/* SPDX-License-Identifier: LGPL-2.1+ */
/*
* Copyright (C) 2007 - 2017 Red Hat, Inc.
* Copyright (C) 2007 - 2008 Novell, Inc.
*/
#include "nm-default.h"
#include "nm-setting-wireless-security.h"
#include "nm-setting-8021x.h"
#include "nm-utils.h"
#include "nm-utils-private.h"
#include "nm-setting-private.h"
#include "nm-setting-wireless.h"
#include "nm-glib-aux/nm-secret-utils.h"
/**
* SECTION:nm-setting-wireless-security
* @short_description: Describes connection properties for Wi-Fi networks that
* use WEP, LEAP, WPA or WPA2/RSN security
*
* The #NMSettingWirelessSecurity object is a #NMSetting subclass that describes
* properties necessary for connection to encrypted Wi-Fi networks.
*
* It's a good idea to read up on wpa_supplicant configuration before using this
* setting extensively, since most of the options here correspond closely with
* the relevant wpa_supplicant configuration options. To get a better overview
* of how Wi-Fi security works, you may want to get copies of the following books.
*
* 802.11 Wireless Networks: The Definitive Guide, Second Edition
* Author: Matthew Gast
* ISBN: 978-0596100520
*
* Cisco Wireless LAN Security
* Authors: Krishna Sankar, Sri Sundaralingam, Darrin Miller, and Andrew Balinsky
* ISBN: 978-1587051548
**/
/*****************************************************************************/
NM_GOBJECT_PROPERTIES_DEFINE(NMSettingWirelessSecurity,
PROP_KEY_MGMT,
PROP_WEP_TX_KEYIDX,
PROP_AUTH_ALG,
PROP_PROTO,
PROP_PAIRWISE,
PROP_GROUP,
PROP_PMF,
PROP_LEAP_USERNAME,
PROP_WEP_KEY0,
PROP_WEP_KEY1,
PROP_WEP_KEY2,
PROP_WEP_KEY3,
PROP_WEP_KEY_FLAGS,
PROP_WEP_KEY_TYPE,
PROP_PSK,
PROP_PSK_FLAGS,
PROP_LEAP_PASSWORD,
PROP_LEAP_PASSWORD_FLAGS,
PROP_WPS_METHOD,
PROP_FILS, );
typedef struct {
GSList * proto; /* GSList of strings */
GSList * pairwise; /* GSList of strings */
GSList * group; /* GSList of strings */
char * key_mgmt;
char * auth_alg;
char * leap_username;
char * leap_password;
char * wep_key0;
char * wep_key1;
char * wep_key2;
char * wep_key3;
char * psk;
NMSettingSecretFlags leap_password_flags;
NMSettingSecretFlags wep_key_flags;
NMSettingSecretFlags psk_flags;
NMSettingWirelessSecurityPmf pmf;
NMWepKeyType wep_key_type;
NMSettingWirelessSecurityWpsMethod wps_method;
NMSettingWirelessSecurityFils fils;
guint32 wep_tx_keyidx;
} NMSettingWirelessSecurityPrivate;
G_DEFINE_TYPE(NMSettingWirelessSecurity, nm_setting_wireless_security, NM_TYPE_SETTING)
#define NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(o) \
(G_TYPE_INSTANCE_GET_PRIVATE((o), \
NM_TYPE_SETTING_WIRELESS_SECURITY, \
NMSettingWirelessSecurityPrivate))
/*****************************************************************************/
/**
* nm_setting_wireless_security_get_key_mgmt:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:key-mgmt property of the setting
**/
const char *
nm_setting_wireless_security_get_key_mgmt(NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), NULL);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting)->key_mgmt;
}
/**
* nm_setting_wireless_security_get_num_protos:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the number of security protocols this connection allows when
* connecting to secure Wi-Fi networks
**/
guint32
nm_setting_wireless_security_get_num_protos(NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), 0);
return g_slist_length(NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting)->proto);
}
/**
* nm_setting_wireless_security_get_proto:
* @setting: the #NMSettingWirelessSecurity
* @i: an index into the protocol list
*
* Returns: the protocol at index @i
**/
const char *
nm_setting_wireless_security_get_proto(NMSettingWirelessSecurity *setting, guint32 i)
{
NMSettingWirelessSecurityPrivate *priv;
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), NULL);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
g_return_val_if_fail(i <= g_slist_length(priv->proto), NULL);
return (const char *) g_slist_nth_data(priv->proto, i);
}
/**
* nm_setting_wireless_security_add_proto:
* @setting: the #NMSettingWirelessSecurity
* @proto: the protocol to add, one of "wpa" or "rsn"
*
* Adds a Wi-Fi security protocol (one of "wpa" or "rsn") to the allowed list;
* only protocols in this list will be used when finding and connecting to
* the Wi-Fi network specified by this connection. For example, if the
* protocol list contains only "wpa" but the access point for the SSID specified
* by this connection only supports WPA2/RSN, the connection cannot be used
* with the access point.
*
* Returns: %TRUE if the protocol was new and was added to the allowed
* protocol list, or %FALSE if it was already in the list
**/
gboolean
nm_setting_wireless_security_add_proto(NMSettingWirelessSecurity *setting, const char *proto)
{
NMSettingWirelessSecurityPrivate *priv;
GSList * iter;
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), FALSE);
g_return_val_if_fail(proto != NULL, FALSE);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
for (iter = priv->proto; iter; iter = g_slist_next(iter)) {
if (g_ascii_strcasecmp(proto, (char *) iter->data) == 0)
return FALSE;
}
priv->proto = g_slist_append(priv->proto, g_ascii_strdown(proto, -1));
_notify(setting, PROP_PROTO);
return TRUE;
}
/**
* nm_setting_wireless_security_remove_proto:
* @setting: the #NMSettingWirelessSecurity
* @i: index of the protocol to remove
*
* Removes a protocol from the allowed protocol list.
**/
void
nm_setting_wireless_security_remove_proto(NMSettingWirelessSecurity *setting, guint32 i)
{
NMSettingWirelessSecurityPrivate *priv;
GSList * elt;
g_return_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting));
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
elt = g_slist_nth(priv->proto, i);
g_return_if_fail(elt != NULL);
g_free(elt->data);
priv->proto = g_slist_delete_link(priv->proto, elt);
_notify(setting, PROP_PROTO);
}
/**
* nm_setting_wireless_security_remove_proto_by_value:
* @setting: the #NMSettingWirelessSecurity
* @proto: the protocol to remove, one of "wpa" or "rsn"
*
* Removes a protocol from the allowed protocol list.
*
* Returns: %TRUE if the protocol was found and removed; %FALSE if it was not.
**/
gboolean
nm_setting_wireless_security_remove_proto_by_value(NMSettingWirelessSecurity *setting,
const char * proto)
{
NMSettingWirelessSecurityPrivate *priv;
GSList * iter;
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), FALSE);
g_return_val_if_fail(proto != NULL, FALSE);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
for (iter = priv->proto; iter; iter = g_slist_next(iter)) {
if (g_ascii_strcasecmp(proto, (char *) iter->data) == 0) {
priv->proto = g_slist_delete_link(priv->proto, iter);
_notify(setting, PROP_PROTO);
return TRUE;
}
}
return FALSE;
}
/**
* nm_setting_wireless_security_clear_protos:
* @setting: the #NMSettingWirelessSecurity
*
* Removes all protocols from the allowed list. If there are no protocols
* specified then all protocols are allowed.
