diff options
author | Thomas Haller <thaller@redhat.com> | 2019-01-30 12:36:13 +0100 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2019-02-22 11:00:10 +0100 |
commit | e148ec07d5d3c1e5d570913006cddc6ca060e3d9 (patch) | |
tree | cf81b81caa2e94694ad2ed86f0dc40d743b3065e /clients/common/nm-secret-agent-simple.c | |
parent | b521f426ab228b003e1e87348e116291d23dc88b (diff) | |
download | NetworkManager-e148ec07d5d3c1e5d570913006cddc6ca060e3d9.tar.gz |
libnm: add NMWireGuardPeer and libnm support for peers
Diffstat (limited to 'clients/common/nm-secret-agent-simple.c')
-rw-r--r-- | clients/common/nm-secret-agent-simple.c | 80 |
1 files changed, 73 insertions, 7 deletions
diff --git a/clients/common/nm-secret-agent-simple.c b/clients/common/nm-secret-agent-simple.c index 6b72d2aa00..eeded86151 100644 --- a/clients/common/nm-secret-agent-simple.c +++ b/clients/common/nm-secret-agent-simple.c @@ -214,6 +214,32 @@ _secret_real_new_vpn_secret (const char *pretty_name, return &real->base; } +static NMSecretAgentSimpleSecret * +_secret_real_new_wireguard_peer_psk (NMSettingWireGuard *s_wg, + const char *public_key, + const char *preshared_key) +{ + SecretReal *real; + + nm_assert (NM_IS_SETTING_WIREGUARD (s_wg)); + nm_assert (public_key); + + real = g_slice_new (SecretReal); + *real = (SecretReal) { + .base.secret_type = NM_SECRET_AGENT_SECRET_TYPE_WIREGUARD_PEER_PSK, + .base.pretty_name = g_strdup_printf (_("Preshared-key for %s"), + public_key), + .base.entry_id = g_strdup_printf (NM_SETTING_WIREGUARD_SETTING_NAME"."NM_SETTING_WIREGUARD_PEERS".%s."NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY, + public_key), + .base.value = g_strdup (preshared_key), + .base.is_secret = TRUE, + .base.no_prompt_entry_id = TRUE, + .setting = NM_SETTING (g_object_ref (s_wg)), + .property = g_strdup (public_key), + }; + return &real->base; +} + /*****************************************************************************/ static gboolean @@ -464,19 +490,37 @@ add_wireguard_secrets (RequestData *request, } if (request->hints) { + for (i = 0; request->hints[i]; i++) { + NMWireGuardPeer *peer; const char *name = request->hints[i]; - gs_free char *peer_name = NULL; + gs_free char *public_key = NULL; if (nm_streq (name, NM_SETTING_WIREGUARD_PRIVATE_KEY)) continue; - /* TODO: add support for WireGuard peers and their preshared-key. */ - g_set_error (error, NM_SECRET_AGENT_ERROR, NM_SECRET_AGENT_ERROR_FAILED, - _("Cannot service unknown WireGuard hint '%s' for secrets request %s"), - name, - request->request_id); - return FALSE; + if (NM_STR_HAS_PREFIX (name, NM_SETTING_WIREGUARD_PEERS".")) { + const char *tmp; + + tmp = &name[NM_STRLEN (NM_SETTING_WIREGUARD_PEERS".")]; + if (NM_STR_HAS_SUFFIX (tmp, "."NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY)) { + public_key = g_strndup (tmp, + strlen (tmp) - NM_STRLEN ("."NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY)); + } + } + + if (!public_key) + continue; + + peer = nm_setting_wireguard_get_peer_by_public_key (s_wg, public_key, NULL); + + g_ptr_array_add (secrets, _secret_real_new_wireguard_peer_psk (s_wg, + ( peer + ? nm_wireguard_peer_get_public_key (peer) + : public_key), + ( peer + ? nm_wireguard_peer_get_preshared_key (peer) + : NULL))); } } @@ -1034,10 +1078,13 @@ nm_secret_agent_simple_response (NMSecretAgentSimple *self, if (secrets) { GVariantBuilder conn_builder, *setting_builder; GVariantBuilder vpn_secrets_builder; + GVariantBuilder wg_secrets_builder; + GVariantBuilder wg_peer_builder; GHashTable *settings; GHashTableIter iter; const char *name; gboolean has_vpn = FALSE; + gboolean has_wg = FALSE; settings = g_hash_table_new (nm_str_hash, g_str_equal); for (i = 0; i < secrets->len; i++) { @@ -1065,6 +1112,19 @@ nm_secret_agent_simple_response (NMSecretAgentSimple *self, g_variant_builder_add (&vpn_secrets_builder, "{ss}", secret->property, secret->base.value); break; + case NM_SECRET_AGENT_SECRET_TYPE_WIREGUARD_PEER_PSK: + if (!has_wg) { + g_variant_builder_init (&wg_secrets_builder, G_VARIANT_TYPE ("aa{sv}")); + has_wg = TRUE; + } + g_variant_builder_init (&wg_peer_builder, G_VARIANT_TYPE ("a{sv}")); + g_variant_builder_add (&wg_peer_builder, "{sv}", + NM_WIREGUARD_PEER_ATTR_PUBLIC_KEY, g_variant_new_string (secret->property)); + g_variant_builder_add (&wg_peer_builder, "{sv}", + NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY, g_variant_new_string (secret->base.value)); + g_variant_builder_add (&wg_secrets_builder, "a{sv}", + &wg_peer_builder); + break; } } @@ -1074,6 +1134,12 @@ nm_secret_agent_simple_response (NMSecretAgentSimple *self, g_variant_builder_end (&vpn_secrets_builder)); } + if (has_wg) { + g_variant_builder_add (setting_builder, "{sv}", + NM_SETTING_WIREGUARD_PEERS, + g_variant_builder_end (&wg_secrets_builder)); + } + g_variant_builder_init (&conn_builder, NM_VARIANT_TYPE_CONNECTION); g_hash_table_iter_init (&iter, settings); while (g_hash_table_iter_next (&iter, (gpointer *) &name, (gpointer *) &setting_builder)) |