// SPDX-License-Identifier: LGPL-2.1+
/*
* Copyright (C) 2007 - 2017 Red Hat, Inc.
* Copyright (C) 2007 - 2008 Novell, Inc.
*/
#include "nm-default.h"
#include "nm-setting-wireless-security.h"
#include "nm-setting-8021x.h"
#include "nm-utils.h"
#include "nm-utils-private.h"
#include "nm-setting-private.h"
#include "nm-setting-wireless.h"
#include "nm-glib-aux/nm-secret-utils.h"
/**
* SECTION:nm-setting-wireless-security
* @short_description: Describes connection properties for Wi-Fi networks that
* use WEP, LEAP, WPA or WPA2/RSN security
*
* The #NMSettingWirelessSecurity object is a #NMSetting subclass that describes
* properties necessary for connection to encrypted Wi-Fi networks.
*
* It's a good idea to read up on wpa_supplicant configuration before using this
* setting extensively, since most of the options here correspond closely with
* the relevant wpa_supplicant configuration options. To get a better overview
* of how Wi-Fi security works, you may want to get copies of the following books.
*
* 802.11 Wireless Networks: The Definitive Guide, Second Edition
* Author: Matthew Gast
* ISBN: 978-0596100520
*
* Cisco Wireless LAN Security
* Authors: Krishna Sankar, Sri Sundaralingam, Darrin Miller, and Andrew Balinsky
* ISBN: 978-1587051548
**/
/*****************************************************************************/
NM_GOBJECT_PROPERTIES_DEFINE (NMSettingWirelessSecurity,
PROP_KEY_MGMT,
PROP_WEP_TX_KEYIDX,
PROP_AUTH_ALG,
PROP_PROTO,
PROP_PAIRWISE,
PROP_GROUP,
PROP_PMF,
PROP_LEAP_USERNAME,
PROP_WEP_KEY0,
PROP_WEP_KEY1,
PROP_WEP_KEY2,
PROP_WEP_KEY3,
PROP_WEP_KEY_FLAGS,
PROP_WEP_KEY_TYPE,
PROP_PSK,
PROP_PSK_FLAGS,
PROP_LEAP_PASSWORD,
PROP_LEAP_PASSWORD_FLAGS,
PROP_WPS_METHOD,
PROP_FILS,
);
typedef struct {
GSList *proto; /* GSList of strings */
GSList *pairwise; /* GSList of strings */
GSList *group; /* GSList of strings */
char *key_mgmt;
char *auth_alg;
char *leap_username;
char *leap_password;
char *wep_key0;
char *wep_key1;
char *wep_key2;
char *wep_key3;
char *psk;
NMSettingSecretFlags leap_password_flags;
NMSettingSecretFlags wep_key_flags;
NMSettingSecretFlags psk_flags;
NMSettingWirelessSecurityPmf pmf;
NMWepKeyType wep_key_type;
NMSettingWirelessSecurityWpsMethod wps_method;
NMSettingWirelessSecurityFils fils;
guint32 wep_tx_keyidx;
} NMSettingWirelessSecurityPrivate;
G_DEFINE_TYPE (NMSettingWirelessSecurity, nm_setting_wireless_security, NM_TYPE_SETTING)
#define NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_SETTING_WIRELESS_SECURITY, NMSettingWirelessSecurityPrivate))
/*****************************************************************************/
/**
* nm_setting_wireless_security_get_key_mgmt:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:key-mgmt property of the setting
**/
const char *
nm_setting_wireless_security_get_key_mgmt (NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), NULL);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->key_mgmt;
}
/**
* nm_setting_wireless_security_get_num_protos:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the number of security protocols this connection allows when
* connecting to secure Wi-Fi networks
**/
guint32
nm_setting_wireless_security_get_num_protos (NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), 0);
return g_slist_length (NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->proto);
}
/**
* nm_setting_wireless_security_get_proto:
* @setting: the #NMSettingWirelessSecurity
* @i: an index into the protocol list
*
* Returns: the protocol at index @i
**/
const char *
nm_setting_wireless_security_get_proto (NMSettingWirelessSecurity *setting, guint32 i)
{
NMSettingWirelessSecurityPrivate *priv;
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), NULL);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
g_return_val_if_fail (i <= g_slist_length (priv->proto), NULL);
return (const char *) g_slist_nth_data (priv->proto, i);
}
/**
* nm_setting_wireless_security_add_proto:
* @setting: the #NMSettingWirelessSecurity
* @proto: the protocol to add, one of "wpa" or "rsn"
*
* Adds a Wi-Fi security protocol (one of "wpa" or "rsn") to the allowed list;
* only protocols in this list will be used when finding and connecting to
* the Wi-Fi network specified by this connection. For example, if the
* protocol list contains only "wpa" but the access point for the SSID specified
* by this connection only supports WPA2/RSN, the connection cannot be used
* with the access point.
*
* Returns: %TRUE if the protocol was new and was added to the allowed
* protocol list, or %FALSE if it was already in the list
**/
gboolean
nm_setting_wireless_security_add_proto (NMSettingWirelessSecurity *setting, const char *proto)
{
NMSettingWirelessSecurityPrivate *priv;
GSList *iter;
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), FALSE);
g_return_val_if_fail (proto != NULL, FALSE);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
for (iter = priv->proto; iter; iter = g_slist_next (iter)) {
if (g_ascii_strcasecmp (proto, (char *) iter->data) == 0)
return FALSE;
}
priv->proto = g_slist_append (priv->proto, g_ascii_strdown (proto, -1));
_notify (setting, PROP_PROTO);
return TRUE;
}
/**
* nm_setting_wireless_security_remove_proto:
* @setting: the #NMSettingWirelessSecurity
* @i: index of the protocol to remove
*
* Removes a protocol from the allowed protocol list.
**/
void
nm_setting_wireless_security_remove_proto (NMSettingWirelessSecurity *setting, guint32 i)
{
NMSettingWirelessSecurityPrivate *priv;
GSList *elt;
g_return_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting));
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
elt = g_slist_nth (priv->proto, i);
g_return_if_fail (elt != NULL);
g_free (elt->data);
priv->proto = g_slist_delete_link (priv->proto, elt);
_notify (setting, PROP_PROTO);
}
/**
* nm_setting_wireless_security_remove_proto_by_value:
* @setting: the #NMSettingWirelessSecurity
* @proto: the protocol to remove, one of "wpa" or "rsn"
*
* Removes a protocol from the allowed protocol list.
*
* Returns: %TRUE if the protocol was found and removed; %FALSE if it was not.
**/
gboolean
nm_setting_wireless_security_remove_proto_by_value (NMSettingWirelessSecurity *setting,
const char *proto)
{
NMSettingWirelessSecurityPrivate *priv;
GSList *iter;
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), FALSE);
g_return_val_if_fail (proto != NULL, FALSE);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
for (iter = priv->proto; iter; iter = g_slist_next (iter)) {
if (g_ascii_strcasecmp (proto, (char *) iter->data) == 0) {
priv->proto = g_slist_delete_link (priv->proto, iter);
_notify (setting, PROP_PROTO);
return TRUE;
}
}
return FALSE;
}
/**
* nm_setting_wireless_security_clear_protos:
* @setting: the #NMSettingWirelessSecurity
*
* Removes all protocols from the allowed list. If there are no protocols
* specified then all protocols are allowed.
