fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-02-03 18:20:29 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

libnm: add NMWireGuardPeer and libnm support for peers

Browse source
This commit is contained in:
Thomas Haller 2019-01-30 12:36:13 +01:00
parent b521f426ab
commit e148ec07d5
9 changed files with 2426 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

80
clients/common/nm-secret-agent-simple.c
View file

@ -214,6 +214,32 @@ _secret_real_new_vpn_secret (const char *pretty_name,
return &real->base;
}
static NMSecretAgentSimpleSecret *
_secret_real_new_wireguard_peer_psk (NMSettingWireGuard *s_wg,
const char *public_key,
const char *preshared_key)
{
SecretReal *real;
nm_assert (NM_IS_SETTING_WIREGUARD (s_wg));
nm_assert (public_key);
real = g_slice_new (SecretReal);
*real = (SecretReal) {
.base.secret_type = NM_SECRET_AGENT_SECRET_TYPE_WIREGUARD_PEER_PSK,
.base.pretty_name = g_strdup_printf (_("Preshared-key for %s"),
public_key),
.base.entry_id = g_strdup_printf (NM_SETTING_WIREGUARD_SETTING_NAME"."NM_SETTING_WIREGUARD_PEERS".%s."NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY,
public_key),
.base.value = g_strdup (preshared_key),
.base.is_secret = TRUE,
.base.no_prompt_entry_id = TRUE,
.setting = NM_SETTING (g_object_ref (s_wg)),
.property = g_strdup (public_key),
};
return &real->base;
}
/*****************************************************************************/
static gboolean
@ -464,19 +490,37 @@ add_wireguard_secrets (RequestData *request,
}
if (request->hints) {
for (i = 0; request->hints[i]; i++) {
NMWireGuardPeer *peer;
const char *name = request->hints[i];
gs_free char *peer_name = NULL;
gs_free char *public_key = NULL;
if (nm_streq (name, NM_SETTING_WIREGUARD_PRIVATE_KEY))
continue;
/* TODO: add support for WireGuard peers and their preshared-key. */
g_set_error (error, NM_SECRET_AGENT_ERROR, NM_SECRET_AGENT_ERROR_FAILED,
_("Cannot service unknown WireGuard hint '%s' for secrets request %s"),
name,
request->request_id);
return FALSE;
if (NM_STR_HAS_PREFIX (name, NM_SETTING_WIREGUARD_PEERS".")) {
const char *tmp;
tmp = &name[NM_STRLEN (NM_SETTING_WIREGUARD_PEERS".")];
if (NM_STR_HAS_SUFFIX (tmp, "."NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY)) {
public_key = g_strndup (tmp,
strlen (tmp) - NM_STRLEN ("."NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY));
}
}
if (!public_key)
continue;
peer = nm_setting_wireguard_get_peer_by_public_key (s_wg, public_key, NULL);
g_ptr_array_add (secrets, _secret_real_new_wireguard_peer_psk (s_wg,
( peer
? nm_wireguard_peer_get_public_key (peer)
: public_key),
( peer
? nm_wireguard_peer_get_preshared_key (peer)
: NULL)));
}
}
@ -1034,10 +1078,13 @@ nm_secret_agent_simple_response (NMSecretAgentSimple *self,
if (secrets) {
GVariantBuilder conn_builder, *setting_builder;
GVariantBuilder vpn_secrets_builder;
GVariantBuilder wg_secrets_builder;
GVariantBuilder wg_peer_builder;
GHashTable *settings;
GHashTableIter iter;
const char *name;
gboolean has_vpn = FALSE;
gboolean has_wg = FALSE;
settings = g_hash_table_new (nm_str_hash, g_str_equal);
for (i = 0; i < secrets->len; i++) {
@ -1065,6 +1112,19 @@ nm_secret_agent_simple_response (NMSecretAgentSimple *self,
g_variant_builder_add (&vpn_secrets_builder, "{ss}",
secret->property, secret->base.value);
break;
case NM_SECRET_AGENT_SECRET_TYPE_WIREGUARD_PEER_PSK:
if (!has_wg) {
g_variant_builder_init (&wg_secrets_builder, G_VARIANT_TYPE ("aa{sv}"));
has_wg = TRUE;
}
g_variant_builder_init (&wg_peer_builder, G_VARIANT_TYPE ("a{sv}"));
g_variant_builder_add (&wg_peer_builder, "{sv}",
NM_WIREGUARD_PEER_ATTR_PUBLIC_KEY, g_variant_new_string (secret->property));
g_variant_builder_add (&wg_peer_builder, "{sv}",
NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY, g_variant_new_string (secret->base.value));
g_variant_builder_add (&wg_secrets_builder, "a{sv}",
&wg_peer_builder);
break;
}
}
@ -1074,6 +1134,12 @@ nm_secret_agent_simple_response (NMSecretAgentSimple *self,
g_variant_builder_end (&vpn_secrets_builder));
}
if (has_wg) {
g_variant_builder_add (setting_builder, "{sv}",
NM_SETTING_WIREGUARD_PEERS,
g_variant_builder_end (&wg_secrets_builder));
}
g_variant_builder_init (&conn_builder, NM_VARIANT_TYPE_CONNECTION);
g_hash_table_iter_init (&iter, settings);
while (g_hash_table_iter_next (&iter, (gpointer *) &name, (gpointer *) &setting_builder))

