nm-setting-8021x.h 16.9 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */

/*
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the
 * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 * Boston, MA 02110-1301 USA.
 *
19 20
 * Copyright 2007 - 2014 Red Hat, Inc.
 * Copyright 2007 - 2008 Novell, Inc.
21
 */
22 23 24 25

#ifndef NM_SETTING_8021X_H
#define NM_SETTING_8021X_H

26
#include "nm-setting.h"
27 28 29

G_BEGIN_DECLS

30 31 32 33 34 35
/**
 * NMSetting8021xCKFormat:
 * @NM_SETTING_802_1X_CK_FORMAT_UNKNOWN: unknown file format
 * @NM_SETTING_802_1X_CK_FORMAT_X509: file contains an X.509 format certificate
 * @NM_SETTING_802_1X_CK_FORMAT_RAW_KEY: file contains an old-style OpenSSL PEM
 * or DER private key
Dan Winship's avatar
Dan Winship committed
36
 * @NM_SETTING_802_1X_CK_FORMAT_PKCS12: file contains a PKCS#<!-- -->12 certificate
37 38 39 40 41
 * and private key
 *
 * #NMSetting8021xCKFormat values indicate the general type of a certificate
 * or private key
 */
42
typedef enum { /*< underscore_name=nm_setting_802_1x_ck_format >*/
43 44 45 46 47 48
	NM_SETTING_802_1X_CK_FORMAT_UNKNOWN = 0,
	NM_SETTING_802_1X_CK_FORMAT_X509,
	NM_SETTING_802_1X_CK_FORMAT_RAW_KEY,
	NM_SETTING_802_1X_CK_FORMAT_PKCS12
} NMSetting8021xCKFormat;

49 50 51 52 53 54 55 56 57 58 59 60 61
/**
 * NMSetting8021xCKScheme:
 * @NM_SETTING_802_1X_CK_SCHEME_UNKNOWN: unknown certificate or private key
 * scheme
 * @NM_SETTING_802_1X_CK_SCHEME_BLOB: certificate or key is stored as the raw
 * item data
 * @NM_SETTING_802_1X_CK_SCHEME_PATH: certificate or key is stored as a path
 * to a file containing the certificate or key data
 *
 * #NMSetting8021xCKScheme values indicate how a certificate or private key is
 * stored in the setting properties, either as a blob of the item's data, or as
 * a path to a certificate or private key file on the filesystem
 */
62
typedef enum { /*< underscore_name=nm_setting_802_1x_ck_scheme >*/
63 64 65 66
	NM_SETTING_802_1X_CK_SCHEME_UNKNOWN = 0,
	NM_SETTING_802_1X_CK_SCHEME_BLOB,
	NM_SETTING_802_1X_CK_SCHEME_PATH
} NMSetting8021xCKScheme;
67

68 69 70 71
#define NM_TYPE_SETTING_802_1X            (nm_setting_802_1x_get_type ())
#define NM_SETTING_802_1X(obj)            (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_SETTING_802_1X, NMSetting8021x))
#define NM_SETTING_802_1X_CLASS(klass)    (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_SETTING_802_1X, NMSetting8021xClass))
#define NM_IS_SETTING_802_1X(obj)         (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_SETTING_802_1X))
72
#define NM_IS_SETTING_802_1X_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_SETTING_802_1X))
73 74
#define NM_SETTING_802_1X_GET_CLASS(obj)  (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_SETTING_802_1X, NMSetting8021xClass))

75
#define NM_SETTING_802_1X_SETTING_NAME "802-1x"
76

77 78 79 80 81 82 83
/**
 * NMSetting8021xError:
 * @NM_SETTING_802_1X_ERROR_UNKNOWN: unknown or unclassified error
 * @NM_SETTING_802_1X_ERROR_INVALID_PROPERTY: the property was invalid
 * @NM_SETTING_802_1X_ERROR_MISSING_PROPERTY: the property was missing and is
 * required
 */
84
typedef enum { /*< underscore_name=nm_setting_802_1x_error >*/
85 86 87
	NM_SETTING_802_1X_ERROR_UNKNOWN = 0,      /*< nick=UnknownError >*/
	NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, /*< nick=InvalidProperty >*/
	NM_SETTING_802_1X_ERROR_MISSING_PROPERTY  /*< nick=MissingProperty >*/
88 89 90 91 92
} NMSetting8021xError;

#define NM_SETTING_802_1X_ERROR nm_setting_802_1x_error_quark ()
GQuark nm_setting_802_1x_error_quark (void);

93 94 95
#define NM_SETTING_802_1X_EAP "eap"
#define NM_SETTING_802_1X_IDENTITY "identity"
#define NM_SETTING_802_1X_ANONYMOUS_IDENTITY "anonymous-identity"
96
#define NM_SETTING_802_1X_PAC_FILE "pac-file"
97 98
#define NM_SETTING_802_1X_CA_CERT "ca-cert"
#define NM_SETTING_802_1X_CA_PATH "ca-path"
99 100
#define NM_SETTING_802_1X_SUBJECT_MATCH "subject-match"
#define NM_SETTING_802_1X_ALTSUBJECT_MATCHES "altsubject-matches"
101 102 103 104 105 106 107 108
#define NM_SETTING_802_1X_CLIENT_CERT "client-cert"
#define NM_SETTING_802_1X_PHASE1_PEAPVER "phase1-peapver"
#define NM_SETTING_802_1X_PHASE1_PEAPLABEL "phase1-peaplabel"
#define NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING "phase1-fast-provisioning"
#define NM_SETTING_802_1X_PHASE2_AUTH "phase2-auth"
#define NM_SETTING_802_1X_PHASE2_AUTHEAP "phase2-autheap"
#define NM_SETTING_802_1X_PHASE2_CA_CERT "phase2-ca-cert"
#define NM_SETTING_802_1X_PHASE2_CA_PATH "phase2-ca-path"
109 110
#define NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH "phase2-subject-match"
#define NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES "phase2-altsubject-matches"
111 112
#define NM_SETTING_802_1X_PHASE2_CLIENT_CERT "phase2-client-cert"
#define NM_SETTING_802_1X_PASSWORD "password"
113
#define NM_SETTING_802_1X_PASSWORD_FLAGS "password-flags"
114 115
#define NM_SETTING_802_1X_PASSWORD_RAW "password-raw"
#define NM_SETTING_802_1X_PASSWORD_RAW_FLAGS "password-raw-flags"
116
#define NM_SETTING_802_1X_PRIVATE_KEY "private-key"
117
#define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD "private-key-password"
118
#define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS "private-key-password-flags"
119
#define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY "phase2-private-key"
120
#define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD "phase2-private-key-password"
121
#define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS "phase2-private-key-password-flags"
122
#define NM_SETTING_802_1X_PIN "pin"
123
#define NM_SETTING_802_1X_PIN_FLAGS "pin-flags"
124
#define NM_SETTING_802_1X_SYSTEM_CA_CERTS "system-ca-certs"
125

126
/* PRIVATE KEY NOTE: when setting PKCS#12 private keys directly via properties
127 128 129 130
 * using the "blob" scheme, the data must be passed in PKCS#12 binary format.
 * In this case, the appropriate "client-cert" (or "phase2-client-cert")
 * property of the NMSetting8021x object must also contain the exact same
 * PKCS#12 binary data that the private key does.  This is because the
131 132
 * PKCS#12 file contains both the private key and client certificate, so both
 * properties need to be set to the same thing.  When using the "path" scheme,
133
 * just set both the private-key and client-cert properties to the same path.
134 135 136
 *
 * When setting OpenSSL-derived "traditional" format (ie S/MIME style, not
 * PKCS#8) RSA and DSA keys directly via properties with the "blob" scheme, they
137
 * should be passed to NetworkManager in PEM format with the "DEK-Info" and
138 139 140
 * "Proc-Type" tags intact.  Decrypted private keys should not be used as this
 * is insecure and could allow unprivileged users to access the decrypted
 * private key data.
141 142
 *
 * When using the "path" scheme, just set the private-key and client-cert
143
 * properties to the paths to their respective objects.
144 145
 */

146 147 148 149 150 151
typedef struct {
	NMSetting parent;
} NMSetting8021x;

typedef struct {
	NMSettingClass parent;
152 153 154 155 156 157

	/* Padding for future expansion */
	void (*_reserved1) (void);
	void (*_reserved2) (void);
	void (*_reserved3) (void);
	void (*_reserved4) (void);
158 159 160 161 162 163
} NMSetting8021xClass;

GType nm_setting_802_1x_get_type (void);

NMSetting *nm_setting_802_1x_new (void);

164 165 166 167
guint32           nm_setting_802_1x_get_num_eap_methods              (NMSetting8021x *setting);
const char *      nm_setting_802_1x_get_eap_method                   (NMSetting8021x *setting, guint32 i);
gboolean          nm_setting_802_1x_add_eap_method                   (NMSetting8021x *setting, const char *eap);
void              nm_setting_802_1x_remove_eap_method                (NMSetting8021x *setting, guint32 i);
168 169
NM_AVAILABLE_IN_0_9_10
gboolean          nm_setting_802_1x_remove_eap_method_by_value       (NMSetting8021x *setting, const char *eap);
170 171 172 173 174 175
void              nm_setting_802_1x_clear_eap_methods                (NMSetting8021x *setting);

const char *      nm_setting_802_1x_get_identity                     (NMSetting8021x *setting);

const char *      nm_setting_802_1x_get_anonymous_identity           (NMSetting8021x *setting);

176 177
const char *      nm_setting_802_1x_get_pac_file                     (NMSetting8021x *setting);

178
gboolean          nm_setting_802_1x_get_system_ca_certs              (NMSetting8021x *setting);
179
const char *      nm_setting_802_1x_get_ca_path                      (NMSetting8021x *setting);
180
const char *      nm_setting_802_1x_get_phase2_ca_path               (NMSetting8021x *setting);
181

182 183 184 185
NMSetting8021xCKScheme nm_setting_802_1x_get_ca_cert_scheme          (NMSetting8021x *setting);
const GByteArray *     nm_setting_802_1x_get_ca_cert_blob            (NMSetting8021x *setting);
const char *           nm_setting_802_1x_get_ca_cert_path            (NMSetting8021x *setting);
gboolean               nm_setting_802_1x_set_ca_cert                 (NMSetting8021x *setting,
186
                                                                      const char *cert_path,
187 188 189 190
                                                                      NMSetting8021xCKScheme scheme,
                                                                      NMSetting8021xCKFormat *out_format,
                                                                      GError **error);

191 192 193 194
const char *      nm_setting_802_1x_get_subject_match                (NMSetting8021x *setting);

guint32           nm_setting_802_1x_get_num_altsubject_matches       (NMSetting8021x *setting);
const char *      nm_setting_802_1x_get_altsubject_match             (NMSetting8021x *setting,
195
                                                                      guint32 i);
196
gboolean          nm_setting_802_1x_add_altsubject_match             (NMSetting8021x *setting,
197
                                                                      const char *altsubject_match);
198
void              nm_setting_802_1x_remove_altsubject_match          (NMSetting8021x *setting,
199 200 201 202
                                                                      guint32 i);
NM_AVAILABLE_IN_0_9_10
gboolean          nm_setting_802_1x_remove_altsubject_match_by_value (NMSetting8021x *setting,
                                                                      const char *altsubject_match);
203 204
void              nm_setting_802_1x_clear_altsubject_matches         (NMSetting8021x *setting);

205 206 207 208
NMSetting8021xCKScheme nm_setting_802_1x_get_client_cert_scheme      (NMSetting8021x *setting);
const GByteArray *     nm_setting_802_1x_get_client_cert_blob        (NMSetting8021x *setting);
const char *           nm_setting_802_1x_get_client_cert_path        (NMSetting8021x *setting);
gboolean               nm_setting_802_1x_set_client_cert             (NMSetting8021x *setting,
209
                                                                      const char *cert_path,
210 211 212
                                                                      NMSetting8021xCKScheme scheme,
                                                                      NMSetting8021xCKFormat *out_format,
                                                                      GError **error);
213 214 215 216 217 218 219 220 221 222 223

const char *      nm_setting_802_1x_get_phase1_peapver               (NMSetting8021x *setting);

const char *      nm_setting_802_1x_get_phase1_peaplabel             (NMSetting8021x *setting);

const char *      nm_setting_802_1x_get_phase1_fast_provisioning     (NMSetting8021x *setting);

const char *      nm_setting_802_1x_get_phase2_auth                  (NMSetting8021x *setting);

const char *      nm_setting_802_1x_get_phase2_autheap               (NMSetting8021x *setting);

224 225 226 227
NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_ca_cert_scheme   (NMSetting8021x *setting);
const GByteArray *     nm_setting_802_1x_get_phase2_ca_cert_blob     (NMSetting8021x *setting);
const char *           nm_setting_802_1x_get_phase2_ca_cert_path     (NMSetting8021x *setting);
gboolean               nm_setting_802_1x_set_phase2_ca_cert          (NMSetting8021x *setting,
228
                                                                      const char *cert_path,
229 230 231 232
                                                                      NMSetting8021xCKScheme scheme,
                                                                      NMSetting8021xCKFormat *out_format,
                                                                      GError **error);

