eap' property is now required * libnm-util/nm-connection.c - (register_default_settings): add priorities to settings; there are some dependencies between settings, and during the need_secrets calls this priority needs to be respected. For example, only the wireless-security setting knows whether or not the connection is going to use 802.1x or now, so it must be asked for secrets before any existing 802.1x setting is - (nm_connection_lookup_setting_type): expose * libnm-util/nm-setting-wireless.c - (verify): should verify even if all_settings is NULL; otherwise won't catch the case where there is missing security * libnm-util/nm-setting-wireless-security.c - Remove everything to do with 802.1x - Add old-school LEAP specific properties for username and password - (need_secrets): rework LEAP secrets checking - (verify): rework for LEAP and 802.1x verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-17 19:37:23 +00:00
return FALSE;
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
2008-11-20 Dan Williams <dcbw@redhat.com> * libnm-util/Makefile.am libnm-util/nm-utils-private.h - New header for internal utils private functions * libnm-util/libnm-util.ver libnm-util/nm-utils.c libnm-util/nm-utils.h - Document some functions - (nm_utils_string_in_list, nm_utils_string_list_contains, nm_utils_string_slist_validate): un-export, only used within libnm-util or of limited use in general, and very easy to re-implement by apps if needed * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-wired.c libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless.c - Update for private nm_utils_string_* functions git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4319 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-20 20:17:01 +00:00
if (!_nm_utils_string_slist_validate (priv->eap, valid_eap)) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_EAP);
2008-03-17 Dan Williams <dcbw@redhat.com> Split the 802.1x bits out of the wireless-security setting so they are generalized enough for wired 802.1x to use too. * introspection/nm-exported-connection.xml - GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead of just a hash of the secrets for one setting * libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless-security.h - Remove 802.1x-specific stuff - Added leap-username and leap-password properties for old-school LEAP * src/nm-device.c src/nm-device.h - (connection_secrets_updated_cb): take a list of updated settings names, not just one * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-config.h - (nm_supplicant_config_add_setting_wireless_security): remove 802.1x specific stuff; fix for updated LEAP bits; punt 802.1x stuff to nm_supplicant_config_add_setting_8021x() - (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to the supplicant config * src/nm-device-802-11-wireless.c - (build_supplicant_config): pass in the 802.1x setting too, if any - (real_connection_secrets_updated): take a list of updated settings names, not just one * src/nm-device-802-3-ethernet.c src/nm-cdma-device.c src/nm-gsm-device.c - (real_connection_secrets_updated_cb): take a list of updated settings names, not just one * src/nm-activation-request.c src/nm-activation-request.h - (nm_act_request_class_init): the 'connection-secrets-updated' signal now passes a list of updated settings names, not just one - (update_one_setting): new function; handle one updated setting - (get_secrets_cb): handle multiple settings returned from the settings service; have to be careful of ordering here as there are some dependencies between settings (ex. wireless-security and 802.1x in some cases) * src/marshallers/nm-marshal.list - new marshaller for connection-secrets-updated signal * libnm-util/nm-setting-8021x.c - Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth methods - (verify): a valid 'eap' property is now required * libnm-util/nm-connection.c - (register_default_settings): add priorities to settings; there are some dependencies between settings, and during the need_secrets calls this priority needs to be respected. For example, only the wireless-security setting knows whether or not the connection is going to use 802.1x or now, so it must be asked for secrets before any existing 802.1x setting is - (nm_connection_lookup_setting_type): expose * libnm-util/nm-setting-wireless.c - (verify): should verify even if all_settings is NULL; otherwise won't catch the case where there is missing security * libnm-util/nm-setting-wireless-security.c - Remove everything to do with 802.1x - Add old-school LEAP specific properties for username and password - (need_secrets): rework LEAP secrets checking - (verify): rework for LEAP and 802.1x verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-17 19:37:23 +00:00
return FALSE;
}
/* Ask each configured EAP method if its valid */
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
for (iter = priv->eap; iter; iter = g_slist_next (iter)) {
2008-03-17 Dan Williams <dcbw@redhat.com> Split the 802.1x bits out of the wireless-security setting so they are generalized enough for wired 802.1x to use too. * introspection/nm-exported-connection.xml - GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead of just a hash of the secrets for one setting * libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless-security.h - Remove 802.1x-specific stuff - Added leap-username and leap-password properties for old-school LEAP * src/nm-device.c src/nm-device.h - (connection_secrets_updated_cb): take a list of updated settings names, not just one * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-config.h - (nm_supplicant_config_add_setting_wireless_security): remove 802.1x specific stuff; fix for updated LEAP bits; punt 802.1x stuff to nm_supplicant_config_add_setting_8021x() - (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to the supplicant config * src/nm-device-802-11-wireless.c - (build_supplicant_config): pass in the 802.1x setting too, if any - (real_connection_secrets_updated): take a list of updated settings names, not just one * src/nm-device-802-3-ethernet.c src/nm-cdma-device.c src/nm-gsm-device.c - (real_connection_secrets_updated_cb): take a list of updated settings names, not just one * src/nm-activation-request.c src/nm-activation-request.h - (nm_act_request_class_init): the 'connection-secrets-updated' signal now passes a list of updated settings names, not just one - (update_one_setting): new function; handle one updated setting - (get_secrets_cb): handle multiple settings returned from the settings service; have to be careful of ordering here as there are some dependencies between settings (ex. wireless-security and 802.1x in some cases) * src/marshallers/nm-marshal.list - new marshaller for connection-secrets-updated signal * libnm-util/nm-setting-8021x.c - Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth methods - (verify): a valid 'eap' property is now required * libnm-util/nm-connection.c - (register_default_settings): add priorities to settings; there are some dependencies between settings, and during the need_secrets calls this priority needs to be respected. For example, only the wireless-security setting knows whether or not the connection is going to use 802.1x or now, so it must be asked for secrets before any existing 802.1x setting is - (nm_connection_lookup_setting_type): expose * libnm-util/nm-setting-wireless.c - (verify): should verify even if all_settings is NULL; otherwise won't catch the case where there is missing security * libnm-util/nm-setting-wireless-security.c - Remove everything to do with 802.1x - Add old-school LEAP specific properties for username and password - (need_secrets): rework LEAP secrets checking - (verify): rework for LEAP and 802.1x verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-17 19:37:23 +00:00
const char *method = (const char *) iter->data;
int i;
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
2008-03-17 Dan Williams <dcbw@redhat.com> Split the 802.1x bits out of the wireless-security setting so they are generalized enough for wired 802.1x to use too. * introspection/nm-exported-connection.xml - GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead of just a hash of the secrets for one setting * libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless-security.h - Remove 802.1x-specific stuff - Added leap-username and leap-password properties for old-school LEAP * src/nm-device.c src/nm-device.h - (connection_secrets_updated_cb): take a list of updated settings names, not just one * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-config.h - (nm_supplicant_config_add_setting_wireless_security): remove 802.1x specific stuff; fix for updated LEAP bits; punt 802.1x stuff to nm_supplicant_config_add_setting_8021x() - (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to the supplicant config * src/nm-device-802-11-wireless.c - (build_supplicant_config): pass in the 802.1x setting too, if any - (real_connection_secrets_updated): take a list of updated settings names, not just one * src/nm-device-802-3-ethernet.c src/nm-cdma-device.c src/nm-gsm-device.c - (real_connection_secrets_updated_cb): take a list of updated settings names, not just one * src/nm-activation-request.c src/nm-activation-request.h - (nm_act_request_class_init): the 'connection-secrets-updated' signal now passes a list of updated settings names, not just one - (update_one_setting): new function; handle one updated setting - (get_secrets_cb): handle multiple settings returned from the settings service; have to be careful of ordering here as there are some dependencies between settings (ex. wireless-security and 802.1x in some cases) * src/marshallers/nm-marshal.list - new marshaller for connection-secrets-updated signal * libnm-util/nm-setting-8021x.c - Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth methods - (verify): a valid 'eap' property is now required * libnm-util/nm-connection.c - (register_default_settings): add priorities to settings; there are some dependencies between settings, and during the need_secrets calls this priority needs to be respected. For example, only the wireless-security setting knows whether or not the connection is going to use 802.1x or now, so it must be asked for secrets before any existing 802.1x setting is - (nm_connection_lookup_setting_type): expose * libnm-util/nm-setting-wireless.c - (verify): should verify even if all_settings is NULL; otherwise won't catch the case where there is missing security * libnm-util/nm-setting-wireless-security.c - Remove everything to do with 802.1x - Add old-school LEAP specific properties for username and password - (need_secrets): rework LEAP secrets checking - (verify): rework for LEAP and 802.1x verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-17 19:37:23 +00:00
for (i = 0; eap_methods_table[i].method; i++) {
if (eap_methods_table[i].v_func == NULL)
continue;
if (!strcmp (eap_methods_table[i].method, method)) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
if (!(*eap_methods_table[i].v_func) (self, FALSE, error))
2008-03-17 Dan Williams <dcbw@redhat.com> Split the 802.1x bits out of the wireless-security setting so they are generalized enough for wired 802.1x to use too. * introspection/nm-exported-connection.xml - GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead of just a hash of the secrets for one setting * libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless-security.h - Remove 802.1x-specific stuff - Added leap-username and leap-password properties for old-school LEAP * src/nm-device.c src/nm-device.h - (connection_secrets_updated_cb): take a list of updated settings names, not just one * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-config.h - (nm_supplicant_config_add_setting_wireless_security): remove 802.1x specific stuff; fix for updated LEAP bits; punt 802.1x stuff to nm_supplicant_config_add_setting_8021x() - (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to the supplicant config * src/nm-device-802-11-wireless.c - (build_supplicant_config): pass in the 802.1x setting too, if any - (real_connection_secrets_updated): take a list of updated settings names, not just one * src/nm-device-802-3-ethernet.c src/nm-cdma-device.c src/nm-gsm-device.c - (real_connection_secrets_updated_cb): take a list of updated settings names, not just one * src/nm-activation-request.c src/nm-activation-request.h - (nm_act_request_class_init): the 'connection-secrets-updated' signal now passes a list of updated settings names, not just one - (update_one_setting): new function; handle one updated setting - (get_secrets_cb): handle multiple settings returned from the settings service; have to be careful of ordering here as there are some dependencies between settings (ex. wireless-security and 802.1x in some cases) * src/marshallers/nm-marshal.list - new marshaller for connection-secrets-updated signal * libnm-util/nm-setting-8021x.c - Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth methods - (verify): a valid 'eap' property is now required * libnm-util/nm-connection.c - (register_default_settings): add priorities to settings; there are some dependencies between settings, and during the need_secrets calls this priority needs to be respected. For example, only the wireless-security setting knows whether or not the connection is going to use 802.1x or now, so it must be asked for secrets before any existing 802.1x setting is - (nm_connection_lookup_setting_type): expose * libnm-util/nm-setting-wireless.c - (verify): should verify even if all_settings is NULL; otherwise won't catch the case where there is missing security * libnm-util/nm-setting-wireless-security.c - Remove everything to do with 802.1x - Add old-school LEAP specific properties for username and password - (need_secrets): rework LEAP secrets checking - (verify): rework for LEAP and 802.1x verification git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-17 19:37:23 +00:00
return FALSE;
break;
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
}
}
}
