Re: [PATCH 1/3] settings: add 802.1X setting properties for subject and altsubject matches
- From: Evan Broder <evan ebroder net>
- To: Dan Williams <dcbw redhat com>
- Cc: networkmanager-list gnome org
- Subject: Re: [PATCH 1/3] settings: add 802.1X setting properties for subject and altsubject matches
- Date: Sun, 21 Aug 2011 10:49:32 -0700
Sorry, my git-send-email-fu is apparently not what I hoped it was.
This is my patchset for the 0.8.x branch.
Thanks,
- Evan
On Sun, Aug 21, 2011 at 10:45 AM, Evan Broder <evan ebroder net> wrote:
> Includes subject_match and phase2_subject_match (string) parameters,
> and altsubject_matches and phase2_altsubject_matches (list of string)
> parameters.
>
> subject_match is matched against a substring of the subject from the
> certificate presented by the remote authentication server. If this
> option is unset, no subject verification is performed.
>
> altsubject_matches are each tested against the alternate subject name
> (altSubjectName) of the certificate presented by the remote
> authentication server. If this option is unset, no verification of the
> altSubjectName is performed.
> ---
> libnm-util/libnm-util.ver | 12 ++
> libnm-util/nm-setting-8021x.c | 386 +++++++++++++++++++++++++++++++++++++++++
> libnm-util/nm-setting-8021x.h | 26 +++
> 3 files changed, 424 insertions(+), 0 deletions(-)
>
> diff --git a/libnm-util/libnm-util.ver b/libnm-util/libnm-util.ver
> index b348fd6..809c1d1 100644
> --- a/libnm-util/libnm-util.ver
> +++ b/libnm-util/libnm-util.ver
> @@ -75,10 +75,15 @@ global:
> nm_ip6_route_set_next_hop;
> nm_ip6_route_set_prefix;
> nm_ip6_route_unref;
> + nm_setting_802_1x_add_altsubject_match;
> nm_setting_802_1x_add_eap_method;
> + nm_setting_802_1x_add_phase2_altsubject_match;
> + nm_setting_802_1x_clear_altsubject_matches;
> nm_setting_802_1x_clear_eap_methods;
> + nm_setting_802_1x_clear_phase2_altsubject_matches;
> nm_setting_802_1x_error_get_type;
> nm_setting_802_1x_error_quark;
> + nm_setting_802_1x_get_altsubject_match;
> nm_setting_802_1x_get_anonymous_identity;
> nm_setting_802_1x_get_ca_cert;
> nm_setting_802_1x_get_ca_cert_blob;
> @@ -91,11 +96,14 @@ global:
> nm_setting_802_1x_get_client_cert_scheme;
> nm_setting_802_1x_get_eap_method;
> nm_setting_802_1x_get_identity;
> + nm_setting_802_1x_get_num_altsubject_matches;
> nm_setting_802_1x_get_num_eap_methods;
> + nm_setting_802_1x_get_num_phase2_altsubject_matches;
> nm_setting_802_1x_get_password;
> nm_setting_802_1x_get_phase1_fast_provisioning;
> nm_setting_802_1x_get_phase1_peaplabel;
> nm_setting_802_1x_get_phase1_peapver;
> + nm_setting_802_1x_get_phase2_altsubject_match;
> nm_setting_802_1x_get_phase2_auth;
> nm_setting_802_1x_get_phase2_autheap;
> nm_setting_802_1x_get_phase2_ca_cert;
> @@ -114,6 +122,7 @@ global:
> nm_setting_802_1x_get_phase2_private_key_path;
> nm_setting_802_1x_get_phase2_private_key_scheme;
> nm_setting_802_1x_get_phase2_private_key_type;
> + nm_setting_802_1x_get_phase2_subject_match;
> nm_setting_802_1x_get_pin;
> nm_setting_802_1x_get_private_key;
> nm_setting_802_1x_get_private_key_blob;
> @@ -123,10 +132,13 @@ global:
> nm_setting_802_1x_get_private_key_scheme;
> nm_setting_802_1x_get_private_key_type;
> nm_setting_802_1x_get_psk;
> + nm_setting_802_1x_get_subject_match;
> nm_setting_802_1x_get_system_ca_certs;
> nm_setting_802_1x_get_type;
> nm_setting_802_1x_new;
> + nm_setting_802_1x_remove_altsubject_match;
> nm_setting_802_1x_remove_eap_method;
> + nm_setting_802_1x_remove_phase2_altsubject_match;
> nm_setting_802_1x_set_ca_cert;
> nm_setting_802_1x_set_ca_cert_from_file;
> nm_setting_802_1x_set_client_cert;
> diff --git a/libnm-util/nm-setting-8021x.c b/libnm-util/nm-setting-8021x.c
> index eea6ba5..a322aa7 100644
> --- a/libnm-util/nm-setting-8021x.c
> +++ b/libnm-util/nm-setting-8021x.c
> @@ -115,6 +115,8 @@ typedef struct {
> char *anonymous_identity;
> GByteArray *ca_cert;
> char *ca_path;
> + char *subject_match;
> + GSList *altsubject_matches;
> GByteArray *client_cert;
> char *phase1_peapver;
> char *phase1_peaplabel;
> @@ -123,6 +125,8 @@ typedef struct {
> char *phase2_autheap;
> GByteArray *phase2_ca_cert;
> char *phase2_ca_path;
> + char *phase2_subject_match;
> + GSList *phase2_altsubject_matches;
> GByteArray *phase2_client_cert;
> char *password;
> char *pin;
> @@ -141,6 +145,8 @@ enum {
> PROP_ANONYMOUS_IDENTITY,
> PROP_CA_CERT,
> PROP_CA_PATH,
> + PROP_SUBJECT_MATCH,
> + PROP_ALTSUBJECT_MATCHES,
> PROP_CLIENT_CERT,
> PROP_PHASE1_PEAPVER,
> PROP_PHASE1_PEAPLABEL,
> @@ -149,6 +155,8 @@ enum {
> PROP_PHASE2_AUTHEAP,
> PROP_PHASE2_CA_CERT,
> PROP_PHASE2_CA_PATH,
> + PROP_PHASE2_SUBJECT_MATCH,
> + PROP_PHASE2_ALTSUBJECT_MATCHES,
> PROP_PHASE2_CLIENT_CERT,
> PROP_PASSWORD,
> PROP_PRIVATE_KEY,
> @@ -616,6 +624,135 @@ nm_setting_802_1x_set_ca_cert_from_file (NMSetting8021x *setting,
> }
>
> /**
> + * nm_setting_802_1x_get_subject_match:
> + * @setting: the #NMSetting8021x
> + *
> + * Returns: the #NMSetting8021x:subject-match property. This is the
> + * substring to be matched against the subject of the authentication
> + * server certificate, or NULL no subject verification is to be
> + * performed.
> + **/
> +const char *
> +nm_setting_802_1x_get_subject_match (NMSetting8021x *setting)
> +{
> + g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
> +
> + return NM_SETTING_802_1X_GET_PRIVATE (setting)->subject_match;
> +}
> +
> +/**
> + * nm_setting_802_1x_get_num_altsubject_matches:
> + * @setting: the #NMSetting8021x
> + *
> + * Returns the number of entries in the
> + * #NMSetting8021x:altsubject-matches property of this setting.
> + *
> + * Returns: the number of altsubject-matches entries.
> + **/
> +guint32
> +nm_setting_802_1x_get_num_altsubject_matches (NMSetting8021x *setting)
> +{
> + g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), 0);
> +
> + return g_slist_length (NM_SETTING_802_1X_GET_PRIVATE (setting)->altsubject_matches);
> +}
> +
> +/**
> + * nm_setting_802_1x_get_altsubject_match:
> + * @setting: the #NMSettingConnection
> + * @i: the zero-based index of the array of altSubjectName matches
> + *
> + * Returns the altSubjectName match at index @i.
> + *
> + * Returns: the altSubjectName match at index @i
> + **/
> +const char *
> +nm_setting_802_1x_get_altsubject_match (NMSetting8021x *setting, guint32 i)
> +{
> + NMSetting8021xPrivate *priv;
> +
> + g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
> +
> + priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
> + g_return_val_if_fail (i <= g_slist_length (priv->altsubject_matches), NULL);
> +
> + return (const char *) g_slist_nth_data (priv->altsubject_matches, i);
> +}
> +
> +/**
> + * nm_setting_802_1x_add_altsubject_match:
> + * @setting: the #NMSetting8021x
> + * @altsubject_match: the altSubjectName to allow for this connection
> + *
> + * Adds an allowed alternate subject name match. Until at least one
> + * match is added, the altSubjectName of the remote authentication
> + * server is not verified.
> + *
> + * Returns: TRUE if the alternative subject name match was
> + * successfully added, FALSE if it was already allowed.
> + **/
> +gboolean
> +nm_setting_802_1x_add_altsubject_match (NMSetting8021x *setting,
> + const char *altsubject_match)
> +{
> + NMSetting8021xPrivate *priv;
> + GSList *iter;
> +
> + g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), FALSE);
> + g_return_val_if_fail (altsubject_match != NULL, FALSE);
> +
> + priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
> + for (iter = priv->altsubject_matches; iter; iter = g_slist_next (iter)) {
> + if (!strcmp (altsubject_match, (char *) iter->data))
> + return FALSE;
> + }
> +
> + priv->altsubject_matches = g_slist_append (priv->altsubject_matches, g_strdup (altsubject_match));
> + return TRUE;
> +}
> +
> +/**
> + * nm_setting_802_1x_remove_altsubject_match:
> + * @setting: the #NMSetting8021x
> + * @i: the index of the altSubjectName match to remove
> + *
> + * Removes the allowed altSubjectName at the specified index.
> + **/
> +void
> +nm_setting_802_1x_remove_altsubject_match (NMSetting8021x *setting, guint32 i)
> +{
> + NMSetting8021xPrivate *priv;
> + GSList *elt;
> +
> + g_return_if_fail (NM_IS_SETTING_802_1X (setting));
> +
> + priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
> + elt = g_slist_nth (priv->altsubject_matches, i);
> + g_return_if_fail (elt != NULL);
> +
> + g_free (elt->data);
> + priv->altsubject_matches = g_slist_delete_link (priv->altsubject_matches, elt);
> +}
> +
> +/**
> + * nm_setting_802_1x_clear_altsubject_matches:
> + * @setting: the #NMSetting8021x
> + *
> + * Clears all altSubjectName matches.
> + **/
> +void
> +nm_setting_802_1x_clear_altsubject_matches (NMSetting8021x *setting)
> +{
> + NMSetting8021xPrivate *priv;
> +
> + g_return_if_fail (NM_IS_SETTING_802_1X (setting));
> +
> + priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
> + nm_utils_slist_free (priv->altsubject_matches, g_free);
> + priv->altsubject_matches = NULL;
> +}
> +
> +/**
> * nm_setting_802_1x_get_client_cert_scheme:
> * @setting: the #NMSetting8021x
> *
> @@ -1156,6 +1293,137 @@ nm_setting_802_1x_set_phase2_ca_cert_from_file (NMSetting8021x *setting,
> return success;
> }
>
> +/*
> + * nm_setting_802_1x_get_phase2_subject_match:
> + * @setting: the #NMSetting8021x
> + *
> + * Returns: the #NMSetting8021x:phase2-subject-match property. This is
> + * the substring to be matched against the subject of the "phase 2"
> + * authentication server certificate, or NULL no subject verification
> + * is to be performed.
> + **/
> +const char *
> +nm_setting_802_1x_get_phase2_subject_match (NMSetting8021x *setting)
> +{
> + g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
> +
> + return NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_subject_match;
> +}
> +
> +/**
> + * nm_setting_802_1x_get_num_phase2_altsubject_matches:
> + * @setting: the #NMSetting8021x
> + *
> + * Returns the number of entries in the
> + * #NMSetting8021x:phase2-altsubject-matches property of this setting.
> + *
> + * Returns: the number of phase2-altsubject-matches entries.
> + **/
> +guint32
> +nm_setting_802_1x_get_num_phase2_altsubject_matches (NMSetting8021x *setting)
> +{
> + g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), 0);
> +
> + return g_slist_length (NM_SETTING_802_1X_GET_PRIVATE (setting)->phase2_altsubject_matches);
> +}
> +
> +/**
> + * nm_setting_802_1x_get_phase2_altsubject_match:
> + * @setting: the #NMSettingConnection
> + * @i: the zero-based index of the array of "phase 2" altSubjectName matches
> + *
> + * Returns the "phase 2" altSubjectName match at index @i.
> + *
> + * Returns: the "phase 2" altSubjectName match at index @i
> + **/
> +const char *
> +nm_setting_802_1x_get_phase2_altsubject_match (NMSetting8021x *setting, guint32 i)
> +{
> + NMSetting8021xPrivate *priv;
> +
> + g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL);
> +
> + priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
> + g_return_val_if_fail (i <= g_slist_length (priv->phase2_altsubject_matches), NULL);
> +
> + return (const char *) g_slist_nth_data (priv->phase2_altsubject_matches, i);
> +}
> +
> +/**
> + * nm_setting_802_1x_add_phase2_altsubject_match:
> + * @setting: the #NMSetting8021x
> + * @altsubject_match: the "phase 2" altSubjectName to allow for this
> + * connection
> + *
> + * Adds an allowed alternate subject name match for "phase 2". Until
> + * at least one match is added, the altSubjectName of the "phase 2"
> + * remote authentication server is not verified.
> + *
> + * Returns: TRUE if the "phase 2" alternative subject name match was
> + * successfully added, FALSE if it was already allowed.
> + **/
> +gboolean
> +nm_setting_802_1x_add_phase2_altsubject_match (NMSetting8021x *setting,
> + const char *phase2_altsubject_match)
> +{
> + NMSetting8021xPrivate *priv;
> + GSList *iter;
> +
> + g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), FALSE);
> + g_return_val_if_fail (phase2_altsubject_match != NULL, FALSE);
> +
> + priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
> + for (iter = priv->phase2_altsubject_matches; iter; iter = g_slist_next (iter)) {
> + if (!strcmp (phase2_altsubject_match, (char *) iter->data))
> + return FALSE;
> + }
> +
> + priv->phase2_altsubject_matches = g_slist_append (priv->altsubject_matches,
> + g_strdup (phase2_altsubject_match));
> + return TRUE;
> +}
> +
> +/**
> + * nm_setting_802_1x_remove_phase2_altsubject_match:
> + * @setting: the #NMSetting8021x
> + * @i: the index of the "phase 2" altSubjectName match to remove
> + *
> + * Removes the allowed "phase 2" altSubjectName at the specified index.
> + **/
> +void
> +nm_setting_802_1x_remove_phase2_altsubject_match (NMSetting8021x *setting, guint32 i)
> +{
> + NMSetting8021xPrivate *priv;
> + GSList *elt;
> +
> + g_return_if_fail (NM_IS_SETTING_802_1X (setting));
> +
> + priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
> + elt = g_slist_nth (priv->phase2_altsubject_matches, i);
> + g_return_if_fail (elt != NULL);
> +
> + g_free (elt->data);
> + priv->phase2_altsubject_matches = g_slist_delete_link (priv->phase2_altsubject_matches, elt);
> +}
> +
> +/**
> + * nm_setting_802_1x_clear_phase2_altsubject_matches:
> + * @setting: the #NMSetting8021x
> + *
> + * Clears all "phase 2" altSubjectName matches.
> + **/
> +void
> +nm_setting_802_1x_clear_phase2_altsubject_matches (NMSetting8021x *setting)
> +{
> + NMSetting8021xPrivate *priv;
> +
> + g_return_if_fail (NM_IS_SETTING_802_1X (setting));
> +
> + priv = NM_SETTING_802_1X_GET_PRIVATE (setting);
> + nm_utils_slist_free (priv->phase2_altsubject_matches, g_free);
> + priv->phase2_altsubject_matches = NULL;
> +}
> +
> /**
> * nm_setting_802_1x_get_phase2_client_cert_scheme:
> * @setting: the #NMSetting8021x
> @@ -2670,15 +2938,19 @@ finalize (GObject *object)
> g_free (priv->identity);
> g_free (priv->anonymous_identity);
> g_free (priv->ca_path);
> + g_free (priv->subject_match);
> g_free (priv->phase1_peapver);
> g_free (priv->phase1_peaplabel);
> g_free (priv->phase1_fast_provisioning);
> g_free (priv->phase2_auth);
> g_free (priv->phase2_autheap);
> g_free (priv->phase2_ca_path);
> + g_free (priv->phase2_subject_match);
> g_free (priv->password);
>
> nm_utils_slist_free (priv->eap, g_free);
> + nm_utils_slist_free (priv->altsubject_matches, g_free);
> + nm_utils_slist_free (priv->phase2_altsubject_matches, g_free);
>
> if (priv->ca_cert)
> g_byte_array_free (priv->ca_cert, TRUE);
> @@ -2753,6 +3025,14 @@ set_property (GObject *object, guint prop_id,
> g_free (priv->ca_path);
> priv->ca_path = g_value_dup_string (value);
> break;
> + case PROP_SUBJECT_MATCH:
> + g_free (priv->subject_match);
> + priv->subject_match = g_value_dup_string (value);
> + break;
> + case PROP_ALTSUBJECT_MATCHES:
> + nm_utils_slist_free (priv->altsubject_matches, g_free);
> + priv->altsubject_matches = g_value_dup_boxed (value);
> + break;
> case PROP_CLIENT_CERT:
> if (priv->client_cert) {
> g_byte_array_free (priv->client_cert, TRUE);
> @@ -2801,6 +3081,14 @@ set_property (GObject *object, guint prop_id,
> g_free (priv->phase2_ca_path);
> priv->phase2_ca_path = g_value_dup_string (value);
> break;
> + case PROP_PHASE2_SUBJECT_MATCH:
> + g_free (priv->phase2_subject_match);
> + priv->phase2_subject_match = g_value_dup_string (value);
> + break;
> + case PROP_PHASE2_ALTSUBJECT_MATCHES:
> + nm_utils_slist_free (priv->phase2_altsubject_matches, g_free);
> + priv->phase2_altsubject_matches = g_value_dup_boxed (value);
> + break;
> case PROP_PHASE2_CLIENT_CERT:
> if (priv->phase2_client_cert) {
> g_byte_array_free (priv->phase2_client_cert, TRUE);
> @@ -2881,6 +3169,12 @@ get_property (GObject *object, guint prop_id,
> case PROP_CA_PATH:
> g_value_set_string (value, priv->ca_path);
> break;
> + case PROP_SUBJECT_MATCH:
> + g_value_set_string (value, priv->subject_match);
> + break;
> + case PROP_ALTSUBJECT_MATCHES:
> + g_value_set_boxed (value, priv->altsubject_matches);
> + break;
> case PROP_CLIENT_CERT:
> g_value_set_boxed (value, priv->client_cert);
> break;
> @@ -2905,6 +3199,12 @@ get_property (GObject *object, guint prop_id,
> case PROP_PHASE2_CA_PATH:
> g_value_set_string (value, priv->phase2_ca_path);
> break;
> + case PROP_PHASE2_SUBJECT_MATCH:
> + g_value_set_string (value, priv->phase2_subject_match);
> + break;
> + case PROP_PHASE2_ALTSUBJECT_MATCHES:
> + g_value_set_boxed (value, priv->phase2_altsubject_matches);
> + break;
> case PROP_PHASE2_CLIENT_CERT:
> g_value_set_boxed (value, priv->phase2_client_cert);
> break;
> @@ -3054,6 +3354,47 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
> G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
>
> /**
> + * NMSetting8021x:subject-match:
> + *
> + * Substring to be matched against the subject of the certificate
> + * presented by the authentication server. When unset, no
> + * verification of the authentication server certificate's subject
> + * is performed.
> + **/
> + g_object_class_install_property
> + (object_class, PROP_SUBJECT_MATCH,
> + g_param_spec_string (NM_SETTING_802_1X_SUBJECT_MATCH,
> + "Subject match",
> + "Substring to be matched against the subject of "
> + "the certificate presented by the authentication "
> + "server. When unset, no verification of the "
> + "authentication server certificate's subject is "
> + "performed.",
> + NULL,
> + G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
> +
> + /**
> + * NMSetting8021x:altsubject-matches:
> + *
> + * List of strings to be matched against the altSubjectName of the
> + * certificate presented by the authentication server. If the list
> + * is empty, no verification of the server certificate's
> + * altSubjectName is performed.
> + **/
> + g_object_class_install_property
> + (object_class, PROP_ALTSUBJECT_MATCHES,
> + _nm_param_spec_specialized (NM_SETTING_802_1X_ALTSUBJECT_MATCHES,
> + "altSubjectName matches",
> + "List of strings to be matched against "
> + "the altSubjectName of the certificate "
> + "presented by the authentication server. "
> + "If the list is empty, no verification "
> + "of the server certificate's "
> + "altSubjectName is performed.",
> + DBUS_TYPE_G_LIST_OF_STRING,
> + G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
> +
> + /**
> * NMSetting8021x:client-cert:
> *
> * Contains the client certificate if used by the EAP method specified in
> @@ -3246,6 +3587,51 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
> G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
>
> /**
> + * NMSetting8021x:phase2-subject-match:
> + *
> + * Substring to be matched against the subject of the certificate
> + * presented by the authentication server during the inner "phase
> + * 2" authentication. When unset, no verification of the
> + * authentication server certificate's subject is performed.
> + **/
> + g_object_class_install_property
> + (object_class, PROP_PHASE2_SUBJECT_MATCH,
> + g_param_spec_string (NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH,
> + "Phase2 subject match",
> + "Substring to be matched against the subject of "
> + "the certificate presented by the authentication "
> + "server during the inner 'phase2' "
> + "authentication. When unset, no verification of "
> + "the authentication server certificate's subject "
> + "is performed.",
> + NULL,
> + G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
> +
> + /**
> + * NMSetting8021x:phase2-altsubject-matches:
> + *
> + * List of strings to be matched against the altSubjectName of the
> + * certificate presented by the authentication server during the
> + * inner "phase 2" authentication. If the list is empty, no
> + * verification of the server certificate's altSubjectName is
> + * performed.
> + **/
> + g_object_class_install_property
> + (object_class, PROP_PHASE2_ALTSUBJECT_MATCHES,
> + _nm_param_spec_specialized (NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES,
> + "altSubjectName matches",
> + "List of strings to be matched against "
> + "List of strings to be matched against "
> + "the altSubjectName of the certificate "
> + "presented by the authentication server "
> + "during the inner 'phase 2' "
> + "authentication. If the list is empty, no "
> + "verification of the server certificate's "
> + "altSubjectName is performed.",
> + DBUS_TYPE_G_LIST_OF_STRING,
> + G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
> +
> + /**
> * NMSetting8021x:phase2-client-cert:
> *
> * Contains the client certificate if used by the EAP method specified in
> diff --git a/libnm-util/nm-setting-8021x.h b/libnm-util/nm-setting-8021x.h
> index 7ee868a..930c1da 100644
> --- a/libnm-util/nm-setting-8021x.h
> +++ b/libnm-util/nm-setting-8021x.h
> @@ -71,6 +71,8 @@ GQuark nm_setting_802_1x_error_quark (void);
> #define NM_SETTING_802_1X_ANONYMOUS_IDENTITY "anonymous-identity"
> #define NM_SETTING_802_1X_CA_CERT "ca-cert"
> #define NM_SETTING_802_1X_CA_PATH "ca-path"
> +#define NM_SETTING_802_1X_SUBJECT_MATCH "subject-match"
> +#define NM_SETTING_802_1X_ALTSUBJECT_MATCHES "altsubject-matches"
> #define NM_SETTING_802_1X_CLIENT_CERT "client-cert"
> #define NM_SETTING_802_1X_PHASE1_PEAPVER "phase1-peapver"
> #define NM_SETTING_802_1X_PHASE1_PEAPLABEL "phase1-peaplabel"
> @@ -79,6 +81,8 @@ GQuark nm_setting_802_1x_error_quark (void);
> #define NM_SETTING_802_1X_PHASE2_AUTHEAP "phase2-autheap"
> #define NM_SETTING_802_1X_PHASE2_CA_CERT "phase2-ca-cert"
> #define NM_SETTING_802_1X_PHASE2_CA_PATH "phase2-ca-path"
> +#define NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH "phase2-subject-match"
> +#define NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES "phase2-altsubject-matches"
> #define NM_SETTING_802_1X_PHASE2_CLIENT_CERT "phase2-client-cert"
> #define NM_SETTING_802_1X_PASSWORD "password"
> #define NM_SETTING_802_1X_PRIVATE_KEY "private-key"
> @@ -154,6 +158,17 @@ gboolean nm_setting_802_1x_set_ca_cert (NMSetting8
> NMSetting8021xCKFormat *out_format,
> GError **error);
>
> +const char * nm_setting_802_1x_get_subject_match (NMSetting8021x *setting);
> +
> +guint32 nm_setting_802_1x_get_num_altsubject_matches (NMSetting8021x *setting);
> +const char * nm_setting_802_1x_get_altsubject_match (NMSetting8021x *setting,
> + guint32 i);
> +gboolean nm_setting_802_1x_add_altsubject_match (NMSetting8021x *setting,
> + const char *altsubject_match);
> +void nm_setting_802_1x_remove_altsubject_match (NMSetting8021x *setting,
> + guint32 i);
> +void nm_setting_802_1x_clear_altsubject_matches (NMSetting8021x *setting);
> +
> NMSetting8021xCKScheme nm_setting_802_1x_get_client_cert_scheme (NMSetting8021x *setting);
> const GByteArray * nm_setting_802_1x_get_client_cert_blob (NMSetting8021x *setting);
> const char * nm_setting_802_1x_get_client_cert_path (NMSetting8021x *setting);
> @@ -182,6 +197,17 @@ gboolean nm_setting_802_1x_set_phase2_ca_cert (NMSetting8
> NMSetting8021xCKFormat *out_format,
> GError **error);
>
> +const char * nm_setting_802_1x_get_phase2_subject_match (NMSetting8021x *setting);
> +
> +guint32 nm_setting_802_1x_get_num_phase2_altsubject_matches (NMSetting8021x *setting);
> +const char * nm_setting_802_1x_get_phase2_altsubject_match (NMSetting8021x *setting,
> + guint32 i);
> +gboolean nm_setting_802_1x_add_phase2_altsubject_match (NMSetting8021x *setting,
> + const char *phase2_altsubject_match);
> +void nm_setting_802_1x_remove_phase2_altsubject_match (NMSetting8021x *setting,
> + guint32 i);
> +void nm_setting_802_1x_clear_phase2_altsubject_matches (NMSetting8021x *setting);
> +
> NMSetting8021xCKScheme nm_setting_802_1x_get_phase2_client_cert_scheme (NMSetting8021x *setting);
> const GByteArray * nm_setting_802_1x_get_phase2_client_cert_blob (NMSetting8021x *setting);
> const char * nm_setting_802_1x_get_phase2_client_cert_path (NMSetting8021x *setting);
> --
> 1.7.4.1
>
>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]