1
clients/common/nm-secret-agent-simple.h
View file

@ -25,6 +25,7 @@ typedef enum {
NM_SECRET_AGENT_SECRET_TYPE_PROPERTY,
NM_SECRET_AGENT_SECRET_TYPE_SECRET,
NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET,
NM_SECRET_AGENT_SECRET_TYPE_WIREGUARD_PEER_PSK,
} NMSecretAgentSecretType;
typedef struct {

12
libnm-core/nm-core-internal.h
View file

@ -634,6 +634,15 @@ NM_AUTO_DEFINE_FCN_VOID0 (NMSockAddrEndpoint *, _nm_auto_unref_sockaddrendpoint,
/*****************************************************************************/
NMSockAddrEndpoint *_nm_wireguard_peer_get_endpoint (const NMWireGuardPeer *self);
void _nm_wireguard_peer_set_endpoint (NMWireGuardPeer *self,
NMSockAddrEndpoint *endpoint);
void _nm_wireguard_peer_set_public_key_bin (NMWireGuardPeer *self,
const guint8 public_key[static NM_WIREGUARD_PUBLIC_KEY_LEN]);
/*****************************************************************************/
typedef struct _NMSettInfoSetting NMSettInfoSetting;
typedef struct _NMSettInfoProperty NMSettInfoProperty;
@ -769,6 +778,9 @@ gboolean _nm_connection_find_secret (NMConnection *self,
/*****************************************************************************/
#define nm_auto_unref_wgpeer nm_auto(_nm_auto_unref_wgpeer)
NM_AUTO_DEFINE_FCN_VOID0 (NMWireGuardPeer *, _nm_auto_unref_wgpeer, nm_wireguard_peer_unref)
gboolean _nm_utils_wireguard_decode_key (const char *base64_key,
gsize required_key_len,
guint8 *out_key);

3
libnm-core/nm-keyfile-utils.h
View file

@ -25,7 +25,8 @@
#error Cannot use this header.
#endif
#define NM_KEYFILE_GROUP_VPN_SECRETS "vpn-secrets"
#define NM_KEYFILE_GROUP_VPN_SECRETS "vpn-secrets"
#define NM_KEYFILE_GROUPPREFIX_WIREGUARD_PEER "wireguard-peer."
const char *nm_keyfile_plugin_get_alias_for_setting_name (const char *setting_name);

