| Top |  |
 |
 |
 |
Functions
Properties
| GStrv | altsubject-matches | Read / Write |
| gchar * | anonymous-identity | Read / Write |
| GBytes * | ca-cert | Read / Write |
| gchar * | ca-path | Read / Write |
| GBytes * | client-cert | Read / Write |
| GStrv | eap | Read / Write |
| gchar * | identity | Read / Write |
| gchar * | pac-file | Read / Write |
| gchar * | password | Read / Write |
| NMSettingSecretFlags | password-flags | Read / Write |
| GBytes * | password-raw | Read / Write |
| NMSettingSecretFlags | password-raw-flags | Read / Write |
| gchar * | phase1-fast-provisioning | Read / Write |
| gchar * | phase1-peaplabel | Read / Write |
| gchar * | phase1-peapver | Read / Write |
| GStrv | phase2-altsubject-matches | Read / Write |
| gchar * | phase2-auth | Read / Write |
| gchar * | phase2-autheap | Read / Write |
| GBytes * | phase2-ca-cert | Read / Write |
| gchar * | phase2-ca-path | Read / Write |
| GBytes * | phase2-client-cert | Read / Write |
| GBytes * | phase2-private-key | Read / Write |
| gchar * | phase2-private-key-password | Read / Write |
| NMSettingSecretFlags | phase2-private-key-password-flags | Read / Write |
| gchar * | phase2-subject-match | Read / Write |
| gchar * | pin | Read / Write |
| NMSettingSecretFlags | pin-flags | Read / Write |
| GBytes * | private-key | Read / Write |
| gchar * | private-key-password | Read / Write |
| NMSettingSecretFlags | private-key-password-flags | Read / Write |
| gchar * | subject-match | Read / Write |
| gboolean | system-ca-certs | Read / Write / Construct |
Types and Values
Object Hierarchy
GEnum ├── NMSetting8021xCKFormat ╰── NMSetting8021xCKScheme GObject ╰── NMSetting ╰── NMSetting8021x
Description
The NMSetting8021x object is a NMSetting subclass that describes properties necessary for connection to 802.1x-authenticated networks, such as WPA and WPA2 Enterprise Wi-Fi networks and wired 802.1x networks. 802.1x connections typically use certificates and/or EAP authentication methods to securely verify, identify, and authenticate the client to the network itself, instead of simply relying on a widely shared static key.
It's a good idea to read up on wpa_supplicant configuration before using this setting extensively, since most of the options here correspond closely with the relevant wpa_supplicant configuration options.
Furthermore, to get a good idea of 802.1x, EAP, TLS, TTLS, etc and their applications to Wi-Fi and wired networks, you'll want to get copies of the following books.
802.11 Wireless Networks: The Definitive Guide, Second Edition Author: Matthew Gast ISBN: 978-0596100520
Cisco Wireless LAN Security Authors: Krishna Sankar, Sri Sundaralingam, Darrin Miller, and Andrew Balinsky ISBN: 978-1587051548
Functions
nm_setting_802_1x_new ()
NMSetting *
nm_setting_802_1x_new (void);
Creates a new NMSetting8021x object with default values.
nm_setting_802_1x_get_num_eap_methods ()
guint32
nm_setting_802_1x_get_num_eap_methods (NMSetting8021x *setting);
Returns the number of eap methods allowed for use when connecting to the
network. Generally only one EAP method is used. Use the functions
nm_setting_802_1x_get_eap_method(), nm_setting_802_1x_add_eap_method(),
and nm_setting_802_1x_remove_eap_method() for adding, removing, and retrieving
allowed EAP methods.
nm_setting_802_1x_get_eap_method ()
const char * nm_setting_802_1x_get_eap_method (NMSetting8021x *setting,guint32 i);
Returns the name of the allowed EAP method at index i
.
nm_setting_802_1x_add_eap_method ()
gboolean nm_setting_802_1x_add_eap_method (NMSetting8021x *setting,const char *eap);
Adds an allowed EAP method. The setting is not valid until at least one EAP method has been added. See “eap” property for a list of allowed EAP methods.
nm_setting_802_1x_remove_eap_method ()
void nm_setting_802_1x_remove_eap_method (NMSetting8021x *setting,guint32 i);
Removes the allowed EAP method at the specified index.
