summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBeniamino Galvani <bgalvani@redhat.com>2016-07-01 11:56:33 +0200
committerThomas Haller <thaller@redhat.com>2017-01-05 10:49:55 +0100
commit788c480b2491e8af546e2abc4b1acd304f0c7d2a (patch)
tree1691c9d68f3fdf3bba2c28bef268fc86c7d37157
parentcd38130e6c8a2f40a9d3a33e11c2e2e365513013 (diff)
downloadNetworkManager-th/bg/macsec-bgo762114.tar.gz
cli: macsec supportth/bg/macsec-bgo762114
Diffstat
-rw-r--r--clients/cli/connections.c42
-rw-r--r--clients/cli/settings.c203
-rw-r--r--clients/cli/settings.h1
-rw-r--r--clients/common/nm-secret-agent-simple.c21
4 files changed, 263 insertions, 4 deletions
diff --git a/clients/cli/connections.c b/clients/cli/connections.c
index f97775b7d0..5d7a76d523 100644
--- a/clients/cli/connections.c
+++ b/clients/cli/connections.c
@@ -169,9 +169,10 @@ NmcOutputField nmc_fields_settings_names[] = {
SETTING_FIELD (NM_SETTING_DCB_SETTING_NAME, nmc_fields_setting_dcb + 1), /* 24 */
SETTING_FIELD (NM_SETTING_TUN_SETTING_NAME, nmc_fields_setting_tun + 1), /* 25 */
SETTING_FIELD (NM_SETTING_IP_TUNNEL_SETTING_NAME, nmc_fields_setting_ip_tunnel + 1), /* 26 */
- SETTING_FIELD (NM_SETTING_MACVLAN_SETTING_NAME, nmc_fields_setting_macvlan + 1), /* 27 */
- SETTING_FIELD (NM_SETTING_VXLAN_SETTING_NAME, nmc_fields_setting_vxlan + 1), /* 28 */
- SETTING_FIELD (NM_SETTING_PROXY_SETTING_NAME, nmc_fields_setting_proxy + 1), /* 29 */
+ SETTING_FIELD (NM_SETTING_MACSEC_SETTING_NAME, nmc_fields_setting_macsec + 1), /* 27 */
+ SETTING_FIELD (NM_SETTING_MACVLAN_SETTING_NAME, nmc_fields_setting_macvlan + 1), /* 28 */
+ SETTING_FIELD (NM_SETTING_VXLAN_SETTING_NAME, nmc_fields_setting_vxlan + 1), /* 29 */
+ SETTING_FIELD (NM_SETTING_PROXY_SETTING_NAME, nmc_fields_setting_proxy + 1), /* 30 */
{NULL, NULL, 0, NULL, NULL, FALSE, FALSE, 0}
};
#define NMC_FIELDS_SETTINGS_NAMES_ALL_X NM_SETTING_CONNECTION_SETTING_NAME","\
@@ -200,6 +201,7 @@ NmcOutputField nmc_fields_settings_names[] = {
NM_SETTING_DCB_SETTING_NAME"," \
NM_SETTING_TUN_SETTING_NAME"," \
NM_SETTING_IP_TUNNEL_SETTING_NAME"," \
+ NM_SETTING_MACSEC_SETTING_NAME"," \
NM_SETTING_MACVLAN_SETTING_NAME"," \
NM_SETTING_VXLAN_SETTING_NAME"," \
NM_SETTING_PROXY_SETTING_NAME
@@ -450,6 +452,11 @@ usage_connection_add (void)
" remote <remote endpoint IP>\n"
" [local <local endpoint IP>]\n"
" [dev <parent device (ifname or connection UUID)>]\n\n"
+ " macsec: dev <parent device (connection UUID, ifname, or MAC)>\n"
+ " mode <psk|eap>\n"
+ " [cak <key> ckn <key>]\n"
+ " [encrypt yes|no]\n"
+ " [port 1-65534]\n\n\n"
" macvlan: dev <parent device (connection UUID, ifname, or MAC)>\n"
" mode vepa|bridge|private|passthru|source\n"
" [tap yes|no]\n\n"
@@ -3028,6 +3035,14 @@ static const NameItem nmc_ip_tunnel_settings [] = {
{ NULL, NULL, NULL, FALSE }
};
+static const NameItem nmc_macsec_settings [] = {
+ { NM_SETTING_CONNECTION_SETTING_NAME, NULL, NULL, TRUE },
+ { NM_SETTING_WIRED_SETTING_NAME, "ethernet", NULL, FALSE },
+ { NM_SETTING_802_1X_SETTING_NAME, NULL, NULL, FALSE },
+ { NM_SETTING_MACSEC_SETTING_NAME, NULL, NULL, TRUE },
+ { NULL, NULL, NULL, FALSE }
+};
+
static const NameItem nmc_macvlan_settings [] = {
{ NM_SETTING_CONNECTION_SETTING_NAME, NULL, NULL, TRUE },
{ NM_SETTING_WIRED_SETTING_NAME, "ethernet", NULL, FALSE },
@@ -3066,6 +3081,7 @@ static const NameItem nmc_valid_connection_types[] = {
{ "no-slave", NULL, nmc_no_slave_settings },
{ NM_SETTING_TUN_SETTING_NAME, NULL, nmc_tun_settings },
{ NM_SETTING_IP_TUNNEL_SETTING_NAME, NULL, nmc_ip_tunnel_settings },
+ { NM_SETTING_MACSEC_SETTING_NAME, NULL, nmc_macsec_settings },
{ NM_SETTING_MACVLAN_SETTING_NAME, NULL, nmc_macvlan_settings },
{ NM_SETTING_VXLAN_SETTING_NAME, NULL, nmc_vxlan_settings },
{ NULL, NULL, NULL }
@@ -3878,6 +3894,17 @@ gen_func_ip_tunnel_mode (const char *text, int state)
}
static char *
+gen_func_macsec_mode (const char *text, int state)
+{
+ gs_free const char **words = NULL;
+
+ words = nm_utils_enum_get_values (nm_setting_macsec_mode_get_type (),
+ G_MININT,
+ G_MAXINT);
+ return nmc_rl_gen_func_basic (text, state, words);
+}
+
+static char *
gen_func_macvlan_mode (const char *text, int state)
{
gs_free const char **words = NULL;
@@ -4290,6 +4317,13 @@ static OptionInfo option_info[] = {
{ NM_SETTING_ADSL_SETTING_NAME, NM_SETTING_ADSL_PASSWORD, "password", OPTION_NONE, N_("Password [none]"), NULL, NULL, NULL },
{ NM_SETTING_ADSL_SETTING_NAME, NM_SETTING_ADSL_ENCAPSULATION, "encapsulation", OPTION_NONE, PROMPT_ADSL_ENCAP, PROMPT_ADSL_ENCAP_CHOICES,
NULL, gen_func_adsl_encap },
+ { NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_PARENT, "dev", OPTION_REQD, N_("MACsec parent device or connection UUID"), NULL, NULL, NULL },
+ { NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_MODE, "mode", OPTION_REQD, N_("Mode"), NULL, NULL, gen_func_macsec_mode },
+ { NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_ENCRYPT, "encrypt", OPTION_NONE, N_("Enable encryption [yes]"), NULL, set_yes_no, gen_func_bool_values_l10n },
+ { NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_MKA_CAK, "cak", OPTION_NONE, N_("MKA CAK"), NULL, NULL, NULL },
+ { NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_MKA_CKN, "ckn", OPTION_NONE, N_("MKA_CKN"), NULL, NULL, NULL },
+ { NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_PORT, "port", OPTION_NONE, N_("SCI port [1]"), NULL, NULL, NULL },
+
{ NM_SETTING_MACVLAN_SETTING_NAME, NM_SETTING_MACVLAN_PARENT, "dev", OPTION_REQD, N_("MACVLAN parent device or connection UUID"), NULL,