228
libnm-core/nm-keyfile.c
View file

@ -32,6 +32,7 @@
#include <linux/pkt_sched.h>
#include "nm-utils/nm-secret-utils.h"
#include "systemd/nm-sd-utils-shared.h"
#include "nm-common-macros.h"
#include "nm-core-internal.h"
#include "nm-keyfile-utils.h"
@ -2901,6 +2902,137 @@ out:
nm_connection_add_setting (info->connection, g_steal_pointer (&setting));
}
static void
_read_setting_wireguard_peer (KeyfileReaderInfo *info)
{
gs_unref_object NMSettingWireGuard *s_wg_new = NULL;
nm_auto_unref_wgpeer NMWireGuardPeer *peer = NULL;
gs_free_error GError *error = NULL;
NMSettingWireGuard *s_wg;
gs_free char *str = NULL;
const char *cstr = NULL;
const char *key;
gint64 i64;
gs_strfreev char **sa = NULL;
gsize n_sa;
peer = nm_wireguard_peer_new ();
nm_assert (g_str_has_prefix (info->group, NM_KEYFILE_GROUPPREFIX_WIREGUARD_PEER));
cstr = &info->group[NM_STRLEN (NM_KEYFILE_GROUPPREFIX_WIREGUARD_PEER)];
if ( !_nm_utils_wireguard_normalize_key (cstr, NM_WIREGUARD_PUBLIC_KEY_LEN, &str)
|| !nm_streq0 (str, cstr)) {
/* the group name must be identical to the normalized(!) key, so that it
* is uniquely identified. */
handle_warn (info, NULL, NM_KEYFILE_WARN_SEVERITY_WARN,
_("invalid peer public key in section '%s'"),
info->group);
return;
}
nm_wireguard_peer_set_public_key (peer, cstr);
nm_clear_g_free (&str);
key = NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY;
str = nm_keyfile_plugin_kf_get_string (info->keyfile, info->group, key, NULL);
if (str) {
if (!_nm_utils_wireguard_decode_key (str, NM_WIREGUARD_SYMMETRIC_KEY_LEN, NULL)) {
if (!handle_warn (info, key, NM_KEYFILE_WARN_SEVERITY_WARN,
_("key '%s.%s' is not not a valid 256 bit key in base64 encoding"),
info->group, key))
return;
} else
nm_wireguard_peer_set_preshared_key (peer, str);
nm_clear_g_free (&str);
}
key = NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY_FLAGS;
i64 = nm_keyfile_plugin_kf_get_int64 (info->keyfile, info->group, key, 0, 0, NM_SETTING_SECRET_FLAG_ALL, -1, NULL);
if (errno != ENODATA) {
if ( i64 == -1
|| !_nm_setting_secret_flags_valid (i64)) {
if (!handle_warn (info, key, NM_KEYFILE_WARN_SEVERITY_WARN,
_("key '%s.%s' is not not a valid secret flag"),
info->group, key))
return;
} else
nm_wireguard_peer_set_preshared_key_flags (peer, i64);
}
key = NM_WIREGUARD_PEER_ATTR_PERSISTENT_KEEPALIVE;
i64 = nm_keyfile_plugin_kf_get_int64 (info->keyfile, info->group, key, 0, 0, G_MAXUINT32, -1, NULL);
if (errno != ENODATA) {
if (i64 == -1) {
if (!handle_warn (info, key, NM_KEYFILE_WARN_SEVERITY_WARN,
_("key '%s.%s' is not not a integer in range 0 to 2^32"),
info->group, key))
return;