2008-11-20 Dan Williams <dcbw@redhat.com> * libnm-util/Makefile.am libnm-util/nm-utils-private.h - New header for internal utils private functions * libnm-util/libnm-util.ver libnm-util/nm-utils.c libnm-util/nm-utils.h - Document some functions - (nm_utils_string_in_list, nm_utils_string_list_contains, nm_utils_string_slist_validate): un-export, only used within libnm-util or of limited use in general, and very easy to re-implement by apps if needed * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-wired.c libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless.c - Update for private nm_utils_string_* functions git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4319 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-20 20:17:01 +00:00
if (priv->phase1_peapver && !_nm_utils_string_in_list (priv->phase1_peapver, valid_phase1_peapver)) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_PHASE1_PEAPVER);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
return FALSE;
}
2008-11-20 Dan Williams <dcbw@redhat.com> * libnm-util/Makefile.am libnm-util/nm-utils-private.h - New header for internal utils private functions * libnm-util/libnm-util.ver libnm-util/nm-utils.c libnm-util/nm-utils.h - Document some functions - (nm_utils_string_in_list, nm_utils_string_list_contains, nm_utils_string_slist_validate): un-export, only used within libnm-util or of limited use in general, and very easy to re-implement by apps if needed * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-wired.c libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless.c - Update for private nm_utils_string_* functions git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4319 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-20 20:17:01 +00:00
if (priv->phase1_peaplabel && !_nm_utils_string_in_list (priv->phase1_peaplabel, valid_phase1_peaplabel)) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_PHASE1_PEAPLABEL);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
return FALSE;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (priv->phase1_fast_provisioning && !_nm_utils_string_in_list (priv->phase1_fast_provisioning, valid_phase1_fast_pac)) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
return FALSE;
}
2008-11-20 Dan Williams <dcbw@redhat.com> * libnm-util/Makefile.am libnm-util/nm-utils-private.h - New header for internal utils private functions * libnm-util/libnm-util.ver libnm-util/nm-utils.c libnm-util/nm-utils.h - Document some functions - (nm_utils_string_in_list, nm_utils_string_list_contains, nm_utils_string_slist_validate): un-export, only used within libnm-util or of limited use in general, and very easy to re-implement by apps if needed * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-wired.c libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless.c - Update for private nm_utils_string_* functions git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4319 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-20 20:17:01 +00:00
if (priv->phase2_auth && !_nm_utils_string_in_list (priv->phase2_auth, valid_phase2_auth)) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_PHASE2_AUTH);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
return FALSE;
}
2008-11-20 Dan Williams <dcbw@redhat.com> * libnm-util/Makefile.am libnm-util/nm-utils-private.h - New header for internal utils private functions * libnm-util/libnm-util.ver libnm-util/nm-utils.c libnm-util/nm-utils.h - Document some functions - (nm_utils_string_in_list, nm_utils_string_list_contains, nm_utils_string_slist_validate): un-export, only used within libnm-util or of limited use in general, and very easy to re-implement by apps if needed * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-wired.c libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless.c - Update for private nm_utils_string_* functions git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4319 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-20 20:17:01 +00:00
if (priv->phase2_autheap && !_nm_utils_string_in_list (priv->phase2_autheap, valid_phase2_autheap)) {
2008-06-12 Dan Williams <dcbw@redhat.com> Add a GError argument to nm_connection_verify() and nm_setting_verify(), and add error enums to each NMSetting subclass. Each NMSetting subclass now returns a descriptive GError when verification fails. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-06-12 23:58:08 +00:00
g_set_error (error,
NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_PHASE2_AUTHEAP);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
return FALSE;
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (!verify_cert (priv->ca_cert, NM_SETTING_802_1X_CA_CERT, error))
return FALSE;
if (!verify_cert (priv->phase2_ca_cert, NM_SETTING_802_1X_PHASE2_CA_CERT, error))
return FALSE;
if (!verify_cert (priv->client_cert, NM_SETTING_802_1X_CLIENT_CERT, error))
return FALSE;
if (!verify_cert (priv->phase2_client_cert, NM_SETTING_802_1X_PHASE2_CLIENT_CERT, error))
return FALSE;
if (!verify_cert (priv->private_key, NM_SETTING_802_1X_PRIVATE_KEY, error))
return FALSE;
if (!verify_cert (priv->phase2_private_key, NM_SETTING_802_1X_PHASE2_PRIVATE_KEY, error))
return FALSE;
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
/* FIXME: finish */
return TRUE;
}
static void
nm_setting_802_1x_init (NMSetting8021x *setting)
{
2008-10-27 Dan Williams <dcbw@redhat.com> Patch from Tambet Ingo <tambet@gmail.com> * libnm-util/nm-setting.h libnm-util/nm-setting.c - Make properties private and add accessor functions * libnm-util/nm-connection.c libnm-util/nm-setting-8021x.c libnm-util/nm-setting-cdma.c libnm-util/nm-setting-connection.c libnm-util/nm-setting-gsm.c libnm-util/nm-setting-ip4-config.c libnm-util/nm-setting-ip6-config.c libnm-util/nm-setting-ppp.c libnm-util/nm-setting-pppoe.c libnm-util/nm-setting-serial.c libnm-util/nm-setting-template.c libnm-util/nm-setting-vpn.c libnm-util/nm-setting-wired.c libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless.c system-settings/plugins/keyfile/reader.c system-settings/plugins/keyfile/writer.c - Use setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4228 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-27 17:36:18 +00:00
g_object_set (setting, NM_SETTING_NAME, NM_SETTING_802_1X_SETTING_NAME, NULL);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
}
static void
finalize (GObject *object)
{
NMSetting8021x *self = NM_SETTING_802_1X (object);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
/* Strings first. g_free() already checks for NULLs so we don't have to */
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_free (priv->identity);
g_free (priv->anonymous_identity);
g_free (priv->ca_path);
g_free (priv->phase1_peapver);
g_free (priv->phase1_peaplabel);
g_free (priv->phase1_fast_provisioning);
g_free (priv->phase2_auth);
g_free (priv->phase2_autheap);
g_free (priv->phase2_ca_path);
g_free (priv->password);
nm_utils_slist_free (priv->eap, g_free);
if (priv->ca_cert)
g_byte_array_free (priv->ca_cert, TRUE);
if (priv->client_cert)
g_byte_array_free (priv->client_cert, TRUE);
if (priv->private_key)
g_byte_array_free (priv->private_key, TRUE);
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
g_free (priv->private_key_password);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
if (priv->phase2_ca_cert)
g_byte_array_free (priv->phase2_ca_cert, TRUE);
if (priv->phase2_client_cert)
g_byte_array_free (priv->phase2_client_cert, TRUE);
