Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:11.1
NetworkManager
nm-pkcs11.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nm-pkcs11.patch of Package NetworkManager
From d04ea4e27f98d005b4d1c0d7e8d306cc4e080533 Mon Sep 17 00:00:00 2001 From: Tambet Ingo <tambet@gmail.com> Date: Fri, 21 Nov 2008 11:15:02 +0200 Subject: [PATCH] pkcs11. --- libnm-util/libnm-util.ver | 4 + libnm-util/nm-setting-8021x.c | 122 +++++++++++++++++++- libnm-util/nm-setting-8021x.h | 9 ++ src/supplicant-manager/nm-supplicant-config.c | 92 ++++++++++++++- src/supplicant-manager/nm-supplicant-config.h | 15 +++ src/supplicant-manager/nm-supplicant-interface.c | 42 ++++++- .../nm-supplicant-settings-verify.c | 5 + 7 files changed, 283 insertions(+), 6 deletions(-) diff --git a/libnm-util/libnm-util.ver b/libnm-util/libnm-util.ver index 642ff02..fab0950 100644 --- a/libnm-util/libnm-util.ver +++ b/libnm-util/libnm-util.ver @@ -55,6 +55,10 @@ global: nm_setting_802_1x_get_phase2_private_key_password; nm_setting_802_1x_get_phase2_private_key_type; nm_setting_802_1x_get_pin; + nm_setting_802_1x_get_pkcs11_engine_path; + nm_setting_802_1x_get_pkcs11_module_path; + nm_setting_802_1x_get_pkcs11_module_init_args; + nm_setting_802_1x_get_pkcs11_slot; nm_setting_802_1x_get_private_key; nm_setting_802_1x_set_private_key_from_file; nm_setting_802_1x_get_private_key_password; diff --git a/libnm-util/nm-setting-8021x.c b/libnm-util/nm-setting-8021x.c index e7bb8eb..36ce41c 100644 --- a/libnm-util/nm-setting-8021x.c +++ b/libnm-util/nm-setting-8021x.c @@ -93,6 +93,10 @@ typedef struct { char *private_key_password; GByteArray *phase2_private_key; char *phase2_private_key_password; + char *pkcs11_engine_path; + char *pkcs11_module_path; + char *pkcs11_module_init_args; + guint pkcs11_slot; } NMSetting8021xPrivate; enum { @@ -118,6 +122,10 @@ enum { PROP_PHASE2_PRIVATE_KEY_PASSWORD, PROP_PIN, PROP_PSK, + PROP_PKCS11_ENGINE_PATH, + PROP_PKCS11_MODULE_PATH, + PROP_PKCS11_MODULE_INIT_ARGS, + PROP_PKCS11_SLOT, LAST_PROP }; @@ -679,6 +687,38 @@ nm_setting_802_1x_get_phase2_private_key_type (NMSetting8021x *setting) return NM_SETTING_802_1X_CK_TYPE_X509; } +const char * +nm_setting_802_1x_get_pkcs11_engine_path (NMSetting8021x *setting) +{ + g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL); + + return NM_SETTING_802_1X_GET_PRIVATE (setting)->pkcs11_engine_path; +} + +const char * +nm_setting_802_1x_get_pkcs11_module_path (NMSetting8021x *setting) +{ + g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL); + + return NM_SETTING_802_1X_GET_PRIVATE (setting)->pkcs11_module_path; +} + +const char * +nm_setting_802_1x_get_pkcs11_module_init_args (NMSetting8021x *setting) +{ + g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL); + + return NM_SETTING_802_1X_GET_PRIVATE (setting)->pkcs11_module_init_args; +} + +guint +nm_setting_802_1x_get_pkcs11_slot (NMSetting8021x *setting) +{ + g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), 0); + + return NM_SETTING_802_1X_GET_PRIVATE (setting)->pkcs11_slot; +} + static void need_secrets_password (NMSetting8021x *self, GPtrArray *secrets, @@ -735,6 +775,10 @@ need_secrets_tls (NMSetting8021x *self, { NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self); + if (priv->pkcs11_module_path && (!priv->pin || !strlen (priv->pin)) && + (priv->private_key || priv->phase2_private_key)) + g_ptr_array_add (secrets, NM_SETTING_802_1X_PIN); + if (phase2) { if (!priv->phase2_private_key || !priv->phase2_private_key->len) g_ptr_array_add (secrets, NM_SETTING_802_1X_PHASE2_PRIVATE_KEY); @@ -1135,6 +1179,10 @@ finalize (GObject *object) g_free (priv->phase2_autheap); g_free (priv->phase2_ca_path); g_free (priv->password); + g_free (priv->pin); + g_free (priv->pkcs11_engine_path); + g_free (priv->pkcs11_module_path); + g_free (priv->pkcs11_module_init_args); nm_utils_slist_free (priv->eap, g_free); @@ -1228,6 +1276,10 @@ set_property (GObject *object, guint prop_id, g_free (priv->password); priv->password = g_value_dup_string (value); break; + case PROP_PIN: + g_free (priv->pin); + priv->pin = g_value_dup_string (value); + break; case PROP_PRIVATE_KEY: if (priv->private_key) g_byte_array_free (priv->private_key, TRUE); @@ -1246,6 +1298,20 @@ set_property (GObject *object, guint prop_id, g_free (priv->phase2_private_key_password); priv->phase2_private_key_password = g_value_dup_string (value); break; + case PROP_PKCS11_ENGINE_PATH: + g_free (priv->pkcs11_engine_path); + priv->pkcs11_engine_path = g_value_dup_string (value); + break; + case PROP_PKCS11_MODULE_PATH: + g_free (priv->pkcs11_module_path); + priv->pkcs11_module_path = g_value_dup_string (value); + break; + case PROP_PKCS11_MODULE_INIT_ARGS: + g_free (priv->pkcs11_module_init_args); + priv->pkcs11_module_init_args = g_value_dup_string (value); + case PROP_PKCS11_SLOT: + priv->pkcs11_slot = g_value_get_uint (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -1305,6 +1371,9 @@ get_property (GObject *object, guint prop_id, case PROP_PASSWORD: g_value_set_string (value, priv->password); break; + case PROP_PIN: + g_value_set_string (value, priv->pin); + break; case PROP_PRIVATE_KEY: g_value_set_boxed (value, priv->private_key); break; @@ -1317,6 +1386,18 @@ get_property (GObject *object, guint prop_id, case PROP_PHASE2_PRIVATE_KEY_PASSWORD: g_value_set_string (value, priv->phase2_private_key_password); break; + case PROP_PKCS11_ENGINE_PATH: + g_value_set_string (value, priv->pkcs11_engine_path); + break; + case PROP_PKCS11_MODULE_PATH: + g_value_set_string (value, priv->pkcs11_module_path); + break; + case PROP_PKCS11_MODULE_INIT_ARGS: + g_value_set_string (value, priv->pkcs11_module_init_args); + break; + case PROP_PKCS11_SLOT: + g_value_set_uint (value, priv->pkcs11_slot); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -1462,6 +1543,14 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class) G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_SECRET)); g_object_class_install_property + (object_class, PROP_PIN, + g_param_spec_string (NM_SETTING_802_1X_PIN, + "PIN", + "PIN", + NULL, + G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_SECRET)); + + g_object_class_install_property (object_class, PROP_PRIVATE_KEY, _nm_param_spec_specialized (NM_SETTING_802_1X_PRIVATE_KEY, "Private key", @@ -1493,11 +1582,42 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class) NULL, G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_SECRET)); + g_object_class_install_property + (object_class, PROP_PKCS11_ENGINE_PATH, + g_param_spec_string (NM_SETTING_802_1X_PKCS11_ENGINE_PATH, + "OpenSSL pkcs11 engine path", + "OpenSSL pkcs11 engine path", + NULL, + G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE)); + + g_object_class_install_property + (object_class, PROP_PKCS11_MODULE_PATH, + g_param_spec_string (NM_SETTING_802_1X_PKCS11_MODULE_PATH, + "PKCS11 smartcard library module path", + "PKCS11 smartcard library module path", + NULL, + G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE)); + + g_object_class_install_property + (object_class, PROP_PKCS11_MODULE_INIT_ARGS, + g_param_spec_string (NM_SETTING_802_1X_PKCS11_MODULE_INIT_ARGS, + "PKCS11 smartcard library initialization arguments", + "PKCS11 smartcard library initialization arguments", + NULL, + G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE)); + + g_object_class_install_property + (object_class, PROP_PKCS11_SLOT, + g_param_spec_uint (NM_SETTING_802_1X_PKCS11_SLOT, + "PKCS11 slot", + "PKCS11 slot", + 0, 1000, 0, + G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE)); + /* Initialize crypto lbrary. */ if (!nm_utils_init (&error)) { g_warning ("Couldn't initilize nm-utils/crypto system: %d %s", error->code, error->message); g_error_free (error); } - } diff --git a/libnm-util/nm-setting-8021x.h b/libnm-util/nm-setting-8021x.h index 2c063b9..e327de3 100644 --- a/libnm-util/nm-setting-8021x.h +++ b/libnm-util/nm-setting-8021x.h @@ -81,6 +81,10 @@ GQuark nm_setting_802_1x_error_quark (void); #define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD "phase2-private-key-password" #define NM_SETTING_802_1X_PIN "pin" #define NM_SETTING_802_1X_PSK "psk" +#define NM_SETTING_802_1X_PKCS11_ENGINE_PATH "pkcs11-engine-path" +#define NM_SETTING_802_1X_PKCS11_MODULE_PATH "pkcs11-module-path" +#define NM_SETTING_802_1X_PKCS11_MODULE_INIT_ARGS "pkcs11-module-init-args" +#define NM_SETTING_802_1X_PKCS11_SLOT "pkcs11-slot" #define NM_SETTING_802_1X_CK_FORMAT_ID "id:" #define NM_SETTING_802_1X_CK_FORMAT_FILE "file:" @@ -183,6 +187,11 @@ gboolean nm_setting_802_1x_set_phase2_private_key_from_file (NMSetting8 GError **err); NMSetting8021xCKType nm_setting_802_1x_get_phase2_private_key_type (NMSetting8021x *setting); +const char * nm_setting_802_1x_get_pkcs11_engine_path (NMSetting8021x *setting); +const char * nm_setting_802_1x_get_pkcs11_module_path (NMSetting8021x *setting); +const char * nm_setting_802_1x_get_pkcs11_module_init_args (NMSetting8021x *setting); +guint nm_setting_802_1x_get_pkcs11_slot (NMSetting8021x *setting); + G_END_DECLS #endif /* NM_SETTING_8021X_H */ diff --git a/src/supplicant-manager/nm-supplicant-config.c b/src/supplicant-manager/nm-supplicant-config.c index a80cc93..d128487 100644 --- a/src/supplicant-manager/nm-supplicant-config.c +++ b/src/supplicant-manager/nm-supplicant-config.c @@ -49,6 +49,9 @@ typedef struct GHashTable *blobs; guint32 ap_scan; gboolean dispose_has_run; + char *pkcs11_engine_path; + char *pkcs11_module_path; + char *pkcs11_module_init_args; } NMSupplicantConfigPrivate; NMSupplicantConfig * @@ -84,6 +87,8 @@ nm_supplicant_config_init (NMSupplicantConfig * self) (GDestroyNotify) blob_free); priv->ap_scan = 1; + priv->pkcs11_engine_path = g_strdup ("/usr/lib/engines/engine_pkcs11.so"); + priv->dispose_has_run = FALSE; } @@ -220,9 +225,14 @@ nm_info ("Config: added '%s' value '%s'", key, opt->value); static void nm_supplicant_config_finalize (GObject *object) { + NMSupplicantConfigPrivate *priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (object); + /* Complete object destruction */ - g_hash_table_destroy (NM_SUPPLICANT_CONFIG_GET_PRIVATE (object)->config); - g_hash_table_destroy (NM_SUPPLICANT_CONFIG_GET_PRIVATE (object)->blobs); + g_hash_table_destroy (priv->config); + g_hash_table_destroy (priv->blobs); + g_free (priv->pkcs11_engine_path); + g_free (priv->pkcs11_module_path); + g_free (priv->pkcs11_module_init_args); /* Chain up to the parent class */ G_OBJECT_CLASS (nm_supplicant_config_parent_class)->finalize (object); @@ -257,6 +267,69 @@ nm_supplicant_config_set_ap_scan (NMSupplicantConfig * self, NM_SUPPLICANT_CONFIG_GET_PRIVATE (self)->ap_scan = ap_scan; } +const char * +nm_supplicant_config_get_pkcs11_engine_path (NMSupplicantConfig * self) +{ + g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), NULL); + + return NM_SUPPLICANT_CONFIG_GET_PRIVATE (self)->pkcs11_engine_path; +} + +void +nm_supplicant_config_set_pkcs11_engine_path (NMSupplicantConfig * self, + const char *pkcs11_engine_path) +{ + NMSupplicantConfigPrivate *priv; + + g_return_if_fail (NM_IS_SUPPLICANT_CONFIG (self)); + + priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); + g_free (priv->pkcs11_engine_path); + priv->pkcs11_engine_path = g_strdup (pkcs11_engine_path); +} + +const char * +nm_supplicant_config_get_pkcs11_module_path (NMSupplicantConfig * self) +{ + g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), NULL); + + return NM_SUPPLICANT_CONFIG_GET_PRIVATE (self)->pkcs11_module_path; +} + +void +nm_supplicant_config_set_pkcs11_module_path (NMSupplicantConfig * self, + const char *pkcs11_module_path) +{ + NMSupplicantConfigPrivate *priv; + + g_return_if_fail (NM_IS_SUPPLICANT_CONFIG (self)); + + priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); + g_free (priv->pkcs11_module_path); + priv->pkcs11_module_path = g_strdup (pkcs11_module_path); +} + +const char * +nm_supplicant_config_get_pkcs11_module_init_args (NMSupplicantConfig * self) +{ + g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), NULL); + + return NM_SUPPLICANT_CONFIG_GET_PRIVATE (self)->pkcs11_module_init_args; +} + +void +nm_supplicant_config_set_pkcs11_module_init_args (NMSupplicantConfig * self, + const char *pkcs11_module_init_args) +{ + NMSupplicantConfigPrivate *priv; + + g_return_if_fail (NM_IS_SUPPLICANT_CONFIG (self)); + + priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); + g_free (priv->pkcs11_module_init_args); + priv->pkcs11_module_init_args = g_strdup (pkcs11_module_init_args); +} + static void get_hash_cb (gpointer key, gpointer value, gpointer user_data) { @@ -723,6 +796,8 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, char *value, *tmp; gboolean success; GString *phase1, *phase2; + const char *pkcs11_engine_path; + const char *pkcs11_module_path; g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE); g_return_val_if_fail (setting != NULL, FALSE); @@ -783,6 +858,19 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, add_certificates (self, setting, connection_uid); + pkcs11_engine_path = nm_setting_802_1x_get_pkcs11_engine_path (setting); + pkcs11_module_path = nm_setting_802_1x_get_pkcs11_module_path (setting); + + if (pkcs11_engine_path && pkcs11_module_path) { + nm_supplicant_config_set_pkcs11_engine_path (self, pkcs11_engine_path); + nm_supplicant_config_set_pkcs11_module_path (self, pkcs11_module_path); + nm_supplicant_config_set_pkcs11_module_init_args (self, + nm_setting_802_1x_get_pkcs11_module_init_args (setting)); + + ADD_STRING_VAL ("1", "engine", FALSE, FALSE, FALSE); + ADD_STRING_VAL ("pkcs11", "engine_id", FALSE, FALSE, FALSE); + } + return TRUE; } diff --git a/src/supplicant-manager/nm-supplicant-config.h b/src/supplicant-manager/nm-supplicant-config.h index 9fc8d71..ed24266 100644 --- a/src/supplicant-manager/nm-supplicant-config.h +++ b/src/supplicant-manager/nm-supplicant-config.h @@ -57,6 +57,21 @@ guint32 nm_supplicant_config_get_ap_scan (NMSupplicantConfig * self); void nm_supplicant_config_set_ap_scan (NMSupplicantConfig * self, guint32 ap_scan); +const char *nm_supplicant_config_get_pkcs11_engine_path (NMSupplicantConfig * self); + +void nm_supplicant_config_set_pkcs11_engine_path (NMSupplicantConfig * self, + const char *pkcs11_engine_path); + +const char *nm_supplicant_config_get_pkcs11_module_path (NMSupplicantConfig * self); + +void nm_supplicant_config_set_pkcs11_module_path (NMSupplicantConfig * self, + const char *pkcs11_module_path); + +const char *nm_supplicant_config_get_pkcs11_module_init_args (NMSupplicantConfig * self); + +void nm_supplicant_config_set_pkcs11_module_init_args (NMSupplicantConfig * self, + const char *pkcs11_module_init_args); + gboolean