**/
void
nm_setting_wireless_security_clear_protos(NMSettingWirelessSecurity *setting)
{
NMSettingWirelessSecurityPrivate *priv;
g_return_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting));
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
g_slist_free_full(priv->proto, g_free);
priv->proto = NULL;
_notify(setting, PROP_PROTO);
}
/**
* nm_setting_wireless_security_get_num_pairwise:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the number of pairwise encryption algorithms in the allowed list
**/
guint32
nm_setting_wireless_security_get_num_pairwise(NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), 0);
return g_slist_length(NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting)->pairwise);
}
/**
* nm_setting_wireless_security_get_pairwise:
* @setting: the #NMSettingWirelessSecurity
* @i: index of an item in the allowed pairwise encryption algorithm list
*
* Returns the allowed pairwise encryption algorithm from allowed algorithm
* list.
*
* Returns: the pairwise encryption algorithm at index @i
**/
const char *
nm_setting_wireless_security_get_pairwise(NMSettingWirelessSecurity *setting, guint32 i)
{
NMSettingWirelessSecurityPrivate *priv;
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), NULL);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
g_return_val_if_fail(i <= g_slist_length(priv->pairwise), NULL);
return (const char *) g_slist_nth_data(priv->pairwise, i);
}
/**
* nm_setting_wireless_security_add_pairwise:
* @setting: the #NMSettingWirelessSecurity
* @pairwise: the encryption algorithm to add, one of "tkip" or "ccmp"
*
* Adds an encryption algorithm to the list of allowed pairwise encryption
* algorithms. If the list is not empty, then only access points that support
* one or more of the encryption algorithms in the list will be considered
* compatible with this connection.
*
* Returns: %TRUE if the algorithm was added to the list, %FALSE if it was
* already in the list
**/
gboolean
nm_setting_wireless_security_add_pairwise(NMSettingWirelessSecurity *setting, const char *pairwise)
{
NMSettingWirelessSecurityPrivate *priv;
GSList * iter;
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), FALSE);
g_return_val_if_fail(pairwise != NULL, FALSE);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
for (iter = priv->pairwise; iter; iter = g_slist_next(iter)) {
if (g_ascii_strcasecmp(pairwise, (char *) iter->data) == 0)
return FALSE;
}
priv->pairwise = g_slist_append(priv->pairwise, g_ascii_strdown(pairwise, -1));
_notify(setting, PROP_PAIRWISE);
return TRUE;
}
/**
* nm_setting_wireless_security_remove_pairwise:
* @setting: the #NMSettingWirelessSecurity
* @i: the index of an item in the allowed pairwise encryption algorithm list
*
* Removes an encryption algorithm from the allowed pairwise encryption
* algorithm list.
**/
void
nm_setting_wireless_security_remove_pairwise(NMSettingWirelessSecurity *setting, guint32 i)
{
NMSettingWirelessSecurityPrivate *priv;
GSList * elt;
g_return_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting));
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
elt = g_slist_nth(priv->pairwise, i);
g_return_if_fail(elt != NULL);
g_free(elt->data);
priv->pairwise = g_slist_delete_link(priv->pairwise, elt);
_notify(setting, PROP_PAIRWISE);
}
/**
* nm_setting_wireless_security_remove_pairwise_by_value:
* @setting: the #NMSettingWirelessSecurity
* @pairwise: the encryption algorithm to remove, one of "tkip" or "ccmp"
*
* Removes an encryption algorithm from the allowed pairwise encryption
* algorithm list.
*
* Returns: %TRUE if the encryption algorithm was found and removed; %FALSE if it was not.
**/
gboolean
nm_setting_wireless_security_remove_pairwise_by_value(NMSettingWirelessSecurity *setting,
const char * pairwise)
{
NMSettingWirelessSecurityPrivate *priv;
GSList * iter;
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), FALSE);
g_return_val_if_fail(pairwise != NULL, FALSE);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
for (iter = priv->pairwise; iter; iter = g_slist_next(iter)) {
if (g_ascii_strcasecmp(pairwise, (char *) iter->data) == 0) {
priv->pairwise = g_slist_delete_link(priv->pairwise, iter);
_notify(setting, PROP_PAIRWISE);
return TRUE;
}
}
return FALSE;
}
/**
* nm_setting_wireless_security_clear_pairwise:
* @setting: the #NMSettingWirelessSecurity
*
* Removes all algorithms from the allowed list. If there are no algorithms
* specified then all pairwise encryption algorithms are allowed.
**/
void
nm_setting_wireless_security_clear_pairwise(NMSettingWirelessSecurity *setting)
{
NMSettingWirelessSecurityPrivate *priv;
g_return_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting));
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
g_slist_free_full(priv->pairwise, g_free);
priv->pairwise = NULL;
_notify(setting, PROP_PAIRWISE);
}
/**
* nm_setting_wireless_security_get_num_groups:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the number of groupwise encryption algorithms in the allowed list
**/
guint32
nm_setting_wireless_security_get_num_groups(NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), 0);
return g_slist_length(NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting)->group);
}
/**
* nm_setting_wireless_security_get_group:
* @setting: the #NMSettingWirelessSecurity
* @i: index of an item in the allowed groupwise encryption algorithm list
*
* Returns the allowed groupwise encryption algorithm from allowed algorithm
* list.
*
* Returns: the groupwise encryption algorithm at index @i
**/
const char *
nm_setting_wireless_security_get_group(NMSettingWirelessSecurity *setting, guint32 i)
{
NMSettingWirelessSecurityPrivate *priv;
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), NULL);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
g_return_val_if_fail(i <= g_slist_length(priv->group), NULL);
return (const char *) g_slist_nth_data(priv->group, i);
}
/**
* nm_setting_wireless_security_add_group:
* @setting: the #NMSettingWirelessSecurity
* @group: the encryption algorithm to add, one of "wep40", "wep104",
* "tkip", or "ccmp"
*
* Adds an encryption algorithm to the list of allowed groupwise encryption
* algorithms. If the list is not empty, then only access points that support
* one or more of the encryption algorithms in the list will be considered
* compatible with this connection.
*
* Returns: %TRUE if the algorithm was added to the list, %FALSE if it was
* already in the list
**/
gboolean
nm_setting_wireless_security_add_group(NMSettingWirelessSecurity *setting, const char *group)
{
NMSettingWirelessSecurityPrivate *priv;
GSList * iter;
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), FALSE);
g_return_val_if_fail(group != NULL, FALSE);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
for (iter = priv->group; iter; iter = g_slist_next(iter)) {
if (g_ascii_strcasecmp(group, (char *) iter->data) == 0)
return FALSE;
}
priv->group = g_slist_append(priv->group, g_ascii_strdown(group, -1));
_notify(setting, PROP_GROUP);
return TRUE;
}
/**
* nm_setting_wireless_security_remove_group:
* @setting: the #NMSettingWirelessSecurity
* @i: the index of an item in the allowed groupwise encryption algorithm list
*
* Removes an encryption algorithm from the allowed groupwise encryption
* algorithm list.