if (priv->phase2_private_key)
g_byte_array_free (priv->phase2_private_key, TRUE);
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
g_free (priv->phase2_private_key_password);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
G_OBJECT_CLASS (nm_setting_802_1x_parent_class)->finalize (object);
}
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
static GByteArray *
set_cert_prop_helper (const GValue *value, const char *prop_name, GError **error)
{
gboolean valid;
GByteArray *data = NULL;
data = g_value_dup_boxed (value);
/* Verify the new data */
if (data) {
valid = verify_cert (data, prop_name, error);
if (!valid) {
g_byte_array_free (data, TRUE);
data = NULL;
}
}
return data;
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
static void
set_property (GObject *object, guint prop_id,
const GValue *value, GParamSpec *pspec)
{
NMSetting8021x *setting = NM_SETTING_802_1X (object);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
GError *error = NULL;
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
switch (prop_id) {
case PROP_EAP:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
nm_utils_slist_free (priv->eap, g_free);
priv->eap = g_value_dup_boxed (value);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_IDENTITY:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_free (priv->identity);
priv->identity = g_value_dup_string (value);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_ANONYMOUS_IDENTITY:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_free (priv->anonymous_identity);
priv->anonymous_identity = g_value_dup_string (value);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_CA_CERT:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (priv->ca_cert) {
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_byte_array_free (priv->ca_cert, TRUE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
priv->ca_cert = NULL;
}
priv->ca_cert = set_cert_prop_helper (value, NM_SETTING_802_1X_CA_CERT, &error);
if (error) {
g_warning ("Error setting certificate (invalid data): (%d) %s",
error->code, error->message);
g_error_free (error);
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_CA_PATH:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_free (priv->ca_path);
priv->ca_path = g_value_dup_string (value);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_CLIENT_CERT:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (priv->client_cert) {
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_byte_array_free (priv->client_cert, TRUE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
priv->client_cert = NULL;
}
priv->client_cert = set_cert_prop_helper (value, NM_SETTING_802_1X_CLIENT_CERT, &error);
if (error) {
g_warning ("Error setting certificate (invalid data): (%d) %s",
error->code, error->message);
g_error_free (error);
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PHASE1_PEAPVER:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_free (priv->phase1_peapver);
priv->phase1_peapver = g_value_dup_string (value);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PHASE1_PEAPLABEL:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_free (priv->phase1_peaplabel);
priv->phase1_peaplabel = g_value_dup_string (value);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PHASE1_FAST_PROVISIONING:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_free (priv->phase1_fast_provisioning);
priv->phase1_fast_provisioning = g_value_dup_string (value);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PHASE2_AUTH:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_free (priv->phase2_auth);
priv->phase2_auth = g_value_dup_string (value);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PHASE2_AUTHEAP:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_free (priv->phase2_autheap);
priv->phase2_autheap = g_value_dup_string (value);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PHASE2_CA_CERT:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (priv->phase2_ca_cert) {
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_byte_array_free (priv->phase2_ca_cert, TRUE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
priv->phase2_ca_cert = NULL;
}
priv->phase2_ca_cert = set_cert_prop_helper (value, NM_SETTING_802_1X_PHASE2_CA_CERT, &error);
if (error) {
g_warning ("Error setting certificate (invalid data): (%d) %s",
error->code, error->message);
g_error_free (error);
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PHASE2_CA_PATH:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_free (priv->phase2_ca_path);
priv->phase2_ca_path = g_value_dup_string (value);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PHASE2_CLIENT_CERT:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (priv->phase2_client_cert) {
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_byte_array_free (priv->phase2_client_cert, TRUE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
priv->phase2_client_cert = NULL;
}
priv->phase2_client_cert = set_cert_prop_helper (value, NM_SETTING_802_1X_PHASE2_CLIENT_CERT, &error);
if (error) {
g_warning ("Error setting certificate (invalid data): (%d) %s",
error->code, error->message);
g_error_free (error);
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PASSWORD:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_free (priv->password);
priv->password = g_value_dup_string (value);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PRIVATE_KEY:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (priv->private_key) {
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_byte_array_free (priv->private_key, TRUE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
priv->private_key = NULL;
}
priv->private_key = set_cert_prop_helper (value, NM_SETTING_802_1X_PRIVATE_KEY, &error);
if (error) {
g_warning ("Error setting private key (invalid data): (%d) %s",
error->code, error->message);
g_error_free (error);
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
case PROP_PRIVATE_KEY_PASSWORD:
g_free (priv->private_key_password);
priv->private_key_password = g_value_dup_string (value);
break;
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
case PROP_PHASE2_PRIVATE_KEY:
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
if (priv->phase2_private_key) {
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_byte_array_free (priv->phase2_private_key, TRUE);
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
priv->phase2_private_key = NULL;
}
priv->phase2_private_key = set_cert_prop_helper (value, NM_SETTING_802_1X_PHASE2_PRIVATE_KEY, &error);
if (error) {
g_warning ("Error setting private key (invalid data): (%d) %s",
error->code, error->message);
g_error_free (error);
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
case PROP_PHASE2_PRIVATE_KEY_PASSWORD:
g_free (priv->phase2_private_key_password);
priv->phase2_private_key_password = g_value_dup_string (value);
break;
2008-11-21 Dan Williams <dcbw@redhat.com> Patch from Tambet Ingo <tambet@gmail.com> * configure.in libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Add configure-time option for the system CA path - Add 'system-ca-certs' option to 802.1x setting, which directs NetworkManager to use system CA certificates instead of any connection-defined CA certificates * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-settings-verify.c - Use system CA certificates if the connection says to do so git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4326 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-21 18:59:37 +00:00
case PROP_SYSTEM_CA_CERTS:
priv->system_ca_certs = g_value_get_boolean (value);
break;
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
}
}
static void
get_property (GObject *object, guint prop_id,
GValue *value, GParamSpec *pspec)
{
NMSetting8021x *setting = NM_SETTING_802_1X (object);
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
switch (prop_id) {
case PROP_EAP:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_boxed (value, priv->eap);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_IDENTITY:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_string (value, priv->identity);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_ANONYMOUS_IDENTITY:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_string (value, priv->anonymous_identity);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_CA_CERT:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_boxed (value, priv->ca_cert);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_CA_PATH:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_string (value, priv->ca_path);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_CLIENT_CERT:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_boxed (value, priv->client_cert);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PHASE1_PEAPVER:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_string (value, priv->phase1_peapver);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PHASE1_PEAPLABEL:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_string (value, priv->phase1_peaplabel);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PHASE1_FAST_PROVISIONING:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_string (value, priv->phase1_fast_provisioning);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PHASE2_AUTH:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_string (value, priv->phase2_auth);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PHASE2_AUTHEAP:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_string (value, priv->phase2_autheap);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PHASE2_CA_CERT:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_boxed (value, priv->phase2_ca_cert);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PHASE2_CA_PATH:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_string (value, priv->phase2_ca_path);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PHASE2_CLIENT_CERT:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_boxed (value, priv->phase2_client_cert);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PASSWORD:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_string (value, priv->password);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
case PROP_PRIVATE_KEY:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_boxed (value, priv->private_key);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
case PROP_PRIVATE_KEY_PASSWORD:
g_value_set_string (value, priv->private_key_password);
break;
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
case PROP_PHASE2_PRIVATE_KEY:
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_value_set_boxed (value, priv->phase2_private_key);
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
break;
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
case PROP_PHASE2_PRIVATE_KEY_PASSWORD:
g_value_set_string (value, priv->phase2_private_key_password);
break;
2008-11-21 Dan Williams <dcbw@redhat.com> Patch from Tambet Ingo <tambet@gmail.com> * configure.in libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Add configure-time option for the system CA path - Add 'system-ca-certs' option to 802.1x setting, which directs NetworkManager to use system CA certificates instead of any connection-defined CA certificates * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-settings-verify.c - Use system CA certificates if the connection says to do so git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4326 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-21 18:59:37 +00:00
case PROP_SYSTEM_CA_CERTS:
g_value_set_boolean (value, priv->system_ca_certs);
break;
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
}
}
static void
nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
{
GObjectClass *object_class = G_OBJECT_CLASS (setting_class);
NMSettingClass *parent_class = NM_SETTING_CLASS (setting_class);
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
GError *error = NULL;
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
2008-10-30 Dan Williams <dcbw@redhat.com> * libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Make properties private and add accessor functions * src/supplicant-manager/nm-supplicant-config.c system-settings/plugins/ifcfg-suse/parser.c - Use 802.1x setting accessors git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-10-30 18:12:46 +00:00
g_type_class_add_private (setting_class, sizeof (NMSetting8021xPrivate));
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
/* virtual methods */
object_class->set_property = set_property;
object_class->get_property = get_property;
object_class->finalize = finalize;
parent_class->verify = verify;
parent_class->need_secrets = need_secrets;
/* Properties */
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:eap:
*
* The allowed EAP method to be used when authenticating to the network with
* 802.1x. Valid methods are: "leap", "md5", "tls", "peap", "ttls", and
* "fast". Each method requires different configuration using the
* properties of this object; refer to wpa_supplicant documentation for the
* allowed combinations.
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_EAP,
Rename private nm_* functions to _nm_* git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4012 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-08-26 09:34:31 +00:00
_nm_param_spec_specialized (NM_SETTING_802_1X_EAP,
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
"EAP",
"EAP",
2008-03-29 Dan Williams <dcbw@redhat.com> * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-ip4-config.c libnm-util/nm-setting-vpn-properties.c libnm-util/nm-setting-vpn.c libnm-util/nm-setting-wireless-security.c libnm-util/nm-setting-wireless.c libnm-util/nm-utils.c src/dhcp-manager/nm-dhcp-manager.c src/nm-activation-request.c src/nm-ip4-config.c src/nm-manager.c src/nm-properties-changed-signal.c src/ppp-manager/nm-pppd-plugin.c src/supplicant-manager/nm-supplicant-interface.c src/vpn-manager/nm-vpn-connection.c - consistently use nm-dbus-glib-types.h git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3514 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-29 21:35:41 +00:00
DBUS_TYPE_G_LIST_OF_STRING,
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:identity:
*
* Identity string for EAP authentication methods. Often the user's
* user or login name.
