static NMUtilsSecurityType get_default_type_for_security (NMSettingWirelessSecurity *sec, gboolean have_ap, guint32 ap_flags, guint32 dev_caps) { const char *key_mgmt, *auth_alg; g_return_val_if_fail (sec != NULL, NMU_SEC_NONE); key_mgmt = nm_setting_wireless_security_get_key_mgmt (sec); auth_alg = nm_setting_wireless_security_get_auth_alg (sec); /* No IEEE 802.1x */ if (!strcmp (key_mgmt, "none")) return NMU_SEC_STATIC_WEP; if ( !strcmp (key_mgmt, "ieee8021x") && (!have_ap || (ap_flags & NM_802_11_AP_FLAGS_PRIVACY))) { if (auth_alg && !strcmp (auth_alg, "leap")) return NMU_SEC_LEAP; return NMU_SEC_DYNAMIC_WEP; } if ( !strcmp (key_mgmt, "wpa-none") || !strcmp (key_mgmt, "wpa-psk")) { if (!have_ap || (ap_flags & NM_802_11_AP_FLAGS_PRIVACY)) { if (find_proto (sec, "rsn")) return NMU_SEC_WPA2_PSK; else if (find_proto (sec, "wpa")) return NMU_SEC_WPA_PSK; else return NMU_SEC_WPA_PSK; } } if ( !strcmp (key_mgmt, "wpa-eap") && (!have_ap || (ap_flags & NM_802_11_AP_FLAGS_PRIVACY))) { if (find_proto (sec, "rsn")) return NMU_SEC_WPA2_ENTERPRISE; else if (find_proto (sec, "wpa")) return NMU_SEC_WPA_ENTERPRISE; else return NMU_SEC_WPA_ENTERPRISE; } return NMU_SEC_INVALID; }
struct xtables_match *load_proto(struct iptables_command_state *cs) { if (!should_load_proto(cs)) return NULL; return find_proto(cs->protocol, XTF_TRY_LOAD, cs->options & OPT_NUMERIC, &cs->matches); }
/* * Some explanations (after four different bugs in 3 different releases): If * we encounter a parameter, that has not been parsed yet, it's not an option * of an explicitly loaded match or a target. However, we support implicit * loading of the protocol match extension. '-p tcp' means 'l4 proto 6' and at * the same time 'load tcp protocol match on demand if we specify --dport'. * * To make this work, we need to make sure: * - the parameter has not been parsed by a match (m above) * - a protocol has been specified * - the protocol extension has not been loaded yet, or is loaded and unused * [think of ip6tables-restore!] * - the protocol extension can be successively loaded */ static bool should_load_proto(struct iptables_command_state *cs) { if (cs->protocol == NULL) return false; if (find_proto(cs->protocol, XTF_DONT_LOAD, cs->options & OPT_NUMERIC, NULL) == NULL) return true; return !cs->proto_used; }