**/
void
nm_setting_wireless_security_remove_group(NMSettingWirelessSecurity *setting, guint32 i)
{
NMSettingWirelessSecurityPrivate *priv;
GSList * elt;
g_return_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting));
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
elt = g_slist_nth(priv->group, i);
g_return_if_fail(elt != NULL);
g_free(elt->data);
priv->group = g_slist_delete_link(priv->group, elt);
_notify(setting, PROP_GROUP);
}
/**
* nm_setting_wireless_security_remove_group_by_value:
* @setting: the #NMSettingWirelessSecurity
* @group: the encryption algorithm to remove, one of "wep40", "wep104",
* "tkip", or "ccmp"
*
* Removes an encryption algorithm from the allowed groupwise encryption
* algorithm list.
*
* Returns: %TRUE if the algorithm was found and removed; %FALSE if it was not.
**/
gboolean
nm_setting_wireless_security_remove_group_by_value(NMSettingWirelessSecurity *setting,
const char * group)
{
NMSettingWirelessSecurityPrivate *priv;
GSList * iter;
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), FALSE);
g_return_val_if_fail(group != NULL, FALSE);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
for (iter = priv->group; iter; iter = g_slist_next(iter)) {
if (g_ascii_strcasecmp(group, (char *) iter->data) == 0) {
priv->group = g_slist_delete_link(priv->group, iter);
_notify(setting, PROP_GROUP);
return TRUE;
}
}
return FALSE;
}
/**
* nm_setting_wireless_security_clear_groups:
* @setting: the #NMSettingWirelessSecurity
*
* Removes all algorithms from the allowed list. If there are no algorithms
* specified then all groupwise encryption algorithms are allowed.
**/
void
nm_setting_wireless_security_clear_groups(NMSettingWirelessSecurity *setting)
{
NMSettingWirelessSecurityPrivate *priv;
g_return_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting));
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
g_slist_free_full(priv->group, g_free);
priv->group = NULL;
_notify(setting, PROP_GROUP);
}
/*
* nm_setting_wireless_security_get_pmf:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:pmf property of the setting
*
* Since: 1.10
**/
NMSettingWirelessSecurityPmf
nm_setting_wireless_security_get_pmf(NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), 0);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting)->pmf;
}
/**
* nm_setting_wireless_security_get_psk:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:psk property of the setting
**/
const char *
nm_setting_wireless_security_get_psk(NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), NULL);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting)->psk;
}
/**
* nm_setting_wireless_security_get_psk_flags:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingSecretFlags pertaining to the
* #NMSettingWirelessSecurity:psk
**/
NMSettingSecretFlags
nm_setting_wireless_security_get_psk_flags(NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), NM_SETTING_SECRET_FLAG_NONE);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting)->psk_flags;
}
/**
* nm_setting_wireless_security_get_leap_username:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:leap-username property of the setting
**/
const char *
nm_setting_wireless_security_get_leap_username(NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), NULL);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting)->leap_username;
}
/**
* nm_setting_wireless_security_get_leap_password:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:leap-password property of the setting
**/
const char *
nm_setting_wireless_security_get_leap_password(NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), NULL);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting)->leap_password;
}
/**
* nm_setting_wireless_security_get_leap_password_flags:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingSecretFlags pertaining to the
* #NMSettingWirelessSecurity:leap-password
**/
NMSettingSecretFlags
nm_setting_wireless_security_get_leap_password_flags(NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), NM_SETTING_SECRET_FLAG_NONE);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting)->leap_password_flags;
}
/**
* nm_setting_wireless_security_get_wep_key:
* @setting: the #NMSettingWirelessSecurity
* @idx: the WEP key index (0..3 inclusive)
*
* Returns: the WEP key at the given index
**/
const char *
nm_setting_wireless_security_get_wep_key(NMSettingWirelessSecurity *setting, guint32 idx)
{
NMSettingWirelessSecurityPrivate *priv;
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), NULL);
g_return_val_if_fail(idx < 4, NULL);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
if (idx == 0)
return priv->wep_key0;
else if (idx == 1)
return priv->wep_key1;
else if (idx == 2)
return priv->wep_key2;
else if (idx == 3)
return priv->wep_key3;
g_assert_not_reached();
return NULL;
}
/**
* nm_setting_wireless_security_set_wep_key:
* @setting: the #NMSettingWirelessSecurity
* @idx: the index of the key (0..3 inclusive)
* @key: the WEP key as a string, in either hexadecimal, ASCII, or passphrase
* form as determined by the value of the #NMSettingWirelessSecurity:wep-key-type
* property.
*
* Sets a WEP key in the given index.
**/
void
nm_setting_wireless_security_set_wep_key(NMSettingWirelessSecurity *setting,
guint32 idx,
const char * key)
{
NMSettingWirelessSecurityPrivate *priv;
g_return_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting));
g_return_if_fail(idx < 4);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
switch (idx) {
case 0:
g_free(priv->wep_key0);
priv->wep_key0 = g_strdup(key);
_notify(setting, PROP_WEP_KEY0);
break;
case 1:
g_free(priv->wep_key1);
priv->wep_key1 = g_strdup(key);
_notify(setting, PROP_WEP_KEY1);
break;
case 2:
g_free(priv->wep_key2);
priv->wep_key2 = g_strdup(key);
_notify(setting, PROP_WEP_KEY2);
break;
case 3:
g_free(priv->wep_key3);
priv->wep_key3 = g_strdup(key);
_notify(setting, PROP_WEP_KEY3);
break;
default:
g_assert_not_reached();
}
}
/**
* nm_setting_wireless_security_get_wep_tx_keyidx:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:wep-tx-keyidx property of the setting
**/
guint32
nm_setting_wireless_security_get_wep_tx_keyidx(NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), 0);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting)->wep_tx_keyidx;
}
/**
* nm_setting_wireless_security_get_auth_alg:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:auth-alg property of the setting
**/
const char *
nm_setting_wireless_security_get_auth_alg(NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), NULL);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting)->auth_alg;
}
/**
