From 08056d4d4f5a77e4900cc3e7ab107e6232ec81b6 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Thu, 31 Oct 2019 09:13:16 +0100 Subject: [PATCH 1/5] build/gtk4: ignore garbage before GtkBuilder xml This is fixed in git snapshot of Gtk and will need to go away at some point. --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 0db0e21c..fe109f2d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -259,7 +259,7 @@ src/libnma-gtk4/nma-resources.c: src/nma.gresource.xml $(shell $(GLIB_COMPILE_RE src/libnma-gtk4/%.ui: src/%.ui @mkdir -p $(builddir)/src/libnma-gtk4 - gtk4-builder-tool simplify --3to4 $< >$@ + gtk4-builder-tool simplify --3to4 $< |awk '/^"/dev/stderr"}' >$@ CLEANFILES += \ $(libnma_h_priv_gen) \ -- GitLab From b61cc1b9fa040013a57430962d08a5316efff665 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Tue, 22 Oct 2019 06:52:27 +0200 Subject: [PATCH 2/5] nma-ws: add This is a library based on src/wireless-security that aims to replace it, providing a public API in libnma. The wireless-security code is used by the wifi-dialog provided by libnma, nm-applet, nm-connection-editor and gnome-control-center, that should all be ported to this common library. --- Makefile.am | 63 +++- NEWS | 7 + meson.build | 1 + po/POTFILES.in | 27 ++ src/libnma.ver | 22 ++ src/meson.build | 10 +- src/nma-version.h.in | 6 + src/nma-ws/meson.build | 45 +++ src/nma-ws/nma-eap-fast.c | 438 ++++++++++++++++++++++++ src/nma-ws/nma-eap-fast.h | 20 ++ src/nma-ws/nma-eap-fast.ui | 166 +++++++++ src/nma-ws/nma-eap-leap.c | 257 ++++++++++++++ src/nma-ws/nma-eap-leap.h | 19 ++ src/nma-ws/nma-eap-leap.ui | 82 +++++ src/nma-ws/nma-eap-peap.c | 486 ++++++++++++++++++++++++++ src/nma-ws/nma-eap-peap.h | 20 ++ src/nma-ws/nma-eap-peap.ui | 195 +++++++++++ src/nma-ws/nma-eap-simple.c | 485 ++++++++++++++++++++++++++ src/nma-ws/nma-eap-simple.h | 49 +++ src/nma-ws/nma-eap-simple.ui | 141 ++++++++ src/nma-ws/nma-eap-tls.c | 497 +++++++++++++++++++++++++++ src/nma-ws/nma-eap-tls.h | 20 ++ src/nma-ws/nma-eap-tls.ui | 89 +++++ src/nma-ws/nma-eap-ttls.c | 521 ++++++++++++++++++++++++++++ src/nma-ws/nma-eap-ttls.h | 20 ++ src/nma-ws/nma-eap-ttls.ui | 148 ++++++++ src/nma-ws/nma-eap.c | 424 +++++++++++++++++++++++ src/nma-ws/nma-eap.h | 106 ++++++ src/nma-ws/nma-ws-802-1x-private.h | 37 ++ src/nma-ws/nma-ws-802-1x.c | 528 +++++++++++++++++++++++++++++ src/nma-ws/nma-ws-802-1x.h | 33 ++ src/nma-ws/nma-ws-802-1x.ui | 72 ++++ src/nma-ws/nma-ws-dynamic-wep.c | 68 ++++ src/nma-ws/nma-ws-dynamic-wep.h | 34 ++ src/nma-ws/nma-ws-helpers.c | 31 ++ src/nma-ws/nma-ws-helpers.h | 18 + src/nma-ws/nma-ws-leap.c | 293 ++++++++++++++++ src/nma-ws/nma-ws-leap.h | 32 ++ src/nma-ws/nma-ws-leap.ui | 86 +++++ src/nma-ws/nma-ws-private.h | 27 ++ src/nma-ws/nma-ws-sae.c | 285 ++++++++++++++++ src/nma-ws/nma-ws-sae.h | 30 ++ src/nma-ws/nma-ws-sae.ui | 84 +++++ src/nma-ws/nma-ws-wep-key.c | 457 +++++++++++++++++++++++++ src/nma-ws/nma-ws-wep-key.h | 35 ++ src/nma-ws/nma-ws-wep-key.ui | 161 +++++++++ src/nma-ws/nma-ws-wpa-eap.c | 70 ++++ src/nma-ws/nma-ws-wpa-eap.h | 35 ++ src/nma-ws/nma-ws-wpa-psk.c | 303 +++++++++++++++++ src/nma-ws/nma-ws-wpa-psk.h | 32 ++ src/nma-ws/nma-ws-wpa-psk.ui | 83 +++++ src/nma-ws/nma-ws.c | 141 ++++++++ src/nma-ws/nma-ws.h | 56 +++ src/nma.gresource.xml | 11 + src/wireless-security/ws-leap.ui | 2 +- 55 files changed, 7397 insertions(+), 11 deletions(-) create mode 100644 src/nma-ws/meson.build create mode 100644 src/nma-ws/nma-eap-fast.c create mode 100644 src/nma-ws/nma-eap-fast.h create mode 100644 src/nma-ws/nma-eap-fast.ui create mode 100644 src/nma-ws/nma-eap-leap.c create mode 100644 src/nma-ws/nma-eap-leap.h create mode 100644 src/nma-ws/nma-eap-leap.ui create mode 100644 src/nma-ws/nma-eap-peap.c create mode 100644 src/nma-ws/nma-eap-peap.h create mode 100644 src/nma-ws/nma-eap-peap.ui create mode 100644 src/nma-ws/nma-eap-simple.c create mode 100644 src/nma-ws/nma-eap-simple.h create mode 100644 src/nma-ws/nma-eap-simple.ui create mode 100644 src/nma-ws/nma-eap-tls.c create mode 100644 src/nma-ws/nma-eap-tls.h create mode 100644 src/nma-ws/nma-eap-tls.ui create mode 100644 src/nma-ws/nma-eap-ttls.c create mode 100644 src/nma-ws/nma-eap-ttls.h create mode 100644 src/nma-ws/nma-eap-ttls.ui create mode 100644 src/nma-ws/nma-eap.c create mode 100644 src/nma-ws/nma-eap.h create mode 100644 src/nma-ws/nma-ws-802-1x-private.h create mode 100644 src/nma-ws/nma-ws-802-1x.c create mode 100644 src/nma-ws/nma-ws-802-1x.h create mode 100644 src/nma-ws/nma-ws-802-1x.ui create mode 100644 src/nma-ws/nma-ws-dynamic-wep.c create mode 100644 src/nma-ws/nma-ws-dynamic-wep.h create mode 100644 src/nma-ws/nma-ws-helpers.c create mode 100644 src/nma-ws/nma-ws-helpers.h create mode 100644 src/nma-ws/nma-ws-leap.c create mode 100644 src/nma-ws/nma-ws-leap.h create mode 100644 src/nma-ws/nma-ws-leap.ui create mode 100644 src/nma-ws/nma-ws-private.h create mode 100644 src/nma-ws/nma-ws-sae.c create mode 100644 src/nma-ws/nma-ws-sae.h create mode 100644 src/nma-ws/nma-ws-sae.ui create mode 100644 src/nma-ws/nma-ws-wep-key.c create mode 100644 src/nma-ws/nma-ws-wep-key.h create mode 100644 src/nma-ws/nma-ws-wep-key.ui create mode 100644 src/nma-ws/nma-ws-wpa-eap.c create mode 100644 src/nma-ws/nma-ws-wpa-eap.h create mode 100644 src/nma-ws/nma-ws-wpa-psk.c create mode 100644 src/nma-ws/nma-ws-wpa-psk.h create mode 100644 src/nma-ws/nma-ws-wpa-psk.ui create mode 100644 src/nma-ws/nma-ws.c create mode 100644 src/nma-ws/nma-ws.h diff --git a/Makefile.am b/Makefile.am index fe109f2d..bb54e55b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -253,12 +253,12 @@ src/nma-resources.c: src/nma.gresource.xml $(shell $(GLIB_COMPILE_RESOURCES) --s $(AM_V_GEN) $(GLIB_COMPILE_RESOURCES) $< --target=$@ --sourcedir=$(srcdir)/src --generate-source --internal src/libnma-gtk4/nma-resources.c: src/nma.gresource.xml $(shell $(GLIB_COMPILE_RESOURCES) --generate-dependencies $(srcdir)/src/nma.gresource.xml |sed "s,^,$(builddir)/src/libnma-gtk4/,") - @mkdir -p $(builddir)/src/libnma-gtk4 + @mkdir -p $(builddir)/src/libnma-gtk4 $(builddir)/src/libnma-gtk4/nma-ws $(AM_V_GEN) $(GLIB_COMPILE_RESOURCES) $< --target=$@ --sourcedir=$(builddir)/src/libnma-gtk4 --generate-source --internal src/libnma-gtk4/%.ui: src/%.ui - @mkdir -p $(builddir)/src/libnma-gtk4 + @mkdir -p $(builddir)/src/libnma-gtk4 $(builddir)/src/libnma-gtk4/nma-ws gtk4-builder-tool simplify --3to4 $< |awk '/^"/dev/stderr"}' >$@ CLEANFILES += \ @@ -284,7 +284,16 @@ libnma_h_pub = \ src/nma-ui-utils.h \ src/nma-cert-chooser.h \ src/nma-bar-code-widget.h \ - src/nma-bar-code.h + src/nma-bar-code.h \ + \ + src/nma-ws/nma-ws-802-1x.h \ + src/nma-ws/nma-ws-dynamic-wep.h \ + src/nma-ws/nma-ws.h \ + src/nma-ws/nma-ws-leap.h \ + src/nma-ws/nma-ws-sae.h \ + src/nma-ws/nma-ws-wep-key.h \ + src/nma-ws/nma-ws-wpa-eap.h \ + src/nma-ws/nma-ws-wpa-psk.h libnma_c_real = \ src/nma-wifi-dialog.c \ @@ -296,7 +305,24 @@ libnma_c_real = \ src/nma-cert-chooser.c \ src/nma-file-cert-chooser.c \ src/nma-bar-code-widget.c \ - src/nma-bar-code.c + src/nma-bar-code.c \ + \ + src/nma-ws/nma-eap.c \ + src/nma-ws/nma-eap-fast.c \ + src/nma-ws/nma-eap-leap.c \ + src/nma-ws/nma-eap-peap.c \ + src/nma-ws/nma-eap-simple.c \ + src/nma-ws/nma-eap-tls.c \ + src/nma-ws/nma-eap-ttls.c \ + src/nma-ws/nma-ws-802-1x.c \ + src/nma-ws/nma-ws.c \ + src/nma-ws/nma-ws-dynamic-wep.c \ + src/nma-ws/nma-ws-helpers.c \ + src/nma-ws/nma-ws-leap.c \ + src/nma-ws/nma-ws-sae.c \ + src/nma-ws/nma-ws-wep-key.c \ + src/nma-ws/nma-ws-wpa-eap.c \ + src/nma-ws/nma-ws-wpa-psk.c EXTRA_DIST += \ src/qrcodegen.c \ @@ -304,7 +330,17 @@ EXTRA_DIST += \ libnma_h_priv_real = \ src/nma-cert-chooser-private.h \ - src/nma-private.h + src/nma-private.h \ + src/nma-ws/nma-ws-private.h \ + src/nma-ws/nma-ws-802-1x-private.h \ + src/nma-ws/nma-eap.h \ + src/nma-ws/nma-eap-tls.h \ + src/nma-ws/nma-eap-leap.h \ + src/nma-ws/nma-eap-fast.h \ + src/nma-ws/nma-eap-ttls.h \ + src/nma-ws/nma-eap-peap.h \ + src/nma-ws/nma-eap-simple.h \ + src/nma-ws/nma-ws-helpers.h libnma_h_priv_gcr = \ src/nma-pkcs11-token-login-dialog.h \ @@ -545,6 +581,7 @@ src_libnma_gtk4_la_CFLAGS = \ "-I$(srcdir)/shared" \ "-I$(srcdir)/src/utils" \ "-I$(srcdir)/src/wireless-security" \ + "-I$(srcdir)/src/nma-ws" \ "-I$(srcdir)/src" \ -Isrc \ $(GTK4_CFLAGS) \ @@ -747,7 +784,20 @@ EXTRA_DIST += \ src/nma-vpn-password-dialog.ui \ src/nma.gresource.xml \ src/meson.build \ - src/tests/meson.build + src/tests/meson.build \ + \ + src/nma-ws/nma-eap-fast.ui \ + src/nma-ws/nma-eap-leap.ui \ + src/nma-ws/nma-eap-peap.ui \ + src/nma-ws/nma-eap-simple.ui \ + src/nma-ws/nma-eap-tls.ui \ + src/nma-ws/nma-eap-ttls.ui \ + src/nma-ws/nma-ws-802-1x.ui \ + src/nma-ws/nma-ws-leap.ui \ + src/nma-ws/nma-ws-sae.ui \ + src/nma-ws/nma-ws-wep-key.ui \ + src/nma-ws/nma-ws-wpa-psk.ui \ + src/nma-ws/meson.build ############################################################################### @@ -792,6 +842,7 @@ IGNORE_HFILES = \ nma-pkcs11-token-login-dialog.h \ nma-pkcs11-cert-chooser-dialog.h \ nma-cert-chooser-button.h \ + nma-eap.h \ eap-method.h \ wireless-security.h diff --git a/NEWS b/NEWS index 969f0e20..6bfc9876 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,10 @@ +======================================================= +libnma-1.8.28 +Overview of changes since network-manager-applet-1.8.26 +======================================================= + +* Turned the wireless-security library to a public API + ======================================================= libnma-1.8.26 Overview of changes since network-manager-applet-1.8.24 diff --git a/meson.build b/meson.build index 75214c41..41724fa8 100644 --- a/meson.build +++ b/meson.build @@ -312,6 +312,7 @@ if enable_gtk_doc 'nma-resources.h', 'nma-private.h', 'nma-version.h', + 'nma-eap.h', 'eap-method.h', 'wireless-security.h', ] diff --git a/po/POTFILES.in b/po/POTFILES.in index 67777098..87c2a3de 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -17,6 +17,33 @@ src/nma-ui-utils.c src/nma-vpn-password-dialog.c src/nma-vpn-password-dialog.ui src/nma-wifi-dialog.c +src/nma-ws/nma-eap.c +src/nma-ws/nma-eap-fast.c +src/nma-ws/nma-eap-fast.ui +src/nma-ws/nma-eap-leap.c +src/nma-ws/nma-eap-leap.ui +src/nma-ws/nma-eap-peap.c +src/nma-ws/nma-eap-peap.ui +src/nma-ws/nma-eap-simple.c +src/nma-ws/nma-eap-simple.ui +src/nma-ws/nma-eap-tls.c +src/nma-ws/nma-eap-tls.ui +src/nma-ws/nma-eap-ttls.c +src/nma-ws/nma-eap-ttls.ui +src/nma-ws/nma-ws-802-1x.c +src/nma-ws/nma-ws-802-1x.ui +src/nma-ws/nma-ws.c +src/nma-ws/nma-ws-dynamic-wep.c +src/nma-ws/nma-ws-helpers.c +src/nma-ws/nma-ws-leap.c +src/nma-ws/nma-ws-leap.ui +src/nma-ws/nma-ws-sae.c +src/nma-ws/nma-ws-sae.ui +src/nma-ws/nma-ws-wep-key.c +src/nma-ws/nma-ws-wep-key.ui +src/nma-ws/nma-ws-wpa-eap.c +src/nma-ws/nma-ws-wpa-psk.c +src/nma-ws/nma-ws-wpa-psk.ui src/wifi.ui src/utils/utils.c src/wireless-security/eap-method.c diff --git a/src/libnma.ver b/src/libnma.ver index 9b263d9c..3e444d44 100644 --- a/src/libnma.ver +++ b/src/libnma.ver @@ -112,3 +112,25 @@ libnma_1_8_22 { nma_bar_code_widget_get_type; nma_bar_code_widget_new; } libnma_1_8_12; + +libnma_1_8_28 { + nma_ws_802_1x_get_type; + nma_ws_802_1x_new; + nma_ws_add_to_size_group; + nma_ws_adhoc_compatible; + nma_ws_dynamic_wep_get_type; + nma_ws_dynamic_wep_new; + nma_ws_fill_connection; + nma_ws_get_type; + nma_ws_leap_get_type; + nma_ws_leap_new; + nma_ws_sae_get_type; + nma_ws_sae_new; + nma_ws_validate; + nma_ws_wep_key_get_type; + nma_ws_wep_key_new; + nma_ws_wpa_eap_get_type; + nma_ws_wpa_eap_new; + nma_ws_wpa_psk_get_type; + nma_ws_wpa_psk_new; +} libnma_1_8_22; diff --git a/src/meson.build b/src/meson.build index d1dbeb54..58948758 100644 --- a/src/meson.build +++ b/src/meson.build @@ -16,6 +16,7 @@ version_header = configure_file( subdir('utils') subdir('wireless-security') +subdir('nma-ws') cert_chooser_headers = files('nma-cert-chooser.h') @@ -24,7 +25,7 @@ cert_chooser_sources = files( 'nma-file-cert-chooser.c' ) -resource_data = files( +resource_data = nma_ws_resource_data + files( 'nma-bar-code-widget.ui', 'nma-mobile-wizard.ui', 'nma-pkcs11-cert-chooser-dialog.ui', @@ -39,7 +40,7 @@ built_sources = gnome.compile_resources( dependencies: resource_data ) -gir_headers = cert_chooser_headers + files( +gir_headers = cert_chooser_headers + nma_ws_headers + files( 'nma-bar-code-widget.h', 'nma-bar-code.h', 'nma-mobile-providers.h', @@ -54,7 +55,7 @@ install_headers( subdir: 'libnma' ) -gir_sources = [version_header] + cert_chooser_sources + files( +gir_sources = [version_header] + cert_chooser_sources + nma_ws_sources + files( 'init.c', 'nma-bar-code-widget.c', 'nma-bar-code.c', @@ -69,7 +70,8 @@ incs = [ top_inc, shared_inc, src_inc, - wireless_security_inc + wireless_security_inc, + nma_ws_inc, ] deps = [ diff --git a/src/nma-version.h.in b/src/nma-version.h.in index cd9f2d57..1ba9382e 100644 --- a/src/nma-version.h.in +++ b/src/nma-version.h.in @@ -118,4 +118,10 @@ # define NMA_AVAILABLE_IN_1_8_22 #endif +#if NMA_VERSION_MAX_ALLOWED < NMA_VERSION_1_8_28 +# define NMA_AVAILABLE_IN_1_8_28 G_UNAVAILABLE(1.8,28) +#else +# define NMA_AVAILABLE_IN_1_8_28 +#endif + #endif /* NMA_VERSION_H */ diff --git a/src/nma-ws/meson.build b/src/nma-ws/meson.build new file mode 100644 index 00000000..7b94d4be --- /dev/null +++ b/src/nma-ws/meson.build @@ -0,0 +1,45 @@ +nma_ws_inc = include_directories('.') + +nma_ws_resource_data = files( + 'nma-eap-fast.ui', + 'nma-eap-leap.ui', + 'nma-eap-peap.ui', + 'nma-eap-simple.ui', + 'nma-eap-tls.ui', + 'nma-eap-ttls.ui', + 'nma-ws-802-1x.ui', + 'nma-ws-leap.ui', + 'nma-ws-sae.ui', + 'nma-ws-wep-key.ui', + 'nma-ws-wpa-psk.ui', +) + +nma_ws_headers = files( + 'nma-ws-802-1x.h', + 'nma-ws-dynamic-wep.h', + 'nma-ws.h', + 'nma-ws-leap.h', + 'nma-ws-sae.h', + 'nma-ws-wep-key.h', + 'nma-ws-wpa-eap.h', + 'nma-ws-wpa-psk.h', +) + +nma_ws_sources = files( + 'nma-eap.c', + 'nma-eap-fast.c', + 'nma-eap-leap.c', + 'nma-eap-peap.c', + 'nma-eap-simple.c', + 'nma-eap-tls.c', + 'nma-eap-ttls.c', + 'nma-ws-802-1x.c', + 'nma-ws.c', + 'nma-ws-dynamic-wep.c', + 'nma-ws-helpers.c', + 'nma-ws-leap.c', + 'nma-ws-sae.c', + 'nma-ws-wep-key.c', + 'nma-ws-wpa-eap.c', + 'nma-ws-wpa-psk.c', +) diff --git a/src/nma-ws/nma-eap-fast.c b/src/nma-ws/nma-eap-fast.c new file mode 100644 index 00000000..c3b3e42a --- /dev/null +++ b/src/nma-ws/nma-eap-fast.c @@ -0,0 +1,438 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * EAP-FAST authentication method (RFC4851) + * + * Copyright 2012 - 2019 Red Hat, Inc. + */ + +#include "nm-default.h" +#include "nma-private.h" + +#include +#include + +#include "nma-eap.h" +#include "nma-ws.h" +#include "nma-ws-private.h" +#include "utils.h" + +#define I_NAME_COLUMN 0 +#define I_METHOD_COLUMN 1 + +struct _NMAEapFast { + NMAEap parent; + + const char *password_flags_name; + GtkSizeGroup *size_group; + NMAWs8021x *ws_8021x; + gboolean is_editor; +}; + +static void +destroy (NMAEap *parent) +{ + NMAEapFast *method = (NMAEapFast *) parent; + + if (method->size_group) + g_object_unref (method->size_group); +} + +static gboolean +validate (NMAEap *parent, GError **error) +{ + GtkWidget *widget; + GtkTreeModel *model; + GtkTreeIter iter; + NMAEap *eap = NULL; + const char *file; + gboolean provisioning; + gboolean valid = TRUE; + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_checkbutton")); + g_assert (widget); + provisioning = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_button")); + g_assert (widget); + file = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); + if (!provisioning && !file) { + widget_set_error (widget); + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP-FAST PAC file")); + valid = FALSE; + } else + widget_unset_error (widget); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_combo")); + g_assert (widget); + model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); + gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); + g_assert (eap); + valid = nma_eap_validate (eap, valid ? error : NULL) && valid; + nma_eap_unref (eap); + return valid; +} + +static void +add_to_size_group (NMAEap *parent, GtkSizeGroup *group) +{ + NMAEapFast *method = (NMAEapFast *) parent; + GtkWidget *widget; + GtkTreeModel *model; + GtkTreeIter iter; + NMAEap *eap; + + if (method->size_group) + g_object_unref (method->size_group); + method->size_group = g_object_ref (group); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_anon_identity_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_checkbutton")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_combo")); + g_assert (widget); + + model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); + gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); + g_assert (eap); + nma_eap_add_to_size_group (eap, group); + nma_eap_unref (eap); +} + +static void +fill_connection (NMAEap *parent, NMConnection *connection) +{ + NMSetting8021x *s_8021x; + GtkWidget *widget; + const char *text; + char *filename; + NMAEap *eap = NULL; + GtkTreeModel *model; + GtkTreeIter iter; + gboolean enabled; + int pac_provisioning = 0; + + s_8021x = nm_connection_get_setting_802_1x (connection); + g_assert (s_8021x); + + nm_setting_802_1x_add_eap_method (s_8021x, "fast"); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_anon_identity_entry")); + g_assert (widget); + text = gtk_editable_get_text (GTK_EDITABLE (widget)); + if (text && strlen (text)) + g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_button")); + g_assert (widget); + filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); + g_object_set (s_8021x, NM_SETTING_802_1X_PAC_FILE, filename, NULL); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_checkbutton")); + enabled = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)); + + if (!enabled) + g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING, "0", NULL); + else { + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_combo")); + pac_provisioning = gtk_combo_box_get_active (GTK_COMBO_BOX (widget)); + + switch (pac_provisioning) { + case 0: /* Anonymous */ + g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING, "1", NULL); + break; + case 1: /* Authenticated */ + g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING, "2", NULL); + break; + case 2: /* Both - anonymous and authenticated */ + g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING, "3", NULL); + break; + default: /* Should not happen */ + g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING, "1", NULL); + break; + } + } + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_combo")); + model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); + gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); + g_assert (eap); + + nma_eap_fill_connection (eap, connection); + nma_eap_unref (eap); +} + +static void +inner_auth_combo_changed_cb (GtkWidget *combo, gpointer user_data) +{ + NMAEap *parent = (NMAEap *) user_data; + NMAEapFast *method = (NMAEapFast *) parent; + GtkWidget *vbox; + NMAEap *eap = NULL; + GList *elt, *children; + GtkTreeModel *model; + GtkTreeIter iter; + GtkWidget *eap_widget; + + vbox = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_vbox")); + g_assert (vbox); + + /* Remove any previous wireless security widgets */ + children = gtk_container_get_children (GTK_CONTAINER (vbox)); + for (elt = children; elt; elt = g_list_next (elt)) + gtk_container_remove (GTK_CONTAINER (vbox), GTK_WIDGET (elt->data)); + g_list_free (children); + + model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (combo), &iter); + gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); + g_assert (eap); + + eap_widget = nma_eap_get_widget (eap); + g_assert (eap_widget); + gtk_widget_unparent (eap_widget); + + if (method->size_group) + nma_eap_add_to_size_group (eap, method->size_group); + gtk_container_add (GTK_CONTAINER (vbox), eap_widget); + + nma_eap_unref (eap); + + nma_ws_changed_cb (combo, method->ws_8021x); +} + +static GtkWidget * +inner_auth_combo_init (NMAEapFast *method, + NMConnection *connection, + NMSetting8021x *s_8021x, + gboolean secrets_only) +{ + NMAEap *parent = (NMAEap *) method; + GtkWidget *combo; + GtkListStore *auth_model; + GtkTreeIter iter; + NMAEapSimple *em_gtc; + NMAEapSimple *em_mschap_v2; + guint32 active = 0; + const char *phase2_auth = NULL; + NMAEapSimpleFlags simple_flags; + + auth_model = gtk_list_store_new (2, G_TYPE_STRING, nma_eap_get_type ()); + + if (s_8021x) { + if (nm_setting_802_1x_get_phase2_auth (s_8021x)) + phase2_auth = nm_setting_802_1x_get_phase2_auth (s_8021x); + else if (nm_setting_802_1x_get_phase2_autheap (s_8021x)) + phase2_auth = nm_setting_802_1x_get_phase2_autheap (s_8021x); + } + + simple_flags = NMA_EAP_SIMPLE_FLAG_PHASE2; + if (method->is_editor) + simple_flags |= NMA_EAP_SIMPLE_FLAG_IS_EDITOR; + if (secrets_only) + simple_flags |= NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY; + + em_gtc = nma_eap_simple_new (method->ws_8021x, + connection, + NMA_EAP_SIMPLE_TYPE_GTC, + simple_flags, + NULL); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + I_NAME_COLUMN, _("GTC"), + I_METHOD_COLUMN, em_gtc, + -1); + nma_eap_unref (NMA_EAP (em_gtc)); + + /* Check for defaulting to GTC */ + if (phase2_auth && !strcasecmp (phase2_auth, "gtc")) + active = 0; + + em_mschap_v2 = nma_eap_simple_new (method->ws_8021x, + connection, + NMA_EAP_SIMPLE_TYPE_MSCHAP_V2, + simple_flags, + NULL); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + I_NAME_COLUMN, _("MSCHAPv2"), + I_METHOD_COLUMN, em_mschap_v2, + -1); + nma_eap_unref (NMA_EAP (em_mschap_v2)); + + /* Check for defaulting to MSCHAPv2 */ + if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2")) + active = 1; + + combo = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_combo")); + g_assert (combo); + + gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (auth_model)); + g_object_unref (G_OBJECT (auth_model)); + gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active); + + g_signal_connect (G_OBJECT (combo), "changed", + (GCallback) inner_auth_combo_changed_cb, + method); + return combo; +} + +static void +update_secrets (NMAEap *parent, NMConnection *connection) +{ + nma_eap_phase2_update_secrets_helper (parent, + connection, + "eap_fast_inner_auth_combo", + I_METHOD_COLUMN); +} + +static void +pac_toggled_cb (GtkWidget *widget, gpointer user_data) +{ + NMAEap *parent = (NMAEap *) user_data; + NMAEapFast *method = (NMAEapFast *) parent; + gboolean enabled = FALSE; + GtkWidget *provision_combo; + + provision_combo = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_combo")); + g_return_if_fail (provision_combo); + + enabled = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)); + + gtk_widget_set_sensitive (provision_combo, enabled); + + nma_ws_changed_cb (widget, method->ws_8021x); +} + +NMAEapFast * +nma_eap_fast_new (NMAWs8021x *ws_8021x, + NMConnection *connection, + gboolean is_editor, + gboolean secrets_only) +{ + NMAEap *parent; + NMAEapFast *method; + GtkWidget *widget; + GtkFileFilter *filter; + NMSetting8021x *s_8021x = NULL; + const char *filename; + gboolean provisioning_enabled = TRUE; + + parent = nma_eap_init (sizeof (NMAEapFast), + validate, + add_to_size_group, + fill_connection, + update_secrets, + destroy, + "/org/gnome/libnma/nma-eap-fast.ui", + "eap_fast_grid", + "eap_fast_anon_identity_entry", + FALSE); + if (!parent) + return NULL; + + method = (NMAEapFast *) parent; + method->password_flags_name = NM_SETTING_802_1X_PASSWORD; + method->ws_8021x = ws_8021x; + method->is_editor = is_editor; + + if (connection) + s_8021x = nm_connection_get_setting_802_1x (connection); + + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_combo")); + g_assert (widget); + gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0); + if (s_8021x) { + const char *fast_prov; + + fast_prov = nm_setting_802_1x_get_phase1_fast_provisioning (s_8021x); + if (fast_prov) { + if (!strcmp (fast_prov, "0")) + provisioning_enabled = FALSE; + else if (!strcmp (fast_prov, "1")) + gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0); + else if (!strcmp (fast_prov, "2")) + gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1); + else if (!strcmp (fast_prov, "3")) + gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 2); + } + } + gtk_widget_set_sensitive (widget, provisioning_enabled); + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) nma_ws_changed_cb, + ws_8021x); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_checkbutton")); + gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), provisioning_enabled); + g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (pac_toggled_cb), parent); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_anon_identity_entry")); + if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x)) + gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x)); + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) nma_ws_changed_cb, + ws_8021x); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_button")); + g_assert (widget); + gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE); + gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget), + _("Choose a PAC file")); + g_signal_connect (G_OBJECT (widget), "selection-changed", + (GCallback) nma_ws_changed_cb, + ws_8021x); + + filter = gtk_file_filter_new (); + gtk_file_filter_add_pattern (filter, "*.pac"); + gtk_file_filter_set_name (filter, _("PAC files (*.pac)")); + gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter); + filter = gtk_file_filter_new (); + gtk_file_filter_add_pattern (filter, "*"); + gtk_file_filter_set_name (filter, _("All files")); + gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter); + + if (connection && s_8021x) { + filename = nm_setting_802_1x_get_pac_file (s_8021x); + if (filename) + gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename); + } + + widget = inner_auth_combo_init (method, connection, s_8021x, secrets_only); + inner_auth_combo_changed_cb (widget, (gpointer) method); + + if (secrets_only) { + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_anon_identity_label")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_anon_identity_entry")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_checkbutton")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_combo")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_label")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_button")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_label")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_combo")); + gtk_widget_hide (widget); + } + + return method; +} diff --git a/src/nma-ws/nma-eap-fast.h b/src/nma-ws/nma-eap-fast.h new file mode 100644 index 00000000..a63d9707 --- /dev/null +++ b/src/nma-ws/nma-eap-fast.h @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * EAP-FAST authentication method (RFC4851) + * + * Copyright 2012 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_EAP_FAST_H +#define NMA_EAP_FAST_H + +#include "nma-ws.h" + +typedef struct _NMAEapFast NMAEapFast; + +NMAEapFast *nma_eap_fast_new (NMAWs8021x *ws_8021x, + NMConnection *connection, + gboolean is_editor, + gboolean secrets_only); + +#endif /* NMA_EAP_FAST_H */ diff --git a/src/nma-ws/nma-eap-fast.ui b/src/nma-ws/nma-eap-fast.ui new file mode 100644 index 00000000..261206b5 --- /dev/null +++ b/src/nma-ws/nma-eap-fast.ui @@ -0,0 +1,166 @@ + + + + + + + + + + + + + + + + + + + + + + + Anonymous + + + Authenticated + + + Both + + + + + True + False + 6 + 6 + + + True + False + Anony_mous identity + True + eap_fast_anon_identity_entry + 1 + + + 0 + 0 + + + + + True + True + True + True + + + 1 + 0 + + + + + True + False + PAC _file + True + eap_fast_pac_file_button + 1 + + + 0 + 2 + + + + + True + False + + + 1 + 2 + + + + + True + False + vertical + + + + + + 0 + 4 + 2 + + + + + True + False + _Inner authentication + True + eap_fast_inner_auth_combo + 1 + + + 0 + 3 + + + + + True + False + model8 + + + + 0 + + + + + 1 + 3 + + + + + Allow automatic PAC pro_visioning + True + True + False + True + True + + + 0 + 1 + + + + + True + False + model9 + + + + 0 + + + + + 1 + 1 + + + + diff --git a/src/nma-ws/nma-eap-leap.c b/src/nma-ws/nma-eap-leap.c new file mode 100644 index 00000000..d0929efc --- /dev/null +++ b/src/nma-ws/nma-eap-leap.c @@ -0,0 +1,257 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#include "nm-default.h" +#include "nma-private.h" + +#include +#include + +#include "nma-eap.h" +#include "nma-ws.h" +#include "nma-ws-private.h" +#include "nma-ws-helpers.h" +#include "nma-ws-802-1x.h" +#include "nma-ws-802-1x-private.h" +#include "nma-ui-utils.h" +#include "utils.h" + +struct _NMAEapLeap { + NMAEap parent; + + NMAWs8021x *ws_8021x; + + gboolean editing_connection; + + const char *password_flags_name; + GtkEntry *username_entry; + GtkEntry *password_entry; + GtkToggleButton *show_password; +}; + +static void +show_toggled_cb (GtkToggleButton *button, NMAEapLeap *method) +{ + gboolean visible; + + visible = gtk_toggle_button_get_active (button); + gtk_entry_set_visibility (method->password_entry, visible); +} + +static gboolean +validate (NMAEap *parent, GError **error) +{ + NMAEapLeap *method = (NMAEapLeap *)parent; + const char *text; + gboolean ret = TRUE; + + text = gtk_editable_get_text (GTK_EDITABLE (method->username_entry)); + if (!text || !strlen (text)) { + widget_set_error (GTK_WIDGET (method->username_entry)); + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP-LEAP username")); + ret = FALSE; + } else + widget_unset_error (GTK_WIDGET (method->username_entry)); + + text = gtk_editable_get_text (GTK_EDITABLE (method->password_entry)); + if (!text || !strlen (text)) { + widget_set_error (GTK_WIDGET (method->password_entry)); + if (ret) { + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP-LEAP password")); + ret = FALSE; + } + } else + widget_unset_error (GTK_WIDGET (method->password_entry)); + + return ret; +} + +static void +add_to_size_group (NMAEap *parent, GtkSizeGroup *group) +{ + GtkWidget *widget; + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_username_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_password_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); +} + +static void +fill_connection (NMAEap *parent, NMConnection *connection) +{ + NMAEapLeap *method = (NMAEapLeap *) parent; + NMSetting8021x *s_8021x; + NMSettingSecretFlags secret_flags; + GtkWidget *passwd_entry; + + s_8021x = nm_connection_get_setting_802_1x (connection); + g_assert (s_8021x); + + nm_setting_802_1x_add_eap_method (s_8021x, "leap"); + + g_object_set (s_8021x, + NM_SETTING_802_1X_IDENTITY, gtk_editable_get_text (GTK_EDITABLE (method->username_entry)), + NM_SETTING_802_1X_PASSWORD, gtk_editable_get_text (GTK_EDITABLE (method->password_entry)), + NULL); + + passwd_entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_password_entry")); + g_assert (passwd_entry); + + /* Save 802.1X password flags to the connection */ + secret_flags = nma_utils_menu_to_secret_flags (passwd_entry); + nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->password_flags_name, + secret_flags, NULL); + + /* Update secret flags and popup when editing the connection */ + if (method->editing_connection) + nma_utils_update_password_storage (passwd_entry, secret_flags, + NM_SETTING (s_8021x), method->password_flags_name); +} + +static void +update_secrets (NMAEap *parent, NMConnection *connection) +{ + nma_ws_helper_fill_secret_entry (connection, + GTK_EDITABLE (gtk_builder_get_object (parent->builder, "eap_leap_password_entry")), + NM_TYPE_SETTING_802_1X, + (HelperSecretFunc) nm_setting_802_1x_get_password); +} + +/* Set the UI fields for user, password and show_password to the + * values as provided by method->ws_8021x. */ +static void +set_userpass_ui (NMAEapLeap *method) +{ + if (method->ws_8021x->username) { + gtk_editable_set_text (GTK_EDITABLE (method->username_entry), + method->ws_8021x->username); + } else { + gtk_editable_set_text (GTK_EDITABLE (method->username_entry), ""); + } + + if (method->ws_8021x->password && !method->ws_8021x->always_ask) { + gtk_editable_set_text (GTK_EDITABLE (method->password_entry), + method->ws_8021x->password); + } else { + gtk_editable_set_text (GTK_EDITABLE (method->password_entry), ""); + } + + gtk_toggle_button_set_active (method->show_password, method->ws_8021x->show_password); +} + +static void +widgets_realized (GtkWidget *widget, NMAEapLeap *method) +{ + set_userpass_ui (method); +} + +static void +widgets_unrealized (GtkWidget *widget, NMAEapLeap *method) +{ + nma_ws_802_1x_set_userpass (method->ws_8021x, + gtk_editable_get_text (GTK_EDITABLE (method->username_entry)), + gtk_editable_get_text (GTK_EDITABLE (method->password_entry)), + (gboolean) -1, + gtk_toggle_button_get_active (method->show_password)); +} + +static void +destroy (NMAEap *parent) +{ + NMAEapLeap *method = (NMAEapLeap *) parent; + GtkWidget *widget; + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_grid")); + g_assert (widget); + g_signal_handlers_disconnect_by_data (widget, method); + + g_signal_handlers_disconnect_by_data (method->username_entry, method->ws_8021x); + g_signal_handlers_disconnect_by_data (method->password_entry, method->ws_8021x); + g_signal_handlers_disconnect_by_data (method->show_password, method); +} + +NMAEapLeap * +nma_eap_leap_new (NMAWs8021x *ws_8021x, + NMConnection *connection, + gboolean secrets_only) +{ + NMAEapLeap *method; + NMAEap *parent; + GtkWidget *widget; + NMSetting8021x *s_8021x = NULL; + + parent = nma_eap_init (sizeof (NMAEapLeap), + validate, + add_to_size_group, + fill_connection, + update_secrets, + destroy, + "/org/gnome/libnma/nma-eap-leap.ui", + "eap_leap_grid", + "eap_leap_username_entry", + FALSE); + if (!parent) + return NULL; + + method = (NMAEapLeap *) parent; + method->password_flags_name = NM_SETTING_802_1X_PASSWORD; + method->editing_connection = secrets_only ? FALSE : TRUE; + method->ws_8021x = ws_8021x; + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_grid")); + g_assert (widget); + g_signal_connect (G_OBJECT (widget), "realize", + (GCallback) widgets_realized, + method); + g_signal_connect (G_OBJECT (widget), "unrealize", + (GCallback) widgets_unrealized, + method); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_username_entry")); + g_assert (widget); + method->username_entry = GTK_ENTRY (widget); + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) nma_ws_changed_cb, + ws_8021x); + + if (secrets_only) + gtk_widget_set_sensitive (widget, FALSE); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_password_entry")); + g_assert (widget); + method->password_entry = GTK_ENTRY (widget); + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) nma_ws_changed_cb, + ws_8021x); + + /* Create password-storage popup menu for password entry under entry's secondary icon */ + if (connection) + s_8021x = nm_connection_get_setting_802_1x (connection); + nma_utils_setup_password_storage (widget, 0, (NMSetting *) s_8021x, method->password_flags_name, + FALSE, secrets_only); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_eapleap")); + g_assert (widget); + method->show_password = GTK_TOGGLE_BUTTON (widget); + g_signal_connect (G_OBJECT (widget), "toggled", + (GCallback) show_toggled_cb, + parent); + + /* Initialize the UI fields with the security settings from method->ws_8021x. + * This will be done again when the widget gets realized. It must be done here as well, + * because the outer dialog will ask to 'validate' the connection before the security tab + * is shown/realized (to enable the 'Apply' button). + * As 'validate' accesses the contents of the UI fields, they must be initialized now, even + * if the widgets are not yet visible. */ + set_userpass_ui (method); + + return method; +} diff --git a/src/nma-ws/nma-eap-leap.h b/src/nma-ws/nma-eap-leap.h new file mode 100644 index 00000000..c75aa56a --- /dev/null +++ b/src/nma-ws/nma-eap-leap.h @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_EAP_LEAP_H +#define NMA_EAP_LEAP_H + +#include "nma-ws.h" + +typedef struct _NMAEapLeap NMAEapLeap; + +NMAEapLeap *nma_eap_leap_new (NMAWs8021x *ws_8021x, + NMConnection *connection, + gboolean secrets_only); + +#endif /* NMA_EAP_LEAP_H */ diff --git a/src/nma-ws/nma-eap-leap.ui b/src/nma-ws/nma-eap-leap.ui new file mode 100644 index 00000000..1794ada2 --- /dev/null +++ b/src/nma-ws/nma-eap-leap.ui @@ -0,0 +1,82 @@ + + + + + + True + False + start + 6 + 6 + + + True + False + _Username + True + eap_leap_username_entry + 1 + + + 0 + 0 + + + + + True + False + _Password + True + eap_leap_password_entry + 1 + + + 0 + 1 + + + + + True + True + True + False + True + + + 1 + 1 + + + + + Sho_w password + True + True + False + True + True + True + + + 1 + 2 + + + + + True + True + True + + + 1 + 0 + + + + + + + diff --git a/src/nma-ws/nma-eap-peap.c b/src/nma-ws/nma-eap-peap.c new file mode 100644 index 00000000..3f96c46d --- /dev/null +++ b/src/nma-ws/nma-eap-peap.c @@ -0,0 +1,486 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#include "nm-default.h" +#include "nma-private.h" + +#include +#include + +#include "nma-eap.h" +#include "nma-ws.h" +#include "nma-ws-private.h" +#include "nma-cert-chooser.h" +#include "utils.h" + +#define I_NAME_COLUMN 0 +#define I_METHOD_COLUMN 1 + +struct _NMAEapPeap { + NMAEap parent; + + const char *password_flags_name; + GtkSizeGroup *size_group; + NMAWs8021x *ws_8021x; + gboolean is_editor; + GtkWidget *ca_cert_chooser; +}; + +static void +destroy (NMAEap *parent) +{ + NMAEapPeap *method = (NMAEapPeap *) parent; + + if (method->size_group) + g_object_unref (method->size_group); +} + +static gboolean +validate (NMAEap *parent, GError **error) +{ + NMAEapPeap *method = (NMAEapPeap *) parent; + GtkWidget *widget; + GtkTreeModel *model; + GtkTreeIter iter; + NMAEap *eap = NULL; + gboolean valid = FALSE; + + if ( gtk_widget_get_sensitive (method->ca_cert_chooser) + && !nma_cert_chooser_validate (NMA_CERT_CHOOSER (method->ca_cert_chooser), error)) + return FALSE; + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo")); + g_assert (widget); + + model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); + gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); + g_assert (eap); + valid = nma_eap_validate (eap, error); + nma_eap_unref (eap); + return valid; +} + +static void +ca_cert_not_required_toggled (GtkWidget *button, gpointer user_data) +{ + NMAEapPeap *method = (NMAEapPeap *) user_data; + + gtk_widget_set_sensitive (method->ca_cert_chooser, + !gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button))); +} + +static void +add_to_size_group (NMAEap *parent, GtkSizeGroup *group) +{ + NMAEapPeap *method = (NMAEapPeap *) parent; + GtkWidget *widget; + GtkTreeModel *model; + GtkTreeIter iter; + NMAEap *eap; + + if (method->size_group) + g_object_unref (method->size_group); + method->size_group = g_object_ref (group); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_domain_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + + nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->ca_cert_chooser), group); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo")); + g_assert (widget); + + model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); + gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); + g_assert (eap); + nma_eap_add_to_size_group (eap, group); + nma_eap_unref (eap); +} + +static void +fill_connection (NMAEap *parent, NMConnection *connection) +{ + NMAEapPeap *method = (NMAEapPeap *) parent; + NMSetting8021x *s_8021x; + NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + GtkWidget *widget; + const char *text; + char *value = NULL; + NMAEap *eap = NULL; + GtkTreeModel *model; + GtkTreeIter iter; + int peapver_active = 0; + GError *error = NULL; + gboolean ca_cert_error = FALSE; + NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN; + NMSettingSecretFlags secret_flags; + + s_8021x = nm_connection_get_setting_802_1x (connection); + g_assert (s_8021x); + + nm_setting_802_1x_add_eap_method (s_8021x, "peap"); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_entry")); + g_assert (widget); + text = gtk_editable_get_text (GTK_EDITABLE (widget)); + if (text && strlen (text)) + g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_domain_entry")); + g_assert (widget); + text = gtk_editable_get_text (GTK_EDITABLE (widget)); + if (text && strlen (text)) + g_object_set (s_8021x, NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH, text, NULL); + + /* Save CA certificate PIN and its flags to the connection */ + secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser)); + nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_CA_CERT_PASSWORD, + secret_flags, NULL); + if (method->is_editor) { + /* Update secret flags and popup when editing the connection */ + nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser), + secret_flags, NM_SETTING (s_8021x), + NM_SETTING_802_1X_CA_CERT_PASSWORD); + g_object_set (s_8021x, NM_SETTING_802_1X_CA_CERT_PASSWORD, + nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->ca_cert_chooser)), + NULL); + } + + /* TLS CA certificate */ + if (gtk_widget_get_sensitive (method->ca_cert_chooser)) + value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme); + format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + if (!nm_setting_802_1x_set_ca_cert (s_8021x, value, scheme, &format, &error)) { + g_warning ("Couldn't read CA certificate '%s': %s", value, error ? error->message : "(unknown)"); + g_clear_error (&error); + ca_cert_error = TRUE; + } + nma_eap_ca_cert_ignore_set (parent, connection, value, ca_cert_error); + g_free (value); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_combo")); + peapver_active = gtk_combo_box_get_active (GTK_COMBO_BOX (widget)); + switch (peapver_active) { + case 1: /* PEAP v0 */ + g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_PEAPVER, "0", NULL); + break; + case 2: /* PEAP v1 */ + g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_PEAPVER, "1", NULL); + break; + default: /* Automatic */ + g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_PEAPVER, NULL, NULL); + break; + } + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo")); + model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); + gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); + g_assert (eap); + + nma_eap_fill_connection (eap, connection); + nma_eap_unref (eap); +} +static void +inner_auth_combo_changed_cb (GtkWidget *combo, gpointer user_data) +{ + NMAEap *parent = (NMAEap *) user_data; + NMAEapPeap *method = (NMAEapPeap *) parent; + GtkWidget *vbox; + NMAEap *eap = NULL; + GList *elt, *children; + GtkTreeModel *model; + GtkTreeIter iter; + GtkWidget *eap_widget; + + vbox = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_vbox")); + g_assert (vbox); + + /* Remove any previous wireless security widgets */ + children = gtk_container_get_children (GTK_CONTAINER (vbox)); + for (elt = children; elt; elt = g_list_next (elt)) + gtk_container_remove (GTK_CONTAINER (vbox), GTK_WIDGET (elt->data)); + + model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (combo), &iter); + gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); + g_assert (eap); + + eap_widget = nma_eap_get_widget (eap); + g_assert (eap_widget); + gtk_widget_unparent (eap_widget); + + if (method->size_group) + nma_eap_add_to_size_group (eap, method->size_group); + gtk_container_add (GTK_CONTAINER (vbox), eap_widget); + + nma_eap_unref (eap); + + nma_ws_changed_cb (combo, method->ws_8021x); +} + +static GtkWidget * +inner_auth_combo_init (NMAEapPeap *method, + NMConnection *connection, + NMSetting8021x *s_8021x, + gboolean secrets_only) +{ + NMAEap *parent = (NMAEap *) method; + GtkWidget *combo; + GtkListStore *auth_model; + GtkTreeIter iter; + NMAEapSimple *em_mschap_v2; + NMAEapSimple *em_md5; + NMAEapSimple *em_gtc; + guint32 active = 0; + const char *phase2_auth = NULL; + NMAEapSimpleFlags simple_flags; + + auth_model = gtk_list_store_new (2, G_TYPE_STRING, nma_eap_get_type ()); + + if (s_8021x) { + if (nm_setting_802_1x_get_phase2_auth (s_8021x)) + phase2_auth = nm_setting_802_1x_get_phase2_auth (s_8021x); + else if (nm_setting_802_1x_get_phase2_autheap (s_8021x)) + phase2_auth = nm_setting_802_1x_get_phase2_autheap (s_8021x); + } + + simple_flags = NMA_EAP_SIMPLE_FLAG_PHASE2; + if (method->is_editor) + simple_flags |= NMA_EAP_SIMPLE_FLAG_IS_EDITOR; + if (secrets_only) + simple_flags |= NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY; + + em_mschap_v2 = nma_eap_simple_new (method->ws_8021x, + connection, + NMA_EAP_SIMPLE_TYPE_MSCHAP_V2, + simple_flags, + NULL); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + I_NAME_COLUMN, _("MSCHAPv2"), + I_METHOD_COLUMN, em_mschap_v2, + -1); + nma_eap_unref (NMA_EAP (em_mschap_v2)); + + /* Check for defaulting to MSCHAPv2 */ + if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2")) + active = 0; + + em_md5 = nma_eap_simple_new (method->ws_8021x, + connection, + NMA_EAP_SIMPLE_TYPE_MD5, + simple_flags, + NULL); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + I_NAME_COLUMN, _("MD5"), + I_METHOD_COLUMN, em_md5, + -1); + nma_eap_unref (NMA_EAP (em_md5)); + + /* Check for defaulting to MD5 */ + if (phase2_auth && !strcasecmp (phase2_auth, "md5")) + active = 1; + + em_gtc = nma_eap_simple_new (method->ws_8021x, + connection, + NMA_EAP_SIMPLE_TYPE_GTC, + simple_flags, + NULL); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + I_NAME_COLUMN, _("GTC"), + I_METHOD_COLUMN, em_gtc, + -1); + nma_eap_unref (NMA_EAP (em_gtc)); + + /* Check for defaulting to GTC */ + if (phase2_auth && !strcasecmp (phase2_auth, "gtc")) + active = 2; + + combo = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo")); + g_assert (combo); + + gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (auth_model)); + g_object_unref (G_OBJECT (auth_model)); + gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active); + + g_signal_connect (G_OBJECT (combo), "changed", + (GCallback) inner_auth_combo_changed_cb, + method); + return combo; +} + +static void +update_secrets (NMAEap *parent, NMConnection *connection) +{ + nma_eap_phase2_update_secrets_helper (parent, + connection, + "eap_peap_inner_auth_combo", + I_METHOD_COLUMN); +} + +NMAEapPeap * +nma_eap_peap_new (NMAWs8021x *ws_8021x, + NMConnection *connection, + gboolean is_editor, + gboolean secrets_only) +{ + NMAEap *parent; + NMAEapPeap *method; + GtkWidget *widget; + NMSetting8021x *s_8021x = NULL; + gboolean ca_not_required = FALSE; + + parent = nma_eap_init (sizeof (NMAEapPeap), + validate, + add_to_size_group, + fill_connection, + update_secrets, + destroy, + "/org/gnome/libnma/nma-eap-peap.ui", + "eap_peap_grid", + "eap_peap_anon_identity_entry", + FALSE); + if (!parent) + return NULL; + + method = (NMAEapPeap *) parent; + method->password_flags_name = NM_SETTING_802_1X_PASSWORD; + method->ws_8021x = ws_8021x; + method->is_editor = is_editor; + + if (connection) + s_8021x = nm_connection_get_setting_802_1x (connection); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_grid")); + g_assert (widget); + + method->ca_cert_chooser = nma_cert_chooser_new ("CA", + NMA_CERT_CHOOSER_FLAG_CERT + | (secrets_only ? NMA_CERT_CHOOSER_FLAG_PASSWORDS : 0)); + gtk_grid_attach (GTK_GRID (widget), method->ca_cert_chooser, 0, 2, 2, 1); + gtk_widget_show (method->ca_cert_chooser); + + g_signal_connect (method->ca_cert_chooser, + "cert-validate", + G_CALLBACK (nma_eap_ca_cert_validate_cb), + NULL); + g_signal_connect (method->ca_cert_chooser, + "changed", + G_CALLBACK (nma_ws_changed_cb), + ws_8021x); + + nma_eap_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x, + nm_setting_802_1x_get_ca_cert_scheme, + nm_setting_802_1x_get_ca_cert_path, + nm_setting_802_1x_get_ca_cert_uri, + nm_setting_802_1x_get_ca_cert_password, + NULL, + NULL, + NULL, + NULL); + + if (connection && nma_eap_ca_cert_ignore_get (parent, connection)) { + gchar *ca_cert; + NMSetting8021xCKScheme scheme; + + ca_cert = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme); + if (ca_cert) + g_free (ca_cert); + else + ca_not_required = TRUE; + } + + if (secrets_only) + ca_not_required = TRUE; + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_not_required_checkbox")); + g_assert (widget); + g_signal_connect (G_OBJECT (widget), "toggled", + (GCallback) ca_cert_not_required_toggled, + parent); + g_signal_connect (G_OBJECT (widget), "toggled", + (GCallback) nma_ws_changed_cb, + ws_8021x); + gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), ca_not_required); + + widget = inner_auth_combo_init (method, connection, s_8021x, secrets_only); + inner_auth_combo_changed_cb (widget, (gpointer) method); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_combo")); + g_assert (widget); + gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0); + if (s_8021x) { + const char *peapver; + + peapver = nm_setting_802_1x_get_phase1_peapver (s_8021x); + if (peapver) { + /* Index 0 is "Automatic" */ + if (!strcmp (peapver, "0")) + gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1); + else if (!strcmp (peapver, "1")) + gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 2); + } + } + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) nma_ws_changed_cb, + ws_8021x); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_entry")); + if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x)) + gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x)); + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) nma_ws_changed_cb, + ws_8021x); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_domain_entry")); + if (s_8021x && nm_setting_802_1x_get_domain_suffix_match (s_8021x)) + gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_domain_suffix_match (s_8021x)); + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) nma_ws_changed_cb, + ws_8021x); + + if (secrets_only) { + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_label")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_entry")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_domain_label")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_domain_entry")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_not_required_checkbox")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_label")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_label")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_combo")); + gtk_widget_hide (widget); + } + + return method; +} diff --git a/src/nma-ws/nma-eap-peap.h b/src/nma-ws/nma-eap-peap.h new file mode 100644 index 00000000..9f6c4a1e --- /dev/null +++ b/src/nma-ws/nma-eap-peap.h @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_EAP_PEAP_H +#define NMA_EAP_PEAP_H + +#include "nma-ws.h" + +typedef struct _NMAEapPeap NMAEapPeap; + +NMAEapPeap *nma_eap_peap_new (NMAWs8021x *ws_8021x, + NMConnection *connection, + gboolean is_editor, + gboolean secrets_only); + +#endif /* NMA_EAP_PEAP_H */ diff --git a/src/nma-ws/nma-eap-peap.ui b/src/nma-ws/nma-eap-peap.ui new file mode 100644 index 00000000..b0b5c2c9 --- /dev/null +++ b/src/nma-ws/nma-eap-peap.ui @@ -0,0 +1,195 @@ + + + + + + + + + + + + + + + + + + + + + + + Automatic + + + Version 0 + + + Version 1 + + + + + True + False + 6 + 6 + + + True + False + Anony_mous identity + True + eap_peap_anon_identity_entry + 1 + + + 0 + 0 + + + + + True + True + True + True + + + 1 + 0 + + + + + No CA certificate is _required + True + True + False + True + True + True + + + 1 + 3 + + + + + True + False + PEAP _version + True + eap_peap_version_combo + 1 + + + 0 + 4 + + + + + True + False + True + model9 + + + + 0 + + + + + 1 + 4 + + + + + True + False + _Inner authentication + True + eap_peap_inner_auth_combo + 1 + + + 0 + 5 + + + + + True + False + True + model8 + + + + 0 + + + + + 1 + 5 + + + + + True + False + vertical + + + + + + 0 + 6 + 2 + + + + + True + False + Suffix of the server certificate name. + _Domain + True + eap_peap_domain_entry + 1 + + + 0 + 1 + + + + + True + True + True + True + + + 1 + 1 + + + + + + + + + + + + + diff --git a/src/nma-ws/nma-eap-simple.c b/src/nma-ws/nma-eap-simple.c new file mode 100644 index 00000000..a26f6bda --- /dev/null +++ b/src/nma-ws/nma-eap-simple.c @@ -0,0 +1,485 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#include "nm-default.h" +#include "nma-private.h" + +#include +#include + +#include "nma-eap.h" +#include "nma-ws.h" +#include "nma-ws-private.h" +#include "nma-ws-helpers.h" +#include "nma-ws-802-1x.h" +#include "nma-ws-802-1x-private.h" +#include "nma-ui-utils.h" +#include "utils.h" + +struct _NMAEapSimple { + NMAEap parent; + + NMAWs8021x *ws_8021x; + + const char *password_flags_name; + NMAEapSimpleType type; + NMAEapSimpleFlags flags; + + gboolean username_requested; + gboolean password_requested; + gboolean pkey_passphrase_requested; + GtkEntry *username_entry; + GtkEntry *password_entry; + GtkToggleButton *show_password; + GtkEntry *pkey_passphrase_entry; + GtkToggleButton *show_pkey_passphrase; + guint idle_func_id; +}; + +static void +show_password_toggled_cb (GtkToggleButton *button, NMAEapSimple *method) +{ + gboolean visible; + + visible = gtk_toggle_button_get_active (button); + gtk_entry_set_visibility (method->password_entry, visible); +} + +static void +show_pkey_passphrase_toggled_cb (GtkToggleButton *button, NMAEapSimple *method) +{ + gboolean visible; + + visible = gtk_toggle_button_get_active (button); + gtk_entry_set_visibility (method->pkey_passphrase_entry, visible); +} + +static gboolean +always_ask_selected (GtkEntry *passwd_entry) +{ + return !!( nma_utils_menu_to_secret_flags (GTK_WIDGET (passwd_entry)) + & NM_SETTING_SECRET_FLAG_NOT_SAVED); +} + +static gboolean +validate (NMAEap *parent, GError **error) +{ + NMAEapSimple *method = (NMAEapSimple *)parent; + const char *text; + gboolean ret = TRUE; + + if (method->username_requested) { + text = gtk_editable_get_text (GTK_EDITABLE (method->username_entry)); + if (!text || !strlen (text)) { + widget_set_error (GTK_WIDGET (method->username_entry)); + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP username")); + ret = FALSE; + } else + widget_unset_error (GTK_WIDGET (method->username_entry)); + } + + /* Check if the password should always be requested */ + if (method->password_requested) { + if (always_ask_selected (method->password_entry)) + widget_unset_error (GTK_WIDGET (method->password_entry)); + else { + text = gtk_editable_get_text (GTK_EDITABLE (method->password_entry)); + if (!text || !strlen (text)) { + widget_set_error (GTK_WIDGET (method->password_entry)); + if (ret) { + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, + _("missing EAP password")); + ret = FALSE; + } + } else + widget_unset_error (GTK_WIDGET (method->password_entry)); + } + } + + if (method->pkey_passphrase_requested) { + text = gtk_editable_get_text (GTK_EDITABLE (method->pkey_passphrase_entry)); + if (!text || !strlen (text)) { + widget_set_error (GTK_WIDGET (method->pkey_passphrase_entry)); + if (ret) { + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, + _("missing EAP client Private Key passphrase")); + ret = FALSE; + } + } else + widget_unset_error (GTK_WIDGET (method->pkey_passphrase_entry)); + } + + return ret; +} + +static void +add_to_size_group (NMAEap *parent, GtkSizeGroup *group) +{ + NMAEapSimple *method = (NMAEapSimple *) parent; + GtkWidget *widget; + + if (method->username_requested) { + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + } + + if (method->password_requested) { + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + } + + if (method->pkey_passphrase_requested) { + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_pkey_passphrase_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + } +} + +typedef struct { + const char *name; + gboolean autheap_allowed; +} EapType; + +/* Indexed by NMA_EAP_SIMPLE_TYPE_* */ +static const EapType eap_table[NMA_EAP_SIMPLE_TYPE_LAST] = { + [NMA_EAP_SIMPLE_TYPE_PAP] = { "pap", FALSE }, + [NMA_EAP_SIMPLE_TYPE_MSCHAP] = { "mschap", FALSE }, + [NMA_EAP_SIMPLE_TYPE_MSCHAP_V2] = { "mschapv2", TRUE }, + [NMA_EAP_SIMPLE_TYPE_PLAIN_MSCHAP_V2] = { "mschapv2", FALSE }, + [NMA_EAP_SIMPLE_TYPE_MD5] = { "md5", TRUE }, + [NMA_EAP_SIMPLE_TYPE_PWD] = { "pwd", TRUE }, + [NMA_EAP_SIMPLE_TYPE_CHAP] = { "chap", FALSE }, + [NMA_EAP_SIMPLE_TYPE_GTC] = { "gtc", TRUE }, + [NMA_EAP_SIMPLE_TYPE_UNKNOWN] = { "unknown", TRUE }, +}; + +static void +fill_connection (NMAEap *parent, NMConnection *connection) +{ + NMAEapSimple *method = (NMAEapSimple *) parent; + NMSetting8021x *s_8021x; + gboolean not_saved = FALSE; + NMSettingSecretFlags flags; + const EapType *eap_type; + + s_8021x = nm_connection_get_setting_802_1x (connection); + g_assert (s_8021x); + + if (!(method->flags & NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY)) { + /* If this is the main EAP method, clear any existing methods because the + * user-selected one will replace it. + */ + if (parent->phase2 == FALSE) + nm_setting_802_1x_clear_eap_methods (s_8021x); + + eap_type = &eap_table[method->type]; + if (parent->phase2) { + /* If the outer EAP method (TLS, TTLS, PEAP, etc) allows inner/phase2 + * EAP methods (which only TTLS allows) *and* the inner/phase2 method + * supports being an inner EAP method, then set PHASE2_AUTHEAP. + * Otherwise the inner/phase2 method goes into PHASE2_AUTH. + */ + if ((method->flags & NMA_EAP_SIMPLE_FLAG_AUTHEAP_ALLOWED) && eap_type->autheap_allowed) { + g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTHEAP, eap_type->name, NULL); + g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, NULL, NULL); + } else { + g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, eap_type->name, NULL); + g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTHEAP, NULL, NULL); + } + } else + nm_setting_802_1x_add_eap_method (s_8021x, eap_type->name); + } + + if (method->username_requested) { + g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, + gtk_editable_get_text (GTK_EDITABLE (method->username_entry)), + NULL); + } + + if (method->password_requested) { + /* Save the password always ask setting */ + not_saved = always_ask_selected (method->password_entry); + flags = nma_utils_menu_to_secret_flags (GTK_WIDGET (method->password_entry)); + nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->password_flags_name, flags, NULL); + + /* Fill the connection's password if we're in the applet so that it'll get + * back to NM. From the editor though, since the connection isn't going + * back to NM in response to a GetSecrets() call, we don't save it if the + * user checked "Always Ask". + */ + if (!(method->flags & NMA_EAP_SIMPLE_FLAG_IS_EDITOR) || not_saved == FALSE) { + g_object_set (s_8021x, NM_SETTING_802_1X_PASSWORD, + gtk_editable_get_text (GTK_EDITABLE (method->password_entry)), + NULL); + } + + /* Update secret flags and popup when editing the connection */ + if (!(method->flags & NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY)) { + GtkWidget *passwd_entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, + "eap_simple_password_entry")); + g_assert (passwd_entry); + + nma_utils_update_password_storage (passwd_entry, flags, + NM_SETTING (s_8021x), method->password_flags_name); + } + } + + if (method->pkey_passphrase_requested) { + g_object_set (s_8021x, NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD, + gtk_editable_get_text (GTK_EDITABLE (method->pkey_passphrase_entry)), + NULL); + } +} + +static void +update_secrets (NMAEap *parent, NMConnection *connection) +{ + nma_ws_helper_fill_secret_entry (connection, + GTK_EDITABLE (gtk_builder_get_object (parent->builder, "eap_simple_password_entry")), + NM_TYPE_SETTING_802_1X, + (HelperSecretFunc) nm_setting_802_1x_get_password); + nma_ws_helper_fill_secret_entry (connection, + GTK_EDITABLE (gtk_builder_get_object (parent->builder, "eap_simple_pkey_passphrase_entry")), + NM_TYPE_SETTING_802_1X, + (HelperSecretFunc) nm_setting_802_1x_get_private_key_password); +} + +static gboolean +stuff_changed (NMAEapSimple *method) +{ + nma_ws_changed_cb (NULL, method->ws_8021x); + method->idle_func_id = 0; + return FALSE; +} + +static void +password_storage_changed (GObject *entry, + GParamSpec *pspec, + NMAEapSimple *method) +{ + gboolean always_ask; + gboolean secrets_only = method->flags & NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY; + + always_ask = always_ask_selected (method->password_entry); + + if (always_ask && !secrets_only) { + /* we always clear this button and do not restore it + * (because we want to hide the password). */ + gtk_toggle_button_set_active (method->show_password, FALSE); + } + + gtk_widget_set_sensitive (GTK_WIDGET (method->show_password), + !always_ask || secrets_only); + + if (!method->idle_func_id) + method->idle_func_id = g_idle_add ((GSourceFunc) stuff_changed, method); +} + +/* Set the UI fields for user, password, always_ask and show_password to the + * values as provided by method->ws_8021x. */ +static void +set_userpass_ui (NMAEapSimple *method) +{ + if (method->ws_8021x->username) { + gtk_editable_set_text (GTK_EDITABLE (method->username_entry), + method->ws_8021x->username); + } else { + gtk_editable_set_text (GTK_EDITABLE (method->username_entry), ""); + } + + if (method->ws_8021x->password && !method->ws_8021x->always_ask) { + gtk_editable_set_text (GTK_EDITABLE (method->password_entry), + method->ws_8021x->password); + } else { + gtk_editable_set_text (GTK_EDITABLE (method->password_entry), ""); + } + + gtk_toggle_button_set_active (method->show_password, method->ws_8021x->show_password); + + password_storage_changed (NULL, NULL, method); +} + +static void +widgets_realized (GtkWidget *widget, NMAEapSimple *method) +{ + set_userpass_ui (method); +} + +static void +widgets_unrealized (GtkWidget *widget, NMAEapSimple *method) +{ + nma_ws_802_1x_set_userpass (method->ws_8021x, + gtk_editable_get_text (GTK_EDITABLE (method->username_entry)), + gtk_editable_get_text (GTK_EDITABLE (method->password_entry)), + always_ask_selected (method->password_entry), + gtk_toggle_button_get_active (method->show_password)); +} + +static void +destroy (NMAEap *parent) +{ + NMAEapSimple *method = (NMAEapSimple *) parent; + GtkWidget *widget; + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_grid")); + g_assert (widget); + g_signal_handlers_disconnect_by_data (widget, method); + + g_signal_handlers_disconnect_by_data (method->username_entry, method->ws_8021x); + g_signal_handlers_disconnect_by_data (method->password_entry, method->ws_8021x); + g_signal_handlers_disconnect_by_data (method->password_entry, method); + g_signal_handlers_disconnect_by_data (method->show_password, method); + g_signal_handlers_disconnect_by_data (method->pkey_passphrase_entry, method->ws_8021x); + g_signal_handlers_disconnect_by_data (method->show_pkey_passphrase, method); + + nm_clear_g_source (&method->idle_func_id); +} + +static void +hide_row (GtkWidget **widgets, size_t num) +{ + while (num--) + gtk_widget_hide (*widgets++); +} + +NMAEapSimple * +nma_eap_simple_new (NMAWs8021x *ws_8021x, + NMConnection *connection, + NMAEapSimpleType type, + NMAEapSimpleFlags flags, + const char *const*hints) +{ + NMAEap *parent; + NMAEapSimple *method; + GtkWidget *widget; + NMSetting8021x *s_8021x = NULL; + GtkWidget *widget_row[10]; + + parent = nma_eap_init (sizeof (NMAEapSimple), + validate, + add_to_size_group, + fill_connection, + update_secrets, + destroy, + "/org/gnome/libnma/nma-eap-simple.ui", + "eap_simple_grid", + "eap_simple_username_entry", + flags & NMA_EAP_SIMPLE_FLAG_PHASE2); + if (!parent) + return NULL; + + method = (NMAEapSimple *) parent; + method->password_flags_name = NM_SETTING_802_1X_PASSWORD; + method->ws_8021x = ws_8021x; + method->flags = flags; + method->type = type; + g_assert (type < NMA_EAP_SIMPLE_TYPE_LAST); + g_assert ( type != NMA_EAP_SIMPLE_TYPE_UNKNOWN + || hints); + + if (hints) { + for (; *hints; hints++) { + if (!strcmp (*hints, NM_SETTING_802_1X_IDENTITY)) + method->username_requested = TRUE; + else if (!strcmp (*hints, NM_SETTING_802_1X_PASSWORD)) { + method->password_requested = TRUE; + method->password_flags_name = NM_SETTING_802_1X_PASSWORD; + } else if (!strcmp (*hints, NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD)) + method->pkey_passphrase_requested = TRUE; + } + } else { + method->username_requested = TRUE; + method->password_requested = TRUE; + } + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_grid")); + g_assert (widget); + g_signal_connect (G_OBJECT (widget), "realize", + (GCallback) widgets_realized, + method); + g_signal_connect (G_OBJECT (widget), "unrealize", + (GCallback) widgets_unrealized, + method); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_entry")); + g_assert (widget); + method->username_entry = GTK_ENTRY (widget); + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) nma_ws_changed_cb, + ws_8021x); + + if ( (method->flags & NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY) + && !method->username_requested) + gtk_widget_set_sensitive (widget, FALSE); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_entry")); + g_assert (widget); + method->password_entry = GTK_ENTRY (widget); + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) nma_ws_changed_cb, + ws_8021x); + + /* Create password-storage popup menu for password entry under entry's secondary icon */ + if (connection) + s_8021x = nm_connection_get_setting_802_1x (connection); + nma_utils_setup_password_storage (widget, 0, (NMSetting *) s_8021x, method->password_flags_name, + FALSE, flags & NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY); + + g_signal_connect (method->password_entry, "notify::secondary-icon-name", + G_CALLBACK (password_storage_changed), + method); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_eapsimple")); + g_assert (widget); + method->show_password = GTK_TOGGLE_BUTTON (widget); + g_signal_connect (G_OBJECT (widget), "toggled", + (GCallback) show_password_toggled_cb, + method); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_pkey_passphrase_entry")); + g_assert (widget); + method->pkey_passphrase_entry = GTK_ENTRY (widget); + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) nma_ws_changed_cb, + ws_8021x); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_show_pkey_passphrase_checkbutton")); + g_assert (widget); + method->show_pkey_passphrase = GTK_TOGGLE_BUTTON (widget); + g_signal_connect (G_OBJECT (widget), "toggled", + (GCallback) show_pkey_passphrase_toggled_cb, + method); + + widget_row[0] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_label")); + widget_row[1] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_entry")); + if (!method->username_requested) + hide_row (widget_row, 2); + + widget_row[0] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_label")); + widget_row[1] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_entry")); + widget_row[2] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_eapsimple")); + if (!method->password_requested) + hide_row (widget_row, 3); + + widget_row[0] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_pkey_passphrase_label")); + widget_row[1] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_pkey_passphrase_entry")); + widget_row[2] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_show_pkey_passphrase_checkbutton")); + if (!method->pkey_passphrase_requested) + hide_row (widget_row, 3); + + /* Initialize the UI fields with the security settings from method->ws_8021x. + * This will be done again when the widget gets realized. It must be done here as well, + * because the outer dialog will ask to 'validate' the connection before the security tab + * is shown/realized (to enable the 'Apply' button). + * As 'validate' accesses the contents of the UI fields, they must be initialized now, even + * if the widgets are not yet visible. */ + set_userpass_ui (method); + + return method; +} diff --git a/src/nma-ws/nma-eap-simple.h b/src/nma-ws/nma-eap-simple.h new file mode 100644 index 00000000..82024dca --- /dev/null +++ b/src/nma-ws/nma-eap-simple.h @@ -0,0 +1,49 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_EAP_SIMPLE_H +#define NMA_EAP_SIMPLE_H + +#include "nma-ws.h" + +typedef enum { + /* NOTE: when updating this table, also update nma_eap_methods[] */ + NMA_EAP_SIMPLE_TYPE_PAP = 0, + NMA_EAP_SIMPLE_TYPE_MSCHAP, + NMA_EAP_SIMPLE_TYPE_MSCHAP_V2, + NMA_EAP_SIMPLE_TYPE_PLAIN_MSCHAP_V2, + NMA_EAP_SIMPLE_TYPE_MD5, + NMA_EAP_SIMPLE_TYPE_PWD, + NMA_EAP_SIMPLE_TYPE_CHAP, + NMA_EAP_SIMPLE_TYPE_GTC, + NMA_EAP_SIMPLE_TYPE_UNKNOWN, + + /* Boundary value, do not use */ + NMA_EAP_SIMPLE_TYPE_LAST +} NMAEapSimpleType; + +typedef enum { + NMA_EAP_SIMPLE_FLAG_NONE = 0x00, + /* Indicates the EAP method is an inner/phase2 method */ + NMA_EAP_SIMPLE_FLAG_PHASE2 = 0x01, + /* Set by TTLS to indicate that inner/phase2 EAP is allowed */ + NMA_EAP_SIMPLE_FLAG_AUTHEAP_ALLOWED = 0x02, + /* Set from nm-connection-editor or the GNOME network panel */ + NMA_EAP_SIMPLE_FLAG_IS_EDITOR = 0x04, + /* Set to indicate that this request is only for secrets */ + NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY = 0x08 +} NMAEapSimpleFlags; + +typedef struct _NMAEapSimple NMAEapSimple; + +NMAEapSimple *nma_eap_simple_new (NMAWs8021x *ws_8021x, + NMConnection *connection, + NMAEapSimpleType type, + NMAEapSimpleFlags flags, + const char *const*hints); + +#endif /* NMA_EAP_SIMPLE_H */ diff --git a/src/nma-ws/nma-eap-simple.ui b/src/nma-ws/nma-eap-simple.ui new file mode 100644 index 00000000..e364a65a --- /dev/null +++ b/src/nma-ws/nma-eap-simple.ui @@ -0,0 +1,141 @@ + + + + + + True + False + start + 6 + 6 + + + True + False + _Username + True + eap_simple_username_entry + 1 + + + 0 + 0 + + + + + True + False + _Password + True + eap_simple_password_entry + 1 + + + 0 + 1 + + + + + True + True + True + False + True + + + 1 + 1 + + + + + True + True + True + True + + + 1 + 0 + + + + + True + False + vertical + + + Sho_w password + True + True + False + True + True + + + True + True + 0 + + + + + + + + 1 + 2 + + + + + True + False + P_rivate Key Passphrase + True + eap_simple_pkey_passphrase_entry + 1 + + + 0 + 3 + + + + + True + True + True + False + True + + + 1 + 3 + + + + + Sh_ow passphrase + True + True + False + True + True + + + 1 + 4 + + + + + + + + + + diff --git a/src/nma-ws/nma-eap-tls.c b/src/nma-ws/nma-eap-tls.c new file mode 100644 index 00000000..5f671fab --- /dev/null +++ b/src/nma-ws/nma-eap-tls.c @@ -0,0 +1,497 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * Lubomir Rintel + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#include "nm-default.h" +#include "nma-private.h" + +#include +#include + +#include "nma-eap.h" +#include "nma-ws.h" +#include "nma-ws-private.h" +#include "nma-ui-utils.h" +#include "nma-cert-chooser.h" +#include "utils.h" + +struct _NMAEapTls { + NMAEap parent; + + const char *ca_cert_password_flags_name; + const