fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-05-04 23:28:08 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

merge: branch 'bg/8021x-domain-suffix-match-bgo341323'

Browse source 
Add domain-suffix-match properties to NMSetting8021x.

https://bugzilla.gnome.org/show_bug.cgi?id=341323
This commit is contained in:
Beniamino Galvani 2016-03-16 17:34:52 +01:00
commit e2040e5ebe
8 changed files with 220 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

118
clients/cli/settings.c
View file

@ -123,30 +123,32 @@ NmcOutputField nmc_fields_setting_8021X[] = {
SETTING_FIELD (NM_SETTING_802_1X_CA_PATH), /* 6 */
SETTING_FIELD (NM_SETTING_802_1X_SUBJECT_MATCH), /* 7 */
SETTING_FIELD (NM_SETTING_802_1X_ALTSUBJECT_MATCHES), /* 8 */
SETTING_FIELD (NM_SETTING_802_1X_CLIENT_CERT), /* 9 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE1_PEAPVER), /* 10 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE1_PEAPLABEL), /* 11 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING), /* 12 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_AUTH), /* 13 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_AUTHEAP), /* 14 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_CA_CERT), /* 15 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_CA_PATH), /* 16 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH), /* 17 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES), /* 18 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_CLIENT_CERT), /* 19 */
SETTING_FIELD (NM_SETTING_802_1X_PASSWORD), /* 20 */
SETTING_FIELD (NM_SETTING_802_1X_PASSWORD_FLAGS), /* 21 */
SETTING_FIELD (NM_SETTING_802_1X_PASSWORD_RAW), /* 22 */
SETTING_FIELD (NM_SETTING_802_1X_PASSWORD_RAW_FLAGS), /* 23 */
SETTING_FIELD (NM_SETTING_802_1X_PRIVATE_KEY), /* 24 */
SETTING_FIELD (NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD), /* 25 */
SETTING_FIELD (NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS), /* 26 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_PRIVATE_KEY), /* 27 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD), /* 28 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS), /* 29 */
SETTING_FIELD (NM_SETTING_802_1X_PIN), /* 30 */
SETTING_FIELD (NM_SETTING_802_1X_PIN_FLAGS), /* 31 */
SETTING_FIELD (NM_SETTING_802_1X_SYSTEM_CA_CERTS), /* 32 */
SETTING_FIELD (NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH), /* 9 */
SETTING_FIELD (NM_SETTING_802_1X_CLIENT_CERT), /* 10 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE1_PEAPVER), /* 11 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE1_PEAPLABEL), /* 12 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING), /* 13 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_AUTH), /* 14 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_AUTHEAP), /* 15 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_CA_CERT), /* 16 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_CA_PATH), /* 17 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH), /* 18 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES), /* 19 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_DOMAIN_SUFFIX_MATCH), /* 20 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_CLIENT_CERT), /* 21 */
SETTING_FIELD (NM_SETTING_802_1X_PASSWORD), /* 22 */
SETTING_FIELD (NM_SETTING_802_1X_PASSWORD_FLAGS), /* 23 */
SETTING_FIELD (NM_SETTING_802_1X_PASSWORD_RAW), /* 24 */
SETTING_FIELD (NM_SETTING_802_1X_PASSWORD_RAW_FLAGS), /* 25 */
SETTING_FIELD (NM_SETTING_802_1X_PRIVATE_KEY), /* 26 */
SETTING_FIELD (NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD), /* 27 */
SETTING_FIELD (NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS), /* 28 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_PRIVATE_KEY), /* 29 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD), /* 30 */
SETTING_FIELD (NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS), /* 31 */
SETTING_FIELD (NM_SETTING_802_1X_PIN), /* 32 */
SETTING_FIELD (NM_SETTING_802_1X_PIN_FLAGS), /* 33 */
SETTING_FIELD (NM_SETTING_802_1X_SYSTEM_CA_CERTS), /* 34 */
{NULL, NULL, 0, NULL, FALSE, FALSE, 0}
};
#define NMC_FIELDS_SETTING_802_1X_ALL "name"","\
@ -158,6 +160,7 @@ NmcOutputField nmc_fields_setting_8021X[] = {
NM_SETTING_802_1X_CA_PATH","\