nm_setting_802_1x_remove_eap_method_by_value ()
gboolean nm_setting_802_1x_remove_eap_method_by_value (NMSetting8021x *setting,const char *eap);
Removes the allowed EAP method method
.
nm_setting_802_1x_clear_eap_methods ()
void
nm_setting_802_1x_clear_eap_methods (NMSetting8021x *setting);
Clears all allowed EAP methods.
nm_setting_802_1x_get_identity ()
const char *
nm_setting_802_1x_get_identity (NMSetting8021x *setting);
Returns the identifier used by some EAP methods (like TLS) to authenticate the user. Often this is a username or login name.
nm_setting_802_1x_get_anonymous_identity ()
const char *
nm_setting_802_1x_get_anonymous_identity
(NMSetting8021x *setting);
Returns the anonymous identifier used by some EAP methods (like TTLS) to authenticate the user in the outer unencrypted "phase 1" authentication. The inner "phase 2" authentication will use the “identity” in a secure form, if applicable for that EAP method.
nm_setting_802_1x_get_pac_file ()
const char *
nm_setting_802_1x_get_pac_file (NMSetting8021x *setting);
Returns the file containing PAC credentials used by EAP-FAST method.
nm_setting_802_1x_get_system_ca_certs ()
gboolean
nm_setting_802_1x_get_system_ca_certs (NMSetting8021x *setting);
Sets the “system-ca-certs” property. The
“ca-path” and “phase2-ca-path”
properties are ignored if the “system-ca-certs” property is
TRUE, in which case a system-wide CA certificate directory specified at
compile time (using the --system-ca-path configure option) is used in place
of these properties.
nm_setting_802_1x_get_ca_path ()
const char *
nm_setting_802_1x_get_ca_path (NMSetting8021x *setting);
Returns the path of the CA certificate directory if previously set. Systems will often have a directory that contains multiple individual CA certificates which the supplicant can then add to the verification chain. This may be used in addition to the “ca-cert” property to add more CA certificates for verifying the network to client.
nm_setting_802_1x_get_phase2_ca_path ()
const char *
nm_setting_802_1x_get_phase2_ca_path (NMSetting8021x *setting);
Returns the path of the "phase 2" CA certificate directory if previously set. Systems will often have a directory that contains multiple individual CA certificates which the supplicant can then add to the verification chain. This may be used in addition to the “phase2-ca-cert” property to add more CA certificates for verifying the network to client.
nm_setting_802_1x_get_ca_cert_scheme ()
NMSetting8021xCKScheme
nm_setting_802_1x_get_ca_cert_scheme (NMSetting8021x *setting);
Returns the scheme used to store the CA certificate. If the returned scheme
is NM_SETTING_802_1X_CK_SCHEME_BLOB, use nm_setting_802_1x_get_ca_cert_blob();
if NM_SETTING_802_1X_CK_SCHEME_PATH, use nm_setting_802_1x_get_ca_cert_path().
nm_setting_802_1x_get_ca_cert_blob ()
GBytes *
nm_setting_802_1x_get_ca_cert_blob (NMSetting8021x *setting);
Returns the CA certificate blob if the CA certificate is stored using the
NM_SETTING_802_1X_CK_SCHEME_BLOB scheme. Not all EAP methods use a
CA certificate (LEAP for example), and those that can take advantage of the
CA certificate allow it to be unset. Note that lack of a CA certificate
reduces security by allowing man-in-the-middle attacks, because the identity
of the network cannot be confirmed by the client.
nm_setting_802_1x_get_ca_cert_path ()
const char *
nm_setting_802_1x_get_ca_cert_path (NMSetting8021x *setting);
Returns the CA certificate path if the CA certificate is stored using the
NM_SETTING_802_1X_CK_SCHEME_PATH scheme. Not all EAP methods use a
CA certificate (LEAP for example), and those that can take advantage of the
CA certificate allow it to be unset. Note that lack of a CA certificate
reduces security by allowing man-in-the-middle attacks, because the identity
of the network cannot be confirmed by the client.
nm_setting_802_1x_set_ca_cert ()
gboolean nm_setting_802_1x_set_ca_cert (NMSetting8021x *setting,const char *cert_path,NMSetting8021xCKScheme scheme,NMSetting8021xCKFormat *out_format,GError **error);
Reads a certificate from disk and sets the “ca-cert” property
with the raw certificate data if using the NM_SETTING_802_1X_CK_SCHEME_BLOB
scheme, or with the path to the certificate file if using the
NM_SETTING_802_1X_CK_SCHEME_PATH scheme.