* nm_setting_wireless_security_get_wep_key_flags:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingSecretFlags pertaining to the all WEP keys
**/
NMSettingSecretFlags
nm_setting_wireless_security_get_wep_key_flags(NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), NM_SETTING_SECRET_FLAG_NONE);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting)->wep_key_flags;
}
/**
* nm_setting_wireless_security_get_wep_key_type:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:wep-key-type property of the setting
**/
NMWepKeyType
nm_setting_wireless_security_get_wep_key_type(NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), 0);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting)->wep_key_type;
}
/**
* nm_setting_wireless_security_get_wps_method:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:wps-method property of the setting
*
* Since: 1.10
**/
NMSettingWirelessSecurityWpsMethod
nm_setting_wireless_security_get_wps_method(NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting),
NM_SETTING_WIRELESS_SECURITY_WPS_METHOD_DISABLED);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting)->wps_method;
}
/*
* nm_setting_wireless_security_get_fils:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:fils property of the setting
*
* Since: 1.12
**/
NMSettingWirelessSecurityFils
nm_setting_wireless_security_get_fils(NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail(NM_IS_SETTING_WIRELESS_SECURITY(setting), 0);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting)->fils;
}
static GPtrArray *
need_secrets(NMSetting *setting)
{
NMSettingWirelessSecurity * self = NM_SETTING_WIRELESS_SECURITY(setting);
NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(self);
GPtrArray * secrets;
secrets = g_ptr_array_sized_new(4);
g_assert(priv->key_mgmt);
/* Static WEP */
if (strcmp(priv->key_mgmt, "none") == 0) {
if ((priv->wep_tx_keyidx == 0)
&& !nm_utils_wep_key_valid(priv->wep_key0, priv->wep_key_type)) {
g_ptr_array_add(secrets, NM_SETTING_WIRELESS_SECURITY_WEP_KEY0);
return secrets;
}
if ((priv->wep_tx_keyidx == 1)
&& !nm_utils_wep_key_valid(priv->wep_key1, priv->wep_key_type)) {
g_ptr_array_add(secrets, NM_SETTING_WIRELESS_SECURITY_WEP_KEY1);
return secrets;
}
if ((priv->wep_tx_keyidx == 2)
&& !nm_utils_wep_key_valid(priv->wep_key2, priv->wep_key_type)) {
g_ptr_array_add(secrets, NM_SETTING_WIRELESS_SECURITY_WEP_KEY2);
return secrets;
}
if ((priv->wep_tx_keyidx == 3)
&& !nm_utils_wep_key_valid(priv->wep_key3, priv->wep_key_type)) {
g_ptr_array_add(secrets, NM_SETTING_WIRELESS_SECURITY_WEP_KEY3);
return secrets;
}
goto no_secrets;
}
/* WPA-PSK infrastructure */
if (strcmp(priv->key_mgmt, "wpa-psk") == 0) {
if (!nm_utils_wpa_psk_valid(priv->psk)) {
g_ptr_array_add(secrets, NM_SETTING_WIRELESS_SECURITY_PSK);
return secrets;
}
goto no_secrets;
}
/* SAE, used in MESH and WPA3-Personal */
if (strcmp(priv->key_mgmt, "sae") == 0) {
if (!priv->psk || !*priv->psk) {
g_ptr_array_add(secrets, NM_SETTING_WIRELESS_SECURITY_PSK);
return secrets;
}
goto no_secrets;
}
/* LEAP */
if (priv->auth_alg && !strcmp(priv->auth_alg, "leap") && !strcmp(priv->key_mgmt, "ieee8021x")) {
if (!priv->leap_password || !*priv->leap_password) {
g_ptr_array_add(secrets, NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD);
return secrets;
}
goto no_secrets;
}
if (NM_IN_STRSET(priv->key_mgmt, "ieee8021x", "wpa-eap", "owe", "wpa-eap-suite-b-192")) {
/* Let caller check the 802.1x setting for secrets */
goto no_secrets;
}
g_assert_not_reached();
return secrets;
no_secrets:
if (secrets)
g_ptr_array_free(secrets, TRUE);
return NULL;
}
static gboolean
verify(NMSetting *setting, NMConnection *connection, GError **error)
{
NMSettingWirelessSecurity * self = NM_SETTING_WIRELESS_SECURITY(setting);
NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(self);
const char * valid_key_mgmt[] =
{"none", "ieee8021x", "wpa-psk", "wpa-eap", "wpa-eap-suite-b-192", "sae", "owe", NULL};
const char * valid_auth_algs[] = {"open", "shared", "leap", NULL};
const char * valid_protos[] = {"wpa", "rsn", NULL};
const char * valid_pairwise[] = {"tkip", "ccmp", NULL};
const char * valid_groups[] = {"wep40", "wep104", "tkip", "ccmp", NULL};
NMSettingWireless *s_wifi;
const char * wifi_mode;
s_wifi = connection ? nm_connection_get_setting_wireless(connection) : NULL;
wifi_mode = s_wifi ? nm_setting_wireless_get_mode(s_wifi) : NULL;
if (!priv->key_mgmt) {
g_set_error_literal(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_MISSING_PROPERTY,
_("property is missing"));
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT);
return FALSE;
}
if (g_strcmp0(wifi_mode, NM_SETTING_WIRELESS_MODE_MESH) == 0) {
if ((strcmp(priv->key_mgmt, "none") == 0) || (strcmp(priv->key_mgmt, "sae") == 0)) {
g_set_error(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' is not a valid value for '%s' mode connections"),
priv->key_mgmt,
NM_SETTING_WIRELESS_MODE_MESH);
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT);
return FALSE;
}
} else {
if (!g_strv_contains(valid_key_mgmt, priv->key_mgmt)) {
g_set_error(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' is not a valid value for the property"),
priv->key_mgmt);
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT);
return FALSE;
}
}
if (priv->auth_alg && !strcmp(priv->auth_alg, "leap")) {
/* LEAP must use ieee8021x key management */
if (strcmp(priv->key_mgmt, "ieee8021x")) {
g_set_error(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' security requires '%s=%s'"),
"leap",
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,
"ieee8021x");
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_AUTH_ALG);
return FALSE;
}
if (!priv->leap_username) {
g_set_error_literal(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_MISSING_PROPERTY,
_("property is empty"));
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME);
return FALSE;
}
} else {
if (nm_streq(priv->key_mgmt, "ieee8021x") || nm_streq(priv->key_mgmt, "wpa-eap")
|| nm_streq(priv->key_mgmt, "wpa-eap-suite-b-192")) {
/* Need an 802.1x setting too */
if (connection && !nm_connection_get_setting_802_1x(connection)) {
g_set_error(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_MISSING_SETTING,
_("'%s' security requires '%s' setting presence"),
priv->key_mgmt,
NM_SETTING_802_1X_SETTING_NAME);
g_prefix_error(error, "%s: ", NM_SETTING_802_1X_SETTING_NAME);
return FALSE;
}
}
}
if (priv->leap_username && !strlen(priv->leap_username)) {
g_set_error_literal(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is empty"));
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME);
return FALSE;
}
if (priv->wep_tx_keyidx > 3) {
g_set_error(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%d' value is out of range <0-3>"),
priv->wep_tx_keyidx);
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX);
return FALSE;
}
if (priv->wep_key_type > NM_WEP_KEY_TYPE_LAST) {
g_set_error_literal(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is invalid"));
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY_TYPE);
return FALSE;
}
if (priv->auth_alg && !g_strv_contains(valid_auth_algs, priv->auth_alg)) {
g_set_error_literal(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is invalid"));
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_AUTH_ALG);
return FALSE;
}
if (priv->proto && !_nm_utils_string_slist_validate(priv->proto, valid_protos)) {
g_set_error_literal(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is invalid"));
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_PROTO);
return FALSE;
}
if (priv->pairwise) {
if (!_nm_utils_string_slist_validate(priv->pairwise, valid_pairwise)) {
g_set_error_literal(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is invalid"));
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_PAIRWISE);
return FALSE;
}
}
if (priv->group && !_nm_utils_string_slist_validate(priv->group, valid_groups)) {
g_set_error_literal(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is invalid"));
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_GROUP);
return FALSE;
}
/* Shared Key auth can only be used with WEP */
if (priv->auth_alg && !strcmp(priv->auth_alg, "shared")) {
if (priv->key_mgmt && strcmp(priv->key_mgmt, "none")) {
g_set_error(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' can only be used with '%s=%s' (WEP)"),
"shared",
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,
"none");
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_AUTH_ALG);
return FALSE;
}
}
G_STATIC_ASSERT_EXPR(((NMSettingWirelessSecurityPmf) -1) > 0);
if (priv->pmf > NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED) {
g_set_error_literal(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is invalid"));
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_PMF);
return FALSE;
}
if (NM_IN_SET(priv->pmf,
NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL,
NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED)
&& !NM_IN_STRSET(priv->key_mgmt,
"wpa-eap",
"wpa-eap-suite-b-192",
"wpa-psk",
"sae",
"owe")) {
g_set_error(
error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' can only be used with 'wpa-eap', 'wpa-eap-suite-b-192', 'wpa-psk' or 'sae' key "
"management "),
priv->pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL ? "optional" : "required");
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_PMF);
return FALSE;
}
if (!_nm_utils_wps_method_validate(priv->wps_method,
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_WPS_METHOD,
FALSE,
error))
return FALSE;
return TRUE;
}
static gboolean
_verify_wep_key(const char * wep_key,
NMWepKeyType wep_key_type,
const char * property,
GError ** error)
{
if (wep_key && !nm_utils_wep_key_valid(wep_key, wep_key_type)) {
g_set_error_literal(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is invalid"));
g_prefix_error(error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, property);
return FALSE;
}
return TRUE;
}
static gboolean
verify_secrets(NMSetting *setting, NMConnection *connection, GError **error)
{
NMSettingWirelessSecurity * self = NM_SETTING_WIRELESS_SECURITY(setting);
NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(self);
/* LEAP */
if (priv->auth_alg && !strcmp(priv->auth_alg, "leap") && !strcmp(priv->key_mgmt, "ieee8021x")) {
if (!_nm_setting_verify_secret_string(priv->leap_password,
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD,
error))
return FALSE;
}
/* WEP */
if (!_verify_wep_key(priv->wep_key0,
priv->wep_key_type,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY0,
error))
return FALSE;
if (!_verify_wep_key(priv->wep_key1,
priv->wep_key_type,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY1,
error))
return FALSE;
if (!_verify_wep_key(priv->wep_key2,
priv->wep_key_type,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY2,
error))
return FALSE;
if (!_verify_wep_key(priv->wep_key3,
priv->wep_key_type,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY3,
error))
return FALSE;
/* WPA-PSK */
if (priv->psk && strcmp(priv->key_mgmt, "sae") != 0 && !nm_utils_wpa_psk_valid(priv->psk)) {
g_set_error_literal(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is invalid"));
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_PSK);
return FALSE;
}
return TRUE;
}
static gboolean
get_secret_flags(NMSetting * setting,
const char * secret_name,
NMSettingSecretFlags *out_flags,
GError ** error)
{
NMSettingSecretFlags flags;
if (NM_IN_STRSET(secret_name,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY0,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY1,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY2,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY3)) {
/* There's only one 'flags' property for WEP keys, so alias all the WEP key
* property names to that flags property. */
nm_assert(_nm_setting_property_is_regular_secret(setting, secret_name));
nm_assert(_nm_setting_property_is_regular_secret_flags(
setting,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY_FLAGS));
g_object_get(G_OBJECT(setting), NM_SETTING_WIRELESS_SECURITY_WEP_KEY_FLAGS, &flags, NULL);
NM_SET_OUT(out_flags, flags);
return TRUE;
}
return NM_SETTING_CLASS(nm_setting_wireless_security_parent_class)
->get_secret_flags(setting, secret_name, out_flags, error);
}
static gboolean
set_secret_flags(NMSetting * setting,
const char * secret_name,
NMSettingSecretFlags flags,
GError ** error)
{
if (NM_IN_STRSET(secret_name,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY0,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY1,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY2,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY3)) {
/* There's only one 'flags' property for WEP keys, so alias all the WEP key
* property names to that flags property. */
nm_assert(_nm_setting_property_is_regular_secret(setting, secret_name));
nm_assert(_nm_setting_property_is_regular_secret_flags(
setting,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY_FLAGS));
if (!nm_g_object_set_property_flags(G_OBJECT(setting),
NM_SETTING_WIRELESS_SECURITY_WEP_KEY_FLAGS,
NM_TYPE_SETTING_SECRET_FLAGS,
flags,
error))
g_return_val_if_reached(FALSE);
return TRUE;
}
return NM_SETTING_CLASS(nm_setting_wireless_security_parent_class)
->set_secret_flags(setting, secret_name, flags, error);
}
/* NMSettingWirelessSecurity:wep-key-type is an enum, but needs to be marshalled
* as 'u', not 'i', for backward-compatibility.
