diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c index b38f981fdf..f4a9c5edf8 100644 --- a/src/supplicant/nm-supplicant-settings-verify.c +++ b/src/supplicant/nm-supplicant-settings-verify.c @@ -49,94 +49,149 @@ static const struct validate_entry validate_table[] = { { TYPE_KEYWORD, validate_type_keyword }, }; -static const char *const pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL }; -static const char *const group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL }; -static const char *const proto_allowed[] = { "WPA", "RSN", NULL }; -static const char *const key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", "FT-PSK", - "WPA-EAP", "WPA-EAP-SHA256", "FT-EAP", "FT-EAP-SHA384", - "FILS-SHA256", "FILS-SHA384", - "FT-FILS-SHA256", "FT-FILS-SHA384", - "IEEE8021X", "SAE", "FT-SAE", - "OWE", "NONE", NULL }; -static const char *const auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL }; -static const char *const eap_allowed[] = { "LEAP", "MD5", "TLS", "PEAP", "TTLS", "SIM", - "PSK", "FAST", "PWD", NULL }; +static const char *const pairwise_allowed[] = { "CCMP", + "TKIP", + "NONE", + NULL }; -static const char *const phase1_allowed[] = { "peapver=0", "peapver=1", "peaplabel=1", - "peap_outer_success=0", "include_tls_length=1", - "sim_min_num_chal=3", "fast_provisioning=0", - "fast_provisioning=1", "fast_provisioning=2", - "fast_provisioning=3", "tls_disable_tlsv1_0=0", - "tls_disable_tlsv1_0=1", "tls_disable_tlsv1_1=0", - "tls_disable_tlsv1_1=1", "tls_disable_tlsv1_2=0", - "tls_disable_tlsv1_2=1", NULL }; -static const char *const phase2_allowed[] = { "auth=PAP", "auth=CHAP", "auth=MSCHAP", - "auth=MSCHAPV2", "auth=GTC", "auth=OTP", - "auth=MD5", "auth=TLS", "autheap=MD5", - "autheap=MSCHAPV2", "autheap=OTP", - "autheap=GTC", "autheap=TLS", NULL }; +static const char *const group_allowed[] = { "CCMP", + "TKIP", + "WEP104", + "WEP40", + NULL }; + +static const char *const proto_allowed[] = { "WPA", + "RSN", + NULL }; + +static const char *const key_mgmt_allowed[] = { "WPA-PSK", + "WPA-PSK-SHA256", + "FT-PSK", + "WPA-EAP", + "WPA-EAP-SHA256", + "FT-EAP", + "FT-EAP-SHA384", + "FILS-SHA256", + "FILS-SHA384", + "FT-FILS-SHA256", + "FT-FILS-SHA384", + "IEEE8021X", + "SAE", + "FT-SAE", + "OWE", + "NONE", + NULL }; + +static const char *const auth_alg_allowed[] = { "OPEN", + "SHARED", + "LEAP", + NULL }; + +static const char *const eap_allowed[] = { "LEAP", + "MD5", + "TLS", + "PEAP", + "TTLS", + "SIM", + "PSK", + "FAST", + "PWD", + NULL }; + +static const char *const phase1_allowed[] = { "peapver=0", + "peapver=1", + "peaplabel=1", + "peap_outer_success=0", + "include_tls_length=1", + "sim_min_num_chal=3", + "fast_provisioning=0", + "fast_provisioning=1", + "fast_provisioning=2", + "fast_provisioning=3", + "tls_disable_tlsv1_0=0", + "tls_disable_tlsv1_0=1", + "tls_disable_tlsv1_1=0", + "tls_disable_tlsv1_1=1", + "tls_disable_tlsv1_2=0", + "tls_disable_tlsv1_2=1", + NULL }; + +static const char *const phase2_allowed[] = { "auth=PAP", + "auth=CHAP", + "auth=MSCHAP", + "auth=MSCHAPV2", + "auth=GTC", + "auth=OTP", + "auth=MD5", + "auth=TLS", + "autheap=MD5", + "autheap=MSCHAPV2", + "autheap=OTP", + "autheap=GTC", + "autheap=TLS", + NULL }; static const struct Opt opt_table[] = { - { "ssid", TYPE_BYTES, 0, 32,FALSE, NULL }, - { "bssid", TYPE_KEYWORD, 0, 0, FALSE, NULL }, - { "scan_ssid", TYPE_INT, 0, 1, FALSE, NULL }, - { "frequency", TYPE_INT, 2412, 5825, FALSE, NULL }, - { "auth_alg", TYPE_KEYWORD, 0, 0, FALSE, auth_alg_allowed }, - { "psk", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pairwise", TYPE_KEYWORD, 0, 0, FALSE, pairwise_allowed }, - { "group", TYPE_KEYWORD, 0, 0, FALSE, group_allowed }, - { "proto", TYPE_KEYWORD, 0, 0, FALSE, proto_allowed }, - { "key_mgmt", TYPE_KEYWORD, 0, 0, FALSE, key_mgmt_allowed }, - { "wep_key0", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "wep_key1", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "wep_key2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "wep_key3", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "wep_tx_keyidx", TYPE_INT, 0, 3, FALSE, NULL }, - { "eapol_flags", TYPE_INT, 0, 3, FALSE, NULL }, - { "eap", TYPE_KEYWORD, 0, 0, FALSE, eap_allowed }, - { "identity", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "password", TYPE_UTF8, 0, 0, FALSE, NULL }, - { "ca_path", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "subject_match", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "altsubject_match", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "domain_suffix_match",TYPE_BYTES, 0, 0, FALSE, NULL }, - { "domain_match", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "ca_cert", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "client_cert", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "private_key", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "private_key_passwd", TYPE_BYTES, 0, 1024, FALSE, NULL }, - { "phase1", TYPE_KEYWORD, 0, 0, TRUE, phase1_allowed }, - { "phase2", TYPE_KEYWORD, 0, 0, TRUE, phase2_allowed }, - { "anonymous_identity", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "ca_path2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "subject_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "altsubject_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "domain_suffix_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "domain_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "ca_cert2", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "client_cert2", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "private_key2", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "private_key2_passwd",TYPE_BYTES, 0, 1024, FALSE, NULL }, - { "pin", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pcsc", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "nai", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "eappsk", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pac_file", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "engine", TYPE_INT, 0, 1, FALSE, NULL }, - { "engine_id", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "key_id", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "fragment_size", TYPE_INT, 1, 2000, FALSE, NULL }, - { "proactive_key_caching", TYPE_INT, 0, 1, FALSE, NULL }, - { "bgscan", TYPE_BYTES, 0, 0, FALSE, NULL }, - { "pac_file", TYPE_BYTES, 0, 1024, FALSE, NULL }, - { "freq_list", TYPE_KEYWORD, 0, 0, FALSE, NULL }, - { "macsec_policy", TYPE_INT, 0, 1, FALSE, NULL }, - { "macsec_integ_only", TYPE_INT, 0, 1, FALSE, NULL }, - { "mka_cak", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "mka_ckn", TYPE_BYTES, 0, 65536, FALSE, NULL }, - { "macsec_port", TYPE_INT, 1, 65534, FALSE, NULL }, - { "ieee80211w", TYPE_INT, 0, 2, FALSE, NULL }, - { "ignore_broadcast_ssid", TYPE_INT, 0, 2, FALSE, NULL }, + { "ssid", TYPE_BYTES, 0, 32, FALSE, NULL }, + { "bssid", TYPE_KEYWORD, 0, 0, FALSE, NULL }, + { "scan_ssid", TYPE_INT, 0, 1, FALSE, NULL }, + { "frequency", TYPE_INT, 2412, 5825, FALSE, NULL }, + { "auth_alg", TYPE_KEYWORD, 0, 0, FALSE, auth_alg_allowed }, + { "psk", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "pairwise", TYPE_KEYWORD, 0, 0, FALSE, pairwise_allowed }, + { "group", TYPE_KEYWORD, 0, 0, FALSE, group_allowed }, + { "proto", TYPE_KEYWORD, 0, 0, FALSE, proto_allowed }, + { "key_mgmt", TYPE_KEYWORD, 0, 0, FALSE, key_mgmt_allowed }, + { "wep_key0", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "wep_key1", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "wep_key2", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "wep_key3", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "wep_tx_keyidx", TYPE_INT, 0, 3, FALSE, NULL }, + { "eapol_flags", TYPE_INT, 0, 3, FALSE, NULL }, + { "eap", TYPE_KEYWORD, 0, 0, FALSE, eap_allowed }, + { "identity", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "password", TYPE_UTF8, 0, 0, FALSE, NULL }, + { "ca_path", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "subject_match", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "altsubject_match", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "domain_suffix_match", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "domain_match", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "ca_cert", TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "client_cert", TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "private_key", TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "private_key_passwd", TYPE_BYTES, 0, 1024, FALSE, NULL }, + { "phase1", TYPE_KEYWORD, 0, 0, TRUE, phase1_allowed }, + { "phase2", TYPE_KEYWORD, 0, 0, TRUE, phase2_allowed }, + { "anonymous_identity", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "ca_path2", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "subject_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "altsubject_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "domain_suffix_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "domain_match2", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "ca_cert2", TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "client_cert2", TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "private_key2", TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "private_key2_passwd", TYPE_BYTES, 0, 1024, FALSE, NULL }, + { "pin", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "pcsc", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "nai", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "eappsk", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "pac_file", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "engine", TYPE_INT, 0, 1, FALSE, NULL }, + { "engine_id", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "key_id", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "fragment_size", TYPE_INT, 1, 2000, FALSE, NULL }, + { "proactive_key_caching", TYPE_INT, 0, 1, FALSE, NULL }, + { "bgscan", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "pac_file", TYPE_BYTES, 0, 1024, FALSE, NULL }, + { "freq_list", TYPE_KEYWORD, 0, 0, FALSE, NULL }, + { "macsec_policy", TYPE_INT, 0, 1, FALSE, NULL }, + { "macsec_integ_only", TYPE_INT, 0, 1, FALSE, NULL }, + { "mka_cak", TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "mka_ckn", TYPE_BYTES, 0, 65536, FALSE, NULL }, + { "macsec_port", TYPE_INT, 1, 65534, FALSE, NULL }, + { "ieee80211w", TYPE_INT, 0, 2, FALSE, NULL }, + { "ignore_broadcast_ssid", TYPE_INT, 0, 2, FALSE, NULL }, }; static gboolean