| Top | |
|
|
|
NMSettingWirelessSecurityNMSettingWirelessSecurity — Describes connection properties for Wi-Fi networks that use WEP, LEAP, WPA or WPA2/RSN security |
| char * | auth-alg | Read / Write |
| int | fils | Read / Write |
| GStrv | group | Read / Write |
| char * | key-mgmt | Read / Write |
| char * | leap-password | Read / Write |
| NMSettingSecretFlags | leap-password-flags | Read / Write |
| char * | leap-username | Read / Write |
| GStrv | pairwise | Read / Write |
| int | pmf | Read / Write |
| GStrv | proto | Read / Write |
| char * | psk | Read / Write |
| NMSettingSecretFlags | psk-flags | Read / Write |
| NMSettingSecretFlags | wep-key-flags | Read / Write |
| NMWepKeyType | wep-key-type | Read / Write |
| char * | wep-key0 | Read / Write |
| char * | wep-key1 | Read / Write |
| char * | wep-key2 | Read / Write |
| char * | wep-key3 | Read / Write |
| guint | wep-tx-keyidx | Read / Write |
| guint | wps-method | Read / Write |
GEnum ├── NMSettingWirelessSecurityFils ├── NMSettingWirelessSecurityPmf ╰── NMWepKeyType GFlags ╰── NMSettingWirelessSecurityWpsMethod GObject ╰── NMSetting ╰── NMSettingWirelessSecurity
The NMSettingWirelessSecurity object is a NMSetting subclass that describes properties necessary for connection to encrypted Wi-Fi networks.
It's a good idea to read up on wpa_supplicant configuration before using this setting extensively, since most of the options here correspond closely with the relevant wpa_supplicant configuration options. To get a better overview of how Wi-Fi security works, you may want to get copies of the following books.
802.11 Wireless Networks: The Definitive Guide, Second Edition Author: Matthew Gast ISBN: 978-0596100520
Cisco Wireless LAN Security Authors: Krishna Sankar, Sri Sundaralingam, Darrin Miller, and Andrew Balinsky ISBN: 978-1587051548
NMSetting *
nm_setting_wireless_security_new (void);
Creates a new NMSettingWirelessSecurity object with default values.
const char *
nm_setting_wireless_security_get_key_mgmt
(NMSettingWirelessSecurity *setting);
guint32
nm_setting_wireless_security_get_num_protos
(NMSettingWirelessSecurity *setting);
const char * nm_setting_wireless_security_get_proto (NMSettingWirelessSecurity *setting,guint32 i);
gboolean nm_setting_wireless_security_add_proto (NMSettingWirelessSecurity *setting,const char *proto);
Adds a Wi-Fi security protocol (one of "wpa" or "rsn") to the allowed list; only protocols in this list will be used when finding and connecting to the Wi-Fi network specified by this connection. For example, if the protocol list contains only "wpa" but the access point for the SSID specified by this connection only supports WPA2/RSN, the connection cannot be used with the access point.
void nm_setting_wireless_security_remove_proto (NMSettingWirelessSecurity *setting,guint32 i);
Removes a protocol from the allowed protocol list.
gboolean nm_setting_wireless_security_remove_proto_by_value (NMSettingWirelessSecurity *setting,const char *proto);
Removes a protocol from the allowed protocol list.
void
nm_setting_wireless_security_clear_protos
(NMSettingWirelessSecurity *setting);
Removes all protocols from the allowed list. If there are no protocols specified then all protocols are allowed.
guint32
nm_setting_wireless_security_get_num_pairwise
(NMSettingWirelessSecurity *setting);
const char * nm_setting_wireless_security_get_pairwise (NMSettingWirelessSecurity *setting,guint32 i);
Returns the allowed pairwise encryption algorithm from allowed algorithm list.
gboolean nm_setting_wireless_security_add_pairwise (NMSettingWirelessSecurity *setting,const char *pairwise);
Adds an encryption algorithm to the list of allowed pairwise encryption algorithms. If the list is not empty, then only access points that support one or more of the encryption algorithms in the list will be considered compatible with this connection.
void nm_setting_wireless_security_remove_pairwise (NMSettingWirelessSecurity *setting,guint32 i);
Removes an encryption algorithm from the allowed pairwise encryption algorithm list.
gboolean nm_setting_wireless_security_remove_pairwise_by_value (NMSettingWirelessSecurity *setting,const char *pairwise);
Removes an encryption algorithm from the allowed pairwise encryption algorithm list.
void
nm_setting_wireless_security_clear_pairwise
(NMSettingWirelessSecurity *setting);
Removes all algorithms from the allowed list. If there are no algorithms specified then all pairwise encryption algorithms are allowed.
guint32
nm_setting_wireless_security_get_num_groups
(NMSettingWirelessSecurity *setting);
const char * nm_setting_wireless_security_get_group (NMSettingWirelessSecurity *setting,guint32 i);
Returns the allowed groupwise encryption algorithm from allowed algorithm list.
gboolean nm_setting_wireless_security_add_group (NMSettingWirelessSecurity *setting,const char *group);
Adds an encryption algorithm to the list of allowed groupwise encryption algorithms. If the list is not empty, then only access points that support one or more of the encryption algorithms in the list will be considered compatible with this connection.
void nm_setting_wireless_security_remove_group (NMSettingWirelessSecurity *setting,guint32 i);
Removes an encryption algorithm from the allowed groupwise encryption algorithm list.
gboolean nm_setting_wireless_security_remove_group_by_value (NMSettingWirelessSecurity *setting,const char *group);
Removes an encryption algorithm from the allowed groupwise encryption algorithm list.
void
nm_setting_wireless_security_clear_groups
(NMSettingWirelessSecurity *setting);
Removes all algorithms from the allowed list. If there are no algorithms specified then all groupwise encryption algorithms are allowed.
NMSettingWirelessSecurityPmf
nm_setting_wireless_security_get_pmf (NMSettingWirelessSecurity *setting);
const char *
nm_setting_wireless_security_get_psk (NMSettingWirelessSecurity *setting);
NMSettingSecretFlags
nm_setting_wireless_security_get_psk_flags
(NMSettingWirelessSecurity *setting);
const char *
nm_setting_wireless_security_get_leap_username
(NMSettingWirelessSecurity *setting);
const char *
nm_setting_wireless_security_get_leap_password
(NMSettingWirelessSecurity *setting);
NMSettingSecretFlags
nm_setting_wireless_security_get_leap_password_flags
(NMSettingWirelessSecurity *setting);
const char * nm_setting_wireless_security_get_wep_key (NMSettingWirelessSecurity *setting,guint32 idx);
void nm_setting_wireless_security_set_wep_key (NMSettingWirelessSecurity *setting,guint32 idx,const char *key);
Sets a WEP key in the given index.
setting |
||
idx |
the index of the key (0..3 inclusive) |
|
key |
the WEP key as a string, in either hexadecimal, ASCII, or passphrase form as determined by the value of the “wep-key-type” property. |
guint32
nm_setting_wireless_security_get_wep_tx_keyidx
(NMSettingWirelessSecurity *setting);
const char *
nm_setting_wireless_security_get_auth_alg
(NMSettingWirelessSecurity *setting);
NMSettingSecretFlags
nm_setting_wireless_security_get_wep_key_flags
(NMSettingWirelessSecurity *setting);
NMWepKeyType
nm_setting_wireless_security_get_wep_key_type
(NMSettingWirelessSecurity *setting);
NMSettingWirelessSecurityWpsMethod
nm_setting_wireless_security_get_wps_method
(NMSettingWirelessSecurity *setting);
Since: 1.10
NMSettingWirelessSecurityFils
nm_setting_wireless_security_get_fils (NMSettingWirelessSecurity *setting);
#define NM_SETTING_WIRELESS_SECURITY_SETTING_NAME "802-11-wireless-security"
The NMWepKeyType values specify how any WEP keys present in the setting are interpreted. There are no standards governing how to hash the various WEP key/passphrase formats into the actual WEP key. Unfortunately some WEP keys can be interpreted in multiple ways, requiring the setting to specify how to interpret the any WEP keys. For example, the key "732f2d712e4a394a375d366931" is both a valid Hexadecimal WEP key and a WEP passphrase. Further, many ASCII keys are also valid WEP passphrases, but since passphrases and ASCII keys are hashed differently to determine the actual WEP key the type must be specified.
|
unknown WEP key type |
||
|
indicates a hexadecimal or ASCII formatted WEP key. Hex keys are either 10 or 26 hexadecimal characters (ie "5f782f2f5f" or "732f2d712e4a394a375d366931"), while ASCII keys are either 5 or 13 ASCII characters (ie "abcde" or "blahblah99$*1"). |
||
|
indicates a WEP passphrase (ex "I bought a duck on my way back from the market 235Q&^%^*%") instead of a hexadecimal or ASCII key. Passphrases are between 8 and 64 characters inclusive and are hashed the actual WEP key using the MD5 hash algorithm. |
||
|
placeholder value for bounds-checking |
These flags indicate whether PMF must be enabled.