NM_SETTING_802_1X_SUBJECT_MATCH","\
NM_SETTING_802_1X_ALTSUBJECT_MATCHES","\
NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH","\
NM_SETTING_802_1X_CLIENT_CERT","\
NM_SETTING_802_1X_PHASE1_PEAPVER","\
NM_SETTING_802_1X_PHASE1_PEAPLABEL","\
@ -168,6 +171,7 @@ NmcOutputField nmc_fields_setting_8021X[] = {
NM_SETTING_802_1X_PHASE2_CA_PATH","\
NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH","\
NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES","\
NM_SETTING_802_1X_PHASE2_DOMAIN_SUFFIX_MATCH","\
NM_SETTING_802_1X_PHASE2_CLIENT_CERT","\
NM_SETTING_802_1X_PASSWORD","\
NM_SETTING_802_1X_PASSWORD_FLAGS","\
@ -999,6 +1003,7 @@ DEFINE_GETTER (nmc_property_802_1X_get_pac_file, NM_SETTING_802_1X_PAC_FILE)
DEFINE_GETTER (nmc_property_802_1X_get_ca_path, NM_SETTING_802_1X_CA_PATH)
DEFINE_GETTER (nmc_property_802_1X_get_subject_match, NM_SETTING_802_1X_SUBJECT_MATCH)
DEFINE_GETTER (nmc_property_802_1X_get_altsubject_matches, NM_SETTING_802_1X_ALTSUBJECT_MATCHES)
DEFINE_GETTER (nmc_property_802_1X_get_domain_suffix_match, NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH)
DEFINE_GETTER (nmc_property_802_1X_get_phase1_peapver, NM_SETTING_802_1X_PHASE1_PEAPVER)
DEFINE_GETTER (nmc_property_802_1X_get_phase1_peaplabel, NM_SETTING_802_1X_PHASE1_PEAPLABEL)
DEFINE_GETTER (nmc_property_802_1X_get_phase1_fast_provisioning, NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING)
@ -1007,6 +1012,7 @@ DEFINE_GETTER (nmc_property_802_1X_get_phase2_autheap, NM_SETTING_802_1X_PHASE2_
DEFINE_GETTER (nmc_property_802_1X_get_phase2_ca_path, NM_SETTING_802_1X_PHASE2_CA_PATH)
DEFINE_GETTER (nmc_property_802_1X_get_phase2_subject_match, NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH)
DEFINE_GETTER (nmc_property_802_1X_get_phase2_altsubject_matches, NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES)
DEFINE_GETTER (nmc_property_802_1X_get_phase2_domain_suffix_match, NM_SETTING_802_1X_PHASE2_DOMAIN_SUFFIX_MATCH)
DEFINE_GETTER (nmc_property_802_1X_get_password, NM_SETTING_802_1X_PASSWORD)
DEFINE_SECRET_FLAGS_GETTER (nmc_property_802_1X_get_password_flags, NM_SETTING_802_1X_PASSWORD_FLAGS)
DEFINE_SECRET_FLAGS_GETTER (nmc_property_802_1X_get_password_raw_flags, NM_SETTING_802_1X_PASSWORD_RAW_FLAGS)
@ -5673,6 +5679,13 @@ nmc_properties_init (void)
NULL,
NULL,
NULL);
nmc_add_prop_funcs (GLUE (802_1X, DOMAIN_SUFFIX_MATCH),
nmc_property_802_1X_get_domain_suffix_match,
nmc_property_set_string,
NULL,
NULL,
NULL,
NULL);
nmc_add_prop_funcs (GLUE (802_1X, CLIENT_CERT),
nmc_property_802_1X_get_client_cert,
nmc_property_802_1X_set_client_cert,
@ -5743,6 +5756,13 @@ nmc_properties_init (void)
NULL,
NULL,
NULL);
nmc_add_prop_funcs (GLUE (802_1X, PHASE2_DOMAIN_SUFFIX_MATCH),
nmc_property_802_1X_get_phase2_domain_suffix_match,
nmc_property_set_string,
NULL,
NULL,
NULL,
NULL);
nmc_add_prop_funcs (GLUE (802_1X, PHASE2_CLIENT_CERT),
nmc_property_802_1X_get_phase2_client_cert,
nmc_property_802_1X_set_phase2_client_cert,
@ -7956,30 +7976,32 @@ setting_802_1X_details (NMSetting *setting, NmCli *nmc, const char *one_prop, g
set_val_str (arr, 6, nmc_property_802_1X_get_ca_path (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 7, nmc_property_802_1X_get_subject_match (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 8, nmc_property_802_1X_get_altsubject_matches (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 9, nmc_property_802_1X_get_client_cert (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 10, nmc_property_802_1X_get_phase1_peapver (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 11, nmc_property_802_1X_get_phase1_peaplabel (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 12, nmc_property_802_1X_get_phase1_fast_provisioning (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 13, nmc_property_802_1X_get_phase2_auth (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 14, nmc_property_802_1X_get_phase2_autheap (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 15, nmc_property_802_1X_get_phase2_ca_cert (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 16, nmc_property_802_1X_get_phase2_ca_path (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 17, nmc_property_802_1X_get_phase2_subject_match (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 18, nmc_property_802_1X_get_phase2_altsubject_matches (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 19, nmc_property_802_1X_get_phase2_client_cert (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 20, GET_SECRET (secrets, setting, nmc_property_802_1X_get_password));
set_val_str (arr, 21, nmc_property_802_1X_get_password_flags (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 22, GET_SECRET (secrets, setting, nmc_property_802_1X_get_password_raw));
set_val_str (arr, 23, nmc_property_802_1X_get_password_raw_flags (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 24, nmc_property_802_1X_get_private_key (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 25, GET_SECRET (secrets, setting, nmc_property_802_1X_get_private_key_password));
set_val_str (arr, 26, nmc_property_802_1X_get_private_key_password_flags (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 27, nmc_property_802_1X_get_phase2_private_key (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 28, GET_SECRET (secrets, setting, nmc_property_802_1X_get_phase2_private_key_password));
set_val_str (arr, 29, nmc_property_802_1X_get_phase2_private_key_password_flags (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 30, GET_SECRET (secrets, setting, nmc_property_802_1X_get_pin));
set_val_str (arr, 31, nmc_property_802_1X_get_pin_flags (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 32, nmc_property_802_1X_get_system_ca_certs (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 9, nmc_property_802_1X_get_domain_suffix_match (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 10, nmc_property_802_1X_get_client_cert (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 11, nmc_property_802_1X_get_phase1_peapver (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 12, nmc_property_802_1X_get_phase1_peaplabel (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 13, nmc_property_802_1X_get_phase1_fast_provisioning (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 14, nmc_property_802_1X_get_phase2_auth (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 15, nmc_property_802_1X_get_phase2_autheap (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 16, nmc_property_802_1X_get_phase2_ca_cert (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 17, nmc_property_802_1X_get_phase2_ca_path (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 18, nmc_property_802_1X_get_phase2_subject_match (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 19, nmc_property_802_1X_get_phase2_altsubject_matches (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 20, nmc_property_802_1X_get_phase2_domain_suffix_match (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 21, nmc_property_802_1X_get_phase2_client_cert (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 22, GET_SECRET (secrets, setting, nmc_property_802_1X_get_password));
set_val_str (arr, 23, nmc_property_802_1X_get_password_flags (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 24, GET_SECRET (secrets, setting, nmc_property_802_1X_get_password_raw));
set_val_str (arr, 25, nmc_property_802_1X_get_password_raw_flags (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 26, nmc_property_802_1X_get_private_key (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 27, GET_SECRET (secrets, setting, nmc_property_802_1X_get_private_key_password));
set_val_str (arr, 28, nmc_property_802_1X_get_private_key_password_flags (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 29, nmc_property_802_1X_get_phase2_private_key (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 30, GET_SECRET (secrets, setting, nmc_property_802_1X_get_phase2_private_key_password));
set_val_str (arr, 31, nmc_property_802_1X_get_phase2_private_key_password_flags (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 32, GET_SECRET (secrets, setting, nmc_property_802_1X_get_pin));
set_val_str (arr, 33, nmc_property_802_1X_get_pin_flags (setting, NMC_PROPERTY_GET_PRETTY));
set_val_str (arr, 34, nmc_property_802_1X_get_system_ca_certs (setting, NMC_PROPERTY_GET_PRETTY));
g_ptr_array_add (nmc->output_data, arr);
print_data (nmc); /* Print all data */

122
libnm-core/nm-setting-8021x.c
View file

@ -80,6 +80,7 @@ typedef struct {
char *ca_path;
char *subject_match;
GSList *altsubject_matches;
char *domain_suffix_match;
GBytes *client_cert;
char *phase1_peapver;
char *phase1_peaplabel;
@ -90,6 +91,7 @@ typedef struct {
char *phase2_ca_path;
char *phase2_subject_match;
GSList *phase2_altsubject_matches;
char *phase2_domain_suffix_match;
GBytes *phase2_client_cert;
char *password;
NMSettingSecretFlags password_flags;
@ -116,6 +118,7 @@ enum {
PROP_CA_PATH,
PROP_SUBJECT_MATCH,
PROP_ALTSUBJECT_MATCHES,
PROP_DOMAIN_SUFFIX_MATCH,
PROP_CLIENT_CERT,
PROP_PHASE1_PEAPVER,
PROP_PHASE1_PEAPLABEL,
@ -126,6 +129,7 @@ enum {
PROP_PHASE2_CA_PATH,
PROP_PHASE2_SUBJECT_MATCH,
PROP_PHASE2_ALTSUBJECT_MATCHES,
PROP_PHASE2_DOMAIN_SUFFIX_MATCH,
PROP_PHASE2_CLIENT_CERT,
PROP_PASSWORD,
PROP_PASSWORD_FLAGS,
@ -849,6 +853,22 @@ nm_setting_802_1x_clear_altsubject_matches (NMSetting8021x *setting)
g_object_notify (G_OBJECT (setting), NM_SETTING_802_1X_ALTSUBJECT_MATCHES);
}
/**
* nm_setting_802_1x_get_domain_suffix_match:
* @setting: the #NMSetting8021x
*
* Returns: the #NMSetting8021x:domain-suffix-match property.
*
* Since: 1.2
**/
const char *
nm_setting_802_1x_get_domain_suffix_match (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->domain_suffix_match;
}
/**
* nm_setting_802_1x_get_client_cert_scheme:
* @setting: the #NMSetting8021x
@ -1298,6 +1318,22 @@ nm_setting_802_1x_get_num_phase2_altsubject_matches (NMSetting8021x *setting)
return g_slist_length (NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_altsubject_matches);
}
/**
* nm_setting_802_1x_get_phase2_domain_suffix_match:
* @setting: the #NMSetting8021x
*
* Returns: the #NMSetting8021x:phase2-domain-suffix-match property.
*
* Since: 1.2
**/
const char *
nm_setting_802_1x_get_phase2_domain_suffix_match (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_domain_suffix_match;
}
/**
* nm_setting_802_1x_get_phase2_altsubject_match:
* @setting: the #NMSettingConnection
@ -2827,6 +2863,7 @@ finalize (GObject *object)
g_free (priv->anonymous_identity);
g_free (priv->ca_path);
g_free (priv->subject_match);
g_free (priv->domain_suffix_match);
g_free (priv->phase1_peapver);
g_free (priv->phase1_peaplabel);
g_free (priv->phase1_fast_provisioning);
@ -2834,6 +2871,7 @@ finalize (GObject *object)
g_free (priv->phase2_autheap);
g_free (priv->phase2_ca_path);
g_free (priv->phase2_subject_match);
g_free (priv->phase2_domain_suffix_match);
g_free (priv->password);
if (priv->password_raw)
g_bytes_unref (priv->password_raw);
@ -2877,6 +2915,15 @@ set_cert_prop_helper (const GValue *value, const char *prop_name, GError **error
return bytes;
}
static char *
_g_value_dup_string_not_empty (const GValue *value)
{
const gchar *str;
str = g_value_get_string (value);
return str && str[0] ? g_strdup (str) : NULL;
}
static void
set_property (GObject *object, guint prop_id,
const GValue *value, GParamSpec *pspec)
@ -2917,12 +2964,16 @@ set_property (GObject *object, guint prop_id,
break;
case PROP_SUBJECT_MATCH:
g_free (priv->subject_match);
priv->subject_match = g_value_dup_string (value);
priv->subject_match = _g_value_dup_string_not_empty (value);
break;
case PROP_ALTSUBJECT_MATCHES:
g_slist_free_full (priv->altsubject_matches, g_free);
priv->altsubject_matches = _nm_utils_strv_to_slist (g_value_get_boxed (value), TRUE);
break;
case PROP_DOMAIN_SUFFIX_MATCH:
g_free (priv->domain_suffix_match);
priv->domain_suffix_match = _g_value_dup_string_not_empty (value);
break;
case PROP_CLIENT_CERT:
if (priv->client_cert)
g_bytes_unref (priv->client_cert);
@ -2967,12 +3018,16 @@ set_property (GObject *object, guint prop_id,
break;
case PROP_PHASE2_SUBJECT_MATCH:
g_free (priv->phase2_subject_match);
priv->phase2_subject_match = g_value_dup_string (value);
priv->phase2_subject_match = _g_value_dup_string_not_empty (value);
break;
case PROP_PHASE2_ALTSUBJECT_MATCHES:
g_slist_free_full (priv->phase2_altsubject_matches, g_free);
priv->phase2_altsubject_matches = _nm_utils_strv_to_slist (g_value_get_boxed (value), TRUE);
break;
case PROP_PHASE2_DOMAIN_SUFFIX_MATCH:
g_free (priv->phase2_domain_suffix_match);
priv->phase2_domain_suffix_match = _g_value_dup_string_not_empty (value);
break;
case PROP_PHASE2_CLIENT_CERT:
if (priv->phase2_client_cert)
g_bytes_unref (priv->phase2_client_cert);
@ -3077,6 +3132,9 @@ get_property (GObject *object, guint prop_id,
case PROP_ALTSUBJECT_MATCHES:
g_value_take_boxed (value, _nm_utils_slist_to_strv (priv->altsubject_matches, TRUE));
break;
case PROP_DOMAIN_SUFFIX_MATCH:
g_value_set_string (value, priv->domain_suffix_match);
break;
case PROP_CLIENT_CERT:
g_value_set_boxed (value, priv->client_cert);
break;
@ -3107,6 +3165,9 @@ get_property (GObject *object, guint prop_id,
case PROP_PHASE2_ALTSUBJECT_MATCHES:
g_value_take_boxed (value, _nm_utils_slist_to_strv (priv->phase2_altsubject_matches, TRUE));
break;
case PROP_PHASE2_DOMAIN_SUFFIX_MATCH:
g_value_set_string (value, priv->phase2_domain_suffix_match);
break;
case PROP_PHASE2_CLIENT_CERT:
g_value_set_boxed (value, priv->phase2_client_cert);
break;
@ -3313,7 +3374,9 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
*
* Substring to be matched against the subject of the certificate presented
* by the authentication server. When unset, no verification of the
* authentication server certificate's subject is performed.
* authentication server certificate's subject is performed. This property
* provides little security, if any, and its use is deprecated in favor of
* NMSetting8021x:domain-suffix-match.
**/
/* ---ifcfg-rh---
* property: subject-match
@ -3350,6 +3413,30 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS));
/**
* NMSetting8021x:domain-suffix-match:
*
* Constraint for server domain name. If set, this FQDN is used as a suffix
* match requirement for dNSName element(s) of the certificate presented by
* the authentication server. If a matching dNSName is found, this
* constraint is met. If no dNSName values are present, this constraint is
* matched against SubjectName CN using same suffix match comparison.
*
* Since: 1.2
**/
/* ---ifcfg-rh---
* property: domain-suffix-match
* description: Suffix to match domain of server certificate against.
* variable: IEEE_8021X_DOMAIN_SUFFIX_MATCH(+)
* ---end---
*/
g_object_class_install_property
(object_class, PROP_DOMAIN_SUFFIX_MATCH,
g_param_spec_string (NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH, "", "",
NULL,
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS));
/**
* NMSetting8021x:client-cert:
*
@ -3550,7 +3637,9 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
* Substring to be matched against the subject of the certificate presented
* by the authentication server during the inner "phase 2"
* authentication. When unset, no verification of the authentication server
* certificate's subject is performed.
* certificate's subject is performed. This property provides little security,
* if any, and its use is deprecated in favor of
* NMSetting8021x:phase2-domain-suffix-match.
**/
/* ---ifcfg-rh---
* property: phase2-subject-match
@ -3586,6 +3675,31 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS));
/**
* NMSetting8021x:phase2-domain-suffix-match:
*
* Constraint for server domain name. If set, this FQDN is used as a suffix
* match requirement for dNSName element(s) of the certificate presented by
* the authentication server during the inner "phase 2" authentication. If
* a matching dNSName is found, this constraint is met. If no dNSName
* values are present, this constraint is matched against SubjectName CN
* using same suffix match comparison.
*
* Since: 1.2
**/
/* ---ifcfg-rh---
* property: phase2-domain-suffix-match
* description: Suffix to match domain of server certificate for phase 2 against.
* variable: IEEE_8021X_PHASE2_DOMAIN_SUFFIX_MATCH(+)
* ---end---
*/
g_object_class_install_property
(object_class, PROP_PHASE2_DOMAIN_SUFFIX_MATCH,
g_param_spec_string (NM_SETTING_802_1X_PHASE2_DOMAIN_SUFFIX_MATCH, "", "",
NULL,
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS));
/**
* NMSetting8021x:phase2-client-cert:
*

