1 /* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the
16 * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
17 * Boston, MA 02110-1301 USA.
19 * Copyright 2007 - 2014 Red Hat, Inc.
20 * Copyright 2007 - 2008 Novell, Inc.
23 #ifndef NM_SETTING_8021X_H
24 #define NM_SETTING_8021X_H
26 #include <nm-setting.h>
31 * NMSetting8021xCKFormat:
32 * @NM_SETTING_802_1X_CK_FORMAT_UNKNOWN: unknown file format
33 * @NM_SETTING_802_1X_CK_FORMAT_X509: file contains an X.509 format certificate
34 * @NM_SETTING_802_1X_CK_FORMAT_RAW_KEY: file contains an old-style OpenSSL PEM
36 * @NM_SETTING_802_1X_CK_FORMAT_PKCS12: file contains a PKCS#<!-- -->12 certificate
39 * #NMSetting8021xCKFormat values indicate the general type of a certificate
42 typedef enum { /*< underscore_name=nm_setting_802_1x_ck_format >*/
43 NM_SETTING_802_1X_CK_FORMAT_UNKNOWN = 0,
44 NM_SETTING_802_1X_CK_FORMAT_X509,
45 NM_SETTING_802_1X_CK_FORMAT_RAW_KEY,
46 NM_SETTING_802_1X_CK_FORMAT_PKCS12
47 } NMSetting8021xCKFormat;
50 * NMSetting8021xCKScheme:
51 * @NM_SETTING_802_1X_CK_SCHEME_UNKNOWN: unknown certificate or private key
53 * @NM_SETTING_802_1X_CK_SCHEME_BLOB: certificate or key is stored as the raw
55 * @NM_SETTING_802_1X_CK_SCHEME_PATH: certificate or key is stored as a path
56 * to a file containing the certificate or key data
58 * #NMSetting8021xCKScheme values indicate how a certificate or private key is
59 * stored in the setting properties, either as a blob of the item's data, or as
60 * a path to a certificate or private key file on the filesystem
62 typedef enum { /*< underscore_name=nm_setting_802_1x_ck_scheme >*/
63 NM_SETTING_802_1X_CK_SCHEME_UNKNOWN = 0,
64 NM_SETTING_802_1X_CK_SCHEME_BLOB,
65 NM_SETTING_802_1X_CK_SCHEME_PATH
66 } NMSetting8021xCKScheme;
69 #define NM_TYPE_SETTING_802_1X (nm_setting_802_1x_get_type ())
70 #define NM_SETTING_802_1X(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_SETTING_802_1X, NMSetting8021x))
71 #define NM_SETTING_802_1X_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_SETTING_802_1X, NMSetting8021xClass))
72 #define NM_IS_SETTING_802_1X(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_SETTING_802_1X))
73 #define NM_IS_SETTING_802_1X_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_SETTING_802_1X))
74 #define NM_SETTING_802_1X_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_SETTING_802_1X, NMSetting8021xClass))
76 #define NM_SETTING_802_1X_SETTING_NAME "802-1x"
79 * NMSetting8021xError:
80 * @NM_SETTING_802_1X_ERROR_UNKNOWN: unknown or unclassified error
81 * @NM_SETTING_802_1X_ERROR_INVALID_PROPERTY: the property was invalid
82 * @NM_SETTING_802_1X_ERROR_MISSING_PROPERTY: the property was missing and is
85 typedef enum { /*< underscore_name=nm_setting_802_1x_error >*/
86 NM_SETTING_802_1X_ERROR_UNKNOWN = 0, /*< nick=UnknownError >*/
87 NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, /*< nick=InvalidProperty >*/
88 NM_SETTING_802_1X_ERROR_MISSING_PROPERTY /*< nick=MissingProperty >*/
89 } NMSetting8021xError;
91 #define NM_SETTING_802_1X_ERROR nm_setting_802_1x_error_quark ()
92 GQuark nm_setting_802_1x_error_quark (void);
95 #define NM_SETTING_802_1X_EAP "eap"
96 #define NM_SETTING_802_1X_IDENTITY "identity"
