ifcfg-rh: add missing functionality for reading/writing subject matches

subject-match              - IEEE_8021X_SUBJECT_MATCH
altsubject-matches         - IEEE_8021X_ALTSUBJECT_MATCHES
phase2-subject-match       - IEEE_8021X_PHASE2_SUBJECT_MATCH
phase2-altsubject-matches  - IEEE_8021X_PHASE2_ALTSUBJECT_MATCHES

And a testcase of course.

src/settings/plugins/ifcfg-rh/reader.c

@@ -3118,6 +3118,39 @@ static EAPReader eap_readers[] = {
 	{ NULL, NULL }
 };
 
+static void
+read_8021x_list_value (shvarFile *ifcfg,
+                       const char *ifcfg_var_name,
+                       NMSetting8021x *setting,
+                       const char *prop_name)
+{
+	char *value;
+	char **strv, **iter;
+	GSList *gslist = NULL;
+
+	g_return_if_fail (ifcfg != NULL);
+	g_return_if_fail (ifcfg_var_name != NULL);
+	g_return_if_fail (prop_name != NULL);
+
+	value = svGetValue (ifcfg, ifcfg_var_name, FALSE);
+	if (!value)
+		return;
+
+	strv = g_strsplit_set (value, " \t", 0);
+	for (iter = strv; iter && *iter; iter++) {
+		if (*iter[0] == '\0')
+			continue;
+		gslist = g_slist_prepend (gslist, *iter);
+	}
+	if (gslist) {
+		gslist = g_slist_reverse (gslist);
+		g_object_set (setting, prop_name, gslist, NULL);
+		g_slist_free (gslist);
+	}
+	g_strfreev (strv);
+	g_free (value);
+}
+
 static NMSetting8021x *
 fill_8021x (shvarFile *ifcfg,
             const char *file,
@@ -3194,6 +3227,19 @@ fill_8021x (shvarFile *ifcfg,
 		goto error;
 	}
 
+	value = svGetValue (ifcfg, "IEEE_8021X_SUBJECT_MATCH", FALSE);
+	g_object_set (s_8021x, NM_SETTING_802_1X_SUBJECT_MATCH, value, NULL);
+	g_free (value);
+
+	value = svGetValue (ifcfg, "IEEE_8021X_PHASE2_SUBJECT_MATCH", FALSE);
+	g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH, value, NULL);
+	g_free (value);
+
+	read_8021x_list_value (ifcfg, "IEEE_8021X_ALTSUBJECT_MATCHES",
+	                       s_8021x, NM_SETTING_802_1X_ALTSUBJECT_MATCHES);
+	read_8021x_list_value (ifcfg, "IEEE_8021X_PHASE2_ALTSUBJECT_MATCHES",
+	                       s_8021x, NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES);
+
 	if (list)
 		g_strfreev (list);
 	if (keys)

src/settings/plugins/ifcfg-rh/tests/network-scripts/Makefile.am

@@ -21,6 +21,7 @@ EXTRA_DIST = \
 	keys-test-wired-8021x-peap-mschapv2 \
 	ifcfg-test-wired-8021x-tls-agent \
 	ifcfg-test-wired-8021x-tls-always \
+	ifcfg-test-wired-802-1X-subj-matches \
 	ifcfg-test-onboot-no \
 	ifcfg-test-noip \
 	ifcfg-test-wifi-open \

src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-802-1X-subj-matches

@@ -0,0 +1,17 @@
+# Intel Corporation 82540EP Gigabit Ethernet Controller (Mobile)
+TYPE=Ethernet
+DEVICE=eth0
+HWADDR=00:11:22:33:44:ee
+BOOTPROTO=dhcp
+ONBOOT=yes
+NM_CONTROLLED=yes
+KEY_MGMT=IEEE8021X
+IEEE_8021X_EAP_METHODS=PEAP
+IEEE_8021X_IDENTITY="Jara Cimrman"
+IEEE_8021X_PEAP_VERSION=1
+IEEE_8021X_INNER_AUTH_METHODS=GTC
+IEEE_8021X_PASSWORD_FLAGS="user ask"
+IEEE_8021X_SUBJECT_MATCH=server1.yourdomain.tld
+IEEE_8021X_ALTSUBJECT_MATCHES="a.yourdomain.tld b.yourdomain.tld c.yourdomain.tld"
+IEEE_8021X_PHASE2_SUBJECT_MATCH=server2.yourdomain.tld
+IEEE_8021X_PHASE2_ALTSUBJECT_MATCHES="x.yourdomain.tld y.yourdomain.tld"

src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c

@@ -2753,6 +2753,82 @@ test_read_wired_8021x_tls_secret_flags (const char *ifcfg, NMSettingSecretFlags
 	g_object_unref (connection);
 }
 
+static void
+test_read_write_802_1X_subj_matches (void)
+{
+	NMConnection *connection, *reread;
+	NMSetting8021x *s_8021x;
+	char *written = NULL;
+	GError *error = NULL;
+	gboolean success = FALSE;
+
+	connection = connection_from_file (TEST_IFCFG_DIR"/network-scripts/ifcfg-test-wired-802-1X-subj-matches",
+	                                   NULL, TYPE_ETHERNET, NULL, NULL,
+	                                   NULL, NULL, NULL, &error, NULL);
+	g_assert_no_error (error);
+	g_assert (connection != NULL);
+
+	/* ===== 802.1x SETTING ===== */
+	s_8021x = nm_connection_get_setting_802_1x (connection);
+	g_assert (s_8021x);
+	g_assert_cmpint (nm_setting_802_1x_get_num_eap_methods (s_8021x), ==, 1);
+	g_assert_cmpstr (nm_setting_802_1x_get_eap_method (s_8021x, 0), ==, "peap");
+	g_assert_cmpstr (nm_setting_802_1x_get_identity (s_8021x), ==, "Jara Cimrman");
+	g_assert_cmpstr (nm_setting_802_1x_get_subject_match (s_8021x), ==, "server1.yourdomain.tld");
+	g_assert_cmpstr (nm_setting_802_1x_get_phase2_subject_match (s_8021x), ==, "server2.yourdomain.tld");
+	g_assert_cmpint (nm_setting_802_1x_get_num_altsubject_matches (s_8021x), ==, 3);
+	g_assert_cmpstr (nm_setting_802_1x_get_altsubject_match (s_8021x, 0), ==, "a.yourdomain.tld");
+	g_assert_cmpstr (nm_setting_802_1x_get_altsubject_match (s_8021x, 1), ==, "b.yourdomain.tld");
+	g_assert_cmpstr (nm_setting_802_1x_get_altsubject_match (s_8021x, 2), ==, "c.yourdomain.tld");
+	g_assert_cmpint (nm_setting_802_1x_get_num_phase2_altsubject_matches (s_8021x), ==, 2);
+	g_assert_cmpstr (nm_setting_802_1x_get_phase2_altsubject_match (s_8021x, 0), ==, "x.yourdomain.tld");
+	g_assert_cmpstr (nm_setting_802_1x_get_phase2_altsubject_match (s_8021x, 1), ==, "y.yourdomain.tld");
+
+	success = writer_new_connection (connection,
+	                                 TEST_SCRATCH_DIR "/network-scripts/",
+	                                 &written,
+	                                 &error);
+	g_assert (success);
+
+	/* reread will be normalized, so we must normalize connection too. */
+	nm_utils_normalize_connection (connection, TRUE);
+
+	/* re-read the connection for comparison */
+	reread = connection_from_file (written, NULL, TYPE_ETHERNET, NULL, NULL,
+	                               NULL, NULL, NULL, &error, NULL);
+	unlink (written);
+	g_free (written);
+
+	g_assert_no_error (error);
+	g_assert (reread != NULL);
+
+	success = nm_connection_verify (reread, &error);
+	g_assert_no_error (error);
+	g_assert (success);
+
+	success = nm_connection_compare (connection, reread, NM_SETTING_COMPARE_FLAG_EXACT);
+	g_assert (success);
+
+	/* Check 802.1X stuff of the re-read connection. */
+	s_8021x = nm_connection_get_setting_802_1x (reread);
+	g_assert (s_8021x);
+	g_assert_cmpint (nm_setting_802_1x_get_num_eap_methods (s_8021x), ==, 1);
+	g_assert_cmpstr (nm_setting_802_1x_get_eap_method (s_8021x, 0), ==, "peap");
+	g_assert_cmpstr (nm_setting_802_1x_get_identity (s_8021x), ==, "Jara Cimrman");
+	g_assert_cmpstr (nm_setting_802_1x_get_subject_match (s_8021x), ==, "server1.yourdomain.tld");
+	g_assert_cmpstr (nm_setting_802_1x_get_phase2_subject_match (s_8021x), ==, "server2.yourdomain.tld");
+	g_assert_cmpint (nm_setting_802_1x_get_num_altsubject_matches (s_8021x), ==, 3);
+	g_assert_cmpstr (nm_setting_802_1x_get_altsubject_match (s_8021x, 0), ==, "a.yourdomain.tld");
+	g_assert_cmpstr (nm_setting_802_1x_get_altsubject_match (s_8021x, 1), ==, "b.yourdomain.tld");
+	g_assert_cmpstr (nm_setting_802_1x_get_altsubject_match (s_8021x, 2), ==, "c.yourdomain.tld");
+	g_assert_cmpint (nm_setting_802_1x_get_num_phase2_altsubject_matches (s_8021x), ==, 2);
+	g_assert_cmpstr (nm_setting_802_1x_get_phase2_altsubject_match (s_8021x, 0), ==, "x.yourdomain.tld");
+	g_assert_cmpstr (nm_setting_802_1x_get_phase2_altsubject_match (s_8021x, 1), ==, "y.yourdomain.tld");
+
+	g_object_unref (connection);
+	g_object_unref (reread);
+}
+
 #define TEST_IFCFG_WIFI_OPEN TEST_IFCFG_DIR"/network-scripts/ifcfg-test-wifi-open"
 
 static void
@@ -13676,6 +13752,7 @@ int main (int argc, char **argv)
 	test_read_wired_8021x_tls_secret_flags (TEST_IFCFG_WIRED_8021X_TLS_AGENT, NM_SETTING_SECRET_FLAG_AGENT_OWNED);
 	test_read_wired_8021x_tls_secret_flags (TEST_IFCFG_WIRED_8021X_TLS_ALWAYS,
 	                                        NM_SETTING_SECRET_FLAG_AGENT_OWNED | NM_SETTING_SECRET_FLAG_NOT_SAVED);
+	g_test_add_func (TPATH "802-1x/subj-mathes", test_read_write_802_1X_subj_matches);
 	test_read_wifi_open ();
 	test_read_wifi_open_auto ();
 	test_read_wifi_open_ssid_hex ();

src/settings/plugins/ifcfg-rh/writer.c

@@ -447,10 +447,12 @@ write_8021x_setting (NMConnection *connection,
                      GError **error)
 {
 	NMSetting8021x *s_8021x;
-	const char *value;
+	const char *value, *match;
 	char *tmp = NULL;
 	gboolean success = FALSE;
 	GString *phase2_auth;
+	GString *str;
+	guint32 i, num;
 
 	s_8021x = nm_connection_get_setting_802_1x (connection);
 	if (!s_8021x) {
@@ -545,6 +547,40 @@ write_8021x_setting (NMConnection *connection,
 
 	g_string_free (phase2_auth, TRUE);
 
+	svSetValue (ifcfg, "IEEE_8021X_SUBJECT_MATCH",
+	            nm_setting_802_1x_get_subject_match (s_8021x),
+	            FALSE);
+
+	svSetValue (ifcfg, "IEEE_8021X_PHASE2_SUBJECT_MATCH",
+	            nm_setting_802_1x_get_phase2_subject_match (s_8021x),
+	            FALSE);
+
+	svSetValue (ifcfg, "IEEE_8021X_ALTSUBJECT_MATCHES", NULL, FALSE);
+	str = g_string_new (NULL);
+	num = nm_setting_802_1x_get_num_altsubject_matches (s_8021x);
+	for (i = 0; i < num; i++) {
+		if (i > 0)
+			g_string_append_c (str, ' ');
+		match = nm_setting_802_1x_get_altsubject_match (s_8021x, i);
+		g_string_append (str, match);
+	}
+	if (str->len > 0)
+		svSetValue (ifcfg, "IEEE_8021X_ALTSUBJECT_MATCHES", str->str, FALSE);
+	g_string_free (str, TRUE);
+
+	svSetValue (ifcfg, "IEEE_8021X_PHASE2_ALTSUBJECT_MATCHES", NULL, FALSE);
+	str = g_string_new (NULL);
+	num = nm_setting_802_1x_get_num_phase2_altsubject_matches (s_8021x);
+	for (i = 0; i < num; i++) {
+		if (i > 0)
+			g_string_append_c (str, ' ');
+		match = nm_setting_802_1x_get_phase2_altsubject_match (s_8021x, i);
+		g_string_append (str, match);
+	}
+	if (str->len > 0)
+		svSetValue (ifcfg, "IEEE_8021X_PHASE2_ALTSUBJECT_MATCHES", str->str, FALSE);
+	g_string_free (str, TRUE);
+
 	success = write_8021x_certs (s_8021x, FALSE, ifcfg, error);
 	if (success) {
 		/* phase2/inner certs */