**/
void
nm_setting_wireless_security_clear_protos (NMSettingWirelessSecurity *setting)
{
NMSettingWirelessSecurityPrivate *priv;
g_return_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting));
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
g_slist_free_full (priv->proto, g_free);
priv->proto = NULL;
_notify (setting, PROP_PROTO);
}
/**
* nm_setting_wireless_security_get_num_pairwise:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the number of pairwise encryption algorithms in the allowed list
**/
guint32
nm_setting_wireless_security_get_num_pairwise (NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), 0);
return g_slist_length (NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->pairwise);
}
/**
* nm_setting_wireless_security_get_pairwise:
* @setting: the #NMSettingWirelessSecurity
* @i: index of an item in the allowed pairwise encryption algorithm list
*
* Returns the allowed pairwise encryption algorithm from allowed algorithm
* list.
*
* Returns: the pairwise encryption algorithm at index @i
**/
const char *
nm_setting_wireless_security_get_pairwise (NMSettingWirelessSecurity *setting, guint32 i)
{
NMSettingWirelessSecurityPrivate *priv;
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), NULL);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
g_return_val_if_fail (i <= g_slist_length (priv->pairwise), NULL);
return (const char *) g_slist_nth_data (priv->pairwise, i);
}
/**
* nm_setting_wireless_security_add_pairwise:
* @setting: the #NMSettingWirelessSecurity
* @pairwise: the encryption algorithm to add, one of "tkip" or "ccmp"
*
* Adds an encryption algorithm to the list of allowed pairwise encryption
* algorithms. If the list is not empty, then only access points that support
* one or more of the encryption algorithms in the list will be considered
* compatible with this connection.
*
* Returns: %TRUE if the algorithm was added to the list, %FALSE if it was
* already in the list
**/
gboolean
nm_setting_wireless_security_add_pairwise (NMSettingWirelessSecurity *setting, const char *pairwise)
{
NMSettingWirelessSecurityPrivate *priv;
GSList *iter;
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), FALSE);
g_return_val_if_fail (pairwise != NULL, FALSE);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
for (iter = priv->pairwise; iter; iter = g_slist_next (iter)) {
if (g_ascii_strcasecmp (pairwise, (char *) iter->data) == 0)
return FALSE;
}
priv->pairwise = g_slist_append (priv->pairwise, g_ascii_strdown (pairwise, -1));
_notify (setting, PROP_PAIRWISE);
return TRUE;
}
/**
* nm_setting_wireless_security_remove_pairwise:
* @setting: the #NMSettingWirelessSecurity
* @i: the index of an item in the allowed pairwise encryption algorithm list
*
* Removes an encryption algorithm from the allowed pairwise encryption
* algorithm list.
**/
void
nm_setting_wireless_security_remove_pairwise (NMSettingWirelessSecurity *setting, guint32 i)
{
NMSettingWirelessSecurityPrivate *priv;
GSList *elt;
g_return_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting));
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
elt = g_slist_nth (priv->pairwise, i);
g_return_if_fail (elt != NULL);
g_free (elt->data);
priv->pairwise = g_slist_delete_link (priv->pairwise, elt);
_notify (setting, PROP_PAIRWISE);
}
/**
* nm_setting_wireless_security_remove_pairwise_by_value:
* @setting: the #NMSettingWirelessSecurity
* @pairwise: the encryption algorithm to remove, one of "tkip" or "ccmp"
*
* Removes an encryption algorithm from the allowed pairwise encryption
* algorithm list.
*
* Returns: %TRUE if the encryption algorithm was found and removed; %FALSE if it was not.
**/
gboolean
nm_setting_wireless_security_remove_pairwise_by_value (NMSettingWirelessSecurity *setting,
const char *pairwise)
{
NMSettingWirelessSecurityPrivate *priv;
GSList *iter;
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), FALSE);
g_return_val_if_fail (pairwise != NULL, FALSE);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
for (iter = priv->pairwise; iter; iter = g_slist_next (iter)) {
if (g_ascii_strcasecmp (pairwise, (char *) iter->data) == 0) {
priv->pairwise = g_slist_delete_link (priv->pairwise, iter);
_notify (setting, PROP_PAIRWISE);
return TRUE;
}
}
return FALSE;
}
/**
* nm_setting_wireless_security_clear_pairwise:
* @setting: the #NMSettingWirelessSecurity
*
* Removes all algorithms from the allowed list. If there are no algorithms
* specified then all pairwise encryption algorithms are allowed.
**/
void
nm_setting_wireless_security_clear_pairwise (NMSettingWirelessSecurity *setting)
{
NMSettingWirelessSecurityPrivate *priv;
g_return_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting));
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
g_slist_free_full (priv->pairwise, g_free);
priv->pairwise = NULL;
_notify (setting, PROP_PAIRWISE);
}
/**
* nm_setting_wireless_security_get_num_groups:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the number of groupwise encryption algorithms in the allowed list
**/
guint32
nm_setting_wireless_security_get_num_groups (NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), 0);
return g_slist_length (NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->group);
}
/**
* nm_setting_wireless_security_get_group:
* @setting: the #NMSettingWirelessSecurity
* @i: index of an item in the allowed groupwise encryption algorithm list
*
* Returns the allowed groupwise encryption algorithm from allowed algorithm
* list.
*
* Returns: the groupwise encryption algorithm at index @i
**/
const char *
nm_setting_wireless_security_get_group (NMSettingWirelessSecurity *setting, guint32 i)
{
NMSettingWirelessSecurityPrivate *priv;
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), NULL);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
g_return_val_if_fail (i <= g_slist_length (priv->group), NULL);
return (const char *) g_slist_nth_data (priv->group, i);
}
/**
* nm_setting_wireless_security_add_group:
* @setting: the #NMSettingWirelessSecurity
* @group: the encryption algorithm to add, one of "wep40", "wep104",
* "tkip", or "ccmp"
*
* Adds an encryption algorithm to the list of allowed groupwise encryption
* algorithms. If the list is not empty, then only access points that support
* one or more of the encryption algorithms in the list will be considered
* compatible with this connection.
*
* Returns: %TRUE if the algorithm was added to the list, %FALSE if it was
* already in the list
**/
gboolean
nm_setting_wireless_security_add_group (NMSettingWirelessSecurity *setting, const char *group)
{
NMSettingWirelessSecurityPrivate *priv;
GSList *iter;
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), FALSE);
g_return_val_if_fail (group != NULL, FALSE);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
for (iter = priv->group; iter; iter = g_slist_next (iter)) {
if (g_ascii_strcasecmp (group, (char *) iter->data) == 0)
return FALSE;
}
priv->group = g_slist_append (priv->group, g_ascii_strdown (group, -1));
_notify (setting, PROP_GROUP);
return TRUE;
}
/**
* nm_setting_wireless_security_remove_group:
* @setting: the #NMSettingWirelessSecurity
* @i: the index of an item in the allowed groupwise encryption algorithm list
*
* Removes an encryption algorithm from the allowed groupwise encryption
* algorithm list.