97 #define NM_SETTING_802_1X_ANONYMOUS_IDENTITY "anonymous-identity"
98 #define NM_SETTING_802_1X_PAC_FILE "pac-file"
99 #define NM_SETTING_802_1X_CA_CERT "ca-cert"
100 #define NM_SETTING_802_1X_CA_PATH "ca-path"
101 #define NM_SETTING_802_1X_SUBJECT_MATCH "subject-match"
102 #define NM_SETTING_802_1X_ALTSUBJECT_MATCHES "altsubject-matches"
103 #define NM_SETTING_802_1X_CLIENT_CERT "client-cert"
104 #define NM_SETTING_802_1X_PHASE1_PEAPVER "phase1-peapver"
105 #define NM_SETTING_802_1X_PHASE1_PEAPLABEL "phase1-peaplabel"
106 #define NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING "phase1-fast-provisioning"
107 #define NM_SETTING_802_1X_PHASE2_AUTH "phase2-auth"
108 #define NM_SETTING_802_1X_PHASE2_AUTHEAP "phase2-autheap"
109 #define NM_SETTING_802_1X_PHASE2_CA_CERT "phase2-ca-cert"
110 #define NM_SETTING_802_1X_PHASE2_CA_PATH "phase2-ca-path"
111 #define NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH "phase2-subject-match"
112 #define NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES "phase2-altsubject-matches"
113 #define NM_SETTING_802_1X_PHASE2_CLIENT_CERT "phase2-client-cert"
114 #define NM_SETTING_802_1X_PASSWORD "password"
115 #define NM_SETTING_802_1X_PASSWORD_FLAGS "password-flags"
116 #define NM_SETTING_802_1X_PASSWORD_RAW "password-raw"
117 #define NM_SETTING_802_1X_PASSWORD_RAW_FLAGS "password-raw-flags"
118 #define NM_SETTING_802_1X_PRIVATE_KEY "private-key"
119 #define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD "private-key-password"
120 #define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS "private-key-password-flags"
121 #define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY "phase2-private-key"
122 #define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD "phase2-private-key-password"
123 #define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS "phase2-private-key-password-flags"
124 #define NM_SETTING_802_1X_PIN "pin"
125 #define NM_SETTING_802_1X_PIN_FLAGS "pin-flags"
126 #define NM_SETTING_802_1X_SYSTEM_CA_CERTS "system-ca-certs"
128 /* PRIVATE KEY NOTE: when setting PKCS#12 private keys directly via properties
129 * using the "blob" scheme, the data must be passed in PKCS#12 binary format.
130 * In this case, the appropriate "client-cert" (or "phase2-client-cert")
131 * property of the NMSetting8021x object must also contain the exact same
132 * PKCS#12 binary data that the private key does. This is because the
133 * PKCS#12 file contains both the private key and client certificate, so both
134 * properties need to be set to the same thing. When using the "path" scheme,
135 * just set both the private-key and client-cert properties to the same path.
137 * When setting OpenSSL-derived "traditional" format (ie S/MIME style, not
138 * PKCS#8) RSA and DSA keys directly via properties with the "blob" scheme, they
139 * should be passed to NetworkManager in PEM format with the "DEK-Info" and
140 * "Proc-Type" tags intact. Decrypted private keys should not be used as this
141 * is insecure and could allow unprivileged users to access the decrypted
144 * When using the "path" scheme, just set the private-key and client-cert
145 * properties to the paths to their respective objects.
