libnm-core/nm-setting-8021x.h

   1 /* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
   2
   3 /*
   4  * This library is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU Lesser General Public
   6  * License as published by the Free Software Foundation; either
   7  * version 2 of the License, or (at your option) any later version.
   8  *
   9  * This library is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public
  15  * License along with this library; if not, write to the
  16  * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
  17  * Boston, MA 02110-1301 USA.
  18  *
  19  * Copyright 2007 - 2014 Red Hat, Inc.
  20  * Copyright 2007 - 2008 Novell, Inc.
  21  */
  22
  23 #ifndef __NM_SETTING_8021X_H__
  24 #define __NM_SETTING_8021X_H__
  25
  26 #if !defined (__NETWORKMANAGER_H_INSIDE__) && !defined (NETWORKMANAGER_COMPILATION)
  27 #error "Only <NetworkManager.h> can be included directly."
  28 #endif
  29
  30 #include <nm-setting.h>
  31
  32 G_BEGIN_DECLS
  33
  34 #define NM_SETTING_802_1X_CERT_SCHEME_PREFIX_PATH "file://"
  35
  36 /**
  37  * NMSetting8021xCKFormat:
  38  * @NM_SETTING_802_1X_CK_FORMAT_UNKNOWN: unknown file format
  39  * @NM_SETTING_802_1X_CK_FORMAT_X509: file contains an X.509 format certificate
  40  * @NM_SETTING_802_1X_CK_FORMAT_RAW_KEY: file contains an old-style OpenSSL PEM
  41  * or DER private key
  42  * @NM_SETTING_802_1X_CK_FORMAT_PKCS12: file contains a PKCS#<!-- -->12 certificate
  43  * and private key
  44  *
  45  * #NMSetting8021xCKFormat values indicate the general type of a certificate
  46  * or private key
  47  */
  48 typedef enum { /*< underscore_name=nm_setting_802_1x_ck_format >*/
  49         NM_SETTING_802_1X_CK_FORMAT_UNKNOWN = 0,
  50         NM_SETTING_802_1X_CK_FORMAT_X509,
  51         NM_SETTING_802_1X_CK_FORMAT_RAW_KEY,
  52         NM_SETTING_802_1X_CK_FORMAT_PKCS12
  53 } NMSetting8021xCKFormat;
  54
  55 /**
  56  * NMSetting8021xCKScheme:
  57  * @NM_SETTING_802_1X_CK_SCHEME_UNKNOWN: unknown certificate or private key
  58  * scheme
  59  * @NM_SETTING_802_1X_CK_SCHEME_BLOB: certificate or key is stored as the raw
  60  * item data
  61  * @NM_SETTING_802_1X_CK_SCHEME_PATH: certificate or key is stored as a path
  62  * to a file containing the certificate or key data
  63  *
  64  * #NMSetting8021xCKScheme values indicate how a certificate or private key is
  65  * stored in the setting properties, either as a blob of the item's data, or as
  66  * a path to a certificate or private key file on the filesystem
  67  */
  68 typedef enum { /*< underscore_name=nm_setting_802_1x_ck_scheme >*/
  69         NM_SETTING_802_1X_CK_SCHEME_UNKNOWN = 0,
  70         NM_SETTING_802_1X_CK_SCHEME_BLOB,
  71         NM_SETTING_802_1X_CK_SCHEME_PATH
  72 } NMSetting8021xCKScheme;
  73
  74
  75 #define NM_TYPE_SETTING_802_1X            (nm_setting_802_1x_get_type ())
  76 #define NM_SETTING_802_1X(obj)            (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_SETTING_802_1X, NMSetting8021x))
  77 #define NM_SETTING_802_1X_CLASS(klass)    (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_SETTING_802_1X, NMSetting8021xClass))
  78 #define NM_IS_SETTING_802_1X(obj)         (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_SETTING_802_1X))
  79 #define NM_IS_SETTING_802_1X_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_SETTING_802_1X))
  80 #define NM_SETTING_802_1X_GET_CLASS(obj)  (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_SETTING_802_1X, NMSetting8021xClass))
  81
  82 #define NM_SETTING_802_1X_SETTING_NAME "802-1x"
  83
  84 #define NM_SETTING_802_1X_EAP "eap"
  85 #define NM_SETTING_802_1X_IDENTITY "identity"
  86 #define NM_SETTING_802_1X_ANONYMOUS_IDENTITY "anonymous-identity"
  87 #define NM_SETTING_802_1X_PAC_FILE "pac-file"
  88 #define NM_SETTING_802_1X_CA_CERT "ca-cert"
  89 #define NM_SETTING_802_1X_CA_PATH "ca-path"
  90 #define NM_SETTING_802_1X_SUBJECT_MATCH "subject-match"
  91 #define NM_SETTING_802_1X_ALTSUBJECT_MATCHES "altsubject-matches"
  92 #define NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH "domain-suffix-match"
  93 #define NM_SETTING_802_1X_CLIENT_CERT "client-cert"
  94 #define NM_SETTING_802_1X_PHASE1_PEAPVER "phase1-peapver"
  95 #define NM_SETTING_802_1X_PHASE1_PEAPLABEL "phase1-peaplabel"
  96 #define NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING "phase1-fast-provisioning"
  97 #define NM_SETTING_802_1X_PHASE2_AUTH "phase2-auth"
  98 #define NM_SETTING_802_1X_PHASE2_AUTHEAP "phase2-autheap"
  99 #define NM_SETTING_802_1X_PHASE2_CA_CERT "phase2-ca-cert"
 100 #define NM_SETTING_802_1X_PHASE2_CA_PATH "phase2-ca-path"
 101 #define NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH "phase2-subject-match"
 102 #define NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES "phase2-altsubject-matches"
 103 #define NM_SETTING_802_1X_PHASE2_DOMAIN_SUFFIX_MATCH "phase2-domain-suffix-match"
 104 #define NM_SETTING_802_1X_PHASE2_CLIENT_CERT "phase2-client-cert"
 105 #define NM_SETTING_802_1X_PASSWORD "password"
 106 #define NM_SETTING_802_1X_PASSWORD_FLAGS "password-flags"
 107 #define NM_SETTING_802_1X_PASSWORD_RAW "password-raw"
 108 #define NM_SETTING_802_1X_PASSWORD_RAW_FLAGS "password-raw-flags"
 109 #define NM_SETTING_802_1X_PRIVATE_KEY "private-key"
 110 #define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD "private-key-password"
 111 #define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS "private-key-password-flags"
 112 #define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY "phase2-private-key"
 113 #define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD "phase2-private-key-password"
 114 #define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS "phase2-private-key-password-flags"
 115 #define NM_SETTING_802_1X_PIN "pin"
 116 #define NM_SETTING_802_1X_PIN_FLAGS "pin-flags"
 117 #define NM_SETTING_802_1X_SYSTEM_CA_CERTS "system-ca-certs"
 118
 119 /* PRIVATE KEY NOTE: when setting PKCS#12 private keys directly via properties
 120  * using the "blob" scheme, the data must be passed in PKCS#12 binary format.
 121  * In this case, the appropriate "client-cert" (or "phase2-client-cert")
 122  * property of the NMSetting8021x object must also contain the exact same
 123  * PKCS#12 binary data that the private key does.  This is because the
 124  * PKCS#12 file contains both the private key and client certificate, so both
 125  * properties need to be set to the same thing.  When using the "path" scheme,
 126  * just set both the private-key and client-cert properties to the same path.
 127  *
 128  * When setting OpenSSL-derived "traditional" format (ie S/MIME style, not
 129  * PKCS#8) RSA and DSA keys directly via properties with the "blob" scheme, they
 130  * should be passed to NetworkManager in PEM format with the "DEK-Info" and
 131  * "Proc-Type" tags intact.  Decrypted private keys should not be used as this
 132  * is insecure and could allow unprivileged users to access the decrypted
 133  * private key data.
 134  *
 135  * When using the "path" scheme, just set the private-key and client-cert
 136  * properties to the paths to their respective objects.
 137  */
 138
 139 struct _NMSetting8021x {
 140         NMSetting parent;
 141 };
 142
 143 typedef struct {
 144         NMSettingClass parent;
 145
 146         /*< private >*/
 147         gpointer padding[4];
 148 } NMSetting8021xClass;
 149
 150 GType nm_setting_802_1x_get_type (void);
 151
 152 NMSetting *nm_setting_802_1x_new (void);
 153
 154 NM_AVAILABLE_IN_1_2
 155 NMSetting8021xCKScheme nm_setting_802_1x_check_cert_scheme (gconstpointer pdata, gsize length, GError **error);
 156
 157 guint32           nm_setting_802_1x_get_num_eap_methods              (NMSetting8021x *setting);
 158 const char *      nm_setting_802_1x_get_eap_method                   (NMSetting8021x *setting, guint32 i);
 159 gboolean          nm_setting_802_1x_add_eap_method                   (NMSetting8021x *setting, const char *eap);
 160 void              nm_setting_802_1x_remove_eap_method                (NMSetting8021x *setting, guint32 i);
 161 gboolean          nm_setting_802_1x_remove_eap_method_by_value       (NMSetting8021x *setting, const char *eap);
 162 void              nm_setting_802_1x_clear_eap_methods                (NMSetting8021x *setting);
 163
 164 const char *      nm_setting_802_1x_get_identity                     (NMSetting8021x *setting);
 165
 166 const char *      nm_setting_802_1x_get_anonymous_identity           (NMSetting8021x *setting);
 167
 168 const char *      nm_setting_802_1x_get_pac_file                     (NMSetting8021x *setting);
 169
 170 gboolean          nm_setting_802_1x_get_system_ca_certs              (NMSetting8021x *setting);
 171 const char *      nm_setting_802_1x_get_ca_path                      (NMSetting8021x *setting);
 172 const char *      nm_setting_802_1x_get_phase2_ca_path               (NMSetting8021x *setting);
 173
 174 NMSetting8021xCKScheme nm_setting_802_1x_get_ca_cert_scheme          (NMSetting8021x *setting);
 175 GBytes *               nm_setting_802_1x_get_ca_cert_blob            (NMSetting8021x *setting);
 176 const char *           nm_setting_802_1x_get_ca_cert_path            (NMSetting8021x *setting);
 177 gboolean               nm_setting_802_1x_set_ca_cert                 (NMSetting8021x *setting,
 178                                                                       const char *cert_path,
 179                                                                       NMSetting8021xCKScheme scheme,
 180                                                                       NMSetting8021xCKFormat *out_format,
 181                                                                       GError **error);
 182
 183 const char *      nm_setting_802_1x_get_subject_match                (NMSetting8021x *setting);
 184
 185 guint32           nm_setting_802_1x_get_num_altsubject_matches       (NMSetting8021x *setting);
 186 const char *      nm_setting_802_1x_get_altsubject_match             (NMSetting8021x *setting,
 187                                                                       guint32 i);
 188 gboolean          nm_setting_802_1x_add_altsubject_match             (NMSetting8021x *setting,
 189                                                                       const char *altsubject_match);
 190 void              nm_setting_802_1x_remove_altsubject_match          (NMSetting8021x *setting,
 191                                                                       guint32 i);
 192 gboolean          nm_setting_802_1x_remove_altsubject_match_by_value (NMSetting8021x *setting,
 193                                                                       const char *altsubject_match);
 194 void              nm_setting_802_1x_clear_altsubject_matches         (NMSetting8021x *setting);
 195 NM_AVAILABLE_IN_1_2
 196 const char *      nm_setting_802_1x_get_domain_suffix_match          (NMSetting8021x *setting);
 197
 198 NMSetting8021xCKScheme nm_setting_802_1x_get_client_cert_scheme      (NMSetting8021x *setting);
 199 GBytes *               nm_setting_802_1x_get_client_cert_blob        (NMSetting8021x *setting);
 200 const char *           nm_setting_802_1x_get_client_cert_path        (NMSetting8021x *setting);
 201 gboolean               nm_setting_802_1x_set_client_cert             (NMSetting8021x *setting,
 202                                                                       const char *cert_path,
 203                                                                       NMSetting8021xCKScheme scheme,
 204                                                                       NMSetting8021xCKFormat *out_format,
 205                                                                       GError **error);
 206
 207 const char *      nm_setting_802_1x_get_phase1_peapver               (NMSetting8021x *setting);
 208
 209 const char *      nm_setting_802_1x_get_phase1_peaplabel             (NMSetting8021x *setting);
 210
 211 const char *      nm_setting_802_1x_get_phase1_fast_provisioning     (NMSetting8021x *setting);
 212
 213 const char *      nm_setting_802_1x_get_phase2_auth                  (NMSetting8021x *setting);
 214
 215 const char *      nm_setting_802_1x_get_phase2_autheap               (NMSetting8021x *setting);
 216
 217 NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_ca_cert_scheme   (NMSetting8021x *setting);
 218 GBytes *               nm_setting_802_1x_get_phase2_ca_cert_blob     (NMSetting8021x *setting);
 219 const char *           nm_setting_802_1x_get_phase2_ca_cert_path     (NMSetting8021x *setting);
 220 gboolean               nm_setting_802_1x_set_phase2_ca_cert          (NMSetting8021x *setting,
 221                                                                       const char *cert_path,
 222                                                                       NMSetting8021xCKScheme scheme,
 223                                                                       NMSetting8021xCKFormat *out_format,
 224                                                                       GError **error);
 225
 226 const char *      nm_setting_802_1x_get_phase2_subject_match         (NMSetting8021x *setting);
 227
 228 guint32           nm_setting_802_1x_get_num_phase2_altsubject_matches       (NMSetting8021x *setting);
 229 const char *      nm_setting_802_1x_get_phase2_altsubject_match             (NMSetting8021x *setting,
 230                                                                              guint32 i);
 231 gboolean          nm_setting_802_1x_add_phase2_altsubject_match             (NMSetting8021x *setting,
 232                                                                              const char *phase2_altsubject_match);
 233 void              nm_setting_802_1x_remove_phase2_altsubject_match          (NMSetting8021x *setting,
 234                                                                              guint32 i);
 235 gboolean          nm_setting_802_1x_remove_phase2_altsubject_match_by_value (NMSetting8021x *setting,
 236                                                                              const char *phase2_altsubject_match);
 237 void              nm_setting_802_1x_clear_phase2_altsubject_matches         (NMSetting8021x *setting);
 238 NM_AVAILABLE_IN_1_2
 239 const char *      nm_setting_802_1x_get_phase2_domain_suffix_match          (NMSetting8021x *setting);
 240
 241 NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_client_cert_scheme   (NMSetting8021x *setting);
 242 GBytes *               nm_setting_802_1x_get_phase2_client_cert_blob     (NMSetting8021x *setting);
 243 const char *           nm_setting_802_1x_get_phase2_client_cert_path     (NMSetting8021x *setting);
 244 gboolean               nm_setting_802_1x_set_phase2_client_cert          (NMSetting8021x *setting,
 245                                                                           const char *cert_path,
 246                                                                           NMSetting8021xCKScheme scheme,
 247                                                                           NMSetting8021xCKFormat *out_format,
 248                                                                           GError **error);
 249
 250 const char *      nm_setting_802_1x_get_password                     (NMSetting8021x *setting);
 251 NMSettingSecretFlags nm_setting_802_1x_get_password_flags            (NMSetting8021x *setting);
 252 GBytes *             nm_setting_802_1x_get_password_raw              (NMSetting8021x *setting);
 253 NMSettingSecretFlags nm_setting_802_1x_get_password_raw_flags        (NMSetting8021x *setting);
 254
 255 const char *      nm_setting_802_1x_get_pin                          (NMSetting8021x *setting);
 256 NMSettingSecretFlags nm_setting_802_1x_get_pin_flags                 (NMSetting8021x *setting);
 257
 258 NMSetting8021xCKScheme nm_setting_802_1x_get_private_key_scheme          (NMSetting8021x *setting);
 259 GBytes *               nm_setting_802_1x_get_private_key_blob            (NMSetting8021x *setting);
 260 const char *           nm_setting_802_1x_get_private_key_path            (NMSetting8021x *setting);
 261 gboolean               nm_setting_802_1x_set_private_key                 (NMSetting8021x *setting,
 262                                                                           const char *key_path,
 263                                                                           const char *password,
 264                                                                           NMSetting8021xCKScheme scheme,
 265                                                                           NMSetting8021xCKFormat *out_format,
 266                                                                           GError **error);
 267 const char *           nm_setting_802_1x_get_private_key_password        (NMSetting8021x *setting);
 268 NMSettingSecretFlags   nm_setting_802_1x_get_private_key_password_flags  (NMSetting8021x *setting);
 269
 270 NMSetting8021xCKFormat nm_setting_802_1x_get_private_key_format          (NMSetting8021x *setting);
 271
 272 NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_private_key_scheme   (NMSetting8021x *setting);
 273 GBytes *               nm_setting_802_1x_get_phase2_private_key_blob     (NMSetting8021x *setting);
 274 const char *           nm_setting_802_1x_get_phase2_private_key_path     (NMSetting8021x *setting);
 275 gboolean               nm_setting_802_1x_set_phase2_private_key          (NMSetting8021x *setting,
 276                                                                           const char *key_path,
 277                                                                           const char *password,
 278                                                                           NMSetting8021xCKScheme scheme,
 279                                                                           NMSetting8021xCKFormat *out_format,
 280                                                                           GError **error);
 281 const char *           nm_setting_802_1x_get_phase2_private_key_password (NMSetting8021x *setting);
 282 NMSettingSecretFlags   nm_setting_802_1x_get_phase2_private_key_password_flags (NMSetting8021x *setting);
 283
 284 NMSetting8021xCKFormat nm_setting_802_1x_get_phase2_private_key_format   (NMSetting8021x *setting);
 285
 286
 287 G_END_DECLS
 288
 289 #endif /* __NM_SETTING_8021X_H__ */