NULL, nmc_rl_gen_func_ifnames },
{ NM_SETTING_MACVLAN_SETTING_NAME, NM_SETTING_MACVLAN_MODE, "mode", OPTION_REQD, PROMPT_MACVLAN_MODE, NULL,
@@ -4821,6 +4855,8 @@ setting_name_to_name (const char *name)
return _("OLPC Mesh connection");
if (strcmp (name, NM_SETTING_ADSL_SETTING_NAME) == 0)
return _("ADSL connection");
+ if (strcmp (name, NM_SETTING_MACSEC_SETTING_NAME) == 0)
+ return _("MACsec connection");
if (strcmp (name, NM_SETTING_MACVLAN_SETTING_NAME) == 0)
return _("macvlan connection");
if (strcmp (name, NM_SETTING_VXLAN_SETTING_NAME) == 0)
diff --git a/clients/cli/settings.c b/clients/cli/settings.c
index dc46633be3..6c453f6453 100644
--- a/clients/cli/settings.c
+++ b/clients/cli/settings.c
@@ -743,6 +743,29 @@ NmcOutputField nmc_fields_setting_ip_tunnel[] = {
NM_SETTING_IP_TUNNEL_FLOW_LABEL","\
NM_SETTING_IP_TUNNEL_MTU
+/* Available fields for NM_SETTING_MACSEC_SETTING_NAME */
+NmcOutputField nmc_fields_setting_macsec[] = {
+ SETTING_FIELD ("name"), /* 0 */
+ SETTING_FIELD (NM_SETTING_MACSEC_PARENT), /* 1 */
+ SETTING_FIELD (NM_SETTING_MACSEC_MODE), /* 2 */
+ SETTING_FIELD (NM_SETTING_MACSEC_ENCRYPT), /* 3 */
+ SETTING_FIELD (NM_SETTING_MACSEC_MKA_CAK), /* 4 */
+ SETTING_FIELD (NM_SETTING_MACSEC_MKA_CAK_FLAGS), /* 5 */
+ SETTING_FIELD (NM_SETTING_MACSEC_MKA_CKN), /* 6 */
+ SETTING_FIELD (NM_SETTING_MACSEC_PORT), /* 7 */
+ SETTING_FIELD (NM_SETTING_MACSEC_VALIDATION), /* 8 */
+ {NULL, NULL, 0, NULL, FALSE, FALSE, 0}
+};
+#define NMC_FIELDS_SETTING_MACSEC_ALL "name"","\
+ NM_SETTING_MACSEC_PARENT","\
+ NM_SETTING_MACSEC_MODE","\
+ NM_SETTING_MACSEC_ENCRYPT","\
+ NM_SETTING_MACSEC_MKA_CAK","\
+ NM_SETTING_MACSEC_MKA_CAK_FLAGS","\
+ NM_SETTING_MACSEC_MKA_CKN","\
+ NM_SETTING_MACSEC_PORT","\
+ NM_SETTING_MACSEC_VALIDATION
+
/* Available fields for NM_SETTING_MACVLAN_SETTING_NAME */
NmcOutputField nmc_fields_setting_macvlan[] = {
SETTING_FIELD ("name"), /* 0 */
@@ -2073,6 +2096,94 @@ nmc_property_wifi_sec_get_wep_key_type (NMSetting *setting, NmcPropertyGetType g
return wep_key_type_to_string (nm_setting_wireless_security_get_wep_key_type (s_wireless_sec));
}
+/* --- NM_SETTING_MACSEC_SETTING_NAME property get functions --- */
+DEFINE_GETTER (nmc_property_macsec_get_parent, NM_SETTING_MACSEC_PARENT)
+DEFINE_GETTER (nmc_property_macsec_get_encrypt, NM_SETTING_MACSEC_ENCRYPT)
+DEFINE_GETTER (nmc_property_macsec_get_mka_cak, NM_SETTING_MACSEC_MKA_CAK)
+DEFINE_SECRET_FLAGS_GETTER (nmc_property_macsec_get_mka_cak_flags, NM_SETTING_MACSEC_MKA_CAK_FLAGS)
+DEFINE_GETTER (nmc_property_macsec_get_mka_ckn, NM_SETTING_MACSEC_MKA_CKN)
+DEFINE_GETTER (nmc_property_macsec_get_port, NM_SETTING_MACSEC_PORT)
+
+/* 'mode' */
+static char *
+nmc_property_macsec_get_mode (NMSetting *setting, NmcPropertyGetType get_type)
+{
+ NMSettingMacsec *s_macsec = NM_SETTING_MACSEC (setting);
+ NMSettingMacsecMode mode;
+
+ mode = nm_setting_macsec_get_mode (s_macsec);
+ return nm_utils_enum_to_str (nm_setting_macsec_mode_get_type (), mode);
+}
+
+
+static gboolean
+nmc_property_macsec_set_mode (NMSetting *setting, const char *prop,
+ const char *val, GError **error)
+{
+ NMSettingMacsecMode mode;
+ gs_free char *options = NULL;
+
+ if (!nm_utils_enum_from_str (nm_setting_macsec_mode_get_type (), val,
+ (int *) &mode, NULL)) {
+ options = g_strjoinv (",",
+ (char **) nm_utils_enum_get_values (nm_setting_macsec_mode_get_type (),
+ G_MININT,
+ G_MAXINT));
+ g_set_error (error, 1, 0, _("invalid option '%s', use one of [%s]"),
+ val, options);
+ return FALSE;
+ }
+
+ g_object_set (setting, prop, mode, NULL);
+ return TRUE;
+}
+
+/* 'mode' */
+static char *
+nmc_property_macsec_get_validation (NMSetting *setting, NmcPropertyGetType get_type)
+{
+ NMSettingMacsec *s_macsec = NM_SETTING_MACSEC (setting);
+ NMSettingMacsecValidation validation;
+
+ validation = nm_setting_macsec_get_validation (s_macsec);
+ return nm_utils_enum_to_str (nm_setting_macsec_validation_get_type (), validation);
+}
+
+
+static gboolean
+nmc_property_macsec_set_validation (NMSetting *setting, const char *prop,
+ const char *val, GError **error)
+{
+ NMSettingMacsecMode validation;
+ gs_free char *options = NULL;
+
+ if (!nm_utils_enum_from_str (nm_setting_macsec_validation_get_type (), val,
+ (int *) &validation, NULL)) {
+ options = g_strjoinv (",",
+ (char **) nm_utils_enum_get_values (nm_setting_macsec_validation_get_type (),
+ G_MININT,
+ G_MAXINT));
+ g_set_error (error, 1, 0, _("invalid option '%s', use one of [%s]"),
+ val, options);
+ return FALSE;
+ }
+
+ g_object_set (setting, prop, validation, NULL);
+ return TRUE;
+}
+
+static const char **
+nmc_property_macsec_allowed_validation (NMSetting *setting, const char *prop)
+{
+ static const char **words = NULL;
+
+ if (!words)
+ words = nm_utils_enum_get_values (nm_setting_macsec_validation_get_type(),
+ G_MININT,
+ G_MAXINT);
+ return words;
+}
+
/* --- NM_SETTING_MACVLAN_SETTING_NAME property get functions --- */
DEFINE_GETTER (nmc_property_macvlan_get_parent, NM_SETTING_MACVLAN_PARENT)
DEFINE_GETTER (nmc_property_macvlan_get_promiscuous, NM_SETTING_MACVLAN_PROMISCUOUS)
@@ -7806,6 +7917,64 @@ nmc_properties_init (void)
NULL,
NULL);
+ /* Add editable properties for NM_SETTING_MACSEC_SETTING_NAME */
+ nmc_add_prop_funcs (GLUE (MACSEC, PARENT),
+ nmc_property_macsec_get_parent,
+ nmc_property_set_string,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ nmc_add_prop_funcs (GLUE (MACSEC, MODE),
+ nmc_property_macsec_get_mode,
+ nmc_property_macsec_set_mode,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ nmc_add_prop_funcs (GLUE (MACSEC, ENCRYPT),