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_IDENTITY,
g_param_spec_string (NM_SETTING_802_1X_IDENTITY,
"Identity",
"Identity",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:anonymous-identity:
*
* Anonymous identity string for EAP authentication methods. Used as the
* unencrypted identity with EAP types that support different tunelled
* identity like EAP-TTLS.
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_ANONYMOUS_IDENTITY,
g_param_spec_string (NM_SETTING_802_1X_ANONYMOUS_IDENTITY,
"Anonymous identity",
"Anonymous identity",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:ca-cert:
*
* Raw X.509 CA certificate data if used by the EAP method specified in the
* #NMSetting8021x:eap property. Can be unset even if the EAP method
* supports CA certificates, but this allows man-in-the-middle attacks and
* is NOT recommended. This property is cleared when the
* #NMSetting8021x:ca-cert-path property is set since the two are mutually
* exclusive.
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_CA_CERT,
Rename private nm_* functions to _nm_* git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4012 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-08-26 09:34:31 +00:00
_nm_param_spec_specialized (NM_SETTING_802_1X_CA_CERT,
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
"CA certificate",
"CA certificate",
DBUS_TYPE_G_UCHAR_ARRAY,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:ca-path:
*
* Path to a directory containing PEM or DER formatted certificates to be
* added to the verification chain in addition to the certificate specified
* in either of the #NMSetting8021x:ca-cert or #NMSetting8021x:ca-cert-path
* properties.
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_CA_PATH,
g_param_spec_string (NM_SETTING_802_1X_CA_PATH,
"CA path",
"CA path",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:client-cert:
*
* Raw X.509 client certificate data if used by the EAP method specified in
* the #NMSetting8021x:eap property. Currently only EAP-TLS supports client
* certificates. This property is cleared when the
* #NMSetting8021x:client-cert-path property is set since the two are mutually
* exclusive.
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_CLIENT_CERT,
Rename private nm_* functions to _nm_* git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4012 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-08-26 09:34:31 +00:00
_nm_param_spec_specialized (NM_SETTING_802_1X_CLIENT_CERT,
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
"Client certificate",
"Client certificate",
DBUS_TYPE_G_UCHAR_ARRAY,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:phase1-peapver:
*
* Forces which PEAP version is used when PEAP is set as the EAP method in
* the #NMSetting8021x:eap property. When unset, the version reported by
* the server will be used. Sometimes when using older RADIUS servers, it
* is necessary to force the client to use a particular PEAP version. To do
* so, this property may be set to "0" or "1" to force that specific PEAP
* version.
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_PHASE1_PEAPVER,
g_param_spec_string (NM_SETTING_802_1X_PHASE1_PEAPVER,
"Phase1 PEAPVER",
"Phase1 PEAPVER",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:phase1-peaplabel:
*
* Forces use of the new PEAP label during key derivation. Some RADIUS
* servers may require forcing the new PEAP label to interoperate with
* PEAPv1. Set to "1" to force use of the new PEAP label. See the
* wpa_supplicant documentation for more details.
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_PHASE1_PEAPLABEL,
g_param_spec_string (NM_SETTING_802_1X_PHASE1_PEAPLABEL,
"Phase1 PEAP label",
"Phase1 PEAP label",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:phase1-fast-provisioning:
*
* Enables or disables in-line provisioning of EAP-FAST credentials when
* FAST is specified as the EAP method in the #NMSetting8021x:eap property.
* Recognized values are "0" (disabled), "1" (allow unauthenticated
* provisioning), "2" (allow authenticated provisioning), and "3" (allow
* both authenticated and unauthenticated provisioning).
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_PHASE1_FAST_PROVISIONING,
g_param_spec_string (NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING,
"Phase1 fast provisioning",
"Phase1 fast provisioning",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:phase2-auth:
*
* Specifies the allowed "phase 2" inner non-EAP authentication methods when
* an EAP method that uses an inner TLS tunnel is specified in the
* #NMSetting8021x:eap property. Recognized non-EAP phase2 methods are
* "pap", "chap", "mschap", "mschapv2", "gtc", "otp", "md5", and "tls".
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_PHASE2_AUTH,
g_param_spec_string (NM_SETTING_802_1X_PHASE2_AUTH,
"Phase2 auth",
"Phase2 auth",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:phase2-autheap:
*
* Specifies the allowed "phase 2" inner EAP-based authentication methods
* when an EAP method that uses an inner TLS tunnel is specified in the
* #NMSetting8021x:eap property. Recognized EAP-based phase2 methods are
* "md5", "mschapv2", "otp", "gtc", and "tls".
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_PHASE2_AUTHEAP,
g_param_spec_string (NM_SETTING_802_1X_PHASE2_AUTHEAP,
"Phase2 autheap",
"Phase2 autheap",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:phase2-ca-cert:
*
* Raw X.509 CA certificate data if used by the authentication method
* specified in the #NMSetting8021x:phase2-auth or
* #NMSetting8021x:phase2-autheap properties. Can be unset even if the
* authentication method supports CA certificates, but this allows
* man-in-the-middle attacks and is NOT recommended. This property is
* cleared when the #NMSetting8021x:phase2-ca-cert-path property is set
* since the two are mutually exclusive.
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_PHASE2_CA_CERT,
Rename private nm_* functions to _nm_* git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4012 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-08-26 09:34:31 +00:00
_nm_param_spec_specialized (NM_SETTING_802_1X_PHASE2_CA_CERT,
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
"Phase2 CA certificate",
"Phase2 CA certificate",
DBUS_TYPE_G_UCHAR_ARRAY,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:phase2-ca-path:
*
* Path to a directory containing PEM or DER formatted certificates to be
* added to the verification chain in addition to the certificate specified
* in either of the #NMSetting8021x:phase2-ca-cert or
* #NMSetting8021x:phase2-ca-cert-path properties.
