diff options
author | Beniamino Galvani <bgalvani@redhat.com> | 2019-07-11 15:52:03 +0200 |
---|---|---|
committer | Beniamino Galvani <bgalvani@redhat.com> | 2019-07-11 21:33:51 +0200 |
commit | fddc7a6ee881471908d7439de65d94a2ac86634d (patch) | |
tree | 6919567c7d6deefecde3af398a25a2cb5ef08ad9 | |
parent | 107ba8e00ca576cf21c3b8a82d7f826178bd096c (diff) | |
download | NetworkManager-fddc7a6ee881471908d7439de65d94a2ac86634d.tar.gz |
all: add 802-1x.optional property
-rw-r--r-- | clients/common/nm-meta-setting-desc.c | 3 | ||||
-rw-r--r-- | clients/common/settings-docs.h.in | 1 | ||||
-rw-r--r-- | libnm-core/nm-setting-8021x.c | 60 | ||||
-rw-r--r-- | libnm-core/nm-setting-8021x.h | 3 | ||||
-rw-r--r-- | libnm/libnm.ver | 1 | ||||
-rw-r--r-- | src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 5 | ||||
-rw-r--r-- | src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 5 |
7 files changed, 78 insertions, 0 deletions
diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c index cd3dc8d26e..93833f3acb 100644 --- a/clients/common/nm-meta-setting-desc.c +++ b/clients/common/nm-meta-setting-desc.c @@ -4487,6 +4487,9 @@ static const NMMetaPropertyInfo *const property_infos_6LOWPAN[] = { #undef _CURRENT_NM_META_SETTING_TYPE #define _CURRENT_NM_META_SETTING_TYPE NM_META_SETTING_TYPE_802_1X static const NMMetaPropertyInfo *const property_infos_802_1X[] = { + PROPERTY_INFO_WITH_DESC (NM_SETTING_802_1X_OPTIONAL, + .property_type = &_pt_gobject_bool, + ), PROPERTY_INFO_WITH_DESC (NM_SETTING_802_1X_EAP, .property_type = &_pt_multilist, .property_typ_data = DEFINE_PROPERTY_TYP_DATA ( diff --git a/clients/common/settings-docs.h.in b/clients/common/settings-docs.h.in index 5316f11ccb..24583e2a3d 100644 --- a/clients/common/settings-docs.h.in +++ b/clients/common/settings-docs.h.in @@ -54,6 +54,7 @@ #define DESCRIBE_DOC_NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH N_("Constraint for server domain name. If set, this FQDN is used as a suffix match requirement for dNSName element(s) of the certificate presented by the authentication server. If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same suffix match comparison.") #define DESCRIBE_DOC_NM_SETTING_802_1X_EAP N_("The allowed EAP method to be used when authenticating to the network with 802.1x. Valid methods are: \"leap\", \"md5\", \"tls\", \"peap\", \"ttls\", \"pwd\", and \"fast\". Each method requires different configuration using the properties of this setting; refer to wpa_supplicant documentation for the allowed combinations.") #define DESCRIBE_DOC_NM_SETTING_802_1X_IDENTITY N_("Identity string for EAP authentication methods. Often the user's user or login name.") +#define DESCRIBE_DOC_NM_SETTING_802_1X_OPTIONAL N_("Whether the 802.1X is optional. If TRUE, the activation will continue even after a authentication failure. Setting the property to TRUE is currently allowed only for Ethernet connections.") #define DESCRIBE_DOC_NM_SETTING_802_1X_PAC_FILE N_("UTF-8 encoded file path containing PAC for EAP-FAST.") #define DESCRIBE_DOC_NM_SETTING_802_1X_PASSWORD N_("UTF-8 encoded password used for EAP authentication methods. If both the \"password\" property and the \"password-raw\" property are specified, \"password\" is preferred.") #define DESCRIBE_DOC_NM_SETTING_802_1X_PASSWORD_FLAGS N_("Flags indicating how to handle the \"password\" property.") diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c index c571bca83d..5ca92cb1f5 100644 --- a/libnm-core/nm-setting-8021x.c +++ b/libnm-core/nm-setting-8021x.c @@ -138,6 +138,7 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMSetting8021x, PROP_PIN, PROP_PIN_FLAGS, PROP_SYSTEM_CA_CERTS, + PROP_OPTIONAL, PROP_AUTH_TIMEOUT, ); @@ -186,6 +187,7 @@ typedef struct { NMSettingSecretFlags phase2_private_key_password_flags; gboolean system_ca_certs; int auth_timeout; + gboolean optional; } NMSetting8021xPrivate; G_DEFINE_TYPE (NMSetting8021x, nm_setting_802_1x, NM_TYPE_SETTING) @@ -2429,6 +2431,25 @@ nm_setting_802_1x_get_auth_timeout (NMSetting8021x *setting) return NM_SETTING_802_1X_GET_PRIVATE (setting)->auth_timeout; } +/** + * nm_setting_802_1x_get_optional: + * @setting: the #NMSetting8021x + * + * Returns the value contained in the #NMSetting8021x:optional property. + * + * Returns: %TRUE if the activation should proceed even when the 802.1X + * authentication fails; %FALSE otherwise + * + * Since: 1.8 + **/ +gboolean +nm_setting_802_1x_get_optional (NMSetting8021x *setting) +{ + g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), FALSE); + + return NM_SETTING_802_1X_GET_PRIVATE (setting)->optional; +} + /*****************************************************************************/ static void @@ -2815,6 +2836,16 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) if (error) g_return_val_if_fail (*error == NULL, FALSE); + if ( priv->optional + && !nm_streq (nm_connection_get_connection_type (connection), NM_SETTING_WIRED_SETTING_NAME)) { + g_set_error_literal (error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("can be enabled only on Ethernet connections")); + g_prefix_error (error, "%s.