ifcfg-rh: support 802-1x.phase1-auth-alg

4 files changed, 43 insertions, 0 deletions

diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c
index 59e8abcc1e..c90e42fa40 100644
--- a/libnm-core/nm-setting-8021x.c
+++ b/libnm-core/nm-setting-8021x.c
@@ -4150,6 +4150,14 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
 	 *
 	 * Since: 1.8
 	 */
+	/* ---ifcfg-rh---
+	 * property: phase1-auth-flags
+	 * variable: IEEE_8021X_PHASE1_AUTH_FLAGS(+)
+	 * values: space-separated list of authentication flags names
+	 * description: Authentication flags for the supplicant
+	 * example: IEEE_8021X_PHASE1_AUTH_FLAGS="tls-1-0-disable tls-1-1-disable"
+	 * ---end---
+	 */
 	g_object_class_install_property
 		(object_class, PROP_PHASE1_AUTH_FLAGS,
 		 g_param_spec_uint (NM_SETTING_802_1X_PHASE1_AUTH_FLAGS, "", "",
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
index 4fcabec66c..8372d536a3 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
@@ -3151,6 +3151,24 @@ fill_8021x (shvarFile *ifcfg,
 	g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH, value, NULL);
 	g_free (value);
 
+	value = svGetValueString (ifcfg, "IEEE_8021X_PHASE1_AUTH_FLAGS");
+	if (value) {
+		NMSetting8021xAuthFlags flags;
+		char *token;
+
+		if (nm_utils_enum_from_str (nm_setting_802_1x_auth_flags_get_type (), value,
+		                            (int *) &flags, &token)) {
+			g_object_set (s_8021x, NM_SETTING_802_1X_PHASE1_AUTH_FLAGS, flags, NULL);
+		} else {
+			g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION,
+			             "Invalid IEEE_8021X_PHASE1_AUTH_FLAGS flag '%s'", token);
+			g_free (token);
+			g_free (value);
+			goto error;
+		}
+		g_free (value);
+	}
+
 	read_8021x_list_value (ifcfg, "IEEE_8021X_ALTSUBJECT_MATCHES",
 	                       s_8021x, NM_SETTING_802_1X_ALTSUBJECT_MATCHES);
 	read_8021x_list_value (ifcfg, "IEEE_8021X_PHASE2_ALTSUBJECT_MATCHES",
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
index 939aff1ed6..57fb700b4f 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
@@ -359,6 +359,7 @@ write_8021x_setting (NMConnection *connection,
                      GError **error)
 {
 	NMSetting8021x *s_8021x;
+	NMSetting8021xAuthFlags auth_flags;
 	const char *value, *match;
 	char *tmp = NULL;
 	gboolean success = FALSE;
@@ -450,6 +451,17 @@ write_8021x_setting (NMConnection *connection,
 		g_free (tmp);
 	}
 
+	auth_flags = nm_setting_802_1x_get_phase1_auth_flags (s_8021x);
+	if (auth_flags == NM_SETTING_802_1X_AUTH_FLAGS_NONE) {
+		svUnsetValue (ifcfg, "IEEE_8021X_PHASE1_AUTH_FLAGS");
+	} else {
+		gs_free char *flags_str = NULL;
+
+		flags_str = _nm_utils_enum_to_str_full (nm_setting_802_1x_auth_flags_get_type (),
+		                                        auth_flags, " ");
+		svSetValueString (ifcfg, "IEEE_8021X_PHASE1_AUTH_FLAGS", flags_str);
+	}
+
 	svSetValueString (ifcfg, "IEEE_8021X_INNER_AUTH_METHODS",
 	                  phase2_auth->len ? phase2_auth->str : NULL);
 
diff --git a/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
index 11c412edca..18bf2c4e9e 100644
--- a/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
+++ b/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
@@ -5701,6 +5701,11 @@ test_write_wifi_wpa_eap_tls (void)
 	nm_connection_add_setting (connection, NM_SETTING (s_8021x));
 
 	g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, "Bill Smith", NULL);
+	g_object_set (s_8021x,
+	              NM_SETTING_802_1X_PHASE1_AUTH_FLAGS,
+	              (guint) (NM_SETTING_802_1X_AUTH_FLAGS_TLS_1_0_DISABLE |
+	                       NM_SETTING_802_1X_AUTH_FLAGS_TLS_1_1_DISABLE),
+	              NULL);
 
 	nm_setting_802_1x_add_eap_method (s_8021x, "tls");