From: Lucio Maciel <lucio.mac...@tet.com.br>
Support configuration of EAP parameters via service-api DBus
interface.
Also save and load EAP parameters from connman storage.
Provisioned EAP services are still immutable and can't
be changed using the service-api
---
doc/service-api.txt | 77 ++++++++++++++++++++++
src/config.c | 2 +-
src/connman.h | 2 +
src/service.c | 180
+++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 260 insertions(+), 1 deletions(-)
diff --git a/doc/service-api.txt b/doc/service-api.txt
index c1dd541..40b6a01 100644
--- a/doc/service-api.txt
+++ b/doc/service-api.txt
@@ -204,6 +204,83 @@ Properties string State [readonly]
This property might also not always be included
since it is protected by a different security policy.
+ string EAP [readwrite]
+
+ If the service is ieee8021x Wifi, then this property
+ is used to store the EAP method.
+
+ Possible values are "tls" and "peap"
+
+ No PropertyChanged signals will be send for this
+ property.
+
+ string CACertFile [readwrite]
+
+ If the service is ieee8021x Wifi, then this property
+ is used to store the path to the CA certificate file.
+
+ This property is valid for both "tls" and "peap"
+ EAP value.
+
+ No PropertyChanged signals will be send for this
+ property.
+
+ string ClientCertFile [readwrite]
+
+ If the service is ieee8021x Wifi, then this property
+ is used to store the path to the client certificate
+ file
+
+ This property is valid for "tls" EAP value
+
+ No PropertyChanged signals will be send for this
+ property.
+
+ string PrivateKeyFile [readwrite]
+
+ If the service is ieee8021x Wifi, then this property
+ is used to store the path to the client private key
+ file
+
+ This property is valid for "tls" EAP value
+
+ No PropertyChanged signals will be send for this
+ property.
+
+ string PrivateKeyPassphraseType [readwrite]
+
+ If the service is ieee8021x Wifi, then this property
+ is used to store the passphrase type of the client
+ private key file
+
+ This property is valid for "tls" EAP value, and the
+ only valid value for now is "fsid"
+
+ No PropertyChanged signals will be send for this
+ property.
+
+ string Phase2 [readwrite]
+
+ If the service is ieee8021x Wifi, then this property
+ is used to store the phase2 (inner authentication with
+ TLS tunnel) parameters.
+
+ This property is valid for "peap" EAP value
+
+ No PropertyChanged signals will be send for this
+ property.
+
+ string Identity [readwrite]
+
+ If the service is ieee8021x Wifi, then this property
+ is used to store the Identity string for EAP.
+
+ This property is valid for both "tls" and "peap" EAP
+ value
+
+ No PropertyChanged signals will be send for this
+ property.
+
boolean PassphraseRequired [readonly]
If the service type is WiFi, then this property
diff --git a/src/config.c b/src/config.c
index bdbb704..3b9a15a 100644
--- a/src/config.c
+++ b/src/config.c
@@ -350,7 +350,7 @@ void __connman_config_cleanup(void)
config_table = NULL;
}
-static char *config_pem_fsid(const char *pem_file)
+char *config_pem_fsid(const char *pem_file)
{
struct statfs buf;
unsigned *fsid = (unsigned *) &buf.f_fsid;
diff --git a/src/connman.h b/src/connman.h
index b1502ad..acb4bd9 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -392,6 +392,8 @@ connman_bool_t
__connman_network_get_connecting(struct connman_network *network)
int __connman_config_init();
void __connman_config_cleanup(void);
+char *config_pem_fsid(const char *pem_file);
+
int __connman_config_provision_service(struct connman_service *service);
#include <connman/profile.h>
diff --git a/src/service.c b/src/service.c
index cc77dd7..c70978b 100644
--- a/src/service.c
+++ b/src/service.c
@@ -991,6 +991,40 @@ static void proxy_changed(struct connman_service
*service)
append_proxy, service);
}
+static void append_eap_properties(DBusMessageIter *dict,
+ struct connman_service *service)
+{
+ static char *fsid = "fsid";
+
+ connman_dbus_dict_append_basic(dict, "EAP",
+ DBUS_TYPE_STRING, &service->eap);
+
+ if (service->ca_cert_file)
+ connman_dbus_dict_append_basic(dict, "CACertFile",
+ DBUS_TYPE_STRING, &service->ca_cert_file);
+
+ if (!g_strcmp0(service->eap, "tls")) {
+ if (service->client_cert_file)
+ connman_dbus_dict_append_basic(dict, "ClientCertFile",
+ DBUS_TYPE_STRING, &service->client_cert_file);
+
+ if (service->private_key_file)
+ connman_dbus_dict_append_basic(dict, "PrivateKeyFile",
+ DBUS_TYPE_STRING, &service->private_key_file);
+
+ connman_dbus_dict_append_basic(dict, "PrivateKeyPassphraseType",
+ DBUS_TYPE_STRING, &fsid);
+ } else if (!g_strcmp0(service->eap, "peap")) {
+ if (service->phase2)
+ connman_dbus_dict_append_basic(dict, "Phase2",
+ DBUS_TYPE_STRING, &service->phase2);
+ }
+
+ if (service->identity)
+ connman_dbus_dict_append_basic(dict, "Identity",
+ DBUS_TYPE_STRING, &service->identity);
+}
+
static void append_properties(DBusMessageIter *dict, dbus_bool_t limited,
