diff options
author | Lubomir Rintel <lkundrak@v3.sk> | 2016-12-23 19:09:51 +0000 |
---|---|---|
committer | Lubomir Rintel <lkundrak@v3.sk> | 2017-02-17 14:48:47 +0100 |
commit | d98f44a6c77b0286adf1c3e14675ed5dac31f9cf (patch) | |
tree | a52ef17834a516d0425e58e390c2a09cbfa07624 | |
parent | ab6c626b3bdf1cbefe7155b3a2347287283cbf54 (diff) | |
download | NetworkManager-d98f44a6c77b0286adf1c3e14675ed5dac31f9cf.tar.gz |
XXX supplicant: potentially use a p11-kit remote for a PKCS#11 token access
-rw-r--r-- | src/devices/nm-device-ethernet.c | 8 | ||||
-rw-r--r-- | src/devices/nm-device-macsec.c | 4 | ||||
-rw-r--r-- | src/devices/wifi/nm-device-wifi.c | 6 | ||||
-rw-r--r-- | src/supplicant/nm-supplicant-config.c | 39 | ||||
-rw-r--r-- | src/supplicant/nm-supplicant-config.h | 2 | ||||
-rw-r--r-- | src/supplicant/tests/test-supplicant-config.c | 3 |
6 files changed, 50 insertions, 12 deletions
diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c index 92f9653c89..d30dc7befe 100644 --- a/src/devices/nm-device-ethernet.c +++ b/src/devices/nm-device-ethernet.c @@ -574,6 +574,7 @@ build_supplicant_config (NMDeviceEthernet *self, const char *con_uuid; NMSupplicantConfig *config = NULL; NMSetting8021x *security; + NMSettingConnection *s_con; NMConnection *connection; guint32 mtu; @@ -586,7 +587,8 @@ build_supplicant_config (NMDeviceEthernet *self, config = nm_supplicant_config_new (); security = nm_connection_get_setting_802_1x (connection); - if (!nm_supplicant_config_add_setting_8021x (config, security, con_uuid, mtu, TRUE, error)) { + s_con = nm_connection_get_setting_connection (connection); + if (!nm_supplicant_config_add_setting_8021x (config, security, s_con, con_uuid, mtu, TRUE, error)) { g_prefix_error (error, "802-1x-setting: "); g_clear_object (&config); } @@ -607,6 +609,7 @@ supplicant_iface_state_cb (NMSupplicantInterface *iface, NMSupplicantConfig *config; gboolean success = FALSE; NMDeviceState devstate; + NMActRequest *req; GError *error = NULL; NMSupplicantInterfaceState new_state = new_state_i; NMSupplicantInterfaceState old_state = old_state_i; @@ -620,6 +623,9 @@ supplicant_iface_state_cb (NMSupplicantInterface *iface, devstate = nm_device_get_state (device); + req = nm_device_get_act_request (device); + nm_assert (req); + switch (new_state) { case NM_SUPPLICANT_INTERFACE_STATE_READY: config = build_supplicant_config (self, &error); diff --git a/src/devices/nm-device-macsec.c b/src/devices/nm-device-macsec.c index ff65178fdf..848a29fdcd 100644 --- a/src/devices/nm-device-macsec.c +++ b/src/devices/nm-device-macsec.c @@ -215,6 +215,7 @@ build_supplicant_config (NMDeviceMacsec *self, GError **error) NMSupplicantConfig *config = NULL; NMSettingMacsec *s_macsec; NMSetting8021x *s_8021x; + NMSettingConnection *s_con; NMConnection *connection; const char *con_uuid; guint32 mtu; @@ -238,7 +239,8 @@ build_supplicant_config (NMDeviceMacsec *self, GError **error) if (nm_setting_macsec_get_mode (s_macsec) == NM_SETTING_MACSEC_MODE_EAP) { s_8021x = nm_connection_get_setting_802_1x (connection); - if (!nm_supplicant_config_add_setting_8021x (config, s_8021x, con_uuid, mtu, TRUE, error)) { + s_con = nm_connection_get_setting_connection (connection); + if (!nm_supplicant_config_add_setting_8021x (config, s_8021x, s_con, con_uuid, mtu, TRUE, error)) { g_prefix_error (error, "802-1x-setting: "); g_clear_object (&config); } diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c index 8fcd8dfe8e..a04d14ac84 100644 --- a/src/devices/wifi/nm-device-wifi.c +++ b/src/devices/wifi/nm-device-wifi.c @@ -2456,15 +2456,18 @@ build_supplicant_config (NMDeviceWifi *self, s_wireless_sec = nm_connection_get_setting_wireless_security (connection); if (s_wireless_sec) { NMSetting8021x *s_8021x; + NMSettingConnection *s_con; const char *con_uuid = nm_connection_get_uuid (connection); guint32 mtu = nm_platform_link_get_mtu (NM_PLATFORM_GET, nm_device_get_ifindex (NM_DEVICE (self))); g_assert (con_uuid); s_8021x = nm_connection_get_setting_802_1x (connection); + s_con = nm_connection_get_setting_connection (connection); if (!nm_supplicant_config_add_setting_wireless_security (config, s_wireless_sec, s_8021x, + s_con, con_uuid, mtu, error)) { @@ -2715,7 +2718,8 @@ act_stage2_config (NMDevice *device, NMDeviceStateReason *reason) set_powersave (device); /* Build up the supplicant configuration */ - config = build_supplicant_config (self, connection, nm_wifi_ap_get_freq (ap), &error); + config = build_supplicant_config (self, connection, nm_wifi_ap_get_freq (ap), + &error); if (config == NULL) { _LOGE (LOGD_DEVICE | LOGD_WIFI, "Activation: (wifi) couldn't build wireless configuration: %s", diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 03bec72f6d..69589f997e 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -28,7 +28,7 @@ #include "nm-supplicant-settings-verify.h" #include "nm-setting.h" -#include "nm-auth-subject.h" +#include "nm-setting-connection.h" #include "NetworkManagerUtils.h" #include "nm-utils.h" @@ -682,6 +682,7 @@ gboolean nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, NMSettingWirelessSecurity *setting, NMSetting8021x *setting_8021x, + NMSettingConnection *setting_con, const char *con_uuid, guint32 mtu, GError **error) @@ -806,8 +807,10 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, "Cannot set key-mgmt %s with missing 8021x setting", key_mgmt); return FALSE; } - if (!nm_supplicant_config_add_setting_8021x (self, setting_8021x, con_uuid, mtu, FALSE, error)) + if (!nm_supplicant_config_add_setting_8021x (self, setting_8021x, setting_con, + con_uuid, mtu, FALSE, error)) { return FALSE; + } } if (!strcmp (key_mgmt, "wpa-eap")) { @@ -835,12 +838,14 @@ add_pkcs11_uri_with_pin (NMSupplicantConfig *self, const char *uri, const char *pin, const NMSettingSecretFlags pin_flags, + const char *p11_kit_remote, GError **error) { gs_strfreev gchar **split = NULL; gs_free char *tmp = NULL; gs_free char *tmp_log = NULL; gs_free char *pin_qattr = NULL; + gs_free char *sock_qattr = NULL; char *escaped = NULL; if (uri == NULL) @@ -853,7 +858,7 @@ add_pkcs11_uri_with_pin (NMSupplicantConfig *self, if (split[1]) nm_log_info (LOGD_SUPPLICANT, "URI attributes ignored"); - /* Fill in the PIN if required. */ + /* Fill in the required attributes. */ if (pin) { escaped = g_uri_escape_string (pin, NULL, TRUE); pin_qattr = g_strdup_printf ("pin-value=%s", escaped); @@ -864,14 +869,23 @@ add_pkcs11_uri_with_pin (NMSupplicantConfig *self, * be entered using a protected path. */ pin_qattr = g_strdup ("pin-value="); } + if (p11_kit_remote) { + escaped = g_uri_escape_string (p11_kit_remote, "/:", TRUE); + sock_qattr = g_strdup_printf ("p11-kit-remote=%s", escaped); + g_free (escaped); + } - tmp = g_strdup_printf ("%s%s%s", split[0], - (pin_qattr ? "&" : ""), - (pin_qattr ? pin_qattr : "")); + tmp = g_strdup_printf ("%s%s%s%s%s", split[0], + (pin_qattr ? "?" : ""), + (pin_qattr ? pin_qattr : ""), + (sock_qattr ? (pin_qattr ? "&" : "?") : ""), + (sock_qattr ? sock_qattr : "")); - tmp_log = g_strdup_printf ("%s%s%s", split[0], - (pin_qattr ? "&" : ""), - (pin_qattr ? "pin-value=<hidden>" : "")); + tmp_log = g_strdup_printf ("%s%s%s%s%s", split[0], + (pin_qattr ? "?" : ""), + (pin_qattr ? "pin-value=<hidden>" : ""), + (sock_qattr ? (pin_qattr ? "&" : "?") : ""), + (sock_qattr ? sock_qattr : "")); return add_string_val (self, tmp, name, FALSE, tmp_log, error); } @@ -879,6 +893,7 @@ add_pkcs11_uri_with_pin (NMSupplicantConfig *self, gboolean nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, NMSetting8021x *setting, + NMSettingConnection *setting_con, const char *con_uuid, guint32 mtu, gboolean wired, @@ -1085,6 +1100,7 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, nm_setting_802_1x_get_ca_cert_uri (setting), nm_setting_802_1x_get_ca_cert_password (setting), nm_setting_802_1x_get_ca_cert_password_flags (setting), + nm_setting_connection_get_p11_kit_remote (setting_con), error)) { return FALSE; } @@ -1115,6 +1131,7 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, nm_setting_802_1x_get_phase2_ca_cert_uri (setting), nm_setting_802_1x_get_phase2_ca_cert_password (setting), nm_setting_802_1x_get_phase2_ca_cert_password_flags (setting), + nm_setting_connection_get_p11_kit_remote (setting_con), error)) { return FALSE; } @@ -1166,6 +1183,7 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, nm_setting_802_1x_get_private_key_uri (setting), nm_setting_802_1x_get_private_key_password (setting), nm_setting_802_1x_get_private_key_password_flags (setting), + nm_setting_connection_get_p11_kit_remote (setting_con), error)) { return FALSE; } @@ -1213,6 +1231,7 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, nm_setting_802_1x_get_client_cert_uri (setting), nm_setting_802_1x_get_client_cert_password (setting), nm_setting_802_1x_get_client_cert_password_flags (setting), + nm_setting_connection_get_p11_kit_remote (setting_con), error)) { return FALSE; } @@ -1243,6 +1262,7 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, nm_setting_802_1x_get_phase2_private_key_uri (setting), nm_setting_802_1x_get_phase2_private_key_password (setting), nm_setting_802_1x_get_phase2_private_key_password_flags (setting), + nm_setting_connection_get_p11_kit_remote (setting_con), error)) { return FALSE; } @@ -1290,6 +1310,7 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, nm_setting_802_1x_get_phase2_client_cert_uri (setting), nm_setting_802_1x_get_phase2_client_cert_password (setting), nm_setting_802_1x_get_phase2_client_cert_password_flags (setting), + nm_setting_connection_get_p11_kit_remote (setting_con), error)) { return FALSE; } diff --git a/src/supplicant/nm-supplicant-config.h b/src/supplicant/nm-supplicant-config.h index 40fca61b03..b069431877 100644 --- a/src/supplicant/nm-supplicant-config.h +++ b/src/supplicant/nm-supplicant-config.h @@ -58,6 +58,7 @@ gboolean nm_supplicant_config_add_setting_wireless (NMSupplicantConfig *self, gboolean nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, NMSettingWirelessSecurity *setting, NMSetting8021x *setting_8021x, + NMSettingConnection *setting_con, const char *con_uuid, guint32 mtu, GError **error); @@ -67,6 +68,7 @@ gboolean nm_supplicant_config_add_no_security (NMSupplicantConfig *self, gboolean nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, NMSetting8021x *setting, + NMSettingConnection *setting_con, const char *con_uuid, guint32 mtu, gboolean wired, diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c index fd91e92177..cb692c58ae 100644 --- a/src/supplicant/tests/test-supplicant-config.c +++ b/src/supplicant/tests/test-supplicant-config.c @@ -276,6 +276,7 @@ test_wifi_wep_key (const char *detail, g_assert (nm_supplicant_config_add_setting_wireless_security (config, s_wsec, NULL, + s_con, "376aced7-b28c-46be-9a62-fcdf072571da", 1500, &error)); @@ -423,6 +424,7 @@ test_wifi_wpa_psk (const char *detail, g_assert (nm_supplicant_config_add_setting_wireless_security (config, s_wsec, NULL, + s_con, "376aced7-b28c-46be-9a62-fcdf072571da", 1500, &error)); @@ -578,6 +580,7 @@ test_wifi_eap (void) g_assert (nm_supplicant_config_add_setting_wireless_security (config, s_wsec, s_8021x, + s_con, "d5b488af-9cab-41ed-bad4-97709c58430f", mtu, &error)); |