%s: ", NM_SETTING_802_1X_SETTING_NAME, NM_SETTING_802_1X_OPTIONAL); + return FALSE; + } + if (!priv->eap) { g_set_error_literal (error, NM_CONNECTION_ERROR, @@ -3155,6 +3186,9 @@ get_property (GObject *object, guint prop_id, case PROP_AUTH_TIMEOUT: g_value_set_int (value, priv->auth_timeout); break; + case PROP_OPTIONAL: + g_value_set_boolean (value, priv->optional); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -3333,6 +3367,9 @@ set_property (GObject *object, guint prop_id, case PROP_AUTH_TIMEOUT: priv->auth_timeout = g_value_get_int (value); break; + case PROP_OPTIONAL: + priv->optional = g_value_get_boolean (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -4402,6 +4439,29 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *klass) NM_SETTING_PARAM_FUZZY_IGNORE | G_PARAM_STATIC_STRINGS); + /** + * NMSetting8021x:optional: + * + * Whether the 802.1X is optional. If %TRUE, the activation will continue + * even after a authentication failure. Setting the property to %TRUE is + * currently allowed only for Ethernet connections. + * + * Since: 1.20 + **/ + /* ---ifcfg-rh--- + * property: optional + * variable: IEEE_8021X_OPTIONAL(+) + * default=no + * description: whether the 802.1X authentication is optional + * ---end--- + */ + obj_properties[PROP_OPTIONAL] = + g_param_spec_boolean (NM_SETTING_802_1X_OPTIONAL, "", "", + FALSE, + G_PARAM_READWRITE | + G_PARAM_CONSTRUCT | + G_PARAM_STATIC_STRINGS); + g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties); _nm_setting_class_commit (setting_class, NM_META_SETTING_TYPE_802_1X); diff --git a/libnm-core/nm-setting-8021x.h b/libnm-core/nm-setting-8021x.h index 5a5ae65042..22283d3ca3 100644 --- a/libnm-core/nm-setting-8021x.h +++ b/libnm-core/nm-setting-8021x.h @@ -148,6 +148,7 @@ typedef enum { /*< underscore_name=nm_setting_802_1x_auth_flags >*/ #define NM_SETTING_802_1X_PIN_FLAGS "pin-flags" #define NM_SETTING_802_1X_SYSTEM_CA_CERTS "system-ca-certs" #define NM_SETTING_802_1X_AUTH_TIMEOUT "auth-timeout" +#define NM_SETTING_802_1X_OPTIONAL "optional" /* PRIVATE KEY NOTE: when setting PKCS#12 private keys directly via properties * using the "blob" scheme, the data must be passed in PKCS#12 binary format. @@ -357,6 +358,8 @@ NM_AVAILABLE_IN_1_8 NMSetting8021xAuthFlags nm_setting_802_1x_get_phase1_auth_flags (NMSetting8021x *setting); NM_AVAILABLE_IN_1_8 int nm_setting_802_1x_get_auth_timeout (NMSetting8021x *setting); +NM_AVAILABLE_IN_1_20 +gboolean nm_setting_802_1x_get_optional (NMSetting8021x *setting); G_END_DECLS diff --git a/libnm/libnm.ver b/libnm/libnm.ver index de73be0f69..9307f24e03 100644 --- a/libnm/libnm.ver +++ b/libnm/libnm.ver @@ -1619,4 +1619,5 @@ global: nm_setting_ovs_dpdk_get_devargs; nm_setting_ovs_dpdk_get_type; nm_setting_ovs_dpdk_new; + nm_setting_802_1x_get_optional; } libnm_1_18_0; diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c index 99e48d6b2a..46e1ec61f3 100644 --- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c +++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c @@ -3604,6 +3604,11 @@ next: timeout = svGetValueInt64 (ifcfg, "IEEE_8021X_AUTH_TIMEOUT", 10, 0, G_MAXINT32, 0); g_object_set (s_8021x, NM_SETTING_802_1X_AUTH_TIMEOUT, (int) timeout, NULL); + g_object_set (s_8021x, + NM_SETTING_802_1X_OPTIONAL, + svGetValueBoolean (ifcfg, "IEEE_8021X_OPTIONAL", FALSE), + NULL); + return g_steal_pointer (&s_8021x); } diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c index 38dc5c8dbb..f3cd71bdc9 100644 --- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c +++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c @@ -537,6 +537,11 @@ write_8021x_setting (NMConnection *connection, vint = nm_setting_802_1x_get_auth_timeout (s_8021x); svSetValueInt64_cond (ifcfg, "IEEE_8021X_AUTH_TIMEOUT", vint > 0, vint); + if (nm_setting_802_1x_get_optional (s_8021x)) + svSetValueBoolean (ifcfg, "IEEE_8021X_OPTIONAL", TRUE); + else + svUnsetValue (ifcfg, "IEEE_8021X_OPTIONAL"); + if (!write_8021x_certs (s_8021x, secrets, blobs, FALSE, ifcfg, error)) return FALSE; |