colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2008-10-30 Dan Williams <dcbw@redhat.com>

Browse Source 
* libnm-util/libnm-util.ver
	  libnm-util/nm-setting-8021x.c
	  libnm-util/nm-setting-8021x.h
		- Make properties private and add accessor functions

	* src/supplicant-manager/nm-supplicant-config.c
	  system-settings/plugins/ifcfg-suse/parser.c
		- Use 802.1x setting accessors



git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@4239 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
This commit is contained in:
Dan Williams
2008-10-30 18:12:46 +00:00
parent f8d151a20d
commit 2c78fb12b6
6 changed files with 586 additions and 277 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@@ -1,3 +1,14 @@
2008-10-30 Dan Williams <dcbw@redhat.com>
* libnm-util/libnm-util.ver
libnm-util/nm-setting-8021x.c
libnm-util/nm-setting-8021x.h
- Make properties private and add accessor functions
* src/supplicant-manager/nm-supplicant-config.c
system-settings/plugins/ifcfg-suse/parser.c
- Use 802.1x setting accessors
2008-10-30 Dan Williams <dcbw@redhat.com> 2008-10-30 Dan Williams <dcbw@redhat.com>
* libnm-util/libnm-util.ver * libnm-util/libnm-util.ver

35
libnm-util/libnm-util.ver
View File

@@ -26,16 +26,39 @@ global:
nm_connection_to_hash; nm_connection_to_hash;
nm_connection_update_secrets; nm_connection_update_secrets;
nm_connection_verify; nm_connection_verify;
nm_setting_802_1x_add_eap_method;
nm_setting_802_1x_clear_eap_methods;
nm_setting_802_1x_error_get_type; nm_setting_802_1x_error_get_type;
nm_setting_802_1x_error_quark; nm_setting_802_1x_error_quark;
nm_setting_802_1x_get_anonymous_identity;
nm_setting_802_1x_get_ca_cert;
nm_setting_802_1x_set_ca_cert_from_file;
nm_setting_802_1x_get_ca_path;
nm_setting_802_1x_get_client_cert;
nm_setting_802_1x_set_client_cert_from_file;
nm_setting_802_1x_get_eap_method;
nm_setting_802_1x_get_identity;
nm_setting_802_1x_get_num_eap_methods;
nm_setting_802_1x_get_password;
nm_setting_802_1x_get_phase1_fast_provisioning;
nm_setting_802_1x_get_phase1_peaplabel;
nm_setting_802_1x_get_phase1_peapver;
nm_setting_802_1x_get_phase2_auth;
nm_setting_802_1x_get_phase2_autheap;
nm_setting_802_1x_get_phase2_ca_cert;
nm_setting_802_1x_set_phase2_ca_cert_from_file;
nm_setting_802_1x_get_phase2_ca_path;
nm_setting_802_1x_get_phase2_client_cert;
nm_setting_802_1x_set_phase2_client_cert_from_file;
nm_setting_802_1x_get_phase2_private_key;
nm_setting_802_1x_set_phase2_private_key_from_file;
nm_setting_802_1x_get_pin;
nm_setting_802_1x_get_private_key;
nm_setting_802_1x_set_private_key_from_file;
nm_setting_802_1x_get_psk;
nm_setting_802_1x_get_type; nm_setting_802_1x_get_type;
nm_setting_802_1x_new; nm_setting_802_1x_new;
nm_setting_802_1x_set_ca_cert; nm_setting_802_1x_remove_eap_method;
nm_setting_802_1x_set_client_cert;
nm_setting_802_1x_set_phase2_ca_cert;
nm_setting_802_1x_set_phase2_client_cert;
nm_setting_802_1x_set_phase2_private_key;
nm_setting_802_1x_set_private_key;
nm_setting_cdma_error_get_type; nm_setting_cdma_error_get_type;
nm_setting_cdma_error_quark; nm_setting_cdma_error_quark;
nm_setting_cdma_get_type; nm_setting_cdma_get_type;

582
libnm-util/nm-setting-8021x.c
View File

@@ -68,6 +68,30 @@ nm_setting_802_1x_error_get_type (void)
G_DEFINE_TYPE (NMSetting8021x, nm_setting_802_1x, NM_TYPE_SETTING) G_DEFINE_TYPE (NMSetting8021x, nm_setting_802_1x, NM_TYPE_SETTING)
#define NM_SETTING_802_1X_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_SETTING_802_1X, NMSetting8021xPrivate))
typedef struct {
GSList *eap; /* GSList of strings */
char *identity;
char *anonymous_identity;
GByteArray *ca_cert;
char *ca_path;
GByteArray *client_cert;
char *phase1_peapver;
char *phase1_peaplabel;
char *phase1_fast_provisioning;
char *phase2_auth;
char *phase2_autheap;
GByteArray *phase2_ca_cert;
char *phase2_ca_path;
GByteArray *phase2_client_cert;
char *password;
char *pin;
char *psk;
GByteArray *private_key;
GByteArray *phase2_private_key;
} NMSetting8021xPrivate;
enum { enum {
PROP_0, PROP_0,
PROP_EAP, PROP_EAP,
@@ -99,115 +123,343 @@ nm_setting_802_1x_new (void)
return (NMSetting *) g_object_new (NM_TYPE_SETTING_802_1X, NULL); return (NMSetting *) g_object_new (NM_TYPE_SETTING_802_1X, NULL);
} }
gboolean guint32
nm_setting_802_1x_set_ca_cert (NMSetting8021x *self, nm_setting_802_1x_get_num_eap_methods (NMSetting8021x *setting)
const char *filename,
GError **err)
{ {
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE); g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), 0);
g_return_val_if_fail (filename != NULL, FALSE);
if (self->ca_cert) return g_slist_length (NM_SETTING_802_1X_GET_PRIVATE (setting)->eap);
g_byte_array_free (self->ca_cert, TRUE); }
self->ca_cert = crypto_load_and_verify_certificate (filename, err); const char *
nm_setting_802_1x_get_eap_method (NMSetting8021x *setting, guint32 i)
{
NMSetting8021xPrivate *priv;
return self->ca_cert != NULL; g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
g_return_val_if_fail (i <= g_slist_length (priv->eap), NULL);
return (const char *) g_slist_nth_data (priv->eap, i);
} }
gboolean gboolean
nm_setting_802_1x_set_client_cert (NMSetting8021x *self, nm_setting_802_1x_add_eap_method (NMSetting8021x *setting, const char *eap)
const char *filename,
GError **err)
{ {
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE); NMSetting8021xPrivate *priv;
g_return_val_if_fail (filename != NULL, FALSE); GSList *iter;
if (self->client_cert) g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), FALSE);
g_byte_array_free (self->client_cert, TRUE); g_return_val_if_fail (eap != NULL, FALSE);
self->client_cert = crypto_load_and_verify_certificate (filename, err); priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
for (iter = priv->eap; iter; iter = g_slist_next (iter)) {
if (!strcmp (eap, (char *) iter->data))
return FALSE;
}
return self->client_cert != NULL; priv->eap = g_slist_append (priv->eap, g_ascii_strdown (eap, -1));
return TRUE;
}
void
nm_setting_802_1x_remove_eap_method (NMSetting8021x *setting, guint32 i)
{
NMSetting8021xPrivate *priv;
GSList *elt;
g_return_if_fail (NM_IS_SETTING_802_1X (setting));
priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
elt = g_slist_nth (priv->eap, i);
g_return_if_fail (elt != NULL);
g_free (elt->data);
priv->eap = g_slist_delete_link (priv->eap, elt);
}
void
nm_setting_802_1x_clear_eap_methods (NMSetting8021x *setting)
{
NMSetting8021xPrivate *priv;
g_return_if_fail (NM_IS_SETTING_802_1X (setting));
priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
nm_utils_slist_free (priv->eap, g_free);