} else
nm_wireguard_peer_set_persistent_keepalive (peer, i64);
}
key = NM_WIREGUARD_PEER_ATTR_ENDPOINT;
str = nm_keyfile_plugin_kf_get_string (info->keyfile, info->group, key, NULL);
if (str && str[0]) {
nm_auto_unref_sockaddrendpoint NMSockAddrEndpoint *ep = NULL;
ep = nm_sock_addr_endpoint_new (str);
if (!nm_sock_addr_endpoint_get_host (ep)) {
if (!handle_warn (info, key, NM_KEYFILE_WARN_SEVERITY_WARN,
_("key '%s.%s' is not not a valid endpoint"),
info->group, key))
return;
} else
_nm_wireguard_peer_set_endpoint (peer, ep);
}
nm_clear_g_free (&str);
key = NM_WIREGUARD_PEER_ATTR_ALLOWED_IPS;
sa = nm_keyfile_plugin_kf_get_string_list (info->keyfile, info->group, key, &n_sa, NULL);
if (n_sa > 0) {
gboolean has_error = FALSE;
gsize i;
for (i = 0; i < n_sa; i++) {
if (!nm_utils_parse_inaddr_prefix_bin (AF_UNSPEC, sa[i], NULL, NULL, NULL)) {
has_error = TRUE;
continue;
}
nm_wireguard_peer_append_allowed_ip (peer, sa[i], TRUE);
}
if (has_error) {
if (!handle_warn (info, key, NM_KEYFILE_WARN_SEVERITY_WARN,
_("key '%s.%s' has invalid allowed-ips"),
info->group, key))
return;
}
}
nm_clear_pointer (&sa, g_strfreev);
if (info->error)
return;
if (!nm_wireguard_peer_is_valid (peer, TRUE, TRUE, &error)) {
if (!handle_warn (info, key, NM_KEYFILE_WARN_SEVERITY_WARN,
_("peer '%s' is invalid: %s"),
info->group, error->message))
return;
return;
}
s_wg = NM_SETTING_WIREGUARD (nm_connection_get_setting (info->connection, NM_TYPE_SETTING_WIREGUARD));
if (!s_wg) {
s_wg_new = NM_SETTING_WIREGUARD (nm_setting_wireguard_new ());
s_wg = s_wg_new;
}
nm_setting_wireguard_append_peer (s_wg, peer);
if (s_wg_new) {
nm_connection_add_setting (info->connection,
NM_SETTING (g_steal_pointer (&s_wg_new)));
}
}
static void
_read_setting_vpn_secrets (KeyfileReaderInfo *info)
{
@ -3021,7 +3153,9 @@ nm_keyfile_read (GKeyFile *keyfile,
if (nm_streq (groups[i], NM_KEYFILE_GROUP_VPN_SECRETS)) {
/* Only read out secrets when needed */
vpn_secrets = TRUE;
} else
} else if (NM_STR_HAS_PREFIX (groups[i], NM_KEYFILE_GROUPPREFIX_WIREGUARD_PEER))
_read_setting_wireguard_peer (&info);
else
_read_setting (&info);
info.group = NULL;
@ -3198,6 +3332,92 @@ out_unset_value:
g_value_unset (&value);
}
static void
_write_setting_wireguard (NMSetting *setting, KeyfileWriterInfo *info)
{
NMSettingWireGuard *s_wg;
guint i_peer, n_peers;
s_wg = NM_SETTING_WIREGUARD (setting);
n_peers = nm_setting_wireguard_get_peers_len (s_wg);
for (i_peer = 0; i_peer < n_peers; i_peer++) {
NMWireGuardPeer *peer = nm_setting_wireguard_get_peer (s_wg, i_peer);
const char *public_key;
char group[NM_STRLEN (NM_KEYFILE_GROUPPREFIX_WIREGUARD_PEER) + 200];
NMSettingSecretFlags secret_flags;
gboolean any_key = FALSE;
guint i_aip, n_aip;
const char *cstr;
guint32 u32;
public_key = nm_wireguard_peer_get_public_key (peer);
if ( !public_key
|| !public_key[0]
|| !NM_STRCHAR_ALL (public_key, ch, nm_sd_utils_unbase64char (ch, TRUE) >= 0)) {
/* invalid peer. Skip it */
continue;
}
if (g_snprintf (group,
sizeof (group),
"%s%s",
NM_KEYFILE_GROUPPREFIX_WIREGUARD_PEER,
nm_wireguard_peer_get_public_key (peer)) >= sizeof (group)) {
/* Too long. Not a valid public key. Skip the peer. */
continue;
}
cstr = nm_wireguard_peer_get_endpoint (peer);
if (cstr) {
g_key_file_set_string (info->keyfile, group, NM_WIREGUARD_PEER_ATTR_ENDPOINT, cstr);
any_key = TRUE;
}
secret_flags = nm_wireguard_peer_get_preshared_key_flags (peer);
if (_secret_flags_persist_secret (secret_flags)) {
cstr = nm_wireguard_peer_get_preshared_key (peer);
if (cstr) {
g_key_file_set_string (info->keyfile, group, NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY, cstr);
any_key = TRUE;
}
}
/* usually, we don't persist the secret-flags 0 (because they are the default).
* For WireGuard peers, the default secret-flags for preshared-key are 4 (not-required).
* So, in this case behave differently: a missing preshared-key-flag setting means
* "not-required". */
if (secret_flags != NM_SETTING_SECRET_FLAG_NOT_REQUIRED) {
g_key_file_set_int64 (info->keyfile, group, NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY_FLAGS, secret_flags);
any_key = TRUE;
}
u32 = nm_wireguard_peer_get_persistent_keepalive (peer);
if (u32) {
g_key_file_set_uint64 (info->keyfile, group, NM_WIREGUARD_PEER_ATTR_PERSISTENT_KEEPALIVE, u32);
any_key = TRUE;
}
n_aip = nm_wireguard_peer_get_allowed_ips_len (peer);
if (n_aip > 0) {
gs_free const char **strv = NULL;
strv = g_new (const char *, ((gsize) n_aip) + 1);
for (i_aip = 0; i_aip < n_aip; i_aip++)
strv[i_aip] = nm_wireguard_peer_get_allowed_ip (peer, i_aip, NULL);
strv[n_aip] = NULL;
g_key_file_set_string_list (info->keyfile, group, NM_WIREGUARD_PEER_ATTR_ALLOWED_IPS,
strv, n_aip);
any_key = TRUE;
}
if (!any_key) {
/* we cannot omit all keys. At an empty endpoint. */
g_key_file_set_string (info->keyfile, group, NM_WIREGUARD_PEER_ATTR_ENDPOINT, "");
}
}
}
GKeyFile *
nm_keyfile_write (NMConnection *connection,
NMKeyfileWriteHandler handler,
@ -3275,6 +3495,12 @@ nm_keyfile_write (NMConnection *connection,
goto out_with_info_error;
}
if (NM_IS_SETTING_WIREGUARD (setting)) {
_write_setting_wireguard (setting, &info);
if (info.error)
goto out_with_info_error;
}
nm_assert (!info.error);
}

1964
libnm-core/nm-setting-wireguard.c
View file

File diff suppressed because it is too large Load diff

121
libnm-core/nm-setting-wireguard.h
View file

@ -25,6 +25,7 @@
#endif
#include "nm-setting.h"
#include "nm-utils.h"
G_BEGIN_DECLS
@ -35,6 +36,87 @@ G_BEGIN_DECLS
/*****************************************************************************/
typedef struct _NMWireGuardPeer NMWireGuardPeer;
NM_AVAILABLE_IN_1_16
GType nm_wireguard_peer_get_type (void);
NM_AVAILABLE_IN_1_16
NMWireGuardPeer *nm_wireguard_peer_new (void);
NM_AVAILABLE_IN_1_16
NMWireGuardPeer *nm_wireguard_peer_new_clone (const NMWireGuardPeer *self,
gboolean with_secrets);
NM_AVAILABLE_IN_1_16
NMWireGuardPeer *nm_wireguard_peer_ref (NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
void nm_wireguard_peer_unref (NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
void nm_wireguard_peer_seal (NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
gboolean nm_wireguard_peer_is_sealed (const NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
const char *nm_wireguard_peer_get_public_key (const NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
void nm_wireguard_peer_set_public_key (NMWireGuardPeer *self,
const char *public_key);
NM_AVAILABLE_IN_1_16
const char *nm_wireguard_peer_get_preshared_key (const NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
void nm_wireguard_peer_set_preshared_key (NMWireGuardPeer *self,
const char *preshared_key);
NM_AVAILABLE_IN_1_16
NMSettingSecretFlags nm_wireguard_peer_get_preshared_key_flags (const NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
void nm_wireguard_peer_set_preshared_key_flags (NMWireGuardPeer *self,
NMSettingSecretFlags preshared_key_flags);
NM_AVAILABLE_IN_1_16
guint16 nm_wireguard_peer_get_persistent_keepalive (const NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
void nm_wireguard_peer_set_persistent_keepalive (NMWireGuardPeer *self,
guint16 persistent_keepalive);
NM_AVAILABLE_IN_1_16
const char *nm_wireguard_peer_get_endpoint (const NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
void nm_wireguard_peer_set_endpoint (NMWireGuardPeer *self,
const char *endpoint);
NM_AVAILABLE_IN_1_16
guint nm_wireguard_peer_get_allowed_ips_len (const NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
const char *nm_wireguard_peer_get_allowed_ip (const NMWireGuardPeer *self,
guint idx,
gboolean *out_is_valid);
NM_AVAILABLE_IN_1_16
void nm_wireguard_peer_clear_allowed_ips (NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
gboolean nm_wireguard_peer_append_allowed_ip (NMWireGuardPeer *self,
const char *allowed_ip,
gboolean accept_invalid);
NM_AVAILABLE_IN_1_16
gboolean nm_wireguard_peer_remove_allowed_ip (NMWireGuardPeer *self,
guint idx);
NM_AVAILABLE_IN_1_16
gboolean nm_wireguard_peer_is_valid (const NMWireGuardPeer *self,
gboolean check_non_secrets,
gboolean check_secrets,
GError **error);
NM_AVAILABLE_IN_1_16
int nm_wireguard_peer_cmp (const NMWireGuardPeer *a,
const NMWireGuardPeer *b,
NMSettingCompareFlags compare_flags);
/*****************************************************************************/
#define NM_TYPE_SETTING_WIREGUARD (nm_setting_wireguard_get_type ())
#define NM_SETTING_WIREGUARD(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_SETTING_WIREGUARD, NMSettingWireGuard))
#define NM_SETTING_WIREGUARD_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_SETTING_WIREGUARD, NMSettingWireGuardClass))
@ -49,6 +131,15 @@ G_BEGIN_DECLS
#define NM_SETTING_WIREGUARD_LISTEN_PORT "listen-port"
#define NM_SETTING_WIREGUARD_FWMARK "fwmark"
#define NM_SETTING_WIREGUARD_PEERS "peers"
#define NM_WIREGUARD_PEER_ATTR_PUBLIC_KEY "public-key"
#define NM_WIREGUARD_PEER_ATTR_ENDPOINT "endpoint"
#define NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY "preshared-key"
#define NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY_FLAGS "preshared-key-flags"
#define NM_WIREGUARD_PEER_ATTR_ALLOWED_IPS "allowed-ips"
#define NM_WIREGUARD_PEER_ATTR_PERSISTENT_KEEPALIVE "persistent-keepalive"
/*****************************************************************************/
typedef struct _NMSettingWireGuardClass NMSettingWireGuardClass;
@ -75,6 +166,36 @@ guint32 nm_setting_wireguard_get_fwmark (NMSettingWireGuard *self);
/*****************************************************************************/
NM_AVAILABLE_IN_1_16
guint nm_setting_wireguard_get_peers_len (NMSettingWireGuard *self);
NM_AVAILABLE_IN_1_16
NMWireGuardPeer *nm_setting_wireguard_get_peer (NMSettingWireGuard *self,
guint idx);
NM_AVAILABLE_IN_1_16
NMWireGuardPeer *nm_setting_wireguard_get_peer_by_public_key (NMSettingWireGuard *self,
const char *public_key,
guint *out_idx);
NM_AVAILABLE_IN_1_16
void nm_setting_wireguard_set_peer (NMSettingWireGuard *self,
NMWireGuardPeer *peer,
guint idx);
NM_AVAILABLE_IN_1_16
void nm_setting_wireguard_append_peer (NMSettingWireGuard *self,
NMWireGuardPeer *peer);
NM_AVAILABLE_IN_1_16
gboolean nm_setting_wireguard_remove_peer (NMSettingWireGuard *self,
guint idx);
NM_AVAILABLE_IN_1_16
guint nm_setting_wireguard_clear_peers (NMSettingWireGuard *self);
/*****************************************************************************/
G_END_DECLS
#endif /* __NM_SETTING_WIREGUARD_H__ */

2
libnm-core/nm-setting.c
View file

@ -2067,7 +2067,7 @@ _nm_setting_update_secrets (NMSetting *setting, GVariant *secrets, GError **erro
int success;
success = NM_SETTING_GET_CLASS (setting)->update_one_secret (setting, secret_key, secret_value, &tmp_error);
g_assert (!((success == NM_SETTING_UPDATE_SECRET_ERROR) ^ (!!tmp_error)));
nm_assert (!((success == NM_SETTING_UPDATE_SECRET_ERROR) ^ (!!tmp_error)));
g_variant_unref (secret_value);

31
libnm/libnm.ver
View file

@ -1462,12 +1462,19 @@ global:
nm_setting_wifi_p2p_get_wfd_ies;
nm_setting_wifi_p2p_get_wps_method;
nm_setting_wifi_p2p_new;
nm_setting_wireguard_append_peer;
nm_setting_wireguard_clear_peers;
nm_setting_wireguard_get_fwmark;
nm_setting_wireguard_get_listen_port;
nm_setting_wireguard_get_peer;
nm_setting_wireguard_get_peer_by_public_key;
nm_setting_wireguard_get_peers_len;
nm_setting_wireguard_get_private_key;
nm_setting_wireguard_get_private_key_flags;
nm_setting_wireguard_get_type;
nm_setting_wireguard_new;
nm_setting_wireguard_remove_peer;
nm_setting_wireguard_set_peer;
nm_team_link_watcher_get_vlanid;
nm_team_link_watcher_new_arp_ping2;
nm_wifi_p2p_peer_connection_valid;
@ -1483,4 +1490,28 @@ global:
nm_wifi_p2p_peer_get_strength;
nm_wifi_p2p_peer_get_type;
nm_wifi_p2p_peer_get_wfd_ies;
nm_wireguard_peer_append_allowed_ip;
nm_wireguard_peer_clear_allowed_ips;
nm_wireguard_peer_cmp;
nm_wireguard_peer_get_allowed_ip;
nm_wireguard_peer_get_allowed_ips_len;
nm_wireguard_peer_get_endpoint;
nm_wireguard_peer_get_persistent_keepalive;
nm_wireguard_peer_get_preshared_key;
nm_wireguard_peer_get_preshared_key_flags;
nm_wireguard_peer_get_public_key;
nm_wireguard_peer_get_type;
nm_wireguard_peer_is_sealed;
nm_wireguard_peer_is_valid;
nm_wireguard_peer_new;
nm_wireguard_peer_new_clone;
nm_wireguard_peer_ref;
nm_wireguard_peer_remove_allowed_ip;
nm_wireguard_peer_seal;
nm_wireguard_peer_set_endpoint;
nm_wireguard_peer_set_persistent_keepalive;
nm_wireguard_peer_set_preshared_key;
nm_wireguard_peer_set_preshared_key_flags;
nm_wireguard_peer_set_public_key;
nm_wireguard_peer_unref;
} libnm_1_14_0;