153 NMSettingClass parent;
155 /* Padding for future expansion */
156 void (*_reserved1) (void);
157 void (*_reserved2) (void);
158 void (*_reserved3) (void);
159 void (*_reserved4) (void);
160 } NMSetting8021xClass;
162 GType nm_setting_802_1x_get_type (void);
164 NMSetting *nm_setting_802_1x_new (void);
166 guint32 nm_setting_802_1x_get_num_eap_methods (NMSetting8021x *setting);
167 const char * nm_setting_802_1x_get_eap_method (NMSetting8021x *setting, guint32 i);
168 gboolean nm_setting_802_1x_add_eap_method (NMSetting8021x *setting, const char *eap);
169 void nm_setting_802_1x_remove_eap_method (NMSetting8021x *setting, guint32 i);
170 NM_AVAILABLE_IN_0_9_10
171 gboolean nm_setting_802_1x_remove_eap_method_by_value (NMSetting8021x *setting, const char *eap);
172 void nm_setting_802_1x_clear_eap_methods (NMSetting8021x *setting);
174 const char * nm_setting_802_1x_get_identity (NMSetting8021x *setting);
176 const char * nm_setting_802_1x_get_anonymous_identity (NMSetting8021x *setting);
178 const char * nm_setting_802_1x_get_pac_file (NMSetting8021x *setting);
180 gboolean nm_setting_802_1x_get_system_ca_certs (NMSetting8021x *setting);
181 const char * nm_setting_802_1x_get_ca_path (NMSetting8021x *setting);
182 const char * nm_setting_802_1x_get_phase2_ca_path (NMSetting8021x *setting);
184 NMSetting8021xCKScheme nm_setting_802_1x_get_ca_cert_scheme (NMSetting8021x *setting);
185 const GByteArray * nm_setting_802_1x_get_ca_cert_blob (NMSetting8021x *setting);
186 const char * nm_setting_802_1x_get_ca_cert_path (NMSetting8021x *setting);
187 gboolean nm_setting_802_1x_set_ca_cert (NMSetting8021x *setting,
188 const char *cert_path,
189 NMSetting8021xCKScheme scheme,
190 NMSetting8021xCKFormat *out_format,
193 const char * nm_setting_802_1x_get_subject_match (NMSetting8021x *setting);
195 guint32 nm_setting_802_1x_get_num_altsubject_matches (NMSetting8021x *setting);
196 const char * nm_setting_802_1x_get_altsubject_match (NMSetting8021x *setting,
198 gboolean nm_setting_802_1x_add_altsubject_match (NMSetting8021x *setting,
199 const char *altsubject_match);
200 void nm_setting_802_1x_remove_altsubject_match (NMSetting8021x *setting,
202 NM_AVAILABLE_IN_0_9_10
203 gboolean nm_setting_802_1x_remove_altsubject_match_by_value (NMSetting8021x *setting,
204 const char *altsubject_match);
205 void nm_setting_802_1x_clear_altsubject_matches (NMSetting8021x *setting);
207 NMSetting8021xCKScheme nm_setting_802_1x_get_client_cert_scheme (NMSetting8021x *setting);
208 const GByteArray * nm_setting_802_1x_get_client_cert_blob (NMSetting8021x *setting);
209 const char * nm_setting_802_1x_get_client_cert_path (NMSetting8021x *setting);
210 gboolean nm_setting_802_1x_set_client_cert (NMSetting8021x *setting,
211 const char *cert_path,
212 NMSetting8021xCKScheme scheme,
213 NMSetting8021xCKFormat *out_format,
216 const char * nm_setting_802_1x_get_phase1_peapver (NMSetting8021x *setting);
218 const char * nm_setting_802_1x_get_phase1_peaplabel (NMSetting8021x *setting);
220 const char * nm_setting_802_1x_get_phase1_fast_provisioning (NMSetting8021x *setting);
222 const char * nm_setting_802_1x_get_phase2_auth (NMSetting8021x *setting);
224 const char * nm_setting_802_1x_get_phase2_autheap (NMSetting8021x *setting);
226 NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_ca_cert_scheme (NMSetting8021x *setting);
227 const GByteArray * nm_setting_802_1x_get_phase2_ca_cert_blob (NMSetting8021x *setting);
228 const char * nm_setting_802_1x_get_phase2_ca_cert_path (NMSetting8021x *setting);