Parameters
setting |
the NMSetting8021x |
|
cert_path |
when |
|
scheme |
desired storage scheme for the certificate |
|
out_format |
on successful return, the type of the certificate added |
|
error |
on unsuccessful return, an error |
nm_setting_802_1x_get_subject_match ()
const char *
nm_setting_802_1x_get_subject_match (NMSetting8021x *setting);
Returns
the “subject-match” property. This is the
substring to be matched against the subject of the authentication
server certificate, or NULL no subject verification is to be
performed.
nm_setting_802_1x_get_num_altsubject_matches ()
guint32
nm_setting_802_1x_get_num_altsubject_matches
(NMSetting8021x *setting);
Returns the number of entries in the “altsubject-matches” property of this setting.
nm_setting_802_1x_get_altsubject_match ()
const char * nm_setting_802_1x_get_altsubject_match (NMSetting8021x *setting,guint32 i);
Returns the altSubjectName match at index i
.
nm_setting_802_1x_add_altsubject_match ()
gboolean nm_setting_802_1x_add_altsubject_match (NMSetting8021x *setting,const char *altsubject_match);
Adds an allowed alternate subject name match. Until at least one match is added, the altSubjectName of the remote authentication server is not verified.
Parameters
setting |
the NMSetting8021x |
|
altsubject_match |
the altSubjectName to allow for this connection |
nm_setting_802_1x_remove_altsubject_match ()
void nm_setting_802_1x_remove_altsubject_match (NMSetting8021x *setting,guint32 i);
Removes the allowed altSubjectName at the specified index.
nm_setting_802_1x_remove_altsubject_match_by_value ()
gboolean nm_setting_802_1x_remove_altsubject_match_by_value (NMSetting8021x *setting,const char *altsubject_match);
Removes the allowed altSubjectName altsubject_match
.
nm_setting_802_1x_clear_altsubject_matches ()
void
nm_setting_802_1x_clear_altsubject_matches
(NMSetting8021x *setting);
Clears all altSubjectName matches.
nm_setting_802_1x_get_client_cert_scheme ()
NMSetting8021xCKScheme
nm_setting_802_1x_get_client_cert_scheme
(NMSetting8021x *setting);
Returns the scheme used to store the client certificate. If the returned scheme
is NM_SETTING_802_1X_CK_SCHEME_BLOB, use nm_setting_802_1x_get_client_cert_blob();
if NM_SETTING_802_1X_CK_SCHEME_PATH, use nm_setting_802_1x_get_client_cert_path().
nm_setting_802_1x_get_client_cert_blob ()
GBytes *
nm_setting_802_1x_get_client_cert_blob
(NMSetting8021x *setting);
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
nm_setting_802_1x_get_client_cert_path ()
const char *
nm_setting_802_1x_get_client_cert_path
(NMSetting8021x *setting);
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
nm_setting_802_1x_set_client_cert ()
gboolean nm_setting_802_1x_set_client_cert (NMSetting8021x *setting,const char *cert_path,NMSetting8021xCKScheme scheme,NMSetting8021xCKFormat *out_format,GError **error);
Reads a certificate from disk and sets the “client-cert”
property with the raw certificate data if using the
NM_SETTING_802_1X_CK_SCHEME_BLOB scheme, or with the path to the certificate
file if using the NM_SETTING_802_1X_CK_SCHEME_PATH scheme.
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
Parameters
setting |
the NMSetting8021x |
|
cert_path |
when |
|
scheme |
desired storage scheme for the certificate |
|
out_format |
on successful return, the type of the certificate added |
|
error |
on unsuccessful return, an error |
nm_setting_802_1x_get_phase1_peapver ()
const char *
nm_setting_802_1x_get_phase1_peapver (NMSetting8021x *setting);
Returns
the "phase 1" PEAP version to be used when authenticating with
EAP-PEAP as contained in the “phase1-peapver” property. Valid
values are NULL (unset), "0" (PEAP version 0), and "1" (PEAP version 1).
nm_setting_802_1x_get_phase1_peaplabel ()
const char *
nm_setting_802_1x_get_phase1_peaplabel
(NMSetting8021x *setting);
Returns
whether the "phase 1" PEAP label is new-style or old-style, to be
used when authenticating with EAP-PEAP, as contained in the
“phase1-peaplabel” property. Valid values are NULL (unset),
"0" (use old-style label), and "1" (use new-style label). See the
wpa_supplicant documentation for more details.
nm_setting_802_1x_get_phase1_fast_provisioning ()
const char *
nm_setting_802_1x_get_phase1_fast_provisioning
(NMSetting8021x *setting);
Returns
whether "phase 1" PEAP fast provisioning should be used, as specified by the “phase1-fast-provisioning” property. See the wpa_supplicant documentation for more details.
nm_setting_802_1x_get_phase2_auth ()
const char *
nm_setting_802_1x_get_phase2_auth (NMSetting8021x *setting);
Returns
the "phase 2" non-EAP (ex MD5) allowed authentication method as specified by the “phase2-auth” property.
nm_setting_802_1x_get_phase2_autheap ()
const char *
nm_setting_802_1x_get_phase2_autheap (NMSetting8021x *setting);
Returns
the "phase 2" EAP-based (ex TLS) allowed authentication method as specified by the “phase2-autheap” property.
nm_setting_802_1x_get_phase2_ca_cert_scheme ()
NMSetting8021xCKScheme
nm_setting_802_1x_get_phase2_ca_cert_scheme
(NMSetting8021x *setting);
Returns the scheme used to store the "phase 2" CA certificate. If the
returned scheme is NM_SETTING_802_1X_CK_SCHEME_BLOB, use
nm_setting_802_1x_get_ca_cert_blob(); if NM_SETTING_802_1X_CK_SCHEME_PATH,
use nm_setting_802_1x_get_ca_cert_path().
nm_setting_802_1x_get_phase2_ca_cert_blob ()
GBytes *
nm_setting_802_1x_get_phase2_ca_cert_blob
(NMSetting8021x *setting);
Returns the "phase 2" CA certificate blob if the CA certificate is stored
using the NM_SETTING_802_1X_CK_SCHEME_BLOB scheme. Not all EAP methods use
a CA certificate (LEAP for example), and those that can take advantage of the
CA certificate allow it to be unset. Note that lack of a CA certificate
reduces security by allowing man-in-the-middle attacks, because the identity
of the network cannot be confirmed by the client.
nm_setting_802_1x_get_phase2_ca_cert_path ()
const char *
nm_setting_802_1x_get_phase2_ca_cert_path
(NMSetting8021x *setting);
Returns the "phase 2" CA certificate path if the CA certificate is stored
using the NM_SETTING_802_1X_CK_SCHEME_PATH scheme. Not all EAP methods use
a CA certificate (LEAP for example), and those that can take advantage of the
CA certificate allow it to be unset. Note that lack of a CA certificate
reduces security by allowing man-in-the-middle attacks, because the identity
of the network cannot be confirmed by the client.
nm_setting_802_1x_set_phase2_ca_cert ()
gboolean nm_setting_802_1x_set_phase2_ca_cert (NMSetting8021x *setting,const char *cert_path,NMSetting8021xCKScheme scheme,NMSetting8021xCKFormat *out_format,GError **error);
Reads a certificate from disk and sets the “phase2-ca-cert”
property with the raw certificate data if using the
NM_SETTING_802_1X_CK_SCHEME_BLOB scheme, or with the path to the certificate
file if using the NM_SETTING_802_1X_CK_SCHEME_PATH scheme.
Parameters
setting |
the NMSetting8021x |
|
cert_path |
when |
|
scheme |
desired storage scheme for the certificate |
|
out_format |
on successful return, the type of the certificate added |
|
error |
on unsuccessful return, an error |
nm_setting_802_1x_get_phase2_subject_match ()
const char *
nm_setting_802_1x_get_phase2_subject_match
(NMSetting8021x *setting);
Returns
the “phase2-subject-match” property. This is
the substring to be matched against the subject of the "phase 2"
authentication server certificate, or NULL no subject verification
is to be performed.
nm_setting_802_1x_get_num_phase2_altsubject_matches ()
guint32
nm_setting_802_1x_get_num_phase2_altsubject_matches
(NMSetting8021x *setting);
Returns the number of entries in the “phase2-altsubject-matches” property of this setting.
nm_setting_802_1x_get_phase2_altsubject_match ()
const char * nm_setting_802_1x_get_phase2_altsubject_match (NMSetting8021x *setting,guint32 i);
Returns the "phase 2" altSubjectName match at index i
.
nm_setting_802_1x_add_phase2_altsubject_match ()
gboolean nm_setting_802_1x_add_phase2_altsubject_match (NMSetting8021x *setting,const char *phase2_altsubject_match);
Adds an allowed alternate subject name match for "phase 2". Until at least one match is added, the altSubjectName of the "phase 2" remote authentication server is not verified.
Parameters
setting |
the NMSetting8021x |
|
phase2_altsubject_match |
the "phase 2" altSubjectName to allow for this connection |
nm_setting_802_1x_remove_phase2_altsubject_match ()
void nm_setting_802_1x_remove_phase2_altsubject_match (NMSetting8021x *setting,guint32 i);
Removes the allowed "phase 2" altSubjectName at the specified index.
nm_setting_802_1x_remove_phase2_altsubject_match_by_value ()
gboolean nm_setting_802_1x_remove_phase2_altsubject_match_by_value (NMSetting8021x *setting,const char *phase2_altsubject_match);
Removes the allowed "phase 2" altSubjectName phase2_altsubject_match
.
Parameters
setting |
the NMSetting8021x |
|
phase2_altsubject_match |
the "phase 2" altSubjectName to remove |
nm_setting_802_1x_clear_phase2_altsubject_matches ()
void
nm_setting_802_1x_clear_phase2_altsubject_matches
(NMSetting8021x *setting);
Clears all "phase 2" altSubjectName matches.
nm_setting_802_1x_get_phase2_client_cert_scheme ()
NMSetting8021xCKScheme
nm_setting_802_1x_get_phase2_client_cert_scheme
(NMSetting8021x *setting);
Returns the scheme used to store the "phase 2" client certificate. If the
returned scheme is NM_SETTING_802_1X_CK_SCHEME_BLOB, use
nm_setting_802_1x_get_client_cert_blob(); if
NM_SETTING_802_1X_CK_SCHEME_PATH, use
nm_setting_802_1x_get_client_cert_path().
nm_setting_802_1x_get_phase2_client_cert_blob ()
GBytes *
nm_setting_802_1x_get_phase2_client_cert_blob
(NMSetting8021x *setting);
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
nm_setting_802_1x_get_phase2_client_cert_path ()
const char *
nm_setting_802_1x_get_phase2_client_cert_path
(NMSetting8021x *setting);
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
nm_setting_802_1x_set_phase2_client_cert ()
gboolean nm_setting_802_1x_set_phase2_client_cert (NMSetting8021x *setting,const char *cert_path,NMSetting8021xCKScheme scheme,NMSetting8021xCKFormat *out_format,GError **error);
Reads a certificate from disk and sets the “phase2-client-cert”
property with the raw certificate data if using the
NM_SETTING_802_1X_CK_SCHEME_BLOB scheme, or with the path to the certificate
file if using the NM_SETTING_802_1X_CK_SCHEME_PATH scheme.
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
Parameters
setting |
the NMSetting8021x |
|
cert_path |
when |
|
scheme |
desired storage scheme for the certificate |
|
out_format |
on successful return, the type of the certificate added |
|
error |
on unsuccessful return, an error |
nm_setting_802_1x_get_password ()
const char *
nm_setting_802_1x_get_password (NMSetting8021x *setting);
Returns
the password used by the authentication method, if any, as specified by the “password” property
nm_setting_802_1x_get_password_flags ()
NMSettingSecretFlags
nm_setting_802_1x_get_password_flags (NMSetting8021x *setting);
nm_setting_802_1x_get_password_raw ()
GBytes *
nm_setting_802_1x_get_password_raw (NMSetting8021x *setting);
Returns
the password used by the authentication method as a UTF-8-encoded array of bytes, as specified by the “password-raw” property.
[transfer none]
nm_setting_802_1x_get_password_raw_flags ()
NMSettingSecretFlags
nm_setting_802_1x_get_password_raw_flags
(NMSetting8021x *setting);
nm_setting_802_1x_get_pin_flags ()
NMSettingSecretFlags
nm_setting_802_1x_get_pin_flags (NMSetting8021x *setting);
nm_setting_802_1x_get_private_key_scheme ()
NMSetting8021xCKScheme
nm_setting_802_1x_get_private_key_scheme
(NMSetting8021x *setting);
Returns the scheme used to store the private key. If the returned scheme is
NM_SETTING_802_1X_CK_SCHEME_BLOB, use
nm_setting_802_1x_get_client_cert_blob(); if
NM_SETTING_802_1X_CK_SCHEME_PATH, use
nm_setting_802_1x_get_client_cert_path().
nm_setting_802_1x_get_private_key_blob ()
GBytes *
nm_setting_802_1x_get_private_key_blob
(NMSetting8021x *setting);
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
WARNING: the private key property is not a "secret" property, and thus unencrypted private key data may be readable by unprivileged users. Private keys should always be encrypted with a private key password.
nm_setting_802_1x_get_private_key_path ()
const char *
nm_setting_802_1x_get_private_key_path
(NMSetting8021x *setting);
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
nm_setting_802_1x_set_private_key ()
gboolean nm_setting_802_1x_set_private_key (NMSetting8021x *setting,const char *key_path,const char *password,NMSetting8021xCKScheme scheme,NMSetting8021xCKFormat *out_format,GError **error);
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
This function reads a private key from disk and sets the
“private-key” property with the private key file data if using
the NM_SETTING_802_1X_CK_SCHEME_BLOB scheme, or with the path to the private
key file if using the NM_SETTING_802_1X_CK_SCHEME_PATH scheme.
If password
is given, this function attempts to decrypt the private key to
verify that password
is correct, and if it is, updates the
“private-key-password” property with the given password
. If
the decryption is unsuccessful, FALSE is returned, error
is set, and no
internal data is changed. If no password
is given, the private key is
assumed to be valid, no decryption is performed, and the password may be set
at a later time.
WARNING: the private key property is not a "secret" property, and thus unencrypted private key data using the BLOB scheme may be readable by unprivileged users. Private keys should always be encrypted with a private key password to prevent unauthorized access to unencrypted private key data.
Parameters
setting |
the NMSetting8021x |
|
key_path |
when |
|
password |
password used to decrypt the private key, or |
|
scheme |
desired storage scheme for the private key |
|
out_format |
on successful return, the type of the private key added |
|
error |
on unsuccessful return, an error |
nm_setting_802_1x_get_private_key_password ()
const char *
nm_setting_802_1x_get_private_key_password
(NMSetting8021x *setting);
Returns
the private key password used to decrypt the private key if
previously set with nm_setting_802_1x_set_private_key(), or the
“private-key-password” property.
nm_setting_802_1x_get_private_key_password_flags ()
NMSettingSecretFlags
nm_setting_802_1x_get_private_key_password_flags
(NMSetting8021x *setting);
nm_setting_802_1x_get_private_key_format ()
NMSetting8021xCKFormat
nm_setting_802_1x_get_private_key_format
(NMSetting8021x *setting);
nm_setting_802_1x_get_phase2_private_key_scheme ()
NMSetting8021xCKScheme
nm_setting_802_1x_get_phase2_private_key_scheme
(NMSetting8021x *setting);
Returns the scheme used to store the "phase 2" private key. If the returned
scheme is NM_SETTING_802_1X_CK_SCHEME_BLOB, use
nm_setting_802_1x_get_client_cert_blob(); if
NM_SETTING_802_1X_CK_SCHEME_PATH, use
nm_setting_802_1x_get_client_cert_path().
nm_setting_802_1x_get_phase2_private_key_blob ()
GBytes *
nm_setting_802_1x_get_phase2_private_key_blob
(NMSetting8021x *setting);
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
WARNING: the phase2 private key property is not a "secret" property, and thus unencrypted private key data may be readable by unprivileged users. Private keys should always be encrypted with a private key password.
nm_setting_802_1x_get_phase2_private_key_path ()
const char *
nm_setting_802_1x_get_phase2_private_key_path
(NMSetting8021x *setting);
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
nm_setting_802_1x_set_phase2_private_key ()
gboolean nm_setting_802_1x_set_phase2_private_key (NMSetting8021x *setting,const char *key_path,const char *password,NMSetting8021xCKScheme scheme,NMSetting8021xCKFormat *out_format,GError **error);
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
This function reads a private key from disk and sets the
“phase2-private-key” property with the private key file data if
using the NM_SETTING_802_1X_CK_SCHEME_BLOB scheme, or with the path to the
private key file if using the NM_SETTING_802_1X_CK_SCHEME_PATH scheme.
