Skip to content

Commit

Permalink
Implement 8021x (EAP) in network settings
Browse files Browse the repository at this point in the history
  • Loading branch information
jcronenberg committed Sep 10, 2024
1 parent ff3cf07 commit 7f96b94
Show file tree
Hide file tree
Showing 5 changed files with 676 additions and 1 deletion.
84 changes: 84 additions & 0 deletions rust/agama-lib/share/profile.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,90 @@
}
}
}
},
"ieee-8021x": {
"type": "object",
"title": "IEEE 802.1x (EAP) settings",
"properties": {
"eap": {
"type": "array",
"items": {
"title": "List of EAP methods used",
"type": "string",
"enum": [
"leap",
"md5",
"tls",
"peap",
"ttls",
"pwd",
"fast"
]
}
},
"phase2_auth": {
"title": "Phase 2 inner auth method",
"type": "string",
"enum": [
"pap",
"chap",
"mschap",
"mschapv2",
"gtc",
"otp",
"md5",
"tls"
]
},
"identity": {
"title": "Identity string, often for example the user's login name",
"type": "string"
},
"password": {
"title": "Password string used for EAP authentication",
"type": "string"
},
"ca_cert": {
"title": "Path to CA certificate",
"type": "string"
},
"ca_cert_password": {
"title": "Password string for CA certificate if it is encrypted",
"type": "string"
},
"client_cert": {
"title": "Path to client certificate",
"type": "string"
},
"client_cert_password": {
"title": "Password string for client certificate if it is encrypted",
"type": "string"
},
"private_key": {
"title": "Path to private key",
"type": "string"
},
"private_key_password": {
"title": "Password string for private key if it is encrypted",
"type": "string"
},
"anonymous_identity": {
"title": "Anonymous identity string for EAP authentication methods",
"type": "string"
},
"peap_version": {
"title": "Which PEAP version is used when PEAP is set as the EAP method in the 'eap' property",
"type": "string",
"enum": [
"0",
"1"
]
},
"peap_label": {
"title": "Force the use of the new PEAP label during key derivation",
"type": "boolean"
}
}
}
}
}
Expand Down
46 changes: 46 additions & 0 deletions rust/agama-lib/src/network/settings.rs
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,50 @@ impl Default for BondSettings {
}
}

/// IEEE 802.1x (EAP) settings
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct IEEE8021XSettings {
/// List of EAP methods used
#[serde(skip_serializing_if = "Vec::is_empty", default)]
pub eap: Vec<String>,
/// Phase 2 inner auth method
#[serde(skip_serializing_if = "Option::is_none")]
pub phase2_auth: Option<String>,
/// Identity string, often for example the user's login name
#[serde(skip_serializing_if = "Option::is_none")]
pub identity: Option<String>,
/// Password string used for EAP authentication
#[serde(skip_serializing_if = "Option::is_none")]
pub password: Option<String>,
/// Path to CA certificate
#[serde(skip_serializing_if = "Option::is_none")]
pub ca_cert: Option<String>,
/// Password string for CA certificate if it is encrypted
#[serde(skip_serializing_if = "Option::is_none")]
pub ca_cert_password: Option<String>,
/// Path to client certificate
#[serde(skip_serializing_if = "Option::is_none")]
pub client_cert: Option<String>,
/// Password string for client certificate if it is encrypted
#[serde(skip_serializing_if = "Option::is_none")]
pub client_cert_password: Option<String>,
/// Path to private key
#[serde(skip_serializing_if = "Option::is_none")]
pub private_key: Option<String>,
/// Password string for private key if it is encrypted
#[serde(skip_serializing_if = "Option::is_none")]
pub private_key_password: Option<String>,
/// Anonymous identity string for EAP authentication methods
#[serde(skip_serializing_if = "Option::is_none")]
pub anonymous_identity: Option<String>,
/// Which PEAP version is used when PEAP is set as the EAP method in the 'eap' property
#[serde(skip_serializing_if = "Option::is_none")]
pub peap_version: Option<String>,
/// Force the use of the new PEAP label during key derivation
#[serde(skip_serializing_if = "std::ops::Not::not")]
pub peap_label: bool,
}

#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct NetworkDevice {
pub id: String,
Expand Down Expand Up @@ -106,6 +150,8 @@ pub struct NetworkConnection {
pub status: Option<Status>,
#[serde(skip_serializing_if = "is_zero", default)]
pub mtu: u32,
#[serde(rename = "ieee-8021x", skip_serializing_if = "Option::is_none")]
pub ieee_8021x: Option<IEEE8021XSettings>,
}

fn is_zero(u: &u32) -> bool {
Expand Down
4 changes: 4 additions & 0 deletions rust/agama-server/src/network/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,10 @@ pub enum NetworkStateError {
InvalidWEPAuthAlg(String),
#[error("Invalid WEP key type: '{0}'")]
InvalidWEPKeyType(u32),
#[error("Invalid EAP method: '{0}'")]
InvalidEAPMethod(String),
#[error("Invalid phase2 authentication method: '{0}'")]
InvalidPhase2AuthMethod(String),
}

impl From<NetworkStateError> for zbus::fdo::Error {
Expand Down
Loading

0 comments on commit 7f96b94

Please sign in to comment.