libnm-util/nm-setting-8021x.h

   1 /* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
   2
   3 /*
   4  * This library is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU Lesser General Public
   6  * License as published by the Free Software Foundation; either
   7  * version 2 of the License, or (at your option) any later version.
   8  *
   9  * This library is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public
  15  * License along with this library; if not, write to the
  16  * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
  17  * Boston, MA 02110-1301 USA.
  18  *
  19  * Copyright 2007 - 2014 Red Hat, Inc.
  20  * Copyright 2007 - 2008 Novell, Inc.
  21  */
  22
  23 #ifndef NM_SETTING_8021X_H
  24 #define NM_SETTING_8021X_H
  25
  26 #include <nm-setting.h>
  27
  28 G_BEGIN_DECLS
  29
  30 /**
  31  * NMSetting8021xCKFormat:
  32  * @NM_SETTING_802_1X_CK_FORMAT_UNKNOWN: unknown file format
  33  * @NM_SETTING_802_1X_CK_FORMAT_X509: file contains an X.509 format certificate
  34  * @NM_SETTING_802_1X_CK_FORMAT_RAW_KEY: file contains an old-style OpenSSL PEM
  35  * or DER private key
  36  * @NM_SETTING_802_1X_CK_FORMAT_PKCS12: file contains a PKCS#<!-- -->12 certificate
  37  * and private key
  38  *
  39  * #NMSetting8021xCKFormat values indicate the general type of a certificate
  40  * or private key
  41  */
  42 typedef enum { /*< underscore_name=nm_setting_802_1x_ck_format >*/
  43         NM_SETTING_802_1X_CK_FORMAT_UNKNOWN = 0,
  44         NM_SETTING_802_1X_CK_FORMAT_X509,
  45         NM_SETTING_802_1X_CK_FORMAT_RAW_KEY,
  46         NM_SETTING_802_1X_CK_FORMAT_PKCS12
  47 } NMSetting8021xCKFormat;
  48
  49 /**
  50  * NMSetting8021xCKScheme:
  51  * @NM_SETTING_802_1X_CK_SCHEME_UNKNOWN: unknown certificate or private key
  52  * scheme
  53  * @NM_SETTING_802_1X_CK_SCHEME_BLOB: certificate or key is stored as the raw
  54  * item data
  55  * @NM_SETTING_802_1X_CK_SCHEME_PATH: certificate or key is stored as a path
  56  * to a file containing the certificate or key data
  57  *
  58  * #NMSetting8021xCKScheme values indicate how a certificate or private key is
  59  * stored in the setting properties, either as a blob of the item's data, or as
  60  * a path to a certificate or private key file on the filesystem
  61  */
  62 typedef enum { /*< underscore_name=nm_setting_802_1x_ck_scheme >*/
  63         NM_SETTING_802_1X_CK_SCHEME_UNKNOWN = 0,
  64         NM_SETTING_802_1X_CK_SCHEME_BLOB,
  65         NM_SETTING_802_1X_CK_SCHEME_PATH
  66 } NMSetting8021xCKScheme;
  67
  68
  69 #define NM_TYPE_SETTING_802_1X            (nm_setting_802_1x_get_type ())
  70 #define NM_SETTING_802_1X(obj)            (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_SETTING_802_1X, NMSetting8021x))
  71 #define NM_SETTING_802_1X_CLASS(klass)    (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_SETTING_802_1X, NMSetting8021xClass))
  72 #define NM_IS_SETTING_802_1X(obj)         (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_SETTING_802_1X))
  73 #define NM_IS_SETTING_802_1X_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_SETTING_802_1X))
  74 #define NM_SETTING_802_1X_GET_CLASS(obj)  (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_SETTING_802_1X, NMSetting8021xClass))
  75
  76 #define NM_SETTING_802_1X_SETTING_NAME "802-1x"
  77
  78 /**
  79  * NMSetting8021xError:
  80  * @NM_SETTING_802_1X_ERROR_UNKNOWN: unknown or unclassified error
  81  * @NM_SETTING_802_1X_ERROR_INVALID_PROPERTY: the property was invalid
  82  * @NM_SETTING_802_1X_ERROR_MISSING_PROPERTY: the property was missing and is
  83  * required
  84  */
  85 typedef enum { /*< underscore_name=nm_setting_802_1x_error >*/
  86         NM_SETTING_802_1X_ERROR_UNKNOWN = 0,      /*< nick=UnknownError >*/
  87         NM_SETTING_802_1X_ERROR_INVALID_PROPERTY, /*< nick=InvalidProperty >*/
  88         NM_SETTING_802_1X_ERROR_MISSING_PROPERTY  /*< nick=MissingProperty >*/
  89 } NMSetting8021xError;
  90
  91 #define NM_SETTING_802_1X_ERROR nm_setting_802_1x_error_quark ()
  92 GQuark nm_setting_802_1x_error_quark (void);
  93
  94
  95 #define NM_SETTING_802_1X_EAP "eap"
  96 #define NM_SETTING_802_1X_IDENTITY "identity"
  97 #define NM_SETTING_802_1X_ANONYMOUS_IDENTITY "anonymous-identity"
  98 #define NM_SETTING_802_1X_PAC_FILE "pac-file"
  99 #define NM_SETTING_802_1X_CA_CERT "ca-cert"
 100 #define NM_SETTING_802_1X_CA_PATH "ca-path"
 101 #define NM_SETTING_802_1X_SUBJECT_MATCH "subject-match"
 102 #define NM_SETTING_802_1X_ALTSUBJECT_MATCHES "altsubject-matches"
 103 #define NM_SETTING_802_1X_CLIENT_CERT "client-cert"
 104 #define NM_SETTING_802_1X_PHASE1_PEAPVER "phase1-peapver"
 105 #define NM_SETTING_802_1X_PHASE1_PEAPLABEL "phase1-peaplabel"
 106 #define NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING "phase1-fast-provisioning"
 107 #define NM_SETTING_802_1X_PHASE2_AUTH "phase2-auth"
 108 #define NM_SETTING_802_1X_PHASE2_AUTHEAP "phase2-autheap"
 109 #define NM_SETTING_802_1X_PHASE2_CA_CERT "phase2-ca-cert"
 110 #define NM_SETTING_802_1X_PHASE2_CA_PATH "phase2-ca-path"
 111 #define NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH "phase2-subject-match"
 112 #define NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES "phase2-altsubject-matches"
 113 #define NM_SETTING_802_1X_PHASE2_CLIENT_CERT "phase2-client-cert"
 114 #define NM_SETTING_802_1X_PASSWORD "password"
 115 #define NM_SETTING_802_1X_PASSWORD_FLAGS "password-flags"
 116 #define NM_SETTING_802_1X_PASSWORD_RAW "password-raw"
 117 #define NM_SETTING_802_1X_PASSWORD_RAW_FLAGS "password-raw-flags"
 118 #define NM_SETTING_802_1X_PRIVATE_KEY "private-key"
 119 #define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD "private-key-password"
 120 #define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS "private-key-password-flags"
 121 #define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY "phase2-private-key"
 122 #define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD "phase2-private-key-password"
 123 #define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS "phase2-private-key-password-flags"
 124 #define NM_SETTING_802_1X_PIN "pin"
 125 #define NM_SETTING_802_1X_PIN_FLAGS "pin-flags"
 126 #define NM_SETTING_802_1X_SYSTEM_CA_CERTS "system-ca-certs"
 127
 128 /* PRIVATE KEY NOTE: when setting PKCS#12 private keys directly via properties
 129  * using the "blob" scheme, the data must be passed in PKCS#12 binary format.
 130  * In this case, the appropriate "client-cert" (or "phase2-client-cert")
 131  * property of the NMSetting8021x object must also contain the exact same
 132  * PKCS#12 binary data that the private key does.  This is because the
 133  * PKCS#12 file contains both the private key and client certificate, so both
 134  * properties need to be set to the same thing.  When using the "path" scheme,
 135  * just set both the private-key and client-cert properties to the same path.
 136  *
 137  * When setting OpenSSL-derived "traditional" format (ie S/MIME style, not
 138  * PKCS#8) RSA and DSA keys directly via properties with the "blob" scheme, they
 139  * should be passed to NetworkManager in PEM format with the "DEK-Info" and
 140  * "Proc-Type" tags intact.  Decrypted private keys should not be used as this
 141  * is insecure and could allow unprivileged users to access the decrypted
 142  * private key data.
 143  *
 144  * When using the "path" scheme, just set the private-key and client-cert
 145  * properties to the paths to their respective objects.
 146  */
 147
 148 typedef struct {
 149         NMSetting parent;
 150 } NMSetting8021x;
 151
 152 typedef struct {
 153         NMSettingClass parent;
 154
 155         /* Padding for future expansion */
 156         void (*_reserved1) (void);
 157         void (*_reserved2) (void);
 158         void (*_reserved3) (void);
 159         void (*_reserved4) (void);
 160 } NMSetting8021xClass;
 161
 162 GType nm_setting_802_1x_get_type (void);
 163
 164 NMSetting *nm_setting_802_1x_new (void);
 165
 166 guint32           nm_setting_802_1x_get_num_eap_methods              (NMSetting8021x *setting);
 167 const char *      nm_setting_802_1x_get_eap_method                   (NMSetting8021x *setting, guint32 i);
 168 gboolean          nm_setting_802_1x_add_eap_method                   (NMSetting8021x *setting, const char *eap);
 169 void              nm_setting_802_1x_remove_eap_method                (NMSetting8021x *setting, guint32 i);
 170 NM_AVAILABLE_IN_0_9_10
 171 gboolean          nm_setting_802_1x_remove_eap_method_by_value       (NMSetting8021x *setting, const char *eap);
 172 void              nm_setting_802_1x_clear_eap_methods                (NMSetting8021x *setting);
 173
 174 const char *      nm_setting_802_1x_get_identity                     (NMSetting8021x *setting);
 175
 176 const char *      nm_setting_802_1x_get_anonymous_identity           (NMSetting8021x *setting);
 177
 178 const char *      nm_setting_802_1x_get_pac_file                     (NMSetting8021x *setting);
 179
 180 gboolean          nm_setting_802_1x_get_system_ca_certs              (NMSetting8021x *setting);
 181 const char *      nm_setting_802_1x_get_ca_path                      (NMSetting8021x *setting);
 182 const char *      nm_setting_802_1x_get_phase2_ca_path               (NMSetting8021x *setting);
 183
 184 NMSetting8021xCKScheme nm_setting_802_1x_get_ca_cert_scheme          (NMSetting8021x *setting);
 185 const GByteArray *     nm_setting_802_1x_get_ca_cert_blob            (NMSetting8021x *setting);
 186 const char *           nm_setting_802_1x_get_ca_cert_path            (NMSetting8021x *setting);
 187 gboolean               nm_setting_802_1x_set_ca_cert                 (NMSetting8021x *setting,
 188                                                                       const char *cert_path,
 189                                                                       NMSetting8021xCKScheme scheme,
 190                                                                       NMSetting8021xCKFormat *out_format,
 191                                                                       GError **error);
 192
 193 const char *      nm_setting_802_1x_get_subject_match                (NMSetting8021x *setting);
 194
 195 guint32           nm_setting_802_1x_get_num_altsubject_matches       (NMSetting8021x *setting);
 196 const char *      nm_setting_802_1x_get_altsubject_match             (NMSetting8021x *setting,
 197                                                                       guint32 i);
 198 gboolean          nm_setting_802_1x_add_altsubject_match             (NMSetting8021x *setting,
 199                                                                       const char *altsubject_match);
 200 void              nm_setting_802_1x_remove_altsubject_match          (NMSetting8021x *setting,
 201                                                                       guint32 i);
 202 NM_AVAILABLE_IN_0_9_10
 203 gboolean          nm_setting_802_1x_remove_altsubject_match_by_value (NMSetting8021x *setting,
 204                                                                       const char *altsubject_match);
 205 void              nm_setting_802_1x_clear_altsubject_matches         (NMSetting8021x *setting);
 206
 207 NMSetting8021xCKScheme nm_setting_802_1x_get_client_cert_scheme      (NMSetting8021x *setting);
 208 const GByteArray *     nm_setting_802_1x_get_client_cert_blob        (NMSetting8021x *setting);
 209 const char *           nm_setting_802_1x_get_client_cert_path        (NMSetting8021x *setting);
 210 gboolean               nm_setting_802_1x_set_client_cert             (NMSetting8021x *setting,
 211                                                                       const char *cert_path,
 212                                                                       NMSetting8021xCKScheme scheme,
 213                                                                       NMSetting8021xCKFormat *out_format,
 214                                                                       GError **error);
 215
 216 const char *      nm_setting_802_1x_get_phase1_peapver               (NMSetting8021x *setting);
 217
 218 const char *      nm_setting_802_1x_get_phase1_peaplabel             (NMSetting8021x *setting);
 219
 220 const char *      nm_setting_802_1x_get_phase1_fast_provisioning     (NMSetting8021x *setting);
 221
 222 const char *      nm_setting_802_1x_get_phase2_auth                  (NMSetting8021x *setting);
 223
 224 const char *      nm_setting_802_1x_get_phase2_autheap               (NMSetting8021x *setting);
 225
 226 NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_ca_cert_scheme   (NMSetting8021x *setting);
 227 const GByteArray *     nm_setting_802_1x_get_phase2_ca_cert_blob     (NMSetting8021x *setting);
 228 const char *           nm_setting_802_1x_get_phase2_ca_cert_path     (NMSetting8021x *setting);
 229 gboolean               nm_setting_802_1x_set_phase2_ca_cert          (NMSetting8021x *setting,
 230                                                                       const char *cert_path,
 231                                                                       NMSetting8021xCKScheme scheme,
 232                                                                       NMSetting8021xCKFormat *out_format,
 233                                                                       GError **error);
 234
 235 const char *      nm_setting_802_1x_get_phase2_subject_match         (NMSetting8021x *setting);
 236
 237 guint32           nm_setting_802_1x_get_num_phase2_altsubject_matches       (NMSetting8021x *setting);
 238 const char *      nm_setting_802_1x_get_phase2_altsubject_match             (NMSetting8021x *setting,
 239                                                                              guint32 i);
 240 gboolean          nm_setting_802_1x_add_phase2_altsubject_match             (NMSetting8021x *setting,
 241                                                                              const char *phase2_altsubject_match);
 242 void              nm_setting_802_1x_remove_phase2_altsubject_match          (NMSetting8021x *setting,
 243                                                                              guint32 i);
 244 NM_AVAILABLE_IN_0_9_10
 245 gboolean          nm_setting_802_1x_remove_phase2_altsubject_match_by_value (NMSetting8021x *setting,
 246                                                                              const char *phase2_altsubject_match);
 247 void              nm_setting_802_1x_clear_phase2_altsubject_matches         (NMSetting8021x *setting);
 248
 249 NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_client_cert_scheme   (NMSetting8021x *setting);
 250 const GByteArray *     nm_setting_802_1x_get_phase2_client_cert_blob     (NMSetting8021x *setting);
 251 const char *           nm_setting_802_1x_get_phase2_client_cert_path     (NMSetting8021x *setting);
 252 gboolean               nm_setting_802_1x_set_phase2_client_cert          (NMSetting8021x *setting,
 253                                                                           const char *cert_path,
 254                                                                           NMSetting8021xCKScheme scheme,
 255                                                                           NMSetting8021xCKFormat *out_format,
 256                                                                           GError **error);
 257
 258 const char *      nm_setting_802_1x_get_password                     (NMSetting8021x *setting);
 259 NMSettingSecretFlags nm_setting_802_1x_get_password_flags            (NMSetting8021x *setting);
 260 const GByteArray *   nm_setting_802_1x_get_password_raw              (NMSetting8021x *setting);
 261 NMSettingSecretFlags nm_setting_802_1x_get_password_raw_flags        (NMSetting8021x *setting);
 262
 263 const char *      nm_setting_802_1x_get_pin                          (NMSetting8021x *setting);
 264 NMSettingSecretFlags nm_setting_802_1x_get_pin_flags                 (NMSetting8021x *setting);
 265
 266 NMSetting8021xCKScheme nm_setting_802_1x_get_private_key_scheme          (NMSetting8021x *setting);
 267 const GByteArray *     nm_setting_802_1x_get_private_key_blob            (NMSetting8021x *setting);
 268 const char *           nm_setting_802_1x_get_private_key_path            (NMSetting8021x *setting);
 269 gboolean               nm_setting_802_1x_set_private_key                 (NMSetting8021x *setting,
 270                                                                           const char *key_path,
 271                                                                           const char *password,
 272                                                                           NMSetting8021xCKScheme scheme,
 273                                                                           NMSetting8021xCKFormat *out_format,
 274                                                                           GError **error);
 275 const char *           nm_setting_802_1x_get_private_key_password        (NMSetting8021x *setting);
 276 NMSettingSecretFlags   nm_setting_802_1x_get_private_key_password_flags  (NMSetting8021x *setting);
 277
 278 NMSetting8021xCKFormat nm_setting_802_1x_get_private_key_format          (NMSetting8021x *setting);
 279
 280 NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_private_key_scheme   (NMSetting8021x *setting);
 281 const GByteArray *     nm_setting_802_1x_get_phase2_private_key_blob     (NMSetting8021x *setting);
 282 const char *           nm_setting_802_1x_get_phase2_private_key_path     (NMSetting8021x *setting);
 283 gboolean               nm_setting_802_1x_set_phase2_private_key          (NMSetting8021x *setting,
 284                                                                           const char *key_path,
 285                                                                           const char *password,
 286                                                                           NMSetting8021xCKScheme scheme,
 287                                                                           NMSetting8021xCKFormat *out_format,
 288                                                                           GError **error);
 289 const char *           nm_setting_802_1x_get_phase2_private_key_password (NMSetting8021x *setting);
 290 NMSettingSecretFlags   nm_setting_802_1x_get_phase2_private_key_password_flags (NMSetting8021x *setting);
 291
 292 NMSetting8021xCKFormat nm_setting_802_1x_get_phase2_private_key_format   (NMSetting8021x *setting);
 293
 294
 295 G_END_DECLS
 296
 297 #endif /* NM_SETTING_8021X_H */