*/
static GVariant *
wep_key_type_to_dbus(const GValue *from)
{
return g_variant_new_uint32(g_value_get_enum(from));
}
/*****************************************************************************/
static void
get_property(GObject *object, guint prop_id, GValue *value, GParamSpec *pspec)
{
NMSettingWirelessSecurity * setting = NM_SETTING_WIRELESS_SECURITY(object);
NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
switch (prop_id) {
case PROP_KEY_MGMT:
g_value_set_string(value, priv->key_mgmt);
break;
case PROP_WEP_TX_KEYIDX:
g_value_set_uint(value, priv->wep_tx_keyidx);
break;
case PROP_AUTH_ALG:
g_value_set_string(value, priv->auth_alg);
break;
case PROP_PROTO:
g_value_take_boxed(value, _nm_utils_slist_to_strv(priv->proto, TRUE));
break;
case PROP_PAIRWISE:
g_value_take_boxed(value, _nm_utils_slist_to_strv(priv->pairwise, TRUE));
break;
case PROP_GROUP:
g_value_take_boxed(value, _nm_utils_slist_to_strv(priv->group, TRUE));
break;
case PROP_PMF:
g_value_set_int(value, nm_setting_wireless_security_get_pmf(setting));
break;
case PROP_LEAP_USERNAME:
g_value_set_string(value, priv->leap_username);
break;
case PROP_WEP_KEY0:
g_value_set_string(value, priv->wep_key0);
break;
case PROP_WEP_KEY1:
g_value_set_string(value, priv->wep_key1);
break;
case PROP_WEP_KEY2:
g_value_set_string(value, priv->wep_key2);
break;
case PROP_WEP_KEY3:
g_value_set_string(value, priv->wep_key3);
break;
case PROP_WEP_KEY_FLAGS:
g_value_set_flags(value, priv->wep_key_flags);
break;
case PROP_PSK:
g_value_set_string(value, priv->psk);
break;
case PROP_PSK_FLAGS:
g_value_set_flags(value, priv->psk_flags);
break;
case PROP_LEAP_PASSWORD:
g_value_set_string(value, priv->leap_password);
break;
case PROP_LEAP_PASSWORD_FLAGS:
g_value_set_flags(value, priv->leap_password_flags);
break;
case PROP_WEP_KEY_TYPE:
g_value_set_enum(value, priv->wep_key_type);
break;
case PROP_WPS_METHOD:
g_value_set_uint(value, priv->wps_method);
break;
case PROP_FILS:
g_value_set_int(value, nm_setting_wireless_security_get_fils(setting));
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec);
break;
}
}
static void
set_property(GObject *object, guint prop_id, const GValue *value, GParamSpec *pspec)
{
NMSettingWirelessSecurity * setting = NM_SETTING_WIRELESS_SECURITY(object);
NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(setting);
const char * str;
switch (prop_id) {
case PROP_KEY_MGMT:
g_free(priv->key_mgmt);
str = g_value_get_string(value);
priv->key_mgmt = str ? g_ascii_strdown(str, -1) : NULL;
break;
case PROP_WEP_TX_KEYIDX:
priv->wep_tx_keyidx = g_value_get_uint(value);
break;
case PROP_AUTH_ALG:
g_free(priv->auth_alg);
str = g_value_get_string(value);
priv->auth_alg = str ? g_ascii_strdown(str, -1) : NULL;
break;
case PROP_PROTO:
g_slist_free_full(priv->proto, g_free);
priv->proto = _nm_utils_strv_to_slist(g_value_get_boxed(value), TRUE);
break;
case PROP_PAIRWISE:
g_slist_free_full(priv->pairwise, g_free);
priv->pairwise = _nm_utils_strv_to_slist(g_value_get_boxed(value), TRUE);
break;
case PROP_GROUP:
g_slist_free_full(priv->group, g_free);
priv->group = _nm_utils_strv_to_slist(g_value_get_boxed(value), TRUE);
break;
case PROP_PMF:
priv->pmf = g_value_get_int(value);
break;
case PROP_LEAP_USERNAME:
g_free(priv->leap_username);
priv->leap_username = g_value_dup_string(value);
break;
case PROP_WEP_KEY0:
nm_free_secret(priv->wep_key0);
priv->wep_key0 = g_value_dup_string(value);
break;
case PROP_WEP_KEY1:
nm_free_secret(priv->wep_key1);
priv->wep_key1 = g_value_dup_string(value);
break;
case PROP_WEP_KEY2:
nm_free_secret(priv->wep_key2);
priv->wep_key2 = g_value_dup_string(value);
break;
case PROP_WEP_KEY3:
nm_free_secret(priv->wep_key3);
priv->wep_key3 = g_value_dup_string(value);
break;
case PROP_WEP_KEY_FLAGS:
priv->wep_key_flags = g_value_get_flags(value);
break;
case PROP_PSK:
nm_free_secret(priv->psk);
priv->psk = g_value_dup_string(value);
break;
case PROP_PSK_FLAGS:
priv->psk_flags = g_value_get_flags(value);
break;
case PROP_LEAP_PASSWORD:
nm_free_secret(priv->leap_password);
priv->leap_password = g_value_dup_string(value);
break;
case PROP_LEAP_PASSWORD_FLAGS:
priv->leap_password_flags = g_value_get_flags(value);
break;
case PROP_WEP_KEY_TYPE:
priv->wep_key_type = g_value_get_enum(value);
break;
case PROP_WPS_METHOD:
priv->wps_method = g_value_get_uint(value);
break;
case PROP_FILS:
priv->fils = g_value_get_int(value);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec);
break;
}
}
/*****************************************************************************/
static void
nm_setting_wireless_security_init(NMSettingWirelessSecurity *self)
{
nm_assert(NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(self)->wep_key_type
== NM_WEP_KEY_TYPE_UNKNOWN);
nm_assert(NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(self)->wps_method
== NM_SETTING_WIRELESS_SECURITY_WPS_METHOD_DEFAULT);
}
/**
* nm_setting_wireless_security_new:
*
* Creates a new #NMSettingWirelessSecurity object with default values.
*
* Returns: (transfer full): the new empty #NMSettingWirelessSecurity object
**/
NMSetting *
nm_setting_wireless_security_new(void)
{
return g_object_new(NM_TYPE_SETTING_WIRELESS_SECURITY, NULL);
}
static void
finalize(GObject *object)
{
NMSettingWirelessSecurity * self = NM_SETTING_WIRELESS_SECURITY(object);
NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(self);
g_free(priv->key_mgmt);
g_free(priv->auth_alg);
g_free(priv->leap_username);
nm_free_secret(priv->wep_key0);
nm_free_secret(priv->wep_key1);
nm_free_secret(priv->wep_key2);
nm_free_secret(priv->wep_key3);
nm_free_secret(priv->psk);
nm_free_secret(priv->leap_password);
g_slist_free_full(priv->proto, g_free);
g_slist_free_full(priv->pairwise, g_free);
g_slist_free_full(priv->group, g_free);
G_OBJECT_CLASS(nm_setting_wireless_security_parent_class)->finalize(object);
}
static void
nm_setting_wireless_security_class_init(NMSettingWirelessSecurityClass *klass)
{
GObjectClass * object_class = G_OBJECT_CLASS(klass);
NMSettingClass *setting_class = NM_SETTING_CLASS(klass);
GArray * properties_override = _nm_sett_info_property_override_create_array();
g_type_class_add_private(klass, sizeof(NMSettingWirelessSecurityPrivate));
object_class->get_property = get_property;
object_class->set_property = set_property;
object_class->finalize = finalize;
setting_class->verify = verify;
setting_class->verify_secrets = verify_secrets;
setting_class->need_secrets = need_secrets;
setting_class->get_secret_flags = get_secret_flags;
setting_class->set_secret_flags = set_secret_flags;
/**
* NMSettingWirelessSecurity:key-mgmt:
*
* Key management used for the connection. One of "none" (WEP),
* "ieee8021x" (Dynamic WEP), "wpa-psk" (infrastructure WPA-PSK), "sae"
* (SAE), "owe" (Opportunistic Wireless Encryption), "wpa-eap"
* (WPA-Enterprise) or "wpa-eap-suite-b-192" (WPA3-Enterprise Suite B).
* This property must be set for any Wi-Fi connection that uses security.
**/
/* ---ifcfg-rh---
* property: key-mgmt
* variable: KEY_MGMT(+)
* values: IEEE8021X, WPA-PSK, WPA-EAP, WPA-EAP-SUITE-B-192
* description: Key management menthod.
* ---end---
*/
obj_properties[PROP_KEY_MGMT] =
g_param_spec_string(NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,
"",
"",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_REQUIRED | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:wep-tx-keyidx:
*
* When static WEP is used (ie, key-mgmt = "none") and a non-default WEP key
* index is used by the AP, put that WEP key index here. Valid values are 0
* (default key) through 3. Note that some consumer access points (like the
* Linksys WRT54G) number the keys 1 - 4.
**/
/* ---ifcfg-rh---
* property: wep-tx-keyidx
* variable: DEFAULTKEY
* values: 1, 2, 3, 4
* default: 1
* description: Index of active WEP key.