**/
void
nm_setting_wireless_security_remove_group (NMSettingWirelessSecurity *setting, guint32 i)
{
NMSettingWirelessSecurityPrivate *priv;
GSList *elt;
g_return_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting));
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
elt = g_slist_nth (priv->group, i);
g_return_if_fail (elt != NULL);
g_free (elt->data);
priv->group = g_slist_delete_link (priv->group, elt);
_notify (setting, PROP_GROUP);
}
/**
* nm_setting_wireless_security_remove_group_by_value:
* @setting: the #NMSettingWirelessSecurity
* @group: the encryption algorithm to remove, one of "wep40", "wep104",
* "tkip", or "ccmp"
*
* Removes an encryption algorithm from the allowed groupwise encryption
* algorithm list.
*
* Returns: %TRUE if the algorithm was found and removed; %FALSE if it was not.
**/
gboolean
nm_setting_wireless_security_remove_group_by_value (NMSettingWirelessSecurity *setting,
const char *group)
{
NMSettingWirelessSecurityPrivate *priv;
GSList *iter;
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), FALSE);
g_return_val_if_fail (group != NULL, FALSE);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
for (iter = priv->group; iter; iter = g_slist_next (iter)) {
if (g_ascii_strcasecmp (group, (char *) iter->data) == 0) {
priv->group = g_slist_delete_link (priv->group, iter);
_notify (setting, PROP_GROUP);
return TRUE;
}
}
return FALSE;
}
/**
* nm_setting_wireless_security_clear_groups:
* @setting: the #NMSettingWirelessSecurity
*
* Removes all algorithms from the allowed list. If there are no algorithms
* specified then all groupwise encryption algorithms are allowed.
**/
void
nm_setting_wireless_security_clear_groups (NMSettingWirelessSecurity *setting)
{
NMSettingWirelessSecurityPrivate *priv;
g_return_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting));
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
g_slist_free_full (priv->group, g_free);
priv->group = NULL;
_notify (setting, PROP_GROUP);
}
/*
* nm_setting_wireless_security_get_pmf:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:pmf property of the setting
*
* Since: 1.10
**/
NMSettingWirelessSecurityPmf
nm_setting_wireless_security_get_pmf (NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), 0);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->pmf;
}
/**
* nm_setting_wireless_security_get_psk:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:psk property of the setting
**/
const char *
nm_setting_wireless_security_get_psk (NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), NULL);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->psk;
}
/**
* nm_setting_wireless_security_get_psk_flags:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingSecretFlags pertaining to the
* #NMSettingWirelessSecurity:psk
**/
NMSettingSecretFlags
nm_setting_wireless_security_get_psk_flags (NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), NM_SETTING_SECRET_FLAG_NONE);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->psk_flags;
}
/**
* nm_setting_wireless_security_get_leap_username:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:leap-username property of the setting
**/
const char *
nm_setting_wireless_security_get_leap_username (NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), NULL);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->leap_username;
}
/**
* nm_setting_wireless_security_get_leap_password:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:leap-password property of the setting
**/
const char *
nm_setting_wireless_security_get_leap_password (NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), NULL);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->leap_password;
}
/**
* nm_setting_wireless_security_get_leap_password_flags:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingSecretFlags pertaining to the
* #NMSettingWirelessSecurity:leap-password
**/
NMSettingSecretFlags
nm_setting_wireless_security_get_leap_password_flags (NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), NM_SETTING_SECRET_FLAG_NONE);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->leap_password_flags;
}
/**
* nm_setting_wireless_security_get_wep_key:
* @setting: the #NMSettingWirelessSecurity
* @idx: the WEP key index (0..3 inclusive)
*
* Returns: the WEP key at the given index
**/
const char *
nm_setting_wireless_security_get_wep_key (NMSettingWirelessSecurity *setting, guint32 idx)
{
NMSettingWirelessSecurityPrivate *priv;
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), NULL);
g_return_val_if_fail (idx < 4, NULL);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
if (idx == 0)
return priv->wep_key0;
else if (idx == 1)
return priv->wep_key1;
else if (idx == 2)
return priv->wep_key2;
else if (idx == 3)
return priv->wep_key3;
g_assert_not_reached ();
return NULL;
}
/**
* nm_setting_wireless_security_set_wep_key:
* @setting: the #NMSettingWirelessSecurity
* @idx: the index of the key (0..3 inclusive)
* @key: the WEP key as a string, in either hexadecimal, ASCII, or passphrase
* form as determiend by the value of the #NMSettingWirelessSecurity:wep-key-type
* property.
*
* Sets a WEP key in the given index.
**/
void
nm_setting_wireless_security_set_wep_key (NMSettingWirelessSecurity *setting, guint32 idx, const char *key)
{
NMSettingWirelessSecurityPrivate *priv;
g_return_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting));
g_return_if_fail (idx < 4);
priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
switch (idx) {
case 0:
g_free (priv->wep_key0);
priv->wep_key0 = g_strdup (key);
_notify (setting, PROP_WEP_KEY0);
break;
case 1:
g_free (priv->wep_key1);
priv->wep_key1 = g_strdup (key);
_notify (setting, PROP_WEP_KEY1);
break;
case 2:
g_free (priv->wep_key2);
priv->wep_key2 = g_strdup (key);
_notify (setting, PROP_WEP_KEY2);
break;
case 3:
g_free (priv->wep_key3);
priv->wep_key3 = g_strdup (key);
_notify (setting, PROP_WEP_KEY3);
break;
default:
g_assert_not_reached ();
}
}
/**
* nm_setting_wireless_security_get_wep_tx_keyidx:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:wep-tx-keyidx property of the setting
**/
guint32
nm_setting_wireless_security_get_wep_tx_keyidx (NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), 0);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->wep_tx_keyidx;
}
/**
* nm_setting_wireless_security_get_auth_alg:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:auth-alg property of the setting
**/
const char *
nm_setting_wireless_security_get_auth_alg (NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), NULL);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->auth_alg;
}
/**
