diff options
| author | Lubomir Rintel <lkundrak@v3.sk> | 2016-12-27 19:19:00 +0000 |
|---|---|---|
| committer | Lubomir Rintel <lkundrak@v3.sk> | 2017-02-17 14:47:55 +0100 |
| commit | ab6c626b3bdf1cbefe7155b3a2347287283cbf54 (patch) | |
| tree | fd1cc48991410b22eea32d10dd5c3d5d33c665cc | |
| parent | 03708ae54526a7733a96c0906c3c26e0fecedc56 (diff) | |
| download | NetworkManager-ab6c626b3bdf1cbefe7155b3a2347287283cbf54.tar.gz | |
XXX wifi: ask for connection.p11-kit-remote when 802.1x needs it
| -rw-r--r-- | libnm-core/nm-setting-8021x.c | 14 | ||||
| -rw-r--r-- | libnm-core/nm-setting-8021x.h | 3 | ||||
| -rw-r--r-- | src/devices/wifi/nm-device-wifi.c | 40 |
3 files changed, 55 insertions, 2 deletions
diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c index e64769e42d..c159ba6f43 100644 --- a/libnm-core/nm-setting-8021x.c +++ b/libnm-core/nm-setting-8021x.c @@ -2784,6 +2784,20 @@ nm_setting_802_1x_get_phase2_private_key_format (NMSetting8021x *setting) return NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; } +gboolean +nm_setting_802_1x_uses_pkcs11 (NMSetting8021x *setting) +{ + if ( nm_setting_802_1x_get_ca_cert_scheme (setting) == NM_SETTING_802_1X_CK_SCHEME_PKCS11 + || nm_setting_802_1x_get_client_cert_scheme (setting) == NM_SETTING_802_1X_CK_SCHEME_PKCS11 + || nm_setting_802_1x_get_phase2_ca_cert_scheme (setting) == NM_SETTING_802_1X_CK_SCHEME_PKCS11 + || nm_setting_802_1x_get_phase2_client_cert_scheme (setting) == NM_SETTING_802_1X_CK_SCHEME_PKCS11 + || nm_setting_802_1x_get_private_key_scheme (setting) == NM_SETTING_802_1X_CK_SCHEME_PKCS11 + || nm_setting_802_1x_get_phase2_private_key_scheme (setting) == NM_SETTING_802_1X_CK_SCHEME_PKCS11) + return TRUE; + + return FALSE; +} + static void need_secrets_password (NMSetting8021x *self, GPtrArray *secrets, diff --git a/libnm-core/nm-setting-8021x.h b/libnm-core/nm-setting-8021x.h index 170843e096..2431ec64a8 100644 --- a/libnm-core/nm-setting-8021x.h +++ b/libnm-core/nm-setting-8021x.h @@ -331,6 +331,9 @@ NMSettingSecretFlags nm_setting_802_1x_get_phase2_private_key_password_flags ( NMSetting8021xCKFormat nm_setting_802_1x_get_phase2_private_key_format (NMSetting8021x *setting); +NM_AVAILABLE_IN_1_6 +gboolean nm_setting_802_1x_uses_pkcs11 (NMSetting8021x *setting); + G_END_DECLS diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c index 097e8fe963..8fcd8dfe8e 100644 --- a/src/devices/wifi/nm-device-wifi.c +++ b/src/devices/wifi/nm-device-wifi.c @@ -2266,6 +2266,34 @@ supplicant_iface_notify_current_bss (NMSupplicantInterface *iface, } } +static gboolean +wifi_needs_p11_remote (NMConnection *connection) +{ + NMSettingConnection *s_con; + NMSetting8021x *s_8021x; + const char *remote; + NMSettingSecretFlags remote_flags; + + s_8021x = nm_connection_get_setting_802_1x (connection); + + if (!s_8021x) + return FALSE; + if (!nm_setting_802_1x_uses_pkcs11 (s_8021x)) + return FALSE; + + s_con = nm_connection_get_setting_connection (connection); + + remote_flags = nm_setting_connection_get_p11_kit_remote_flags (s_con); + if (remote_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) + return FALSE; + + remote = nm_setting_connection_get_p11_kit_remote (s_con); + if (remote && *remote) + return FALSE; + + return TRUE; +} + static NMActStageReturn handle_auth_or_fail (NMDeviceWifi *self, NMActRequest *req, @@ -2291,9 +2319,14 @@ handle_auth_or_fail (NMDeviceWifi *self, nm_device_state_changed (NM_DEVICE (self), NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_NONE); - nm_act_request_clear_secrets (req); setting_name = nm_connection_need_secrets (applied_connection, NULL); if (setting_name) { + nm_act_request_clear_secrets (req); + } else { + if (wifi_needs_p11_remote (applied_connection)) + setting_name = NM_SETTING_CONNECTION_SETTING_NAME; + } + if (setting_name) { wifi_secrets_get_secrets (self, setting_name, NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION | (new_secrets ? NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW : 0)); @@ -2621,6 +2654,7 @@ act_stage2_config (NMDevice *device, NMDeviceStateReason *reason) NMConnection *connection; const char *setting_name; NMSettingWireless *s_wireless; + gboolean need_p11_remote; GError *error = NULL; g_return_val_if_fail (reason != NULL, NM_ACT_STAGE_RETURN_FAILURE); @@ -2642,9 +2676,11 @@ act_stage2_config (NMDevice *device, NMDeviceStateReason *reason) s_wireless = nm_connection_get_setting_wireless (connection); g_assert (s_wireless); + need_p11_remote = wifi_needs_p11_remote (connection); + /* If we need secrets, get them */ setting_name = nm_connection_need_secrets (connection, NULL); - if (setting_name) { + if (need_p11_remote || setting_name) { _LOGI (LOGD_DEVICE | LOGD_WIFI, "Activation: (wifi) access point '%s' has security, but secrets are required.", nm_connection_get_id (connection)); |