priv->eap = NULL;
}
const char *
nm_setting_802_1x_get_identity (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->identity;
}
const char *
nm_setting_802_1x_get_anonymous_identity (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->anonymous_identity;
}
const GByteArray *
nm_setting_802_1x_get_ca_cert (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->ca_cert;
}
const char *
nm_setting_802_1x_get_ca_path (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->ca_path;
} }
gboolean gboolean
nm_setting_802_1x_set_phase2_ca_cert (NMSetting8021x *self, nm_setting_802_1x_set_ca_cert_from_file (NMSetting8021x *self,
const char *filename, const char *filename,
GError **err) GError **err)
{ {
NMSetting8021xPrivate *priv;
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE); g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
g_return_val_if_fail (filename != NULL, FALSE); g_return_val_if_fail (filename != NULL, FALSE);
if (self->phase2_ca_cert) priv = NM_SETTING_802_1X_GET_PRIVATE (self);
g_byte_array_free (self->phase2_ca_cert, TRUE); if (priv->ca_cert)
g_byte_array_free (priv->ca_cert, TRUE);
self->phase2_ca_cert = crypto_load_and_verify_certificate (filename, err); priv->ca_cert = crypto_load_and_verify_certificate (filename, err);
return self->phase2_ca_cert != NULL; return priv->ca_cert != NULL;
}
const GByteArray *
nm_setting_802_1x_get_client_cert (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->client_cert;
} }
gboolean gboolean
nm_setting_802_1x_set_phase2_client_cert (NMSetting8021x *self, nm_setting_802_1x_set_client_cert_from_file (NMSetting8021x *self,
const char *filename, const char *filename,
GError **err) GError **err)
{ {
NMSetting8021xPrivate *priv;
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE); g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
g_return_val_if_fail (filename != NULL, FALSE); g_return_val_if_fail (filename != NULL, FALSE);
if (self->phase2_client_cert) priv = NM_SETTING_802_1X_GET_PRIVATE (self);
g_byte_array_free (self->phase2_client_cert, TRUE); if (priv->client_cert)
g_byte_array_free (priv->client_cert, TRUE);
self->phase2_client_cert = crypto_load_and_verify_certificate (filename, err); priv->client_cert = crypto_load_and_verify_certificate (filename, err);
return self->phase2_client_cert != NULL; return priv->client_cert != NULL;
}
const char *
nm_setting_802_1x_get_phase1_peapver (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase1_peapver;
}
const char *
nm_setting_802_1x_get_phase1_peaplabel (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase1_peaplabel;
}
const char *
nm_setting_802_1x_get_phase1_fast_provisioning (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase1_fast_provisioning;
}
const char *
nm_setting_802_1x_get_phase2_auth (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_auth;
}
const char *
nm_setting_802_1x_get_phase2_autheap (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_autheap;
}
const GByteArray *
nm_setting_802_1x_get_phase2_ca_cert (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_ca_cert;
}
const char *
nm_setting_802_1x_get_phase2_ca_path (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_ca_path;
} }
gboolean gboolean
nm_setting_802_1x_set_private_key (NMSetting8021x *self, nm_setting_802_1x_set_phase2_ca_cert_from_file (NMSetting8021x *self,
const char *filename,
GError **err)
{
NMSetting8021xPrivate *priv;
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
g_return_val_if_fail (filename != NULL, FALSE);
priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (priv->phase2_ca_cert)
g_byte_array_free (priv->phase2_ca_cert, TRUE);
priv->phase2_ca_cert = crypto_load_and_verify_certificate (filename, err);
return priv->phase2_ca_cert != NULL;
}
const GByteArray *
nm_setting_802_1x_get_phase2_client_cert (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_client_cert;
}
gboolean
nm_setting_802_1x_set_phase2_client_cert_from_file (NMSetting8021x *self,
const char *filename,
GError **err)
{
NMSetting8021xPrivate *priv;
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
g_return_val_if_fail (filename != NULL, FALSE);
priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (priv->phase2_client_cert)
g_byte_array_free (priv->phase2_client_cert, TRUE);
priv->phase2_client_cert = crypto_load_and_verify_certificate (filename, err);
return priv->phase2_client_cert != NULL;
}
const char *
nm_setting_802_1x_get_password (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->password;
}
const char *
nm_setting_802_1x_get_pin (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->pin;
}
const char *
nm_setting_802_1x_get_psk (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->psk;
}
const GByteArray *
nm_setting_802_1x_get_private_key (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->private_key;
}
gboolean
nm_setting_802_1x_set_private_key_from_file (NMSetting8021x *self,
const char *filename, const char *filename,
const char *password, const char *password,
GError **err) GError **err)
{ {
NMSetting8021xPrivate *priv;
guint32 ignore; guint32 ignore;
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE); g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
g_return_val_if_fail (filename != NULL, FALSE); g_return_val_if_fail (filename != NULL, FALSE);
g_return_val_if_fail (password != NULL, FALSE); g_return_val_if_fail (password != NULL, FALSE);
if (self->private_key) { priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (priv->private_key) {
/* Try not to leave the decrypted private key around in memory */ /* Try not to leave the decrypted private key around in memory */
memset (self->private_key, 0, self->private_key->len); memset (priv->private_key, 0, priv->private_key->len);
g_byte_array_free (self->private_key, TRUE); g_byte_array_free (priv->private_key, TRUE);
} }
self->private_key = crypto_get_private_key (filename, password, &ignore, err); priv->private_key = crypto_get_private_key (filename, password, &ignore, err);
return self->private_key != NULL; return priv->private_key != NULL;
}
const GByteArray *
nm_setting_802_1x_get_phase2_private_key (NMSetting8021x *setting)
{
g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_private_key;
} }
gboolean gboolean
nm_setting_802_1x_set_phase2_private_key (NMSetting8021x *self, nm_setting_802_1x_set_phase2_private_key_from_file (NMSetting8021x *self,
const char *filename, const char *filename,
const char *password, const char *password,
GError **err) GError **err)
{ {
NMSetting8021xPrivate *priv;
guint32 ignore; guint32 ignore;