Configure the use of WPS by a connection while it activates.
Note: prior to 1.16, this was a GEnum type instead of a GFlags type although, with the same numeric values.
|
Attempt whichever method AP supports |
||
|
WPS can not be used. |
||
|
Use WPS, any method |
||
|
use WPS push-button method |
||
|
use PIN method |
Since: 1.10
These flags indicate whether FILS must be enabled.
|
use the default value |
||
|
disable FILS |
||
|
enable FILS if the supplicant and the AP support it |
||
|
require FILS and fail if not available |
||
|
placeholder value for bounds-checking |
||
|
placeholder value for bounds-checking |
Since: 1.12
#define NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX "wep-tx-keyidx"
#define NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME "leap-username"
#define NM_SETTING_WIRELESS_SECURITY_WEP_KEY_FLAGS "wep-key-flags"
#define NM_SETTING_WIRELESS_SECURITY_WEP_KEY_TYPE "wep-key-type"
#define NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD "leap-password"
#define NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD_FLAGS "leap-password-flags"
#define NM_SETTING_WIRELESS_SECURITY_WPS_METHOD "wps-method"
“auth-alg” property “auth-alg” char *
When WEP is used (ie, key-mgmt = "none" or "ieee8021x") indicate the 802.11 authentication algorithm required by the AP here. One of "open" for Open System, "shared" for Shared Key, or "leap" for Cisco LEAP. When using Cisco LEAP (ie, key-mgmt = "ieee8021x" and auth-alg = "leap") the "leap-username" and "leap-password" properties must be specified.
Owner: NMSettingWirelessSecurity
Flags: Read / Write
Default value: NULL
“fils” property “fils” int
Indicates whether Fast Initial Link Setup (802.11ai) must be enabled for
the connection. One of NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (use
global default value), NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE
(disable FILS), NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL (enable FILS
if the supplicant and the access point support it) or
NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED (enable FILS and fail if not
supported). When set to NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT and
no global default is set, FILS will be optionally enabled.
Owner: NMSettingWirelessSecurity
Flags: Read / Write
Default value: 0
Since: 1.12
“group” property“group” GStrv
A list of group/broadcast encryption algorithms which prevents connections to Wi-Fi networks that do not utilize one of the algorithms in the list. For maximum compatibility leave this property empty. Each list element may be one of "wep40", "wep104", "tkip", or "ccmp".
Owner: NMSettingWirelessSecurity
Flags: Read / Write
“key-mgmt” property “key-mgmt” char *
Key management used for the connection. One of "none" (WEP), "ieee8021x" (Dynamic WEP), "wpa-psk" (infrastructure WPA-PSK), "sae" (SAE), "owe" (Opportunistic Wireless Encryption), "wpa-eap" (WPA-Enterprise) or "wpa-eap-suite-b-192" (WPA3-Enterprise Suite B). This property must be set for any Wi-Fi connection that uses security.
Owner: NMSettingWirelessSecurity
Flags: Read / Write
Default value: NULL
“leap-password” property “leap-password” char *
The login password for legacy LEAP connections (ie, key-mgmt = "ieee8021x" and auth-alg = "leap").
Owner: NMSettingWirelessSecurity
Flags: Read / Write
Default value: NULL
“leap-password-flags” property“leap-password-flags” NMSettingSecretFlags
Flags indicating how to handle the “leap-password” property.
Owner: NMSettingWirelessSecurity
Flags: Read / Write
“leap-username” property “leap-username” char *
The login username for legacy LEAP connections (ie, key-mgmt = "ieee8021x" and auth-alg = "leap").
Owner: NMSettingWirelessSecurity
Flags: Read / Write
Default value: NULL
“pairwise” property“pairwise” GStrv
A list of pairwise encryption algorithms which prevents connections to Wi-Fi networks that do not utilize one of the algorithms in the list. For maximum compatibility leave this property empty. Each list element may be one of "tkip" or "ccmp".
Owner: NMSettingWirelessSecurity
Flags: Read / Write
“pmf” property “pmf” int
Indicates whether Protected Management Frames (802.11w) must be enabled
for the connection. One of NM_SETTING_WIRELESS_SECURITY_PMF_DEFAULT
(use global default value), NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE
(disable PMF), NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL (enable PMF if
the supplicant and the access point support it) or
NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED (enable PMF and fail if not
supported). When set to NM_SETTING_WIRELESS_SECURITY_PMF_DEFAULT and no
global default is set, PMF will be optionally enabled.
Owner: NMSettingWirelessSecurity
Flags: Read / Write
Default value: 0
Since: 1.10
“proto” property“proto” GStrv
List of strings specifying the allowed WPA protocol versions to use. Each element may be one "wpa" (allow WPA) or "rsn" (allow WPA2/RSN). If not specified, both WPA and RSN connections are allowed.
Owner: NMSettingWirelessSecurity
Flags: Read / Write
“psk” property “psk” char *
Pre-Shared-Key for WPA networks. For WPA-PSK, it's either an ASCII passphrase of 8 to 63 characters that is (as specified in the 802.11i standard) hashed to derive the actual key, or the key in form of 64 hexadecimal character. The WPA3-Personal networks use a passphrase of any length for SAE authentication.
Owner: NMSettingWirelessSecurity
Flags: Read / Write
Default value: NULL
“psk-flags” property“psk-flags” NMSettingSecretFlags
Flags indicating how to handle the “psk” property.
Owner: NMSettingWirelessSecurity
Flags: Read / Write
“wep-key-flags” property“wep-key-flags” NMSettingSecretFlags
Flags indicating how to handle the “wep-key0”, “wep-key1”, “wep-key2”, and “wep-key3” properties.
Owner: NMSettingWirelessSecurity
Flags: Read / Write
“wep-key-type” property“wep-key-type” NMWepKeyType
Controls the interpretation of WEP keys. Allowed values are
NM_WEP_KEY_TYPE_KEY, in which case the key is either a 10- or
26-character hexadecimal string, or a 5- or 13-character ASCII password;
or NM_WEP_KEY_TYPE_PASSPHRASE, in which case the passphrase is provided
as a string and will be hashed using the de-facto MD5 method to derive
the actual WEP key.
Owner: NMSettingWirelessSecurity
Flags: Read / Write
Default value: NM_WEP_KEY_TYPE_UNKNOWN
“wep-key0” property “wep-key0” char *
Index 0 WEP key. This is the WEP key used in most networks. See the "wep-key-type" property for a description of how this key is interpreted.
Owner: NMSettingWirelessSecurity
Flags: Read / Write
Default value: NULL
“wep-key1” property “wep-key1” char *
Index 1 WEP key. This WEP index is not used by most networks. See the "wep-key-type" property for a description of how this key is interpreted.
Owner: NMSettingWirelessSecurity
Flags: Read / Write
Default value: NULL
“wep-key2” property “wep-key2” char *
Index 2 WEP key. This WEP index is not used by most networks. See the "wep-key-type" property for a description of how this key is interpreted.
Owner: NMSettingWirelessSecurity
Flags: Read / Write
Default value: NULL
“wep-key3” property “wep-key3” char *
Index 3 WEP key. This WEP index is not used by most networks. See the "wep-key-type" property for a description of how this key is interpreted.
Owner: NMSettingWirelessSecurity
Flags: Read / Write
Default value: NULL
“wep-tx-keyidx” property“wep-tx-keyidx” guint
When static WEP is used (ie, key-mgmt = "none") and a non-default WEP key index is used by the AP, put that WEP key index here. Valid values are 0 (default key) through 3. Note that some consumer access points (like the Linksys WRT54G) number the keys 1 - 4.
Owner: NMSettingWirelessSecurity
Flags: Read / Write
Allowed values: <= 3
Default value: 0
“wps-method” property“wps-method” guint
Flags indicating which mode of WPS is to be used if any.
There's little point in changing the default setting as NetworkManager will automatically determine whether it's feasible to start WPS enrollment from the Access Point capabilities.
WPS can be disabled by setting this property to a value of 1.
Owner: NMSettingWirelessSecurity
Flags: Read / Write
Default value: 0
Since: 1.10