* ---end---
*/
obj_properties[PROP_WEP_TX_KEYIDX] =
g_param_spec_uint(NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX,
"",
"",
0,
3,
0,
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:auth-alg:
*
* When WEP is used (ie, key-mgmt = "none" or "ieee8021x") indicate the
* 802.11 authentication algorithm required by the AP here. One of "open"
* for Open System, "shared" for Shared Key, or "leap" for Cisco LEAP. When
* using Cisco LEAP (ie, key-mgmt = "ieee8021x" and auth-alg = "leap") the
* "leap-username" and "leap-password" properties must be specified.
**/
/* ---ifcfg-rh---
* property: auth-alg
* variable: SECURITYMODE(+)
* values: restricted, open, leap
* description: Authentication algorithm for WEP.
* ---end---
*/
obj_properties[PROP_AUTH_ALG] = g_param_spec_string(NM_SETTING_WIRELESS_SECURITY_AUTH_ALG,
"",
"",
NULL,
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:proto:
*
* List of strings specifying the allowed WPA protocol versions to use.
* Each element may be one "wpa" (allow WPA) or "rsn" (allow WPA2/RSN). If
* not specified, both WPA and RSN connections are allowed.
**/
/* ---ifcfg-rh---
* property: proto
* variable: WPA_ALLOW_WPA(+), WPA_ALLOW_WPA2(+)
* values: yes, no
* default: no
* description: Allowed WPA protocols, WPA and WPA2 (RSN).
* ---end---
*/
obj_properties[PROP_PROTO] = g_param_spec_boxed(NM_SETTING_WIRELESS_SECURITY_PROTO,
"",
"",
G_TYPE_STRV,
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:pairwise:
*
* A list of pairwise encryption algorithms which prevents connections to
* Wi-Fi networks that do not utilize one of the algorithms in the list.
* For maximum compatibility leave this property empty. Each list element
* may be one of "tkip" or "ccmp".
**/
/* ---ifcfg-rh---
* property: pairwise
* variable: CIPHER_PAIRWISE(+)
* values: CCMP, TKIP
* description: Restrict pairwise encryption algorithms, specified as a space
* separated list.
* ---end---
*/
obj_properties[PROP_PAIRWISE] = g_param_spec_boxed(NM_SETTING_WIRELESS_SECURITY_PAIRWISE,
"",
"",
G_TYPE_STRV,
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:group:
*
* A list of group/broadcast encryption algorithms which prevents
* connections to Wi-Fi networks that do not utilize one of the algorithms
* in the list. For maximum compatibility leave this property empty. Each
* list element may be one of "wep40", "wep104", "tkip", or "ccmp".
**/
/* ---ifcfg-rh---
* property: group
* variable: CIPHER_GROUP(+)
* values: CCMP, TKIP, WEP40, WEP104
* description: Restrict group/broadcast encryption algorithms, specified as a space
* separated list.
* ---end---
*/
obj_properties[PROP_GROUP] = g_param_spec_boxed(NM_SETTING_WIRELESS_SECURITY_GROUP,
"",
"",
G_TYPE_STRV,
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:pmf:
*
* Indicates whether Protected Management Frames (802.11w) must be enabled
* for the connection. One of %NM_SETTING_WIRELESS_SECURITY_PMF_DEFAULT
* (use global default value), %NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE
* (disable PMF), %NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL (enable PMF if
* the supplicant and the access point support it) or
* %NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED (enable PMF and fail if not
* supported). When set to %NM_SETTING_WIRELESS_SECURITY_PMF_DEFAULT and no
* global default is set, PMF will be optionally enabled.
*
* Since: 1.10
**/
/* ---ifcfg-rh---
* property: pmf
* variable: PMF(+)
* values: default, disable, optional, required
* description: Enables or disables PMF (802.11w)
* example: PMF=required
* ---end---
*/
obj_properties[PROP_PMF] = g_param_spec_int(NM_SETTING_WIRELESS_SECURITY_PMF,
"",
"",
G_MININT32,
G_MAXINT32,
0,
G_PARAM_READWRITE | NM_SETTING_PARAM_FUZZY_IGNORE
| G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:leap-username:
*
* The login username for legacy LEAP connections (ie, key-mgmt =
* "ieee8021x" and auth-alg = "leap").
**/
/* ---ifcfg-rh---
* property: leap-username
* variable: IEEE_8021X_IDENTITY(+)
* description: Login name for LEAP.
* ---end---
*/
obj_properties[PROP_LEAP_USERNAME] =
g_param_spec_string(NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME,
"",
"",
NULL,
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:wep-key0:
*
* Index 0 WEP key. This is the WEP key used in most networks. See the
* "wep-key-type" property for a description of how this key is interpreted.
**/
/* ---ifcfg-rh---
* property: wep-key0
* variable: KEY1, KEY_PASSPHRASE1(+)
* description: The first WEP key (used in most networks). See also DEFAULTKEY for key index.
* ---end---
*/
obj_properties[PROP_WEP_KEY0] =
g_param_spec_string(NM_SETTING_WIRELESS_SECURITY_WEP_KEY0,
"",
"",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SECRET | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:wep-key1:
*
* Index 1 WEP key. This WEP index is not used by most networks. See the
* "wep-key-type" property for a description of how this key is interpreted.
**/
/* ---ifcfg-rh---
* property: wep-key1
* variable: KEY2, KEY_PASSPHRASE2(+)
* description: WEP key with index 1. See also DEFAULTKEY for key index.
* ---end---
*/
obj_properties[PROP_WEP_KEY1] =
g_param_spec_string(NM_SETTING_WIRELESS_SECURITY_WEP_KEY1,
"",
"",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SECRET | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:wep-key2:
*
* Index 2 WEP key. This WEP index is not used by most networks. See the
* "wep-key-type" property for a description of how this key is interpreted.
**/
/* ---ifcfg-rh---
* property: wep-key2
* variable: KEY3, KEY_PASSPHRASE3(+)
* description: WEP key with index 2. See also DEFAULTKEY for key index.
* ---end---
*/
obj_properties[PROP_WEP_KEY2] =
g_param_spec_string(NM_SETTING_WIRELESS_SECURITY_WEP_KEY2,
"",
"",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SECRET | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:wep-key3:
*
* Index 3 WEP key. This WEP index is not used by most networks. See the
* "wep-key-type" property for a description of how this key is interpreted.
**/
/* ---ifcfg-rh---
* property: wep-key3
* variable: KEY4, KEY_PASSPHRASE4(+)
* description: WEP key with index 3. See also DEFAULTKEY for key index.
* ---end---
*/
obj_properties[PROP_WEP_KEY3] =
g_param_spec_string(NM_SETTING_WIRELESS_SECURITY_WEP_KEY3,
"",
"",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SECRET | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:wep-key-flags:
*
* Flags indicating how to handle the #NMSettingWirelessSecurity:wep-key0,
* #NMSettingWirelessSecurity:wep-key1, #NMSettingWirelessSecurity:wep-key2,
* and #NMSettingWirelessSecurity:wep-key3 properties.