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_PHASE2_CA_PATH,
g_param_spec_string (NM_SETTING_802_1X_PHASE2_CA_PATH,
"Phase2 auth CA path",
"Phase2 auth CA path",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:phase2-client-cert:
*
* Raw X.509 client certificate data if used by the authentication method
* specified in the #NMSetting8021x:phase2-auth or
* #NMSetting8021x:phase2-autheap properties. Currently only TLS supports
* client certificates. This property is cleared when the
* #NMSetting8021x:phase2-client-cert-path property is set since the two are
* mutually exclusive.
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_PHASE2_CLIENT_CERT,
Rename private nm_* functions to _nm_* git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4012 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-08-26 09:34:31 +00:00
_nm_param_spec_specialized (NM_SETTING_802_1X_PHASE2_CLIENT_CERT,
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
"Phase2 client certificate",
"Phase2 client certificate",
DBUS_TYPE_G_UCHAR_ARRAY,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:password:
*
* Password used for EAP authentication methods.
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_PASSWORD,
g_param_spec_string (NM_SETTING_802_1X_PASSWORD,
"Password",
"Password",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_SECRET));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:private-key:
*
* When X.509 private keys are used by the EAP method specified in the
* #NMSetting8021x:eap property, contains the raw decrypted X.509 key
* data. When PKCS#12 format private keys are used, contains the PCKS#12
* data (which is encrypted) and the #NMSetting8021x:private-key-password
* property must also be set to the password used to decrypt the PKCS#12
* certificate and key. Currently only TLS supports private keys. When
* PKCS#12 format private keys are used, the #NMSetting8021x:client-cert
* must also be set to the same value.
*
* This property is cleared when the #NMSetting8021x:private-key-path
* property is set since the two are mutually exclusive.
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_PRIVATE_KEY,
Rename private nm_* functions to _nm_* git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4012 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-08-26 09:34:31 +00:00
_nm_param_spec_specialized (NM_SETTING_802_1X_PRIVATE_KEY,
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
"Private key",
"Private key",
DBUS_TYPE_G_UCHAR_ARRAY,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_SECRET));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:private-key-password:
*
* The password used to decrypt the private key specified by
* #NMSetting8021x:private-key or #NMSetting8021x:private-key-path
**/
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
g_object_class_install_property
(object_class, PROP_PRIVATE_KEY_PASSWORD,
g_param_spec_string (NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD,
"Private key password",
"Private key password",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_SECRET));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:phase2-private-key:
*
* Private key data used by "phase 2" inner authentication methods.
*
* When X.509 private keys are used by the authentication method specified
* by the #NMSetting8021x:phase2-auth or #NMSetting8021x:phase2-autheap
* properties, contains the raw decrypted X.509 key data. When PKCS#12
* format private keys are used, contains the PCKS#12 data (which is
* encrypted) and the #NMSetting8021x:private-key-password property must
* also be set to the password used to decrypt the PKCS#12 certificate and
* key. Currently only TLS supports private keys. When PKCS#12 format
* private keys are used, the #NMSetting8021x:phase2-client-cert must also
* be set to the same value.
*
* This property is cleared when the #NMSetting8021x:phase2-private-key-path
* property is set since the two are mutually exclusive.
**/
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
g_object_class_install_property
(object_class, PROP_PHASE2_PRIVATE_KEY,
Rename private nm_* functions to _nm_* git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4012 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-08-26 09:34:31 +00:00
_nm_param_spec_specialized (NM_SETTING_802_1X_PHASE2_PRIVATE_KEY,
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
"Phase2 private key",
"Phase2 private key",
DBUS_TYPE_G_UCHAR_ARRAY,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_SECRET));
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:phase2-private-key-password:
*
* The password used to decrypt the private key specified by
* #NMSetting8021x:phase2-private-key or
* #NMSetting8021x:phase2-private-key-path
**/
2008-11-13 Dan Williams <dcbw@redhat.com> Add support for PKCS#12 private keys (bgo #558982) * libnm-util/crypto.c libnm-util/crypto.h - (parse_old_openssl_key_file): rename from parse_key_file(); adapt to take a GByteArray instead of a filename - (file_to_g_byte_array): handle private key files too - (decrypt_key): take a GByteArray rather than data + len - (crypto_get_private_key_data): refactor crypto_get_private_key() into one function that takes a filename, and one that takes raw data; detect pkcs#12 files as well - (crypto_load_and_verify_certificate): detect file type - (crypto_is_pkcs12_data, crypto_is_pkcs12_file): add pkcs#12 detection functions * libnm-util/crypto_gnutls.c - (crypto_decrypt): take GByteArray rather than data + len; fix a bug whereby tail padding was incorrectly handled, leading to erroneous successes when trying to decrypt the data - (crypto_verify_cert): rework somewhat - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/crypto_nss.c - (crypto_init): enable various pkcs#12 ciphers - (crypto_decrypt): take a GByteArray rather than data + len - (crypto_verify_cert): clean up - (crypto_verify_pkcs12): validate pkcs#12 keys * libnm-util/test-crypto.c - Handle pkcs#12 keys * libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h libnm-util/libnm-util.ver - Add two new properties, 'private-key-password' and 'phase2-private-key-password', to be used in conjunction with pkcs#12 keys - (nm_setting_802_1x_set_ca_cert_from_file, nm_setting_802_1x_set_client_cert_from_file, nm_setting_802_1x_set_phase2_ca_cert_from_file, nm_setting_802_1x_set_phase2_client_from_file): return certificate type - (nm_setting_802_1x_get_private_key_password, nm_setting_802_1x_get_phase2_private_key_password): return private key passwords - (nm_setting_802_1x_set_private_key_from_file, nm_setting_802_1x_set_phase2_private_key_from_file): set the private key from a file, and update the private key password at the same time - (nm_setting_802_1x_get_private_key_type, nm_setting_802_1x_get_phase2_private_key_type): return the private key type * src/supplicant-manager/nm-supplicant-settings-verify.c - Whitelist private key passwords * src/supplicant-manager/nm-supplicant-config.c - (nm_supplicant_config_add_setting_8021x): for pkcs#12 private keys, add the private key password to the supplicant config, but do not add the client certificate (as required by wpa_supplicant) git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4280 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-13 21:19:08 +00:00
g_object_class_install_property
(object_class, PROP_PHASE2_PRIVATE_KEY_PASSWORD,
g_param_spec_string (NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD,
"Phase2 private key password",
"Phase2 private key password",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_SECRET));
libnm-util: allow certificate/key paths Overload the certificate and key properties to allow paths to the certificates and keys using a special prefix for the property data. Add API to libnm-util for easy certificate path handling, and documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
/**
* NMSetting8021x:system-ca-certs:
*
* When TRUE, overrides #NMSetting8021x:ca-path and
* #NMSetting8021x:phase2-ca-path properties using the system CA directory
* specified and configure time with the --system-ca-path switch. The
* certificates in this directory are added to the verification chain in
* addition to any certificates specified by the #NMSetting8021x:ca-cert,
* #NMSetting8021x:ca-cert-path, #NMSetting8021x:phase2-ca-cert and
* #NMSetting8021x:phase2-ca-cert-path properties.