char *client_cert_password_flags_name; + const char *client_key_password_flags_name; + + gboolean editing_connection; + GtkWidget *ca_cert_chooser; + GtkWidget *client_cert_chooser; +}; + + +static gboolean +validate (NMAEap *parent, GError **error) +{ + NMAEapTls *method = (NMAEapTls *) parent; + GtkWidget *widget; + const char *identity; + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_entry")); + g_assert (widget); + identity = gtk_editable_get_text (GTK_EDITABLE (widget)); + if (!identity || !strlen (identity)) { + widget_set_error (widget); + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP-TLS identity")); + return FALSE; + } else { + widget_unset_error (widget); + } + + if ( gtk_widget_get_sensitive (method->ca_cert_chooser) + && !nma_cert_chooser_validate (NMA_CERT_CHOOSER (method->ca_cert_chooser), error)) + return FALSE; + + if (!nma_cert_chooser_validate (NMA_CERT_CHOOSER (method->client_cert_chooser), error)) + return FALSE; + + return TRUE; +} + +static void +ca_cert_not_required_toggled (GtkWidget *button, gpointer user_data) +{ + NMAEapTls *method = (NMAEapTls *) user_data; + + gtk_widget_set_sensitive (method->ca_cert_chooser, + !gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button))); +} + +static void +add_to_size_group (NMAEap *parent, GtkSizeGroup *group) +{ + NMAEapTls *method = (NMAEapTls *) parent; + GtkWidget *widget; + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_domain_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + + nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->client_cert_chooser), group); + nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->ca_cert_chooser), group); +} + +static void +fill_connection (NMAEap *parent, NMConnection *connection) +{ + NMAEapTls *method = (NMAEapTls *) parent; + NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + NMSetting8021x *s_8021x; + NMSettingSecretFlags secret_flags; + GtkWidget *widget; + char *value = NULL; + const char *password = NULL; + GError *error = NULL; + gboolean ca_cert_error = FALSE; + NMSetting8021xCKScheme scheme; + + s_8021x = nm_connection_get_setting_802_1x (connection); + g_assert (s_8021x); + + if (parent->phase2) + g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "tls", NULL); + else + nm_setting_802_1x_add_eap_method (s_8021x, "tls"); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_entry")); + g_assert (widget); + g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_editable_get_text (GTK_EDITABLE (widget)), NULL); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_domain_entry")); + g_assert (widget); + g_object_set (s_8021x, + parent->phase2 ? NM_SETTING_802_1X_PHASE2_DOMAIN_SUFFIX_MATCH : NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH, + gtk_editable_get_text (GTK_EDITABLE (widget)), NULL); + + /* TLS private key */ + password = nma_cert_chooser_get_key_password (NMA_CERT_CHOOSER (method->client_cert_chooser)); + value = nma_cert_chooser_get_key (NMA_CERT_CHOOSER (method->client_cert_chooser), &scheme); + + if (parent->phase2) { + if (!nm_setting_802_1x_set_phase2_private_key (s_8021x, value, password, scheme, &format, &error)) { + g_warning ("Couldn't read phase2 private key '%s': %s", value, error ? error->message : "(unknown)"); + g_clear_error (&error); + } + } else { + if (!nm_setting_802_1x_set_private_key (s_8021x, value, password, scheme, &format, &error)) { + g_warning ("Couldn't read private key '%s': %s", value, error ? error->message : "(unknown)"); + g_clear_error (&error); + } + } + g_free (value); + + /* Save CA certificate PIN and its flags to the connection */ + secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser)); + nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->ca_cert_password_flags_name, + secret_flags, NULL); + if (method->editing_connection) { + /* Update secret flags and popup when editing the connection */ + nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser), + secret_flags, NM_SETTING (s_8021x), + method->ca_cert_password_flags_name); + g_object_set (s_8021x, method->ca_cert_password_flags_name, + nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->ca_cert_chooser)), + NULL); + } + + /* Save user certificate PIN and its flags flags to the connection */ + secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->client_cert_chooser)); + nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->client_cert_password_flags_name, + secret_flags, NULL); + if (method->editing_connection) { + nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->client_cert_chooser), + secret_flags, NM_SETTING (s_8021x), + method->client_cert_password_flags_name); + g_object_set (s_8021x, method->client_cert_password_flags_name, + nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->client_cert_chooser)), + NULL); + } + + /* Save user private key password flags to the connection */ + secret_flags = nma_cert_chooser_get_key_password_flags (NMA_CERT_CHOOSER (method->client_cert_chooser)); + nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->client_key_password_flags_name, + secret_flags, NULL); + if (method->editing_connection) { + nma_cert_chooser_update_key_password_storage (NMA_CERT_CHOOSER (method->client_cert_chooser), + secret_flags, NM_SETTING (s_8021x), + method->client_key_password_flags_name); + } + + /* TLS client certificate */ + if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { + /* If the key is pkcs#12 nm_setting_802_1x_set_private_key() already + * set the client certificate for us. + */ + value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->client_cert_chooser), &scheme); + format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + if (parent->phase2) { + if (!nm_setting_802_1x_set_phase2_client_cert (s_8021x, value, scheme, &format, &error)) { + g_warning ("Couldn't read phase2 client certificate '%s': %s", value, error ? error->message : "(unknown)"); + g_clear_error (&error); + } + } else { + if (!nm_setting_802_1x_set_client_cert (s_8021x, value, scheme, &format, &error)) { + g_warning ("Couldn't read client certificate '%s': %s", value, error ? error->message : "(unknown)"); + g_clear_error (&error); + } + } + g_free (value); + } + + /* TLS CA certificate */ + if (gtk_widget_get_sensitive (method->ca_cert_chooser)) + value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme); + else + value = NULL; + format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + if (parent->phase2) { + if (!nm_setting_802_1x_set_phase2_ca_cert (s_8021x, value, scheme, &format, &error)) { + g_warning ("Couldn't read phase2 CA certificate '%s': %s", value, error ? error->message : "(unknown)"); + g_clear_error (&error); + ca_cert_error = TRUE; + } + } else { + if (!nm_setting_802_1x_set_ca_cert (s_8021x, value, scheme, &format, &error)) { + g_warning ("Couldn't read CA certificate '%s': %s", value, error ? error->message : "(unknown)"); + g_clear_error (&error); + ca_cert_error = TRUE; + } + } + nma_eap_ca_cert_ignore_set (parent, connection, value, ca_cert_error); + g_free (value); +} + +static GError * +client_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data) +{ + NMSetting8021xCKScheme scheme; + NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + gs_unref_object NMSetting8021x *setting = NULL; + gs_free char *value = NULL; + GError *local = NULL; + + setting = (NMSetting8021x *) nm_setting_802_1x_new (); + + value = nma_cert_chooser_get_cert (cert_chooser, &scheme); + if (!value) { + return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, + _("no user certificate selected")); + } + if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) { + if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) { + return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, + _("selected user certificate file does not exist")); + } + } + + if (!nm_setting_802_1x_set_client_cert (setting, value, scheme, &format, &local)) + return local; + + return NULL; +} + +static GError * +client_key_validate_cb (NMACertChooser *cert_chooser, gpointer user_data) +{ + NMSetting8021xCKScheme scheme; + gs_free char *value = NULL; + + + value = nma_cert_chooser_get_key (cert_chooser, &scheme); + if (!value) { + return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, + _("no key selected")); + } + if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) { + if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) { + return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, + _("selected key file does not exist")); + } + } + + return NULL; +} + +static GError * +client_key_password_validate_cb (NMACertChooser *cert_chooser, gpointer user_data) +{ + NMSetting8021xCKScheme scheme; + NMSettingSecretFlags secret_flags; + gs_unref_object NMSetting8021x *setting = NULL; + gs_free char *value = NULL; + const char *password = NULL; + GError *local = NULL; + + secret_flags = nma_cert_chooser_get_key_password_flags (cert_chooser); + if ( secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED + || secret_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) + return NULL; + + setting = (NMSetting8021x *) nm_setting_802_1x_new (); + + value = nma_cert_chooser_get_key (cert_chooser, &scheme); + password = nma_cert_chooser_get_key_password (cert_chooser); + if (!nm_setting_802_1x_set_private_key (setting, value, password, scheme, NULL, &local)) + return local; + + return NULL; +} + +static void +client_cert_fixup_pkcs12 (NMACertChooser *cert_chooser, gpointer user_data) +{ + NMSetting8021xCKScheme cert_scheme, key_scheme; + NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + gs_free char *cert_value = NULL; + gs_free char *key_value = NULL; + gs_unref_object NMSetting8021x *setting = NULL; + + setting = (NMSetting8021x *) nm_setting_802_1x_new (); + + cert_value = nma_cert_chooser_get_cert (cert_chooser, &cert_scheme); + key_value = nma_cert_chooser_get_key (cert_chooser, &key_scheme); + + if ( !cert_value || key_value + || !nm_setting_802_1x_set_client_cert (setting, cert_value, cert_scheme, &format, NULL)) + return; + + if (format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) + nma_cert_chooser_set_key (cert_chooser, cert_value, cert_scheme); +} + +static void +update_secrets (NMAEap *parent, NMConnection *connection) +{ + NMAEapTls *method = (NMAEapTls *) parent; + + nma_eap_setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser), + nm_connection_get_setting_802_1x (connection), + NULL, + NULL, + NULL, + parent->phase2 ? nm_setting_802_1x_get_phase2_client_cert_password : nm_setting_802_1x_get_client_cert_password, + parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : nm_setting_802_1x_get_private_key_scheme, + parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_path : nm_setting_802_1x_get_private_key_path, + parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_uri : nm_setting_802_1x_get_private_key_uri, + parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_password : nm_setting_802_1x_get_private_key_password); +} + +NMAEapTls * +nma_eap_tls_new (NMAWs8021x *ws_8021x, + NMConnection *connection, + gboolean phase2, + gboolean secrets_only) +{ + NMAEapTls *method; + NMAEap *parent; + GtkWidget *widget; + NMSetting8021x *s_8021x = NULL; + gboolean ca_not_required = FALSE; + + parent = nma_eap_init (sizeof (NMAEapTls), + validate, + add_to_size_group, + fill_connection, + update_secrets, + NULL, + "/org/gnome/libnma/nma-eap-tls.ui", + "eap_tls_grid", + "eap_tls_identity_entry", + phase2); + if (!parent) + return NULL; + + method = (NMAEapTls *) parent; + method->ca_cert_password_flags_name = phase2 + ? NM_SETTING_802_1X_PHASE2_CA_CERT_PASSWORD + : NM_SETTING_802_1X_CA_CERT_PASSWORD; + method->client_cert_password_flags_name = phase2 + ? NM_SETTING_802_1X_PHASE2_CLIENT_CERT_PASSWORD + : NM_SETTING_802_1X_CLIENT_CERT_PASSWORD; + method->client_key_password_flags_name = phase2 + ? NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD + : NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD; + method->editing_connection = secrets_only ? FALSE : TRUE; + + if (connection) + s_8021x = nm_connection_get_setting_802_1x (connection); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_ca_cert_not_required_checkbox")); + g_assert (widget); + g_signal_connect (G_OBJECT (widget), "toggled", + (GCallback) ca_cert_not_required_toggled, + parent); + g_signal_connect (G_OBJECT (widget), "toggled", + (GCallback) nma_ws_changed_cb, + ws_8021x); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_entry")); + g_assert (widget); + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) nma_ws_changed_cb, + ws_8021x); + if (s_8021x && nm_setting_802_1x_get_identity (s_8021x)) + gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_identity (s_8021x)); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_domain_entry")); + g_assert (widget); + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) nma_ws_changed_cb, + ws_8021x); + if (phase2) { + if (s_8021x && nm_setting_802_1x_get_phase2_domain_suffix_match (s_8021x)) + gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_phase2_domain_suffix_match (s_8021x)); + } else { + if (s_8021x && nm_setting_802_1x_get_domain_suffix_match (s_8021x)) + gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_domain_suffix_match (s_8021x)); + } + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_grid")); + g_assert (widget); + + method->ca_cert_chooser = nma_cert_chooser_new ("CA", + NMA_CERT_CHOOSER_FLAG_CERT + | (secrets_only ? NMA_CERT_CHOOSER_FLAG_PASSWORDS : 0)); + gtk_grid_attach (GTK_GRID (widget), method->ca_cert_chooser, 0, 2, 2, 1); + gtk_widget_show (method->ca_cert_chooser); + + g_signal_connect (method->ca_cert_chooser, + "cert-validate", + G_CALLBACK (nma_eap_ca_cert_validate_cb), + NULL); + g_signal_connect (method->ca_cert_chooser, + "changed", + G_CALLBACK (nma_ws_changed_cb), + ws_8021x); + + nma_eap_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x, + phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme : nm_setting_802_1x_get_ca_cert_scheme, + phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path : nm_setting_802_1x_get_ca_cert_path, + phase2 ? nm_setting_802_1x_get_phase2_ca_cert_uri : nm_setting_802_1x_get_ca_cert_uri, + phase2 ? nm_setting_802_1x_get_phase2_ca_cert_password : nm_setting_802_1x_get_ca_cert_password, + NULL, + NULL, + NULL, + NULL); + + if (connection && nma_eap_ca_cert_ignore_get (parent, connection)) { + gchar *ca_cert; + NMSetting8021xCKScheme scheme; + + ca_cert = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme); + if (ca_cert) + g_free (ca_cert); + else + ca_not_required = TRUE; + } + + if (secrets_only) + ca_not_required = TRUE; + + method->client_cert_chooser = nma_cert_chooser_new ("User", + secrets_only ? NMA_CERT_CHOOSER_FLAG_PASSWORDS : 0); + gtk_grid_attach (GTK_GRID (widget), method->client_cert_chooser, 0, 4, 2, 1); + gtk_widget_show (method->client_cert_chooser); + + g_signal_connect (method->client_cert_chooser, "cert-validate", + G_CALLBACK (client_cert_validate_cb), + NULL); + g_signal_connect (method->client_cert_chooser, + "key-validate", + G_CALLBACK (client_key_validate_cb), + NULL); + g_signal_connect (method->client_cert_chooser, + "key-password-validate", + G_CALLBACK (client_key_password_validate_cb), + NULL); + g_signal_connect (method->client_cert_chooser, + "changed", + G_CALLBACK (client_cert_fixup_pkcs12), + ws_8021x); + g_signal_connect (method->client_cert_chooser, + "changed", + G_CALLBACK (nma_ws_changed_cb), + ws_8021x); + + nma_eap_setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser), s_8021x, + phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme : nm_setting_802_1x_get_client_cert_scheme, + phase2 ? nm_setting_802_1x_get_phase2_client_cert_path : nm_setting_802_1x_get_client_cert_path, + phase2 ? nm_setting_802_1x_get_phase2_client_cert_uri : nm_setting_802_1x_get_client_cert_uri, + phase2 ? nm_setting_802_1x_get_phase2_client_cert_password : nm_setting_802_1x_get_client_cert_password, + phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : nm_setting_802_1x_get_private_key_scheme, + phase2 ? nm_setting_802_1x_get_phase2_private_key_path : nm_setting_802_1x_get_private_key_path, + phase2 ? nm_setting_802_1x_get_phase2_private_key_uri : nm_setting_802_1x_get_private_key_uri, + phase2 ? nm_setting_802_1x_get_phase2_private_key_password : nm_setting_802_1x_get_private_key_password); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_ca_cert_not_required_checkbox")); + gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), ca_not_required); + + /* Create password-storage popup menus for password entries under their secondary icon */ + nma_cert_chooser_setup_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser), + 0, (NMSetting *) s_8021x, method->ca_cert_password_flags_name, + FALSE, secrets_only); + nma_cert_chooser_setup_cert_password_storage (NMA_CERT_CHOOSER (method->client_cert_chooser), + 0, (NMSetting *) s_8021x, method->client_cert_password_flags_name, + FALSE, secrets_only); + nma_cert_chooser_setup_key_password_storage (NMA_CERT_CHOOSER (method->client_cert_chooser), + 0, (NMSetting *) s_8021x, method->client_key_password_flags_name, + FALSE, secrets_only); + + return method; +} diff --git a/src/nma-ws/nma-eap-tls.h b/src/nma-ws/nma-eap-tls.h new file mode 100644 index 00000000..5de30814 --- /dev/null +++ b/src/nma-ws/nma-eap-tls.h @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_EAP_TLS_H +#define NMA_EAP_TLS_H + +#include "nma-ws-802-1x.h" + +typedef struct _NMAEapTls NMAEapTls; + +NMAEapTls *nma_eap_tls_new (NMAWs8021x *ws_8021x, + NMConnection *connection, + gboolean phase2, + gboolean secrets_only); + +#endif /* NMA_EAP_TLS_H */ diff --git a/src/nma-ws/nma-eap-tls.ui b/src/nma-ws/nma-eap-tls.ui new file mode 100644 index 00000000..1705f26f --- /dev/null +++ b/src/nma-ws/nma-eap-tls.ui @@ -0,0 +1,89 @@ + + + + + + True + False + 6 + 6 + + + True + False + I_dentity + True + eap_tls_identity_entry + 1 + + + 0 + 0 + + + + + True + True + True + True + + + 1 + 0 + + + + + No CA certificate is _required + True + True + False + start + True + True + True + + + 1 + 3 + + + + + True + False + Suffix of the server certificate name. + _Domain + True + eap_tls_domain_entry + 1 + + + 0 + 1 + + + + + True + True + True + True + + + 1 + 1 + + + + + + + + + + + + + diff --git a/src/nma-ws/nma-eap-ttls.c b/src/nma-ws/nma-eap-ttls.c new file mode 100644 index 00000000..fee809f8 --- /dev/null +++ b/src/nma-ws/nma-eap-ttls.c @@ -0,0 +1,521 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#include "nm-default.h" +#include "nma-private.h" + +#include +#include + +#include "nma-eap.h" +#include "nma-ws.h" +#include "nma-ws-private.h" +#include "nma-cert-chooser.h" +#include "utils.h" + +#define I_NAME_COLUMN 0 +#define I_METHOD_COLUMN 1 + +struct _NMAEapTtls { + NMAEap parent; + + const char *password_flags_name; + GtkSizeGroup *size_group; + NMAWs8021x *ws_8021x; + gboolean is_editor; + + GtkWidget *ca_cert_chooser; +}; + +static void +destroy (NMAEap *parent) +{ + NMAEapTtls *method = (NMAEapTtls *) parent; + + if (method->size_group) + g_object_unref (method->size_group); +} + +static gboolean +validate (NMAEap *parent, GError **error) +{ + NMAEapTtls *method = (NMAEapTtls *) parent; + GtkWidget *widget; + GtkTreeModel *model; + GtkTreeIter iter; + NMAEap *eap = NULL; + gboolean valid = FALSE; + + if ( gtk_widget_get_sensitive (method->ca_cert_chooser) + && !nma_cert_chooser_validate (NMA_CERT_CHOOSER (method->ca_cert_chooser), error)) + return FALSE; + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo")); + g_assert (widget); + + model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); + gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); + g_assert (eap); + valid = nma_eap_validate (eap, error); + nma_eap_unref (eap); + return valid; +} + +static void +ca_cert_not_required_toggled (GtkWidget *button, gpointer user_data) +{ + NMAEapTtls *method = (NMAEapTtls *) user_data; + + gtk_widget_set_sensitive (method->ca_cert_chooser, + !gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button))); +} + +static void +add_to_size_group (NMAEap *parent, GtkSizeGroup *group) +{ + NMAEapTtls *method = (NMAEapTtls *) parent; + GtkWidget *widget; + GtkTreeModel *model; + GtkTreeIter iter; + NMAEap *eap; + + if (method->size_group) + g_object_unref (method->size_group); + method->size_group = g_object_ref (group); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + + nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->ca_cert_chooser), group); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo")); + g_assert (widget); + + model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); + gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); + g_assert (eap); + nma_eap_add_to_size_group (eap, group); + nma_eap_unref (eap); +} + +static void +fill_connection (NMAEap *parent, NMConnection *connection) +{ + NMAEapTtls *method = (NMAEapTtls *) parent; + NMSetting8021x *s_8021x; + NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + NMSettingSecretFlags secret_flags; + GtkWidget *widget; + const char *text; + char *value = NULL; + NMAEap *eap = NULL; + GtkTreeModel *model; + GtkTreeIter iter; + GError *error = NULL; + NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN; + gboolean ca_cert_error = FALSE; + + s_8021x = nm_connection_get_setting_802_1x (connection); + g_assert (s_8021x); + + nm_setting_802_1x_add_eap_method (s_8021x, "ttls"); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry")); + g_assert (widget); + text = gtk_editable_get_text (GTK_EDITABLE (widget)); + if (text && strlen (text)) + g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_entry")); + g_assert (widget); + text = gtk_editable_get_text (GTK_EDITABLE (widget)); + if (text && strlen (text)) + g_object_set (s_8021x, NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH, text, NULL); + + /* Save CA certificate PIN and its flags to the connection */ + secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser)); + nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_CA_CERT_PASSWORD, + secret_flags, NULL); + if (method->is_editor) { + /* Update secret flags and popup when editing the connection */ + nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser), + secret_flags, NM_SETTING (s_8021x), + NM_SETTING_802_1X_CA_CERT_PASSWORD); + g_object_set (s_8021x, NM_SETTING_802_1X_CA_CERT_PASSWORD, + nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->ca_cert_chooser)), + NULL); + } + + /* TLS CA certificate */ + if (gtk_widget_get_sensitive (method->ca_cert_chooser)) + value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme); + format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + if (!nm_setting_802_1x_set_ca_cert (s_8021x, value, scheme, &format, &error)) { + g_warning ("Couldn't read CA certificate '%s': %s", value, error ? error->message : "(unknown)"); + g_clear_error (&error); + ca_cert_error = TRUE; + } + nma_eap_ca_cert_ignore_set (parent, connection, value, ca_cert_error); + g_free (value); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo")); + model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); + gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); + g_assert (eap); + + nma_eap_fill_connection (eap, connection); + nma_eap_unref (eap); +} + +static void +inner_auth_combo_changed_cb (GtkWidget *combo, gpointer user_data) +{ + NMAEap *parent = (NMAEap *) user_data; + NMAEapTtls *method = (NMAEapTtls *) parent; + GtkWidget *vbox; + NMAEap *eap = NULL; + GList *elt, *children; + GtkTreeModel *model; + GtkTreeIter