gi-nm-1.0.1: NM bindings
CopyrightWill Thompson and Iñaki García Etxebarria
LicenseLGPL-2.1
MaintainerIñaki García Etxebarria
Safe HaskellNone
LanguageHaskell2010

GI.NM.Objects.Setting8021x

Contents

Description

IEEE 802.1x Authentication Settings

Synopsis

Exported types

class (GObject o, IsDescendantOf Setting8021x o) => IsSetting8021x o Source #

Type class for types which can be safely cast to Setting8021x, for instance with toSetting8021x.

Instances

Instances details
(GObject o, IsDescendantOf Setting8021x o) => IsSetting8021x o Source # 
Instance details

Defined in GI.NM.Objects.Setting8021x

toSetting8021x :: (MonadIO m, IsSetting8021x o) => o -> m Setting8021x Source #

Cast to Setting8021x, for types for which this is known to be safe. For general casts, use castTo.

Methods

Click to display all available methods, including inherited ones

Expand

Methods

addAltsubjectMatch, addEapMethod, addPhase2AltsubjectMatch, bindProperty, bindPropertyFull, clearAltsubjectMatches, clearEapMethods, clearPhase2AltsubjectMatches, compare, diff, duplicate, enumerateValues, forceFloating, freezeNotify, getv, isFloating, notify, notifyByPspec, optionClearByName, optionGet, optionGetAllNames, optionGetBoolean, optionGetUint32, optionSet, optionSetBoolean, optionSetUint32, ref, refSink, removeAltsubjectMatch, removeAltsubjectMatchByValue, removeEapMethod, removeEapMethodByValue, removePhase2AltsubjectMatch, removePhase2AltsubjectMatchByValue, runDispose, stealData, stealQdata, thawNotify, toString, unref, verify, verifySecrets, watchClosure.

Getters

getAltsubjectMatch, getAnonymousIdentity, getAuthTimeout, getCaCertBlob, getCaCertPassword, getCaCertPasswordFlags, getCaCertPath, getCaCertScheme, getCaCertUri, getCaPath, getClientCertBlob, getClientCertPassword, getClientCertPasswordFlags, getClientCertPath, getClientCertScheme, getClientCertUri, getData, getDbusPropertyType, getDomainMatch, getDomainSuffixMatch, getEapMethod, getIdentity, getName, getNumAltsubjectMatches, getNumEapMethods, getNumPhase2AltsubjectMatches, getOpensslCiphers, getOptional, getPacFile, getPassword, getPasswordFlags, getPasswordRaw, getPasswordRawFlags, getPhase1AuthFlags, getPhase1FastProvisioning, getPhase1Peaplabel, getPhase1Peapver, getPhase2AltsubjectMatch, getPhase2Auth, getPhase2Autheap, getPhase2CaCertBlob, getPhase2CaCertPassword, getPhase2CaCertPasswordFlags, getPhase2CaCertPath, getPhase2CaCertScheme, getPhase2CaCertUri, getPhase2CaPath, getPhase2ClientCertBlob, getPhase2ClientCertPassword, getPhase2ClientCertPasswordFlags, getPhase2ClientCertPath, getPhase2ClientCertScheme, getPhase2ClientCertUri, getPhase2DomainMatch, getPhase2DomainSuffixMatch, getPhase2PrivateKeyBlob, getPhase2PrivateKeyFormat, getPhase2PrivateKeyPassword, getPhase2PrivateKeyPasswordFlags, getPhase2PrivateKeyPath, getPhase2PrivateKeyScheme, getPhase2PrivateKeyUri, getPhase2SubjectMatch, getPin, getPinFlags, getPrivateKeyBlob, getPrivateKeyFormat, getPrivateKeyPassword, getPrivateKeyPasswordFlags, getPrivateKeyPath, getPrivateKeyScheme, getPrivateKeyUri, getProperty, getQdata, getSecretFlags, getSubjectMatch, getSystemCaCerts.

Setters

setCaCert, setClientCert, setData, setDataFull, setPhase2CaCert, setPhase2ClientCert, setPhase2PrivateKey, setPrivateKey, setProperty, setSecretFlags.

addAltsubjectMatch

setting8021xAddAltsubjectMatch Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> Text

altsubjectMatch: the altSubjectName to allow for this connection

-> m Bool

Returns: True if the alternative subject name match was successfully added, False if it was already allowed.

Adds an allowed alternate subject name match. Until at least one match is added, the altSubjectName of the remote authentication server is not verified.

addEapMethod

setting8021xAddEapMethod Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> Text

eap: the name of the EAP method to allow for this connection

-> m Bool

Returns: True if the EAP method was successfully added, False if it was not a valid method or if it was already allowed.

Adds an allowed EAP method. The setting is not valid until at least one EAP method has been added. See Setting8021x:eap property for a list of allowed EAP methods.

addPhase2AltsubjectMatch

setting8021xAddPhase2AltsubjectMatch Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> Text

phase2AltsubjectMatch: the "phase 2" altSubjectName to allow for this connection

-> m Bool

Returns: True if the "phase 2" alternative subject name match was successfully added, False if it was already allowed.

Adds an allowed alternate subject name match for "phase 2". Until at least one match is added, the altSubjectName of the "phase 2" remote authentication server is not verified.

checkCertScheme

setting8021xCheckCertScheme Source #

Arguments

:: (HasCallStack, MonadIO m) 
=> Ptr ()

pdata: the data pointer

-> CSize

length: the length of the data

-> m Setting8021xCKScheme

Returns: the scheme of the blob or Setting8021xCKSchemeUnknown. For NULL it also returns NM_SETTING_802_1X_CK_SCHEME_UNKNOWN. (Can throw GError)

Determines and verifies the blob type. When setting certificate properties of NMSetting8021x the blob must be not UNKNOWN (or NULL).

Since: 1.2

clearAltsubjectMatches

setting8021xClearAltsubjectMatches Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m () 

Clears all altSubjectName matches.

clearEapMethods

setting8021xClearEapMethods Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m () 

Clears all allowed EAP methods.

clearPhase2AltsubjectMatches

setting8021xClearPhase2AltsubjectMatches Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m () 

Clears all "phase 2" altSubjectName matches.

getAltsubjectMatch

setting8021xGetAltsubjectMatch Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the SettingConnection

-> Word32

i: the zero-based index of the array of altSubjectName matches

-> m Text

Returns: the altSubjectName match at index i

Returns the altSubjectName match at index i.

getAnonymousIdentity

setting8021xGetAnonymousIdentity Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the anonymous identifier

Returns the anonymous identifier used by some EAP methods (like TTLS) to authenticate the user in the outer unencrypted "phase 1" authentication. The inner "phase 2" authentication will use the Setting8021x:identity in a secure form, if applicable for that EAP method.

getAuthTimeout

setting8021xGetAuthTimeout Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Int32

Returns: the configured authentication timeout in seconds. Zero means the global default value.

Returns the value contained in the Setting8021x:authTimeout property.

Since: 1.8

getCaCertBlob

setting8021xGetCaCertBlob Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Bytes

Returns: the CA certificate data

Returns the CA certificate blob if the CA certificate is stored using the Setting8021xCKSchemeBlob scheme. Not all EAP methods use a CA certificate (LEAP for example), and those that can take advantage of the CA certificate allow it to be unset. Note that lack of a CA certificate reduces security by allowing man-in-the-middle attacks, because the identity of the network cannot be confirmed by the client.

getCaCertPassword

setting8021xGetCaCertPassword Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the password used to access the CA certificate stored in Setting8021x:caCert property. Only makes sense if the certificate is stored on a PKCS#<!-- -->11 token that requires a login.

No description available in the introspection data.

Since: 1.8

getCaCertPasswordFlags

setting8021xGetCaCertPasswordFlags Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m [SettingSecretFlags]

Returns: the SettingSecretFlags pertaining to the Setting8021x:caCertPassword

No description available in the introspection data.

Since: 1.8

getCaCertPath

setting8021xGetCaCertPath Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: path to the CA certificate file

Returns the CA certificate path if the CA certificate is stored using the Setting8021xCKSchemePath scheme. Not all EAP methods use a CA certificate (LEAP for example), and those that can take advantage of the CA certificate allow it to be unset. Note that lack of a CA certificate reduces security by allowing man-in-the-middle attacks, because the identity of the network cannot be confirmed by the client.

getCaCertScheme

setting8021xGetCaCertScheme Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Setting8021xCKScheme

Returns: scheme used to store the CA certificate (blob or path)

Returns the scheme used to store the CA certificate. If the returned scheme is Setting8021xCKSchemeBlob, use setting8021xGetCaCertBlob; if Setting8021xCKSchemePath, use setting8021xGetCaCertPath; if Setting8021xCKSchemePkcs11, use setting8021xGetCaCertUri.

getCaCertUri

setting8021xGetCaCertUri Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the URI string

Returns the CA certificate URI analogously to setting8021xGetCaCertBlob and setting8021xGetCaCertPath.

Currently, it's limited to PKCS11 URIs ('pkcs11' scheme as defined by RFC 7512), but may be extended to other schemes in future (such as 'file' URIs for local files and 'data' URIs for inline certificate data).

Since: 1.6

getCaPath

setting8021xGetCaPath Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the CA certificate directory path

Returns the path of the CA certificate directory if previously set. Systems will often have a directory that contains multiple individual CA certificates which the supplicant can then add to the verification chain. This may be used in addition to the Setting8021x:caCert property to add more CA certificates for verifying the network to client.

getClientCertBlob

setting8021xGetClientCertBlob Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Bytes

Returns: the client certificate data

Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.

getClientCertPassword

setting8021xGetClientCertPassword Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the password used to access the client certificate stored in Setting8021x:clientCert property. Only makes sense if the certificate is stored on a PKCS#<!-- -->11 token that requires a login.

No description available in the introspection data.

Since: 1.8

getClientCertPasswordFlags

setting8021xGetClientCertPasswordFlags Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m [SettingSecretFlags]

Returns: the SettingSecretFlags pertaining to the Setting8021x:clientCertPassword

No description available in the introspection data.

Since: 1.8

getClientCertPath

setting8021xGetClientCertPath Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: path to the client certificate file

Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.

getClientCertScheme

setting8021xGetClientCertScheme Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Setting8021xCKScheme

Returns: scheme used to store the client certificate (blob or path)

Returns the scheme used to store the client certificate. If the returned scheme is Setting8021xCKSchemeBlob, use setting8021xGetClientCertBlob; if Setting8021xCKSchemePath, use setting8021xGetClientCertPath; if Setting8021xCKSchemePkcs11, use setting8021xGetClientCertUri.

getClientCertUri

setting8021xGetClientCertUri Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the URI string

Returns the client certificate URI analogously to setting8021xGetClientCertBlob and setting8021xGetClientCertPath.

Currently, it's limited to PKCS11 URIs ('pkcs11' scheme as defined by RFC 7512), but may be extended to other schemes in future (such as 'file' URIs for local files and 'data' URIs for inline certificate data).

Since: 1.6

getDomainMatch

setting8021xGetDomainMatch Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the Setting8021x:domainMatch property.

No description available in the introspection data.

Since: 1.24

getDomainSuffixMatch

setting8021xGetDomainSuffixMatch Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the Setting8021x:domainSuffixMatch property.

No description available in the introspection data.

Since: 1.2

getEapMethod

setting8021xGetEapMethod Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> Word32

i: the index of the EAP method name to return

-> m Text

Returns: the name of the allowed EAP method at index i

Returns the name of the allowed EAP method at index i.

getIdentity

setting8021xGetIdentity Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the user identifier

Returns the identifier used by some EAP methods (like TLS) to authenticate the user. Often this is a username or login name.

getNumAltsubjectMatches

setting8021xGetNumAltsubjectMatches Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Word32

Returns: the number of altsubject-matches entries.

Returns the number of entries in the Setting8021x:altsubjectMatches property of this setting.

getNumEapMethods

setting8021xGetNumEapMethods Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Word32

Returns: the number of allowed EAP methods

Returns the number of eap methods allowed for use when connecting to the network. Generally only one EAP method is used. Use the functions setting8021xGetEapMethod, setting8021xAddEapMethod, and setting8021xRemoveEapMethod for adding, removing, and retrieving allowed EAP methods.

getNumPhase2AltsubjectMatches

setting8021xGetNumPhase2AltsubjectMatches Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Word32

Returns: the number of phase2-altsubject-matches entries.

Returns the number of entries in the Setting8021x:phase2AltsubjectMatches property of this setting.

getOpensslCiphers

setting8021xGetOpensslCiphers Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: cipher string for tls setup in wpa_supplicant.

Returns the openssl_ciphers configuration for wpa_supplicant.

Since: 1.48

getOptional

setting8021xGetOptional Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Bool

Returns: True if the activation should proceed even when the 802.1X authentication fails; False otherwise

Returns the value contained in the Setting8021x:optional property.

Since: 1.22

getPacFile

setting8021xGetPacFile Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the PAC file

Returns the file containing PAC credentials used by EAP-FAST method.

getPassword

setting8021xGetPassword Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the password used by the authentication method, if any, as specified by the Setting8021x:password property

No description available in the introspection data.

getPasswordFlags

setting8021xGetPasswordFlags Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m [SettingSecretFlags]

Returns: the SettingSecretFlags pertaining to the Setting8021x:password

No description available in the introspection data.

getPasswordRaw

setting8021xGetPasswordRaw Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Bytes

Returns: the password used by the authentication method as a UTF-8-encoded array of bytes, as specified by the Setting8021x:passwordRaw property

No description available in the introspection data.

getPasswordRawFlags

setting8021xGetPasswordRawFlags Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m [SettingSecretFlags]

Returns: the SettingSecretFlags pertaining to the Setting8021x:passwordRaw

No description available in the introspection data.

getPhase1AuthFlags

setting8021xGetPhase1AuthFlags Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m [Setting8021xAuthFlags]

Returns: the authentication flags for "phase 1".

No description available in the introspection data.

Since: 1.8

getPhase1FastProvisioning

setting8021xGetPhase1FastProvisioning Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: whether "phase 1" PEAP fast provisioning should be used, as specified by the Setting8021x:phase1FastProvisioning property. See the wpa_supplicant documentation for more details.

No description available in the introspection data.

getPhase1Peaplabel

setting8021xGetPhase1Peaplabel Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: whether the "phase 1" PEAP label is new-style or old-style, to be used when authenticating with EAP-PEAP, as contained in the Setting8021x:phase1Peaplabel property. Valid values are Nothing (unset), "0" (use old-style label), and "1" (use new-style label). See the wpa_supplicant documentation for more details.

No description available in the introspection data.

getPhase1Peapver

setting8021xGetPhase1Peapver Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the "phase 1" PEAP version to be used when authenticating with EAP-PEAP as contained in the Setting8021x:phase1Peapver property. Valid values are Nothing (unset), "0" (PEAP version 0), and "1" (PEAP version 1).

No description available in the introspection data.

getPhase2AltsubjectMatch

setting8021xGetPhase2AltsubjectMatch Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the SettingConnection

-> Word32

i: the zero-based index of the array of "phase 2" altSubjectName matches

-> m Text

Returns: the "phase 2" altSubjectName match at index i

Returns the "phase 2" altSubjectName match at index i.

getPhase2Auth

setting8021xGetPhase2Auth Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the "phase 2" non-EAP (ex MD5) allowed authentication method as specified by the Setting8021x:phase2Auth property.

No description available in the introspection data.

getPhase2Autheap

setting8021xGetPhase2Autheap Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the "phase 2" EAP-based (ex TLS) allowed authentication method as specified by the Setting8021x:phase2Autheap property.

No description available in the introspection data.

getPhase2CaCertBlob

setting8021xGetPhase2CaCertBlob Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Bytes

Returns: the "phase 2" CA certificate data

Returns the "phase 2" CA certificate blob if the CA certificate is stored using the Setting8021xCKSchemeBlob scheme. Not all EAP methods use a CA certificate (LEAP for example), and those that can take advantage of the CA certificate allow it to be unset. Note that lack of a CA certificate reduces security by allowing man-in-the-middle attacks, because the identity of the network cannot be confirmed by the client.

getPhase2CaCertPassword

setting8021xGetPhase2CaCertPassword Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the password used to access the "phase2" CA certificate stored in Setting8021x:phase2CaCert property. Only makes sense if the certificate is stored on a PKCS#<!-- -->11 token that requires a login.

No description available in the introspection data.

Since: 1.8

getPhase2CaCertPasswordFlags

setting8021xGetPhase2CaCertPasswordFlags Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m [SettingSecretFlags]

Returns: the SettingSecretFlags pertaining to the Setting8021x:phase2PrivateKeyPassword

No description available in the introspection data.

Since: 1.8

getPhase2CaCertPath

setting8021xGetPhase2CaCertPath Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: path to the "phase 2" CA certificate file

Returns the "phase 2" CA certificate path if the CA certificate is stored using the Setting8021xCKSchemePath scheme. Not all EAP methods use a CA certificate (LEAP for example), and those that can take advantage of the CA certificate allow it to be unset. Note that lack of a CA certificate reduces security by allowing man-in-the-middle attacks, because the identity of the network cannot be confirmed by the client.

getPhase2CaCertScheme

setting8021xGetPhase2CaCertScheme Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Setting8021xCKScheme

Returns: scheme used to store the "phase 2" CA certificate (blob or path)

Returns the scheme used to store the "phase 2" CA certificate. If the returned scheme is Setting8021xCKSchemeBlob, use setting8021xGetCaCertBlob; if Setting8021xCKSchemePath, use setting8021xGetCaCertPath; if Setting8021xCKSchemePkcs11, use setting8021xGetCaCertUri.

getPhase2CaCertUri

setting8021xGetPhase2CaCertUri Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the URI string

Returns the "phase 2" CA certificate URI analogously to setting8021xGetPhase2CaCertBlob and setting8021xGetPhase2CaCertPath.

Currently, it's limited to PKCS#<!-- -->11 URIs ('pkcs11' scheme as defined by RFC 7512), but may be extended to other schemes in future (such as 'file' URIs for local files and 'data' URIs for inline certificate data).

Since: 1.6

getPhase2CaPath

setting8021xGetPhase2CaPath Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the "phase 2" CA certificate directory path

Returns the path of the "phase 2" CA certificate directory if previously set. Systems will often have a directory that contains multiple individual CA certificates which the supplicant can then add to the verification chain. This may be used in addition to the Setting8021x:phase2CaCert property to add more CA certificates for verifying the network to client.

getPhase2ClientCertBlob

setting8021xGetPhase2ClientCertBlob Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Bytes

Returns: the "phase 2" client certificate data

Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.

getPhase2ClientCertPassword

setting8021xGetPhase2ClientCertPassword Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the password used to access the "phase2" client certificate stored in Setting8021x:phase2ClientCert property. Only makes sense if the certificate is stored on a PKCS#<!-- -->11 token that requires a login.

No description available in the introspection data.

Since: 1.8

getPhase2ClientCertPasswordFlags

setting8021xGetPhase2ClientCertPasswordFlags Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m [SettingSecretFlags]

Returns: the SettingSecretFlags pertaining to the Setting8021x:phase2ClientCertPassword

No description available in the introspection data.

Since: 1.8

getPhase2ClientCertPath

setting8021xGetPhase2ClientCertPath Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: path to the "phase 2" client certificate file

Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.

getPhase2ClientCertScheme

setting8021xGetPhase2ClientCertScheme Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Setting8021xCKScheme

Returns: scheme used to store the "phase 2" client certificate (blob or path)

Returns the scheme used to store the "phase 2" client certificate. If the returned scheme is Setting8021xCKSchemeBlob, use setting8021xGetClientCertBlob; if Setting8021xCKSchemePath, use setting8021xGetClientCertPath; if Setting8021xCKSchemePkcs11, use setting8021xGetClientCertUri.

getPhase2ClientCertUri

setting8021xGetPhase2ClientCertUri Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the URI string

Returns the "phase 2" client certificate URI analogously to setting8021xGetPhase2CaCertBlob and setting8021xGetPhase2CaCertPath.

Currently, it's limited to PKCS#<!-- -->11 URIs ('pkcs11' scheme as defined by RFC 7512), but may be extended to other schemes in future (such as 'file' URIs for local files and 'data' URIs for inline certificate data).

Since: 1.6

getPhase2DomainMatch

setting8021xGetPhase2DomainMatch Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the Setting8021x:phase2DomainMatch property.

No description available in the introspection data.

Since: 1.24

getPhase2DomainSuffixMatch

setting8021xGetPhase2DomainSuffixMatch Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the Setting8021x:phase2DomainSuffixMatch property.

No description available in the introspection data.

Since: 1.2

getPhase2PrivateKeyBlob

setting8021xGetPhase2PrivateKeyBlob Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Bytes

Returns: the "phase 2" private key data

Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.

WARNING: the phase2 private key property is not a "secret" property, and thus unencrypted private key data may be readable by unprivileged users. Private keys should always be encrypted with a private key password.

getPhase2PrivateKeyFormat

setting8021xGetPhase2PrivateKeyFormat Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Setting8021xCKFormat

Returns: the data format of the "phase 2" private key data stored in the Setting8021x:phase2PrivateKey property

No description available in the introspection data.

getPhase2PrivateKeyPassword

setting8021xGetPhase2PrivateKeyPassword Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the private key password used to decrypt the private key if previously set with setting8021xSetPhase2PrivateKey or the Setting8021x:phase2PrivateKeyPassword property.

No description available in the introspection data.

getPhase2PrivateKeyPasswordFlags

setting8021xGetPhase2PrivateKeyPasswordFlags Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m [SettingSecretFlags]

Returns: the SettingSecretFlags pertaining to the Setting8021x:phase2PrivateKeyPassword

No description available in the introspection data.

getPhase2PrivateKeyPath

setting8021xGetPhase2PrivateKeyPath Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: path to the "phase 2" private key file

Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.

getPhase2PrivateKeyScheme

setting8021xGetPhase2PrivateKeyScheme Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Setting8021xCKScheme

Returns: scheme used to store the "phase 2" private key (blob or path)

Returns the scheme used to store the "phase 2" private key. If the returned scheme is Setting8021xCKSchemeBlob, use setting8021xGetClientCertBlob; if Setting8021xCKSchemePath, use setting8021xGetClientCertPath; if Setting8021xCKSchemePkcs11, use setting8021xGetClientCertUri.

getPhase2PrivateKeyUri

setting8021xGetPhase2PrivateKeyUri Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the URI string

Returns the "phase 2" private key URI analogously to setting8021xGetPhase2PrivateKeyBlob and setting8021xGetPhase2PrivateKeyPath.

Currently, it's limited to PKCS#<!-- -->11 URIs ('pkcs11' scheme as defined by RFC 7512), but may be extended to other schemes in future (such as 'file' URIs for local files and 'data' URIs for inline certificate data).

Since: 1.6

getPhase2SubjectMatch

setting8021xGetPhase2SubjectMatch Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the Setting8021x:phase2SubjectMatch property. This is the substring to be matched against the subject of the "phase 2" authentication server certificate, or Nothing no subject verification is to be performed.

No description available in the introspection data.

getPin

setting8021xGetPin Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the PIN used by the authentication method, if any, as specified by the Setting8021x:pin property

No description available in the introspection data.

getPinFlags

setting8021xGetPinFlags Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m [SettingSecretFlags]

Returns: the SettingSecretFlags pertaining to the Setting8021x:pin

No description available in the introspection data.

getPrivateKeyBlob

setting8021xGetPrivateKeyBlob Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Bytes

Returns: the private key data

Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.

WARNING: the private key property is not a "secret" property, and thus unencrypted private key data may be readable by unprivileged users. Private keys should always be encrypted with a private key password.

getPrivateKeyFormat

setting8021xGetPrivateKeyFormat Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Setting8021xCKFormat

Returns: the data format of the private key data stored in the Setting8021x:privateKey property

No description available in the introspection data.

getPrivateKeyPassword

setting8021xGetPrivateKeyPassword Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the private key password used to decrypt the private key if previously set with setting8021xSetPrivateKey, or the Setting8021x:privateKeyPassword property.

No description available in the introspection data.

getPrivateKeyPasswordFlags

setting8021xGetPrivateKeyPasswordFlags Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m [SettingSecretFlags]

Returns: the SettingSecretFlags pertaining to the Setting8021x:privateKeyPassword

No description available in the introspection data.

getPrivateKeyPath

setting8021xGetPrivateKeyPath Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: path to the private key file

Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.

getPrivateKeyScheme

setting8021xGetPrivateKeyScheme Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Setting8021xCKScheme

Returns: scheme used to store the private key (blob or path)

getPrivateKeyUri

setting8021xGetPrivateKeyUri Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the URI string

Returns the private key URI analogously to setting8021xGetPrivateKeyBlob and setting8021xGetPrivateKeyPath.

Currently, it's limited to PKCS#<!-- -->11 URIs ('pkcs11' scheme as defined by RFC 7512), but may be extended to other schemes in future (such as 'file' URIs for local files and 'data' URIs for inline certificate data).

Since: 1.6

getSubjectMatch

setting8021xGetSubjectMatch Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Text

Returns: the Setting8021x:subjectMatch property. This is the substring to be matched against the subject of the authentication server certificate, or Nothing no subject verification is to be performed.

No description available in the introspection data.

getSystemCaCerts

setting8021xGetSystemCaCerts Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> m Bool

Returns: True if a system CA certificate path should be used, False if not

Sets the Setting8021x:systemCaCerts property. The Setting8021x:caPath and Setting8021x:phase2CaPath properties are ignored if the Setting8021x:systemCaCerts property is True, in which case a system-wide CA certificate directory specified at compile time (using the --system-ca-path configure option) is used in place of these properties.

new

setting8021xNew Source #

Arguments

:: (HasCallStack, MonadIO m) 
=> m Setting8021x

Returns: the new empty Setting8021x object

Creates a new Setting8021x object with default values.

removeAltsubjectMatch

setting8021xRemoveAltsubjectMatch Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> Word32

i: the index of the altSubjectName match to remove

-> m () 

Removes the allowed altSubjectName at the specified index.

removeAltsubjectMatchByValue

setting8021xRemoveAltsubjectMatchByValue Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> Text

altsubjectMatch: the altSubjectName to remove

-> m Bool

Returns: True if the alternative subject name match was found and removed, False if it was not.

Removes the allowed altSubjectName altsubjectMatch.

removeEapMethod

setting8021xRemoveEapMethod Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> Word32

i: the index of the EAP method to remove

-> m () 

Removes the allowed EAP method at the specified index.

removeEapMethodByValue

setting8021xRemoveEapMethodByValue Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> Text

eap: the name of the EAP method to remove

-> m Bool

Returns: True if the EAP method was founs and removed, False if it was not.

Removes the allowed EAP method method.

removePhase2AltsubjectMatch

setting8021xRemovePhase2AltsubjectMatch Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> Word32

i: the index of the "phase 2" altSubjectName match to remove

-> m () 

Removes the allowed "phase 2" altSubjectName at the specified index.

removePhase2AltsubjectMatchByValue

setting8021xRemovePhase2AltsubjectMatchByValue Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> Text

phase2AltsubjectMatch: the "phase 2" altSubjectName to remove

-> m Bool

Returns: True if the alternative subject name match for "phase 2" was found and removed, False if it was not.

Removes the allowed "phase 2" altSubjectName phase2AltsubjectMatch.

setCaCert

setting8021xSetCaCert Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> Text

value: when scheme is set to either Setting8021xCKSchemePath or Setting8021xCKSchemeBlob, pass the path of the CA certificate file (PEM or DER format). The path must be UTF-8 encoded; use filenameToUtf8 to convert if needed. Passing Nothing with any scheme clears the CA certificate.

-> Setting8021xCKScheme

scheme: desired storage scheme for the certificate

-> Setting8021xCKFormat

outFormat: on successful return, the type of the certificate added

-> m ()

(Can throw GError)

Reads a certificate from disk and sets the Setting8021x:caCert property with the raw certificate data if using the Setting8021xCKSchemeBlob scheme, or with the path to the certificate file if using the Setting8021xCKSchemePath scheme.

setClientCert

setting8021xSetClientCert Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> Text

value: when scheme is set to either Setting8021xCKSchemePath or Setting8021xCKSchemeBlob, pass the path of the client certificate file (PEM, DER, or PKCS#<!-- -->12 format). The path must be UTF-8 encoded; use filenameToUtf8 to convert if needed. Passing Nothing with any scheme clears the client certificate.

-> Setting8021xCKScheme

scheme: desired storage scheme for the certificate

-> Setting8021xCKFormat

outFormat: on successful return, the type of the certificate added

-> m ()

(Can throw GError)

Reads a certificate from disk and sets the Setting8021x:clientCert property with the raw certificate data if using the Setting8021xCKSchemeBlob scheme, or with the path to the certificate file if using the Setting8021xCKSchemePath scheme.

Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.

setPhase2CaCert

setting8021xSetPhase2CaCert Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> Text

value: when scheme is set to either Setting8021xCKSchemePath or Setting8021xCKSchemeBlob, pass the path of the "phase2" CA certificate file (PEM or DER format). The path must be UTF-8 encoded; use filenameToUtf8 to convert if needed. Passing Nothing with any scheme clears the "phase2" CA certificate.

-> Setting8021xCKScheme

scheme: desired storage scheme for the certificate

-> Setting8021xCKFormat

outFormat: on successful return, the type of the certificate added

-> m ()

(Can throw GError)

Reads a certificate from disk and sets the Setting8021x:phase2CaCert property with the raw certificate data if using the Setting8021xCKSchemeBlob scheme, or with the path to the certificate file if using the Setting8021xCKSchemePath scheme.

setPhase2ClientCert

setting8021xSetPhase2ClientCert Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> Text

value: when scheme is set to either Setting8021xCKSchemePath or Setting8021xCKSchemeBlob, pass the path of the "phase2" client certificate file (PEM, DER, or PKCS#<!-- -->12 format). The path must be UTF-8 encoded; use filenameToUtf8 to convert if needed. Passing Nothing with any scheme clears the "phase2" client certificate.

-> Setting8021xCKScheme

scheme: desired storage scheme for the certificate

-> Setting8021xCKFormat

outFormat: on successful return, the type of the certificate added

-> m ()

(Can throw GError)

Reads a certificate from disk and sets the Setting8021x:phase2ClientCert property with the raw certificate data if using the Setting8021xCKSchemeBlob scheme, or with the path to the certificate file if using the Setting8021xCKSchemePath scheme.

Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.

setPhase2PrivateKey

setting8021xSetPhase2PrivateKey Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> Text

value: when scheme is set to either Setting8021xCKSchemePath or Setting8021xCKSchemeBlob, pass the path of the "phase2" private key file (PEM, DER, or PKCS#<!-- -->12 format). The path must be UTF-8 encoded; use filenameToUtf8 to convert if needed. Passing Nothing with any scheme clears the private key.

-> Text

password: password used to decrypt the private key, or Nothing if the password is unknown. If the password is given but fails to decrypt the private key, an error is returned.

-> Setting8021xCKScheme

scheme: desired storage scheme for the private key

-> Setting8021xCKFormat

outFormat: on successful return, the type of the private key added

-> m ()

(Can throw GError)

Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.

This function reads a private key from disk and sets the Setting8021x:phase2PrivateKey property with the private key file data if using the Setting8021xCKSchemeBlob scheme, or with the path to the private key file if using the Setting8021xCKSchemePath scheme.

If password is given, this function attempts to decrypt the private key to verify that password is correct, and if it is, updates the Setting8021x:phase2PrivateKeyPassword property with the given password. If the decryption is unsuccessful, False is returned, error is set, and no internal data is changed. If no password is given, the private key is assumed to be valid, no decryption is performed, and the password may be set at a later time.

WARNING: the "phase2" private key property is not a "secret" property, and thus unencrypted private key data using the BLOB scheme may be readable by unprivileged users. Private keys should always be encrypted with a private key password to prevent unauthorized access to unencrypted private key data.

setPrivateKey

setting8021xSetPrivateKey Source #

Arguments

:: (HasCallStack, MonadIO m, IsSetting8021x a) 
=> a

setting: the Setting8021x

-> Text

value: when scheme is set to either Setting8021xCKSchemePath or Setting8021xCKSchemeBlob, pass the path of the private key file (PEM, DER, or PKCS#<!-- -->12 format). The path must be UTF-8 encoded; use filenameToUtf8 to convert if needed. Passing Nothing with any scheme clears the private key.

-> Text

password: password used to decrypt the private key, or Nothing if the password is unknown. If the password is given but fails to decrypt the private key, an error is returned.

-> Setting8021xCKScheme

scheme: desired storage scheme for the private key

-> Setting8021xCKFormat

outFormat: on successful return, the type of the private key added

-> m ()

(Can throw GError)

Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.

This function reads a private key from disk and sets the Setting8021x:privateKey property with the private key file data if using the Setting8021xCKSchemeBlob scheme, or with the path to the private key file if using the Setting8021xCKSchemePath scheme.

If password is given, this function attempts to decrypt the private key to verify that password is correct, and if it is, updates the Setting8021x:privateKeyPassword property with the given password. If the decryption is unsuccessful, False is returned, error is set, and no internal data is changed. If no password is given, the private key is assumed to be valid, no decryption is performed, and the password may be set at a later time.

WARNING: the private key property is not a "secret" property, and thus unencrypted private key data using the BLOB scheme may be readable by unprivileged users. Private keys should always be encrypted with a private key password to prevent unauthorized access to unencrypted private key data.

Properties

altsubjectMatches

List of strings to be matched against the altSubjectName of the certificate presented by the authentication server. If the list is empty, no verification of the server certificate's altSubjectName is performed.

clearSetting8021xAltsubjectMatches :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “altsubject-matches” property to Nothing. When overloading is enabled, this is equivalent to

clear #altsubjectMatches

constructSetting8021xAltsubjectMatches :: (IsSetting8021x o, MonadIO m) => [Text] -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “altsubject-matches” property. This is rarely needed directly, but it is used by new.

getSetting8021xAltsubjectMatches :: (MonadIO m, IsSetting8021x o) => o -> m (Maybe [Text]) Source #

Get the value of the “altsubject-matches” property. When overloading is enabled, this is equivalent to

get setting8021x #altsubjectMatches

setSetting8021xAltsubjectMatches :: (MonadIO m, IsSetting8021x o) => o -> [Text] -> m () Source #

Set the value of the “altsubject-matches” property. When overloading is enabled, this is equivalent to

set setting8021x [ #altsubjectMatches := value ]

anonymousIdentity

Anonymous identity string for EAP authentication methods. Used as the unencrypted identity with EAP types that support different tunneled identity like EAP-TTLS.

clearSetting8021xAnonymousIdentity :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “anonymous-identity” property to Nothing. When overloading is enabled, this is equivalent to

clear #anonymousIdentity

constructSetting8021xAnonymousIdentity :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “anonymous-identity” property. This is rarely needed directly, but it is used by new.

getSetting8021xAnonymousIdentity :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “anonymous-identity” property. When overloading is enabled, this is equivalent to

get setting8021x #anonymousIdentity

setSetting8021xAnonymousIdentity :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “anonymous-identity” property. When overloading is enabled, this is equivalent to

set setting8021x [ #anonymousIdentity := value ]

authTimeout

A timeout for the authentication. Zero means the global default; if the global default is not set, the authentication timeout is 25 seconds.

Since: 1.8

constructSetting8021xAuthTimeout :: (IsSetting8021x o, MonadIO m) => Int32 -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “auth-timeout” property. This is rarely needed directly, but it is used by new.

getSetting8021xAuthTimeout :: (MonadIO m, IsSetting8021x o) => o -> m Int32 Source #

Get the value of the “auth-timeout” property. When overloading is enabled, this is equivalent to

get setting8021x #authTimeout

setSetting8021xAuthTimeout :: (MonadIO m, IsSetting8021x o) => o -> Int32 -> m () Source #

Set the value of the “auth-timeout” property. When overloading is enabled, this is equivalent to

set setting8021x [ #authTimeout := value ]

caCert

Contains the CA certificate if used by the EAP method specified in the Setting8021x:eap property.

Certificate data is specified using a "scheme"; three are currently supported: blob, path and pkcs11 URL. When using the blob scheme this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string "file://" and ending with a terminating NUL byte. This property can be unset even if the EAP method supports CA certificates, but this allows man-in-the-middle attacks and is NOT recommended.

Note that enabling NMSetting8021x:system-ca-certs will override this setting to use the built-in path, if the built-in path is not a directory.

Setting this property directly is discouraged; use the setting8021xSetCaCert function instead.

clearSetting8021xCaCert :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “ca-cert” property to Nothing. When overloading is enabled, this is equivalent to

clear #caCert

constructSetting8021xCaCert :: (IsSetting8021x o, MonadIO m) => Bytes -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “ca-cert” property. This is rarely needed directly, but it is used by new.

getSetting8021xCaCert :: (MonadIO m, IsSetting8021x o) => o -> m (Maybe Bytes) Source #

Get the value of the “ca-cert” property. When overloading is enabled, this is equivalent to

get setting8021x #caCert

setSetting8021xCaCert :: (MonadIO m, IsSetting8021x o) => o -> Bytes -> m () Source #

Set the value of the “ca-cert” property. When overloading is enabled, this is equivalent to

set setting8021x [ #caCert := value ]

caCertPassword

The password used to access the CA certificate stored in Setting8021x:caCert property. Only makes sense if the certificate is stored on a PKCS#<!-- -->11 token that requires a login.

Since: 1.8

clearSetting8021xCaCertPassword :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “ca-cert-password” property to Nothing. When overloading is enabled, this is equivalent to

clear #caCertPassword

constructSetting8021xCaCertPassword :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “ca-cert-password” property. This is rarely needed directly, but it is used by new.

getSetting8021xCaCertPassword :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “ca-cert-password” property. When overloading is enabled, this is equivalent to

get setting8021x #caCertPassword

setSetting8021xCaCertPassword :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “ca-cert-password” property. When overloading is enabled, this is equivalent to

set setting8021x [ #caCertPassword := value ]

caCertPasswordFlags

Flags indicating how to handle the Setting8021x:caCertPassword property.

Since: 1.8

constructSetting8021xCaCertPasswordFlags :: (IsSetting8021x o, MonadIO m) => [SettingSecretFlags] -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “ca-cert-password-flags” property. This is rarely needed directly, but it is used by new.

getSetting8021xCaCertPasswordFlags :: (MonadIO m, IsSetting8021x o) => o -> m [SettingSecretFlags] Source #

Get the value of the “ca-cert-password-flags” property. When overloading is enabled, this is equivalent to

get setting8021x #caCertPasswordFlags

setSetting8021xCaCertPasswordFlags :: (MonadIO m, IsSetting8021x o) => o -> [SettingSecretFlags] -> m () Source #

Set the value of the “ca-cert-password-flags” property. When overloading is enabled, this is equivalent to

set setting8021x [ #caCertPasswordFlags := value ]

caPath

UTF-8 encoded path to a directory containing PEM or DER formatted certificates to be added to the verification chain in addition to the certificate specified in the Setting8021x:caCert property.

If NMSetting8021x:system-ca-certs is enabled and the built-in CA path is an existing directory, then this setting is ignored.

clearSetting8021xCaPath :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “ca-path” property to Nothing. When overloading is enabled, this is equivalent to

clear #caPath

constructSetting8021xCaPath :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “ca-path” property. This is rarely needed directly, but it is used by new.

getSetting8021xCaPath :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “ca-path” property. When overloading is enabled, this is equivalent to

get setting8021x #caPath

setSetting8021xCaPath :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “ca-path” property. When overloading is enabled, this is equivalent to

set setting8021x [ #caPath := value ]

clientCert

Contains the client certificate if used by the EAP method specified in the Setting8021x:eap property.

Certificate data is specified using a "scheme"; two are currently supported: blob and path. When using the blob scheme (which is backwards compatible with NM 0.7.x) this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string "file://" and ending with a terminating NUL byte.

Setting this property directly is discouraged; use the setting8021xSetClientCert function instead.

clearSetting8021xClientCert :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “client-cert” property to Nothing. When overloading is enabled, this is equivalent to

clear #clientCert

constructSetting8021xClientCert :: (IsSetting8021x o, MonadIO m) => Bytes -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “client-cert” property. This is rarely needed directly, but it is used by new.

getSetting8021xClientCert :: (MonadIO m, IsSetting8021x o) => o -> m (Maybe Bytes) Source #

Get the value of the “client-cert” property. When overloading is enabled, this is equivalent to

get setting8021x #clientCert

setSetting8021xClientCert :: (MonadIO m, IsSetting8021x o) => o -> Bytes -> m () Source #

Set the value of the “client-cert” property. When overloading is enabled, this is equivalent to

set setting8021x [ #clientCert := value ]

clientCertPassword

The password used to access the client certificate stored in Setting8021x:clientCert property. Only makes sense if the certificate is stored on a PKCS#<!-- -->11 token that requires a login.

Since: 1.8

clearSetting8021xClientCertPassword :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “client-cert-password” property to Nothing. When overloading is enabled, this is equivalent to

clear #clientCertPassword

constructSetting8021xClientCertPassword :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “client-cert-password” property. This is rarely needed directly, but it is used by new.

getSetting8021xClientCertPassword :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “client-cert-password” property. When overloading is enabled, this is equivalent to

get setting8021x #clientCertPassword

setSetting8021xClientCertPassword :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “client-cert-password” property. When overloading is enabled, this is equivalent to

set setting8021x [ #clientCertPassword := value ]

clientCertPasswordFlags

Flags indicating how to handle the Setting8021x:clientCertPassword property.

Since: 1.8

constructSetting8021xClientCertPasswordFlags :: (IsSetting8021x o, MonadIO m) => [SettingSecretFlags] -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “client-cert-password-flags” property. This is rarely needed directly, but it is used by new.

getSetting8021xClientCertPasswordFlags :: (MonadIO m, IsSetting8021x o) => o -> m [SettingSecretFlags] Source #

Get the value of the “client-cert-password-flags” property. When overloading is enabled, this is equivalent to

get setting8021x #clientCertPasswordFlags

setSetting8021xClientCertPasswordFlags :: (MonadIO m, IsSetting8021x o) => o -> [SettingSecretFlags] -> m () Source #

Set the value of the “client-cert-password-flags” property. When overloading is enabled, this is equivalent to

set setting8021x [ #clientCertPasswordFlags := value ]

domainMatch

Constraint for server domain name. If set, this list of FQDNs is used as a match requirement for dNSName element(s) of the certificate presented by the authentication server. If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using the same comparison. Multiple valid FQDNs can be passed as a ";" delimited list.

Since: 1.24

clearSetting8021xDomainMatch :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “domain-match” property to Nothing. When overloading is enabled, this is equivalent to

clear #domainMatch

constructSetting8021xDomainMatch :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “domain-match” property. This is rarely needed directly, but it is used by new.

getSetting8021xDomainMatch :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “domain-match” property. When overloading is enabled, this is equivalent to

get setting8021x #domainMatch

setSetting8021xDomainMatch :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “domain-match” property. When overloading is enabled, this is equivalent to

set setting8021x [ #domainMatch := value ]

domainSuffixMatch

Constraint for server domain name. If set, this FQDN is used as a suffix match requirement for dNSName element(s) of the certificate presented by the authentication server. If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same suffix match comparison. Since version 1.24, multiple valid FQDNs can be passed as a ";" delimited list.

Since: 1.2

clearSetting8021xDomainSuffixMatch :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “domain-suffix-match” property to Nothing. When overloading is enabled, this is equivalent to

clear #domainSuffixMatch

constructSetting8021xDomainSuffixMatch :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “domain-suffix-match” property. This is rarely needed directly, but it is used by new.

getSetting8021xDomainSuffixMatch :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “domain-suffix-match” property. When overloading is enabled, this is equivalent to

get setting8021x #domainSuffixMatch

setSetting8021xDomainSuffixMatch :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “domain-suffix-match” property. When overloading is enabled, this is equivalent to

set setting8021x [ #domainSuffixMatch := value ]

eap

The allowed EAP method to be used when authenticating to the network with 802.1x. Valid methods are: "leap", "md5", "tls", "peap", "ttls", "pwd", and "fast". Each method requires different configuration using the properties of this setting; refer to wpa_supplicant documentation for the allowed combinations.

clearSetting8021xEap :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “eap” property to Nothing. When overloading is enabled, this is equivalent to

clear #eap

constructSetting8021xEap :: (IsSetting8021x o, MonadIO m) => [Text] -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “eap” property. This is rarely needed directly, but it is used by new.

getSetting8021xEap :: (MonadIO m, IsSetting8021x o) => o -> m (Maybe [Text]) Source #

Get the value of the “eap” property. When overloading is enabled, this is equivalent to

get setting8021x #eap

setSetting8021xEap :: (MonadIO m, IsSetting8021x o) => o -> [Text] -> m () Source #

Set the value of the “eap” property. When overloading is enabled, this is equivalent to

set setting8021x [ #eap := value ]

identity

Identity string for EAP authentication methods. Often the user's user or login name.

clearSetting8021xIdentity :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “identity” property to Nothing. When overloading is enabled, this is equivalent to

clear #identity

constructSetting8021xIdentity :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “identity” property. This is rarely needed directly, but it is used by new.

getSetting8021xIdentity :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “identity” property. When overloading is enabled, this is equivalent to

get setting8021x #identity

setSetting8021xIdentity :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “identity” property. When overloading is enabled, this is equivalent to

set setting8021x [ #identity := value ]

opensslCiphers

Define openssl_ciphers for wpa_supplicant. Openssl sometimes moves ciphers among SECLEVELs, thus compiled-in default value in wpa_supplicant (as modified by some linux distributions) sometimes prevents to connect to old servers that do not support new protocols.

Since: 1.48

clearSetting8021xOpensslCiphers :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “openssl-ciphers” property to Nothing. When overloading is enabled, this is equivalent to

clear #opensslCiphers

constructSetting8021xOpensslCiphers :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “openssl-ciphers” property. This is rarely needed directly, but it is used by new.

getSetting8021xOpensslCiphers :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “openssl-ciphers” property. When overloading is enabled, this is equivalent to

get setting8021x #opensslCiphers

setSetting8021xOpensslCiphers :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “openssl-ciphers” property. When overloading is enabled, this is equivalent to

set setting8021x [ #opensslCiphers := value ]

optional

Whether the 802.1X authentication is optional. If True, the activation will continue even after a timeout or an authentication failure. Setting the property to True is currently allowed only for Ethernet connections. If set to False, the activation can continue only after a successful authentication.

Since: 1.22

constructSetting8021xOptional :: (IsSetting8021x o, MonadIO m) => Bool -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “optional” property. This is rarely needed directly, but it is used by new.

getSetting8021xOptional :: (MonadIO m, IsSetting8021x o) => o -> m Bool Source #

Get the value of the “optional” property. When overloading is enabled, this is equivalent to

get setting8021x #optional

setSetting8021xOptional :: (MonadIO m, IsSetting8021x o) => o -> Bool -> m () Source #

Set the value of the “optional” property. When overloading is enabled, this is equivalent to

set setting8021x [ #optional := value ]

pacFile

UTF-8 encoded file path containing PAC for EAP-FAST.

clearSetting8021xPacFile :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “pac-file” property to Nothing. When overloading is enabled, this is equivalent to

clear #pacFile

constructSetting8021xPacFile :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “pac-file” property. This is rarely needed directly, but it is used by new.

getSetting8021xPacFile :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “pac-file” property. When overloading is enabled, this is equivalent to

get setting8021x #pacFile

setSetting8021xPacFile :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “pac-file” property. When overloading is enabled, this is equivalent to

set setting8021x [ #pacFile := value ]

password

UTF-8 encoded password used for EAP authentication methods. If both the Setting8021x:password property and the Setting8021x:passwordRaw property are specified, Setting8021x:password is preferred.

clearSetting8021xPassword :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “password” property to Nothing. When overloading is enabled, this is equivalent to

clear #password

constructSetting8021xPassword :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “password” property. This is rarely needed directly, but it is used by new.

getSetting8021xPassword :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “password” property. When overloading is enabled, this is equivalent to

get setting8021x #password

setSetting8021xPassword :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “password” property. When overloading is enabled, this is equivalent to

set setting8021x [ #password := value ]

passwordFlags

Flags indicating how to handle the Setting8021x:password property.

constructSetting8021xPasswordFlags :: (IsSetting8021x o, MonadIO m) => [SettingSecretFlags] -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “password-flags” property. This is rarely needed directly, but it is used by new.

getSetting8021xPasswordFlags :: (MonadIO m, IsSetting8021x o) => o -> m [SettingSecretFlags] Source #

Get the value of the “password-flags” property. When overloading is enabled, this is equivalent to

get setting8021x #passwordFlags

setSetting8021xPasswordFlags :: (MonadIO m, IsSetting8021x o) => o -> [SettingSecretFlags] -> m () Source #

Set the value of the “password-flags” property. When overloading is enabled, this is equivalent to

set setting8021x [ #passwordFlags := value ]

passwordRaw

Password used for EAP authentication methods, given as a byte array to allow passwords in other encodings than UTF-8 to be used. If both the Setting8021x:password property and the Setting8021x:passwordRaw property are specified, Setting8021x:password is preferred.

clearSetting8021xPasswordRaw :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “password-raw” property to Nothing. When overloading is enabled, this is equivalent to

clear #passwordRaw

constructSetting8021xPasswordRaw :: (IsSetting8021x o, MonadIO m) => Bytes -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “password-raw” property. This is rarely needed directly, but it is used by new.

getSetting8021xPasswordRaw :: (MonadIO m, IsSetting8021x o) => o -> m Bytes Source #

Get the value of the “password-raw” property. When overloading is enabled, this is equivalent to

get setting8021x #passwordRaw

setSetting8021xPasswordRaw :: (MonadIO m, IsSetting8021x o) => o -> Bytes -> m () Source #

Set the value of the “password-raw” property. When overloading is enabled, this is equivalent to

set setting8021x [ #passwordRaw := value ]

passwordRawFlags

Flags indicating how to handle the Setting8021x:passwordRaw property.

constructSetting8021xPasswordRawFlags :: (IsSetting8021x o, MonadIO m) => [SettingSecretFlags] -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “password-raw-flags” property. This is rarely needed directly, but it is used by new.

getSetting8021xPasswordRawFlags :: (MonadIO m, IsSetting8021x o) => o -> m [SettingSecretFlags] Source #

Get the value of the “password-raw-flags” property. When overloading is enabled, this is equivalent to

get setting8021x #passwordRawFlags

setSetting8021xPasswordRawFlags :: (MonadIO m, IsSetting8021x o) => o -> [SettingSecretFlags] -> m () Source #

Set the value of the “password-raw-flags” property. When overloading is enabled, this is equivalent to

set setting8021x [ #passwordRawFlags := value ]

phase1AuthFlags

Specifies authentication flags to use in "phase 1" outer authentication using Setting8021xAuthFlags options. The individual TLS versions can be explicitly disabled. TLS time checks can be also disabled. If a certain TLS disable flag is not set, it is up to the supplicant to allow or forbid it. The TLS options map to tls_disable_tlsv1_x and tls_disable_time_checks settings. See the wpa_supplicant documentation for more details.

Since: 1.8

constructSetting8021xPhase1AuthFlags :: (IsSetting8021x o, MonadIO m) => Word32 -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase1-auth-flags” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase1AuthFlags :: (MonadIO m, IsSetting8021x o) => o -> m Word32 Source #

Get the value of the “phase1-auth-flags” property. When overloading is enabled, this is equivalent to

get setting8021x #phase1AuthFlags

setSetting8021xPhase1AuthFlags :: (MonadIO m, IsSetting8021x o) => o -> Word32 -> m () Source #

Set the value of the “phase1-auth-flags” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase1AuthFlags := value ]

phase1FastProvisioning

Enables or disables in-line provisioning of EAP-FAST credentials when FAST is specified as the EAP method in the Setting8021x:eap property. Recognized values are "0" (disabled), "1" (allow unauthenticated provisioning), "2" (allow authenticated provisioning), and "3" (allow both authenticated and unauthenticated provisioning). See the wpa_supplicant documentation for more details.

clearSetting8021xPhase1FastProvisioning :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “phase1-fast-provisioning” property to Nothing. When overloading is enabled, this is equivalent to

clear #phase1FastProvisioning

constructSetting8021xPhase1FastProvisioning :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase1-fast-provisioning” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase1FastProvisioning :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “phase1-fast-provisioning” property. When overloading is enabled, this is equivalent to

get setting8021x #phase1FastProvisioning

setSetting8021xPhase1FastProvisioning :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “phase1-fast-provisioning” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase1FastProvisioning := value ]

phase1Peaplabel

Forces use of the new PEAP label during key derivation. Some RADIUS servers may require forcing the new PEAP label to interoperate with PEAPv1. Set to "1" to force use of the new PEAP label. See the wpa_supplicant documentation for more details.

clearSetting8021xPhase1Peaplabel :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “phase1-peaplabel” property to Nothing. When overloading is enabled, this is equivalent to

clear #phase1Peaplabel

constructSetting8021xPhase1Peaplabel :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase1-peaplabel” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase1Peaplabel :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “phase1-peaplabel” property. When overloading is enabled, this is equivalent to

get setting8021x #phase1Peaplabel

setSetting8021xPhase1Peaplabel :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “phase1-peaplabel” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase1Peaplabel := value ]

phase1Peapver

Forces which PEAP version is used when PEAP is set as the EAP method in the Setting8021x:eap property. When unset, the version reported by the server will be used. Sometimes when using older RADIUS servers, it is necessary to force the client to use a particular PEAP version. To do so, this property may be set to "0" or "1" to force that specific PEAP version.

clearSetting8021xPhase1Peapver :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “phase1-peapver” property to Nothing. When overloading is enabled, this is equivalent to

clear #phase1Peapver

constructSetting8021xPhase1Peapver :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase1-peapver” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase1Peapver :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “phase1-peapver” property. When overloading is enabled, this is equivalent to

get setting8021x #phase1Peapver

setSetting8021xPhase1Peapver :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “phase1-peapver” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase1Peapver := value ]

phase2AltsubjectMatches

List of strings to be matched against the altSubjectName of the certificate presented by the authentication server during the inner "phase 2" authentication. If the list is empty, no verification of the server certificate's altSubjectName is performed.

clearSetting8021xPhase2AltsubjectMatches :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “phase2-altsubject-matches” property to Nothing. When overloading is enabled, this is equivalent to

clear #phase2AltsubjectMatches

constructSetting8021xPhase2AltsubjectMatches :: (IsSetting8021x o, MonadIO m) => [Text] -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase2-altsubject-matches” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase2AltsubjectMatches :: (MonadIO m, IsSetting8021x o) => o -> m (Maybe [Text]) Source #

Get the value of the “phase2-altsubject-matches” property. When overloading is enabled, this is equivalent to

get setting8021x #phase2AltsubjectMatches

setSetting8021xPhase2AltsubjectMatches :: (MonadIO m, IsSetting8021x o) => o -> [Text] -> m () Source #

Set the value of the “phase2-altsubject-matches” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase2AltsubjectMatches := value ]

phase2Auth

Specifies the allowed "phase 2" inner authentication method when an EAP method that uses an inner TLS tunnel is specified in the Setting8021x:eap property. For TTLS this property selects one of the supported non-EAP inner methods: "pap", "chap", "mschap", "mschapv2" while Setting8021x:phase2Autheap selects an EAP inner method. For PEAP this selects an inner EAP method, one of: "gtc", "otp", "md5" and "tls". Each "phase 2" inner method requires specific parameters for successful authentication; see the wpa_supplicant documentation for more details. Both Setting8021x:phase2Auth and Setting8021x:phase2Autheap cannot be specified.

clearSetting8021xPhase2Auth :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “phase2-auth” property to Nothing. When overloading is enabled, this is equivalent to

clear #phase2Auth

constructSetting8021xPhase2Auth :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase2-auth” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase2Auth :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “phase2-auth” property. When overloading is enabled, this is equivalent to

get setting8021x #phase2Auth

setSetting8021xPhase2Auth :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “phase2-auth” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase2Auth := value ]

phase2Autheap

Specifies the allowed "phase 2" inner EAP-based authentication method when TTLS is specified in the Setting8021x:eap property. Recognized EAP-based "phase 2" methods are "md5", "mschapv2", "otp", "gtc", and "tls". Each "phase 2" inner method requires specific parameters for successful authentication; see the wpa_supplicant documentation for more details.

clearSetting8021xPhase2Autheap :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “phase2-autheap” property to Nothing. When overloading is enabled, this is equivalent to

clear #phase2Autheap

constructSetting8021xPhase2Autheap :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase2-autheap” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase2Autheap :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “phase2-autheap” property. When overloading is enabled, this is equivalent to

get setting8021x #phase2Autheap

setSetting8021xPhase2Autheap :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “phase2-autheap” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase2Autheap := value ]

phase2CaCert

Contains the "phase 2" CA certificate if used by the EAP method specified in the Setting8021x:phase2Auth or Setting8021x:phase2Autheap properties.

Certificate data is specified using a "scheme"; three are currently supported: blob, path and pkcs11 URL. When using the blob scheme this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string "file://" and ending with a terminating NUL byte. This property can be unset even if the EAP method supports CA certificates, but this allows man-in-the-middle attacks and is NOT recommended.

Note that enabling NMSetting8021x:system-ca-certs will override this setting to use the built-in path, if the built-in path is not a directory.

Setting this property directly is discouraged; use the setting8021xSetPhase2CaCert function instead.

clearSetting8021xPhase2CaCert :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “phase2-ca-cert” property to Nothing. When overloading is enabled, this is equivalent to

clear #phase2CaCert

constructSetting8021xPhase2CaCert :: (IsSetting8021x o, MonadIO m) => Bytes -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase2-ca-cert” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase2CaCert :: (MonadIO m, IsSetting8021x o) => o -> m (Maybe Bytes) Source #

Get the value of the “phase2-ca-cert” property. When overloading is enabled, this is equivalent to

get setting8021x #phase2CaCert

setSetting8021xPhase2CaCert :: (MonadIO m, IsSetting8021x o) => o -> Bytes -> m () Source #

Set the value of the “phase2-ca-cert” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase2CaCert := value ]

phase2CaCertPassword

The password used to access the "phase2" CA certificate stored in Setting8021x:phase2CaCert property. Only makes sense if the certificate is stored on a PKCS#<!-- -->11 token that requires a login.

Since: 1.8

clearSetting8021xPhase2CaCertPassword :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “phase2-ca-cert-password” property to Nothing. When overloading is enabled, this is equivalent to

clear #phase2CaCertPassword

constructSetting8021xPhase2CaCertPassword :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase2-ca-cert-password” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase2CaCertPassword :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “phase2-ca-cert-password” property. When overloading is enabled, this is equivalent to

get setting8021x #phase2CaCertPassword

setSetting8021xPhase2CaCertPassword :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “phase2-ca-cert-password” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase2CaCertPassword := value ]

phase2CaCertPasswordFlags

Flags indicating how to handle the Setting8021x:phase2CaCertPassword property.

Since: 1.8

constructSetting8021xPhase2CaCertPasswordFlags :: (IsSetting8021x o, MonadIO m) => [SettingSecretFlags] -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase2-ca-cert-password-flags” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase2CaCertPasswordFlags :: (MonadIO m, IsSetting8021x o) => o -> m [SettingSecretFlags] Source #

Get the value of the “phase2-ca-cert-password-flags” property. When overloading is enabled, this is equivalent to

get setting8021x #phase2CaCertPasswordFlags

setSetting8021xPhase2CaCertPasswordFlags :: (MonadIO m, IsSetting8021x o) => o -> [SettingSecretFlags] -> m () Source #

Set the value of the “phase2-ca-cert-password-flags” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase2CaCertPasswordFlags := value ]

phase2CaPath

UTF-8 encoded path to a directory containing PEM or DER formatted certificates to be added to the verification chain in addition to the certificate specified in the Setting8021x:phase2CaCert property.

If NMSetting8021x:system-ca-certs is enabled and the built-in CA path is an existing directory, then this setting is ignored.

clearSetting8021xPhase2CaPath :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “phase2-ca-path” property to Nothing. When overloading is enabled, this is equivalent to

clear #phase2CaPath

constructSetting8021xPhase2CaPath :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase2-ca-path” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase2CaPath :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “phase2-ca-path” property. When overloading is enabled, this is equivalent to

get setting8021x #phase2CaPath

setSetting8021xPhase2CaPath :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “phase2-ca-path” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase2CaPath := value ]

phase2ClientCert

Contains the "phase 2" client certificate if used by the EAP method specified in the Setting8021x:phase2Auth or Setting8021x:phase2Autheap properties.

Certificate data is specified using a "scheme"; two are currently supported: blob and path. When using the blob scheme (which is backwards compatible with NM 0.7.x) this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string "file://" and ending with a terminating NUL byte. This property can be unset even if the EAP method supports CA certificates, but this allows man-in-the-middle attacks and is NOT recommended.

Setting this property directly is discouraged; use the setting8021xSetPhase2ClientCert function instead.

clearSetting8021xPhase2ClientCert :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “phase2-client-cert” property to Nothing. When overloading is enabled, this is equivalent to

clear #phase2ClientCert

constructSetting8021xPhase2ClientCert :: (IsSetting8021x o, MonadIO m) => Bytes -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase2-client-cert” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase2ClientCert :: (MonadIO m, IsSetting8021x o) => o -> m (Maybe Bytes) Source #

Get the value of the “phase2-client-cert” property. When overloading is enabled, this is equivalent to

get setting8021x #phase2ClientCert

setSetting8021xPhase2ClientCert :: (MonadIO m, IsSetting8021x o) => o -> Bytes -> m () Source #

Set the value of the “phase2-client-cert” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase2ClientCert := value ]

phase2ClientCertPassword

The password used to access the "phase2" client certificate stored in Setting8021x:phase2ClientCert property. Only makes sense if the certificate is stored on a PKCS#<!-- -->11 token that requires a login.

Since: 1.8

clearSetting8021xPhase2ClientCertPassword :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “phase2-client-cert-password” property to Nothing. When overloading is enabled, this is equivalent to

clear #phase2ClientCertPassword

constructSetting8021xPhase2ClientCertPassword :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase2-client-cert-password” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase2ClientCertPassword :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “phase2-client-cert-password” property. When overloading is enabled, this is equivalent to

get setting8021x #phase2ClientCertPassword

setSetting8021xPhase2ClientCertPassword :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “phase2-client-cert-password” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase2ClientCertPassword := value ]

phase2ClientCertPasswordFlags

Flags indicating how to handle the Setting8021x:phase2ClientCertPassword property.

Since: 1.8

constructSetting8021xPhase2ClientCertPasswordFlags :: (IsSetting8021x o, MonadIO m) => [SettingSecretFlags] -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase2-client-cert-password-flags” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase2ClientCertPasswordFlags :: (MonadIO m, IsSetting8021x o) => o -> m [SettingSecretFlags] Source #

Get the value of the “phase2-client-cert-password-flags” property. When overloading is enabled, this is equivalent to

get setting8021x #phase2ClientCertPasswordFlags

setSetting8021xPhase2ClientCertPasswordFlags :: (MonadIO m, IsSetting8021x o) => o -> [SettingSecretFlags] -> m () Source #

Set the value of the “phase2-client-cert-password-flags” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase2ClientCertPasswordFlags := value ]

phase2DomainMatch

Constraint for server domain name. If set, this list of FQDNs is used as a match requirement for dNSName element(s) of the certificate presented by the authentication server during the inner "phase 2" authentication. If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using the same comparison. Multiple valid FQDNs can be passed as a ";" delimited list.

Since: 1.24

clearSetting8021xPhase2DomainMatch :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “phase2-domain-match” property to Nothing. When overloading is enabled, this is equivalent to

clear #phase2DomainMatch

constructSetting8021xPhase2DomainMatch :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase2-domain-match” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase2DomainMatch :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “phase2-domain-match” property. When overloading is enabled, this is equivalent to

get setting8021x #phase2DomainMatch

setSetting8021xPhase2DomainMatch :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “phase2-domain-match” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase2DomainMatch := value ]

phase2DomainSuffixMatch

Constraint for server domain name. If set, this FQDN is used as a suffix match requirement for dNSName element(s) of the certificate presented by the authentication server during the inner "phase 2" authentication. If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same suffix match comparison. Since version 1.24, multiple valid FQDNs can be passed as a ";" delimited list.

Since: 1.2

clearSetting8021xPhase2DomainSuffixMatch :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “phase2-domain-suffix-match” property to Nothing. When overloading is enabled, this is equivalent to

clear #phase2DomainSuffixMatch

constructSetting8021xPhase2DomainSuffixMatch :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase2-domain-suffix-match” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase2DomainSuffixMatch :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “phase2-domain-suffix-match” property. When overloading is enabled, this is equivalent to

get setting8021x #phase2DomainSuffixMatch

setSetting8021xPhase2DomainSuffixMatch :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “phase2-domain-suffix-match” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase2DomainSuffixMatch := value ]

phase2PrivateKey

Contains the "phase 2" inner private key when the Setting8021x:phase2Auth or Setting8021x:phase2Autheap property is set to "tls".

Key data is specified using a "scheme"; two are currently supported: blob and path. When using the blob scheme and private keys, this property should be set to the key's encrypted PEM encoded data. When using private keys with the path scheme, this property should be set to the full UTF-8 encoded path of the key, prefixed with the string "file://" and ending with a terminating NUL byte. When using PKCS#<!-- -->12 format private keys and the blob scheme, this property should be set to the PKCS#<!-- -->12 data and the Setting8021x:phase2PrivateKeyPassword property must be set to password used to decrypt the PKCS#<!-- -->12 certificate and key. When using PKCS#<!-- -->12 files and the path scheme, this property should be set to the full UTF-8 encoded path of the key, prefixed with the string "file://" and ending with a terminating NUL byte, and as with the blob scheme the Setting8021x:phase2PrivateKeyPassword property must be set to the password used to decode the PKCS#<!-- -->12 private key and certificate.

Setting this property directly is discouraged; use the setting8021xSetPhase2PrivateKey function instead.

clearSetting8021xPhase2PrivateKey :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “phase2-private-key” property to Nothing. When overloading is enabled, this is equivalent to

clear #phase2PrivateKey

constructSetting8021xPhase2PrivateKey :: (IsSetting8021x o, MonadIO m) => Bytes -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase2-private-key” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase2PrivateKey :: (MonadIO m, IsSetting8021x o) => o -> m (Maybe Bytes) Source #

Get the value of the “phase2-private-key” property. When overloading is enabled, this is equivalent to

get setting8021x #phase2PrivateKey

setSetting8021xPhase2PrivateKey :: (MonadIO m, IsSetting8021x o) => o -> Bytes -> m () Source #

Set the value of the “phase2-private-key” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase2PrivateKey := value ]

phase2PrivateKeyPassword

The password used to decrypt the "phase 2" private key specified in the Setting8021x:phase2PrivateKey property when the private key either uses the path scheme, or is a PKCS#<!-- -->12 format key. Setting this property directly is not generally necessary except when returning secrets to NetworkManager; it is generally set automatically when setting the private key by the setting8021xSetPhase2PrivateKey function.

clearSetting8021xPhase2PrivateKeyPassword :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “phase2-private-key-password” property to Nothing. When overloading is enabled, this is equivalent to

clear #phase2PrivateKeyPassword

constructSetting8021xPhase2PrivateKeyPassword :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase2-private-key-password” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase2PrivateKeyPassword :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “phase2-private-key-password” property. When overloading is enabled, this is equivalent to

get setting8021x #phase2PrivateKeyPassword

setSetting8021xPhase2PrivateKeyPassword :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “phase2-private-key-password” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase2PrivateKeyPassword := value ]

phase2PrivateKeyPasswordFlags

Flags indicating how to handle the Setting8021x:phase2PrivateKeyPassword property.

constructSetting8021xPhase2PrivateKeyPasswordFlags :: (IsSetting8021x o, MonadIO m) => [SettingSecretFlags] -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase2-private-key-password-flags” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase2PrivateKeyPasswordFlags :: (MonadIO m, IsSetting8021x o) => o -> m [SettingSecretFlags] Source #

Get the value of the “phase2-private-key-password-flags” property. When overloading is enabled, this is equivalent to

get setting8021x #phase2PrivateKeyPasswordFlags

setSetting8021xPhase2PrivateKeyPasswordFlags :: (MonadIO m, IsSetting8021x o) => o -> [SettingSecretFlags] -> m () Source #

Set the value of the “phase2-private-key-password-flags” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase2PrivateKeyPasswordFlags := value ]

phase2SubjectMatch

Substring to be matched against the subject of the certificate presented by the authentication server during the inner "phase 2" authentication. When unset, no verification of the authentication server certificate's subject is performed. This property provides little security, if any, and should not be used.

clearSetting8021xPhase2SubjectMatch :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “phase2-subject-match” property to Nothing. When overloading is enabled, this is equivalent to

clear #phase2SubjectMatch

constructSetting8021xPhase2SubjectMatch :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “phase2-subject-match” property. This is rarely needed directly, but it is used by new.

getSetting8021xPhase2SubjectMatch :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “phase2-subject-match” property. When overloading is enabled, this is equivalent to

get setting8021x #phase2SubjectMatch

setSetting8021xPhase2SubjectMatch :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “phase2-subject-match” property. When overloading is enabled, this is equivalent to

set setting8021x [ #phase2SubjectMatch := value ]

pin

PIN used for EAP authentication methods.

clearSetting8021xPin :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “pin” property to Nothing. When overloading is enabled, this is equivalent to

clear #pin

constructSetting8021xPin :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “pin” property. This is rarely needed directly, but it is used by new.

getSetting8021xPin :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “pin” property. When overloading is enabled, this is equivalent to

get setting8021x #pin

setSetting8021xPin :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “pin” property. When overloading is enabled, this is equivalent to

set setting8021x [ #pin := value ]

pinFlags

Flags indicating how to handle the Setting8021x:pin property.

constructSetting8021xPinFlags :: (IsSetting8021x o, MonadIO m) => [SettingSecretFlags] -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “pin-flags” property. This is rarely needed directly, but it is used by new.

getSetting8021xPinFlags :: (MonadIO m, IsSetting8021x o) => o -> m [SettingSecretFlags] Source #

Get the value of the “pin-flags” property. When overloading is enabled, this is equivalent to

get setting8021x #pinFlags

setSetting8021xPinFlags :: (MonadIO m, IsSetting8021x o) => o -> [SettingSecretFlags] -> m () Source #

Set the value of the “pin-flags” property. When overloading is enabled, this is equivalent to

set setting8021x [ #pinFlags := value ]

privateKey

Contains the private key when the Setting8021x:eap property is set to "tls".

Key data is specified using a "scheme"; two are currently supported: blob and path. When using the blob scheme and private keys, this property should be set to the key's encrypted PEM encoded data. When using private keys with the path scheme, this property should be set to the full UTF-8 encoded path of the key, prefixed with the string "file://" and ending with a terminating NUL byte. When using PKCS#<!-- -->12 format private keys and the blob scheme, this property should be set to the PKCS#<!-- -->12 data and the Setting8021x:privateKeyPassword property must be set to password used to decrypt the PKCS#<!-- -->12 certificate and key. When using PKCS#<!-- -->12 files and the path scheme, this property should be set to the full UTF-8 encoded path of the key, prefixed with the string "file://" and ending with a terminating NUL byte, and as with the blob scheme the "private-key-password" property must be set to the password used to decode the PKCS#<!-- -->12 private key and certificate.

Setting this property directly is discouraged; use the setting8021xSetPrivateKey function instead.

WARNING: Setting8021x:privateKey is not a "secret" property, and thus unencrypted private key data using the BLOB scheme may be readable by unprivileged users. Private keys should always be encrypted with a private key password to prevent unauthorized access to unencrypted private key data.

clearSetting8021xPrivateKey :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “private-key” property to Nothing. When overloading is enabled, this is equivalent to

clear #privateKey

constructSetting8021xPrivateKey :: (IsSetting8021x o, MonadIO m) => Bytes -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “private-key” property. This is rarely needed directly, but it is used by new.

getSetting8021xPrivateKey :: (MonadIO m, IsSetting8021x o) => o -> m (Maybe Bytes) Source #

Get the value of the “private-key” property. When overloading is enabled, this is equivalent to

get setting8021x #privateKey

setSetting8021xPrivateKey :: (MonadIO m, IsSetting8021x o) => o -> Bytes -> m () Source #

Set the value of the “private-key” property. When overloading is enabled, this is equivalent to

set setting8021x [ #privateKey := value ]

privateKeyPassword

The password used to decrypt the private key specified in the Setting8021x:privateKey property when the private key either uses the path scheme, or if the private key is a PKCS#<!-- -->12 format key. Setting this property directly is not generally necessary except when returning secrets to NetworkManager; it is generally set automatically when setting the private key by the setting8021xSetPrivateKey function.

clearSetting8021xPrivateKeyPassword :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “private-key-password” property to Nothing. When overloading is enabled, this is equivalent to

clear #privateKeyPassword

constructSetting8021xPrivateKeyPassword :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “private-key-password” property. This is rarely needed directly, but it is used by new.

getSetting8021xPrivateKeyPassword :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “private-key-password” property. When overloading is enabled, this is equivalent to

get setting8021x #privateKeyPassword

setSetting8021xPrivateKeyPassword :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “private-key-password” property. When overloading is enabled, this is equivalent to

set setting8021x [ #privateKeyPassword := value ]

privateKeyPasswordFlags

Flags indicating how to handle the Setting8021x:privateKeyPassword property.

constructSetting8021xPrivateKeyPasswordFlags :: (IsSetting8021x o, MonadIO m) => [SettingSecretFlags] -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “private-key-password-flags” property. This is rarely needed directly, but it is used by new.

getSetting8021xPrivateKeyPasswordFlags :: (MonadIO m, IsSetting8021x o) => o -> m [SettingSecretFlags] Source #

Get the value of the “private-key-password-flags” property. When overloading is enabled, this is equivalent to

get setting8021x #privateKeyPasswordFlags

setSetting8021xPrivateKeyPasswordFlags :: (MonadIO m, IsSetting8021x o) => o -> [SettingSecretFlags] -> m () Source #

Set the value of the “private-key-password-flags” property. When overloading is enabled, this is equivalent to

set setting8021x [ #privateKeyPasswordFlags := value ]

subjectMatch

Substring to be matched against the subject of the certificate presented by the authentication server. When unset, no verification of the authentication server certificate's subject is performed. This property provides little security, if any, and should not be used.

clearSetting8021xSubjectMatch :: (MonadIO m, IsSetting8021x o) => o -> m () Source #

Set the value of the “subject-match” property to Nothing. When overloading is enabled, this is equivalent to

clear #subjectMatch

constructSetting8021xSubjectMatch :: (IsSetting8021x o, MonadIO m) => Text -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “subject-match” property. This is rarely needed directly, but it is used by new.

getSetting8021xSubjectMatch :: (MonadIO m, IsSetting8021x o) => o -> m Text Source #

Get the value of the “subject-match” property. When overloading is enabled, this is equivalent to

get setting8021x #subjectMatch

setSetting8021xSubjectMatch :: (MonadIO m, IsSetting8021x o) => o -> Text -> m () Source #

Set the value of the “subject-match” property. When overloading is enabled, this is equivalent to

set setting8021x [ #subjectMatch := value ]

systemCaCerts

When True, overrides the Setting8021x:caPath and Setting8021x:phase2CaPath properties using the system CA directory specified at configure time with the --system-ca-path switch. The certificates in this directory are added to the verification chain in addition to any certificates specified by the Setting8021x:caCert and Setting8021x:phase2CaCert properties. If the path provided with --system-ca-path is rather a file name (bundle of trusted CA certificates), it overrides Setting8021x:caCert and Setting8021x:phase2CaCert properties instead (sets ca_cert/ca_cert2 options for wpa_supplicant).

constructSetting8021xSystemCaCerts :: (IsSetting8021x o, MonadIO m) => Bool -> m (GValueConstruct o) Source #

Construct a GValueConstruct with valid value for the “system-ca-certs” property. This is rarely needed directly, but it is used by new.

getSetting8021xSystemCaCerts :: (MonadIO m, IsSetting8021x o) => o -> m Bool Source #

Get the value of the “system-ca-certs” property. When overloading is enabled, this is equivalent to

get setting8021x #systemCaCerts

setSetting8021xSystemCaCerts :: (MonadIO m, IsSetting8021x o) => o -> Bool -> m () Source #

Set the value of the “system-ca-certs” property. When overloading is enabled, this is equivalent to

set setting8021x [ #systemCaCerts := value ]