* nm_setting_wireless_security_get_wep_key_flags:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingSecretFlags pertaining to the all WEP keys
**/
NMSettingSecretFlags
nm_setting_wireless_security_get_wep_key_flags (NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), NM_SETTING_SECRET_FLAG_NONE);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->wep_key_flags;
}
/**
* nm_setting_wireless_security_get_wep_key_type:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:wep-key-type property of the setting
**/
NMWepKeyType
nm_setting_wireless_security_get_wep_key_type (NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), 0);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->wep_key_type;
}
/**
* nm_setting_wireless_security_get_wps_method:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:wps-method property of the setting
*
* Since: 1.10
**/
NMSettingWirelessSecurityWpsMethod
nm_setting_wireless_security_get_wps_method (NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting),
NM_SETTING_WIRELESS_SECURITY_WPS_METHOD_DISABLED);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->wps_method;
}
/*
* nm_setting_wireless_security_get_fils:
* @setting: the #NMSettingWirelessSecurity
*
* Returns: the #NMSettingWirelessSecurity:fils property of the setting
*
* Since: 1.12
**/
NMSettingWirelessSecurityFils
nm_setting_wireless_security_get_fils (NMSettingWirelessSecurity *setting)
{
g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), 0);
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->fils;
}
static GPtrArray *
need_secrets (NMSetting *setting)
{
NMSettingWirelessSecurity *self = NM_SETTING_WIRELESS_SECURITY (setting);
NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (self);
GPtrArray *secrets;
secrets = g_ptr_array_sized_new (4);
g_assert (priv->key_mgmt);
/* Static WEP */
if (strcmp (priv->key_mgmt, "none") == 0) {
if ((priv->wep_tx_keyidx == 0) && !nm_utils_wep_key_valid (priv->wep_key0, priv->wep_key_type)) {
g_ptr_array_add (secrets, NM_SETTING_WIRELESS_SECURITY_WEP_KEY0);
return secrets;
}
if ((priv->wep_tx_keyidx == 1) && !nm_utils_wep_key_valid (priv->wep_key1, priv->wep_key_type)) {
g_ptr_array_add (secrets, NM_SETTING_WIRELESS_SECURITY_WEP_KEY1);
return secrets;
}
if ((priv->wep_tx_keyidx == 2) && !nm_utils_wep_key_valid (priv->wep_key2, priv->wep_key_type)) {
g_ptr_array_add (secrets, NM_SETTING_WIRELESS_SECURITY_WEP_KEY2);
return secrets;
}
if ((priv->wep_tx_keyidx == 3) && !nm_utils_wep_key_valid (priv->wep_key3, priv->wep_key_type)) {
g_ptr_array_add (secrets, NM_SETTING_WIRELESS_SECURITY_WEP_KEY3);
return secrets;
}
goto no_secrets;
}
/* WPA-PSK infrastructure */
if (strcmp (priv->key_mgmt, "wpa-psk") == 0) {
if (!nm_utils_wpa_psk_valid (priv->psk)) {
g_ptr_array_add (secrets, NM_SETTING_WIRELESS_SECURITY_PSK);
return secrets;
}
goto no_secrets;
}
/* SAE, used in MESH and WPA3-Personal */
if (strcmp (priv->key_mgmt, "sae") == 0) {
if (!priv->psk || !*priv->psk) {
g_ptr_array_add (secrets, NM_SETTING_WIRELESS_SECURITY_PSK);
return secrets;
}
goto no_secrets;
}
/* LEAP */
if ( priv->auth_alg
&& !strcmp (priv->auth_alg, "leap")
&& !strcmp (priv->key_mgmt, "ieee8021x")) {
if (!priv->leap_password || !*priv->leap_password) {
g_ptr_array_add (secrets, NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD);
return secrets;
}
goto no_secrets;
}
if ( (strcmp (priv->key_mgmt, "ieee8021x") == 0)
|| (strcmp (priv->key_mgmt, "wpa-eap") == 0)
|| (strcmp (priv->key_mgmt, "owe") == 0)) {
/* Let caller check the 802.1x setting for secrets */
goto no_secrets;
}
g_assert_not_reached ();
return secrets;
no_secrets:
if (secrets)
g_ptr_array_free (secrets, TRUE);
return NULL;
}
static gboolean
verify (NMSetting *setting, NMConnection *connection, GError **error)
{
NMSettingWirelessSecurity *self = NM_SETTING_WIRELESS_SECURITY (setting);
NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (self);
const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-psk", "wpa-eap", "sae", "owe", NULL };
const char *valid_auth_algs[] = { "open", "shared", "leap", NULL };
const char *valid_protos[] = { "wpa", "rsn", NULL };
const char *valid_pairwise[] = { "tkip", "ccmp", NULL };
const char *valid_groups[] = { "wep40", "wep104", "tkip", "ccmp", NULL };
NMSettingWireless *s_wifi;
const char *wifi_mode;
s_wifi = connection ? nm_connection_get_setting_wireless (connection) : NULL;
wifi_mode = s_wifi ? nm_setting_wireless_get_mode (s_wifi) : NULL;
if (!priv->key_mgmt) {
g_set_error_literal (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_MISSING_PROPERTY,
_("property is missing"));
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT);
return FALSE;
}
if (g_strcmp0 (wifi_mode, NM_SETTING_WIRELESS_MODE_MESH) == 0) {
if ( (strcmp (priv->key_mgmt, "none") == 0)
|| (strcmp (priv->key_mgmt, "sae") == 0)) {
g_set_error (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' is not a valid value for '%s' mode connections"),
priv->key_mgmt, NM_SETTING_WIRELESS_MODE_MESH);
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT);
return FALSE;
}
} else {
if (!g_strv_contains (valid_key_mgmt, priv->key_mgmt)) {
g_set_error (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' is not a valid value for the property"),
priv->key_mgmt);
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT);
return FALSE;
}
}
if (priv->auth_alg && !strcmp (priv->auth_alg, "leap")) {
/* LEAP must use ieee8021x key management */
if (strcmp (priv->key_mgmt, "ieee8021x")) {
g_set_error (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' security requires '%s=%s'"),
"leap", NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "ieee8021x");
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_AUTH_ALG);
return FALSE;
}
if (!priv->leap_username) {
g_set_error_literal (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_MISSING_PROPERTY,
_("property is empty"));
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME);
return FALSE;
}
} else {
if ( (strcmp (priv->key_mgmt, "ieee8021x") == 0)
|| (strcmp (priv->key_mgmt, "wpa-eap") == 0)) {
/* Need an 802.1x setting too */
if (connection && !nm_connection_get_setting_802_1x (connection)) {
g_set_error (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_MISSING_SETTING,
_("'%s' security requires '%s' setting presence"),
priv->key_mgmt, NM_SETTING_802_1X_SETTING_NAME);
g_prefix_error (error, "%s: ", NM_SETTING_802_1X_SETTING_NAME);
return FALSE;
}
}
}
if (priv->leap_username && !strlen (priv->leap_username)) {
g_set_error_literal (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is empty"));
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME);