**/
/* ---ifcfg-rh---
* property: wep-key-flags
* variable: WEP_KEY_FLAGS(+)
* format: NMSettingSecretFlags
* description: Password flags for KEY<i>, KEY_PASSPHRASE<i> password.
* ---end---
*/
obj_properties[PROP_WEP_KEY_FLAGS] =
g_param_spec_flags(NM_SETTING_WIRELESS_SECURITY_WEP_KEY_FLAGS,
"",
"",
NM_TYPE_SETTING_SECRET_FLAGS,
NM_SETTING_SECRET_FLAG_NONE,
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:psk:
*
* Pre-Shared-Key for WPA networks. For WPA-PSK, it's either an ASCII
* passphrase of 8 to 63 characters that is (as specified in the 802.11i
* standard) hashed to derive the actual key, or the key in form of 64
* hexadecimal character. The WPA3-Personal networks use a passphrase
* of any length for SAE authentication.
**/
/* ---ifcfg-rh---
* property: psk
* variable: WPA_PSK
* description: Pre-Shared-Key for WPA networks.
* ---end---
*/
obj_properties[PROP_PSK] =
g_param_spec_string(NM_SETTING_WIRELESS_SECURITY_PSK,
"",
"",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SECRET | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:psk-flags:
*
* Flags indicating how to handle the #NMSettingWirelessSecurity:psk
* property.
**/
/* ---ifcfg-rh---
* property: psk-flags
* variable: WPA_PSK_FLAGS(+)
* format: NMSettingSecretFlags
* description: Password flags for WPA_PSK_FLAGS.
* example: WPA_PSK_FLAGS=user
* ---end---
*/
obj_properties[PROP_PSK_FLAGS] = g_param_spec_flags(NM_SETTING_WIRELESS_SECURITY_PSK_FLAGS,
"",
"",
NM_TYPE_SETTING_SECRET_FLAGS,
NM_SETTING_SECRET_FLAG_NONE,
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:leap-password:
*
* The login password for legacy LEAP connections (ie, key-mgmt =
* "ieee8021x" and auth-alg = "leap").
**/
/* ---ifcfg-rh---
* property: leap-password
* variable: IEEE_8021X_PASSWORD(+)
* description: Password for LEAP. It can also go to "key-"
* lookaside file, or it can be owned by a secret agent.
* ---end---
*/
obj_properties[PROP_LEAP_PASSWORD] =
g_param_spec_string(NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD,
"",
"",
NULL,
G_PARAM_READWRITE | NM_SETTING_PARAM_SECRET | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:leap-password-flags:
*
* Flags indicating how to handle the
* #NMSettingWirelessSecurity:leap-password property.
**/
/* ---ifcfg-rh---
* property: leap-password-flags
* variable: IEEE_8021X_PASSWORD_FLAGS(+)
* format: NMSettingSecretFlags
* description: Password flags for IEEE_8021X_PASSWORD_FLAGS.
* ---end---
*/
obj_properties[PROP_LEAP_PASSWORD_FLAGS] =
g_param_spec_flags(NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD_FLAGS,
"",
"",
NM_TYPE_SETTING_SECRET_FLAGS,
NM_SETTING_SECRET_FLAG_NONE,
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:wep-key-type:
*
* Controls the interpretation of WEP keys. Allowed values are
* %NM_WEP_KEY_TYPE_KEY, in which case the key is either a 10- or
* 26-character hexadecimal string, or a 5- or 13-character ASCII password;
* or %NM_WEP_KEY_TYPE_PASSPHRASE, in which case the passphrase is provided
* as a string and will be hashed using the de-facto MD5 method to derive
* the actual WEP key.
**/
/* ---ifcfg-rh---
* property: wep-key-type
* variable: KEY<i> or KEY_PASSPHRASE<i>(+); KEY_TYPE(+)
* description: KEY is used for "key" type (10 or 26 hexadecimal characters,
* or 5 or 13 character string prefixed with "s:"). KEY_PASSPHRASE is used
* for WEP passphrases. KEY_TYPE specifies the key type and can be either
* 'key' or 'passphrase'. KEY_TYPE is redundant and can be omitted.
* example: KEY1=s:ahoj, KEY1=0a1c45bc02, KEY_PASSPHRASE1=mysupersecretkey
* ---end---
*/
obj_properties[PROP_WEP_KEY_TYPE] =
g_param_spec_enum(NM_SETTING_WIRELESS_SECURITY_WEP_KEY_TYPE,
"",
"",
NM_TYPE_WEP_KEY_TYPE,
NM_WEP_KEY_TYPE_UNKNOWN,
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
_nm_properties_override_gobj(
properties_override,
obj_properties[PROP_WEP_KEY_TYPE],
NM_SETT_INFO_PROPERT_TYPE(.dbus_type = G_VARIANT_TYPE_UINT32,
.gprop_to_dbus_fcn = wep_key_type_to_dbus, ));
/**
* NMSettingWirelessSecurity:wps-method:
*
* Flags indicating which mode of WPS is to be used if any.
*
* There's little point in changing the default setting as NetworkManager will
* automatically determine whether it's feasible to start WPS enrollment from
* the Access Point capabilities.
*
* WPS can be disabled by setting this property to a value of 1.
*
* Since: 1.10
**/
/* ---ifcfg-rh---
* property: wps-method
* variable: WPS_METHOD
* description: Used to control the WPS methods to be used
* Valid values are "default", "auto", "disabled", "pin" and "pbc".
* If omitted, whatver the AP announces is used.
* example: WPS_METHOD=disabled, WPS_METHOD="pin pbc"
* ---end---
*/
obj_properties[PROP_WPS_METHOD] = g_param_spec_uint(
NM_SETTING_WIRELESS_SECURITY_WPS_METHOD,
"",
"",
0,
G_MAXUINT32,
NM_SETTING_WIRELESS_SECURITY_WPS_METHOD_DEFAULT,
G_PARAM_READWRITE | NM_SETTING_PARAM_FUZZY_IGNORE | G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:fils:
*
* Indicates whether Fast Initial Link Setup (802.11ai) must be enabled for
* the connection. One of %NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (use
* global default value), %NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE
* (disable FILS), %NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL (enable FILS
* if the supplicant and the access point support it) or
* %NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED (enable FILS and fail if not
* supported). When set to %NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT and
* no global default is set, FILS will be optionally enabled.
*
* Since: 1.12
**/
/* ---ifcfg-rh---
* property: fils
* variable: FILS(+)
* values: default, disable, optional, required
* description: Enables or disables FILS (802.11ai)
* example: FILS=required
* ---end---
*/
obj_properties[PROP_FILS] = g_param_spec_int(NM_SETTING_WIRELESS_SECURITY_FILS,
"",
"",
G_MININT32,
G_MAXINT32,
0,
G_PARAM_READWRITE | NM_SETTING_PARAM_FUZZY_IGNORE
| G_PARAM_STATIC_STRINGS);
g_object_class_install_properties(object_class, _PROPERTY_ENUMS_LAST, obj_properties);
_nm_setting_class_commit_full(setting_class,
NM_META_SETTING_TYPE_WIRELESS_SECURITY,
NULL,
properties_override);
}