iter; + GtkWidget *eap_widget; + + vbox = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_vbox")); + g_assert (vbox); + + /* Remove any previous wireless security widgets */ + children = gtk_container_get_children (GTK_CONTAINER (vbox)); + for (elt = children; elt; elt = g_list_next (elt)) + gtk_container_remove (GTK_CONTAINER (vbox), GTK_WIDGET (elt->data)); + g_list_free (children); + + model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (combo), &iter); + gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); + g_assert (eap); + + eap_widget = nma_eap_get_widget (eap); + g_assert (eap_widget); + gtk_widget_unparent (eap_widget); + + if (method->size_group) + nma_eap_add_to_size_group (eap, method->size_group); + gtk_container_add (GTK_CONTAINER (vbox), eap_widget); + + nma_eap_unref (eap); + + nma_ws_changed_cb (combo, method->ws_8021x); +} + +static GtkWidget * +inner_auth_combo_init (NMAEapTtls *method, + NMConnection *connection, + NMSetting8021x *s_8021x, + gboolean secrets_only) +{ + NMAEap *parent = (NMAEap *) method; + GtkWidget *combo; + GtkListStore *auth_model; + GtkTreeIter iter; + NMAEapSimple *em_pap; + NMAEapSimple *em_mschap; + NMAEapSimple *em_mschap_v2; + NMAEapSimple *em_plain_mschap_v2; + NMAEapSimple *em_chap; + NMAEapSimple *em_md5; + NMAEapSimple *em_gtc; + guint32 active = 0; + const char *phase2_auth = NULL; + NMAEapSimpleFlags simple_flags; + + auth_model = gtk_list_store_new (2, G_TYPE_STRING, nma_eap_get_type ()); + + if (s_8021x) { + if (nm_setting_802_1x_get_phase2_auth (s_8021x)) + phase2_auth = nm_setting_802_1x_get_phase2_auth (s_8021x); + else if (nm_setting_802_1x_get_phase2_autheap (s_8021x)) + phase2_auth = nm_setting_802_1x_get_phase2_autheap (s_8021x); + } + + simple_flags = NMA_EAP_SIMPLE_FLAG_PHASE2 | NMA_EAP_SIMPLE_FLAG_AUTHEAP_ALLOWED; + if (method->is_editor) + simple_flags |= NMA_EAP_SIMPLE_FLAG_IS_EDITOR; + if (secrets_only) + simple_flags |= NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY; + + em_pap = nma_eap_simple_new (method->ws_8021x, + connection, + NMA_EAP_SIMPLE_TYPE_PAP, + simple_flags, + NULL); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + I_NAME_COLUMN, _("PAP"), + I_METHOD_COLUMN, em_pap, + -1); + nma_eap_unref (NMA_EAP (em_pap)); + + /* Check for defaulting to PAP */ + if (phase2_auth && !strcasecmp (phase2_auth, "pap")) + active = 0; + + em_mschap = nma_eap_simple_new (method->ws_8021x, + connection, + NMA_EAP_SIMPLE_TYPE_MSCHAP, + simple_flags, + NULL); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + I_NAME_COLUMN, _("MSCHAP"), + I_METHOD_COLUMN, em_mschap, + -1); + nma_eap_unref (NMA_EAP (em_mschap)); + + /* Check for defaulting to MSCHAP */ + if (phase2_auth && !strcasecmp (phase2_auth, "mschap")) + active = 1; + + em_mschap_v2 = nma_eap_simple_new (method->ws_8021x, + connection, + NMA_EAP_SIMPLE_TYPE_MSCHAP_V2, + simple_flags, + NULL); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + I_NAME_COLUMN, _("MSCHAPv2"), + I_METHOD_COLUMN, em_mschap_v2, + -1); + nma_eap_unref (NMA_EAP (em_mschap_v2)); + + /* Check for defaulting to MSCHAPv2 */ + if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2") && + nm_setting_802_1x_get_phase2_autheap (s_8021x) != NULL) + active = 2; + + em_plain_mschap_v2 = nma_eap_simple_new (method->ws_8021x, + connection, + NMA_EAP_SIMPLE_TYPE_PLAIN_MSCHAP_V2, + simple_flags, + NULL); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + I_NAME_COLUMN, _("MSCHAPv2 (no EAP)"), + I_METHOD_COLUMN, em_plain_mschap_v2, + -1); + nma_eap_unref (NMA_EAP (em_plain_mschap_v2)); + + /* Check for defaulting to plain MSCHAPv2 */ + if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2") && + nm_setting_802_1x_get_phase2_auth (s_8021x) != NULL) + active = 3; + + em_chap = nma_eap_simple_new (method->ws_8021x, + connection, + NMA_EAP_SIMPLE_TYPE_CHAP, + simple_flags, + NULL); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + I_NAME_COLUMN, _("CHAP"), + I_METHOD_COLUMN, em_chap, + -1); + nma_eap_unref (NMA_EAP (em_chap)); + + /* Check for defaulting to CHAP */ + if (phase2_auth && !strcasecmp (phase2_auth, "chap")) + active = 4; + + em_md5 = nma_eap_simple_new (method->ws_8021x, + connection, + NMA_EAP_SIMPLE_TYPE_MD5, + simple_flags, + NULL); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + I_NAME_COLUMN, _("MD5"), + I_METHOD_COLUMN, em_md5, + -1); + nma_eap_unref (NMA_EAP (em_md5)); + + /* Check for defaulting to MD5 */ + if (phase2_auth && !strcasecmp (phase2_auth, "md5")) + active = 5; + + em_gtc = nma_eap_simple_new (method->ws_8021x, + connection, + NMA_EAP_SIMPLE_TYPE_GTC, + simple_flags, + NULL); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + I_NAME_COLUMN, _("GTC"), + I_METHOD_COLUMN, em_gtc, + -1); + nma_eap_unref (NMA_EAP (em_gtc)); + + /* Check for defaulting to GTC */ + if (phase2_auth && !strcasecmp (phase2_auth, "gtc")) + active = 6; + + combo = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo")); + g_assert (combo); + + gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (auth_model)); + g_object_unref (G_OBJECT (auth_model)); + gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active); + + g_signal_connect (G_OBJECT (combo), "changed", + (GCallback) inner_auth_combo_changed_cb, + method); + return combo; +} + +static void +update_secrets (NMAEap *parent, NMConnection *connection) +{ + nma_eap_phase2_update_secrets_helper (parent, + connection, + "eap_ttls_inner_auth_combo", + I_METHOD_COLUMN); +} + +NMAEapTtls * +nma_eap_ttls_new (NMAWs8021x *ws_8021x, + NMConnection *connection, + gboolean is_editor, + gboolean secrets_only) +{ + NMAEap *parent; + NMAEapTtls *method; + GtkWidget *widget; + NMSetting8021x *s_8021x = NULL; + gboolean ca_not_required = FALSE; + + parent = nma_eap_init (sizeof (NMAEapTtls), + validate, + add_to_size_group, + fill_connection, + update_secrets, + destroy, + "/org/gnome/libnma/nma-eap-ttls.ui", + "eap_ttls_grid", + "eap_ttls_anon_identity_entry", + FALSE); + if (!parent) + return NULL; + + method = (NMAEapTtls *) parent; + method->password_flags_name = NM_SETTING_802_1X_PASSWORD; + method->ws_8021x = ws_8021x; + method->is_editor = is_editor; + + if (connection) + s_8021x = nm_connection_get_setting_802_1x (connection); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_grid")); + g_assert (widget); + + method->ca_cert_chooser = nma_cert_chooser_new ("CA", + NMA_CERT_CHOOSER_FLAG_CERT + | (secrets_only ? NMA_CERT_CHOOSER_FLAG_PASSWORDS : 0)); + gtk_grid_attach (GTK_GRID (widget), method->ca_cert_chooser, 0, 2, 2, 1); + gtk_widget_show (method->ca_cert_chooser); + + g_signal_connect (method->ca_cert_chooser, + "cert-validate", + G_CALLBACK (nma_eap_ca_cert_validate_cb), + NULL); + g_signal_connect (method->ca_cert_chooser, + "changed", + G_CALLBACK (nma_ws_changed_cb), + ws_8021x); + + nma_eap_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x, + nm_setting_802_1x_get_ca_cert_scheme, + nm_setting_802_1x_get_ca_cert_path, + nm_setting_802_1x_get_ca_cert_uri, + nm_setting_802_1x_get_ca_cert_password, + NULL, + NULL, + NULL, + NULL); + + if (connection && nma_eap_ca_cert_ignore_get (parent, connection)) { + gchar *ca_cert; + NMSetting8021xCKScheme scheme; + + ca_cert = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme); + if (ca_cert) + g_free (ca_cert); + else + ca_not_required = TRUE; + } + + if (secrets_only) + ca_not_required = TRUE; + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_not_required_checkbox")); + g_assert (widget); + g_signal_connect (G_OBJECT (widget), "toggled", + (GCallback) ca_cert_not_required_toggled, + parent); + g_signal_connect (G_OBJECT (widget), "toggled", + (GCallback) nma_ws_changed_cb, + ws_8021x); + gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), ca_not_required); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry")); + if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x)) + gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x)); + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) nma_ws_changed_cb, + ws_8021x); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_entry")); + if (s_8021x && nm_setting_802_1x_get_domain_suffix_match (s_8021x)) + gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_domain_suffix_match (s_8021x)); + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) nma_ws_changed_cb, + ws_8021x); + + widget = inner_auth_combo_init (method, connection, s_8021x, secrets_only); + inner_auth_combo_changed_cb (widget, (gpointer) method); + + if (secrets_only) { + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_label")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_label")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_entry")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_not_required_checkbox")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo")); + gtk_widget_hide (widget); + } + + nma_cert_chooser_setup_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser), + 0, (NMSetting *) s_8021x, NM_SETTING_802_1X_CA_CERT_PASSWORD, + FALSE, secrets_only); + + return method; +} diff --git a/src/nma-ws/nma-eap-ttls.h b/src/nma-ws/nma-eap-ttls.h new file mode 100644 index 00000000..1e072336 --- /dev/null +++ b/src/nma-ws/nma-eap-ttls.h @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_EAP_TTLS_H +#define NMA_EAP_TTLS_H + +#include "nma-ws.h" + +typedef struct _NMAEapTtls NMAEapTtls; + +NMAEapTtls *nma_eap_ttls_new (NMAWs8021x *ws_8021x, + NMConnection *connection, + gboolean is_editor, + gboolean secrets_only); + +#endif /* NMA_EAP_TLS_H */ diff --git a/src/nma-ws/nma-eap-ttls.ui b/src/nma-ws/nma-eap-ttls.ui new file mode 100644 index 00000000..0fe6384f --- /dev/null +++ b/src/nma-ws/nma-eap-ttls.ui @@ -0,0 +1,148 @@ + + + + + + + + + + + + + + + + + True + False + 6 + 6 + + + True + True + True + True + + + 1 + 0 + + + + + True + False + vertical + 6 + + + + + + 0 + 5 + 2 + + + + + True + False + True + model6 + + + + 0 + + + + + 1 + 4 + + + + + True + False + _Inner authentication + True + eap_ttls_inner_auth_combo + 1 + + + 0 + 4 + + + + + No CA certificate is _required + True + True + False + start + True + True + True + + + 1 + 3 + + + + + True + True + True + True + + + 1 + 1 + + + + + True + False + Anony_mous identity + True + eap_ttls_anon_identity_entry + 1 + + + 0 + 0 + + + + + True + False + Suffix of the server certificate name. + _Domain + True + eap_ttls_domain_entry + 1 + + + 0 + 1 + + + + + + + + + + + + + diff --git a/src/nma-ws/nma-eap.c b/src/nma-ws/nma-eap.c new file mode 100644 index 00000000..f666dab9 --- /dev/null +++ b/src/nma-ws/nma-eap.c @@ -0,0 +1,424 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#include "nm-default.h" + +#include +#include +#include +#include +#include + +#include "nma-eap.h" +#include "nm-utils.h" +#include "utils.h" + +G_DEFINE_BOXED_TYPE (NMAEap, nma_eap, nma_eap_ref, nma_eap_unref) + +GtkWidget * +nma_eap_get_widget (NMAEap *method) +{ + g_return_val_if_fail (method != NULL, NULL); + + return method->ui_widget; +} + +gboolean +nma_eap_validate (NMAEap *method, GError **error) +{ + gboolean result; + + g_return_val_if_fail (method != NULL, FALSE); + + g_assert (method->validate); + result = (*(method->validate)) (method, error); + if (!result && error && !*error) + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("undefined error in 802.1X security (wpa-eap)")); + return result; +} + +void +nma_eap_add_to_size_group (NMAEap *method, GtkSizeGroup *group) +{ + g_return_if_fail (method != NULL); + g_return_if_fail (group != NULL); + + g_assert (method->add_to_size_group); + return (*(method->add_to_size_group)) (method, group); +} + +void +nma_eap_fill_connection (NMAEap *method, + NMConnection *connection) +{ + g_return_if_fail (method != NULL); + g_return_if_fail (connection != NULL); + + g_assert (method->fill_connection); + return (*(method->fill_connection)) (method, connection); +} + +void +nma_eap_update_secrets (NMAEap *method, NMConnection *connection) +{ + g_return_if_fail (method != NULL); + g_return_if_fail (connection != NULL); + + if (method->update_secrets) + method->update_secrets (method, connection); +} + +void +nma_eap_phase2_update_secrets_helper (NMAEap *method, + NMConnection *connection, + const char *combo_name, + guint32 column) +{ + GtkWidget *combo; + GtkTreeIter iter; + GtkTreeModel *model; + + g_return_if_fail (method != NULL); + g_return_if_fail (connection != NULL); + g_return_if_fail (combo_name != NULL); + + combo = GTK_WIDGET (gtk_builder_get_object (method->builder, combo_name)); + g_assert (combo); + + /* Let each EAP phase2 method try to update its secrets */ + model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); + if (gtk_tree_model_get_iter_first (model, &iter)) { + do { + NMAEap *eap = NULL; + + gtk_tree_model_get (model, &iter, column, &eap, -1); + if (eap) { + nma_eap_update_secrets (eap, connection); + nma_eap_unref (eap); + } + } while (gtk_tree_model_iter_next (model, &iter)); + } +} + +NMAEap * +nma_eap_init (gsize obj_size, + NMAEapValidateFunc validate, + NMAEapAddToSizeGroupFunc add_to_size_group, + NMAEapFillConnectionFunc fill_connection, + NMAEapUpdateSecretsFunc update_secrets, + NMAEapDestroyFunc destroy, + const char *ui_resource, + const char *ui_widget_name, + const char *default_field, + gboolean phase2) +{ + NMAEap *method; + GError *error = NULL; + + g_return_val_if_fail (obj_size > 0, NULL); + g_return_val_if_fail (ui_resource != NULL, NULL); + g_return_val_if_fail (ui_widget_name != NULL, NULL); + + method = g_slice_alloc0 (obj_size); + g_assert (method); + + method->refcount = 1; + method->obj_size = obj_size; + method->validate = validate; + method->add_to_size_group = add_to_size_group; + method->fill_connection = fill_connection; + method->update_secrets = update_secrets; + method->default_field = default_field; + method->phase2 = phase2; + + method->builder = gtk_builder_new (); + if (!gtk_builder_add_from_resource (method->builder, ui_resource, &error)) { + g_warning ("Couldn't load UI builder resource %s: %s", + ui_resource, error->message); + nma_eap_unref (method); + return NULL; + } + + method->ui_widget = GTK_WIDGET (gtk_builder_get_object (method->builder, ui_widget_name)); + if (!method->ui_widget) { + g_warning ("Couldn't load UI widget '%s' from UI file %s", + ui_widget_name, ui_resource); + nma_eap_unref (method); + return NULL; + } + g_object_ref_sink (method->ui_widget); + + method->destroy = destroy; + + return method; +} + + +NMAEap * +nma_eap_ref (NMAEap *method) +{ + g_return_val_if_fail (method != NULL, NULL); + g_return_val_if_fail (method->refcount > 0, NULL); + + method->refcount++; + return method; +} + +void +nma_eap_unref (NMAEap *method) +{ + g_return_if_fail (method != NULL); + g_return_if_fail (method->refcount > 0); + + method->refcount--; + if (method->refcount == 0) { + if (method->destroy) + method->destroy (method); + + if (method->builder) + g_object_unref (method->builder); + if (method->ui_widget) + g_object_unref (method->ui_widget); + + g_slice_free1 (method->obj_size, method); + } +} + +/* Used as both GSettings keys and GObject data tags */ +#define IGNORE_CA_CERT_TAG "ignore-ca-cert" +#define IGNORE_PHASE2_CA_CERT_TAG "ignore-phase2-ca-cert" + +/** + * nma_eap_ca_cert_ignore_set: + * @method: the #NMAEap object + * @connection: the #NMConnection + * @filename: the certificate file, if any + * @ca_cert_error: %TRUE if an error was encountered loading the given CA + * certificate, %FALSE if not or if a CA certificate is not present + * + * Updates the connection's CA cert ignore value to %TRUE if the "CA certificate + * not required" checkbox is checked. If @ca_cert_error is %TRUE, then the + * connection's CA cert ignore value will always be set to %FALSE, because it + * means that the user selected an invalid certificate (thus he does not want to + * ignore the CA cert).. + */ +void +nma_eap_ca_cert_ignore_set (NMAEap *method, + NMConnection *connection, + const char *filename, + gboolean ca_cert_error) +{ + NMSetting8021x *s_8021x; + gboolean ignore; + + s_8021x = nm_connection_get_setting_802_1x (connection); + if (s_8021x) { + ignore = !ca_cert_error && filename == NULL; + g_object_set_data (G_OBJECT (s_8021x), + method->phase2 ? IGNORE_PHASE2_CA_CERT_TAG : IGNORE_CA_CERT_TAG, + GUINT_TO_POINTER (ignore)); + } +} + +/** + * nma_eap_ca_cert_ignore_get: + * @method: the #NMAEap object + * @connection: the #NMConnection + * + * Returns: %TRUE if a missing CA certificate can be ignored, %FALSE if a CA + * certificate should be required for the connection to be valid. + */ +gboolean +nma_eap_ca_cert_ignore_get (NMAEap *method, NMConnection *connection) +{ + NMSetting8021x *s_8021x; + + s_8021x = nm_connection_get_setting_802_1x (connection); + if (s_8021x) { + return !!g_object_get_data (G_OBJECT (s_8021x), + method->phase2 ? IGNORE_PHASE2_CA_CERT_TAG : IGNORE_CA_CERT_TAG); + } + return FALSE; +} + +static GSettings * +_get_ca_ignore_settings (NMConnection *connection) +{ + GSettings *settings; + char *path = NULL; + const char *uuid; + + g_return_val_if_fail (connection, NULL); + + uuid = nm_connection_get_uuid (connection); + g_return_val_if_fail (uuid && *uuid, NULL); + + path = g_strdup_printf ("/org/gnome/nm-applet/eap/%s/", uuid); + settings = g_settings_new_with_path ("org.gnome.nm-applet.eap", path); + g_free (path); + + return settings; +} + +/** + * nma_eap_ca_cert_ignore_save: + * @connection: the connection for which to save CA cert ignore values to GSettings + * + * Reads the CA cert ignore tags from the 802.1x setting GObject data and saves + * then to GSettings if present, using the connection UUID as the index. + */ +void +nma_eap_ca_cert_ignore_save (NMConnection *connection) +{ + NMSetting8021x *s_8021x; + GSettings *settings; + gboolean ignore = FALSE, phase2_ignore = FALSE; + + g_return_if_fail (connection); + + s_8021x = nm_connection_get_setting_802_1x (connection); + if (s_8021x) { + ignore = !!g_object_get_data (G_OBJECT (s_8021x), IGNORE_CA_CERT_TAG); + phase2_ignore = !!g_object_get_data (G_OBJECT (s_8021x), IGNORE_PHASE2_CA_CERT_TAG); + } + + settings = _get_ca_ignore_settings (connection); + if (!settings) + return; + + g_settings_set_boolean (settings, IGNORE_CA_CERT_TAG, ignore); + g_settings_set_boolean (settings, IGNORE_PHASE2_CA_CERT_TAG, phase2_ignore); + g_object_unref (settings); +} + +/** + * nma_eap_ca_cert_ignore_load: + * @connection: the connection for which to load CA cert ignore values to GSettings + * + * Reads the CA cert ignore tags from the 802.1x setting GObject data and saves + * then to GSettings if present, using the connection UUID as the index. + */ +void +nma_eap_ca_cert_ignore_load (NMConnection *connection) +{ + GSettings *settings; + NMSetting8021x *s_8021x; + gboolean ignore, phase2_ignore; + + g_return_if_fail (connection); + + s_8021x = nm_connection_get_setting_802_1x (connection); + if (!s_8021x) + return; + + settings = _get_ca_ignore_settings (connection); + if (!settings) + return; + + ignore = g_settings_get_boolean (settings, IGNORE_CA_CERT_TAG); + phase2_ignore = g_settings_get_boolean (settings, IGNORE_PHASE2_CA_CERT_TAG); + + g_object_set_data (G_OBJECT (s_8021x), + IGNORE_CA_CERT_TAG, + GUINT_TO_POINTER (ignore)); + g_object_set_data (G_OBJECT (s_8021x), + IGNORE_PHASE2_CA_CERT_TAG, + GUINT_TO_POINTER (phase2_ignore)); + g_object_unref (settings); +} + +GError * +nma_eap_ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data) +{ + NMSetting8021xCKScheme scheme; + NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + gs_unref_object NMSetting8021x *setting = NULL; + gs_free char *value = NULL; + GError *local = NULL; + + setting = (NMSetting8021x *) nm_setting_802_1x_new (); + + value = nma_cert_chooser_get_cert (cert_chooser, &scheme); + if (!value) { + return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, + _("no CA certificate selected")); + } + if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) { + if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) { + return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, + _("selected CA certificate file does not exist")); + } + } + + if (!nm_setting_802_1x_set_ca_cert (setting, value, scheme, &format, &local)) + return local; + + return NULL; +} + +void +nma_eap_setup_cert_chooser (NMACertChooser *cert_chooser, + NMSetting8021x *s_8021x, + NMSetting8021xCKScheme (*cert_scheme_func) (NMSetting8021x *setting), + const char *(*cert_path_func) (NMSetting8021x *setting), + const char *(*cert_uri_func) (NMSetting8021x *setting), + const char *(*cert_password_func) (NMSetting8021x *setting), + NMSetting8021xCKScheme (*key_scheme_func) (NMSetting8021x *setting), + const char *(*key_path_func) (NMSetting8021x *setting), + const char *(*key_uri_func) (NMSetting8021x *setting), + const char *(*key_password_func) (NMSetting8021x *setting)) +{ + NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN; + const char *value = NULL; + const char *password = NULL; + + + if (s_8021x && cert_path_func && cert_uri_func && cert_scheme_func) { + scheme = cert_scheme_func (s_8021x); + switch (scheme) { + case NM_SETTING_802_1X_CK_SCHEME_PATH: + value = cert_path_func (s_8021x); + break; + case NM_SETTING_802_1X_CK_SCHEME_PKCS11: + value = cert_uri_func (s_8021x); + password = cert_password_func ? cert_password_func (s_8021x) : NULL; + if (password) + nma_cert_chooser_set_cert_password (cert_chooser, password); + break; + case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN: + /* No CA set. */ + break; + default: + g_warning ("unhandled certificate scheme %d", scheme); + } + + } + nma_cert_chooser_set_cert (cert_chooser, value, scheme); + + if (s_8021x && key_path_func && key_uri_func && key_scheme_func) { + scheme = key_scheme_func (s_8021x); + switch (scheme) { + case NM_SETTING_802_1X_CK_SCHEME_PATH: + value = key_path_func (s_8021x); + break; + case NM_SETTING_802_1X_CK_SCHEME_PKCS11: + value = key_uri_func (s_8021x); + break; + case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN: + /* No certificate set. */ + break; + default: + g_warning ("unhandled key scheme %d", scheme); + } + + nma_cert_chooser_set_key (cert_chooser, value, scheme); + } + + password = s_8021x && key_password_func ? key_password_func (s_8021x) : NULL; + if (password) + nma_cert_chooser_set_key_password (cert_chooser, key_password_func (s_8021x)); +} diff --git a/src/nma-ws/nma-eap.h b/src/nma-ws/nma-eap.h new file mode 100644 index 00000000..db5c84a0 --- /dev/null +++ b/src/nma-ws/nma-eap.h @@ -0,0 +1,106 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_EAP_H +#define NMA_EAP_H + +typedef struct _NMAEap NMAEap; + +typedef void (*NMAEapAddToSizeGroupFunc) (NMAEap *method, GtkSizeGroup *group); +typedef void (*NMAEapFillConnectionFunc) (NMAEap *method, NMConnection *connection); +typedef void (*NMAEapUpdateSecretsFunc) (NMAEap *method, NMConnection *connection); +typedef void (*NMAEapDestroyFunc) (NMAEap *method); +typedef gboolean (*NMAEapValidateFunc) (NMAEap *method, GError **error); + +struct _NMAEap { + guint32 refcount; + gsize obj_size; + + GtkBuilder *builder; + GtkWidget *ui_widget; + + const char *default_field; + + gboolean phase2; + gboolean secrets_only; + + NMAEapAddToSizeGroupFunc add_to_size_group; + NMAEapFillConnectionFunc fill_connection; + NMAEapUpdateSecretsFunc update_secrets; + NMAEapValidateFunc validate; + NMAEapDestroyFunc destroy; +}; + +#define NMA_EAP(x) ((NMAEap *) x) + + +GtkWidget *nma_eap_get_widget (NMAEap *method); + +gboolean nma_eap_validate (NMAEap *method, GError **error); + +void nma_eap_add_to_size_group (NMAEap *method, GtkSizeGroup *group); + +void