6
libnm-core/nm-setting-8021x.h
View file

@ -89,6 +89,7 @@ typedef enum { /*< underscore_name=nm_setting_802_1x_ck_scheme >*/
#define NM_SETTING_802_1X_CA_PATH "ca-path"
#define NM_SETTING_802_1X_SUBJECT_MATCH "subject-match"
#define NM_SETTING_802_1X_ALTSUBJECT_MATCHES "altsubject-matches"
#define NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH "domain-suffix-match"
#define NM_SETTING_802_1X_CLIENT_CERT "client-cert"
#define NM_SETTING_802_1X_PHASE1_PEAPVER "phase1-peapver"
#define NM_SETTING_802_1X_PHASE1_PEAPLABEL "phase1-peaplabel"
@ -99,6 +100,7 @@ typedef enum { /*< underscore_name=nm_setting_802_1x_ck_scheme >*/
#define NM_SETTING_802_1X_PHASE2_CA_PATH "phase2-ca-path"
#define NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH "phase2-subject-match"
#define NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES "phase2-altsubject-matches"
#define NM_SETTING_802_1X_PHASE2_DOMAIN_SUFFIX_MATCH "phase2-domain-suffix-match"
#define NM_SETTING_802_1X_PHASE2_CLIENT_CERT "phase2-client-cert"
#define NM_SETTING_802_1X_PASSWORD "password"
#define NM_SETTING_802_1X_PASSWORD_FLAGS "password-flags"
@ -190,6 +192,8 @@ void nm_setting_802_1x_remove_altsubject_match (NMSetting8
gboolean nm_setting_802_1x_remove_altsubject_match_by_value (NMSetting8021x *setting,
const char *altsubject_match);
void nm_setting_802_1x_clear_altsubject_matches (NMSetting8021x *setting);
NM_AVAILABLE_IN_1_2
const char * nm_setting_802_1x_get_domain_suffix_match (NMSetting8021x *setting);
NMSetting8021xCKScheme nm_setting_802_1x_get_client_cert_scheme (NMSetting8021x *setting);
GBytes * nm_setting_802_1x_get_client_cert_blob (NMSetting8021x *setting);
@ -231,6 +235,8 @@ void nm_setting_802_1x_remove_phase2_altsubject_match (NMS
gboolean nm_setting_802_1x_remove_phase2_altsubject_match_by_value (NMSetting8021x *setting,
const char *phase2_altsubject_match);
void nm_setting_802_1x_clear_phase2_altsubject_matches (NMSetting8021x *setting);
NM_AVAILABLE_IN_1_2
const char * nm_setting_802_1x_get_phase2_domain_suffix_match (NMSetting8021x *setting);
NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_client_cert_scheme (NMSetting8021x *setting);
GBytes * nm_setting_802_1x_get_phase2_client_cert_blob (NMSetting8021x *setting);

2
libnm/libnm.ver
View file

@ -942,6 +942,8 @@ global:
nm_lldp_neighbor_unref;
nm_metered_get_type;
nm_setting_802_1x_check_cert_scheme;
nm_setting_802_1x_get_domain_suffix_match;
nm_setting_802_1x_get_phase2_domain_suffix_match;
nm_setting_bridge_get_multicast_snooping;
nm_setting_connection_autoconnect_slaves_get_type;
nm_setting_connection_get_autoconnect_slaves;

7
src/settings/plugins/ifcfg-rh/reader.c
View file

@ -3076,6 +3076,13 @@ fill_8021x (shvarFile *ifcfg,
read_8021x_list_value (ifcfg, "IEEE_8021X_PHASE2_ALTSUBJECT_MATCHES",
s_8021x, NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES);
value = svGetValue (ifcfg, "IEEE_8021X_DOMAIN_SUFFIX_MATCH", FALSE);
g_object_set (s_8021x, NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH, value, NULL);
g_free (value);
value = svGetValue (ifcfg, "IEEE_8021X_PHASE2_DOMAIN_SUFFIX_MATCH", FALSE);
g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_DOMAIN_SUFFIX_MATCH, value, NULL);
g_free (value);
if (list)
g_strfreev (list);
if (keys)

7
src/settings/plugins/ifcfg-rh/writer.c
View file

@ -582,6 +582,13 @@ write_8021x_setting (NMConnection *connection,
svSetValue (ifcfg, "IEEE_8021X_PHASE2_ALTSUBJECT_MATCHES", str->str, FALSE);
g_string_free (str, TRUE);
svSetValue (ifcfg, "IEEE_8021X_DOMAIN_SUFFIX_MATCH",
nm_setting_802_1x_get_domain_suffix_match (s_8021x),
FALSE);
svSetValue (ifcfg, "IEEE_8021X_PHASE2_DOMAIN_SUFFIX_MATCH",
nm_setting_802_1x_get_phase2_domain_suffix_match (s_8021x),
FALSE);
success = write_8021x_certs (s_8021x, FALSE, ifcfg, error);
if (success) {
/* phase2/inner certs */

8
src/supplicant-manager/nm-supplicant-config.c
View file

@ -1033,6 +1033,14 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
if (!ADD_STRING_LIST_VAL (self, setting, 802_1x, phase2_altsubject_match, phase2_altsubject_matches, "altsubject_match2", ';', FALSE, FALSE, error))
return FALSE;
/* Domain suffix match */
value = nm_setting_802_1x_get_domain_suffix_match (setting);
if (!add_string_val (self, value, "domain_suffix_match", FALSE, FALSE, error))
return FALSE;
value = nm_setting_802_1x_get_phase2_domain_suffix_match (setting);
if (!add_string_val (self, value, "domain_suffix_match2", FALSE, FALSE, error))
return FALSE;
/* Private key */
added = FALSE;
switch (nm_setting_802_1x_get_private_key_scheme (setting)) {

2
src/supplicant-manager/nm-supplicant-settings-verify.c
View file

@ -112,6 +112,7 @@ static const struct Opt opt_table[] = {
{ "ca_path", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "subject_match", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "altsubject_match", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "domain_suffix_match",TYPE_BYTES, 0, 0, FALSE, NULL },
{ "ca_cert", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "client_cert", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "private_key", TYPE_BYTES, 0, 65536, FALSE, NULL },
@ -122,6 +123,7 @@ static const struct Opt opt_table[] = {
{ "ca_path2", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "subject_match2", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "altsubject_match2", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "domain_suffix_match2", TYPE_BYTES, 0, 0, FALSE, NULL },
{ "ca_cert2", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "client_cert2", TYPE_BYTES, 0, 65536, FALSE, NULL },
{ "private_key2", TYPE_BYTES, 0, 65536, FALSE, NULL },