nm_supplicant_config_add_option (NMSupplicantConfig *self, const char * key, const char * value, diff --git a/src/supplicant-manager/nm-supplicant-interface.c b/src/supplicant-manager/nm-supplicant-interface.c index 5fb522d..b7f40c4 100644 --- a/src/supplicant-manager/nm-supplicant-interface.c +++ b/src/supplicant-manager/nm-supplicant-interface.c @@ -1038,7 +1038,7 @@ byte_array_to_gvalue (const GByteArray *array) } static void -blob_free (GValue *val) +gvalue_free (GValue *val) { g_value_unset (val); g_slice_free (GValue, val); @@ -1062,7 +1062,7 @@ call_set_blobs (NMSupplicantInfo *info, GHashTable *orig_blobs) blobs = g_hash_table_new_full (g_str_hash, g_str_equal, (GDestroyNotify) g_free, - (GDestroyNotify) blob_free); + (GDestroyNotify) gvalue_free); if (!blobs) { const char *msg = "Not enough memory to create blob table."; nm_warning ("%s", msg); @@ -1157,13 +1157,15 @@ nm_supplicant_interface_set_config (NMSupplicantInterface * self, NMSupplicantInfo *info; DBusGProxyCall *call; guint32 ap_scan; + const char *pkcs11_engine_path; + const char *pkcs11_module_path; g_return_val_if_fail (NM_IS_SUPPLICANT_INTERFACE (self), FALSE); priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self); nm_supplicant_interface_disconnect (self); - + if (priv->cfg) g_object_unref (priv->cfg); priv->cfg = cfg; @@ -1182,6 +1184,40 @@ nm_supplicant_interface_set_config (NMSupplicantInterface * self, G_TYPE_INVALID); nm_supplicant_info_set_call (info, call); + if (!call) + return FALSE; + + pkcs11_engine_path = nm_supplicant_config_get_pkcs11_engine_path (priv->cfg); + pkcs11_module_path = nm_supplicant_config_get_pkcs11_module_path (priv->cfg); + + if (pkcs11_engine_path && pkcs11_module_path) { + GHashTable *pkcs11_config_hash; + GValue *val; + + pkcs11_config_hash = g_hash_table_new_full (g_str_hash, g_str_equal, NULL, (GDestroyNotify) gvalue_free); + + val = g_slice_new0 (GValue); + g_value_init (val, G_TYPE_STRING); + g_value_set_string (val, pkcs11_engine_path); + g_hash_table_insert (pkcs11_config_hash, "pkcs11_engine_path", val); + + val = g_slice_new0 (GValue); + g_value_init (val, G_TYPE_STRING); + g_value_set_string (val, pkcs11_module_path); + g_hash_table_insert (pkcs11_config_hash, "pkcs11_module_path", val); + + val = g_slice_new0 (GValue); + g_value_init (val, G_TYPE_STRING); + g_value_set_string (val, nm_supplicant_config_get_pkcs11_module_init_args (priv->cfg)); + g_hash_table_insert (pkcs11_config_hash, "pkcs11_module_init_args", val); + + dbus_g_proxy_call_no_reply (priv->iface_proxy, "setSmartcardModules", + DBUS_TYPE_G_MAP_OF_VARIANT, + pkcs11_config_hash, + G_TYPE_INVALID); + g_hash_table_destroy (pkcs11_config_hash); + } + return call != NULL; } diff --git a/src/supplicant-manager/nm-supplicant-settings-verify.c b/src/supplicant-manager/nm-supplicant-settings-verify.c index 71b16da..9895d18 100644 --- a/src/supplicant-manager/nm-supplicant-settings-verify.c +++ b/src/supplicant-manager/nm-supplicant-settings-verify.c @@ -125,7 +125,12 @@ static const struct Opt opt_table[] = { { "pac_file", TYPE_BYTES, 0, 0, FALSE, NULL }, { "engine", TYPE_INT, 0, 1, FALSE, NULL }, { "engine_id", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "ca_cert_id", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "cert_id", TYPE_BYTES, 0, 0, FALSE, NULL }, { "key_id", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "ca_cert2_id", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "cert2_id", TYPE_BYTES, 0, 0, FALSE, NULL }, + { "key2_id", TYPE_BYTES, 0, 0, FALSE, NULL }, { "fragment_size", TYPE_INT, 1, 2000, FALSE, NULL }, }; -- 1.6.0.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor