Optionalproperties: Partial<NM.Setting8021x.ConstructorProps>Internal$signalsCompile-time signal type information.
This instance property is generated only for TypeScript type checking. It is not defined at runtime and should not be accessed in JS code.
Static$gtypeList of strings to be matched against the altSubjectName of the certificate presented by the authentication server. If the list is empty, no verification of the server certificate's altSubjectName is performed.
List of strings to be matched against the altSubjectName of the certificate presented by the authentication server. If the list is empty, no verification of the server certificate's altSubjectName is performed.
Anonymous identity string for EAP authentication methods. Used as the unencrypted identity with EAP types that support different tunneled identity like EAP-TTLS.
Anonymous identity string for EAP authentication methods. Used as the unencrypted identity with EAP types that support different tunneled identity like EAP-TTLS.
Since 1.8auth_Since 1.8authContains the CA certificate if used by the EAP method specified in the NM.Setting8021x.eap property.
Certificate data is specified using a "scheme"; three are currently supported: blob, path and pkcs#11 URL. When using the blob scheme this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string "file://" and ending with a terminating NUL byte. This property can be unset even if the EAP method supports CA certificates, but this allows man-in-the-middle attacks and is NOT recommended.
Note that enabling NMSetting8021x:system-ca-certs will override this setting to use the built-in path, if the built-in path is not a directory.
Setting this property directly is discouraged; use the
nm_setting_802_1x_set_ca_cert() function instead.
Since 1.8ca_The password used to access the CA certificate stored in NM.Setting8021x.ca_cert property. Only makes sense if the certificate is stored on a PKCS#11 token that requires a login.
Since 1.8ca_Flags indicating how to handle the NM.Setting8021x.ca_cert_password property.
UTF-8 encoded path to a directory containing PEM or DER formatted certificates to be added to the verification chain in addition to the certificate specified in the NM.Setting8021x.ca_cert property.
If NMSetting8021x:system-ca-certs is enabled and the built-in CA path is an existing directory, then this setting is ignored.
Contains the CA certificate if used by the EAP method specified in the NM.Setting8021x.eap property.
Certificate data is specified using a "scheme"; three are currently supported: blob, path and pkcs#11 URL. When using the blob scheme this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string "file://" and ending with a terminating NUL byte. This property can be unset even if the EAP method supports CA certificates, but this allows man-in-the-middle attacks and is NOT recommended.
Note that enabling NMSetting8021x:system-ca-certs will override this setting to use the built-in path, if the built-in path is not a directory.
Setting this property directly is discouraged; use the
nm_setting_802_1x_set_ca_cert() function instead.
Since 1.8caThe password used to access the CA certificate stored in NM.Setting8021x.ca_cert property. Only makes sense if the certificate is stored on a PKCS#11 token that requires a login.
Since 1.8caFlags indicating how to handle the NM.Setting8021x.ca_cert_password property.
UTF-8 encoded path to a directory containing PEM or DER formatted certificates to be added to the verification chain in addition to the certificate specified in the NM.Setting8021x.ca_cert property.
If NMSetting8021x:system-ca-certs is enabled and the built-in CA path is an existing directory, then this setting is ignored.
Contains the client certificate if used by the EAP method specified in the NM.Setting8021x.eap property.
Certificate data is specified using a "scheme"; two are currently supported: blob and path. When using the blob scheme (which is backwards compatible with NM 0.7.x) this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string "file://" and ending with a terminating NUL byte.
Setting this property directly is discouraged; use the
nm_setting_802_1x_set_client_cert() function instead.
Since 1.8client_The password used to access the client certificate stored in NM.Setting8021x.client_cert property. Only makes sense if the certificate is stored on a PKCS#11 token that requires a login.
Since 1.8client_Flags indicating how to handle the NM.Setting8021x.client_cert_password property.
Contains the client certificate if used by the EAP method specified in the NM.Setting8021x.eap property.
Certificate data is specified using a "scheme"; two are currently supported: blob and path. When using the blob scheme (which is backwards compatible with NM 0.7.x) this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string "file://" and ending with a terminating NUL byte.
Setting this property directly is discouraged; use the
nm_setting_802_1x_set_client_cert() function instead.
Since 1.8clientThe password used to access the client certificate stored in NM.Setting8021x.client_cert property. Only makes sense if the certificate is stored on a PKCS#11 token that requires a login.
Since 1.8clientFlags indicating how to handle the NM.Setting8021x.client_cert_password property.
Since 1.24domain_Constraint for server domain name. If set, this list of FQDNs is used as a match requirement for dNSName element(s) of the certificate presented by the authentication server. If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using the same comparison. Multiple valid FQDNs can be passed as a ";" delimited list.
Since 1.2domain_Constraint for server domain name. If set, this FQDN is used as a suffix match requirement for dNSName element(s) of the certificate presented by the authentication server. If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same suffix match comparison. Since version 1.24, multiple valid FQDNs can be passed as a ";" delimited list.
Since 1.24domainConstraint for server domain name. If set, this list of FQDNs is used as a match requirement for dNSName element(s) of the certificate presented by the authentication server. If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using the same comparison. Multiple valid FQDNs can be passed as a ";" delimited list.
Since 1.2domainConstraint for server domain name. If set, this FQDN is used as a suffix match requirement for dNSName element(s) of the certificate presented by the authentication server. If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same suffix match comparison. Since version 1.24, multiple valid FQDNs can be passed as a ";" delimited list.
The allowed EAP method to be used when authenticating to the network with 802.1x. Valid methods are: "leap", "md5", "tls", "peap", "ttls", "pwd", and "fast". Each method requires different configuration using the properties of this setting; refer to wpa_supplicant documentation for the allowed combinations.
Identity string for EAP authentication methods. Often the user's user or login name.
Since 1.48openssl_Since 1.48opensslSince 1.22optionalWhether the 802.1X authentication is optional. If true, the activation
will continue even after a timeout or an authentication failure. Setting
the property to true is currently allowed only for Ethernet connections.
If set to false, the activation can continue only after a successful
authentication.
UTF-8 encoded file path containing PAC for EAP-FAST.
UTF-8 encoded file path containing PAC for EAP-FAST.
UTF-8 encoded password used for EAP authentication methods. If both the NM.Setting8021x.password property and the NM.Setting8021x.password_raw property are specified, NM.Setting8021x.password is preferred.
Flags indicating how to handle the NM.Setting8021x.password property.
Password used for EAP authentication methods, given as a byte array to allow passwords in other encodings than UTF-8 to be used. If both the NM.Setting8021x.password property and the NM.Setting8021x.password_raw property are specified, NM.Setting8021x.password is preferred.
Flags indicating how to handle the NM.Setting8021x.password_raw property.
Flags indicating how to handle the NM.Setting8021x.password property.
Password used for EAP authentication methods, given as a byte array to allow passwords in other encodings than UTF-8 to be used. If both the NM.Setting8021x.password property and the NM.Setting8021x.password_raw property are specified, NM.Setting8021x.password is preferred.
Flags indicating how to handle the NM.Setting8021x.password_raw property.
Since 1.8phase1_Specifies authentication flags to use in "phase 1" outer authentication using NM.Setting8021xAuthFlags options. The individual TLS versions can be explicitly disabled. TLS time checks can be also disabled. If a certain TLS disable flag is not set, it is up to the supplicant to allow or forbid it. The TLS options map to tls_disable_tlsv1_x and tls_disable_time_checks settings. See the wpa_supplicant documentation for more details.
Enables or disables in-line provisioning of EAP-FAST credentials when FAST is specified as the EAP method in the NM.Setting8021x.eap property. Recognized values are "0" (disabled), "1" (allow unauthenticated provisioning), "2" (allow authenticated provisioning), and "3" (allow both authenticated and unauthenticated provisioning). See the wpa_supplicant documentation for more details.
Forces use of the new PEAP label during key derivation. Some RADIUS servers may require forcing the new PEAP label to interoperate with PEAPv1. Set to "1" to force use of the new PEAP label. See the wpa_supplicant documentation for more details.
Forces which PEAP version is used when PEAP is set as the EAP method in the NM.Setting8021x.eap property. When unset, the version reported by the server will be used. Sometimes when using older RADIUS servers, it is necessary to force the client to use a particular PEAP version. To do so, this property may be set to "0" or "1" to force that specific PEAP version.
Since 1.8phase1Specifies authentication flags to use in "phase 1" outer authentication using NM.Setting8021xAuthFlags options. The individual TLS versions can be explicitly disabled. TLS time checks can be also disabled. If a certain TLS disable flag is not set, it is up to the supplicant to allow or forbid it. The TLS options map to tls_disable_tlsv1_x and tls_disable_time_checks settings. See the wpa_supplicant documentation for more details.
Enables or disables in-line provisioning of EAP-FAST credentials when FAST is specified as the EAP method in the NM.Setting8021x.eap property. Recognized values are "0" (disabled), "1" (allow unauthenticated provisioning), "2" (allow authenticated provisioning), and "3" (allow both authenticated and unauthenticated provisioning). See the wpa_supplicant documentation for more details.
Forces use of the new PEAP label during key derivation. Some RADIUS servers may require forcing the new PEAP label to interoperate with PEAPv1. Set to "1" to force use of the new PEAP label. See the wpa_supplicant documentation for more details.
Forces which PEAP version is used when PEAP is set as the EAP method in the NM.Setting8021x.eap property. When unset, the version reported by the server will be used. Sometimes when using older RADIUS servers, it is necessary to force the client to use a particular PEAP version. To do so, this property may be set to "0" or "1" to force that specific PEAP version.
List of strings to be matched against the altSubjectName of the certificate presented by the authentication server during the inner "phase 2" authentication. If the list is empty, no verification of the server certificate's altSubjectName is performed.
Specifies the allowed "phase 2" inner authentication method when an EAP method that uses an inner TLS tunnel is specified in the NM.Setting8021x.eap property. For TTLS this property selects one of the supported non-EAP inner methods: "pap", "chap", "mschap", "mschapv2" while NM.Setting8021x.phase2_autheap selects an EAP inner method. For PEAP this selects an inner EAP method, one of: "gtc", "otp", "md5" and "tls". Each "phase 2" inner method requires specific parameters for successful authentication; see the wpa_supplicant documentation for more details. Both NM.Setting8021x.phase2_auth and NM.Setting8021x.phase2_autheap cannot be specified.
Specifies the allowed "phase 2" inner EAP-based authentication method when TTLS is specified in the NM.Setting8021x.eap property. Recognized EAP-based "phase 2" methods are "md5", "mschapv2", "otp", "gtc", and "tls". Each "phase 2" inner method requires specific parameters for successful authentication; see the wpa_supplicant documentation for more details.
Contains the "phase 2" CA certificate if used by the EAP method specified in the NM.Setting8021x.phase2_auth or NM.Setting8021x.phase2_autheap properties.
Certificate data is specified using a "scheme"; three are currently supported: blob, path and pkcs#11 URL. When using the blob scheme this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string "file://" and ending with a terminating NUL byte. This property can be unset even if the EAP method supports CA certificates, but this allows man-in-the-middle attacks and is NOT recommended.
Note that enabling NMSetting8021x:system-ca-certs will override this setting to use the built-in path, if the built-in path is not a directory.
Setting this property directly is discouraged; use the
nm_setting_802_1x_set_phase2_ca_cert() function instead.
Since 1.8phase2_The password used to access the "phase2" CA certificate stored in NM.Setting8021x.phase2_ca_cert property. Only makes sense if the certificate is stored on a PKCS#11 token that requires a login.
Since 1.8phase2_Flags indicating how to handle the NM.Setting8021x.phase2_ca_cert_password property.
UTF-8 encoded path to a directory containing PEM or DER formatted certificates to be added to the verification chain in addition to the certificate specified in the NM.Setting8021x.phase2_ca_cert property.
If NMSetting8021x:system-ca-certs is enabled and the built-in CA path is an existing directory, then this setting is ignored.
Contains the "phase 2" client certificate if used by the EAP method specified in the NM.Setting8021x.phase2_auth or NM.Setting8021x.phase2_autheap properties.
Certificate data is specified using a "scheme"; two are currently supported: blob and path. When using the blob scheme (which is backwards compatible with NM 0.7.x) this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string "file://" and ending with a terminating NUL byte. This property can be unset even if the EAP method supports CA certificates, but this allows man-in-the-middle attacks and is NOT recommended.
Setting this property directly is discouraged; use the
nm_setting_802_1x_set_phase2_client_cert() function instead.
Since 1.8phase2_The password used to access the "phase2" client certificate stored in NM.Setting8021x.phase2_client_cert property. Only makes sense if the certificate is stored on a PKCS#11 token that requires a login.
Since 1.8phase2_Flags indicating how to handle the NM.Setting8021x.phase2_client_cert_password property.
Since 1.24phase2_Constraint for server domain name. If set, this list of FQDNs is used as a match requirement for dNSName element(s) of the certificate presented by the authentication server during the inner "phase 2" authentication. If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using the same comparison. Multiple valid FQDNs can be passed as a ";" delimited list.
Since 1.2phase2_Constraint for server domain name. If set, this FQDN is used as a suffix match requirement for dNSName element(s) of the certificate presented by the authentication server during the inner "phase 2" authentication. If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same suffix match comparison. Since version 1.24, multiple valid FQDNs can be passed as a ";" delimited list.
Contains the "phase 2" inner private key when the NM.Setting8021x.phase2_auth or NM.Setting8021x.phase2_autheap property is set to "tls".
Key data is specified using a "scheme"; two are currently supported: blob and path. When using the blob scheme and private keys, this property should be set to the key's encrypted PEM encoded data. When using private keys with the path scheme, this property should be set to the full UTF-8 encoded path of the key, prefixed with the string "file://" and ending with a terminating NUL byte. When using PKCS#12 format private keys and the blob scheme, this property should be set to the PKCS#12 data and the NM.Setting8021x.phase2_private_key_password property must be set to password used to decrypt the PKCS#12 certificate and key. When using PKCS#12 files and the path scheme, this property should be set to the full UTF-8 encoded path of the key, prefixed with the string "file://" and ending with a terminating NUL byte, and as with the blob scheme the NM.Setting8021x.phase2_private_key_password property must be set to the password used to decode the PKCS#12 private key and certificate.
Setting this property directly is discouraged; use the
nm_setting_802_1x_set_phase2_private_key() function instead.
The password used to decrypt the "phase 2" private key specified in the
NM.Setting8021x.phase2_private_key property when the private key either
uses the path scheme, or is a PKCS#12 format key. Setting this
property directly is not generally necessary except when returning
secrets to NetworkManager; it is generally set automatically when setting
the private key by the nm_setting_802_1x_set_phase2_private_key()
function.
Flags indicating how to handle the NM.Setting8021x.phase2_private_key_password property.
Substring to be matched against the subject of the certificate presented by the authentication server during the inner "phase 2" authentication. When unset, no verification of the authentication server certificate's subject is performed. This property provides little security, if any, and should not be used.
since 1.2: Use NM.Setting8021x.phase2_domain_suffix_match instead.
List of strings to be matched against the altSubjectName of the certificate presented by the authentication server during the inner "phase 2" authentication. If the list is empty, no verification of the server certificate's altSubjectName is performed.
Specifies the allowed "phase 2" inner authentication method when an EAP method that uses an inner TLS tunnel is specified in the NM.Setting8021x.eap property. For TTLS this property selects one of the supported non-EAP inner methods: "pap", "chap", "mschap", "mschapv2" while NM.Setting8021x.phase2_autheap selects an EAP inner method. For PEAP this selects an inner EAP method, one of: "gtc", "otp", "md5" and "tls". Each "phase 2" inner method requires specific parameters for successful authentication; see the wpa_supplicant documentation for more details. Both NM.Setting8021x.phase2_auth and NM.Setting8021x.phase2_autheap cannot be specified.
Specifies the allowed "phase 2" inner EAP-based authentication method when TTLS is specified in the NM.Setting8021x.eap property. Recognized EAP-based "phase 2" methods are "md5", "mschapv2", "otp", "gtc", and "tls". Each "phase 2" inner method requires specific parameters for successful authentication; see the wpa_supplicant documentation for more details.
Contains the "phase 2" CA certificate if used by the EAP method specified in the NM.Setting8021x.phase2_auth or NM.Setting8021x.phase2_autheap properties.
Certificate data is specified using a "scheme"; three are currently supported: blob, path and pkcs#11 URL. When using the blob scheme this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string "file://" and ending with a terminating NUL byte. This property can be unset even if the EAP method supports CA certificates, but this allows man-in-the-middle attacks and is NOT recommended.
Note that enabling NMSetting8021x:system-ca-certs will override this setting to use the built-in path, if the built-in path is not a directory.
Setting this property directly is discouraged; use the
nm_setting_802_1x_set_phase2_ca_cert() function instead.
Since 1.8phase2The password used to access the "phase2" CA certificate stored in NM.Setting8021x.phase2_ca_cert property. Only makes sense if the certificate is stored on a PKCS#11 token that requires a login.
Since 1.8phase2Flags indicating how to handle the NM.Setting8021x.phase2_ca_cert_password property.
UTF-8 encoded path to a directory containing PEM or DER formatted certificates to be added to the verification chain in addition to the certificate specified in the NM.Setting8021x.phase2_ca_cert property.
If NMSetting8021x:system-ca-certs is enabled and the built-in CA path is an existing directory, then this setting is ignored.
Contains the "phase 2" client certificate if used by the EAP method specified in the NM.Setting8021x.phase2_auth or NM.Setting8021x.phase2_autheap properties.
Certificate data is specified using a "scheme"; two are currently supported: blob and path. When using the blob scheme (which is backwards compatible with NM 0.7.x) this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string "file://" and ending with a terminating NUL byte. This property can be unset even if the EAP method supports CA certificates, but this allows man-in-the-middle attacks and is NOT recommended.
Setting this property directly is discouraged; use the
nm_setting_802_1x_set_phase2_client_cert() function instead.
Since 1.8phase2The password used to access the "phase2" client certificate stored in NM.Setting8021x.phase2_client_cert property. Only makes sense if the certificate is stored on a PKCS#11 token that requires a login.
Since 1.8phase2Flags indicating how to handle the NM.Setting8021x.phase2_client_cert_password property.
Since 1.24phase2Constraint for server domain name. If set, this list of FQDNs is used as a match requirement for dNSName element(s) of the certificate presented by the authentication server during the inner "phase 2" authentication. If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using the same comparison. Multiple valid FQDNs can be passed as a ";" delimited list.
Since 1.2phase2Constraint for server domain name. If set, this FQDN is used as a suffix match requirement for dNSName element(s) of the certificate presented by the authentication server during the inner "phase 2" authentication. If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same suffix match comparison. Since version 1.24, multiple valid FQDNs can be passed as a ";" delimited list.
Contains the "phase 2" inner private key when the NM.Setting8021x.phase2_auth or NM.Setting8021x.phase2_autheap property is set to "tls".
Key data is specified using a "scheme"; two are currently supported: blob and path. When using the blob scheme and private keys, this property should be set to the key's encrypted PEM encoded data. When using private keys with the path scheme, this property should be set to the full UTF-8 encoded path of the key, prefixed with the string "file://" and ending with a terminating NUL byte. When using PKCS#12 format private keys and the blob scheme, this property should be set to the PKCS#12 data and the NM.Setting8021x.phase2_private_key_password property must be set to password used to decrypt the PKCS#12 certificate and key. When using PKCS#12 files and the path scheme, this property should be set to the full UTF-8 encoded path of the key, prefixed with the string "file://" and ending with a terminating NUL byte, and as with the blob scheme the NM.Setting8021x.phase2_private_key_password property must be set to the password used to decode the PKCS#12 private key and certificate.
Setting this property directly is discouraged; use the
nm_setting_802_1x_set_phase2_private_key() function instead.
The password used to decrypt the "phase 2" private key specified in the
NM.Setting8021x.phase2_private_key property when the private key either
uses the path scheme, or is a PKCS#12 format key. Setting this
property directly is not generally necessary except when returning
secrets to NetworkManager; it is generally set automatically when setting
the private key by the nm_setting_802_1x_set_phase2_private_key()
function.
Flags indicating how to handle the NM.Setting8021x.phase2_private_key_password property.
Substring to be matched against the subject of the certificate presented by the authentication server during the inner "phase 2" authentication. When unset, no verification of the authentication server certificate's subject is performed. This property provides little security, if any, and should not be used.
since 1.2: Use NM.Setting8021x.phase2_domain_suffix_match instead.
PIN used for EAP authentication methods.
Flags indicating how to handle the NM.Setting8021x.pin property.
Flags indicating how to handle the NM.Setting8021x.pin property.
Contains the private key when the NM.Setting8021x.eap property is set to "tls".
Key data is specified using a "scheme"; two are currently supported: blob and path. When using the blob scheme and private keys, this property should be set to the key's encrypted PEM encoded data. When using private keys with the path scheme, this property should be set to the full UTF-8 encoded path of the key, prefixed with the string "file://" and ending with a terminating NUL byte. When using PKCS#12 format private keys and the blob scheme, this property should be set to the PKCS#12 data and the NM.Setting8021x.private_key_password property must be set to password used to decrypt the PKCS#12 certificate and key. When using PKCS#12 files and the path scheme, this property should be set to the full UTF-8 encoded path of the key, prefixed with the string "file://" and ending with a terminating NUL byte, and as with the blob scheme the "private-key-password" property must be set to the password used to decode the PKCS#12 private key and certificate.
Setting this property directly is discouraged; use the
nm_setting_802_1x_set_private_key() function instead.
WARNING: NM.Setting8021x.private_key is not a "secret" property, and thus unencrypted private key data using the BLOB scheme may be readable by unprivileged users. Private keys should always be encrypted with a private key password to prevent unauthorized access to unencrypted private key data.
The password used to decrypt the private key specified in the
NM.Setting8021x.private_key property when the private key either uses the
path scheme, or if the private key is a PKCS#12 format key. Setting this
property directly is not generally necessary except when returning
secrets to NetworkManager; it is generally set automatically when setting
the private key by the nm_setting_802_1x_set_private_key() function.
Flags indicating how to handle the NM.Setting8021x.private_key_password property.
Contains the private key when the NM.Setting8021x.eap property is set to "tls".
Key data is specified using a "scheme"; two are currently supported: blob and path. When using the blob scheme and private keys, this property should be set to the key's encrypted PEM encoded data. When using private keys with the path scheme, this property should be set to the full UTF-8 encoded path of the key, prefixed with the string "file://" and ending with a terminating NUL byte. When using PKCS#12 format private keys and the blob scheme, this property should be set to the PKCS#12 data and the NM.Setting8021x.private_key_password property must be set to password used to decrypt the PKCS#12 certificate and key. When using PKCS#12 files and the path scheme, this property should be set to the full UTF-8 encoded path of the key, prefixed with the string "file://" and ending with a terminating NUL byte, and as with the blob scheme the "private-key-password" property must be set to the password used to decode the PKCS#12 private key and certificate.
Setting this property directly is discouraged; use the
nm_setting_802_1x_set_private_key() function instead.
WARNING: NM.Setting8021x.private_key is not a "secret" property, and thus unencrypted private key data using the BLOB scheme may be readable by unprivileged users. Private keys should always be encrypted with a private key password to prevent unauthorized access to unencrypted private key data.
The password used to decrypt the private key specified in the
NM.Setting8021x.private_key property when the private key either uses the
path scheme, or if the private key is a PKCS#12 format key. Setting this
property directly is not generally necessary except when returning
secrets to NetworkManager; it is generally set automatically when setting
the private key by the nm_setting_802_1x_set_private_key() function.
Flags indicating how to handle the NM.Setting8021x.private_key_password property.
Substring to be matched against the subject of the certificate presented by the authentication server. When unset, no verification of the authentication server certificate's subject is performed. This property provides little security, if any, and should not be used.
since 1.2: Use NM.Setting8021x.phase2_domain_suffix_match instead.