233 234
const char *      nm_setting_802_1x_get_phase2_subject_match         (NMSetting8021x *setting);

235 236 237 238 239 240 241 242 243 244 245
guint32           nm_setting_802_1x_get_num_phase2_altsubject_matches       (NMSetting8021x *setting);
const char *      nm_setting_802_1x_get_phase2_altsubject_match             (NMSetting8021x *setting,
                                                                             guint32 i);
gboolean          nm_setting_802_1x_add_phase2_altsubject_match             (NMSetting8021x *setting,
                                                                             const char *phase2_altsubject_match);
void              nm_setting_802_1x_remove_phase2_altsubject_match          (NMSetting8021x *setting,
                                                                             guint32 i);
NM_AVAILABLE_IN_0_9_10
gboolean          nm_setting_802_1x_remove_phase2_altsubject_match_by_value (NMSetting8021x *setting,
                                                                             const char *phase2_altsubject_match);
void              nm_setting_802_1x_clear_phase2_altsubject_matches         (NMSetting8021x *setting);
246

247 248 249 250
NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_client_cert_scheme   (NMSetting8021x *setting);
const GByteArray *     nm_setting_802_1x_get_phase2_client_cert_blob     (NMSetting8021x *setting);
const char *           nm_setting_802_1x_get_phase2_client_cert_path     (NMSetting8021x *setting);
gboolean               nm_setting_802_1x_set_phase2_client_cert          (NMSetting8021x *setting,
251
                                                                          const char *cert_path,
252 253 254
                                                                          NMSetting8021xCKScheme scheme,
                                                                          NMSetting8021xCKFormat *out_format,
                                                                          GError **error);
255

256
const char *      nm_setting_802_1x_get_password                     (NMSetting8021x *setting);
257
NMSettingSecretFlags nm_setting_802_1x_get_password_flags            (NMSetting8021x *setting);
258 259
const GByteArray *   nm_setting_802_1x_get_password_raw              (NMSetting8021x *setting);
NMSettingSecretFlags nm_setting_802_1x_get_password_raw_flags        (NMSetting8021x *setting);
260

261
const char *      nm_setting_802_1x_get_pin                          (NMSetting8021x *setting);
262
NMSettingSecretFlags nm_setting_802_1x_get_pin_flags                 (NMSetting8021x *setting);
263

264 265 266 267
NMSetting8021xCKScheme nm_setting_802_1x_get_private_key_scheme          (NMSetting8021x *setting);
const GByteArray *     nm_setting_802_1x_get_private_key_blob            (NMSetting8021x *setting);
const char *           nm_setting_802_1x_get_private_key_path            (NMSetting8021x *setting);
gboolean               nm_setting_802_1x_set_private_key                 (NMSetting8021x *setting,
268
                                                                          const char *key_path,
269 270 271 272 273
                                                                          const char *password,
                                                                          NMSetting8021xCKScheme scheme,
                                                                          NMSetting8021xCKFormat *out_format,
                                                                          GError **error);
const char *           nm_setting_802_1x_get_private_key_password        (NMSetting8021x *setting);
274
NMSettingSecretFlags   nm_setting_802_1x_get_private_key_password_flags  (NMSetting8021x *setting);
275 276 277 278 279 280 281

NMSetting8021xCKFormat nm_setting_802_1x_get_private_key_format          (NMSetting8021x *setting);

NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_private_key_scheme   (NMSetting8021x *setting);
const GByteArray *     nm_setting_802_1x_get_phase2_private_key_blob     (NMSetting8021x *setting);
const char *           nm_setting_802_1x_get_phase2_private_key_path     (NMSetting8021x *setting);
gboolean               nm_setting_802_1x_set_phase2_private_key          (NMSetting8021x *setting,
282
                                                                          const char *key_path,
283 284 285 286 287
                                                                          const char *password,
                                                                          NMSetting8021xCKScheme scheme,
                                                                          NMSetting8021xCKFormat *out_format,
                                                                          GError **error);
const char *           nm_setting_802_1x_get_phase2_private_key_password (NMSetting8021x *setting);
288
NMSettingSecretFlags   nm_setting_802_1x_get_phase2_private_key_password_flags (NMSetting8021x *setting);
289 290

NMSetting8021xCKFormat nm_setting_802_1x_get_phase2_private_key_format   (NMSetting8021x *setting);
291

292 293 294
G_END_DECLS

#endif /* NM_SETTING_8021X_H */