struct connman_service *service)
{
@@ -1105,6 +1139,8 @@ static void append_properties(DBusMessageIter
*dict, dbus_bool_t limited,
required = TRUE;
break;
case CONNMAN_SERVICE_SECURITY_8021X:
+ if (service->eap)
+ append_eap_properties(dict, service);
break;
}
@@ -1521,6 +1557,87 @@ static DBusMessage *set_property(DBusConnection
*conn,
service->ipconfig);
__connman_storage_save_service(service);
+ } else if (g_str_equal(name, "EAP") == TRUE) {
+ const char *eap;
+
+ dbus_message_iter_get_basic(&value, &eap);
+
+ g_free(service->eap);
+ service->eap = g_strdup(eap);
+
+ __connman_storage_save_service(service);
+ } else if (g_str_equal(name, "CACertFile") == TRUE) {
+ const char *certfile;
+
+ dbus_message_iter_get_basic(&value, &certfile);
+
+ g_free(service->ca_cert_file);
+ service->ca_cert_file = g_strdup(certfile);
+
+ __connman_storage_save_service(service);
+ } else if (g_str_equal(name, "ClientCertFile") == TRUE) {
+ const char *certfile;
+
+ dbus_message_iter_get_basic(&value, &certfile);
+
+ g_free(service->client_cert_file);
+ service->client_cert_file = g_strdup(certfile);
+
+ __connman_storage_save_service(service);
+ } else if (g_str_equal(name, "PrivateKeyFile") == TRUE) {
+ const char *private_key;
+
+ dbus_message_iter_get_basic(&value, &private_key);
+
+ g_free(service->private_key_file);
+ service->private_key_file = g_strdup(private_key);
+
+ __connman_storage_save_service(service);
+ } else if (g_str_equal(name, "PrivateKeyPassphrase") == TRUE) {
+ const char *private_key_pass;
+
+ dbus_message_iter_get_basic(&value, &private_key_pass);
+
+ g_free(service->private_key_passphrase);
+ service->private_key_passphrase = g_strdup(private_key_pass);
+
+ __connman_storage_save_service(service);
+ } else if (g_str_equal(name, "PrivateKeyPassphraseType") == TRUE) {
+ const char *private_key_pass_type;
+
+ dbus_message_iter_get_basic(&value, &private_key_pass_type);
+
+ if (g_strcmp0(private_key_pass_type, "fsid") == 0 &&
+ service->private_key_file != NULL) {
+ char *fsid;
+
+ fsid = config_pem_fsid(service->private_key_file);
+ if (fsid == NULL)
+ return __connman_error_invalid_arguments(msg);
+
+ g_free(service->private_key_passphrase);
+ service->private_key_passphrase = fsid;
+ }
+
+ __connman_storage_save_service(service);
+ } else if (g_str_equal(name, "Identity") == TRUE) {
+ const char *identity;
+
+ dbus_message_iter_get_basic(&value, &identity);
+
+ g_free(service->identity);
+ service->identity = g_strdup(identity);
+
+ __connman_storage_save_service(service);
+ } else if (g_str_equal(name, "Phase2") == TRUE) {
+ const char *phase2;
+
+ dbus_message_iter_get_basic(&value, &phase2);
+
+ g_free(service->phase2);
+ service->phase2 = g_strdup(phase2);
+
+ __connman_storage_save_service(service);
} else
return __connman_error_invalid_property(msg);
@@ -3647,6 +3764,33 @@ static int service_load(struct connman_service
*service)
g_free(hex_ssid);
}
+
+ service->eap = g_key_file_get_string(keyfile,
+ service->identifier, "EAP", NULL);
+
+ service->ca_cert_file = g_key_file_get_string(keyfile,
+ service->identifier,
+ "CACertFile", NULL);
+
+ service->client_cert_file = g_key_file_get_string(keyfile,
+ service->identifier,
+ "ClientCertFile", NULL);
+
+ service->private_key_file = g_key_file_get_string(keyfile,
+ service->identifier,
+ "PrivateKeyFile", NULL);
+
+ service->private_key_passphrase = g_key_file_get_string(keyfile,
+ service->identifier,
+ "PrivateKeyPassphrase", NULL);
+
+ service->phase2 = g_key_file_get_string(keyfile,
+ service->identifier,
+ "Phase2", NULL);
+
+ service->identity = g_key_file_get_string(keyfile,
+ service->identifier,
+ "Identity", NULL);
/* fall through */
case CONNMAN_SERVICE_TYPE_WIMAX:
@@ -3799,6 +3943,42 @@ update:
g_string_free(str, TRUE);
}
}
+
+ if (service->eap) {
+ g_key_file_set_string(keyfile, service->identifier,
+ "EAP", service->eap);
+
+ if (service->ca_cert_file)
+ g_key_file_set_string(keyfile, service->identifier,
+ "CACertFile",
+ service->ca_cert_file);
+
+ if (service->client_cert_file)
+ g_key_file_set_string(keyfile, service->identifier,
+ "ClientCertFile",
+ service->client_cert_file);
+
+ if (service->private_key_file)
+ g_key_file_set_string(keyfile, service->identifier,
+ "PrivateKeyFile",
+ service->private_key_file);
+
+ if (service->private_key_passphrase)
+ g_key_file_set_string(keyfile, service->identifier,
+ "PrivateKeyPassphrase",
+ service->private_key_passphrase);
+
+ if (service->phase2)
+ g_key_file_set_string(keyfile, service->identifier,
+ "Phase2",
+ service->phase2);
+
+ if (service->identity)
+ g_key_file_set_string(keyfile, service->identifier,
+ "Identity",
+ service->identity);
+
+ }
/* fall through */
case CONNMAN_SERVICE_TYPE_WIMAX:
--
1.7.1.1
_______________________________________________
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman
