diff options
author | Beniamino Galvani <bgalvani@redhat.com> | 2017-04-27 09:30:58 +0200 |
---|---|---|
committer | Beniamino Galvani <bgalvani@redhat.com> | 2017-04-28 09:46:05 +0200 |
commit | 60a3809815182b980271127e3733826331397c2d (patch) | |
tree | 682997467beff43730e20c1c3cbec1ede7a8674e | |
parent | 1f40bb13cf0789e31fb0206f954850a662b8f97c (diff) | |
download | NetworkManager-60a3809815182b980271127e3733826331397c2d.tar.gz |
libnm-core: add pmf property to wireless-security setting
Add a 'pmf' property to enable or disable Protected Management Frames
(802.11w) for the connection.
-rw-r--r-- | clients/common/settings-docs.c.in | 1 | ||||
-rw-r--r-- | libnm-core/nm-setting-wireless-security.c | 71 | ||||
-rw-r--r-- | libnm-core/nm-setting-wireless-security.h | 22 | ||||
-rw-r--r-- | libnm/libnm.ver | 6 |
4 files changed, 100 insertions, 0 deletions
diff --git a/clients/common/settings-docs.c.in b/clients/common/settings-docs.c.in index 0ebddc6185..5710ce73a5 100644 --- a/clients/common/settings-docs.c.in +++ b/clients/common/settings-docs.c.in @@ -29,6 +29,7 @@ #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME N_("The login username for legacy LEAP connections (ie, key-mgmt = \"ieee8021x\" and auth-alg = \"leap\").") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_NAME N_("The setting's name, which uniquely identifies the setting within the connection. Each setting type has a name unique to that type, for example \"ppp\" or \"wireless\" or \"wired\".") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_PAIRWISE N_("A list of pairwise encryption algorithms which prevents connections to Wi-Fi networks that do not utilize one of the algorithms in the list. For maximum compatibility leave this property empty. Each list element may be one of \"tkip\" or \"ccmp\".") +#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_PMF N_("Indicates whether Protected Management Frames (802.11w) must be enabled for the connection. One of NM_SETTING_WIRELESS_SECURITY_PMF_DEFAULT (0) (use global default value), NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE (1) (disable PMF), NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL (2) (enable PMF if the supplicant and the access point support it) or NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED (3) (enable PMF and fail if not supported). When set to NM_SETTING_WIRELESS_SECURITY_PMF_DEFAULT (0) and no global default is set, PMF will be optionally enabled.") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_PROTO N_("List of strings specifying the allowed WPA protocol versions to use. Each element may be one \"wpa\" (allow WPA) or \"rsn\" (allow WPA2/RSN). If not specified, both WPA and RSN connections are allowed.") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_PSK N_("Pre-Shared-Key for WPA networks. If the key is 64-characters long, it must contain only hexadecimal characters and is interpreted as a hexadecimal WPA key. Otherwise, the key must be between 8 and 63 ASCII characters (as specified in the 802.11i standard) and is interpreted as a WPA passphrase, and is hashed to derive the actual WPA-PSK used when connecting to the Wi-Fi network.") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_PSK_FLAGS N_("Flags indicating how to handle the \"psk\" property.") diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c index 70bdf7541d..977302df02 100644 --- a/libnm-core/nm-setting-wireless-security.c +++ b/libnm-core/nm-setting-wireless-security.c @@ -65,6 +65,7 @@ typedef struct { GSList *proto; /* GSList of strings */ GSList *pairwise; /* GSList of strings */ GSList *group; /* GSList of strings */ + guint pmf; /* LEAP */ char *leap_username; @@ -93,6 +94,7 @@ enum { PROP_PROTO, PROP_PAIRWISE, PROP_GROUP, + PROP_PMF, PROP_LEAP_USERNAME, PROP_WEP_KEY0, PROP_WEP_KEY1, @@ -573,6 +575,22 @@ nm_setting_wireless_security_clear_groups (NMSettingWirelessSecurity *setting) g_object_notify (G_OBJECT (setting), NM_SETTING_WIRELESS_SECURITY_GROUP); } +/* + * nm_setting_wireless_security_get_pmf: + * @setting: the #NMSettingWirelessSecurity + * + * Returns: the #NMSettingWirelessSecurity:pmf property of the setting + * + * Since: 1.10 + **/ +NMSettingWirelessSecurityPmf +nm_setting_wireless_security_get_pmf (NMSettingWirelessSecurity *setting) +{ + g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), 0); + + return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->pmf; +} + /** * nm_setting_wireless_security_get_psk: * @setting: the #NMSettingWirelessSecurity @@ -1013,6 +1031,30 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) } } + if (priv->pmf > NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED) { + g_set_error_literal (error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("property is invalid")); + g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_PMF); + return FALSE; + } + + if ( NM_IN_SET (priv->pmf, + NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL, + NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED) + && !NM_IN_STRSET (priv->key_mgmt, "wpa-eap", "wpa-psk")) { + g_set_error (error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("'%s' can only be used with '%s=%s or '%s=%s'"), + priv->pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL ? "optional" : "required", + NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", + NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk"); + g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_PMF); + return FALSE; + } + return TRUE; } @@ -1198,6 +1240,9 @@ set_property (GObject *object, guint prop_id, g_slist_free_full (priv->group, g_free); priv->group = _nm_utils_strv_to_slist (g_value_get_boxed (value), TRUE); break; + case PROP_PMF: + priv->pmf = g_value_get_uint (value); + break; case PROP_LEAP_USERNAME: g_free (priv->leap_username); priv->leap_username = g_value_dup_string (value); @@ -1270,6 +1315,9 @@ get_property (GObject *object, guint prop_id, case PROP_GROUP: g_value_take_boxed (value, _nm_utils_slist_to_strv (priv->group, TRUE)); break; + case PROP_PMF: + g_value_set_uint (value, nm_setting_wireless_security_get_pmf (setting)); + break; case PROP_LEAP_USERNAME: g_value_set_string (value, priv->leap_username); break; @@ -1468,6 +1516,29 @@ nm_setting_wireless_security_class_init (NMSettingWirelessSecurityClass *setting G_PARAM_STATIC_STRINGS)); /** + * NMSettingWirelessSecurity:pmf: + * + * Indicates whether Protected Management Frames (802.11w) must be enabled + * for the connection. One of %NM_SETTING_WIRELESS_SECURITY_PMF_DEFAULT + * (use global default value), %NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE + * (disable PMF), %NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL (enable PMF if + * the supplicant and the access point support it) or + * %NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED (enable PMF and fail if not + * supported). When set to %NM_SETTING_WIRELESS_SECURITY_PMF_DEFAULT and no + * global default is set, PMF will be optionally enabled. + * + * Since: 1.10 + **/ + g_object_class_install_property + (object_class, PROP_PMF, + g_param_spec_uint (NM_SETTING_WIRELESS_SECURITY_PMF, "", "", + 0, G_MAXUINT32, 0, + G_PARAM_READWRITE | + G_PARAM_CONSTRUCT | + NM_SETTING_PARAM_FUZZY_IGNORE | + G_PARAM_STATIC_STRINGS)); + + /** * NMSettingWirelessSecurity:leap-username: * * The login username for legacy LEAP connections (ie, key-mgmt = diff --git a/libnm-core/nm-setting-wireless-security.h b/libnm-core/nm-setting-wireless-security.h index ae252f1124..2c6dcaad62 100644 --- a/libnm-core/nm-setting-wireless-security.h +++ b/libnm-core/nm-setting-wireless-security.h @@ -71,12 +71,31 @@ typedef enum { NM_WEP_KEY_TYPE_LAST = NM_WEP_KEY_TYPE_PASSPHRASE } NMWepKeyType; +/** + * NMSettingWirelessSecurityPmf: + * @NM_SETTING_WIRELESS_SECURITY_PMF_DEFAULT: use the default value + * @NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE: disable PMF + * @NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL: enable PMF if the supplicant and the AP support it + * @NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED: require PMF and fail if not available + * + * These flags indicate whether PMF must be enabled. + **/ +typedef enum { + NM_SETTING_WIRELESS_SECURITY_PMF_DEFAULT = 0, + NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE = 1, + NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL = 2, + NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED = 3, + _NM_SETTING_WIRELESS_SECURITY_PMF_NUM, /*< skip >*/ + NM_SETTING_WIRELESS_SECURITY_PMF_LAST = _NM_SETTING_WIRELESS_SECURITY_PMF_NUM - 1, /*< skip >*/ +} NMSettingWirelessSecurityPmf; + #define NM_SETTING_WIRELESS_SECURITY_KEY_MGMT "key-mgmt" #define NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX "wep-tx-keyidx" #define NM_SETTING_WIRELESS_SECURITY_AUTH_ALG "auth-alg" #define NM_SETTING_WIRELESS_SECURITY_PROTO "proto" #define NM_SETTING_WIRELESS_SECURITY_PAIRWISE "pairwise" #define NM_SETTING_WIRELESS_SECURITY_GROUP "group" +#define NM_SETTING_WIRELESS_SECURITY_PMF "pmf" #define NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME "leap-username" #define NM_SETTING_WIRELESS_SECURITY_WEP_KEY0 "wep-key0" #define NM_SETTING_WIRELESS_SECURITY_WEP_KEY1 "wep-key1" @@ -132,6 +151,9 @@ void nm_setting_wireless_security_remove_group (NMSettingWireles gboolean nm_setting_wireless_security_remove_group_by_value (NMSettingWirelessSecurity *setting, const char *group); void nm_setting_wireless_security_clear_groups (NMSettingWirelessSecurity *setting); +NM_AVAILABLE_IN_1_10 +NMSettingWirelessSecurityPmf nm_setting_wireless_security_get_pmf (NMSettingWirelessSecurity *setting); + const char *nm_setting_wireless_security_get_psk (NMSettingWirelessSecurity *setting); NMSettingSecretFlags nm_setting_wireless_security_get_psk_flags (NMSettingWirelessSecurity *setting); diff --git a/libnm/libnm.ver b/libnm/libnm.ver index b767bf83a5..f9d826d831 100644 --- a/libnm/libnm.ver +++ b/libnm/libnm.ver @@ -1177,3 +1177,9 @@ global: nm_utils_format_variant_attributes; nm_utils_parse_variant_attributes; } libnm_1_6_0; + +libnm_1_10_0 { +global: + nm_setting_wireless_security_get_pmf; + nm_setting_wireless_security_pmf_get_type; +} libnm_1_8_0; |