diff options
author | Beniamino Galvani <bgalvani@redhat.com> | 2016-07-01 11:56:33 +0200 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2017-01-05 10:49:55 +0100 |
commit | 788c480b2491e8af546e2abc4b1acd304f0c7d2a (patch) | |
tree | 1691c9d68f3fdf3bba2c28bef268fc86c7d37157 | |
parent | cd38130e6c8a2f40a9d3a33e11c2e2e365513013 (diff) | |
download | NetworkManager-th/bg/macsec-bgo762114.tar.gz |
cli: macsec supportth/bg/macsec-bgo762114
-rw-r--r-- | clients/cli/connections.c | 42 | ||||
-rw-r--r-- | clients/cli/settings.c | 203 | ||||
-rw-r--r-- | clients/cli/settings.h | 1 | ||||
-rw-r--r-- | clients/common/nm-secret-agent-simple.c | 21 |
4 files changed, 263 insertions, 4 deletions
diff --git a/clients/cli/connections.c b/clients/cli/connections.c index f97775b7d0..5d7a76d523 100644 --- a/clients/cli/connections.c +++ b/clients/cli/connections.c @@ -169,9 +169,10 @@ NmcOutputField nmc_fields_settings_names[] = { SETTING_FIELD (NM_SETTING_DCB_SETTING_NAME, nmc_fields_setting_dcb + 1), /* 24 */ SETTING_FIELD (NM_SETTING_TUN_SETTING_NAME, nmc_fields_setting_tun + 1), /* 25 */ SETTING_FIELD (NM_SETTING_IP_TUNNEL_SETTING_NAME, nmc_fields_setting_ip_tunnel + 1), /* 26 */ - SETTING_FIELD (NM_SETTING_MACVLAN_SETTING_NAME, nmc_fields_setting_macvlan + 1), /* 27 */ - SETTING_FIELD (NM_SETTING_VXLAN_SETTING_NAME, nmc_fields_setting_vxlan + 1), /* 28 */ - SETTING_FIELD (NM_SETTING_PROXY_SETTING_NAME, nmc_fields_setting_proxy + 1), /* 29 */ + SETTING_FIELD (NM_SETTING_MACSEC_SETTING_NAME, nmc_fields_setting_macsec + 1), /* 27 */ + SETTING_FIELD (NM_SETTING_MACVLAN_SETTING_NAME, nmc_fields_setting_macvlan + 1), /* 28 */ + SETTING_FIELD (NM_SETTING_VXLAN_SETTING_NAME, nmc_fields_setting_vxlan + 1), /* 29 */ + SETTING_FIELD (NM_SETTING_PROXY_SETTING_NAME, nmc_fields_setting_proxy + 1), /* 30 */ {NULL, NULL, 0, NULL, NULL, FALSE, FALSE, 0} }; #define NMC_FIELDS_SETTINGS_NAMES_ALL_X NM_SETTING_CONNECTION_SETTING_NAME","\ @@ -200,6 +201,7 @@ NmcOutputField nmc_fields_settings_names[] = { NM_SETTING_DCB_SETTING_NAME"," \ NM_SETTING_TUN_SETTING_NAME"," \ NM_SETTING_IP_TUNNEL_SETTING_NAME"," \ + NM_SETTING_MACSEC_SETTING_NAME"," \ NM_SETTING_MACVLAN_SETTING_NAME"," \ NM_SETTING_VXLAN_SETTING_NAME"," \ NM_SETTING_PROXY_SETTING_NAME @@ -450,6 +452,11 @@ usage_connection_add (void) " remote <remote endpoint IP>\n" " [local <local endpoint IP>]\n" " [dev <parent device (ifname or connection UUID)>]\n\n" + " macsec: dev <parent device (connection UUID, ifname, or MAC)>\n" + " mode <psk|eap>\n" + " [cak <key> ckn <key>]\n" + " [encrypt yes|no]\n" + " [port 1-65534]\n\n\n" " macvlan: dev <parent device (connection UUID, ifname, or MAC)>\n" " mode vepa|bridge|private|passthru|source\n" " [tap yes|no]\n\n" @@ -3028,6 +3035,14 @@ static const NameItem nmc_ip_tunnel_settings [] = { { NULL, NULL, NULL, FALSE } }; +static const NameItem nmc_macsec_settings [] = { + { NM_SETTING_CONNECTION_SETTING_NAME, NULL, NULL, TRUE }, + { NM_SETTING_WIRED_SETTING_NAME, "ethernet", NULL, FALSE }, + { NM_SETTING_802_1X_SETTING_NAME, NULL, NULL, FALSE }, + { NM_SETTING_MACSEC_SETTING_NAME, NULL, NULL, TRUE }, + { NULL, NULL, NULL, FALSE } +}; + static const NameItem nmc_macvlan_settings [] = { { NM_SETTING_CONNECTION_SETTING_NAME, NULL, NULL, TRUE }, { NM_SETTING_WIRED_SETTING_NAME, "ethernet", NULL, FALSE }, @@ -3066,6 +3081,7 @@ static const NameItem nmc_valid_connection_types[] = { { "no-slave", NULL, nmc_no_slave_settings }, { NM_SETTING_TUN_SETTING_NAME, NULL, nmc_tun_settings }, { NM_SETTING_IP_TUNNEL_SETTING_NAME, NULL, nmc_ip_tunnel_settings }, + { NM_SETTING_MACSEC_SETTING_NAME, NULL, nmc_macsec_settings }, { NM_SETTING_MACVLAN_SETTING_NAME, NULL, nmc_macvlan_settings }, { NM_SETTING_VXLAN_SETTING_NAME, NULL, nmc_vxlan_settings }, { NULL, NULL, NULL } @@ -3878,6 +3894,17 @@ gen_func_ip_tunnel_mode (const char *text, int state) } static char * +gen_func_macsec_mode (const char *text, int state) +{ + gs_free const char **words = NULL; + + words = nm_utils_enum_get_values (nm_setting_macsec_mode_get_type (), + G_MININT, + G_MAXINT); + return nmc_rl_gen_func_basic (text, state, words); +} + +static char * gen_func_macvlan_mode (const char *text, int state) { gs_free const char **words = NULL; @@ -4290,6 +4317,13 @@ static OptionInfo option_info[] = { { NM_SETTING_ADSL_SETTING_NAME, NM_SETTING_ADSL_PASSWORD, "password", OPTION_NONE, N_("Password [none]"), NULL, NULL, NULL }, { NM_SETTING_ADSL_SETTING_NAME, NM_SETTING_ADSL_ENCAPSULATION, "encapsulation", OPTION_NONE, PROMPT_ADSL_ENCAP, PROMPT_ADSL_ENCAP_CHOICES, NULL, gen_func_adsl_encap }, + { NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_PARENT, "dev", OPTION_REQD, N_("MACsec parent device or connection UUID"), NULL, NULL, NULL }, + { NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_MODE, "mode", OPTION_REQD, N_("Mode"), NULL, NULL, gen_func_macsec_mode }, + { NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_ENCRYPT, "encrypt", OPTION_NONE, N_("Enable encryption [yes]"), NULL, set_yes_no, gen_func_bool_values_l10n }, + { NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_MKA_CAK, "cak", OPTION_NONE, N_("MKA CAK"), NULL, NULL, NULL }, + { NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_MKA_CKN, "ckn", OPTION_NONE, N_("MKA_CKN"), NULL, NULL, NULL }, + { NM_SETTING_MACSEC_SETTING_NAME, NM_SETTING_MACSEC_PORT, "port", OPTION_NONE, N_("SCI port [1]"), NULL, NULL, NULL }, + { NM_SETTING_MACVLAN_SETTING_NAME, NM_SETTING_MACVLAN_PARENT, "dev", OPTION_REQD, N_("MACVLAN parent device or connection UUID"), NULL, NULL, nmc_rl_gen_func_ifnames }, { NM_SETTING_MACVLAN_SETTING_NAME, NM_SETTING_MACVLAN_MODE, "mode", OPTION_REQD, PROMPT_MACVLAN_MODE, NULL, @@ -4821,6 +4855,8 @@ setting_name_to_name (const char *name) return _("OLPC Mesh connection"); if (strcmp (name, NM_SETTING_ADSL_SETTING_NAME) == 0) return _("ADSL connection"); + if (strcmp (name, NM_SETTING_MACSEC_SETTING_NAME) == 0) + return _("MACsec connection"); if (strcmp (name, NM_SETTING_MACVLAN_SETTING_NAME) == 0) return _("macvlan connection"); if (strcmp (name, NM_SETTING_VXLAN_SETTING_NAME) == 0) diff --git a/clients/cli/settings.c b/clients/cli/settings.c index dc46633be3..6c453f6453 100644 --- a/clients/cli/settings.c +++ b/clients/cli/settings.c @@ -743,6 +743,29 @@ NmcOutputField nmc_fields_setting_ip_tunnel[] = { NM_SETTING_IP_TUNNEL_FLOW_LABEL","\ NM_SETTING_IP_TUNNEL_MTU +/* Available fields for NM_SETTING_MACSEC_SETTING_NAME */ +NmcOutputField nmc_fields_setting_macsec[] = { + SETTING_FIELD ("name"), /* 0 */ + SETTING_FIELD (NM_SETTING_MACSEC_PARENT), /* 1 */ + SETTING_FIELD (NM_SETTING_MACSEC_MODE), /* 2 */ + SETTING_FIELD (NM_SETTING_MACSEC_ENCRYPT), /* 3 */ + SETTING_FIELD (NM_SETTING_MACSEC_MKA_CAK), /* 4 */ + SETTING_FIELD (NM_SETTING_MACSEC_MKA_CAK_FLAGS), /* 5 */ + SETTING_FIELD (NM_SETTING_MACSEC_MKA_CKN), /* 6 */ + SETTING_FIELD (NM_SETTING_MACSEC_PORT), /* 7 */ + SETTING_FIELD (NM_SETTING_MACSEC_VALIDATION), /* 8 */ + {NULL, NULL, 0, NULL, FALSE, FALSE, 0} +}; +#define NMC_FIELDS_SETTING_MACSEC_ALL "name"","\ + NM_SETTING_MACSEC_PARENT","\ + NM_SETTING_MACSEC_MODE","\ + NM_SETTING_MACSEC_ENCRYPT","\ + NM_SETTING_MACSEC_MKA_CAK","\ + NM_SETTING_MACSEC_MKA_CAK_FLAGS","\ + NM_SETTING_MACSEC_MKA_CKN","\ + NM_SETTING_MACSEC_PORT","\ + NM_SETTING_MACSEC_VALIDATION + /* Available fields for NM_SETTING_MACVLAN_SETTING_NAME */ NmcOutputField nmc_fields_setting_macvlan[] = { SETTING_FIELD ("name"), /* 0 */ @@ -2073,6 +2096,94 @@ nmc_property_wifi_sec_get_wep_key_type (NMSetting *setting, NmcPropertyGetType g return wep_key_type_to_string (nm_setting_wireless_security_get_wep_key_type (s_wireless_sec)); } +/* --- NM_SETTING_MACSEC_SETTING_NAME property get functions --- */ +DEFINE_GETTER (nmc_property_macsec_get_parent, NM_SETTING_MACSEC_PARENT) +DEFINE_GETTER (nmc_property_macsec_get_encrypt, NM_SETTING_MACSEC_ENCRYPT) +DEFINE_GETTER (nmc_property_macsec_get_mka_cak, NM_SETTING_MACSEC_MKA_CAK) +DEFINE_SECRET_FLAGS_GETTER (nmc_property_macsec_get_mka_cak_flags, NM_SETTING_MACSEC_MKA_CAK_FLAGS) +DEFINE_GETTER (nmc_property_macsec_get_mka_ckn, NM_SETTING_MACSEC_MKA_CKN) +DEFINE_GETTER (nmc_property_macsec_get_port, NM_SETTING_MACSEC_PORT) + +/* 'mode' */ +static char * +nmc_property_macsec_get_mode (NMSetting *setting, NmcPropertyGetType get_type) +{ + NMSettingMacsec *s_macsec = NM_SETTING_MACSEC (setting); + NMSettingMacsecMode mode; + + mode = nm_setting_macsec_get_mode (s_macsec); + return nm_utils_enum_to_str (nm_setting_macsec_mode_get_type (), mode); +} + + +static gboolean +nmc_property_macsec_set_mode (NMSetting *setting, const char *prop, + const char *val, GError **error) +{ + NMSettingMacsecMode mode; + gs_free char *options = NULL; + + if (!nm_utils_enum_from_str (nm_setting_macsec_mode_get_type (), val, + (int *) &mode, NULL)) { + options = g_strjoinv (",", + (char **) nm_utils_enum_get_values (nm_setting_macsec_mode_get_type (), + G_MININT, + G_MAXINT)); + g_set_error (error, 1, 0, _("invalid option '%s', use one of [%s]"), + val, options); + return FALSE; + } + + g_object_set (setting, prop, mode, NULL); + return TRUE; +} + +/* 'mode' */ +static char * +nmc_property_macsec_get_validation (NMSetting *setting, NmcPropertyGetType get_type) +{ + NMSettingMacsec *s_macsec = NM_SETTING_MACSEC (setting); + NMSettingMacsecValidation validation; + + validation = nm_setting_macsec_get_validation (s_macsec); + return nm_utils_enum_to_str (nm_setting_macsec_validation_get_type (), validation); +} + + +static gboolean +nmc_property_macsec_set_validation (NMSetting *setting, const char *prop, + const char *val, GError **error) +{ + NMSettingMacsecMode validation; + gs_free char *options = NULL; + + if (!nm_utils_enum_from_str (nm_setting_macsec_validation_get_type (), val, + (int *) &validation, NULL)) { + options = g_strjoinv (",", + (char **) nm_utils_enum_get_values (nm_setting_macsec_validation_get_type (), + G_MININT, + G_MAXINT)); + g_set_error (error, 1, 0, _("invalid option '%s', use one of [%s]"), + val, options); + return FALSE; + } + + g_object_set (setting, prop, validation, NULL); + return TRUE; +} + +static const char ** +nmc_property_macsec_allowed_validation (NMSetting *setting, const char *prop) +{ + static const char **words = NULL; + + if (!words) + words = nm_utils_enum_get_values (nm_setting_macsec_validation_get_type(), + G_MININT, + G_MAXINT); + return words; +} + /* --- NM_SETTING_MACVLAN_SETTING_NAME property get functions --- */ DEFINE_GETTER (nmc_property_macvlan_get_parent, NM_SETTING_MACVLAN_PARENT) DEFINE_GETTER (nmc_property_macvlan_get_promiscuous, NM_SETTING_MACVLAN_PROMISCUOUS) @@ -7806,6 +7917,64 @@ nmc_properties_init (void) NULL, NULL); + /* Add editable properties for NM_SETTING_MACSEC_SETTING_NAME */ + nmc_add_prop_funcs (GLUE (MACSEC, PARENT), + nmc_property_macsec_get_parent, + nmc_property_set_string, + NULL, + NULL, + NULL, + NULL); + nmc_add_prop_funcs (GLUE (MACSEC, MODE), + nmc_property_macsec_get_mode, + nmc_property_macsec_set_mode, + NULL, + NULL, + NULL, + NULL); + nmc_add_prop_funcs (GLUE (MACSEC, ENCRYPT), + nmc_property_macsec_get_encrypt, + nmc_property_set_bool, + NULL, + NULL, + NULL, + NULL); + nmc_add_prop_funcs (GLUE (MACSEC, MKA_CAK), + nmc_property_macsec_get_mka_cak, + nmc_property_set_string, + NULL, + NULL, + NULL, + NULL); + nmc_add_prop_funcs (GLUE (MACSEC, MKA_CAK_FLAGS), + nmc_property_macsec_get_mka_cak_flags, + nmc_property_set_secret_flags, + NULL, + NULL, + NULL, + NULL); + nmc_add_prop_funcs (GLUE (MACSEC, MKA_CKN), + nmc_property_macsec_get_mka_ckn, + nmc_property_set_string, + NULL, + NULL, + NULL, + NULL); + nmc_add_prop_funcs (GLUE (MACSEC, PORT), + nmc_property_macsec_get_port, + nmc_property_set_int, + NULL, + NULL, + NULL, + NULL); + nmc_add_prop_funcs (GLUE (MACSEC, VALIDATION), + nmc_property_macsec_get_validation, + nmc_property_macsec_set_validation, + NULL, + NULL, + nmc_property_macsec_allowed_validation, + NULL); + /* Add editable properties for NM_SETTING_MACVLAN_SETTING_NAME */ nmc_add_prop_funcs (GLUE (MACVLAN, PARENT), nmc_property_macvlan_get_parent, @@ -9203,6 +9372,39 @@ setting_ip_tunnel_details (NMSetting *setting, NmCli *nmc, const char *one_prop } static gboolean +setting_macsec_details (NMSetting *setting, NmCli *nmc, const char *one_prop, gboolean secrets) +{ + NMSettingMacsec *s_macsec = NM_SETTING_MACSEC (setting); + NmcOutputField *tmpl, *arr; + size_t tmpl_len; + + g_return_val_if_fail (NM_IS_SETTING_MACSEC (s_macsec), FALSE); + + tmpl = nmc_fields_setting_macsec; + tmpl_len = sizeof (nmc_fields_setting_macsec); + nmc->print_fields.indices = parse_output_fields (one_prop ? one_prop : NMC_FIELDS_SETTING_MACSEC_ALL, + tmpl, FALSE, NULL, NULL); + arr = nmc_dup_fields_array (tmpl, tmpl_len, NMC_OF_FLAG_FIELD_NAMES); + g_ptr_array_add (nmc->output_data, arr); + + arr = nmc_dup_fields_array (tmpl, tmpl_len, NMC_OF_FLAG_SECTION_PREFIX); + set_val_str (arr, 0, g_strdup (nm_setting_get_name (setting))); + set_val_str (arr, 1, nmc_property_macsec_get_parent (setting, NMC_PROPERTY_GET_PRETTY)); + set_val_str (arr, 2, nmc_property_macsec_get_mode (setting, NMC_PROPERTY_GET_PRETTY)); + set_val_str (arr, 