1 /* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the
16 * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
17 * Boston, MA 02110-1301 USA.
19 * Copyright 2007 - 2014 Red Hat, Inc.
20 * Copyright 2007 - 2008 Novell, Inc.
23 #ifndef __NM_SETTING_8021X_H__
24 #define __NM_SETTING_8021X_H__
26 #if !defined (__NETWORKMANAGER_H_INSIDE__) && !defined (NETWORKMANAGER_COMPILATION)
27 #error "Only <NetworkManager.h> can be included directly."
30 #include <nm-setting.h>
34 #define NM_SETTING_802_1X_CERT_SCHEME_PREFIX_PATH "file://"
37 * NMSetting8021xCKFormat:
38 * @NM_SETTING_802_1X_CK_FORMAT_UNKNOWN: unknown file format
39 * @NM_SETTING_802_1X_CK_FORMAT_X509: file contains an X.509 format certificate
40 * @NM_SETTING_802_1X_CK_FORMAT_RAW_KEY: file contains an old-style OpenSSL PEM
42 * @NM_SETTING_802_1X_CK_FORMAT_PKCS12: file contains a PKCS#<!-- -->12 certificate
45 * #NMSetting8021xCKFormat values indicate the general type of a certificate
48 typedef enum { /*< underscore_name=nm_setting_802_1x_ck_format >*/
49 NM_SETTING_802_1X_CK_FORMAT_UNKNOWN = 0,
50 NM_SETTING_802_1X_CK_FORMAT_X509,
51 NM_SETTING_802_1X_CK_FORMAT_RAW_KEY,
52 NM_SETTING_802_1X_CK_FORMAT_PKCS12
53 } NMSetting8021xCKFormat;
56 * NMSetting8021xCKScheme:
57 * @NM_SETTING_802_1X_CK_SCHEME_UNKNOWN: unknown certificate or private key
59 * @NM_SETTING_802_1X_CK_SCHEME_BLOB: certificate or key is stored as the raw
61 * @NM_SETTING_802_1X_CK_SCHEME_PATH: certificate or key is stored as a path
62 * to a file containing the certificate or key data
64 * #NMSetting8021xCKScheme values indicate how a certificate or private key is
65 * stored in the setting properties, either as a blob of the item's data, or as
66 * a path to a certificate or private key file on the filesystem
68 typedef enum { /*< underscore_name=nm_setting_802_1x_ck_scheme >*/
69 NM_SETTING_802_1X_CK_SCHEME_UNKNOWN = 0,
70 NM_SETTING_802_1X_CK_SCHEME_BLOB,
71 NM_SETTING_802_1X_CK_SCHEME_PATH
72 } NMSetting8021xCKScheme;
75 #define NM_TYPE_SETTING_802_1X (nm_setting_802_1x_get_type ())
76 #define NM_SETTING_802_1X(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_SETTING_802_1X, NMSetting8021x))
77 #define NM_SETTING_802_1X_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_SETTING_802_1X, NMSetting8021xClass))
78 #define NM_IS_SETTING_802_1X(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_SETTING_802_1X))
79 #define NM_IS_SETTING_802_1X_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_SETTING_802_1X))
80 #define NM_SETTING_802_1X_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_SETTING_802_1X, NMSetting8021xClass))
82 #define NM_SETTING_802_1X_SETTING_NAME "802-1x"
84 #define NM_SETTING_802_1X_EAP "eap"
85 #define NM_SETTING_802_1X_IDENTITY "identity"
86 #define NM_SETTING_802_1X_ANONYMOUS_IDENTITY "anonymous-identity"
87 #define NM_SETTING_802_1X_PAC_FILE "pac-file"
88 #define NM_SETTING_802_1X_CA_CERT "ca-cert"
89 #define NM_SETTING_802_1X_CA_PATH "ca-path"
90 #define NM_SETTING_802_1X_SUBJECT_MATCH "subject-match"
91 #define NM_SETTING_802_1X_ALTSUBJECT_MATCHES "altsubject-matches"