return FALSE;
}
if (priv->wep_tx_keyidx > 3) {
g_set_error (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%d' value is out of range <0-3>"),
priv->wep_tx_keyidx);
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX);
return FALSE;
}
if (priv->wep_key_type > NM_WEP_KEY_TYPE_LAST) {
g_set_error_literal (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is invalid"));
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WEP_KEY_TYPE);
return FALSE;
}
if (priv->auth_alg && !g_strv_contains (valid_auth_algs, priv->auth_alg)) {
g_set_error_literal (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is invalid"));
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_AUTH_ALG);
return FALSE;
}
if (priv->proto && !_nm_utils_string_slist_validate (priv->proto, valid_protos)) {
g_set_error_literal (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is invalid"));
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_PROTO);
return FALSE;
}
if (priv->pairwise) {
if (!_nm_utils_string_slist_validate (priv->pairwise, valid_pairwise)) {
g_set_error_literal (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is invalid"));
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_PAIRWISE);
return FALSE;
}
}
if (priv->group && !_nm_utils_string_slist_validate (priv->group, valid_groups)) {
g_set_error_literal (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is invalid"));
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_GROUP);
return FALSE;
}
/* Shared Key auth can only be used with WEP */
if (priv->auth_alg && !strcmp (priv->auth_alg, "shared")) {
if (priv->key_mgmt && strcmp (priv->key_mgmt, "none")) {
g_set_error (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' can only be used with '%s=%s' (WEP)"),
"shared", NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "none");
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_AUTH_ALG);
return FALSE;
}
}
G_STATIC_ASSERT_EXPR (((NMSettingWirelessSecurityPmf) -1) > 0);
if (priv->pmf > NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED) {
g_set_error_literal (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is invalid"));
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_PMF);
return FALSE;
}
if ( NM_IN_SET (priv->pmf,
NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL,
NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED)
&& !NM_IN_STRSET (priv->key_mgmt, "wpa-eap", "wpa-psk", "sae", "owe")) {
g_set_error (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' can only be used with 'wpa-eap', 'wpa-psk' or 'sae' key management "),
priv->pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL ? "optional" : "required");
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_PMF);
return FALSE;
}
if (!_nm_utils_wps_method_validate (priv->wps_method,
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_WPS_METHOD,
FALSE,
error))
return FALSE;
return TRUE;
}
static gboolean
_verify_wep_key (const char *wep_key,
NMWepKeyType wep_key_type,
const char *property,
GError **error)
{
if (wep_key && !nm_utils_wep_key_valid (wep_key, wep_key_type)) {
g_set_error_literal (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is invalid"));
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, property);
return FALSE;
}
return TRUE;
}
static gboolean
verify_secrets (NMSetting *setting, NMConnection *connection, GError **error)
{
NMSettingWirelessSecurity *self = NM_SETTING_WIRELESS_SECURITY (setting);
NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (self);
/* LEAP */
if ( priv->auth_alg
&& !strcmp (priv->auth_alg, "leap")
&& !strcmp (priv->key_mgmt, "ieee8021x")) {
if (!_nm_setting_verify_secret_string (priv->leap_password,
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD,
error))
return FALSE;
}
/* WEP */
if (!_verify_wep_key (priv->wep_key0, priv->wep_key_type, NM_SETTING_WIRELESS_SECURITY_WEP_KEY0, error))
return FALSE;
if (!_verify_wep_key (priv->wep_key1, priv->wep_key_type, NM_SETTING_WIRELESS_SECURITY_WEP_KEY1, error))
return FALSE;
if (!_verify_wep_key (priv->wep_key2, priv->wep_key_type, NM_SETTING_WIRELESS_SECURITY_WEP_KEY2, error))
return FALSE;
if (!_verify_wep_key (priv->wep_key3, priv->wep_key_type, NM_SETTING_WIRELESS_SECURITY_WEP_KEY3, error))
return FALSE;
/* WPA-PSK */
if ( priv->psk
&& strcmp (priv->key_mgmt, "sae") != 0
&& !nm_utils_wpa_psk_valid (priv->psk)) {
g_set_error_literal (error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("property is invalid"));
g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_PSK);
return FALSE;
}
return TRUE;
}
static gboolean
get_secret_flags (NMSetting *setting,
const char *secret_name,
NMSettingSecretFlags *out_flags,
GError **error)
{
NMSettingSecretFlags flags;
if (NM_IN_STRSET (secret_name, NM_SETTING_WIRELESS_SECURITY_WEP_KEY0,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY1,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY2,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY3)) {
/* There's only one 'flags' property for WEP keys, so alias all the WEP key
* property names to that flags property. */
nm_assert (_nm_setting_property_is_regular_secret (setting, secret_name));
nm_assert (_nm_setting_property_is_regular_secret_flags (setting, NM_SETTING_WIRELESS_SECURITY_WEP_KEY_FLAGS));
g_object_get (G_OBJECT (setting),
NM_SETTING_WIRELESS_SECURITY_WEP_KEY_FLAGS,
&flags,
NULL);
NM_SET_OUT (out_flags, flags);
return TRUE;
}
return NM_SETTING_CLASS (nm_setting_wireless_security_parent_class)->get_secret_flags (setting, secret_name, out_flags, error);
}
static gboolean
set_secret_flags (NMSetting *setting,
const char *secret_name,
NMSettingSecretFlags flags,
GError **error)
{
if (NM_IN_STRSET (secret_name, NM_SETTING_WIRELESS_SECURITY_WEP_KEY0,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY1,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY2,
NM_SETTING_WIRELESS_SECURITY_WEP_KEY3)) {
/* There's only one 'flags' property for WEP keys, so alias all the WEP key
* property names to that flags property. */
nm_assert (_nm_setting_property_is_regular_secret (setting, secret_name));
nm_assert (_nm_setting_property_is_regular_secret_flags (setting, NM_SETTING_WIRELESS_SECURITY_WEP_KEY_FLAGS));
if (!nm_g_object_set_property_flags (G_OBJECT (setting),
NM_SETTING_WIRELESS_SECURITY_WEP_KEY_FLAGS,
NM_TYPE_SETTING_SECRET_FLAGS,
flags,
error))
g_return_val_if_reached (FALSE);
return TRUE;
}
return NM_SETTING_CLASS (nm_setting_wireless_security_parent_class)->set_secret_flags (setting, secret_name, flags, error);
}
/* NMSettingWirelessSecurity:wep-key-type is an enum, but needs to be marshalled
* as 'u', not 'i', for backward-compatibility.