3, nmc_property_macsec_get_encrypt (setting, NMC_PROPERTY_GET_PRETTY)); + set_val_str (arr, 4, GET_SECRET (secrets, setting, nmc_property_macsec_get_mka_cak)); + set_val_str (arr, 5, nmc_property_macsec_get_mka_cak_flags (setting, NMC_PROPERTY_GET_PRETTY)); + set_val_str (arr, 6, nmc_property_macsec_get_mka_ckn (setting, NMC_PROPERTY_GET_PRETTY)); + set_val_str (arr, 7, nmc_property_macsec_get_port (setting, NMC_PROPERTY_GET_PRETTY)); + set_val_str (arr, 8, nmc_property_macsec_get_validation (setting, NMC_PROPERTY_GET_PRETTY)); + g_ptr_array_add (nmc->output_data, arr); + + print_data (nmc); /* Print all data */ + + return TRUE; +} + +static gboolean setting_macvlan_details (NMSetting *setting, NmCli *nmc, const char *one_prop, gboolean secrets) { NMSettingMacvlan *s_macvlan = NM_SETTING_MACVLAN (setting); @@ -9334,6 +9536,7 @@ static const SettingDetails detail_printers[] = { { NM_SETTING_DCB_SETTING_NAME, setting_dcb_details }, { NM_SETTING_TUN_SETTING_NAME, setting_tun_details }, { NM_SETTING_IP_TUNNEL_SETTING_NAME, setting_ip_tunnel_details }, + { NM_SETTING_MACSEC_SETTING_NAME, setting_macsec_details }, { NM_SETTING_MACVLAN_SETTING_NAME, setting_macvlan_details }, { NM_SETTING_VXLAN_SETTING_NAME, setting_vxlan_details }, { NM_SETTING_PROXY_SETTING_NAME, setting_proxy_details }, diff --git a/clients/cli/settings.h b/clients/cli/settings.h index 9ef9c270d2..ad503f9ef6 100644 --- a/clients/cli/settings.h +++ b/clients/cli/settings.h @@ -92,6 +92,7 @@ extern NmcOutputField nmc_fields_setting_dcb[]; extern NmcOutputField nmc_fields_setting_tun[]; extern NmcOutputField nmc_fields_setting_ip_tunnel[]; extern NmcOutputField nmc_fields_setting_macvlan[]; +extern NmcOutputField nmc_fields_setting_macsec[]; extern NmcOutputField nmc_fields_setting_vxlan[]; extern NmcOutputField nmc_fields_setting_proxy[]; diff --git a/clients/common/nm-secret-agent-simple.c b/clients/common/nm-secret-agent-simple.c index 4e59f489f0..b763bf8985 100644 --- a/clients/common/nm-secret-agent-simple.c +++ b/clients/common/nm-secret-agent-simple.c @@ -492,7 +492,7 @@ request_secrets_from_ui (NMSecretAgentSimpleRequest *request) secret = nm_secret_agent_simple_secret_new (_("PIN"), NM_SETTING (s_gsm), NM_SETTING_GSM_PIN, - NULL, + NULL, NULL, FALSE); g_ptr_array_add (secrets, secret); @@ -509,6 +509,25 @@ request_secrets_from_ui (NMSecretAgentSimpleRequest *request) TRUE); g_ptr_array_add (secrets, secret); } + } else if (nm_connection_is_type (request->connection, NM_SETTING_MACSEC_SETTING_NAME)) { + NMSettingMacsec *s_macsec = nm_connection_get_setting_macsec (request->connection); + + msg = g_strdup_printf (_("Secrets are required to access the MACsec network '%s'"), + nm_connection_get_id (request->connection)); + + if (nm_setting_macsec_get_mode (s_macsec) == NM_SETTING_MACSEC_MODE_PSK) { + title = _("MACsec PSK authentication"); + secret = nm_secret_agent_simple_secret_new (_("MKA CAK"), + NM_SETTING (s_macsec), + NM_SETTING_MACSEC_MKA_CAK, + NULL, + NULL, + TRUE); + g_ptr_array_add (secrets, secret); + } else { + title = _("MACsec EAP authentication"); + ok = add_8021x_secrets (request, secrets); + } } else if (nm_connection_is_type (request->connection, NM_SETTING_CDMA_SETTING_NAME)) { NMSettingCdma *s_cdma = nm_connection_get_setting_cdma (request->connection); |