92 #define NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH "domain-suffix-match"
93 #define NM_SETTING_802_1X_CLIENT_CERT "client-cert"
94 #define NM_SETTING_802_1X_PHASE1_PEAPVER "phase1-peapver"
95 #define NM_SETTING_802_1X_PHASE1_PEAPLABEL "phase1-peaplabel"
96 #define NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING "phase1-fast-provisioning"
97 #define NM_SETTING_802_1X_PHASE2_AUTH "phase2-auth"
98 #define NM_SETTING_802_1X_PHASE2_AUTHEAP "phase2-autheap"
99 #define NM_SETTING_802_1X_PHASE2_CA_CERT "phase2-ca-cert"
100 #define NM_SETTING_802_1X_PHASE2_CA_PATH "phase2-ca-path"
101 #define NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH "phase2-subject-match"
102 #define NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES "phase2-altsubject-matches"
103 #define NM_SETTING_802_1X_PHASE2_DOMAIN_SUFFIX_MATCH "phase2-domain-suffix-match"
104 #define NM_SETTING_802_1X_PHASE2_CLIENT_CERT "phase2-client-cert"
105 #define NM_SETTING_802_1X_PASSWORD "password"
106 #define NM_SETTING_802_1X_PASSWORD_FLAGS "password-flags"
107 #define NM_SETTING_802_1X_PASSWORD_RAW "password-raw"
108 #define NM_SETTING_802_1X_PASSWORD_RAW_FLAGS "password-raw-flags"
109 #define NM_SETTING_802_1X_PRIVATE_KEY "private-key"
110 #define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD "private-key-password"
111 #define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS "private-key-password-flags"
112 #define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY "phase2-private-key"
113 #define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD "phase2-private-key-password"
114 #define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS "phase2-private-key-password-flags"
115 #define NM_SETTING_802_1X_PIN "pin"
116 #define NM_SETTING_802_1X_PIN_FLAGS "pin-flags"
117 #define NM_SETTING_802_1X_SYSTEM_CA_CERTS "system-ca-certs"
119 /* PRIVATE KEY NOTE: when setting PKCS#12 private keys directly via properties
120 * using the "blob" scheme, the data must be passed in PKCS#12 binary format.
121 * In this case, the appropriate "client-cert" (or "phase2-client-cert")
122 * property of the NMSetting8021x object must also contain the exact same
123 * PKCS#12 binary data that the private key does. This is because the
124 * PKCS#12 file contains both the private key and client certificate, so both
125 * properties need to be set to the same thing. When using the "path" scheme,
126 * just set both the private-key and client-cert properties to the same path.
128 * When setting OpenSSL-derived "traditional" format (ie S/MIME style, not
129 * PKCS#8) RSA and DSA keys directly via properties with the "blob" scheme, they
130 * should be passed to NetworkManager in PEM format with the "DEK-Info" and
131 * "Proc-Type" tags intact. Decrypted private keys should not be used as this
132 * is insecure and could allow unprivileged users to access the decrypted
135 * When using the "path" scheme, just set the private-key and client-cert
136 * properties to the paths to their respective objects.