*/
static GVariant *
wep_key_type_to_dbus (const GValue *from)
{
return g_variant_new_uint32 (g_value_get_enum (from));
}
/*****************************************************************************/
static void
get_property (GObject *object, guint prop_id,
GValue *value, GParamSpec *pspec)
{
NMSettingWirelessSecurity *setting = NM_SETTING_WIRELESS_SECURITY (object);
NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
switch (prop_id) {
case PROP_KEY_MGMT:
g_value_set_string (value, priv->key_mgmt);
break;
case PROP_WEP_TX_KEYIDX:
g_value_set_uint (value, priv->wep_tx_keyidx);
break;
case PROP_AUTH_ALG:
g_value_set_string (value, priv->auth_alg);
break;
case PROP_PROTO:
g_value_take_boxed (value, _nm_utils_slist_to_strv (priv->proto, TRUE));
break;
case PROP_PAIRWISE:
g_value_take_boxed (value, _nm_utils_slist_to_strv (priv->pairwise, TRUE));
break;
case PROP_GROUP:
g_value_take_boxed (value, _nm_utils_slist_to_strv (priv->group, TRUE));
break;
case PROP_PMF:
g_value_set_int (value, nm_setting_wireless_security_get_pmf (setting));
break;
case PROP_LEAP_USERNAME:
g_value_set_string (value, priv->leap_username);
break;
case PROP_WEP_KEY0:
g_value_set_string (value, priv->wep_key0);
break;
case PROP_WEP_KEY1:
g_value_set_string (value, priv->wep_key1);
break;
case PROP_WEP_KEY2:
g_value_set_string (value, priv->wep_key2);
break;
case PROP_WEP_KEY3:
g_value_set_string (value, priv->wep_key3);
break;
case PROP_WEP_KEY_FLAGS:
g_value_set_flags (value, priv->wep_key_flags);
break;
case PROP_PSK:
g_value_set_string (value, priv->psk);
break;
case PROP_PSK_FLAGS:
g_value_set_flags (value, priv->psk_flags);
break;
case PROP_LEAP_PASSWORD:
g_value_set_string (value, priv->leap_password);
break;
case PROP_LEAP_PASSWORD_FLAGS:
g_value_set_flags (value, priv->leap_password_flags);
break;
case PROP_WEP_KEY_TYPE:
g_value_set_enum (value, priv->wep_key_type);
break;
case PROP_WPS_METHOD:
g_value_set_uint (value, priv->wps_method);
break;
case PROP_FILS:
g_value_set_int (value, nm_setting_wireless_security_get_fils (setting));
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
}
}
static void
set_property (GObject *object, guint prop_id,
const GValue *value, GParamSpec *pspec)
{
NMSettingWirelessSecurity *setting = NM_SETTING_WIRELESS_SECURITY (object);
NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting);
const char *str;
switch (prop_id) {
case PROP_KEY_MGMT:
g_free (priv->key_mgmt);
str = g_value_get_string (value);
priv->key_mgmt = str ? g_ascii_strdown (str, -1) : NULL;
break;
case PROP_WEP_TX_KEYIDX:
priv->wep_tx_keyidx = g_value_get_uint (value);
break;
case PROP_AUTH_ALG:
g_free (priv->auth_alg);
str = g_value_get_string (value);
priv->auth_alg = str ? g_ascii_strdown (str, -1) : NULL;
break;
case PROP_PROTO:
g_slist_free_full (priv->proto, g_free);
priv->proto = _nm_utils_strv_to_slist (g_value_get_boxed (value), TRUE);
break;
case PROP_PAIRWISE:
g_slist_free_full (priv->pairwise, g_free);
priv->pairwise = _nm_utils_strv_to_slist (g_value_get_boxed (value), TRUE);
break;
case PROP_GROUP:
g_slist_free_full (priv->group, g_free);
priv->group = _nm_utils_strv_to_slist (g_value_get_boxed (value), TRUE);
break;
case PROP_PMF:
priv->pmf = g_value_get_int (value);
break;
case PROP_LEAP_USERNAME:
g_free (priv->leap_username);
priv->leap_username = g_value_dup_string (value);
break;
case PROP_WEP_KEY0:
nm_free_secret (priv->wep_key0);
priv->wep_key0 = g_value_dup_string (value);
break;
case PROP_WEP_KEY1:
nm_free_secret (priv->wep_key1);
priv->wep_key1 = g_value_dup_string (value);
break;
case PROP_WEP_KEY2:
nm_free_secret (priv->wep_key2);
priv->wep_key2 = g_value_dup_string (value);
break;
case PROP_WEP_KEY3:
nm_free_secret (priv->wep_key3);
priv->wep_key3 = g_value_dup_string (value);
break;
case PROP_WEP_KEY_FLAGS:
priv->wep_key_flags = g_value_get_flags (value);
break;
case PROP_PSK:
nm_free_secret (priv->psk);
priv->psk = g_value_dup_string (value);
break;
case PROP_PSK_FLAGS:
priv->psk_flags = g_value_get_flags (value);
break;
case PROP_LEAP_PASSWORD:
nm_free_secret (priv->leap_password);
priv->leap_password = g_value_dup_string (value);
break;
case PROP_LEAP_PASSWORD_FLAGS:
priv->leap_password_flags = g_value_get_flags (value);
break;
case PROP_WEP_KEY_TYPE:
priv->wep_key_type = g_value_get_enum (value);
break;
case PROP_WPS_METHOD:
priv->wps_method = g_value_get_uint (value);
break;
case PROP_FILS:
priv->fils = g_value_get_int (value);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
}
}
/*****************************************************************************/
static void
nm_setting_wireless_security_init (NMSettingWirelessSecurity *self)
{
nm_assert (NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (self)->wep_key_type == NM_WEP_KEY_TYPE_UNKNOWN);
nm_assert (NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (self)->wps_method == NM_SETTING_WIRELESS_SECURITY_WPS_METHOD_DEFAULT);
}
/**
* nm_setting_wireless_security_new:
*
* Creates a new #NMSettingWirelessSecurity object with default values.
*
* Returns: (transfer full): the new empty #NMSettingWirelessSecurity object
**/
NMSetting *
nm_setting_wireless_security_new (void)
{
return (NMSetting *) g_object_new (NM_TYPE_SETTING_WIRELESS_SECURITY, NULL);
}
static void
finalize (GObject *object)
{
NMSettingWirelessSecurity *self = NM_SETTING_WIRELESS_SECURITY (object);
NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (self);
g_free (priv->key_mgmt);
g_free (priv->auth_alg);
g_free (priv->leap_username);
nm_free_secret (priv->wep_key0);
nm_free_secret (priv->wep_key1);
nm_free_secret (priv->wep_key2);
nm_free_secret (priv->wep_key3);
nm_free_secret (priv->psk);
nm_free_secret (priv->leap_password);
g_slist_free_full (priv->proto, g_free);
g_slist_free_full (priv->pairwise, g_free);
g_slist_free_full (priv->group, g_free);
G_OBJECT_CLASS (nm_setting_wireless_security_parent_class)->finalize (object);
}
static void
nm_setting_wireless_security_class_init (NMSettingWirelessSecurityClass *klass)
{
GObjectClass *object_class = G_OBJECT_CLASS (klass);
NMSettingClass *setting_class = NM_SETTING_CLASS (klass);
GArray *properties_override = _nm_sett_info_property_override_create_array ();
g_type_class_add_private (klass, sizeof (NMSettingWirelessSecurityPrivate));
object_class->get_property = get_property;
object_class->set_property = set_property;
object_class->finalize = finalize;
setting_class->verify = verify;
setting_class->verify_secrets = verify_secrets;
setting_class->need_secrets = need_secrets;
setting_class->get_secret_flags = get_secret_flags;
setting_class->set_secret_flags = set_secret_flags;
/**
* NMSettingWirelessSecurity:key-mgmt:
*
* Key management used for the connection. One of "none" (WEP),
* "ieee8021x" (Dynamic WEP), "wpa-psk" (infrastructure WPA-PSK), "sae"
* (SAE), "owe" (Opportunistic Wireless Encryption) or "wpa-eap"
* (WPA-Enterprise). This property must be set for
* any Wi-Fi connection that uses security.
**/
/* ---ifcfg-rh---
* property: key-mgmt
* variable: KEY_MGMT(+)
* values: IEEE8021X, WPA-PSK, WPA-EAP
* description: Key management menthod.
* ---end---
*/
obj_properties[PROP_KEY_MGMT] =
g_param_spec_string (NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "", "",
NULL,
G_PARAM_READWRITE |
NM_SETTING_PARAM_REQUIRED |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:wep-tx-keyidx:
*
* When static WEP is used (ie, key-mgmt = "none") and a non-default WEP key
* index is used by the AP, put that WEP key index here. Valid values are 0
* (default key) through 3. Note that some consumer access points (like the
* Linksys WRT54G) number the keys 1 - 4.
**/
/* ---ifcfg-rh---
* property: wep-tx-keyidx
* variable: DEFAULTKEY
* values: 1, 2, 3, 4
* default: 1
* description: Index of active WEP key.