g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE); g_return_val_if_fail (NM_IS_SETTING_802_1X (self), FALSE);
g_return_val_if_fail (filename != NULL, FALSE); g_return_val_if_fail (filename != NULL, FALSE);
g_return_val_if_fail (password != NULL, FALSE); g_return_val_if_fail (password != NULL, FALSE);
if (self->phase2_private_key) { priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (priv->phase2_private_key) {
/* Try not to leave the decrypted private key around in memory */ /* Try not to leave the decrypted private key around in memory */
memset (self->phase2_private_key, 0, self->phase2_private_key->len); memset (priv->phase2_private_key, 0, priv->phase2_private_key->len);
g_byte_array_free (self->phase2_private_key, TRUE); g_byte_array_free (priv->phase2_private_key, TRUE);
} }
self->phase2_private_key = crypto_get_private_key (filename, password, &ignore, err); priv->phase2_private_key = crypto_get_private_key (filename, password, &ignore, err);
return self->phase2_private_key != NULL; return priv->phase2_private_key != NULL;
} }
static void static void
@@ -215,7 +467,9 @@ need_secrets_password (NMSetting8021x *self,
GPtrArray *secrets, GPtrArray *secrets,
gboolean phase2) gboolean phase2)
{ {
if (!self->password || !strlen (self->password)) NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (!priv->password || !strlen (priv->password))
g_ptr_array_add (secrets, NM_SETTING_802_1X_PASSWORD); g_ptr_array_add (secrets, NM_SETTING_802_1X_PASSWORD);
} }
@@ -224,7 +478,9 @@ need_secrets_sim (NMSetting8021x *self,
GPtrArray *secrets, GPtrArray *secrets,
gboolean phase2) gboolean phase2)
{ {
if (!self->pin || !strlen (self->pin)) NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (!priv->pin || !strlen (priv->pin))
g_ptr_array_add (secrets, NM_SETTING_802_1X_PIN); g_ptr_array_add (secrets, NM_SETTING_802_1X_PIN);
} }
@@ -233,13 +489,15 @@ need_secrets_tls (NMSetting8021x *self,
GPtrArray *secrets, GPtrArray *secrets,
gboolean phase2) gboolean phase2)
{ {
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (phase2) { if (phase2) {
if ( self->phase2_client_cert if ( priv->phase2_client_cert
&& (!self->phase2_private_key || !self->phase2_private_key->len)) && (!priv->phase2_private_key || !priv->phase2_private_key->len))
g_ptr_array_add (secrets, NM_SETTING_802_1X_PHASE2_PRIVATE_KEY); g_ptr_array_add (secrets, NM_SETTING_802_1X_PHASE2_PRIVATE_KEY);
} else { } else {
if (self->client_cert if (priv->client_cert
&& (!self->private_key || !self->private_key->len)) && (!priv->private_key || !priv->private_key->len))
g_ptr_array_add (secrets, NM_SETTING_802_1X_PRIVATE_KEY); g_ptr_array_add (secrets, NM_SETTING_802_1X_PRIVATE_KEY);
} }
} }
@@ -247,14 +505,16 @@ need_secrets_tls (NMSetting8021x *self,
static gboolean static gboolean
verify_tls (NMSetting8021x *self, gboolean phase2, GError **error) verify_tls (NMSetting8021x *self, gboolean phase2, GError **error)
{ {
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (phase2) { if (phase2) {
if (!self->phase2_client_cert) { if (!priv->phase2_client_cert) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY, NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_PHASE2_CLIENT_CERT); NM_SETTING_802_1X_PHASE2_CLIENT_CERT);
return FALSE; return FALSE;
} else if (!self->phase2_client_cert->len) { } else if (!priv->phase2_client_cert->len) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@@ -262,13 +522,13 @@ verify_tls (NMSetting8021x *self, gboolean phase2, GError **error)
return FALSE; return FALSE;
} }
} else { } else {
if (!self->client_cert) { if (!priv->client_cert) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY, NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_CLIENT_CERT); NM_SETTING_802_1X_CLIENT_CERT);
return FALSE; return FALSE;
} else if (!self->client_cert->len) { } else if (!priv->client_cert->len) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@@ -283,19 +543,21 @@ verify_tls (NMSetting8021x *self, gboolean phase2, GError **error)
static gboolean static gboolean
verify_ttls (NMSetting8021x *self, gboolean phase2, GError **error) verify_ttls (NMSetting8021x *self, gboolean phase2, GError **error)
{ {
if ( (!self->identity || !strlen (self->identity)) NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
&& (!self->anonymous_identity || !strlen (self->anonymous_identity))) {
if (!self->identity) { if ( (!priv->identity || !strlen (priv->identity))
&& (!priv->anonymous_identity || !strlen (priv->anonymous_identity))) {
if (!priv->identity) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY, NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_IDENTITY); NM_SETTING_802_1X_IDENTITY);
} else if (!strlen (self->identity)) { } else if (!strlen (priv->identity)) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_IDENTITY); NM_SETTING_802_1X_IDENTITY);
} else if (!self->anonymous_identity) { } else if (!priv->anonymous_identity) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY, NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
@@ -309,19 +571,19 @@ verify_ttls (NMSetting8021x *self, gboolean phase2, GError **error)
return FALSE; return FALSE;
} }
if ( (!self->phase2_auth || !strlen (self->phase2_auth)) if ( (!priv->phase2_auth || !strlen (priv->phase2_auth))
&& (!self->phase2_autheap || !strlen (self->phase2_autheap))) { && (!priv->phase2_autheap || !strlen (priv->phase2_autheap))) {
if (!self->phase2_auth) { if (!priv->phase2_auth) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY, NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_PHASE2_AUTH); NM_SETTING_802_1X_PHASE2_AUTH);
} else if (!strlen (self->phase2_auth)) { } else if (!strlen (priv->phase2_auth)) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
NM_SETTING_802_1X_PHASE2_AUTH); NM_SETTING_802_1X_PHASE2_AUTH);
} else if (!self->phase2_autheap) { } else if (!priv->phase2_autheap) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY, NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
@@ -341,12 +603,14 @@ verify_ttls (NMSetting8021x *self, gboolean phase2, GError **error)
static gboolean static gboolean
verify_identity (NMSetting8021x *self, gboolean phase2, GError **error) verify_identity (NMSetting8021x *self, gboolean phase2, GError **error)
{ {
if (!self->identity) { NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
if (!priv->identity) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY, NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
NM_SETTING_802_1X_IDENTITY); NM_SETTING_802_1X_IDENTITY);
} else if (!strlen (self->identity)) { } else if (!strlen (priv->identity)) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@@ -398,15 +662,16 @@ need_secrets_phase2 (NMSetting8021x *self,
GPtrArray *secrets, GPtrArray *secrets,
gboolean phase2) gboolean phase2)
{ {
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
char *method = NULL; char *method = NULL;
int i; int i;
g_return_if_fail (phase2 == FALSE); g_return_if_fail (phase2 == FALSE);
/* Check phase2_auth and phase2_autheap */ /* Check phase2_auth and phase2_autheap */
method = self->phase2_auth; method = priv->phase2_auth;
if (!method && self->phase2_autheap) if (!method && priv->phase2_autheap)
method = self->phase2_autheap; method = priv->phase2_autheap;
if (!method) { if (!method) {
g_warning ("Couldn't find EAP method."); g_warning ("Couldn't find EAP method.");
@@ -430,6 +695,7 @@ static GPtrArray *
need_secrets (NMSetting *setting) need_secrets (NMSetting *setting)
{ {
NMSetting8021x *self = NM_SETTING_802_1X (setting); NMSetting8021x *self = NM_SETTING_802_1X (setting);
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
GSList *iter; GSList *iter;
GPtrArray *secrets; GPtrArray *secrets;
gboolean eap_method_found = FALSE; gboolean eap_method_found = FALSE;
@@ -437,7 +703,7 @@ need_secrets (NMSetting *setting)
secrets = g_ptr_array_sized_new (4); secrets = g_ptr_array_sized_new (4);
/* Ask each configured EAP method if it needs secrets */ /* Ask each configured EAP method if it needs secrets */
for (iter = self->eap; iter && !eap_method_found; iter = g_slist_next (iter)) { for (iter = priv->eap; iter && !eap_method_found; iter = g_slist_next (iter)) {
const char *method = (const char *) iter->data; const char *method = (const char *) iter->data;
int i; int i;
@@ -469,6 +735,7 @@ static gboolean
verify (NMSetting *setting, GSList *all_settings, GError **error) verify (NMSetting *setting, GSList *all_settings, GError **error)
{ {
NMSetting8021x *self = NM_SETTING_802_1X (setting); NMSetting8021x *self = NM_SETTING_802_1X (setting);
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
const char *valid_eap[] = { "leap", "md5", "tls", "peap", "ttls", "sim", "fast", NULL }; const char *valid_eap[] = { "leap", "md5", "tls", "peap", "ttls", "sim", "fast", NULL };
const char *valid_phase1_peapver[] = { "0", "1", NULL }; const char *valid_phase1_peapver[] = { "0", "1", NULL };
const char *valid_phase1_peaplabel[] = { "0", "1", NULL }; const char *valid_phase1_peaplabel[] = { "0", "1", NULL };
@@ -479,7 +746,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
if (error) if (error)
g_return_val_if_fail (*error == NULL, FALSE); g_return_val_if_fail (*error == NULL, FALSE);
if (!self->eap) { if (!priv->eap) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_MISSING_PROPERTY, NM_SETTING_802_1X_ERROR_MISSING_PROPERTY,
@@ -487,7 +754,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE; return FALSE;
} }
if (!nm_utils_string_slist_validate (self->eap, valid_eap)) { if (!nm_utils_string_slist_validate (priv->eap, valid_eap)) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@@ -496,7 +763,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
} }
/* Ask each configured EAP method if its valid */ /* Ask each configured EAP method if its valid */
for (iter = self->eap; iter; iter = g_slist_next (iter)) { for (iter = priv->eap; iter; iter = g_slist_next (iter)) {
const char *method = (const char *) iter->data; const char *method = (const char *) iter->data;
int i; int i;
@@ -511,7 +778,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
} }
} }
if (self->phase1_peapver && !nm_utils_string_in_list (self->phase1_peapver, valid_phase1_peapver)) { if (priv->phase1_peapver && !nm_utils_string_in_list (priv->phase1_peapver, valid_phase1_peapver)) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@@ -519,7 +786,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE; return FALSE;
} }
if (self->phase1_peaplabel && !nm_utils_string_in_list (self->phase1_peaplabel, valid_phase1_peaplabel)) { if (priv->phase1_peaplabel && !nm_utils_string_in_list (priv->phase1_peaplabel, valid_phase1_peaplabel)) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@@ -527,7 +794,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE; return FALSE;
} }
if (self->phase1_fast_provisioning && strcmp (self->phase1_fast_provisioning, "1")) { if (priv->phase1_fast_provisioning && strcmp (priv->phase1_fast_provisioning, "1")) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@@ -535,7 +802,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE; return FALSE;
} }
if (self->phase2_auth && !nm_utils_string_in_list (self->phase2_auth, valid_phase2_auth)) { if (priv->phase2_auth && !nm_utils_string_in_list (priv->phase2_auth, valid_phase2_auth)) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@@ -543,7 +810,7 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE; return FALSE;
} }
if (self->phase2_autheap && !nm_utils_string_in_list (self->phase2_autheap, valid_phase2_autheap)) { if (priv->phase2_autheap && !nm_utils_string_in_list (priv->phase2_autheap, valid_phase2_autheap)) {
g_set_error (error, g_set_error (error,
NM_SETTING_802_1X_ERROR, NM_SETTING_802_1X_ERROR,
NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, NM_SETTING_802_1X_ERROR_INVALID_PROPERTY,
@@ -566,34 +833,35 @@ static void
finalize (GObject *object) finalize (GObject *object)
{ {
NMSetting8021x *self = NM_SETTING_802_1X (object); NMSetting8021x *self = NM_SETTING_802_1X (object);
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
/* Strings first. g_free() already checks for NULLs so we don't have to */ /* Strings first. g_free() already checks for NULLs so we don't have to */
g_free (self->identity); g_free (priv->identity);
g_free (self->anonymous_identity); g_free (priv->anonymous_identity);
g_free (self->ca_path); g_free (priv->ca_path);
g_free (self->phase1_peapver); g_free (priv->phase1_peapver);
g_free (self->phase1_peaplabel); g_free (priv->phase1_peaplabel);
g_free (self->phase1_fast_provisioning); g_free (priv->phase1_fast_provisioning);
g_free (self->phase2_auth); g_free (priv->phase2_auth);
g_free (self->phase2_autheap); g_free (priv->phase2_autheap);
g_free (self->phase2_ca_path); g_free (priv->phase2_ca_path);
g_free (self->password); g_free (priv->password);
nm_utils_slist_free (self->eap, g_free); nm_utils_slist_free (priv->eap, g_free);
if (self->ca_cert) if (priv->ca_cert)
g_byte_array_free (self->ca_cert, TRUE); g_byte_array_free (priv->ca_cert, TRUE);
if (self->client_cert) if (priv->client_cert)
g_byte_array_free (self->client_cert, TRUE); g_byte_array_free (priv->client_cert, TRUE);
if (self->private_key) if (priv->private_key)
g_byte_array_free (self->private_key, TRUE); g_byte_array_free (priv->private_key, TRUE);
if (self->phase2_ca_cert) if (priv->phase2_ca_cert)
g_byte_array_free (self->phase2_ca_cert, TRUE); g_byte_array_free (priv->phase2_ca_cert, TRUE);
if (self->phase2_client_cert) if (priv->phase2_client_cert)
g_byte_array_free (self->phase2_client_cert, TRUE); g_byte_array_free (priv->phase2_client_cert, TRUE);
if (self->phase2_private_key) if (priv->phase2_private_key)
g_byte_array_free (self->phase2_private_key, TRUE); g_byte_array_free (priv->phase2_private_key, TRUE);
G_OBJECT_CLASS (nm_setting_802_1x_parent_class)->finalize (object); G_OBJECT_CLASS (nm_setting_802_1x_parent_class)->finalize (object);
} }
@@ -603,81 +871,82 @@ set_property (GObject *object, guint prop_id,
const GValue *value, GParamSpec *pspec) const GValue *value, GParamSpec *pspec)
{ {
NMSetting8021x *setting = NM_SETTING_802_1X (object); NMSetting8021x *setting = NM_SETTING_802_1X (object);
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
switch (prop_id) { switch (prop_id) {
case PROP_EAP: case PROP_EAP:
nm_utils_slist_free (setting->eap, g_free); nm_utils_slist_free (priv->eap, g_free);
setting->eap = g_value_dup_boxed (value); priv->eap = g_value_dup_boxed (value);
break; break;
case PROP_IDENTITY: case PROP_IDENTITY:
g_free (setting->identity); g_free (priv->identity);
setting->identity = g_value_dup_string (value); priv->identity = g_value_dup_string (value);
break; break;
case PROP_ANONYMOUS_IDENTITY: case PROP_ANONYMOUS_IDENTITY:
g_free (setting->anonymous_identity); g_free (priv->anonymous_identity);
setting->anonymous_identity = g_value_dup_string (value); priv->anonymous_identity = g_value_dup_string (value);
break; break;
case PROP_CA_CERT: case PROP_CA_CERT:
if (setting->ca_cert) if (priv->ca_cert)
g_byte_array_free (setting->ca_cert, TRUE); g_byte_array_free (priv->ca_cert, TRUE);
setting->ca_cert = g_value_dup_boxed (value); priv->ca_cert = g_value_dup_boxed (value);
break; break;
case PROP_CA_PATH: case PROP_CA_PATH:
g_free (setting->ca_path); g_free (priv->ca_path);
setting->ca_path = g_value_dup_string (value); priv->ca_path = g_value_dup_string (value);
break; break;
case PROP_CLIENT_CERT: case PROP_CLIENT_CERT:
if (setting->client_cert) if (priv->client_cert)
g_byte_array_free (setting->client_cert, TRUE); g_byte_array_free (priv->client_cert, TRUE);
setting->client_cert = g_value_dup_boxed (value); priv->client_cert = g_value_dup_boxed (value);
break; break;
case PROP_PHASE1_PEAPVER: case PROP_PHASE1_PEAPVER:
g_free (setting->phase1_peapver); g_free (priv->phase1_peapver);
setting->phase1_peapver = g_value_dup_string (value); priv->phase1_peapver = g_value_dup_string (value);
break; break;
case PROP_PHASE1_PEAPLABEL: case PROP_PHASE1_PEAPLABEL:
g_free (setting->phase1_peaplabel); g_free (priv->phase1_peaplabel);
setting->phase1_peaplabel = g_value_dup_string (value); priv->phase1_peaplabel = g_value_dup_string (value);
break; break;
case PROP_PHASE1_FAST_PROVISIONING: case PROP_PHASE1_FAST_PROVISIONING:
g_free (setting->phase1_fast_provisioning); g_free (priv->phase1_fast_provisioning);
setting->phase1_fast_provisioning = g_value_dup_string (value); priv->phase1_fast_provisioning = g_value_dup_string (value);
break; break;
case PROP_PHASE2_AUTH: case PROP_PHASE2_AUTH:
g_free (setting->phase2_auth); g_free (priv->phase2_auth);
setting->phase2_auth = g_value_dup_string (value); priv->phase2_auth = g_value_dup_string (value);
break; break;
case PROP_PHASE2_AUTHEAP: case PROP_PHASE2_AUTHEAP:
g_free (setting->phase2_autheap); g_free (priv->phase2_autheap);
setting->phase2_autheap = g_value_dup_string (value); priv->phase2_autheap = g_value_dup_string (value);
break; break;
case PROP_PHASE2_CA_CERT: case PROP_PHASE2_CA_CERT:
if (setting->phase2_ca_cert) if (priv->phase2_ca_cert)
g_byte_array_free (setting->phase2_ca_cert, TRUE); g_byte_array_free (priv->phase2_ca_cert, TRUE);
setting->phase2_ca_cert = g_value_dup_boxed (value); priv->phase2_ca_cert = g_value_dup_boxed (value);
break; break;
case PROP_PHASE2_CA_PATH: case PROP_PHASE2_CA_PATH:
g_free (setting->phase2_ca_path); g_free (priv->phase2_ca_path);
setting->phase2_ca_path = g_value_dup_string (value); priv->phase2_ca_path = g_value_dup_string (value);
break; break;
case PROP_PHASE2_CLIENT_CERT: case PROP_PHASE2_CLIENT_CERT:
if (setting->phase2_client_cert) if (priv->phase2_client_cert)
g_byte_array_free (setting->phase2_client_cert, TRUE); g_byte_array_free (priv->phase2_client_cert, TRUE);
setting->phase2_client_cert = g_value_dup_boxed (value); priv->phase2_client_cert = g_value_dup_boxed (value);
break; break;
case PROP_PASSWORD: case PROP_PASSWORD:
g_free (setting->password); g_free (priv->password);
setting->password = g_value_dup_string (value); priv->password = g_value_dup_string (value);
break; break;
case PROP_PRIVATE_KEY: case PROP_PRIVATE_KEY:
if (setting->private_key) if (priv->private_key)
g_byte_array_free (setting->private_key, TRUE); g_byte_array_free (priv->private_key, TRUE);
setting->private_key = g_value_dup_boxed (value); priv->private_key = g_value_dup_boxed (value);
break; break;
case PROP_PHASE2_PRIVATE_KEY: case PROP_PHASE2_PRIVATE_KEY:
if (setting->phase2_private_key) if (priv->phase2_private_key)
g_byte_array_free (setting->phase2_private_key, TRUE); g_byte_array_free (priv->phase2_private_key, TRUE);
setting->phase2_private_key = g_value_dup_boxed (value); priv->phase2_private_key = g_value_dup_boxed (value);
break; break;
default: default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
@@ -690,58 +959,59 @@ get_property (GObject *object, guint prop_id,
GValue *value, GParamSpec *pspec) GValue *value, GParamSpec *pspec)
{ {
NMSetting8021x *setting = NM_SETTING_802_1X (object); NMSetting8021x *setting = NM_SETTING_802_1X (object);
NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
switch (prop_id) { switch (prop_id) {
case PROP_EAP: case PROP_EAP:
g_value_set_boxed (value, setting->eap); g_value_set_boxed (value, priv->eap);
break; break;
case PROP_IDENTITY: case PROP_IDENTITY:
g_value_set_string (value, setting->identity); g_value_set_string (value, priv->identity);
break; break;
case PROP_ANONYMOUS_IDENTITY: case PROP_ANONYMOUS_IDENTITY:
g_value_set_string (value, setting->anonymous_identity); g_value_set_string (value, priv->anonymous_identity);
break; break;
case PROP_CA_CERT: case PROP_CA_CERT:
g_value_set_boxed (value, setting->ca_cert); g_value_set_boxed (value, priv->ca_cert);
break; break;
case PROP_CA_PATH: case PROP_CA_PATH:
g_value_set_string (value, setting->ca_path); g_value_set_string (value, priv->ca_path);
break; break;
case PROP_CLIENT_CERT: case PROP_CLIENT_CERT:
g_value_set_boxed (value, setting->client_cert); g_value_set_boxed (value, priv->client_cert);
break; break;
case PROP_PHASE1_PEAPVER: case PROP_PHASE1_PEAPVER:
g_value_set_string (value, setting->phase1_peapver); g_value_set_string (value, priv->phase1_peapver);
break; break;
case PROP_PHASE1_PEAPLABEL: case PROP_PHASE1_PEAPLABEL:
g_value_set_string (value, setting->phase1_peaplabel); g_value_set_string (value, priv->phase1_peaplabel);
break; break;
case PROP_PHASE1_FAST_PROVISIONING: case PROP_PHASE1_FAST_PROVISIONING:
g_value_set_string (value, setting->phase1_fast_provisioning); g_value_set_string (value, priv->phase1_fast_provisioning);
break; break;
case PROP_PHASE2_AUTH: case PROP_PHASE2_AUTH:
g_value_set_string (value, setting->phase2_auth); g_value_set_string (value, priv->phase2_auth);
break; break;
case PROP_PHASE2_AUTHEAP: case PROP_PHASE2_AUTHEAP:
g_value_set_string (value, setting->phase2_autheap); g_value_set_string (value, priv->phase2_autheap);
break; break;
case PROP_PHASE2_CA_CERT: case PROP_PHASE2_CA_CERT:
g_value_set_boxed (value, setting->phase2_ca_cert); g_value_set_boxed (value, priv->phase2_ca_cert);
break; break;
case PROP_PHASE2_CA_PATH: case PROP_PHASE2_CA_PATH:
g_value_set_string (value, setting->phase2_ca_path); g_value_set_string (value, priv->phase2_ca_path);
break; break;
case PROP_PHASE2_CLIENT_CERT: case PROP_PHASE2_CLIENT_CERT:
g_value_set_boxed (value, setting->phase2_client_cert); g_value_set_boxed (value, priv->phase2_client_cert);
break; break;
case PROP_PASSWORD: case PROP_PASSWORD:
g_value_set_string (value, setting->password); g_value_set_string (value, priv->password);
break; break;
case PROP_PRIVATE_KEY: case PROP_PRIVATE_KEY:
g_value_set_boxed (value, setting->private_key); g_value_set_boxed (value, priv->private_key);
break; break;
case PROP_PHASE2_PRIVATE_KEY: case PROP_PHASE2_PRIVATE_KEY:
g_value_set_boxed (value, setting->phase2_private_key); g_value_set_boxed (value, priv->phase2_private_key);
break; break;
default: default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
@@ -756,6 +1026,8 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
NMSettingClass *parent_class = NM_SETTING_CLASS (setting_class); NMSettingClass *parent_class = NM_SETTING_CLASS (setting_class);
GError *error = NULL; GError *error = NULL;
g_type_class_add_private (setting_class, sizeof (NMSetting8021xPrivate));
/* virtual methods */ /* virtual methods */
object_class->set_property = set_property; object_class->set_property = set_property;
object_class->get_property = get_property; object_class->get_property = get_property;

66
libnm-util/nm-setting-8021x.h
View File

@@ -75,26 +75,6 @@ GQuark nm_setting_802_1x_error_quark (void);
typedef struct { typedef struct {
NMSetting parent; NMSetting parent;
GSList *eap; /* GSList of strings */
char *identity;
char *anonymous_identity;
GByteArray *ca_cert;
char *ca_path;
GByteArray *client_cert;
char *phase1_peapver;
char *phase1_peaplabel;
char *phase1_fast_provisioning;
char *phase2_auth;
char *phase2_autheap;
GByteArray *phase2_ca_cert;
char *phase2_ca_path;
GByteArray *phase2_client_cert;
char *password;
char *pin;
char *psk;
GByteArray *private_key;
GByteArray *phase2_private_key;
} NMSetting8021x; } NMSetting8021x;
typedef struct { typedef struct {
@@ -105,28 +85,62 @@ GType nm_setting_802_1x_get_type (void);
NMSetting *nm_setting_802_1x_new (void); NMSetting *nm_setting_802_1x_new (void);
gboolean nm_setting_802_1x_set_ca_cert (NMSetting8021x *self, guint32 nm_setting_802_1x_get_num_eap_methods (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_eap_method (NMSetting8021x *setting, guint32 i);
gboolean nm_setting_802_1x_add_eap_method (NMSetting8021x *setting, const char *eap);
void nm_setting_802_1x_remove_eap_method (NMSetting8021x *setting, guint32 i);
void nm_setting_802_1x_clear_eap_methods (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_identity (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_anonymous_identity (NMSetting8021x *setting);
const GByteArray *nm_setting_802_1x_get_ca_cert (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_ca_path (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_ca_cert_from_file (NMSetting8021x *setting,
const char *filename, const char *filename,
GError **err); GError **err);
gboolean nm_setting_802_1x_set_client_cert (NMSetting8021x *self, const GByteArray *nm_setting_802_1x_get_client_cert (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_client_cert_from_file (NMSetting8021x *setting,
const char *filename, const char *filename,
GError **err); GError **err);
gboolean nm_setting_802_1x_set_phase2_ca_cert (NMSetting8021x *self, const char * nm_setting_802_1x_get_phase1_peapver (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase1_peaplabel (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase1_fast_provisioning (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase2_auth (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase2_autheap (NMSetting8021x *setting);
const GByteArray *nm_setting_802_1x_get_phase2_ca_cert (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_phase2_ca_path (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_phase2_ca_cert_from_file (NMSetting8021x *setting,
const char *filename, const char *filename,
GError **err); GError **err);
gboolean nm_setting_802_1x_set_phase2_client_cert (NMSetting8021x *self, const GByteArray *nm_setting_802_1x_get_phase2_client_cert (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_phase2_client_cert_from_file (NMSetting8021x *setting,
const char *filename, const char *filename,
GError **err); GError **err);
gboolean nm_setting_802_1x_set_private_key (NMSetting8021x *self, const char * nm_setting_802_1x_get_password (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_pin (NMSetting8021x *setting);
const char * nm_setting_802_1x_get_psk (NMSetting8021x *setting);
const GByteArray *nm_setting_802_1x_get_private_key (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_private_key_from_file (NMSetting8021x *setting,
const char *filename, const char *filename,
const char *password, const char *password,
GError **err); GError **err);
gboolean nm_setting_802_1x_set_phase2_private_key (NMSetting8021x *self, const GByteArray *nm_setting_802_1x_get_phase2_private_key (NMSetting8021x *setting);
gboolean nm_setting_802_1x_set_phase2_private_key_from_file (NMSetting8021x *setting,
const char *filename, const char *filename,
const char *password, const char *password,
GError **err); GError **err);

89
src/supplicant-manager/nm-supplicant-config.c
View File

@@ -426,12 +426,12 @@ nm_supplicant_config_add_setting_wireless (NMSupplicantConfig * self,
} \ } \
} }
#define ADD_STRING_LIST_VAL(setting, field, field_plural, name, ucase, secret) \ #define ADD_STRING_LIST_VAL(setting, setting_name, field, field_plural, name, ucase, secret) \
if (nm_setting_wireless_security_get_num_##field_plural (setting)) { \ if (nm_setting_##setting_name##_get_num_##field_plural (setting)) { \
guint32 k; \ guint32 k; \
GString *str = g_string_new (NULL); \ GString *str = g_string_new (NULL); \
for (k = 0; k < nm_setting_wireless_security_get_num_##field_plural (setting); k++) { \ for (k = 0; k < nm_setting_##setting_name##_get_num_##field_plural (setting); k++) { \
const char *item = nm_setting_wireless_security_get_##field (setting, k); \ const char *item = nm_setting_##setting_name##_get_##field (setting, k); \
if (!str->len) { \ if (!str->len) { \
g_string_append (str, item); \ g_string_append (str, item); \
} else { \ } else { \
@@ -504,9 +504,9 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
if ( !strcmp (key_mgmt, "wpa-none") if ( !strcmp (key_mgmt, "wpa-none")
|| !strcmp (key_mgmt, "wpa-psk") || !strcmp (key_mgmt, "wpa-psk")
|| !strcmp (key_mgmt, "wpa-eap")) { || !strcmp (key_mgmt, "wpa-eap")) {
ADD_STRING_LIST_VAL (setting, proto, protos, "proto", TRUE, FALSE); ADD_STRING_LIST_VAL (setting, wireless_security, proto, protos, "proto", TRUE, FALSE);
ADD_STRING_LIST_VAL (setting, pairwise, pairwise, "pairwise", TRUE, FALSE); ADD_STRING_LIST_VAL (setting, wireless_security, pairwise, pairwise, "pairwise", TRUE, FALSE);
ADD_STRING_LIST_VAL (setting, group, groups, "group", TRUE, FALSE); ADD_STRING_LIST_VAL (setting, wireless_security, group, groups, "group", TRUE, FALSE);
} }
/* WEP keys if required */ /* WEP keys if required */
@@ -572,8 +572,8 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self);
ADD_STRING_VAL (setting->password, "password", FALSE, FALSE, TRUE); ADD_STRING_VAL (nm_setting_802_1x_get_password (setting), "password", FALSE, FALSE, TRUE);
ADD_STRING_VAL (setting->pin, "pin", FALSE, FALSE, TRUE); ADD_STRING_VAL (nm_setting_802_1x_get_pin (setting), "pin", FALSE, FALSE, TRUE);
if (wired) { if (wired) {
ADD_STRING_VAL ("IEEE8021X", "key_mgmt", TRUE, FALSE, FALSE); ADD_STRING_VAL ("IEEE8021X", "key_mgmt", TRUE, FALSE, FALSE);
@@ -581,51 +581,20 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
ADD_STRING_VAL ("0", "eapol_flags", FALSE, FALSE, FALSE); ADD_STRING_VAL ("0", "eapol_flags", FALSE, FALSE, FALSE);
} }
/* Private key passwords are never passed to wpa_supplicant because the ADD_STRING_LIST_VAL (setting, 802_1x, eap_method, eap_methods, "eap", TRUE, FALSE);
* user agent is responsible for decoding and decrypting the private key,
* and file paths are never passed to wpa_supplicant to ensure that
* the supplicant can be locked down and doesn't try to read stuff from
* all over the drive.
*/
/* FIXME: go back to using ADD_STRING_LIST_VAL when 802.1x setting is
* converted to accessors */
if (setting->eap) {
GSList *elt;
GString *str = g_string_new (NULL);
for (elt = setting->eap; elt; elt = g_slist_next (elt)) {
if (!str->len) {
g_string_append (str, elt->data);
} else {
g_string_append_c (str, ' ');
g_string_append (str, elt->data);
}
}
g_string_ascii_up (str);
if (str->len)
success = nm_supplicant_config_add_option (self, "eap", str->str, -1, FALSE);
else
success = TRUE;
g_string_free (str, TRUE);
if (!success) {
nm_warning ("Error adding %s to supplicant config.", "eap");
return FALSE;
}
}
/* Drop the fragment size a bit for better compatibility */ /* Drop the fragment size a bit for better compatibility */
if (!nm_supplicant_config_add_option (self, "fragment_size", "1300", -1, FALSE)) if (!nm_supplicant_config_add_option (self, "fragment_size", "1300", -1, FALSE))
return FALSE; return FALSE;
phase1 = g_string_new (NULL); phase1 = g_string_new (NULL);
if (setting->phase1_peapver) if (nm_setting_802_1x_get_phase1_peapver (setting))
g_string_append_printf (phase1, "peapver=%s", setting->phase1_peapver); g_string_append_printf (phase1, "peapver=%s", nm_setting_802_1x_get_phase1_peapver (setting));
if (setting->phase1_peaplabel) { if (nm_setting_802_1x_get_phase1_peaplabel (setting)) {
if (phase1->len) if (phase1->len)
g_string_append_c (phase1, ' '); g_string_append_c (phase1, ' ');
g_string_append_printf (phase1, "peaplabel=%s", setting->phase1_peaplabel); g_string_append_printf (phase1, "peaplabel=%s", nm_setting_802_1x_get_phase1_peaplabel (setting));
} }
if (phase1->len) if (phase1->len)
@@ -633,16 +602,16 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
g_string_free (phase1, TRUE); g_string_free (phase1, TRUE);
phase2 = g_string_new (NULL); phase2 = g_string_new (NULL);
if (setting->phase2_auth) { if (nm_setting_802_1x_get_phase2_auth (setting)) {
tmp = g_ascii_strup (setting->phase2_auth, -1); tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_auth (setting), -1);
g_string_append_printf (phase2, "auth=%s", tmp); g_string_append_printf (phase2, "auth=%s", tmp);
g_free (tmp); g_free (tmp);
} }
if (setting->phase2_autheap) { if (nm_setting_802_1x_get_phase2_autheap (setting)) {
if (phase2->len) if (phase2->len)
g_string_append_c (phase2, ' '); g_string_append_c (phase2, ' ');
tmp = g_ascii_strup (setting->phase2_autheap, -1); tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_autheap (setting), -1);
g_string_append_printf (phase2, "autheap=%s", tmp); g_string_append_printf (phase2, "autheap=%s", tmp);
g_free (tmp); g_free (tmp);
} }
@@ -651,15 +620,21 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
ADD_STRING_VAL (phase2->str, "phase2", FALSE, FALSE, FALSE); ADD_STRING_VAL (phase2->str, "phase2", FALSE, FALSE, FALSE);
g_string_free (phase2, TRUE); g_string_free (phase2, TRUE);
ADD_BLOB_VAL (setting->ca_cert, "ca_cert", connection_uid); /* Private key passwords are never passed to wpa_supplicant because the
ADD_BLOB_VAL (setting->client_cert, "client_cert", connection_uid); * user agent is responsible for decoding and decrypting the private key,
ADD_BLOB_VAL (setting->private_key, "private_key", connection_uid); * and file paths are never passed to wpa_supplicant to ensure that
ADD_BLOB_VAL (setting->phase2_ca_cert, "ca_cert2", connection_uid); * the supplicant can be locked down and doesn't try to read stuff from
ADD_BLOB_VAL (setting->phase2_client_cert, "client_cert2", connection_uid); * all over the drive.
ADD_BLOB_VAL (setting->phase2_private_key, "private_key2", connection_uid); */
ADD_BLOB_VAL (nm_setting_802_1x_get_ca_cert (setting), "ca_cert", connection_uid);
ADD_BLOB_VAL (nm_setting_802_1x_get_client_cert (setting), "client_cert", connection_uid);
ADD_BLOB_VAL (nm_setting_802_1x_get_private_key (setting), "private_key", connection_uid);
ADD_BLOB_VAL (nm_setting_802_1x_get_phase2_ca_cert (setting), "ca_cert2", connection_uid);
ADD_BLOB_VAL (nm_setting_802_1x_get_phase2_client_cert (setting), "client_cert2", connection_uid);
ADD_BLOB_VAL (nm_setting_802_1x_get_phase2_private_key (setting), "private_key2", connection_uid);
ADD_STRING_VAL (setting->identity, "identity", FALSE, FALSE, FALSE); ADD_STRING_VAL (nm_setting_802_1x_get_identity (setting), "identity", FALSE, FALSE, FALSE);
ADD_STRING_VAL (setting->anonymous_identity, "anonymous_identity", FALSE, FALSE, FALSE); ADD_STRING_VAL (nm_setting_802_1x_get_anonymous_identity (setting), "anonymous_identity", FALSE, FALSE, FALSE);
return TRUE; return TRUE;
} }

32
system-settings/plugins/ifcfg-suse/parser.c
View File

@@ -440,21 +440,35 @@ read_wpa_eap_settings (shvarFile *ifcfg)
pieces = g_strsplit (str, " ", 0); pieces = g_strsplit (str, " ", 0);
for (i = 0; pieces[i]; i++) for (i = 0; pieces[i]; i++)
s_802_1x->eap = g_slist_append (s_802_1x->eap, pieces[i]); nm_setting_802_1x_add_eap_method (s_802_1x, pieces[i]);
g_free (pieces); g_free (pieces);
g_free (str); g_free (str);
} }
s_802_1x->anonymous_identity = svGetValue (ifcfg, "WIRELESS_WPA_ANONID"); str = svGetValue (ifcfg, "WIRELESS_WPA_ANONID");
s_802_1x->phase1_peapver = svGetValue (ifcfg, "WIRELESS_PEAP_VERSION"); g_object_set (s_802_1x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, str, NULL);
s_802_1x->phase2_auth = svGetValue (ifcfg, "WIRELESS_EAP_AUTH"); g_free (str);
s_802_1x->identity = svGetValue (ifcfg, "WIRELESS_WPA_IDENTITY");
s_802_1x->password = svGetValue (ifcfg, "WIRELESS_WPA_PASSWORD"); str = svGetValue (ifcfg, "WIRELESS_PEAP_VERSION");
g_object_set (s_802_1x, NM_SETTING_802_1X_PHASE1_PEAPVER, str, NULL);
g_free (str);
str = svGetValue (ifcfg, "WIRELESS_EAP_AUTH");
g_object_set (s_802_1x, NM_SETTING_802_1X_PHASE2_AUTH, str, NULL);
g_free (str);
str = svGetValue (ifcfg, "WIRELESS_WPA_IDENTITY");
g_object_set (s_802_1x, NM_SETTING_802_1X_IDENTITY, str, NULL);
g_free (str);
str = svGetValue (ifcfg, "WIRELESS_WPA_PASSWORD");
g_object_set (s_802_1x, NM_SETTING_802_1X_PASSWORD, str, NULL);
g_free (str);
str = svGetValue (ifcfg, "WIRELESS_CA_CERT"); str = svGetValue (ifcfg, "WIRELESS_CA_CERT");
if (str) { if (str) {
nm_setting_802_1x_set_ca_cert (s_802_1x, str, &err); nm_setting_802_1x_set_ca_cert_from_file (s_802_1x, str, &err);
if (err) { if (err) {
g_warning ("Error loading WIRELESS_CA_CERT: %s", err->message); g_warning ("Error loading WIRELESS_CA_CERT: %s", err->message);
g_error_free (err); g_error_free (err);
@@ -465,7 +479,7 @@ read_wpa_eap_settings (shvarFile *ifcfg)
str = svGetValue (ifcfg, "WIRELESS_CLIENT_CERT"); str = svGetValue (ifcfg, "WIRELESS_CLIENT_CERT");
if (str) { if (str) {
nm_setting_802_1x_set_client_cert (s_802_1x, str, &err); nm_setting_802_1x_set_client_cert_from_file (s_802_1x, str, &err);
if (err) { if (err) {
g_warning ("Error loading WIRELESS_CLIENT_CERT: %s", err->message); g_warning ("Error loading WIRELESS_CLIENT_CERT: %s", err->message);
g_error_free (err); g_error_free (err);
@@ -480,7 +494,7 @@ read_wpa_eap_settings (shvarFile *ifcfg)
password = svGetValue (ifcfg, "WIRELESS_CLIENT_KEY_PASSWORD"); password = svGetValue (ifcfg, "WIRELESS_CLIENT_KEY_PASSWORD");
if (password) { if (password) {
nm_setting_802_1x_set_private_key (s_802_1x, str, password, &err); nm_setting_802_1x_set_private_key_from_file (s_802_1x, str, password, &err);
if (err) { if (err) {
g_warning ("Error loading WIRELESS_CLIENT_KEY: %s", err->message); g_warning ("Error loading WIRELESS_CLIENT_KEY: %s", err->message);
g_error_free (err); g_error_free (err);