139 struct _NMSetting8021x {
144 NMSettingClass parent;
148 } NMSetting8021xClass;
150 GType nm_setting_802_1x_get_type (void);
152 NMSetting *nm_setting_802_1x_new (void);
155 NMSetting8021xCKScheme nm_setting_802_1x_check_cert_scheme (gconstpointer pdata, gsize length, GError **error);
157 guint32 nm_setting_802_1x_get_num_eap_methods (NMSetting8021x *setting);
158 const char * nm_setting_802_1x_get_eap_method (NMSetting8021x *setting, guint32 i);
159 gboolean nm_setting_802_1x_add_eap_method (NMSetting8021x *setting, const char *eap);
160 void nm_setting_802_1x_remove_eap_method (NMSetting8021x *setting, guint32 i);
161 gboolean nm_setting_802_1x_remove_eap_method_by_value (NMSetting8021x *setting, const char *eap);
162 void nm_setting_802_1x_clear_eap_methods (NMSetting8021x *setting);
164 const char * nm_setting_802_1x_get_identity (NMSetting8021x *setting);
166 const char * nm_setting_802_1x_get_anonymous_identity (NMSetting8021x *setting);
168 const char * nm_setting_802_1x_get_pac_file (NMSetting8021x *setting);
170 gboolean nm_setting_802_1x_get_system_ca_certs (NMSetting8021x *setting);
171 const char * nm_setting_802_1x_get_ca_path (NMSetting8021x *setting);
172 const char * nm_setting_802_1x_get_phase2_ca_path (NMSetting8021x *setting);
174 NMSetting8021xCKScheme nm_setting_802_1x_get_ca_cert_scheme (NMSetting8021x *setting);
175 GBytes * nm_setting_802_1x_get_ca_cert_blob (NMSetting8021x *setting);
176 const char * nm_setting_802_1x_get_ca_cert_path (NMSetting8021x *setting);
177 gboolean nm_setting_802_1x_set_ca_cert (NMSetting8021x *setting,
178 const char *cert_path,
179 NMSetting8021xCKScheme scheme,
180 NMSetting8021xCKFormat *out_format,
183 const char * nm_setting_802_1x_get_subject_match (NMSetting8021x *setting);
185 guint32 nm_setting_802_1x_get_num_altsubject_matches (NMSetting8021x *setting);
186 const char * nm_setting_802_1x_get_altsubject_match (NMSetting8021x *setting,
188 gboolean nm_setting_802_1x_add_altsubject_match (NMSetting8021x *setting,
189 const char *altsubject_match);
190 void nm_setting_802_1x_remove_altsubject_match (NMSetting8021x *setting,
192 gboolean nm_setting_802_1x_remove_altsubject_match_by_value (NMSetting8021x *setting,
193 const char *altsubject_match);
194 void nm_setting_802_1x_clear_altsubject_matches (NMSetting8021x *setting);
196 const char * nm_setting_802_1x_get_domain_suffix_match (NMSetting8021x *setting);
198 NMSetting8021xCKScheme nm_setting_802_1x_get_client_cert_scheme (NMSetting8021x *setting);
199 GBytes * nm_setting_802_1x_get_client_cert_blob (NMSetting8021x *setting);
200 const char * nm_setting_802_1x_get_client_cert_path (NMSetting8021x *setting);
201 gboolean nm_setting_802_1x_set_client_cert (NMSetting8021x *setting,
202 const char *cert_path,
203 NMSetting8021xCKScheme scheme,
204 NMSetting8021xCKFormat *out_format,
207 const char * nm_setting_802_1x_get_phase1_peapver (NMSetting8021x *setting);
209 const char * nm_setting_802_1x_get_phase1_peaplabel (NMSetting8021x *setting);
211 const char * nm_setting_802_1x_get_phase1_fast_provisioning (NMSetting8021x *setting);
213 const char * nm_setting_802_1x_get_phase2_auth (NMSetting8021x *setting);
215 const char * nm_setting_802_1x_get_phase2_autheap (NMSetting8021x *setting);
217 NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_ca_cert_scheme (NMSetting8021x *setting);
218 GBytes * nm_setting_802_1x_get_phase2_ca_cert_blob (NMSetting8021x *setting);
219 const char * nm_setting_802_1x_get_phase2_ca_cert_path (NMSetting8021x *setting);
220 gboolean nm_setting_802_1x_set_phase2_ca_cert (NMSetting8021x *setting,
221 const char *cert_path,
222 NMSetting8021xCKScheme scheme,
223 NMSetting8021xCKFormat *out_format,
226 const char * nm_setting_802_1x_get_phase2_subject_match (NMSetting8021x *setting);
228 guint32 nm_setting_802_1x_get_num_phase2_altsubject_matches (NMSetting8021x *setting);
229 const char * nm_setting_802_1x_get_phase2_altsubject_match (NMSetting8021x *setting,
231 gboolean nm_setting_802_1x_add_phase2_altsubject_match (NMSetting8021x *setting,
232 const char *phase2_altsubject_match);
233 void nm_setting_802_1x_remove_phase2_altsubject_match (NMSetting8021x *setting,
235 gboolean nm_setting_802_1x_remove_phase2_altsubject_match_by_value (NMSetting8021x *setting,
236 const char *phase2_altsubject_match);
237 void nm_setting_802_1x_clear_phase2_altsubject_matches (NMSetting8021x *setting);
239 const char * nm_setting_802_1x_get_phase2_domain_suffix_match (NMSetting8021x *setting);
241 NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_client_cert_scheme (NMSetting8021x *setting);
242 GBytes * nm_setting_802_1x_get_phase2_client_cert_blob (NMSetting8021x *setting);
243 const char * nm_setting_802_1x_get_phase2_client_cert_path (NMSetting8021x *setting);
244 gboolean nm_setting_802_1x_set_phase2_client_cert (NMSetting8021x *setting,
245 const char *cert_path,
246 NMSetting8021xCKScheme scheme,
247 NMSetting8021xCKFormat *out_format,
250 const char * nm_setting_802_1x_get_password (NMSetting8021x *setting);
251 NMSettingSecretFlags nm_setting_802_1x_get_password_flags (NMSetting8021x *setting);
252 GBytes * nm_setting_802_1x_get_password_raw (NMSetting8021x *setting);
253 NMSettingSecretFlags nm_setting_802_1x_get_password_raw_flags (NMSetting8021x *setting);
255 const char * nm_setting_802_1x_get_pin (NMSetting8021x *setting);
256 NMSettingSecretFlags nm_setting_802_1x_get_pin_flags (NMSetting8021x *setting);
258 NMSetting8021xCKScheme nm_setting_802_1x_get_private_key_scheme (NMSetting8021x *setting);
259 GBytes * nm_setting_802_1x_get_private_key_blob (NMSetting8021x *setting);
260 const char * nm_setting_802_1x_get_private_key_path (NMSetting8021x *setting);
261 gboolean nm_setting_802_1x_set_private_key (NMSetting8021x *setting,
262 const char *key_path,
263 const char *password,
264 NMSetting8021xCKScheme scheme,
265 NMSetting8021xCKFormat *out_format,
267 const char * nm_setting_802_1x_get_private_key_password (NMSetting8021x *setting);
268 NMSettingSecretFlags nm_setting_802_1x_get_private_key_password_flags (NMSetting8021x *setting);
270 NMSetting8021xCKFormat nm_setting_802_1x_get_private_key_format (NMSetting8021x *setting);
272 NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_private_key_scheme (NMSetting8021x *setting);
273 GBytes * nm_setting_802_1x_get_phase2_private_key_blob (NMSetting8021x *setting);
274 const char * nm_setting_802_1x_get_phase2_private_key_path (NMSetting8021x *setting);
275 gboolean nm_setting_802_1x_set_phase2_private_key (NMSetting8021x *setting,
276 const char *key_path,
277 const char *password,
278 NMSetting8021xCKScheme scheme,
279 NMSetting8021xCKFormat *out_format,
281 const char * nm_setting_802_1x_get_phase2_private_key_password (NMSetting8021x *setting);
282 NMSettingSecretFlags nm_setting_802_1x_get_phase2_private_key_password_flags (NMSetting8021x *setting);
284 NMSetting8021xCKFormat nm_setting_802_1x_get_phase2_private_key_format (NMSetting8021x *setting);
289 #endif /* __NM_SETTING_8021X_H__ */