* ---end---
*/
obj_properties[PROP_WEP_TX_KEYIDX] =
g_param_spec_uint (NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX, "", "",
0, 3, 0,
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:auth-alg:
*
* When WEP is used (ie, key-mgmt = "none" or "ieee8021x") indicate the
* 802.11 authentication algorithm required by the AP here. One of "open"
* for Open System, "shared" for Shared Key, or "leap" for Cisco LEAP. When
* using Cisco LEAP (ie, key-mgmt = "ieee8021x" and auth-alg = "leap") the
* "leap-username" and "leap-password" properties must be specified.
**/
/* ---ifcfg-rh---
* property: auth-alg
* variable: SECURITYMODE(+)
* values: restricted, open, leap
* description: Authentication algorithm for WEP.
* ---end---
*/
obj_properties[PROP_AUTH_ALG] =
g_param_spec_string (NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "", "",
NULL,
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:proto:
*
* List of strings specifying the allowed WPA protocol versions to use.
* Each element may be one "wpa" (allow WPA) or "rsn" (allow WPA2/RSN). If
* not specified, both WPA and RSN connections are allowed.
**/
/* ---ifcfg-rh---
* property: proto
* variable: WPA_ALLOW_WPA(+), WPA_ALLOW_WPA2(+)
* values: yes, no
* default: no
* description: Allowed WPA protocols, WPA and WPA2 (RSN).
* ---end---
*/
obj_properties[PROP_PROTO] =
g_param_spec_boxed (NM_SETTING_WIRELESS_SECURITY_PROTO, "", "",
G_TYPE_STRV,
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:pairwise:
*
* A list of pairwise encryption algorithms which prevents connections to
* Wi-Fi networks that do not utilize one of the algorithms in the list.
* For maximum compatibility leave this property empty. Each list element
* may be one of "tkip" or "ccmp".
**/
/* ---ifcfg-rh---
* property: pairwise
* variable: CIPHER_PAIRWISE(+)
* values: CCMP, TKIP
* description: Restrict pairwise encryption algorithms, specified as a space
* separated list.
* ---end---
*/
obj_properties[PROP_PAIRWISE] =
g_param_spec_boxed (NM_SETTING_WIRELESS_SECURITY_PAIRWISE, "", "",
G_TYPE_STRV,
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:group:
*
* A list of group/broadcast encryption algorithms which prevents
* connections to Wi-Fi networks that do not utilize one of the algorithms
* in the list. For maximum compatibility leave this property empty. Each
* list element may be one of "wep40", "wep104", "tkip", or "ccmp".
**/
/* ---ifcfg-rh---
* property: group
* variable: CIPHER_GROUP(+)
* values: CCMP, TKIP, WEP40, WEP104
* description: Restrict group/broadcast encryption algorithms, specified as a space
* separated list.
* ---end---
*/
obj_properties[PROP_GROUP] =
g_param_spec_boxed (NM_SETTING_WIRELESS_SECURITY_GROUP, "", "",
G_TYPE_STRV,
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:pmf:
*
* Indicates whether Protected Management Frames (802.11w) must be enabled
* for the connection. One of %NM_SETTING_WIRELESS_SECURITY_PMF_DEFAULT
* (use global default value), %NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE
* (disable PMF), %NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL (enable PMF if
* the supplicant and the access point support it) or
* %NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED (enable PMF and fail if not
* supported). When set to %NM_SETTING_WIRELESS_SECURITY_PMF_DEFAULT and no
* global default is set, PMF will be optionally enabled.
*
* Since: 1.10
**/
/* ---ifcfg-rh---
* property: pmf
* variable: PMF(+)
* values: default, disable, optional, required
* description: Enables or disables PMF (802.11w)
* example: PMF=required
* ---end---
*/
obj_properties[PROP_PMF] =
g_param_spec_int (NM_SETTING_WIRELESS_SECURITY_PMF, "", "",
G_MININT32, G_MAXINT32, 0,
G_PARAM_READWRITE |
NM_SETTING_PARAM_FUZZY_IGNORE |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:leap-username:
*
* The login username for legacy LEAP connections (ie, key-mgmt =
* "ieee8021x" and auth-alg = "leap").
**/
/* ---ifcfg-rh---
* property: leap-username
* variable: IEEE_8021X_IDENTITY(+)
* description: Login name for LEAP.
* ---end---
*/
obj_properties[PROP_LEAP_USERNAME] =
g_param_spec_string (NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME, "", "",
NULL,
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:wep-key0:
*
* Index 0 WEP key. This is the WEP key used in most networks. See the
* "wep-key-type" property for a description of how this key is interpreted.
**/
/* ---ifcfg-rh---
* property: wep-key0
* variable: KEY1, KEY_PASSPHRASE1(+)
* description: The first WEP key (used in most networks). See also DEFAULTKEY for key index.
* ---end---
*/
obj_properties[PROP_WEP_KEY0] =
g_param_spec_string (NM_SETTING_WIRELESS_SECURITY_WEP_KEY0, "", "",
NULL,
G_PARAM_READWRITE |
NM_SETTING_PARAM_SECRET |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:wep-key1:
*
* Index 1 WEP key. This WEP index is not used by most networks. See the
* "wep-key-type" property for a description of how this key is interpreted.
**/
/* ---ifcfg-rh---
* property: wep-key1
* variable: KEY2, KEY_PASSPHRASE2(+)
* description: WEP key with index 1. See also DEFAULTKEY for key index.
* ---end---
*/
obj_properties[PROP_WEP_KEY1] =
g_param_spec_string (NM_SETTING_WIRELESS_SECURITY_WEP_KEY1, "", "",
NULL,
G_PARAM_READWRITE |
NM_SETTING_PARAM_SECRET |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:wep-key2:
*
* Index 2 WEP key. This WEP index is not used by most networks. See the
* "wep-key-type" property for a description of how this key is interpreted.
**/
/* ---ifcfg-rh---
* property: wep-key2
* variable: KEY3, KEY_PASSPHRASE3(+)
* description: WEP key with index 2. See also DEFAULTKEY for key index.
* ---end---
*/
obj_properties[PROP_WEP_KEY2] =
g_param_spec_string (NM_SETTING_WIRELESS_SECURITY_WEP_KEY2, "", "",
NULL,
G_PARAM_READWRITE |
NM_SETTING_PARAM_SECRET |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:wep-key3:
*
* Index 3 WEP key. This WEP index is not used by most networks. See the
* "wep-key-type" property for a description of how this key is interpreted.
**/
/* ---ifcfg-rh---
* property: wep-key3
* variable: KEY4, KEY_PASSPHRASE4(+)
* description: WEP key with index 3. See also DEFAULTKEY for key index.
* ---end---
*/
obj_properties[PROP_WEP_KEY3] =
g_param_spec_string (NM_SETTING_WIRELESS_SECURITY_WEP_KEY3, "", "",
NULL,
G_PARAM_READWRITE |
NM_SETTING_PARAM_SECRET |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:wep-key-flags:
*
* Flags indicating how to handle the #NMSettingWirelessSecurity:wep-key0,
* #NMSettingWirelessSecurity:wep-key1, #NMSettingWirelessSecurity:wep-key2,
* and #NMSettingWirelessSecurity:wep-key3 properties.