Substring to be matched against the subject of the certificate presented by the authentication server. When unset, no verification of the authentication server certificate's subject is performed. This property provides little security, if any, and should not be used.
since 1.2: Use NM.Setting8021x.phase2_domain_suffix_match instead.
When true, overrides the NM.Setting8021x.ca_path and
NM.Setting8021x.phase2_ca_path properties using the system CA directory
specified at configure time with the --system-ca-path switch. The
certificates in this directory are added to the verification chain in
addition to any certificates specified by the NM.Setting8021x.ca_cert and
NM.Setting8021x.phase2_ca_cert properties. If the path provided with
--system-ca-path is rather a file name (bundle of trusted CA certificates),
it overrides NM.Setting8021x.ca_cert and NM.Setting8021x.phase2_ca_cert
properties instead (sets ca_cert/ca_cert2 options for wpa_supplicant).
When true, overrides the NM.Setting8021x.ca_path and
NM.Setting8021x.phase2_ca_path properties using the system CA directory
specified at configure time with the --system-ca-path switch. The
certificates in this directory are added to the verification chain in
addition to any certificates specified by the NM.Setting8021x.ca_cert and
NM.Setting8021x.phase2_ca_cert properties. If the path provided with
--system-ca-path is rather a file name (bundle of trusted CA certificates),
it overrides NM.Setting8021x.ca_cert and NM.Setting8021x.phase2_ca_cert
properties instead (sets ca_cert/ca_cert2 options for wpa_supplicant).
The setting's name, which uniquely identifies the setting within the connection. Each setting type has a name unique to that type, for example "ppp" or "802-11-wireless" or "802-3-ethernet".
Adds an allowed alternate subject name match. Until at least one match is added, the altSubjectName of the remote authentication server is not verified.
the altSubjectName to allow for this connection
true if the alternative subject name match was successfully added, false if it was already allowed.
Adds an allowed EAP method. The setting is not valid until at least one EAP method has been added. See NM.Setting8021x.eap property for a list of allowed EAP methods.
the name of the EAP method to allow for this connection
true if the EAP method was successfully added, false if it was not a valid method or if it was already allowed.
Adds an allowed alternate subject name match for "phase 2". Until at least one match is added, the altSubjectName of the "phase 2" remote authentication server is not verified.
the "phase 2" altSubjectName to allow for this connection
true if the "phase 2" alternative subject name match was successfully added, false if it was already allowed.
Clears all altSubjectName matches.
Clears all allowed EAP methods.
Clears all "phase 2" altSubjectName matches.
SignalconnectSignalconnect_SignalemitReturns the altSubjectName match at index i.
the zero-based index of the array of altSubjectName matches
the altSubjectName match at index i
Returns the anonymous identifier used by some EAP methods (like TTLS) to authenticate the user in the outer unencrypted "phase 1" authentication. The inner "phase 2" authentication will use the NM.Setting8021x.identity in a secure form, if applicable for that EAP method.
the anonymous identifier
Returns the value contained in the NM.Setting8021x.auth_timeout property.
the configured authentication timeout in seconds. Zero means the global default value.
Returns the CA certificate blob if the CA certificate is stored using the NM.Setting8021xCKScheme.BLOB scheme. Not all EAP methods use a CA certificate (LEAP for example), and those that can take advantage of the CA certificate allow it to be unset. Note that lack of a CA certificate reduces security by allowing man-in-the-middle attacks, because the identity of the network cannot be confirmed by the client.
the CA certificate data
the password used to access the CA certificate stored in NM.Setting8021x.ca_cert property. Only makes sense if the certificate is stored on a PKCS#11 token that requires a login.
the NM.SettingSecretFlags pertaining to the NM.Setting8021x.ca_cert_password
Returns the CA certificate path if the CA certificate is stored using the NM.Setting8021xCKScheme.PATH scheme. Not all EAP methods use a CA certificate (LEAP for example), and those that can take advantage of the CA certificate allow it to be unset. Note that lack of a CA certificate reduces security by allowing man-in-the-middle attacks, because the identity of the network cannot be confirmed by the client.
path to the CA certificate file
Returns the scheme used to store the CA certificate. If the returned scheme
is NM.Setting8021xCKScheme.BLOB, use nm_setting_802_1x_get_ca_cert_blob();
if NM.Setting8021xCKScheme.PATH, use nm_setting_802_1x_get_ca_cert_path();
if NM.Setting8021xCKScheme.PKCS11, use nm_setting_802_1x_get_ca_cert_uri().
scheme used to store the CA certificate (blob or path)
Returns the CA certificate URI analogously to
nm_setting_802_1x_get_ca_cert_blob() and
nm_setting_802_1x_get_ca_cert_path().
Currently, it's limited to PKCS#11 URIs ('pkcs11' scheme as defined by RFC 7512), but may be extended to other schemes in future (such as 'file' URIs for local files and 'data' URIs for inline certificate data).
the URI string
Returns the path of the CA certificate directory if previously set. Systems will often have a directory that contains multiple individual CA certificates which the supplicant can then add to the verification chain. This may be used in addition to the NM.Setting8021x.ca_cert property to add more CA certificates for verifying the network to client.
the CA certificate directory path
the password used to access the client certificate stored in NM.Setting8021x.client_cert property. Only makes sense if the certificate is stored on a PKCS#11 token that requires a login.
the NM.SettingSecretFlags pertaining to the NM.Setting8021x.client_cert_password
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
path to the client certificate file
Returns the scheme used to store the client certificate. If the returned scheme
is NM.Setting8021xCKScheme.BLOB, use nm_setting_802_1x_get_client_cert_blob();
if NM.Setting8021xCKScheme.PATH, use nm_setting_802_1x_get_client_cert_path();
if NM.Setting8021xCKScheme.PKCS11, use nm_setting_802_1x_get_client_cert_uri().
scheme used to store the client certificate (blob or path)
Returns the client certificate URI analogously to
nm_setting_802_1x_get_client_cert_blob() and
nm_setting_802_1x_get_client_cert_path().
Currently, it's limited to PKCS#11 URIs ('pkcs11' scheme as defined by RFC 7512), but may be extended to other schemes in future (such as 'file' URIs for local files and 'data' URIs for inline certificate data).
the URI string
the NM.Setting8021x.domain_match property.
the NM.Setting8021x.domain_suffix_match property.
Returns the name of the allowed EAP method at index i.
the index of the EAP method name to return
the name of the allowed EAP method at index i
Returns the identifier used by some EAP methods (like TLS) to authenticate the user. Often this is a username or login name.
the user identifier
Returns the number of entries in the NM.Setting8021x.altsubject_matches property of this setting.
the number of altsubject-matches entries.
Returns the number of eap methods allowed for use when connecting to the
network. Generally only one EAP method is used. Use the functions
nm_setting_802_1x_get_eap_method(), nm_setting_802_1x_add_eap_method(),
and nm_setting_802_1x_remove_eap_method() for adding, removing, and retrieving
allowed EAP methods.
the number of allowed EAP methods
Returns the number of entries in the NM.Setting8021x.phase2_altsubject_matches property of this setting.
the number of phase2-altsubject-matches entries.
Returns the openssl_ciphers configuration for wpa_supplicant.
cipher string for tls setup in wpa_supplicant.
Returns the value contained in the NM.Setting8021x.optional property.
true if the activation should proceed even when the 802.1X authentication fails; false otherwise
Returns the file containing PAC credentials used by EAP-FAST method.
the PAC file
the password used by the authentication method, if any, as specified by the NM.Setting8021x.password property
the NM.SettingSecretFlags pertaining to the NM.Setting8021x.password
the password used by the authentication method as a UTF-8-encoded array of bytes, as specified by the NM.Setting8021x.password_raw property
the NM.SettingSecretFlags pertaining to the NM.Setting8021x.password_raw
the authentication flags for "phase 1".
whether "phase 1" PEAP fast provisioning should be used, as specified by the NM.Setting8021x.phase1_fast_provisioning property. See the wpa_supplicant documentation for more details.
whether the "phase 1" PEAP label is new-style or old-style, to be used when authenticating with EAP-PEAP, as contained in the NM.Setting8021x.phase1_peaplabel property. Valid values are null (unset), "0" (use old-style label), and "1" (use new-style label). See the wpa_supplicant documentation for more details.
the "phase 1" PEAP version to be used when authenticating with EAP-PEAP as contained in the NM.Setting8021x.phase1_peapver property. Valid values are null (unset), "0" (PEAP version 0), and "1" (PEAP version 1).
Returns the "phase 2" altSubjectName match at index i.
the zero-based index of the array of "phase 2" altSubjectName matches
the "phase 2" altSubjectName match at index i
the "phase 2" non-EAP (ex MD5) allowed authentication method as specified by the NM.Setting8021x.phase2_auth property.
the "phase 2" EAP-based (ex TLS) allowed authentication method as specified by the NM.Setting8021x.phase2_autheap property.
Returns the "phase 2" CA certificate blob if the CA certificate is stored using the NM.Setting8021xCKScheme.BLOB scheme. Not all EAP methods use a CA certificate (LEAP for example), and those that can take advantage of the CA certificate allow it to be unset. Note that lack of a CA certificate reduces security by allowing man-in-the-middle attacks, because the identity of the network cannot be confirmed by the client.
the "phase 2" CA certificate data
the password used to access the "phase2" CA certificate stored in NM.Setting8021x.phase2_ca_cert property. Only makes sense if the certificate is stored on a PKCS#11 token that requires a login.
the NM.SettingSecretFlags pertaining to the NM.Setting8021x.phase2_private_key_password
Returns the "phase 2" CA certificate path if the CA certificate is stored using the NM.Setting8021xCKScheme.PATH scheme. Not all EAP methods use a CA certificate (LEAP for example), and those that can take advantage of the CA certificate allow it to be unset. Note that lack of a CA certificate reduces security by allowing man-in-the-middle attacks, because the identity of the network cannot be confirmed by the client.
path to the "phase 2" CA certificate file
Returns the scheme used to store the "phase 2" CA certificate. If the
returned scheme is NM.Setting8021xCKScheme.BLOB, use
nm_setting_802_1x_get_ca_cert_blob(); if NM.Setting8021xCKScheme.PATH,
use nm_setting_802_1x_get_ca_cert_path(); if NM.Setting8021xCKScheme.PKCS11,
use nm_setting_802_1x_get_ca_cert_uri().
scheme used to store the "phase 2" CA certificate (blob or path)
Returns the "phase 2" CA certificate URI analogously to
nm_setting_802_1x_get_phase2_ca_cert_blob() and
nm_setting_802_1x_get_phase2_ca_cert_path().
Currently, it's limited to PKCS#11 URIs ('pkcs11' scheme as defined by RFC 7512), but may be extended to other schemes in future (such as 'file' URIs for local files and 'data' URIs for inline certificate data).
the URI string
Returns the path of the "phase 2" CA certificate directory if previously set. Systems will often have a directory that contains multiple individual CA certificates which the supplicant can then add to the verification chain. This may be used in addition to the NM.Setting8021x.phase2_ca_cert property to add more CA certificates for verifying the network to client.
the "phase 2" CA certificate directory path
the password used to access the "phase2" client certificate stored in NM.Setting8021x.phase2_client_cert property. Only makes sense if the certificate is stored on a PKCS#11 token that requires a login.
the NM.SettingSecretFlags pertaining to the NM.Setting8021x.phase2_client_cert_password
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
path to the "phase 2" client certificate file
Returns the scheme used to store the "phase 2" client certificate. If the
returned scheme is NM.Setting8021xCKScheme.BLOB, use
nm_setting_802_1x_get_client_cert_blob(); if
NM.Setting8021xCKScheme.PATH, use
nm_setting_802_1x_get_client_cert_path(); if
NM.Setting8021xCKScheme.PKCS11, use
nm_setting_802_1x_get_client_cert_uri().
scheme used to store the "phase 2" client certificate (blob or path)
Returns the "phase 2" client certificate URI analogously to
nm_setting_802_1x_get_phase2_ca_cert_blob() and
nm_setting_802_1x_get_phase2_ca_cert_path().
Currently, it's limited to PKCS#11 URIs ('pkcs11' scheme as defined by RFC 7512), but may be extended to other schemes in future (such as 'file' URIs for local files and 'data' URIs for inline certificate data).
the URI string
the NM.Setting8021x.phase2_domain_match property.
the NM.Setting8021x.phase2_domain_suffix_match property.
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
WARNING: the phase2 private key property is not a "secret" property, and thus unencrypted private key data may be readable by unprivileged users. Private keys should always be encrypted with a private key password.
the "phase 2" private key data
the data format of the "phase 2" private key data stored in the NM.Setting8021x.phase2_private_key property
the private key password used to decrypt the private key if previously set with nm_setting_802_1x_set_phase2_private_key() or the NM.Setting8021x.phase2_private_key_password property.
the NM.SettingSecretFlags pertaining to the NM.Setting8021x.phase2_private_key_password
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
path to the "phase 2" private key file
Returns the scheme used to store the "phase 2" private key. If the returned
scheme is NM.Setting8021xCKScheme.BLOB, use
nm_setting_802_1x_get_client_cert_blob(); if
NM.Setting8021xCKScheme.PATH, use
nm_setting_802_1x_get_client_cert_path(); if
NM.Setting8021xCKScheme.PKCS11, use
nm_setting_802_1x_get_client_cert_uri().
scheme used to store the "phase 2" private key (blob or path)
Returns the "phase 2" private key URI analogously to
nm_setting_802_1x_get_phase2_private_key_blob() and
nm_setting_802_1x_get_phase2_private_key_path().
Currently, it's limited to PKCS#11 URIs ('pkcs11' scheme as defined by RFC 7512), but may be extended to other schemes in future (such as 'file' URIs for local files and 'data' URIs for inline certificate data).
the URI string
the NM.Setting8021x.phase2_subject_match property. This is the substring to be matched against the subject of the "phase 2" authentication server certificate, or null no subject verification is to be performed.
the PIN used by the authentication method, if any, as specified by the NM.Setting8021x.pin property
the NM.SettingSecretFlags pertaining to the NM.Setting8021x.pin
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
WARNING: the private key property is not a "secret" property, and thus unencrypted private key data may be readable by unprivileged users. Private keys should always be encrypted with a private key password.
the private key data
the data format of the private key data stored in the NM.Setting8021x.private_key property
the private key password used to decrypt the private key if previously set with nm_setting_802_1x_set_private_key(), or the NM.Setting8021x.private_key_password property.
the NM.SettingSecretFlags pertaining to the NM.Setting8021x.private_key_password
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
path to the private key file
Returns the scheme used to store the private key. If the returned scheme is
NM.Setting8021xCKScheme.BLOB, use
nm_setting_802_1x_get_client_cert_blob(); if
NM.Setting8021xCKScheme.PATH, use
nm_setting_802_1x_get_client_cert_path(); if
NM.Setting8021xCKScheme.PKCS11, use
nm_setting_802_1x_get_client_cert_uri().
scheme used to store the private key (blob or path)
Returns the private key URI analogously to
nm_setting_802_1x_get_private_key_blob() and
nm_setting_802_1x_get_private_key_path().
Currently, it's limited to PKCS#11 URIs ('pkcs11' scheme as defined by RFC 7512), but may be extended to other schemes in future (such as 'file' URIs for local files and 'data' URIs for inline certificate data).
the URI string
the NM.Setting8021x.subject_match property. This is the substring to be matched against the subject of the authentication server certificate, or null no subject verification is to be performed.
Sets the NM.Setting8021x.system_ca_certs property. The
NM.Setting8021x.ca_path and NM.Setting8021x.phase2_ca_path
properties are ignored if the NM.Setting8021x.system_ca_certs property is
true, in which case a system-wide CA certificate directory specified at
compile time (using the --system-ca-path configure option) is used in place
of these properties.
true if a system CA certificate path should be used, false if not
Removes the allowed altSubjectName at the specified index.
the index of the altSubjectName match to remove
Removes the allowed altSubjectName altsubject_match.
the altSubjectName to remove
true if the alternative subject name match was found and removed, false if it was not.
Removes the allowed EAP method at the specified index.
the index of the EAP method to remove
Removes the allowed EAP method method.
the name of the EAP method to remove
true if the EAP method was founs and removed, false if it was not.
Removes the allowed "phase 2" altSubjectName at the specified index.
the index of the "phase 2" altSubjectName match to remove
Removes the allowed "phase 2" altSubjectName phase2_altsubject_match.
the "phase 2" altSubjectName to remove
true if the alternative subject name match for "phase 2" was found and removed, false if it was not.
Reads a certificate from disk and sets the NM.Setting8021x.ca_cert property with the raw certificate data if using the NM.Setting8021xCKScheme.BLOB scheme, or with the path to the certificate file if using the NM.Setting8021xCKScheme.PATH scheme.
when scheme is set to either NM.Setting8021xCKScheme.PATH or NM.Setting8021xCKScheme.BLOB, pass the path of the CA certificate file (PEM or DER format). The path must be UTF-8 encoded; use g_filename_to_utf8() to convert if needed. Passing null with any scheme clears the CA certificate.
desired storage scheme for the certificate
on successful return, the type of the certificate added
true if the operation succeeded, false if it was unsuccessful
Reads a certificate from disk and sets the NM.Setting8021x.client_cert property with the raw certificate data if using the NM.Setting8021xCKScheme.BLOB scheme, or with the path to the certificate file if using the NM.Setting8021xCKScheme.PATH scheme.
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
when scheme is set to either NM.Setting8021xCKScheme.PATH or NM.Setting8021xCKScheme.BLOB, pass the path of the client certificate file (PEM, DER, or PKCS#12 format). The path must be UTF-8 encoded; use g_filename_to_utf8() to convert if needed. Passing null with any scheme clears the client certificate.
desired storage scheme for the certificate
on successful return, the type of the certificate added
true if the operation succeeded, false if it was unsuccessful
Reads a certificate from disk and sets the NM.Setting8021x.phase2_ca_cert property with the raw certificate data if using the NM.Setting8021xCKScheme.BLOB scheme, or with the path to the certificate file if using the NM.Setting8021xCKScheme.PATH scheme.
when scheme is set to either NM.Setting8021xCKScheme.PATH or NM.Setting8021xCKScheme.BLOB, pass the path of the "phase2" CA certificate file (PEM or DER format). The path must be UTF-8 encoded; use g_filename_to_utf8() to convert if needed. Passing null with any scheme clears the "phase2" CA certificate.
desired storage scheme for the certificate
on successful return, the type of the certificate added
true if the operation succeeded, false if it was unsuccessful
Reads a certificate from disk and sets the NM.Setting8021x.phase2_client_cert property with the raw certificate data if using the NM.Setting8021xCKScheme.BLOB scheme, or with the path to the certificate file if using the NM.Setting8021xCKScheme.PATH scheme.
Client certificates are used to identify the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
when scheme is set to either NM.Setting8021xCKScheme.PATH or NM.Setting8021xCKScheme.BLOB, pass the path of the "phase2" client certificate file (PEM, DER, or PKCS#12 format). The path must be UTF-8 encoded; use g_filename_to_utf8() to convert if needed. Passing null with any scheme clears the "phase2" client certificate.
desired storage scheme for the certificate
on successful return, the type of the certificate added
true if the operation succeeded, false if it was unsuccessful
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
This function reads a private key from disk and sets the NM.Setting8021x.phase2_private_key property with the private key file data if using the NM.Setting8021xCKScheme.BLOB scheme, or with the path to the private key file if using the NM.Setting8021xCKScheme.PATH scheme.
If password is given, this function attempts to decrypt the private key to
verify that password is correct, and if it is, updates the
NM.Setting8021x.phase2_private_key_password property with the given
password. If the decryption is unsuccessful, false is returned, error is
set, and no internal data is changed. If no password is given, the private
key is assumed to be valid, no decryption is performed, and the password may
be set at a later time.
WARNING: the "phase2" private key property is not a "secret" property, and thus unencrypted private key data using the BLOB scheme may be readable by unprivileged users. Private keys should always be encrypted with a private key password to prevent unauthorized access to unencrypted private key data.
when scheme is set to either NM.Setting8021xCKScheme.PATH or NM.Setting8021xCKScheme.BLOB, pass the path of the "phase2" private key file (PEM, DER, or PKCS#12 format). The path must be UTF-8 encoded; use g_filename_to_utf8() to convert if needed. Passing null with any scheme clears the private key.
password used to decrypt the private key, or null if the password is unknown. If the password is given but fails to decrypt the private key, an error is returned.
desired storage scheme for the private key
on successful return, the type of the private key added
true if the operation succeeded, false if it was unsuccessful
Private keys are used to authenticate the connecting client to the network when EAP-TLS is used as either the "phase 1" or "phase 2" 802.1x authentication method.
This function reads a private key from disk and sets the NM.Setting8021x.private_key property with the private key file data if using the NM.Setting8021xCKScheme.BLOB scheme, or with the path to the private key file if using the NM.Setting8021xCKScheme.PATH scheme.
If password is given, this function attempts to decrypt the private key to
verify that password is correct, and if it is, updates the
NM.Setting8021x.private_key_password property with the given password. If
the decryption is unsuccessful, false is returned, error is set, and no
internal data is changed. If no password is given, the private key is
assumed to be valid, no decryption is performed, and the password may be set
at a later time.
WARNING: the private key property is not a "secret" property, and thus unencrypted private key data using the BLOB scheme may be readable by unprivileged users. Private keys should always be encrypted with a private key password to prevent unauthorized access to unencrypted private key data.
when scheme is set to either NM.Setting8021xCKScheme.PATH or NM.Setting8021xCKScheme.BLOB, pass the path of the private key file (PEM, DER, or PKCS#12 format). The path must be UTF-8 encoded; use g_filename_to_utf8() to convert if needed. Passing null with any scheme clears the private key.
password used to decrypt the private key, or null if the password is unknown. If the password is given but fails to decrypt the private key, an error is returned.
desired storage scheme for the private key
on successful return, the type of the private key added
true if the operation succeeded, false if it was unsuccessful
Staticcheck_Determines and verifies the blob type. When setting certificate properties of NMSetting8021x the blob must be not UNKNOWN (or NULL).
the data pointer
the length of the data
StaticnewCreates a binding between source_property on source and target_property
on target.
Whenever the source_property is changed the target_property is
updated using the same value. For instance:
g_object_bind_property (action, "active", widget, "sensitive", 0);
Will result in the "sensitive" property of the widget GObject.Object instance to be updated with the same value of the "active" property of the action GObject.Object instance.
If flags contains GObject.BindingFlags.BIDIRECTIONAL then the binding will be mutual:
if target_property on target changes then the source_property on source
will be updated as well.
The binding will automatically be removed when either the source or the
target instances are finalized. To remove the binding without affecting the
source and the target you can just call g_object_unref() on the returned
GObject.Binding instance.
Removing the binding by calling g_object_unref() on it must only be done if
the binding, source and target are only used from a single thread and it
is clear that both source and target outlive the binding. Especially it
is not safe to rely on this if the binding, source or target can be
finalized from different threads. Keep another reference to the binding and
use g_binding_unbind() instead to be on the safe side.
A GObject.Object can have multiple bindings.
the property on source to bind
the target GObject.Object
the property on target to bind
flags to pass to GObject.Binding
the GObject.Binding instance representing the binding between the two GObject.Object instances. The binding is released whenever the GObject.Binding reference count reaches zero.
Complete version of g_object_bind_property().
Creates a binding between source_property on source and target_property
on target, allowing you to set the transformation functions to be used by
the binding.
If flags contains GObject.BindingFlags.BIDIRECTIONAL then the binding will be mutual:
if target_property on target changes then the source_property on source
will be updated as well. The transform_from function is only used in case
of bidirectional bindings, otherwise it will be ignored
The binding will automatically be removed when either the source or the
target instances are finalized. This will release the reference that is
being held on the GObject.Binding instance; if you want to hold on to the
GObject.Binding instance, you will need to hold a reference to it.
To remove the binding, call g_binding_unbind().
A GObject.Object can have multiple bindings.
The same user_data parameter will be used for both transform_to
and transform_from transformation functions; the notify function will
be called once, when the binding is removed. If you need different data
for each transformation function, please use
g_object_bind_property_with_closures() instead.
the property on source to bind
the target GObject.Object
the property on target to bind
flags to pass to GObject.Binding
Optionaltransform_to: BindingTransformFuncthe transformation function from the source to the target, or null to use the default
Optionaltransform_from: BindingTransformFuncthe transformation function from the target to the source, or null to use the default
Optionalnotify: DestroyNotifya function to call when disposing the binding, to free resources used by the transformation functions, or null if not required
the GObject.Binding instance representing the binding between the two GObject.Object instances. The binding is released whenever the GObject.Binding reference count reaches zero.
Creates a binding between source_property on source and target_property
on target, allowing you to set the transformation functions to be used by
the binding.
This function is the language bindings friendly version of
g_object_bind_property_full(), using GClosures instead of
function pointers.
the property on source to bind
the target GObject.Object
the property on target to bind
flags to pass to GObject.Binding
a GObject.Closure wrapping the transformation function from the source to the target, or null to use the default
a GObject.Closure wrapping the transformation function from the target to the source, or null to use the default
the GObject.Binding instance representing the binding between the two GObject.Object instances. The binding is released whenever the GObject.Binding reference count reaches zero.
Blocks a handler of an instance so it will not be called during any signal emissions
Handler ID of the handler to be blocked
Compares two NM.Setting objects for similarity, with comparison behavior modified by a set of flags. See the documentation for NM.SettingCompareFlags for a description of each flag's behavior.
a second NM.Setting to compare with the first
compare flags, e.g. NM.SettingCompareFlags.EXACT
true if the comparison succeeds, false if it does not
Compares two NM.Setting objects for similarity, with comparison behavior
modified by a set of flags. See the documentation for NM.SettingCompareFlags
for a description of each flag's behavior. If the settings differ, the keys
of each setting that differ from the other are added to results, mapped to
one or more NM.SettingDiffResult values.
a second NM.Setting to compare with the first
compare flags, e.g. NM.SettingCompareFlags.EXACT
this parameter is used internally by libnm and should be set to false. If true inverts the meaning of the NM.SettingDiffResult.
if the settings differ, on return a hash table mapping the differing keys to one or more %NMSettingDiffResult values OR-ed together. If the settings do not differ, any hash table passed in is unmodified. If no hash table is passed in and the settings differ, a new one is created and returned.
true if the settings contain the same values, false if they do not
Disconnects a handler from an instance so it will not be called during any future or currently ongoing emissions of the signal it has been connected to.
Handler ID of the handler to be disconnected
Duplicates a NM.Setting.
a new NM.Setting containing the same properties and values as the source NM.Setting
Iterates over each property of the NM.Setting object, calling the supplied user function for each property.
user-supplied function called for each property of the setting
This function is intended for GObject.Object implementations to re-enforce
a [floating][floating-ref] object reference. Doing this is seldom
required: all GInitiallyUnowneds are created with a floating reference
which usually just needs to be sunken by calling g_object_ref_sink().
Increases the freeze count on object. If the freeze count is
non-zero, the emission of "notify" signals on object is
stopped. The signals are queued until the freeze count is decreased
to zero. Duplicate notifications are squashed so that at most one
GObject.Object::notify signal is emitted for each property modified while the
object is frozen.
This is necessary for accessors that modify multiple properties to prevent premature notification while the object is still being modified.
Gets a named field from the objects table of associations (see g_object_set_data()).
name of the key for that association
the data if found, or null if no such data exists.
Gets the D-Bus marshalling type of a property. property_name is a D-Bus
property name, which may not necessarily be a GObject.Object property.
the property of setting to get the type of
the D-Bus marshalling type of property on setting.
Returns the type name of the NM.Setting object
a string containing the type name of the NM.Setting object, like 'ppp' or 'wireless' or 'wired'.
Gets a property of an object.
The value can be:
In general, a copy is made of the property contents and the caller is responsible for freeing the memory by calling GObject.Value.unset.
Note that GObject.Object.get_property is really intended for language bindings, GObject.Object.get is much more convenient for C programming.
The name of the property to get
Return location for the property value. Can be an empty GObject.Value initialized by G_VALUE_INIT (auto-initialized with expected type since GLib 2.60), a GObject.Value initialized with the expected property type, or a GObject.Value initialized with a transformable type
This function gets back user data pointers stored via
g_object_set_qdata().
A GLib.Quark, naming the user data pointer
The user data pointer set, or null
For a given secret, retrieves the NM.SettingSecretFlags describing how to handle that secret.
the secret key name to get flags for
on success, the NM.SettingSecretFlags for the secret
true on success (if the given secret name was a valid property of this setting, and if that property is secret), false if not
Gets n_properties properties for an object.
Obtained properties will be set to values. All properties must be valid.
Warnings will be emitted and undefined behaviour may result if invalid
properties are passed in.
the names of each property to get
the values of each property to get
Checks whether object has a [floating][floating-ref] reference.
true if object has a floating reference
Emits a "notify" signal for the property property_name on object.
When possible, eg. when signaling a property change from within the class
that registered the property, you should use g_object_notify_by_pspec()
instead.
Note that emission of the notify signal may be blocked with
g_object_freeze_notify(). In this case, the signal emissions are queued
and will be emitted (in reverse order) when g_object_thaw_notify() is
called.
the name of a property installed on the class of object.
Emits a "notify" signal for the property specified by pspec on object.
This function omits the property name lookup, hence it is faster than
g_object_notify().
One way to avoid using g_object_notify() from within the
class that registered the properties, and using g_object_notify_by_pspec()
instead, is to store the GParamSpec used with
g_object_class_install_property() inside a static array, e.g.:
typedef enum
{
PROP_FOO = 1,
PROP_LAST
} MyObjectProperty;
static GParamSpec *properties[PROP_LAST];
static void
my_object_class_init (MyObjectClass *klass)
{
properties[PROP_FOO] = g_param_spec_int ("foo", NULL, NULL,
0, 100,
50,
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
g_object_class_install_property (gobject_class,
PROP_FOO,
properties[PROP_FOO]);
}
and then notify a change on the "foo" property with:
g_object_notify_by_pspec (self, properties[PROP_FOO]);
the GObject.ParamSpec of a property installed on the class of object.
Optionalpredicate: UtilsPredicateStrthe predicate for which names should be clear. If the predicate returns true for an option name, the option gets removed. If null, all options will be removed.
the option name to request.
the GLib.Variant or null if the option is not set.
Gives the name of all set options.
A null terminated array of key names. If no names are present, this returns null. The returned array and the names are owned by %NMSetting and might be invalidated by the next operation.
the option to get
true if opt_name is set to a boolean variant.
the option to get
true if opt_name is set to a uint32 variant.
If variant is null, this clears the option if it is set.
Otherwise, variant is set as the option. If variant is
a floating reference, it will be consumed.
Note that not all setting types support options. It is a bug setting a variant to a setting that doesn't support it. Currently, only NM.SettingEthtool supports it.
Like nm_setting_option_set() to set a boolean GVariant.
the value to set.
Like nm_setting_option_set() to set a uint32 GVariant.
the value to set.
Increases the reference count of object.
Since GLib 2.56, if GLIB_VERSION_MAX_ALLOWED is 2.56 or greater, the type
of object will be propagated to the return type (using the GCC typeof()
extension), so any casting the caller needs to do on the return type must be
explicit.
the same object
Increase the reference count of object, and possibly remove the
[floating][floating-ref] reference, if object has a floating reference.
In other words, if the object is floating, then this call "assumes ownership" of the floating reference, converting it to a normal reference by clearing the floating flag while leaving the reference count unchanged. If the object is not floating, then this call adds a new normal reference increasing the reference count by one.
Since GLib 2.56, the type of object will be propagated to the return type
under the same conditions as for g_object_ref().
object
Releases all references to other objects. This can be used to break reference cycles.
This function should only be called from object system implementations.
Sets multiple properties of an object at once. The properties argument should be a dictionary mapping property names to values.
Object containing the properties to set
Each object carries around a table of associations from strings to pointers. This function lets you set an association.
If the object already had an association with that name, the old association will be destroyed.
Internally, the key is converted to a GLib.Quark using g_quark_from_string().
This means a copy of key is kept permanently (even after object has been
finalized) — so it is recommended to only use a small, bounded set of values
for key in your program, to avoid the GLib.Quark storage growing unbounded.
name of the key
Optionaldata: anydata to associate with that key
Sets a property on an object.
The name of the property to set
The value to set the property to
For a given secret, stores the NM.SettingSecretFlags describing how to handle that secret.
the secret key name to set flags for
the NM.SettingSecretFlags for the secret
true on success (if the given secret name was a valid property of this setting, and if that property is secret), false if not
Remove a specified datum from the object's data associations, without invoking the association's destroy handler.
name of the key
the data if found, or null if no such data exists.
This function gets back user data pointers stored via
g_object_set_qdata() and removes the data from object
without invoking its destroy() function (if any was
set).
Usually, calling this function is only required to update
user data pointers with a destroy notifier, for example:
void
object_add_to_user_list (GObject *object,
const gchar *new_string)
{
// the quark, naming the object data
GQuark quark_string_list = g_quark_from_static_string ("my-string-list");
// retrieve the old string list
GList *list = g_object_steal_qdata (object, quark_string_list);
// prepend new string
list = g_list_prepend (list, g_strdup (new_string));
// this changed 'list', so we need to set it again
g_object_set_qdata_full (object, quark_string_list, list, free_string_list);
}
static void
free_string_list (gpointer data)
{
GList *node, *list = data;
for (node = list; node; node = node->next)
g_free (node->data);
g_list_free (list);
}
Using g_object_get_qdata() in the above example, instead of
g_object_steal_qdata() would have left the destroy function set,
and thus the partial string list would have been freed upon
g_object_set_qdata_full().
A GLib.Quark, naming the user data pointer
The user data pointer set, or null
Stops a signal's emission by the given signal name. This will prevent the default handler and any subsequent signal handlers from being invoked.
Name of the signal to stop emission of
Reverts the effect of a previous call to
g_object_freeze_notify(). The freeze count is decreased on object
and when it reaches zero, queued "notify" signals are emitted.
Duplicate notifications for each property are squashed so that at most one GObject.Object::notify signal is emitted for each property, in the reverse order in which they have been queued.
It is an error to call this function when the freeze count is zero.
Convert the setting (including secrets!) into a string. For debugging purposes ONLY, should NOT be used for serialization of the setting, or machine-parsed in any way. The output format is not guaranteed to be stable and may change at any time.
an allocated string containing a textual representation of the setting's properties and values, which the caller should free with g_free()
Unblocks a handler so it will be called again during any signal emissions
Handler ID of the handler to be unblocked
Decreases the reference count of object. When its reference count
drops to 0, the object is finalized (i.e. its memory is freed).
If the pointer to the GObject.Object may be reused in future (for example, if it is
an instance variable of another object), it is recommended to clear the
pointer to null rather than retain a dangling pointer to a potentially
invalid GObject.Object instance. Use g_clear_object() for this.
Validates the setting. Each setting's properties have allowed values, and
some are dependent on other values (hence the need for connection). The
returned GLib.Error contains information about which property of the setting
failed validation, and in what way that property failed validation.
Optionalconnection: NM.Connectionthe NM.Connection that setting came from, or null if setting is being verified in isolation.
true if the setting is valid, false if it is not
Verifies the secrets in the setting. The returned GLib.Error contains information about which secret of the setting failed validation, and in what way that secret failed validation. The secret validation is done separately from main setting validation, because in some cases connection failure is not desired just for the secrets.
Optionalconnection: NM.Connectionthe NM.Connection that setting came from, or null if setting is being verified in isolation.
true if the setting secrets are valid, false if they are not
Virtualvfunc_the constructed function is called by g_object_new() as the
final step of the object creation process. At the point of the call, all
construction properties have been set on the object. The purpose of this
call is to allow for object initialisation steps that can only be performed
after construction properties have been set. constructed implementors
should chain up to the constructed call of their parent class to allow it
to complete its initialisation.
Virtualvfunc_Virtualvfunc_the dispose function is supposed to drop all references to other
objects, but keep the instance otherwise intact, so that client method
invocations still work. It may be run multiple times (due to reference
loops). Before returning, dispose should chain up to the dispose method
of the parent class.
Virtualvfunc_instance finalization function, should finish the finalization of
the instance begun in dispose and chain up to the finalize method of the
parent class.
Virtualvfunc_Virtualvfunc_Emits a "notify" signal for the property property_name on object.
When possible, eg. when signaling a property change from within the class
that registered the property, you should use g_object_notify_by_pspec()
instead.
Note that emission of the notify signal may be blocked with
g_object_freeze_notify(). In this case, the signal emissions are queued
and will be emitted (in reverse order) when g_object_thaw_notify() is
called.
Virtualvfunc_the generic setter for all properties of this type. Should be
overridden for every type with properties. If implementations of
set_property don't emit property change notification explicitly, this will
be done implicitly by the type system. However, if the notify signal is
emitted explicitly, the type system will not emit it a second time.
This function essentially limits the life time of the closure to
the life time of the object. That is, when the object is finalized,
the closure is invalidated by calling g_closure_invalidate() on
it, in order to prevent invocations of the closure with a finalized
(nonexisting) object. Also, g_object_ref() and g_object_unref() are
added as marshal guards to the closure, to ensure that an extra
reference count is held on object during invocation of the
closure. Usually, this function will be called on closures that
use this object as closure data.
GObject.Closure to watch
Static_Staticcompat_Optionaldata: anyStaticfind_Staticget_Get the type of the enum that defines the values that the property accepts. It is only
useful for properties configured to accept values from certain enum type, otherwise
it will return G_TYPE_INVALID. Note that flags (children of G_TYPE_FLAGS) are also
considered enums.
Note that the GObject property might be implemented as an integer, actually, and not as enum. Find out what underlying type is used, checking the GObject.ParamSpec, before setting the GObject property.
the GType of the NMSetting instance
the name of the property
Staticinstall_Staticinstall_the id for the new property
the GObject.ParamSpec for the new property
Staticinterface_Find the GObject.ParamSpec with the given name for an
interface. Generally, the interface vtable passed in as g_iface
will be the default vtable from g_type_default_interface_ref(), or,
if you know the interface has already been loaded,
g_type_default_interface_peek().
any interface vtable for the interface, or the default vtable for the interface
name of a property to look up.
Staticinterface_Add a property to an interface; this is only useful for interfaces
that are added to GObject-derived types. Adding a property to an
interface forces all objects classes with that interface to have a
compatible property. The compatible property could be a newly
created GObject.ParamSpec, but normally
g_object_class_override_property() will be used so that the object
class only needs to provide an implementation and inherits the
property description, default value, bounds, and so forth from the
interface property.
This function is meant to be called from the interface's default
vtable initialization function (the class_init member of
GObject.TypeInfo.) It must not be called after after class_init has
been called for any object types implementing this interface.
If pspec is a floating reference, it will be consumed.
any interface vtable for the interface, or the default vtable for the interface.
the GObject.ParamSpec for the new property
Staticinterface_Lists the properties of an interface.Generally, the interface
vtable passed in as g_iface will be the default vtable from
g_type_default_interface_ref(), or, if you know the interface has
already been loaded, g_type_default_interface_peek().
any interface vtable for the interface, or the default vtable for the interface
Staticlist_Staticlookup_Returns the GObject.GType of the setting's class for a given setting name.
a setting name
StaticnewvStaticoverride_the new property ID
the name of a property registered in a parent class or in an interface of this class.
IEEE 802.1x Authentication Settings