+ nmc_property_macsec_get_encrypt,
+ nmc_property_set_bool,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ nmc_add_prop_funcs (GLUE (MACSEC, MKA_CAK),
+ nmc_property_macsec_get_mka_cak,
+ nmc_property_set_string,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ nmc_add_prop_funcs (GLUE (MACSEC, MKA_CAK_FLAGS),
+ nmc_property_macsec_get_mka_cak_flags,
+ nmc_property_set_secret_flags,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ nmc_add_prop_funcs (GLUE (MACSEC, MKA_CKN),
+ nmc_property_macsec_get_mka_ckn,
+ nmc_property_set_string,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ nmc_add_prop_funcs (GLUE (MACSEC, PORT),
+ nmc_property_macsec_get_port,
+ nmc_property_set_int,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ nmc_add_prop_funcs (GLUE (MACSEC, VALIDATION),
+ nmc_property_macsec_get_validation,
+ nmc_property_macsec_set_validation,
+ NULL,
+ NULL,
+ nmc_property_macsec_allowed_validation,
+ NULL);
+
/* Add editable properties for NM_SETTING_MACVLAN_SETTING_NAME */
nmc_add_prop_funcs (GLUE (MACVLAN, PARENT),
nmc_property_macvlan_get_parent,
@@ -9203,6 +9372,39 @@ setting_ip_tunnel_details (NMSetting *setting, NmCli *nmc, const char *one_prop
}
static gboolean
+setting_macsec_details (NMSetting *setting, NmCli *nmc, const char *one_prop, gboolean secrets)
+{
+ NMSettingMacsec *s_macsec = NM_SETTING_MACSEC (setting);
+ NmcOutputField *tmpl, *arr;
+ size_t tmpl_len;
+
+ g_return_val_if_fail (NM_IS_SETTING_MACSEC (s_macsec), FALSE);
+
+ tmpl = nmc_fields_setting_macsec;
+ tmpl_len = sizeof (nmc_fields_setting_macsec);
+ nmc->print_fields.indices = parse_output_fields (one_prop ? one_prop : NMC_FIELDS_SETTING_MACSEC_ALL,
+ tmpl, FALSE, NULL, NULL);
+ arr = nmc_dup_fields_array (tmpl, tmpl_len, NMC_OF_FLAG_FIELD_NAMES);
+ g_ptr_array_add (nmc->output_data, arr);
+
+ arr = nmc_dup_fields_array (tmpl, tmpl_len, NMC_OF_FLAG_SECTION_PREFIX);
+ set_val_str (arr, 0, g_strdup (nm_setting_get_name (setting)));
+ set_val_str (arr, 1, nmc_property_macsec_get_parent (setting, NMC_PROPERTY_GET_PRETTY));
+ set_val_str (arr, 2, nmc_property_macsec_get_mode (setting, NMC_PROPERTY_GET_PRETTY));
+ set_val_str (arr, 3, nmc_property_macsec_get_encrypt (setting, NMC_PROPERTY_GET_PRETTY));
+ set_val_str (arr, 4, GET_SECRET (secrets, setting, nmc_property_macsec_get_mka_cak));
+ set_val_str (arr, 5, nmc_property_macsec_get_mka_cak_flags (setting, NMC_PROPERTY_GET_PRETTY));
+ set_val_str (arr, 6, nmc_property_macsec_get_mka_ckn (setting, NMC_PROPERTY_GET_PRETTY));
+ set_val_str (arr, 7, nmc_property_macsec_get_port (setting, NMC_PROPERTY_GET_PRETTY));
+ set_val_str (arr, 8, nmc_property_macsec_get_validation (setting, NMC_PROPERTY_GET_PRETTY));
+ g_ptr_array_add (nmc->output_data, arr);