nma_eap_fill_connection (NMAEap *method, + NMConnection *connection); + +void nma_eap_update_secrets (NMAEap *method, NMConnection *connection); + +NMAEap *nma_eap_ref (NMAEap *method); + +void nma_eap_unref (NMAEap *method); + +GType nma_eap_get_type (void); + +/* Below for internal use only */ + +#include "nma-cert-chooser.h" +#include "nma-eap-tls.h" +#include "nma-eap-leap.h" +#include "nma-eap-fast.h" +#include "nma-eap-ttls.h" +#include "nma-eap-peap.h" +#include "nma-eap-simple.h" + +NMAEap *nma_eap_init (gsize obj_size, + NMAEapValidateFunc validate, + NMAEapAddToSizeGroupFunc add_to_size_group, + NMAEapFillConnectionFunc fill_connection, + NMAEapUpdateSecretsFunc update_secrets, + NMAEapDestroyFunc destroy, + const char *ui_resource, + const char *ui_widget_name, + const char *default_field, + gboolean phase2); + +void nma_eap_phase2_update_secrets_helper (NMAEap *method, + NMConnection *connection, + const char *combo_name, + guint32 column); + +void nma_eap_ca_cert_ignore_set (NMAEap *method, + NMConnection *connection, + const char *filename, + gboolean ca_cert_error); +gboolean nma_eap_ca_cert_ignore_get (NMAEap *method, NMConnection *connection); + +void nma_eap_ca_cert_ignore_save (NMConnection *connection); +void nma_eap_ca_cert_ignore_load (NMConnection *connection); + +GError *nma_eap_ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data); + +void nma_eap_setup_cert_chooser (NMACertChooser *cert_chooser, + NMSetting8021x *s_8021x, + NMSetting8021xCKScheme (*cert_scheme_func) (NMSetting8021x *setting), + const char *(*cert_path_func) (NMSetting8021x *setting), + const char *(*cert_uri_func) (NMSetting8021x *setting), + const char *(*cert_password_func) (NMSetting8021x *setting), + NMSetting8021xCKScheme (*key_scheme_func) (NMSetting8021x *setting), + const char *(*key_path_func) (NMSetting8021x *setting), + const char *(*key_uri_func) (NMSetting8021x *setting), + const char *(*key_password_func) (NMSetting8021x *setting)); + +#endif /* NMA_EAP_H */ diff --git a/src/nma-ws/nma-ws-802-1x-private.h b/src/nma-ws/nma-ws-802-1x-private.h new file mode 100644 index 00000000..23743eee --- /dev/null +++ b/src/nma-ws/nma-ws-802-1x-private.h @@ -0,0 +1,37 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_WS_802_1X_PRIVATE_H +#define NMA_WS_802_1X_PRIVATE_H + +struct _NMAWs8021xClass { + GtkGridClass parent; +}; + +struct _NMAWs8021x { + GtkGrid parent; + + GtkWidget *eap_auth_combo; + GtkWidget *eap_auth_label; + GtkWidget *eap_vbox; + + NMConnection *connection; + gboolean secrets_only; + gboolean is_editor; + char **secrets_hints; + + char *username, *password; + gboolean always_ask, show_password; +}; + +void nma_ws_802_1x_fill_connection (NMAWs *ws, NMConnection *connection); + +void nma_ws_802_1x_set_userpass (NMAWs8021x *self, + const char *user, + const char *password, + gboolean always_ask, + gboolean show_password); + +#endif /* NMA_WS_802_1X_PRIVATE_H */ diff --git a/src/nma-ws/nma-ws-802-1x.c b/src/nma-ws/nma-ws-802-1x.c new file mode 100644 index 00000000..ba348266 --- /dev/null +++ b/src/nma-ws/nma-ws-802-1x.c @@ -0,0 +1,528 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#include "nm-default.h" +#include "nma-private.h" + +#include +#include + +#include "nma-ws.h" +#include "nma-ws-private.h" +#include "nma-ws-802-1x.h" +#include "nma-ws-802-1x-private.h" +#include "nma-ws-helpers.h" +#include "nma-ui-utils.h" + +#include "nma-eap-tls.h" +#include "nma-eap-leap.h" +#include "nma-eap-fast.h" +#include "nma-eap-ttls.h" +#include "nma-eap-peap.h" +#include "nma-eap-simple.h" +#include "nma-eap.h" + +#include "utils.h" + +#define AUTH_NAME_COLUMN 0 +#define AUTH_METHOD_COLUMN 1 + +static void nma_ws_interface_init (NMAWsInterface *iface); + +G_DEFINE_TYPE_WITH_CODE (NMAWs8021x, nma_ws_802_1x, GTK_TYPE_GRID, + G_IMPLEMENT_INTERFACE (NMA_TYPE_WS, nma_ws_interface_init)) + +enum { + PROP_0, + PROP_CONNECTION, + PROP_SECRETS_ONLY, + PROP_IS_EDITOR, + PROP_SECRETS_HINTS, + PROP_LAST +}; + +void +nma_ws_802_1x_set_userpass (NMAWs8021x *self, + const char *user, + const char *password, + gboolean always_ask, + gboolean show_password) +{ + g_free (self->username); + self->username = g_strdup (user); + + if (self->password) { + memset (self->password, 0, strlen (self->password)); + g_free (self->password); + } + self->password = g_strdup (password); + + if (always_ask != (gboolean) -1) + self->always_ask = always_ask; + self->show_password = show_password; +} + +static void +init_userpass (NMAWs8021x *self, NMConnection *connection) +{ + const char *user = NULL, *password = NULL; + gboolean always_ask = FALSE, show_password = FALSE; + NMSetting8021x *setting; + NMSettingSecretFlags flags; + + if (!connection) + goto set; + + setting = nm_connection_get_setting_802_1x (connection); + if (!setting) + goto set; + + user = nm_setting_802_1x_get_identity (setting); + password = nm_setting_802_1x_get_password (setting); + + if (nm_setting_get_secret_flags (NM_SETTING (setting), NM_SETTING_802_1X_PASSWORD, &flags, NULL)) + always_ask = !!(flags & NM_SETTING_SECRET_FLAG_NOT_SAVED); + +set: + nma_ws_802_1x_set_userpass (self, user, password, always_ask, show_password); +} + +static gboolean +validate (NMAWs *ws, GError **error) +{ + NMAWs8021x *self = NMA_WS_802_1X (ws); + GtkTreeModel *model; + GtkTreeIter iter; + NMAEap *eap = NULL; + gboolean valid = FALSE; + + model = gtk_combo_box_get_model (GTK_COMBO_BOX (self->eap_auth_combo)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (self->eap_auth_combo), &iter); + gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1); + g_return_val_if_fail (eap, FALSE); + valid = nma_eap_validate (eap, error); + nma_eap_unref (eap); + return valid; +} + +static void +auth_combo_changed_cb (GtkWidget *combo, gpointer user_data) +{ + NMAWs8021x *self = NMA_WS_802_1X (user_data); + + NMAEap *eap = NULL; + GList *elt, *children; + GtkTreeModel *model; + GtkTreeIter iter; + GtkWidget *eap_widget; + GtkWidget *eap_default_widget = NULL; + + /* Remove any previous wireless security widgets */ + children = gtk_container_get_children (GTK_CONTAINER (self->eap_vbox)); + for (elt = children; elt; elt = g_list_next (elt)) + gtk_container_remove (GTK_CONTAINER (self->eap_vbox), GTK_WIDGET (elt->data)); + + model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (combo), &iter); + gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1); + g_return_if_fail (eap); + + eap_widget = nma_eap_get_widget (eap); + g_return_if_fail (eap_widget); + gtk_widget_unparent (eap_widget); + + gtk_container_add (GTK_CONTAINER (self->eap_vbox), eap_widget); + + /* Refocus the EAP method's default widget */ + if (eap->default_field) { + eap_default_widget = GTK_WIDGET (gtk_builder_get_object (eap->builder, eap->default_field)); + if (eap_default_widget) + gtk_widget_grab_focus (eap_default_widget); + } + + nma_eap_unref (eap); + + nma_ws_changed_cb (combo, NMA_WS (self)); +} + +static void +add_to_size_group (NMAWs *ws, GtkSizeGroup *group) +{ + NMAWs8021x *self = NMA_WS_802_1X (ws); + NMAEap *eap = NULL; + GtkTreeModel *model; + GtkTreeIter iter; + + model = gtk_combo_box_get_model (GTK_COMBO_BOX (self->eap_auth_combo)); + + /* Let each EAP method try to update its secrets */ + if (gtk_tree_model_get_iter_first (model, &iter)) { + do { + gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1); + if (eap) { + nma_eap_add_to_size_group (eap, group); + nma_eap_unref (eap); + } + } while (gtk_tree_model_iter_next (model, &iter)); + } + + gtk_size_group_add_widget (group, self->eap_auth_label); +} + +void +nma_ws_802_1x_fill_connection (NMAWs *ws, NMConnection *connection) +{ + NMAWs8021x *self = NMA_WS_802_1X (ws); + NMSettingWirelessSecurity *s_wireless_sec; + NMSetting8021x *s_8021x; + NMAEap *eap = NULL; + GtkTreeModel *model; + GtkTreeIter iter; + + /* Get the NMAEap object */ + model = gtk_combo_box_get_model (GTK_COMBO_BOX (self->eap_auth_combo)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (self->eap_auth_combo), &iter); + gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1); + g_return_if_fail (eap); + + /* Blow away the old wireless security setting by adding a clear one */ + s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); + nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec); + + /* Blow away the old 802.1x setting by adding a clear one */ + s_8021x = (NMSetting8021x *) nm_setting_802_1x_new (); + nm_connection_add_setting (connection, (NMSetting *) s_8021x); + + nma_eap_fill_connection (eap, connection); + nma_eap_unref (eap); +} + +static void +update_secrets (NMAWs *ws, NMConnection *connection) +{ + NMAWs8021x *self = NMA_WS_802_1X (ws); + NMAEap *eap = NULL; + GtkTreeModel *model; + GtkTreeIter iter; + + g_return_if_fail (connection != NULL); + + model = gtk_combo_box_get_model (GTK_COMBO_BOX (self->eap_auth_combo)); + + /* Let each EAP method try to update its secrets */ + if (gtk_tree_model_get_iter_first (model, &iter)) { + do { + gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1); + if (eap) { + nma_eap_update_secrets (eap, connection); + nma_eap_unref (eap); + } + } while (gtk_tree_model_iter_next (model, &iter)); + } +} + +static void +get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + NMAWs8021x *self = NMA_WS_802_1X (object); + + switch (prop_id) { + case PROP_CONNECTION: + g_value_set_object (value, self->connection); + break; + case PROP_SECRETS_ONLY: + g_value_set_boolean (value, self->secrets_only); + break; + case PROP_IS_EDITOR: + g_value_set_boolean (value, self->is_editor); + break; + case PROP_SECRETS_HINTS: + g_value_set_boxed (value, self->secrets_hints); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + NMAWs8021x *self = NMA_WS_802_1X (object); + + switch (prop_id) { + case PROP_CONNECTION: + self->connection = g_value_dup_object (value); + break; + case PROP_SECRETS_ONLY: + self->secrets_only = g_value_get_boolean (value); + break; + case PROP_IS_EDITOR: + self->is_editor = g_value_get_boolean (value); + break; + case PROP_SECRETS_HINTS: + self->secrets_hints = g_value_dup_boxed (value); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +nma_ws_802_1x_init (NMAWs8021x *self) +{ + gtk_widget_init_template (GTK_WIDGET (self)); +} + +static void +nma_ws_interface_init (NMAWsInterface *iface) +{ + iface->validate = validate; + iface->add_to_size_group = add_to_size_group; + iface->fill_connection = nma_ws_802_1x_fill_connection; + iface->update_secrets = update_secrets; + iface->adhoc_compatible = FALSE; + iface->hotspot_compatible = FALSE; +} + +static void +constructed (GObject *object) +{ + NMAWs8021x *self = NMA_WS_802_1X (object); + GtkListStore *auth_model; + GtkTreeIter iter; + NMAEapSimple *em_md5; + NMAEapTls *em_tls; + NMAEapLeap *em_leap; + NMAEapSimple *em_pwd; + NMAEapFast *em_fast; + NMAEapTtls *em_ttls; + NMAEapPeap *em_peap; + const char *default_method = NULL, *ctype = NULL; + int active = -1, item = 0; + gboolean wired = FALSE; + NMAEapSimpleFlags simple_flags = NMA_EAP_SIMPLE_FLAG_NONE; + + /* Grab the default EAP method out of the security object */ + if (self->connection) { + NMSettingConnection *s_con; + NMSetting8021x *s_8021x; + + s_con = nm_connection_get_setting_connection (self->connection); + if (s_con) + ctype = nm_setting_connection_get_connection_type (s_con); + if ( (g_strcmp0 (ctype, NM_SETTING_WIRED_SETTING_NAME) == 0) + || nm_connection_get_setting_wired (self->connection)) + wired = TRUE; + + s_8021x = nm_connection_get_setting_802_1x (self->connection); + if (s_8021x && nm_setting_802_1x_get_num_eap_methods (s_8021x)) + default_method = nm_setting_802_1x_get_eap_method (s_8021x, 0); + } + + /* initialize NMAWs userpass from connection (clear if no connection) */ + init_userpass (self, self->connection); + + auth_model = gtk_list_store_new (2, G_TYPE_STRING, nma_eap_get_type ()); + + if (self->is_editor) + simple_flags |= NMA_EAP_SIMPLE_FLAG_IS_EDITOR; + if (self->secrets_only) + simple_flags |= NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY; + + if (wired) { + em_md5 = nma_eap_simple_new (self, self->connection, NMA_EAP_SIMPLE_TYPE_MD5, simple_flags, NULL); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + AUTH_NAME_COLUMN, _("MD5"), + AUTH_METHOD_COLUMN, em_md5, + -1); + nma_eap_unref (NMA_EAP (em_md5)); + if (default_method && (active < 0) && !strcmp (default_method, "md5")) + active = item; + item++; + } + + em_tls = nma_eap_tls_new (self, self->connection, FALSE, self->secrets_only); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + AUTH_NAME_COLUMN, _("TLS"), + AUTH_METHOD_COLUMN, em_tls, + -1); + nma_eap_unref (NMA_EAP (em_tls)); + if (default_method && (active < 0) && !strcmp (default_method, "tls")) + active = item; + item++; + + if (!wired) { + em_leap = nma_eap_leap_new (self, self->connection, self->secrets_only); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + AUTH_NAME_COLUMN, _("LEAP"), + AUTH_METHOD_COLUMN, em_leap, + -1); + nma_eap_unref (NMA_EAP (em_leap)); + if (default_method && (active < 0) && !strcmp (default_method, "leap")) + active = item; + item++; + } + + em_pwd = nma_eap_simple_new (self, self->connection, NMA_EAP_SIMPLE_TYPE_PWD, simple_flags, NULL); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + AUTH_NAME_COLUMN, _("PWD"), + AUTH_METHOD_COLUMN, em_pwd, + -1); + nma_eap_unref (NMA_EAP (em_pwd)); + if (default_method && (active < 0) && !strcmp (default_method, "pwd")) + active = item; + item++; + + em_fast = nma_eap_fast_new (self, self->connection, self->is_editor, self->secrets_only); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + AUTH_NAME_COLUMN, _("FAST"), + AUTH_METHOD_COLUMN, em_fast, + -1); + nma_eap_unref (NMA_EAP (em_fast)); + if (default_method && (active < 0) && !strcmp (default_method, "fast")) + active = item; + item++; + + em_ttls = nma_eap_ttls_new (self, self->connection, self->is_editor, self->secrets_only); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + AUTH_NAME_COLUMN, _("Tunneled TLS"), + AUTH_METHOD_COLUMN, em_ttls, + -1); + nma_eap_unref (NMA_EAP (em_ttls)); + if (default_method && (active < 0) && !strcmp (default_method, "ttls")) + active = item; + item++; + + em_peap = nma_eap_peap_new (self, self->connection, self->is_editor, self->secrets_only); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + AUTH_NAME_COLUMN, _("Protected EAP (PEAP)"), + AUTH_METHOD_COLUMN, em_peap, + -1); + nma_eap_unref (NMA_EAP (em_peap)); + if (default_method && (active < 0) && !strcmp (default_method, "peap")) + active = item; + item++; + + if (self->secrets_hints && self->secrets_hints[0]) { + NMAEapSimple *em_hints; + + em_hints = nma_eap_simple_new (self, self->connection, NMA_EAP_SIMPLE_TYPE_UNKNOWN, + simple_flags, (const char **)self->secrets_hints); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + AUTH_NAME_COLUMN, _("Unknown"), + AUTH_METHOD_COLUMN, em_hints, + -1); + nma_eap_unref (NMA_EAP (em_hints)); + active = item; + item++; + } else if (default_method && !strcmp (default_method, "external")) { + NMAEapSimple *em_extern; + const char *empty_hints[] = { NULL }; + + em_extern = nma_eap_simple_new (self, self->connection, NMA_EAP_SIMPLE_TYPE_UNKNOWN, + simple_flags, empty_hints); + gtk_list_store_append (auth_model, &iter); + gtk_list_store_set (auth_model, &iter, + AUTH_NAME_COLUMN, _("Externally configured"), + AUTH_METHOD_COLUMN, em_extern, + -1); + nma_eap_unref (NMA_EAP (em_extern)); + active = item; + item++; + } + + gtk_combo_box_set_model (GTK_COMBO_BOX (self->eap_auth_combo), GTK_TREE_MODEL (auth_model)); + g_object_unref (G_OBJECT (auth_model)); + gtk_combo_box_set_active (GTK_COMBO_BOX (self->eap_auth_combo), active < 0 ? 0 : (guint32) active); + + if (self->secrets_only) { + gtk_widget_hide (self->eap_auth_combo); + gtk_widget_hide (self->eap_auth_label); + } + + G_OBJECT_CLASS (nma_ws_802_1x_parent_class)->constructed (object); +} + +NMAWs8021x * +nma_ws_802_1x_new (NMConnection *connection, + gboolean is_editor, + gboolean secrets_only) +{ + return g_object_new (NMA_TYPE_WS_802_1X, + "connection", connection, + "is-editor", is_editor, + "secrets-only", secrets_only, + NULL); +} + +static void +dispose (GObject *object) +{ + NMAWs8021x *self = NMA_WS_802_1X (object); + + g_clear_object (&self->connection); + g_clear_pointer (&self->secrets_hints, g_strfreev); + g_clear_pointer (&self->username, g_free); + g_clear_pointer (&self->password, g_free); +} + +static void +nma_ws_802_1x_class_init (NMAWs8021xClass *klass) +{ + GObjectClass *object_class = G_OBJECT_CLASS (klass); + GtkWidgetClass *widget_class = GTK_WIDGET_CLASS (klass); + + object_class->get_property = get_property; + object_class->set_property = set_property; + object_class->constructed = constructed; + object_class->dispose = dispose; + + g_object_class_override_property (object_class, + PROP_CONNECTION, "connection"); + + g_object_class_override_property (object_class, + PROP_SECRETS_ONLY, "secrets-only"); + + g_object_class_install_property + (object_class, PROP_IS_EDITOR, + g_param_spec_boolean ("is-editor", "", "", + FALSE, + G_PARAM_READWRITE + | G_PARAM_CONSTRUCT + | G_PARAM_STATIC_STRINGS)); + + g_object_class_install_property + (object_class, PROP_SECRETS_HINTS, + g_param_spec_boxed ("secrets-hints", "", "", + G_TYPE_STRV, + G_PARAM_READWRITE + | G_PARAM_CONSTRUCT + | G_PARAM_STATIC_STRINGS)); + + gtk_widget_class_set_template_from_resource (widget_class, + "/org/gnome/libnma/nma-ws-802-1x.ui"); + + gtk_widget_class_bind_template_child (widget_class, NMAWs8021x, eap_auth_combo); + gtk_widget_class_bind_template_child (widget_class, NMAWs8021x, eap_auth_label); + gtk_widget_class_bind_template_child (widget_class, NMAWs8021x, eap_vbox); + + gtk_widget_class_bind_template_callback (widget_class, auth_combo_changed_cb); +} diff --git a/src/nma-ws/nma-ws-802-1x.h b/src/nma-ws/nma-ws-802-1x.h new file mode 100644 index 00000000..c12c61f0 --- /dev/null +++ b/src/nma-ws/nma-ws-802-1x.h @@ -0,0 +1,33 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_WS_802_1X_H +#define NMA_WS_802_1X_H + +#include "nma-version.h" + +G_BEGIN_DECLS + +typedef struct _NMAWs8021xClass NMAWs8021xClass; +typedef struct _NMAWs8021x NMAWs8021x; + +#define NMA_TYPE_WS_802_1X (nma_ws_802_1x_get_type ()) +#define NMA_WS_802_1X(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NMA_TYPE_WS_802_1X, NMAWs8021x)) +#define NMA_WS_802_1X_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NMA_TYPE_WS_802_1X, NMAWs8021xClass)) +#define NMA_IS_WS_802_1X(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NMA_TYPE_WS_802_1X)) +#define NMA_IS_WS_802_1X_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NMA_TYPE_WS_802_1X)) +#define NMA_WS_802_1X_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NMA_TYPE_WS_802_1X, NMAWs8021xClass)) + +NMA_AVAILABLE_IN_1_8_28 +GType nma_ws_802_1x_get_type (void); + +NMA_AVAILABLE_IN_1_8_28 +NMAWs8021x *nma_ws_802_1x_new (NMConnection *connection, + gboolean is_editor, + gboolean secrets_only); + +G_END_DECLS + +#endif /* NMA_WS_802_1X_H */ diff --git a/src/nma-ws/nma-ws-802-1x.ui b/src/nma-ws/nma-ws-802-1x.ui new file mode 100644 index 00000000..1930d7b4 --- /dev/null +++ b/src/nma-ws/nma-ws-802-1x.ui @@ -0,0 +1,72 @@ + + + + + + + + + + + + + + + + + diff --git a/src/nma-ws/nma-ws-dynamic-wep.c b/src/nma-ws/nma-ws-dynamic-wep.c new file mode 100644 index 00000000..911d7db6 --- /dev/null +++ b/src/nma-ws/nma-ws-dynamic-wep.c @@ -0,0 +1,68 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ +#include "nm-default.h" +#include "nma-private.h" + +#include "nma-ws.h" +#include "nma-ws-private.h" +#include "nma-ws-802-1x.h" +#include "nma-ws-802-1x-private.h" +#include "nma-ws-dynamic-wep.h" + +typedef struct { + NMAWs8021xClass parent; +} NMAWsDynamicWepClass; + +struct _NMAWsDynamicWep { + NMAWs8021x parent; +}; + +static void nma_ws_interface_init (NMAWsInterface *iface); + +G_DEFINE_TYPE_WITH_CODE (NMAWsDynamicWep, nma_ws_dynamic_wep, NMA_TYPE_WS_802_1X, + G_IMPLEMENT_INTERFACE (NMA_TYPE_WS, nma_ws_interface_init)) + +static void +fill_connection (NMAWs *ws, NMConnection *connection) +{ + NMSettingWirelessSecurity *s_wireless_sec; + + nma_ws_802_1x_fill_connection (ws, connection); + + s_wireless_sec = nm_connection_get_setting_wireless_security (connection); + g_return_if_fail (s_wireless_sec); + + g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "ieee8021x", NULL); +} + +static void +nma_ws_dynamic_wep_init (NMAWsDynamicWep *self) +{ +} + +static void +nma_ws_interface_init (NMAWsInterface *iface) +{ + iface->fill_connection = fill_connection; +} + +NMAWsDynamicWep * +nma_ws_dynamic_wep_new (NMConnection *connection, + gboolean is_editor, + gboolean secrets_only) +{ + return g_object_new (NMA_TYPE_WS_DYNAMIC_WEP, + "connection", connection, + "secrets-only", secrets_only, + "is-editor", is_editor, + NULL); +} + +static void +nma_ws_dynamic_wep_class_init (NMAWsDynamicWepClass *klass) +{ +} diff --git a/src/nma-ws/nma-ws-dynamic-wep.h b/src/nma-ws/nma-ws-dynamic-wep.h new file mode 100644 index 00000000..9057c52c --- /dev/null +++ b/src/nma-ws/nma-ws-dynamic-wep.h @@ -0,0 +1,34 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_WS_DYNAMIC_WEP_H +#define NMA_WS_DYNAMIC_WEP_H + +#include "nma-version.h" + +G_BEGIN_DECLS + +typedef struct _NMAWsDynamicWep NMAWsDynamicWep; + +#define NMA_TYPE_WS_DYNAMIC_WEP (nma_ws_dynamic_wep_get_type ()) +#define NMA_WS_DYNAMIC_WEP(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NMA_TYPE_WS_SAE, NMAWsDynamicWep)) +#define NMA_WS_DYNAMIC_WEP_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NMA_TYPE_WS_SAE, NMAWsDynamicWepClass)) +#define NMA_IS_WS_DYNAMIC_WEP(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NMA_TYPE_WS_SAE)) +#define NMA_IS_WS_DYNAMIC_WEP_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NMA_TYPE_WS_SAE)) +#define NMA_WS_DYNAMIC_WEP_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NMA_TYPE_WS_SAE, NMAWsDynamicWepClass)) + +NMA_AVAILABLE_IN_1_8_28 +GType nma_ws_dynamic_wep_get_type (void); + +NMA_AVAILABLE_IN_1_8_28 +NMAWsDynamicWep *nma_ws_dynamic_wep_new (NMConnection *connection, + gboolean is_editor, + gboolean secrets_only); + +G_END_DECLS + +#endif /* NMA_WS_DYNAMIC_WEP_H */ diff --git a/src/nma-ws/nma-ws-helpers.c b/src/nma-ws/nma-ws-helpers.c new file mode 100644 index 00000000..d517ae38 --- /dev/null +++ b/src/nma-ws/nma-ws-helpers.c @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2009 - 2019 Red Hat, Inc. + */ + +#include "nm-default.h" +#include "nma-private.h" +#include "nma-ws-helpers.h" + +void +nma_ws_helper_fill_secret_entry (NMConnection *connection, + GtkEditable *entry, + GType setting_type, + HelperSecretFunc func) +{ + NMSetting *setting; + const char *tmp; + + g_return_if_fail (connection != NULL); + g_return_if_fail (entry != NULL); + g_return_if_fail (func != NULL); + + setting = nm_connection_get_setting (connection, setting_type); + if (setting) { + tmp = (*func) (setting); + if (tmp) + gtk_editable_set_text (entry, tmp); + } +} diff --git a/src/nma-ws/nma-ws-helpers.h b/src/nma-ws/nma-ws-helpers.h new file mode 100644 index 00000000..3f842646 --- /dev/null +++ b/src/nma-ws/nma-ws-helpers.h @@ -0,0 +1,18 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2009 - 2019 Red Hat, Inc. + */ + +#ifndef _NMA_WS_HELPERS_H_ +#define _NMA_WS_HELPERS_H_ + +typedef const char * (*HelperSecretFunc)(NMSetting *); + +void nma_ws_helper_fill_secret_entry (NMConnection *connection, + GtkEditable *entry, + GType setting_type, + HelperSecretFunc func); + +#endif /* _NMA_WS_HELPERS_H_ */ diff --git a/src/nma-ws/nma-ws-leap.c b/src/nma-ws/nma-ws-leap.c new file mode 100644 index 00000000..ef2cf8bf --- /dev/null +++ b/src/nma-ws/nma-ws-leap.c @@ -0,0 +1,293 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#include "nm-default.h" +#include "nma-private.h" + +#include +#include + +#include "nma-ws.h" +#include "nma-ws-private.h" +#include "nma-ws-leap.h" +#include "nma-ws-helpers.h" +#include "nma-ui-utils.h" +#include "utils.h" + +typedef struct { + GtkGridClass parent; +} NMAWsLeapClass; + +struct _NMAWsLeap { + GtkGrid parent; + + GtkWidget *leap_username_entry; + GtkWidget *leap_password_entry; + GtkWidget *leap_username_label; + GtkWidget *leap_password_label; + GtkWidget *show_checkbutton_leap; + + NMConnection *connection; + gboolean secrets_only; +}; + +static void nma_ws_interface_init (NMAWsInterface *iface); + +G_DEFINE_TYPE_WITH_CODE (NMAWsLeap, nma_ws_leap, GTK_TYPE_GRID, + G_IMPLEMENT_INTERFACE (NMA_TYPE_WS, nma_ws_interface_init)) + +enum { + PROP_0, + PROP_CONNECTION, + PROP_SECRETS_ONLY, + PROP_LAST +}; + +static void +show_toggled_cb (GtkCheckButton *button, gpointer user_data) +{ + NMAWsLeap *self = NMA_WS_LEAP (user_data); + gboolean visible; + + visible = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button)); + gtk_entry_set_visibility (GTK_ENTRY (self->leap_password_entry), visible); +} + +static gboolean +validate (NMAWs *ws, GError **error) +{ + NMAWsLeap *self = NMA_WS_LEAP (ws); + NMSettingSecretFlags secret_flags; + const char *text; + gboolean ret = TRUE; + + text = gtk_editable_get_text (GTK_EDITABLE (self->leap_username_entry)); + if (!text || !strlen (text)) { + widget_set_error (self->leap_username_entry); + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing leap-username")); + ret = FALSE; + } else { + widget_unset_error (self->leap_username_entry); + } + + secret_flags = nma_utils_menu_to_secret_flags (self->leap_password_entry); + text = gtk_editable_get_text (GTK_EDITABLE (self->leap_password_entry)); + + if ( secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED + || secret_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED + || (text && strlen (text))) { + widget_unset_error (self->leap_password_entry); + } else { + widget_set_error (self->leap_password_entry); + if (ret) { + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing leap-password")); + ret = FALSE; + } + } + + return ret; +} + +static void +add_to_size_group (NMAWs *ws, GtkSizeGroup *group) +{ + NMAWsLeap *self = NMA_WS_LEAP (ws); + + gtk_size_group_add_widget (group, self->leap_username_label); + gtk_size_group_add_widget (group, self->leap_password_label); +} + +static void +fill_connection (NMAWs *ws, NMConnection *connection) +{ + NMAWsLeap *self = NMA_WS_LEAP (ws); + NMSettingWirelessSecurity *s_wireless_sec; + NMSettingSecretFlags secret_flags; + const char *leap_password = NULL, *leap_username = NULL; + + /* Blow away the old security setting by adding a clear one */ + s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); + nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec); + + leap_username = gtk_editable_get_text (GTK_EDITABLE (self->leap_username_entry)); + leap_password = gtk_editable_get_text (GTK_EDITABLE (self->leap_password_entry)); + + g_object_set (s_wireless_sec, + NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "ieee8021x", + NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "leap", + NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME, leap_username, + NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD, leap_password, + NULL); + + /* Save LEAP_PASSWORD_FLAGS to the connection */ + secret_flags = nma_utils_menu_to_secret_flags (self->leap_password_entry); + nm_setting_set_secret_flags (NM_SETTING (s_wireless_sec), NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD, + secret_flags, NULL); + + /* Update secret flags and popup when editing the connection */ + if (!self->secrets_only) { + nma_utils_update_password_storage (self->leap_password_entry, secret_flags, + NM_SETTING (s_wireless_sec), + NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD); + } +} + +static void +update_secrets (NMAWs *ws, NMConnection *connection) +{ + NMAWsLeap *self = NMA_WS_LEAP (ws); + + nma_ws_helper_fill_secret_entry (connection, + GTK_EDITABLE (self->leap_password_entry), + NM_TYPE_SETTING_WIRELESS_SECURITY, + (HelperSecretFunc) nm_setting_wireless_security_get_leap_password); +} + +static void +get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + NMAWsLeap *self = NMA_WS_LEAP (object); + + switch (prop_id) { + case PROP_CONNECTION: + g_value_set_object (value, self->connection); + break; + case PROP_SECRETS_ONLY: + g_value_set_boolean (value, self->secrets_only); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + NMAWsLeap *self = NMA_WS_LEAP (object); + + switch (prop_id) { + case PROP_CONNECTION: + self->connection = g_value_dup_object (value); + break; + case PROP_SECRETS_ONLY: + self->secrets_only = g_value_get_boolean (value); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +nma_ws_leap_init (NMAWsLeap *self) +{ + gtk_widget_init_template (GTK_WIDGET (self)); +} + +static void +nma_ws_interface_init (NMAWsInterface *iface) +{ + iface->validate = validate; + iface->add_to_size_group = add_to_size_group; + iface->fill_connection = fill_connection; + iface->update_secrets = update_secrets; + iface->adhoc_compatible = FALSE; + iface->hotspot_compatible = FALSE; +} + +static void +constructed (GObject *object) +{ + NMAWsLeap *self = NMA_WS_LEAP (object); + NMSettingWirelessSecurity *wsec = NULL; + + if (self->connection) { + wsec = nm_connection_get_setting_wireless_security (self->connection); + if (wsec) { + const char *auth_alg; + + /* Ignore if wireless security doesn't specify LEAP */ + auth_alg = nm_setting_wireless_security_get_auth_alg (wsec); + if (!auth_alg || strcmp (auth_alg, "leap")) + wsec = NULL; + } + } + + /* Create password-storage popup menu for password entry under entry's secondary icon */ + nma_utils_setup_password_storage (self->leap_password_entry, 0, (NMSetting *) wsec, + NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD, + FALSE, self->secrets_only); + + if (wsec) { + update_secrets (NMA_WS (self), self->connection); + gtk_editable_set_text (GTK_EDITABLE (self->leap_username_entry), + nm_setting_wireless_security_get_leap_username (wsec)); + } + + if (self->secrets_only) { + gtk_widget_hide (self->leap_username_label); + gtk_widget_hide (self->leap_username_entry); + } + + gtk_widget_grab_focus (self->leap_password_entry); + + G_OBJECT_CLASS (nma_ws_leap_parent_class)->constructed (object); +} + +NMAWsLeap * +nma_ws_leap_new (NMConnection *connection, gboolean secrets_only) +{ + return g_object_new (NMA_TYPE_WS_LEAP, + "connection", connection, + "secrets-only", secrets_only, + NULL); +} + +static void +dispose (GObject *object) +{ + NMAWsLeap *self = NMA_WS_LEAP (object); + + g_clear_object (&self->connection); +} + +static void +nma_ws_leap_class_init (NMAWsLeapClass *klass) +{ + GObjectClass *object_class = G_OBJECT_CLASS (klass); + GtkWidgetClass *widget_class = GTK_WIDGET_CLASS (klass); + + object_class->get_property = get_property; + object_class->set_property = set_property; + object_class->constructed = constructed; + object_class->dispose = dispose; + + g_object_class_override_property (object_class, + PROP_CONNECTION, "connection"); + + g_object_class_override_property (object_class, + PROP_SECRETS_ONLY, "secrets-only"); + + gtk_widget_class_set_template_from_resource (widget_class, + "/org/gnome/libnma/nma-ws-leap.ui"); + + gtk_widget_class_bind_template_child (widget_class, NMAWsLeap, leap_username_entry); + gtk_widget_class_bind_template_child (widget_class, NMAWsLeap, leap_password_entry); + gtk_widget_class_bind_template_child (widget_class, NMAWsLeap, leap_username_label); + gtk_widget_class_bind_template_child (widget_class, NMAWsLeap, leap_password_label); + gtk_widget_class_bind_template_child (widget_class, NMAWsLeap, show_checkbutton_leap); + + gtk_widget_class_bind_template_callback (widget_class, nma_ws_changed_cb); + gtk_widget_class_bind_template_callback (widget_class, show_toggled_cb); +} diff --git a/src/nma-ws/nma-ws-leap.h b/src/nma-ws/nma-ws-leap.h new file mode 100644 index 00000000..0f99bc12 --- /dev/null +++ b/src/nma-ws/nma-ws-leap.h @@ -0,0 +1,32 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_WS_LEAP_H +#define NMA_WS_LEAP_H + +#include "nma-version.h" + +G_BEGIN_DECLS + +typedef struct _NMAWsLeap NMAWsLeap; + +#define NMA_TYPE_WS_LEAP (nma_ws_leap_get_type ()) +#define NMA_WS_LEAP(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NMA_TYPE_WS_LEAP, NMAWsLeap)) +#define NMA_WS_LEAP_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NMA_TYPE_WS_LEAP, NMAWsLeapClass)) +#define NMA_IS_WS_LEAP(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NMA_TYPE_WS_LEAP)) +#define NMA_IS_WS_LEAP_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NMA_TYPE_WS_LEAP)) +#define NMA_WS_LEAP_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NMA_TYPE_WS_LEAP, NMAWsLeapClass)) + +NMA_AVAILABLE_IN_1_8_28 +GType nma_ws_leap_get_type (void); + +NMA_AVAILABLE_IN_1_8_28 +NMAWsLeap *nma_ws_leap_new (NMConnection *connection, gboolean secrets_only); + +G_END_DECLS + +#endif /* NMA_WS_LEAP_H */ diff --git a/src/nma-ws/nma-ws-leap.ui b/src/nma-ws/nma-ws-leap.ui new file mode 100644 index 00000000..0a7197f7 --- /dev/null +++ b/src/nma-ws/nma-ws-leap.ui @@ -0,0 +1,86 @@ + + + + + + diff --git a/src/nma-ws/nma-ws-private.h b/src/nma-ws/nma-ws-private.h new file mode 100644 index 00000000..63bb97f2 --- /dev/null +++ b/src/nma-ws/nma-ws-private.h @@ -0,0 +1,27 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_WS_PRIVATE_H +#define NMA_WS_PRIVATE_H + +typedef struct { + GTypeInterface parent; + + void (*add_to_size_group) (NMAWs *self, GtkSizeGroup *group); + void (*fill_connection) (NMAWs *self, NMConnection *connection); + void (*update_secrets) (NMAWs *self, NMConnection *connection); + gboolean (*validate) (NMAWs *self, GError **error); + + gboolean adhoc_compatible; + gboolean hotspot_compatible; +} NMAWsInterface; + +void nma_ws_changed_cb (GtkWidget *entry, gpointer user_data); + +void nma_ws_clear_ciphers (NMConnection *connection); + +#endif /* NMA_WS_PRIVATE_H */ diff --git a/src/nma-ws/nma-ws-sae.c b/src/nma-ws/nma-ws-sae.c new file mode 100644 index 00000000..a697b7c0 --- /dev/null +++ b/src/nma-ws/nma-ws-sae.c @@ -0,0 +1,285 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#include "nm-default.h" +#include "nma-private.h" + +#include +#include + +#include "nma-ws.h" +#include "nma-ws-private.h" +#include "nma-ws-sae.h" +#include "nma-ws-helpers.h" +#include "nma-ui-utils.h" +#include "utils.h" + +typedef struct { + GtkGridClass parent; +} NMAWsSaeClass; + +struct _NMAWsSae { + GtkGrid parent; + + GtkWidget *psk_entry; + GtkWidget *sae_label; + GtkWidget *sae_type_combo; + GtkWidget *sae_type_label; + GtkWidget *show_checkbutton_sae; + + NMConnection *connection; + gboolean secrets_only; +}; + +static void nma_ws_interface_init (NMAWsInterface *iface); + +G_DEFINE_TYPE_WITH_CODE (NMAWsSae, nma_ws_sae, GTK_TYPE_GRID, + G_IMPLEMENT_INTERFACE (NMA_TYPE_WS, nma_ws_interface_init)) + +enum { + PROP_0, + PROP_CONNECTION, + PROP_SECRETS_ONLY, + PROP_LAST +}; + +static void +show_toggled_cb (GtkCheckButton *button, gpointer user_data) +{ + NMAWsSae *self = NMA_WS_SAE (user_data); + gboolean visible; + + visible = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button)); + gtk_entry_set_visibility (GTK_ENTRY (self->psk_entry), visible); +} + +static gboolean +validate (NMAWs *ws, GError **error) +{ + NMAWsSae *self = NMA_WS_SAE (ws); + NMSettingSecretFlags secret_flags; + const char *key; + + secret_flags = nma_utils_menu_to_secret_flags (self->psk_entry); + key = gtk_editable_get_text (GTK_EDITABLE (self->psk_entry)); + + if ( secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED + || secret_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) { + /* All good. */ + } else if (key == NULL || key[0] == '\0') { + widget_set_error (self->psk_entry); + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing password")); + return FALSE; + } + widget_unset_error (self->psk_entry); + + return TRUE; +} + +static void +add_to_size_group (NMAWs *ws, GtkSizeGroup *group) +{ + NMAWsSae *self = NMA_WS_SAE (ws); + + gtk_size_group_add_widget (group, self->sae_type_label); + gtk_size_group_add_widget (group, self->sae_label); +} + +static void +fill_connection (NMAWs *ws, NMConnection *connection) +{ + NMAWsSae *self = NMA_WS_SAE (ws); + const char *key; + NMSettingWireless *s_wireless; + NMSettingWirelessSecurity *s_wireless_sec; + NMSettingSecretFlags secret_flags; + const char *mode; + gboolean is_adhoc = FALSE; + + s_wireless = nm_connection_get_setting_wireless (connection); + g_return_if_fail (s_wireless); + + mode = nm_setting_wireless_get_mode (s_wireless); + if (mode && !strcmp (mode, "adhoc")) + is_adhoc = TRUE; + + /* Blow away the old security setting by adding a clear one */ + s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); + nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec); + + key = gtk_editable_get_text (GTK_EDITABLE (self->psk_entry)); + g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_PSK, key, NULL); + + /* Save PSK_FLAGS to the connection */ + secret_flags = nma_utils_menu_to_secret_flags (self->psk_entry); + nm_setting_set_secret_flags (NM_SETTING (s_wireless_sec), NM_SETTING_WIRELESS_SECURITY_PSK, + secret_flags, NULL); + + /* Update secret flags and popup when editing the connection */ + if (!self->secrets_only) { + nma_utils_update_password_storage (self->psk_entry, secret_flags, + NM_SETTING (s_wireless_sec), + NM_SETTING_WIRELESS_SECURITY_PSK); + } + + nma_ws_clear_ciphers (connection); + if (is_adhoc) { + /* Ad-Hoc settings as specified by the supplicant */ + g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "sae", NULL); + nm_setting_wireless_security_add_proto (s_wireless_sec, "rsn"); + nm_setting_wireless_security_add_pairwise (s_wireless_sec, "ccmp"); + nm_setting_wireless_security_add_group (s_wireless_sec, "ccmp"); + } else { + g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "sae", NULL); + + /* Just leave ciphers and protocol empty, the supplicant will + * figure that out magically based on the AP IEs and card capabilities. + */ + } +} + +static void +update_secrets (NMAWs *ws, NMConnection *connection) +{ + NMAWsSae *self = NMA_WS_SAE (ws); + + nma_ws_helper_fill_secret_entry (connection, + GTK_EDITABLE (self->psk_entry), + NM_TYPE_SETTING_WIRELESS_SECURITY, + (HelperSecretFunc) nm_setting_wireless_security_get_psk); +} + +static void +get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + NMAWsSae *self = NMA_WS_SAE (object); + + switch (prop_id) { + case PROP_CONNECTION: + g_value_set_object (value, self->connection); + break; + case PROP_SECRETS_ONLY: + g_value_set_boolean (value, self->secrets_only); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + NMAWsSae *self = NMA_WS_SAE (object); + + switch (prop_id) { + case PROP_CONNECTION: + self->connection = g_value_dup_object (value); + break; + case PROP_SECRETS_ONLY: + self->secrets_only = g_value_get_boolean (value); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +nma_ws_sae_init (NMAWsSae *self) +{ + gtk_widget_init_template (GTK_WIDGET (self)); +} + +static void +nma_ws_interface_init (NMAWsInterface *iface) +{ + iface->validate = validate; + iface->add_to_size_group = add_to_size_group; + iface->fill_connection = fill_connection; + iface->update_secrets = update_secrets; + iface->adhoc_compatible = TRUE; + iface->hotspot_compatible = TRUE; +} + +static void +constructed (GObject *object) +{ + NMAWsSae *self = NMA_WS_SAE (object); + NMSetting *setting = NULL; + + /* Create password-storage popup menu for password entry under entry's secondary icon */ + if (self->connection) + setting = (NMSetting *) nm_connection_get_setting_wireless_security (self->connection); + nma_utils_setup_password_storage (self->psk_entry, 0, setting, NM_SETTING_WIRELESS_SECURITY_PSK, + FALSE, self->secrets_only); + + /* Fill secrets, if any */ + if (self->connection) + update_secrets (NMA_WS (self), self->connection); + + gtk_widget_grab_focus (self->psk_entry); + + /* Hide WPA/RSN for now since this can be autodetected by NM and the + * supplicant when connecting to the AP. + */ + gtk_widget_hide (self->sae_type_combo); + gtk_widget_hide (self->sae_type_label); + + G_OBJECT_CLASS (nma_ws_sae_parent_class)->constructed (object); +} + +NMAWsSae * +nma_ws_sae_new (NMConnection *connection, gboolean secrets_only) +{ + return g_object_new (NMA_TYPE_WS_SAE, + "connection", connection, + "secrets-only", secrets_only, + NULL); +} + +static void +dispose (GObject *object) +{ + NMAWsSae *self = NMA_WS_SAE (object); + + g_clear_object (&self->connection); +} + +static void +nma_ws_sae_class_init (NMAWsSaeClass *klass) +{ + GObjectClass *object_class = G_OBJECT_CLASS (klass); + GtkWidgetClass *widget_class = GTK_WIDGET_CLASS (klass); + + object_class->get_property = get_property; + object_class->set_property = set_property; + object_class->constructed = constructed; + object_class->dispose = dispose; + + g_object_class_override_property (object_class, + PROP_CONNECTION, "connection"); + + g_object_class_override_property (object_class, + PROP_SECRETS_ONLY, "secrets-only"); + + gtk_widget_class_set_template_from_resource (widget_class, + "/org/gnome/libnma/nma-ws-sae.ui"); + + gtk_widget_class_bind_template_child (widget_class, NMAWsSae, psk_entry); + gtk_widget_class_bind_template_child (widget_class, NMAWsSae, sae_label); + gtk_widget_class_bind_template_child (widget_class, NMAWsSae, sae_type_combo); + gtk_widget_class_bind_template_child (widget_class, NMAWsSae, sae_type_label); + gtk_widget_class_bind_template_child (widget_class, NMAWsSae, show_checkbutton_sae); + + gtk_widget_class_bind_template_callback (widget_class, nma_ws_changed_cb); + gtk_widget_class_bind_template_callback (widget_class, show_toggled_cb); +} diff --git a/src/nma-ws/nma-ws-sae.h b/src/nma-ws/nma-ws-sae.h new file mode 100644 index 00000000..14baad4b --- /dev/null +++ b/src/nma-ws/nma-ws-sae.h @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_WS_SAE_H +#define NMA_WS_SAE_H + +#include "nma-version.h" + +G_BEGIN_DECLS + +typedef struct _NMAWsSae NMAWsSae; + +#define NMA_TYPE_WS_SAE (nma_ws_sae_get_type ()) +#define NMA_WS_SAE(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NMA_TYPE_WS_SAE, NMAWsSae)) +#define NMA_WS_SAE_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NMA_TYPE_WS_SAE, NMAWsSaeClass)) +#define NMA_IS_WS_SAE(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NMA_TYPE_WS_SAE)) +#define NMA_IS_WS_SAE_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NMA_TYPE_WS_SAE)) +#define NMA_WS_SAE_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NMA_TYPE_WS_SAE, NMAWsSaeClass)) + +NMA_AVAILABLE_IN_1_8_28 +GType nma_ws_sae_get_type (void); + +NMA_AVAILABLE_IN_1_8_28 +NMAWsSae *nma_ws_sae_new (NMConnection *connection, gboolean secrets_only); + +G_END_DECLS + +#endif /* NMA_WS_SAE_H */ diff --git a/src/nma-ws/nma-ws-sae.ui b/src/nma-ws/nma-ws-sae.ui new file mode 100644 index 00000000..80f3ee71 --- /dev/null +++ b/src/nma-ws/nma-ws-sae.ui @@ -0,0 +1,84 @@ + + + + + + diff --git a/src/nma-ws/nma-ws-wep-key.c b/src/nma-ws/nma-ws-wep-key.c new file mode 100644 index 00000000..6150d282 --- /dev/null +++ b/src/nma-ws/nma-ws-wep-key.c @@ -0,0 +1,457 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#include "nm-default.h" +#include "nma-private.h" + +#include +#include + +#include "nma-ws.h" +#include "nma-ws-private.h" +#include "nma-ws-wep-key.h" +#include "nma-ws-helpers.h" +#include "nma-ui-utils.h" +#include "utils.h" + +typedef struct { + GtkGridClass parent; +} NMAWsWepKeyClass; + +struct _NMAWsWepKey { + GtkGrid parent; + + GtkWidget *auth_method_combo; + GtkWidget *auth_method_label; + GtkWidget *key_index_combo; + GtkWidget *key_index_label; + GtkWidget *show_checkbutton_wep; + GtkWidget *wep_key_entry; + GtkWidget *wep_key_label; + + NMConnection *connection; + gboolean secrets_only; + NMWepKeyType adhoc_create; + NMWepKeyType key_type; + + char keys[4][65]; + guint8 cur_index; +}; + +static void nma_ws_interface_init (NMAWsInterface *iface); + +G_DEFINE_TYPE_WITH_CODE (NMAWsWepKey, nma_ws_wep_key, GTK_TYPE_GRID, + G_IMPLEMENT_INTERFACE (NMA_TYPE_WS, nma_ws_interface_init)) + +enum { + PROP_0, + PROP_CONNECTION, + PROP_SECRETS_ONLY, + PROP_KEY_TYPE, + PROP_ADHOC_CREATE, + PROP_LAST +}; + +static void +show_toggled_cb (GtkCheckButton *button, gpointer user_data) +{ + NMAWsWepKey *self = NMA_WS_WEP_KEY (user_data); + gboolean visible; + + visible = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button)); + gtk_entry_set_visibility (GTK_ENTRY (self->wep_key_entry), visible); +} + +static void +key_index_combo_changed_cb (GtkWidget *combo, NMAWs *ws) +{ + NMAWsWepKey *self = NMA_WS_WEP_KEY (ws); + GtkWidget *entry; + const char *key; + int key_index; + + /* Save WEP key for old key index */ + entry = GTK_WIDGET (self->wep_key_entry); + key = gtk_editable_get_text (GTK_EDITABLE (entry)); + if (key) + g_strlcpy (self->keys[self->cur_index], key, sizeof (self->keys[self->cur_index])); + else + memset (self->keys[self->cur_index], 0, sizeof (self->keys[self->cur_index])); + + key_index = gtk_combo_box_get_active (GTK_COMBO_BOX (combo)); + g_return_if_fail (key_index <= 3); + g_return_if_fail (key_index >= 0); + + /* Populate entry with key from new index */ + gtk_editable_set_text (GTK_EDITABLE (entry), self->keys[key_index]); + self->cur_index = key_index; + + nma_ws_changed_cb (combo, ws); +} + +static gboolean +validate (NMAWs *ws, GError **error) +{ + NMAWsWepKey *self = NMA_WS_WEP_KEY (ws); + NMSettingSecretFlags secret_flags; + const char *key; + int i; + + secret_flags = nma_utils_menu_to_secret_flags (self->wep_key_entry); + key = gtk_editable_get_text (GTK_EDITABLE (self->wep_key_entry)); + + if ( secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED + || secret_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) { + /* All good. */ + } else if (!key) { + widget_set_error (self->wep_key_entry); + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing wep-key")); + return FALSE; + } else if (self->key_type == NM_WEP_KEY_TYPE_KEY) { + if ((strlen (key) == 10) || (strlen (key) == 26)) { + for (i = 0; i < strlen (key); i++) { + if (!g_ascii_isxdigit (key[i])) { + widget_set_error (self->wep_key_entry); + g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wep-key: key with a length of %zu must contain only hex-digits"), strlen (key)); + return FALSE; + } + } + } else if ((strlen (key) == 5) || (strlen (key) == 13)) { + for (i = 0; i < strlen (key); i++) { + if (!utils_char_is_ascii_print (key[i])) { + widget_set_error (self->wep_key_entry); + g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wep-key: key with a length of %zu must contain only ascii characters"), strlen (key)); + return FALSE; + } + } + } else { + widget_set_error (self->wep_key_entry); + g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wep-key: wrong key length %zu. A key must be either of length 5/13 (ascii) or 10/26 (hex)"), strlen (key)); + return FALSE; + } + } else if (self->key_type == NM_WEP_KEY_TYPE_PASSPHRASE) { + if (!*key || (strlen (key) > 64)) { + widget_set_error (self->wep_key_entry); + if (!