**/
/* ---ifcfg-rh---
* property: wep-key-flags
* variable: WEP_KEY_FLAGS(+)
* format: NMSettingSecretFlags
* description: Password flags for KEY<i>, KEY_PASSPHRASE<i> password.
* ---end---
*/
obj_properties[PROP_WEP_KEY_FLAGS] =
g_param_spec_flags (NM_SETTING_WIRELESS_SECURITY_WEP_KEY_FLAGS, "", "",
NM_TYPE_SETTING_SECRET_FLAGS,
NM_SETTING_SECRET_FLAG_NONE,
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:psk:
*
* Pre-Shared-Key for WPA networks. For WPA-PSK, it's either an ASCII
* passphrase of 8 to 63 characters that is (as specified in the 802.11i
* standard) hashed to derive the actual key, or the key in form of 64
* hexadecimal character. The WPA3-Personal networks use a passphrase
* of any length for SAE authentication.
**/
/* ---ifcfg-rh---
* property: psk
* variable: WPA_PSK
* description: Pre-Shared-Key for WPA networks.
* ---end---
*/
obj_properties[PROP_PSK] =
g_param_spec_string (NM_SETTING_WIRELESS_SECURITY_PSK, "", "",
NULL,
G_PARAM_READWRITE |
NM_SETTING_PARAM_SECRET |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:psk-flags:
*
* Flags indicating how to handle the #NMSettingWirelessSecurity:psk
* property.
**/
/* ---ifcfg-rh---
* property: psk-flags
* variable: WPA_PSK_FLAGS(+)
* format: NMSettingSecretFlags
* description: Password flags for WPA_PSK_FLAGS.
* example: WPA_PSK_FLAGS=user
* ---end---
*/
obj_properties[PROP_PSK_FLAGS] =
g_param_spec_flags (NM_SETTING_WIRELESS_SECURITY_PSK_FLAGS, "", "",
NM_TYPE_SETTING_SECRET_FLAGS,
NM_SETTING_SECRET_FLAG_NONE,
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:leap-password:
*
* The login password for legacy LEAP connections (ie, key-mgmt =
* "ieee8021x" and auth-alg = "leap").
**/
/* ---ifcfg-rh---
* property: leap-password
* variable: IEEE_8021X_PASSWORD(+)
* description: Password for LEAP. It can also go to "key-"
* lookaside file, or it can be owned by a secret agent.
* ---end---
*/
obj_properties[PROP_LEAP_PASSWORD] =
g_param_spec_string (NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD, "", "",
NULL,
G_PARAM_READWRITE |
NM_SETTING_PARAM_SECRET |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:leap-password-flags:
*
* Flags indicating how to handle the
* #NMSettingWirelessSecurity:leap-password property.
**/
/* ---ifcfg-rh---
* property: leap-password-flags
* variable: IEEE_8021X_PASSWORD_FLAGS(+)
* format: NMSettingSecretFlags
* description: Password flags for IEEE_8021X_PASSWORD_FLAGS.
* ---end---
*/
obj_properties[PROP_LEAP_PASSWORD_FLAGS] =
g_param_spec_flags (NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD_FLAGS, "", "",
NM_TYPE_SETTING_SECRET_FLAGS,
NM_SETTING_SECRET_FLAG_NONE,
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:wep-key-type:
*
* Controls the interpretation of WEP keys. Allowed values are
* %NM_WEP_KEY_TYPE_KEY, in which case the key is either a 10- or
* 26-character hexadecimal string, or a 5- or 13-character ASCII password;
* or %NM_WEP_KEY_TYPE_PASSPHRASE, in which case the passphrase is provided
* as a string and will be hashed using the de-facto MD5 method to derive
* the actual WEP key.
**/
/* ---ifcfg-rh---
* property: wep-key-type
* variable: KEY<i> or KEY_PASSPHRASE<i>(+); KEY_TYPE(+)
* description: KEY is used for "key" type (10 or 26 hexadecimal characters,
* or 5 or 13 character string prefixed with "s:"). KEY_PASSPHRASE is used
* for WEP passphrases. KEY_TYPE specifies the key type and can be either
* 'key' or 'passphrase'. KEY_TYPE is redundant and can be omitted.
* example: KEY1=s:ahoj, KEY1=0a1c45bc02, KEY_PASSPHRASE1=mysupersecretkey
* ---end---
*/
obj_properties[PROP_WEP_KEY_TYPE] =
g_param_spec_enum (NM_SETTING_WIRELESS_SECURITY_WEP_KEY_TYPE, "", "",
NM_TYPE_WEP_KEY_TYPE,
NM_WEP_KEY_TYPE_UNKNOWN,
G_PARAM_READWRITE |
G_PARAM_STATIC_STRINGS);
_nm_properties_override_gobj (properties_override,
obj_properties[PROP_WEP_KEY_TYPE],
NM_SETT_INFO_PROPERT_TYPE (
.dbus_type = G_VARIANT_TYPE_UINT32,
.gprop_to_dbus_fcn = wep_key_type_to_dbus,
));
/**
* NMSettingWirelessSecurity:wps-method:
*
* Flags indicating which mode of WPS is to be used if any.
*
* There's little point in changing the default setting as NetworkManager will
* automatically determine whether it's feasible to start WPS enrollment from
* the Access Point capabilities.
*
* WPS can be disabled by setting this property to a value of 1.
*
* Since: 1.10
**/
/* ---ifcfg-rh---
* property: wps-method
* variable: WPS_METHOD
* description: Used to control the WPS methods to be used
* Valid values are "default", "auto", "disabled", "pin" and "pbc".
* If omitted, whatver the AP announces is used.
* example: WPS_METHOD=disabled, WPS_METHOD="pin pbc"
* ---end---
*/
obj_properties[PROP_WPS_METHOD] =
g_param_spec_uint (NM_SETTING_WIRELESS_SECURITY_WPS_METHOD, "", "",
0, G_MAXUINT32, NM_SETTING_WIRELESS_SECURITY_WPS_METHOD_DEFAULT,
G_PARAM_READWRITE |
NM_SETTING_PARAM_FUZZY_IGNORE |
G_PARAM_STATIC_STRINGS);
/**
* NMSettingWirelessSecurity:fils:
*
* Indicates whether Fast Initial Link Setup (802.11ai) must be enabled for
* the connection. One of %NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (use
* global default value), %NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE
* (disable FILS), %NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL (enable FILS
* if the supplicant and the access point support it) or
* %NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED (enable FILS and fail if not
* supported). When set to %NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT and
* no global default is set, FILS will be optionally enabled.
*
* Since: 1.12
**/
/* ---ifcfg-rh---
* property: fils
* variable: FILS(+)
* values: default, disable, optional, required
* description: Enables or disables FILS (802.11ai)
* example: FILS=required
* ---end---
*/
obj_properties[PROP_FILS] =
g_param_spec_int (NM_SETTING_WIRELESS_SECURITY_FILS, "", "",
G_MININT32, G_MAXINT32, 0,
G_PARAM_READWRITE |
NM_SETTING_PARAM_FUZZY_IGNORE |
G_PARAM_STATIC_STRINGS);
g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties);
_nm_setting_class_commit_full (setting_class, NM_META_SETTING_TYPE_WIRELESS_SECURITY,
NULL, properties_override);
}