**/
2008-11-21 Dan Williams <dcbw@redhat.com> Patch from Tambet Ingo <tambet@gmail.com> * configure.in libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Add configure-time option for the system CA path - Add 'system-ca-certs' option to 802.1x setting, which directs NetworkManager to use system CA certificates instead of any connection-defined CA certificates * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-settings-verify.c - Use system CA certificates if the connection says to do so git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4326 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-21 18:59:37 +00:00
g_object_class_install_property
(object_class, PROP_SYSTEM_CA_CERTS,
g_param_spec_boolean (NM_SETTING_802_1X_SYSTEM_CA_CERTS,
"Use system CA certificates",
"Use system CA certificates",
FALSE,
libnm-util: flag properties with G_PARAM_CONSTRUCT so default values get set This caused the 'autoconnect' property of NMSettingConnection to not get updated in some cases (as when a system setting plugin noticed a change to autoconnect=true and emitted the Updated signal, which wouldn't contain the new value). Add a testcase for setting default values too.
2009-02-01 20:18:21 -05:00
G_PARAM_READWRITE | G_PARAM_CONSTRUCT | NM_SETTING_PARAM_SERIALIZE));
2008-11-21 Dan Williams <dcbw@redhat.com> Patch from Tambet Ingo <tambet@gmail.com> * configure.in libnm-util/libnm-util.ver libnm-util/nm-setting-8021x.c libnm-util/nm-setting-8021x.h - Add configure-time option for the system CA path - Add 'system-ca-certs' option to 802.1x setting, which directs NetworkManager to use system CA certificates instead of any connection-defined CA certificates * src/supplicant-manager/nm-supplicant-config.c src/supplicant-manager/nm-supplicant-settings-verify.c - Use system CA certificates if the connection says to do so git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4326 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-11-21 18:59:37 +00:00
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
/* Initialize crypto lbrary. */
2008-09-08 Dan Williams <dcbw@redhat.com> Patch from Alexander Sack <asac@ubuntu.com> * libnm-util/crypto_gnutls.c libnm-util/crypto_nss.c - (crypto_init, crypto_deinit): just use a boolean instead of a refcount * libnm-util/nm-utils.c libnm-util/nm-utils.h libnm-util/libnm-util.ver - (nm_utils_init): initialize libnm-util - (nm_utils_deinit): de-initialize libnm-util and clean up resources * libnm-util/nm-setting-8021x.c - (nm_setting_802_1x_class_init): init libnm-util when needed git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4047 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-09-08 18:35:21 +00:00
if (!nm_utils_init (&error)) {
g_warning ("Couldn't initilize nm-utils/crypto system: %d %s",
2008-05-15 Tambet Ingo <tambet@gmail.com> Move crypto functions from nm-applet to libnm-util. * libnm-util/nm-setting-8021x.c (nm_setting_802_1x_set_ca_cert) (nm_setting_802_1x_set_client_cert) (nm_setting_802_1x_set_phase2_ca_cert) (nm_setting_802_1x_set_phase2_client_cert) (nm_setting_802_1x_set_private_key) (nm_setting_802_1x_set_phase2_private_key): Implement. Given a certificate file (or private key and it's password), read the certificate data. * libnm-util/crypto_nss.c: * libnm-util/crypto_gnutls.c: * libnm-util/crypto.[ch]: Move here from nm-applet. * configure.in: Check for NSS and gnutls here (moved here from nm-applet). * system-settings/plugins/ifcfg-suse/parser.c (read_wpa_eap_settings): Imlement WPA-EAP configuration reading from sysconfig. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3673 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-05-19 07:43:13 +00:00
error->code, error->message);
g_error_free (error);
}
commit de4e1e57541f62e610d5b622f2d38f5c84848daa Author: Tambet Ingo <tambet@gmail.com> Date: Fri Mar 14 16:38:48 2008 -0600 2008-03-14 Tambet Ingo <tambet@gmail.com> * libnm-util/Makefile.am: Add new files to build. * libnm-util/nm-connection.c: Register NMSetting8021x. * libnm-util/nm-setting-8021x.c * libnm-util/nm-setting-8021x.h: Implement. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3466 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
2008-03-14 22:40:35 +00:00
}
Reference in a new issue Copy permalink