+
+ print_data (nmc); /* Print all data */
+
+ return TRUE;
+}
+
+static gboolean
setting_macvlan_details (NMSetting *setting, NmCli *nmc, const char *one_prop, gboolean secrets)
{
NMSettingMacvlan *s_macvlan = NM_SETTING_MACVLAN (setting);
@@ -9334,6 +9536,7 @@ static const SettingDetails detail_printers[] = {
{ NM_SETTING_DCB_SETTING_NAME, setting_dcb_details },
{ NM_SETTING_TUN_SETTING_NAME, setting_tun_details },
{ NM_SETTING_IP_TUNNEL_SETTING_NAME, setting_ip_tunnel_details },
+ { NM_SETTING_MACSEC_SETTING_NAME, setting_macsec_details },
{ NM_SETTING_MACVLAN_SETTING_NAME, setting_macvlan_details },
{ NM_SETTING_VXLAN_SETTING_NAME, setting_vxlan_details },
{ NM_SETTING_PROXY_SETTING_NAME, setting_proxy_details },
diff --git a/clients/cli/settings.h b/clients/cli/settings.h
index 9ef9c270d2..ad503f9ef6 100644
--- a/clients/cli/settings.h
+++ b/clients/cli/settings.h
@@ -92,6 +92,7 @@ extern NmcOutputField nmc_fields_setting_dcb[];
extern NmcOutputField nmc_fields_setting_tun[];
extern NmcOutputField nmc_fields_setting_ip_tunnel[];
extern NmcOutputField nmc_fields_setting_macvlan[];
+extern NmcOutputField nmc_fields_setting_macsec[];
extern NmcOutputField nmc_fields_setting_vxlan[];
extern NmcOutputField nmc_fields_setting_proxy[];
diff --git a/clients/common/nm-secret-agent-simple.c b/clients/common/nm-secret-agent-simple.c
index 4e59f489f0..b763bf8985 100644
--- a/clients/common/nm-secret-agent-simple.c
+++ b/clients/common/nm-secret-agent-simple.c
@@ -492,7 +492,7 @@ request_secrets_from_ui (NMSecretAgentSimpleRequest *request)
secret = nm_secret_agent_simple_secret_new (_("PIN"),
NM_SETTING (s_gsm),
NM_SETTING_GSM_PIN,
- NULL,
+ NULL,
NULL,
FALSE);
g_ptr_array_add (secrets, secret);
@@ -509,6 +509,25 @@ request_secrets_from_ui (NMSecretAgentSimpleRequest *request)
TRUE);
g_ptr_array_add (secrets, secret);
}
+ } else if (nm_connection_is_type (request->connection, NM_SETTING_MACSEC_SETTING_NAME)) {
+ NMSettingMacsec *s_macsec = nm_connection_get_setting_macsec (request->connection);
+
+ msg = g_strdup_printf (_("Secrets are required to access the MACsec network '%s'"),
+ nm_connection_get_id (request->connection));
+
+ if (nm_setting_macsec_get_mode (s_macsec) == NM_SETTING_MACSEC_MODE_PSK) {
+ title = _("MACsec PSK authentication");
+ secret = nm_secret_agent_simple_secret_new (_("MKA CAK"),
+ NM_SETTING (s_macsec),
+ NM_SETTING_MACSEC_MKA_CAK,
+ NULL,
+ NULL,
+ TRUE);
+ g_ptr_array_add (secrets, secret);
+ } else {
+ title = _("MACsec EAP authentication");
+ ok = add_8021x_secrets (request, secrets);
+ }
} else if (nm_connection_is_type (request->connection, NM_SETTING_CDMA_SETTING_NAME)) {
NMSettingCdma *s_cdma = nm_connection_get_setting_cdma (request->connection);
View Lorry Controller Status