229 gboolean nm_setting_802_1x_set_phase2_ca_cert (NMSetting8021x *setting,
230 const char *cert_path,
231 NMSetting8021xCKScheme scheme,
232 NMSetting8021xCKFormat *out_format,
235 const char * nm_setting_802_1x_get_phase2_subject_match (NMSetting8021x *setting);
237 guint32 nm_setting_802_1x_get_num_phase2_altsubject_matches (NMSetting8021x *setting);
238 const char * nm_setting_802_1x_get_phase2_altsubject_match (NMSetting8021x *setting,
240 gboolean nm_setting_802_1x_add_phase2_altsubject_match (NMSetting8021x *setting,
241 const char *phase2_altsubject_match);
242 void nm_setting_802_1x_remove_phase2_altsubject_match (NMSetting8021x *setting,
244 NM_AVAILABLE_IN_0_9_10
245 gboolean nm_setting_802_1x_remove_phase2_altsubject_match_by_value (NMSetting8021x *setting,
246 const char *phase2_altsubject_match);
247 void nm_setting_802_1x_clear_phase2_altsubject_matches (NMSetting8021x *setting);
249 NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_client_cert_scheme (NMSetting8021x *setting);
250 const GByteArray * nm_setting_802_1x_get_phase2_client_cert_blob (NMSetting8021x *setting);
251 const char * nm_setting_802_1x_get_phase2_client_cert_path (NMSetting8021x *setting);
252 gboolean nm_setting_802_1x_set_phase2_client_cert (NMSetting8021x *setting,
253 const char *cert_path,
254 NMSetting8021xCKScheme scheme,
255 NMSetting8021xCKFormat *out_format,
258 const char * nm_setting_802_1x_get_password (NMSetting8021x *setting);
259 NMSettingSecretFlags nm_setting_802_1x_get_password_flags (NMSetting8021x *setting);
260 const GByteArray * nm_setting_802_1x_get_password_raw (NMSetting8021x *setting);
261 NMSettingSecretFlags nm_setting_802_1x_get_password_raw_flags (NMSetting8021x *setting);
263 const char * nm_setting_802_1x_get_pin (NMSetting8021x *setting);
264 NMSettingSecretFlags nm_setting_802_1x_get_pin_flags (NMSetting8021x *setting);
266 NMSetting8021xCKScheme nm_setting_802_1x_get_private_key_scheme (NMSetting8021x *setting);
267 const GByteArray * nm_setting_802_1x_get_private_key_blob (NMSetting8021x *setting);
268 const char * nm_setting_802_1x_get_private_key_path (NMSetting8021x *setting);
269 gboolean nm_setting_802_1x_set_private_key (NMSetting8021x *setting,
270 const char *key_path,
271 const char *password,
272 NMSetting8021xCKScheme scheme,
273 NMSetting8021xCKFormat *out_format,
275 const char * nm_setting_802_1x_get_private_key_password (NMSetting8021x *setting);
276 NMSettingSecretFlags nm_setting_802_1x_get_private_key_password_flags (NMSetting8021x *setting);
278 NMSetting8021xCKFormat nm_setting_802_1x_get_private_key_format (NMSetting8021x *setting);
280 NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_private_key_scheme (NMSetting8021x *setting);
281 const GByteArray * nm_setting_802_1x_get_phase2_private_key_blob (NMSetting8021x *setting);
282 const char * nm_setting_802_1x_get_phase2_private_key_path (NMSetting8021x *setting);
283 gboolean nm_setting_802_1x_set_phase2_private_key (NMSetting8021x *setting,
284 const char *key_path,
285 const char *password,
286 NMSetting8021xCKScheme scheme,
287 NMSetting8021xCKFormat *out_format,
289 const char * nm_setting_802_1x_get_phase2_private_key_password (NMSetting8021x *setting);
290 NMSettingSecretFlags nm_setting_802_1x_get_phase2_private_key_password_flags (NMSetting8021x *setting);
292 NMSetting8021xCKFormat nm_setting_802_1x_get_phase2_private_key_format (NMSetting8021x *setting);
297 #endif /* NM_SETTING_8021X_H */