If password
is given, this function attempts to decrypt the private key to
verify that password
is correct, and if it is, updates the
“phase2-private-key-password” property with the given
password
. If the decryption is unsuccessful, FALSE is returned, error
is
set, and no internal data is changed. If no password
is given, the private
key is assumed to be valid, no decryption is performed, and the password may
be set at a later time.
WARNING: the "phase2" private key property is not a "secret" property, and thus unencrypted private key data using the BLOB scheme may be readable by unprivileged users. Private keys should always be encrypted with a private key password to prevent unauthorized access to unencrypted private key data.
Parameters
setting |
the NMSetting8021x |
|
key_path |
when |
|
password |
password used to decrypt the private key, or |
|
scheme |
desired storage scheme for the private key |
|
out_format |
on successful return, the type of the private key added |
|
error |
on unsuccessful return, an error |
nm_setting_802_1x_get_phase2_private_key_password ()
const char *
nm_setting_802_1x_get_phase2_private_key_password
(NMSetting8021x *setting);
Returns
the private key password used to decrypt the private key if
previously set with nm_setting_802_1x_set_phase2_private_key() or the
“phase2-private-key-password” property.
nm_setting_802_1x_get_phase2_private_key_password_flags ()
NMSettingSecretFlags
nm_setting_802_1x_get_phase2_private_key_password_flags
(NMSetting8021x *setting);
nm_setting_802_1x_get_phase2_private_key_format ()
NMSetting8021xCKFormat
nm_setting_802_1x_get_phase2_private_key_format
(NMSetting8021x *setting);
Returns
the data format of the "phase 2" private key data stored in the “phase2-private-key” property
Types and Values
enum NMSetting8021xCKFormat
NMSetting8021xCKFormat values indicate the general type of a certificate or private key
enum NMSetting8021xCKScheme
NMSetting8021xCKScheme values indicate how a certificate or private key is stored in the setting properties, either as a blob of the item's data, or as a path to a certificate or private key file on the filesystem
NM_SETTING_802_1X_ANONYMOUS_IDENTITY
#define NM_SETTING_802_1X_ANONYMOUS_IDENTITY "anonymous-identity"
NM_SETTING_802_1X_ALTSUBJECT_MATCHES
#define NM_SETTING_802_1X_ALTSUBJECT_MATCHES "altsubject-matches"
NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING
#define NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING "phase1-fast-provisioning"
NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH
#define NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH "phase2-subject-match"
NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES
#define NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES "phase2-altsubject-matches"
NM_SETTING_802_1X_PHASE2_CLIENT_CERT
#define NM_SETTING_802_1X_PHASE2_CLIENT_CERT "phase2-client-cert"
NM_SETTING_802_1X_PASSWORD_RAW_FLAGS
#define NM_SETTING_802_1X_PASSWORD_RAW_FLAGS "password-raw-flags"
NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD
#define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD "private-key-password"
NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS
#define NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS "private-key-password-flags"
NM_SETTING_802_1X_PHASE2_PRIVATE_KEY
#define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY "phase2-private-key"
NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD
#define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD "phase2-private-key-password"
NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS
#define NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS "phase2-private-key-password-flags"
Property Details
The “anonymous-identity” property
“anonymous-identity” gchar *
Flags: Read / Write
Default value: NULL
The “phase1-fast-provisioning” property
“phase1-fast-provisioning” gchar *
Flags: Read / Write
Default value: NULL
The “phase2-private-key-password” property
“phase2-private-key-password” gchar *
Flags: Read / Write
Default value: NULL
The “phase2-private-key-password-flags” property
“phase2-private-key-password-flags” NMSettingSecretFlags
Flags: Read / Write
The “phase2-subject-match” property
“phase2-subject-match” gchar *
Flags: Read / Write
Default value: NULL
The “private-key-password” property
“private-key-password” gchar *
Flags: Read / Write
Default value: NULL
The “private-key-password-flags” property
“private-key-password-flags” NMSettingSecretFlags
Flags: Read / Write