nm-setting-8021x.h 16.9 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */

/*
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the
 * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 * Boston, MA 02110-1301 USA.
 *
 * Copyright 2007 - 2014 Red Hat, Inc.
 * Copyright 2007 - 2008 Novell, Inc.
 */

#ifndef NM_SETTING_8021X_H
#define NM_SETTING_8021X_H

26 27 28 29
#if !defined (__NETWORKMANAGER_H_INSIDE__) && !defined (NETWORKMANAGER_COMPILATION)
#error "Only <NetworkManager.h> can be included directly."
#endif

30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158
#include <nm-setting.h>

G_BEGIN_DECLS

/**
 * NMSetting8021xCKFormat:
 * @NM_SETTING_802_1X_CK_FORMAT_UNKNOWN: unknown file format
 * @NM_SETTING_802_1X_CK_FORMAT_X509: file contains an X.509 format certificate
 * @NM_SETTING_802_1X_CK_FORMAT_RAW_KEY: file contains an old-style OpenSSL PEM
 * or DER private key
 * @NM_SETTING_802_1X_CK_FORMAT_PKCS12: file contains a PKCS#12 certificate
 * and private key
 *
 * #NMSetting8021xCKFormat values indicate the general type of a certificate
 * or private key
 */
typedef enum { /*< underscore_name=nm_setting_802_1x_ck_format >*/
	NM_SETTING_802_1X_CK_FORMAT_UNKNOWN = 0,
	NM_SETTING_802_1X_CK_FORMAT_X509,
	NM_SETTING_802_1X_CK_FORMAT_RAW_KEY,
	NM_SETTING_802_1X_CK_FORMAT_PKCS12
} NMSetting8021xCKFormat;

/**
 * NMSetting8021xCKScheme:
 * @NM_SETTING_802_1X_CK_SCHEME_UNKNOWN: unknown certificate or private key
 * scheme
 * @NM_SETTING_802_1X_CK_SCHEME_BLOB: certificate or key is stored as the raw
 * item data
 * @NM_SETTING_802_1X_CK_SCHEME_PATH: certificate or key is stored as a path
 * to a file containing the certificate or key data
 *
 * #NMSetting8021xCKScheme values indicate how a certificate or private key is
 * stored in the setting properties, either as a blob of the item's data, or as
 * a path to a certificate or private key file on the filesystem
 */
typedef enum { /*< underscore_name=nm_setting_802_1x_ck_scheme >*/
	NM_SETTING_802_1X_CK_SCHEME_UNKNOWN = 0,
	NM_SETTING_802_1X_CK_SCHEME_BLOB,
	NM_SETTING_802_1X_CK_SCHEME_PATH
} NMSetting8021xCKScheme;


#define NM_TYPE_SETTING_802_1X            (nm_setting_802_1x_get_type ())
#define NM_SETTING_802_1X(obj)            (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_SETTING_802_1X, NMSetting8021x))
#define NM_SETTING_802_1X_CLASS(klass)    (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_SETTING_802_1X, NMSetting8021xClass))
#define NM_IS_SETTING_802_1X(obj)         (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_SETTING_802_1X))
#define NM_IS_SETTING_802_1X_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_SETTING_802_1X))
#define NM_SETTING_802_1X_GET_CLASS(obj)  (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_SETTING_802_1X, NMSetting8021xClass))

#define NM_SETTING_802_1X_SETTING_NAME "802-1x"

/**
 * NMSetting8021xError:
 * @NM_SETTING_802_1X_ERROR_UNKNOWN: unknown or unclassified error
 * @NM_SETTING_802_1X_ERROR_INVALID_PROPERTY: the property was invalid
 * @NM_SETTING_802_1X_ERROR_MISSING_PROPERTY: the property was missing and is
 * required
 */
typedef enum { /*< underscore_name=nm_setting_802_1x_error >*/
	NM_SETTING_802_1X_ERROR_UNKNOWN = 0,      /*< nick=UnknownError >*/
	NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, /*< nick=InvalidProperty >*/
	NM_SETTING_802_1X_ERROR_MISSING_PROPERTY  /*< nick=MissingProperty >*/
} NMSetting8021xError;

#define NM_SETTING_802_1X_ERROR nm_setting_802_1x_error_quark ()
GQuark nm_setting_802_1x_error_quark (void);


#define NM_SETTING_802_1X_EAP "eap"
#define NM_SETTING_802_1X_IDENTITY "identity"
#define NM_SETTING_802_1X_ANONYMOUS_IDENTITY "anonymous-identity"
#define NM_SETTING_802_1X_PAC_FILE "pac-file"
#define NM_SETTING_802_1X_CA_CERT "ca-cert"
#define NM_SETTING_802_1X_CA_PATH "ca-path"
#define NM_SETTING_802_1X_SUBJECT_MATCH "subject-match"
#define NM_SETTING_802_1X_ALTSUBJECT_MATCHES "altsubject-matches"
#define NM_SETTING_802_1X_CLIENT_CERT "client-cert"
#define NM_SETTING_802_1X_PHASE1_PEAPVER "phase1-peapver"
#define NM_SETTING_802_1X_PHASE1_PEAPLABEL "phase1-peaplabel"
#define NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING "phase1-fast-provisioning"
#define NM_SETTING_802_1X_PHASE2_AUTH "phase2-auth"
#define NM_SETTING_802_1X_PHASE2_AUTHEAP "phase2-autheap"
#define NM_SETTING_802_1X_PHASE2_CA_CERT "phase2-ca-cert"
#define NM_SETTING_802_1X_PHASE2_CA_PATH "phase2-ca-path"
#define NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH "phase2-subject-match"
#define NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES "phase2-altsubject-matches"
#define NM_SETTING_802_1X_PHASE2_CLIENT_CERT "phase2-client-cert"
#define NM_SETTING_802_1X_PASSWORD "password"
#define NM_SETTING_802_1X_PASSWORD_FLAGS "password-flags"
#define NM_SETTING_802_1X_PASSWORD_RAW "password-raw"
#define NM_SETTING_802_1X_PASSWORD_RAW_FLAGS "password-raw-flags"
#define NM_SETTING_802_1X_PRIVATE_KEY "private-key"
#define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD "private-key-password"
#define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS "private-key-password-flags"
#define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY "phase2-private-key"
#define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD "phase2-private-key-password"
#define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS "phase2-private-key-password-flags"
#define NM_SETTING_802_1X_PIN "pin"
#define NM_SETTING_802_1X_PIN_FLAGS "pin-flags"
#define NM_SETTING_802_1X_SYSTEM_CA_CERTS "system-ca-certs"

/* PRIVATE KEY NOTE: when setting PKCS#12 private keys directly via properties
 * using the "blob" scheme, the data must be passed in PKCS#12 binary format.
 * In this case, the appropriate "client-cert" (or "phase2-client-cert")
 * property of the NMSetting8021x object must also contain the exact same
 * PKCS#12 binary data that the private key does.  This is because the
 * PKCS#12 file contains both the private key and client certificate, so both
 * properties need to be set to the same thing.  When using the "path" scheme,
 * just set both the private-key and client-cert properties to the same path.
 *
 * When setting OpenSSL-derived "traditional" format (ie S/MIME style, not
 * PKCS#8) RSA and DSA keys directly via properties with the "blob" scheme, they
 * should be passed to NetworkManager in PEM format with the "DEK-Info" and
 * "Proc-Type" tags intact.  Decrypted private keys should not be used as this
 * is insecure and could allow unprivileged users to access the decrypted
 * private key data.
 *
 * When using the "path" scheme, just set the private-key and client-cert
 * properties to the paths to their respective objects.
 */

typedef struct {
	NMSetting parent;
} NMSetting8021x;

typedef struct {
	NMSettingClass parent;

159 160
	/*< private >*/
	gpointer padding[4];
161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295
} NMSetting8021xClass;

GType nm_setting_802_1x_get_type (void);

NMSetting *nm_setting_802_1x_new (void);

guint32           nm_setting_802_1x_get_num_eap_methods              (NMSetting8021x *setting);
const char *      nm_setting_802_1x_get_eap_method                   (NMSetting8021x *setting, guint32 i);
gboolean          nm_setting_802_1x_add_eap_method                   (NMSetting8021x *setting, const char *eap);
void              nm_setting_802_1x_remove_eap_method                (NMSetting8021x *setting, guint32 i);
gboolean          nm_setting_802_1x_remove_eap_method_by_value       (NMSetting8021x *setting, const char *eap);
void              nm_setting_802_1x_clear_eap_methods                (NMSetting8021x *setting);

const char *      nm_setting_802_1x_get_identity                     (NMSetting8021x *setting);

const char *      nm_setting_802_1x_get_anonymous_identity           (NMSetting8021x *setting);

const char *      nm_setting_802_1x_get_pac_file                     (NMSetting8021x *setting);

gboolean          nm_setting_802_1x_get_system_ca_certs              (NMSetting8021x *setting);
const char *      nm_setting_802_1x_get_ca_path                      (NMSetting8021x *setting);
const char *      nm_setting_802_1x_get_phase2_ca_path               (NMSetting8021x *setting);

NMSetting8021xCKScheme nm_setting_802_1x_get_ca_cert_scheme          (NMSetting8021x *setting);
const GByteArray *     nm_setting_802_1x_get_ca_cert_blob            (NMSetting8021x *setting);
const char *           nm_setting_802_1x_get_ca_cert_path            (NMSetting8021x *setting);
gboolean               nm_setting_802_1x_set_ca_cert                 (NMSetting8021x *setting,
                                                                      const char *cert_path,
                                                                      NMSetting8021xCKScheme scheme,
                                                                      NMSetting8021xCKFormat *out_format,
                                                                      GError **error);

const char *      nm_setting_802_1x_get_subject_match                (NMSetting8021x *setting);

guint32           nm_setting_802_1x_get_num_altsubject_matches       (NMSetting8021x *setting);
const char *      nm_setting_802_1x_get_altsubject_match             (NMSetting8021x *setting,
                                                                      guint32 i);
gboolean          nm_setting_802_1x_add_altsubject_match             (NMSetting8021x *setting,
                                                                      const char *altsubject_match);
void              nm_setting_802_1x_remove_altsubject_match          (NMSetting8021x *setting,
                                                                      guint32 i);
gboolean          nm_setting_802_1x_remove_altsubject_match_by_value (NMSetting8021x *setting,
                                                                      const char *altsubject_match);
void              nm_setting_802_1x_clear_altsubject_matches         (NMSetting8021x *setting);

NMSetting8021xCKScheme nm_setting_802_1x_get_client_cert_scheme      (NMSetting8021x *setting);
const GByteArray *     nm_setting_802_1x_get_client_cert_blob        (NMSetting8021x *setting);
const char *           nm_setting_802_1x_get_client_cert_path        (NMSetting8021x *setting);
gboolean               nm_setting_802_1x_set_client_cert             (NMSetting8021x *setting,
                                                                      const char *cert_path,
                                                                      NMSetting8021xCKScheme scheme,
                                                                      NMSetting8021xCKFormat *out_format,
                                                                      GError **error);

const char *      nm_setting_802_1x_get_phase1_peapver               (NMSetting8021x *setting);

const char *      nm_setting_802_1x_get_phase1_peaplabel             (NMSetting8021x *setting);

const char *      nm_setting_802_1x_get_phase1_fast_provisioning     (NMSetting8021x *setting);

const char *      nm_setting_802_1x_get_phase2_auth                  (NMSetting8021x *setting);

const char *      nm_setting_802_1x_get_phase2_autheap               (NMSetting8021x *setting);

NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_ca_cert_scheme   (NMSetting8021x *setting);
const GByteArray *     nm_setting_802_1x_get_phase2_ca_cert_blob     (NMSetting8021x *setting);
const char *           nm_setting_802_1x_get_phase2_ca_cert_path     (NMSetting8021x *setting);
gboolean               nm_setting_802_1x_set_phase2_ca_cert          (NMSetting8021x *setting,
                                                                      const char *cert_path,
                                                                      NMSetting8021xCKScheme scheme,
                                                                      NMSetting8021xCKFormat *out_format,
                                                                      GError **error);

const char *      nm_setting_802_1x_get_phase2_subject_match         (NMSetting8021x *setting);

guint32           nm_setting_802_1x_get_num_phase2_altsubject_matches       (NMSetting8021x *setting);
const char *      nm_setting_802_1x_get_phase2_altsubject_match             (NMSetting8021x *setting,
                                                                             guint32 i);
gboolean          nm_setting_802_1x_add_phase2_altsubject_match             (NMSetting8021x *setting,
                                                                             const char *phase2_altsubject_match);
void              nm_setting_802_1x_remove_phase2_altsubject_match          (NMSetting8021x *setting,
                                                                             guint32 i);
gboolean          nm_setting_802_1x_remove_phase2_altsubject_match_by_value (NMSetting8021x *setting,
                                                                             const char *phase2_altsubject_match);
void              nm_setting_802_1x_clear_phase2_altsubject_matches         (NMSetting8021x *setting);

NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_client_cert_scheme   (NMSetting8021x *setting);
const GByteArray *     nm_setting_802_1x_get_phase2_client_cert_blob     (NMSetting8021x *setting);
const char *           nm_setting_802_1x_get_phase2_client_cert_path     (NMSetting8021x *setting);
gboolean               nm_setting_802_1x_set_phase2_client_cert          (NMSetting8021x *setting,
                                                                          const char *cert_path,
                                                                          NMSetting8021xCKScheme scheme,
                                                                          NMSetting8021xCKFormat *out_format,
                                                                          GError **error);

const char *      nm_setting_802_1x_get_password                     (NMSetting8021x *setting);
NMSettingSecretFlags nm_setting_802_1x_get_password_flags            (NMSetting8021x *setting);
const GByteArray *   nm_setting_802_1x_get_password_raw              (NMSetting8021x *setting);
NMSettingSecretFlags nm_setting_802_1x_get_password_raw_flags        (NMSetting8021x *setting);

const char *      nm_setting_802_1x_get_pin                          (NMSetting8021x *setting);
NMSettingSecretFlags nm_setting_802_1x_get_pin_flags                 (NMSetting8021x *setting);

NMSetting8021xCKScheme nm_setting_802_1x_get_private_key_scheme          (NMSetting8021x *setting);
const GByteArray *     nm_setting_802_1x_get_private_key_blob            (NMSetting8021x *setting);
const char *           nm_setting_802_1x_get_private_key_path            (NMSetting8021x *setting);
gboolean               nm_setting_802_1x_set_private_key                 (NMSetting8021x *setting,
                                                                          const char *key_path,
                                                                          const char *password,
                                                                          NMSetting8021xCKScheme scheme,
                                                                          NMSetting8021xCKFormat *out_format,
                                                                          GError **error);
const char *           nm_setting_802_1x_get_private_key_password        (NMSetting8021x *setting);
NMSettingSecretFlags   nm_setting_802_1x_get_private_key_password_flags  (NMSetting8021x *setting);

NMSetting8021xCKFormat nm_setting_802_1x_get_private_key_format          (NMSetting8021x *setting);

NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_private_key_scheme   (NMSetting8021x *setting);
const GByteArray *     nm_setting_802_1x_get_phase2_private_key_blob     (NMSetting8021x *setting);
const char *           nm_setting_802_1x_get_phase2_private_key_path     (NMSetting8021x *setting);
gboolean               nm_setting_802_1x_set_phase2_private_key          (NMSetting8021x *setting,
                                                                          const char *key_path,
                                                                          const char *password,
                                                                          NMSetting8021xCKScheme scheme,
                                                                          NMSetting8021xCKFormat *out_format,
                                                                          GError **error);
const char *           nm_setting_802_1x_get_phase2_private_key_password (NMSetting8021x *setting);
NMSettingSecretFlags   nm_setting_802_1x_get_phase2_private_key_password_flags (NMSetting8021x *setting);

NMSetting8021xCKFormat nm_setting_802_1x_get_phase2_private_key_format   (NMSetting8021x *setting);


G_END_DECLS

#endif /* NM_SETTING_8021X_H */