*key) + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wep-key: passphrase must be non-empty")); + else + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wep-key: passphrase must be shorter than 64 characters")); + return FALSE; + } + } + widget_unset_error (self->wep_key_entry); + + return TRUE; +} + +static void +add_to_size_group (NMAWs *ws, GtkSizeGroup *group) +{ + NMAWsWepKey *self = NMA_WS_WEP_KEY (ws); + + gtk_size_group_add_widget (group, self->auth_method_label); + gtk_size_group_add_widget (group, self->wep_key_label); + gtk_size_group_add_widget (group, self->key_index_label); +} + +static void +fill_connection (NMAWs *ws, NMConnection *connection) +{ + NMAWsWepKey *self = NMA_WS_WEP_KEY (ws); + NMSettingWirelessSecurity *s_wsec; + NMSettingSecretFlags secret_flags; + int auth_alg; + const char *key; + int i; + + auth_alg = gtk_combo_box_get_active (GTK_COMBO_BOX (self->auth_method_combo)); + key = gtk_editable_get_text (GTK_EDITABLE (self->wep_key_entry)); + g_strlcpy (self->keys[self->cur_index], key, sizeof (self->keys[self->cur_index])); + + /* Blow away the old security setting by adding a clear one */ + s_wsec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); + nm_connection_add_setting (connection, (NMSetting *) s_wsec); + + g_object_set (s_wsec, + NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "none", + NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX, self->cur_index, + NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, (auth_alg == 1) ? "shared" : "open", + NM_SETTING_WIRELESS_SECURITY_WEP_KEY_TYPE, self->key_type, + NULL); + + for (i = 0; i < 4; i++) { + if (strlen (self->keys[i])) + nm_setting_wireless_security_set_wep_key (s_wsec, i, self->keys[i]); + } + + /* Save WEP_KEY_FLAGS to the connection */ + secret_flags = nma_utils_menu_to_secret_flags (self->wep_key_entry); + g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_WEP_KEY_FLAGS, secret_flags, NULL); + + /* Update secret flags and popup when editing the connection */ + if (!self->secrets_only) { + nma_utils_update_password_storage (self->wep_key_entry, secret_flags, + NM_SETTING (s_wsec), + NM_SETTING_WIRELESS_SECURITY_WEP_KEY0); + } +} + +static void +wep_entry_filter_cb (GtkEditable *editable, + char *text, + int length, + int *position, + gpointer data) +{ + NMAWsWepKey *self = NMA_WS_WEP_KEY (data); + + if (self->key_type == NM_WEP_KEY_TYPE_KEY) { + utils_filter_editable_on_insert_text (editable, + text, length, position, data, + utils_char_is_ascii_print, + wep_entry_filter_cb); + } +} + + +static void +update_secrets (NMAWs *ws, NMConnection *connection) +{ + NMAWsWepKey *self = NMA_WS_WEP_KEY (ws); + NMSettingWirelessSecurity *s_wsec; + const char *tmp; + int i; + + s_wsec = nm_connection_get_setting_wireless_security (connection); + for (i = 0; s_wsec && i < 4; i++) { + tmp = nm_setting_wireless_security_get_wep_key (s_wsec, i); + if (tmp) + g_strlcpy (self->keys[i], tmp, sizeof (self->keys[i])); + } + + if (strlen (self->keys[self->cur_index])) { + gtk_editable_set_text (GTK_EDITABLE (self->wep_key_entry), + self->keys[self->cur_index]); + } +} + + +static void +get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + NMAWsWepKey *self = NMA_WS_WEP_KEY (object); + + switch (prop_id) { + case PROP_CONNECTION: + g_value_set_object (value, self->connection); + break; + case PROP_SECRETS_ONLY: + g_value_set_boolean (value, self->secrets_only); + break; + case PROP_KEY_TYPE: + g_value_set_uint (value, self->key_type); + break; + case PROP_ADHOC_CREATE: + g_value_set_boolean (value, self->adhoc_create); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + NMAWsWepKey *self = NMA_WS_WEP_KEY (object); + + switch (prop_id) { + case PROP_CONNECTION: + self->connection = g_value_dup_object (value); + break; + case PROP_SECRETS_ONLY: + self->secrets_only = g_value_get_boolean (value); + break; + case PROP_KEY_TYPE: + self->key_type = g_value_get_uint (value); + break; + case PROP_ADHOC_CREATE: + self->adhoc_create = g_value_get_boolean (value); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +nma_ws_wep_key_init (NMAWsWepKey *self) +{ + gtk_widget_init_template (GTK_WIDGET (self)); +} + +static void +nma_ws_interface_init (NMAWsInterface *iface) +{ + iface->validate = validate; + iface->add_to_size_group = add_to_size_group; + iface->fill_connection = fill_connection; + iface->update_secrets = update_secrets; + iface->adhoc_compatible = TRUE; + iface->hotspot_compatible = TRUE; +} + +static void +constructed (GObject *object) +{ + NMAWsWepKey *self = NMA_WS_WEP_KEY (object); + NMSettingWirelessSecurity *s_wsec = NULL; + NMSetting *setting = NULL; + guint8 default_key_idx = 0; + gboolean is_adhoc = self->adhoc_create; + gboolean is_shared_key = FALSE; + + + /* Create password-storage popup menu for password entry under entry's secondary icon */ + if (self->connection) + setting = (NMSetting *) nm_connection_get_setting_wireless_security (self->connection); + nma_utils_setup_password_storage (self->wep_key_entry, 0, setting, + NM_SETTING_WIRELESS_SECURITY_WEP_KEY0, + FALSE, self->secrets_only); + + if (self->connection) { + NMSettingWireless *s_wireless; + const char *mode, *auth_alg; + + s_wireless = nm_connection_get_setting_wireless (self->connection); + mode = s_wireless ? nm_setting_wireless_get_mode (s_wireless) : NULL; + if (mode && !strcmp (mode, "adhoc")) + is_adhoc = TRUE; + + s_wsec = nm_connection_get_setting_wireless_security (self->connection); + if (s_wsec) { + auth_alg = nm_setting_wireless_security_get_auth_alg (s_wsec); + if (auth_alg && !strcmp (auth_alg, "shared")) + is_shared_key = TRUE; + } + } + + if (self->key_type == NM_WEP_KEY_TYPE_KEY) + gtk_entry_set_max_length (GTK_ENTRY (self->wep_key_entry), 26); + else if (self->key_type == NM_WEP_KEY_TYPE_PASSPHRASE) + gtk_entry_set_max_length (GTK_ENTRY (self->wep_key_entry), 64); + + if (self->connection && s_wsec) + default_key_idx = nm_setting_wireless_security_get_wep_tx_keyidx (s_wsec); + + gtk_combo_box_set_active (GTK_COMBO_BOX (self->key_index_combo), default_key_idx); + self->cur_index = default_key_idx; + + /* Key index is useless with adhoc networks */ + if (is_adhoc || self->secrets_only) { + gtk_widget_hide (self->key_index_combo); + gtk_widget_hide (self->key_index_label); + } + + /* Fill the key entry with the key for that index */ + if (self->connection) + update_secrets (NMA_WS (self), self->connection); + + gtk_combo_box_set_active (GTK_COMBO_BOX (self->auth_method_combo), + is_shared_key ? 1 : 0); + + /* Don't show auth method for adhoc (which always uses open-system) or + * when in "simple" mode. + */ + if (is_adhoc || self->secrets_only) { + /* Ad-Hoc connections can't use Shared Key auth */ + if (is_adhoc) + gtk_combo_box_set_active (GTK_COMBO_BOX (self->auth_method_combo), 0); + gtk_widget_hide (self->auth_method_combo); + gtk_widget_hide (self->auth_method_label); + } + + gtk_widget_grab_focus (self->wep_key_entry); + + G_OBJECT_CLASS (nma_ws_wep_key_parent_class)->constructed (object); +} + +NMAWsWepKey * +nma_ws_wep_key_new (NMConnection *connection, + NMWepKeyType key_type, + gboolean adhoc_create, + gboolean secrets_only) +{ + return g_object_new (NMA_TYPE_WS_WEP_KEY, + "connection", connection, + "key-type", key_type, + "adhoc-create", adhoc_create, + "secrets-only", secrets_only, + NULL); +} + +static void +dispose (GObject *object) +{ + NMAWsWepKey *self = NMA_WS_WEP_KEY (object); + + g_clear_object (&self->connection); +} + +static void +nma_ws_wep_key_class_init (NMAWsWepKeyClass *klass) +{ + GObjectClass *object_class = G_OBJECT_CLASS (klass); + GtkWidgetClass *widget_class = GTK_WIDGET_CLASS (klass); + + object_class->get_property = get_property; + object_class->set_property = set_property; + object_class->constructed = constructed; + object_class->dispose = dispose; + + g_object_class_override_property (object_class, + PROP_CONNECTION, "connection"); + + g_object_class_override_property (object_class, + PROP_SECRETS_ONLY, "secrets-only"); + + g_object_class_install_property + (object_class, PROP_KEY_TYPE, + g_param_spec_uint ("key-type", "", "", + 0, G_MAXUINT, 0, + G_PARAM_READWRITE + | G_PARAM_CONSTRUCT + | G_PARAM_STATIC_STRINGS)); + + g_object_class_install_property + (object_class, PROP_ADHOC_CREATE, + g_param_spec_boolean ("adhoc-create", "", "", + FALSE, + G_PARAM_READWRITE + | G_PARAM_CONSTRUCT + | G_PARAM_STATIC_STRINGS)); + + gtk_widget_class_set_template_from_resource (widget_class, + "/org/gnome/libnma/nma-ws-wep-key.ui"); + + gtk_widget_class_bind_template_child (widget_class, NMAWsWepKey, auth_method_combo); + gtk_widget_class_bind_template_child (widget_class, NMAWsWepKey, auth_method_label); + gtk_widget_class_bind_template_child (widget_class, NMAWsWepKey, key_index_combo); + gtk_widget_class_bind_template_child (widget_class, NMAWsWepKey, key_index_label); + gtk_widget_class_bind_template_child (widget_class, NMAWsWepKey, show_checkbutton_wep); + gtk_widget_class_bind_template_child (widget_class, NMAWsWepKey, wep_key_entry); + gtk_widget_class_bind_template_child (widget_class, NMAWsWepKey, wep_key_label); + + gtk_widget_class_bind_template_callback (widget_class, key_index_combo_changed_cb); + gtk_widget_class_bind_template_callback (widget_class, nma_ws_changed_cb); + gtk_widget_class_bind_template_callback (widget_class, show_toggled_cb); + gtk_widget_class_bind_template_callback (widget_class, wep_entry_filter_cb); +} diff --git a/src/nma-ws/nma-ws-wep-key.h b/src/nma-ws/nma-ws-wep-key.h new file mode 100644 index 00000000..308f975c --- /dev/null +++ b/src/nma-ws/nma-ws-wep-key.h @@ -0,0 +1,35 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_WS_WEP_KEY_H +#define NMA_WS_WEP_KEY_H + +#include "nma-version.h" + +G_BEGIN_DECLS + +typedef struct _NMAWsWepKey NMAWsWepKey; + +#define NMA_TYPE_WS_WEP_KEY (nma_ws_wep_key_get_type ()) +#define NMA_WS_WEP_KEY(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NMA_TYPE_WS_WEP_KEY, NMAWsWepKey)) +#define NMA_WS_WEP_KEY_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NMA_TYPE_WS_WEP_KEY, NMAWsWepKeyClass)) +#define NMA_IS_WS_WEP_KEY(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NMA_TYPE_WS_WEP_KEY)) +#define NMA_IS_WS_WEP_KEY_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NMA_TYPE_WS_WEP_KEY)) +#define NMA_WS_WEP_KEY_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NMA_TYPE_WS_WEP_KEY, NMAWsWepKeyClass)) + +NMA_AVAILABLE_IN_1_8_28 +GType nma_ws_wep_key_get_type (void); + +NMA_AVAILABLE_IN_1_8_28 +NMAWsWepKey *nma_ws_wep_key_new (NMConnection *connection, + NMWepKeyType type, + gboolean adhoc_create, + gboolean secrets_only); + +G_END_DECLS + +#endif /* NMA_WS_WEP_KEY_H */ diff --git a/src/nma-ws/nma-ws-wep-key.ui b/src/nma-ws/nma-ws-wep-key.ui new file mode 100644 index 00000000..002de229 --- /dev/null +++ b/src/nma-ws/nma-ws-wep-key.ui @@ -0,0 +1,161 @@ + + + + + + + + + + + + Open System + + + Shared Key + + + + + + + + + + + 1 (Default) + + + 2 + + + 3 + + + 4 + + + + + diff --git a/src/nma-ws/nma-ws-wpa-eap.c b/src/nma-ws/nma-ws-wpa-eap.c new file mode 100644 index 00000000..f8c8daf0 --- /dev/null +++ b/src/nma-ws/nma-ws-wpa-eap.c @@ -0,0 +1,70 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ +#include "nm-default.h" +#include "nma-private.h" + +#include "nma-ws.h" +#include "nma-ws-private.h" +#include "nma-ws-802-1x.h" +#include "nma-ws-802-1x-private.h" +#include "nma-ws-wpa-eap.h" + +typedef struct { + NMAWs8021xClass parent; +} NMAWsWpaEapClass; + +struct _NMAWsWpaEap { + NMAWs8021x parent; +}; + +static void nma_ws_interface_init (NMAWsInterface *iface); + +G_DEFINE_TYPE_WITH_CODE (NMAWsWpaEap, nma_ws_wpa_eap, NMA_TYPE_WS_802_1X, + G_IMPLEMENT_INTERFACE (NMA_TYPE_WS, nma_ws_interface_init)) + +static void +fill_connection (NMAWs *ws, NMConnection *connection) +{ + NMSettingWirelessSecurity *s_wireless_sec; + + nma_ws_802_1x_fill_connection (ws, connection); + + s_wireless_sec = nm_connection_get_setting_wireless_security (connection); + g_return_if_fail (s_wireless_sec); + + g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", NULL); +} + +static void +nma_ws_wpa_eap_init (NMAWsWpaEap *self) +{ +} + +static void +nma_ws_interface_init (NMAWsInterface *iface) +{ + iface->fill_connection = fill_connection; +} + +NMAWsWpaEap * +nma_ws_wpa_eap_new (NMConnection *connection, + gboolean is_editor, + gboolean secrets_only, + const char *const*secrets_hints) +{ + return g_object_new (NMA_TYPE_WS_WPA_EAP, + "connection", connection, + "secrets-only", secrets_only, + "is-editor", is_editor, + "secrets-hints", secrets_hints, + NULL); +} + +static void +nma_ws_wpa_eap_class_init (NMAWsWpaEapClass *klass) +{ +} diff --git a/src/nma-ws/nma-ws-wpa-eap.h b/src/nma-ws/nma-ws-wpa-eap.h new file mode 100644 index 00000000..e53df74b --- /dev/null +++ b/src/nma-ws/nma-ws-wpa-eap.h @@ -0,0 +1,35 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_WS_WPA_EAP_H +#define NMA_WS_WPA_EAP_H + +#include "nma-version.h" + +G_BEGIN_DECLS + +typedef struct _NMAWsWpaEap NMAWsWpaEap; + +#define NMA_TYPE_WS_WPA_EAP (nma_ws_wpa_eap_get_type ()) +#define NMA_WS_WPA_EAP(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NMA_TYPE_WS_SAE, NMAWsWpaEap)) +#define NMA_WS_WPA_EAP_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NMA_TYPE_WS_SAE, NMAWsWpaEapClass)) +#define NMA_IS_WS_WPA_EAP(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NMA_TYPE_WS_SAE)) +#define NMA_IS_WS_WPA_EAP_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NMA_TYPE_WS_SAE)) +#define NMA_WS_WPA_EAP_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NMA_TYPE_WS_SAE, NMAWsWpaEapClass)) + +NMA_AVAILABLE_IN_1_8_28 +GType nma_ws_wpa_eap_get_type (void); + +NMA_AVAILABLE_IN_1_8_28 +NMAWsWpaEap *nma_ws_wpa_eap_new (NMConnection *connection, + gboolean is_editor, + gboolean secrets_only, + const char *const*secrets_hints); + +G_END_DECLS + +#endif /* NMA_WS_WPA_EAP_H */ diff --git a/src/nma-ws/nma-ws-wpa-psk.c b/src/nma-ws/nma-ws-wpa-psk.c new file mode 100644 index 00000000..a161243f --- /dev/null +++ b/src/nma-ws/nma-ws-wpa-psk.c @@ -0,0 +1,303 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#include "nm-default.h" +#include "nma-private.h" + +#include +#include + +#include "nma-ws.h" +#include "nma-ws-private.h" +#include "nma-ws-wpa-psk.h" +#include "nma-ws-helpers.h" +#include "nma-ui-utils.h" +#include "utils.h" + +#define WPA_PMK_LEN 32 + +typedef struct { + GtkGridClass parent; +} NMAWsWpaPskClass; + +struct _NMAWsWpaPsk { + GtkGrid parent; + + GtkWidget *wpa_psk_entry; + GtkWidget *wpa_psk_label; + GtkWidget *wpa_psk_type_combo; + GtkWidget *wpa_psk_type_label; + GtkWidget *show_checkbutton_wpa; + + NMConnection *connection; + gboolean secrets_only; +}; + +static void nma_ws_interface_init (NMAWsInterface *iface); + +G_DEFINE_TYPE_WITH_CODE (NMAWsWpaPsk, nma_ws_wpa_psk, GTK_TYPE_GRID, + G_IMPLEMENT_INTERFACE (NMA_TYPE_WS, nma_ws_interface_init)) + +enum { + PROP_0, + PROP_CONNECTION, + PROP_SECRETS_ONLY, + PROP_LAST +}; + +static void +show_toggled_cb (GtkCheckButton *button, gpointer user_data) +{ + NMAWsWpaPsk *self = NMA_WS_WPA_PSK (user_data); + gboolean visible; + + visible = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button)); + gtk_entry_set_visibility (GTK_ENTRY (self->wpa_psk_entry), visible); +} + +static gboolean +validate (NMAWs *ws, GError **error) +{ + NMAWsWpaPsk *self = NMA_WS_WPA_PSK (ws); + NMSettingSecretFlags secret_flags; + const char *key; + gsize len; + int i; + + secret_flags = nma_utils_menu_to_secret_flags (self->wpa_psk_entry); + key = gtk_editable_get_text (GTK_EDITABLE (self->wpa_psk_entry)); + len = key ? strlen (key) : 0; + + if ( secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED + || secret_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) { + /* All good. */ + } else if ((len < 8) || (len > 64)) { + widget_set_error (self->wpa_psk_entry); + g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wpa-psk: invalid key-length %zu. Must be [8,63] bytes or 64 hex digits"), len); + return FALSE; + } else if (len == 64) { + /* Hex PSK */ + for (i = 0; i < len; i++) { + if (!isxdigit (key[i])) { + widget_set_error (self->wpa_psk_entry); + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wpa-psk: cannot interpret key with 64 bytes as hex")); + return FALSE; + } + } + } + widget_unset_error (self->wpa_psk_entry); + + /* passphrase can be between 8 and 63 characters inclusive */ + + return TRUE; +} + +static void +add_to_size_group (NMAWs *ws, GtkSizeGroup *group) +{ + NMAWsWpaPsk *self = NMA_WS_WPA_PSK (ws); + + gtk_size_group_add_widget (group, self->wpa_psk_type_label); + gtk_size_group_add_widget (group, self->wpa_psk_label); +} + +static void +fill_connection (NMAWs *ws, NMConnection *connection) +{ + NMAWsWpaPsk *self = NMA_WS_WPA_PSK (ws); + const char *key; + NMSettingWireless *s_wireless; + NMSettingWirelessSecurity *s_wireless_sec; + NMSettingSecretFlags secret_flags; + const char *mode; + gboolean is_adhoc = FALSE; + + s_wireless = nm_connection_get_setting_wireless (connection); + g_return_if_fail (s_wireless); + + mode = nm_setting_wireless_get_mode (s_wireless); + if (mode && !strcmp (mode, "adhoc")) + is_adhoc = TRUE; + + /* Blow away the old security setting by adding a clear one */ + s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); + nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec); + + key = gtk_editable_get_text (GTK_EDITABLE (self->wpa_psk_entry)); + g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_PSK, key, NULL); + + /* Save PSK_FLAGS to the connection */ + secret_flags = nma_utils_menu_to_secret_flags (self->wpa_psk_entry); + nm_setting_set_secret_flags (NM_SETTING (s_wireless_sec), NM_SETTING_WIRELESS_SECURITY_PSK, + secret_flags, NULL); + + /* Update secret flags and popup when editing the connection */ + if (!self->secrets_only) { + nma_utils_update_password_storage (self->wpa_psk_entry, secret_flags, + NM_SETTING (s_wireless_sec), + NM_SETTING_WIRELESS_SECURITY_PSK); + } + + nma_ws_clear_ciphers (connection); + if (is_adhoc) { + /* Ad-Hoc settings as specified by the supplicant */ + g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL); + nm_setting_wireless_security_add_proto (s_wireless_sec, "rsn"); + nm_setting_wireless_security_add_pairwise (s_wireless_sec, "ccmp"); + nm_setting_wireless_security_add_group (s_wireless_sec, "ccmp"); + } else { + g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL); + + /* Just leave ciphers and protocol empty, the supplicant will + * figure that out magically based on the AP IEs and card capabilities. + */ + } +} + +static void +update_secrets (NMAWs *ws, NMConnection *connection) +{ + NMAWsWpaPsk *self = NMA_WS_WPA_PSK (ws); + + nma_ws_helper_fill_secret_entry (connection, + GTK_EDITABLE (self->wpa_psk_entry), + NM_TYPE_SETTING_WIRELESS_SECURITY, + (HelperSecretFunc) nm_setting_wireless_security_get_psk); +} + +static void +get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + NMAWsWpaPsk *self = NMA_WS_WPA_PSK (object); + + switch (prop_id) { + case PROP_CONNECTION: + g_value_set_object (value, self->connection); + break; + case PROP_SECRETS_ONLY: + g_value_set_boolean (value, self->secrets_only); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + NMAWsWpaPsk *self = NMA_WS_WPA_PSK (object); + + switch (prop_id) { + case PROP_CONNECTION: + self->connection = g_value_dup_object (value); + break; + case PROP_SECRETS_ONLY: + self->secrets_only = g_value_get_boolean (value); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +nma_ws_wpa_psk_init (NMAWsWpaPsk *self) +{ + gtk_widget_init_template (GTK_WIDGET (self)); +} + +static void +nma_ws_interface_init (NMAWsInterface *iface) +{ + iface->validate = validate; + iface->add_to_size_group = add_to_size_group; + iface->fill_connection = fill_connection; + iface->update_secrets = update_secrets; + iface->adhoc_compatible = TRUE; + iface->hotspot_compatible = TRUE; +} + +static void +constructed (GObject *object) +{ + NMAWsWpaPsk *self = NMA_WS_WPA_PSK (object); + NMSetting *setting = NULL; + + /* Create password-storage popup menu for password entry under entry's secondary icon */ + if (self->connection) + setting = (NMSetting *) nm_connection_get_setting_wireless_security (self->connection); + nma_utils_setup_password_storage (self->wpa_psk_entry, 0, setting, NM_SETTING_WIRELESS_SECURITY_PSK, + FALSE, self->secrets_only); + + /* Fill secrets, if any */ + if (self->connection) + update_secrets (NMA_WS (self), self->connection); + + gtk_widget_grab_focus (self->wpa_psk_entry); + + /* Hide WPA/RSN for now since this can be autodetected by NM and the + * supplicant when connecting to the AP. + */ + gtk_widget_hide (self->wpa_psk_type_combo); + gtk_widget_hide (self->wpa_psk_type_label); + + G_OBJECT_CLASS (nma_ws_wpa_psk_parent_class)->constructed (object); +} + +NMAWsWpaPsk * +nma_ws_wpa_psk_new (NMConnection *connection, gboolean secrets_only) +{ + return g_object_new (NMA_TYPE_WS_WPA_PSK, + "connection", connection, + "secrets-only", secrets_only, + NULL); +} + +static void +dispose (GObject *object) +{ + NMAWsWpaPsk *self = NMA_WS_WPA_PSK (object); + + g_clear_object (&self->connection); +} + +static void +nma_ws_wpa_psk_class_init (NMAWsWpaPskClass *klass) +{ + GObjectClass *object_class = G_OBJECT_CLASS (klass); + GtkWidgetClass *widget_class = GTK_WIDGET_CLASS (klass); + + object_class->get_property = get_property; + object_class->set_property = set_property; + object_class->constructed = constructed; + object_class->dispose = dispose; + + g_object_class_override_property (object_class, + PROP_CONNECTION, "connection"); + + g_object_class_override_property (object_class, + PROP_SECRETS_ONLY, "secrets-only"); + + gtk_widget_class_set_template_from_resource (widget_class, + "/org/gnome/libnma/nma-ws-wpa-psk.ui"); + + gtk_widget_class_bind_template_child (widget_class, NMAWsWpaPsk, wpa_psk_entry); + gtk_widget_class_bind_template_child (widget_class, NMAWsWpaPsk, wpa_psk_label); + gtk_widget_class_bind_template_child (widget_class, NMAWsWpaPsk, wpa_psk_type_combo); + gtk_widget_class_bind_template_child (widget_class, NMAWsWpaPsk, wpa_psk_type_label); + gtk_widget_class_bind_template_child (widget_class, NMAWsWpaPsk, show_checkbutton_wpa); + + gtk_widget_class_bind_template_callback (widget_class, nma_ws_changed_cb); + gtk_widget_class_bind_template_callback (widget_class, show_toggled_cb); +} diff --git a/src/nma-ws/nma-ws-wpa-psk.h b/src/nma-ws/nma-ws-wpa-psk.h new file mode 100644 index 00000000..93e0b1ac --- /dev/null +++ b/src/nma-ws/nma-ws-wpa-psk.h @@ -0,0 +1,32 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_WS_WPA_PSK_H +#define NMA_WS_WPA_PSK_H + +#include "nma-version.h" + +G_BEGIN_DECLS + +typedef struct _NMAWsWpaPsk NMAWsWpaPsk; + +#define NMA_TYPE_WS_WPA_PSK (nma_ws_wpa_psk_get_type ()) +#define NMA_WS_WPA_PSK(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NMA_TYPE_WS_WPA_PSK, NMAWsWpaPsk)) +#define NMA_WS_WPA_PSK_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NMA_TYPE_WS_WPA_PSK, NMAWsWpaPskClass)) +#define NMA_IS_WS_WPA_PSK(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NMA_TYPE_WS_WPA_PSK)) +#define NMA_IS_WS_WPA_PSK_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NMA_TYPE_WS_WPA_PSK)) +#define NMA_WS_WPA_PSK_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NMA_TYPE_WS_WPA_PSK, NMAWsWpaPskClass)) + +NMA_AVAILABLE_IN_1_8_28 +GType nma_ws_wpa_psk_get_type (void); + +NMA_AVAILABLE_IN_1_8_28 +NMAWsWpaPsk *nma_ws_wpa_psk_new (NMConnection *connection, gboolean secrets_only); + +G_END_DECLS + +#endif /* NMA_WS_WPA_PSK_H */ diff --git a/src/nma-ws/nma-ws-wpa-psk.ui b/src/nma-ws/nma-ws-wpa-psk.ui new file mode 100644 index 00000000..7ee3ae49 --- /dev/null +++ b/src/nma-ws/nma-ws-wpa-psk.ui @@ -0,0 +1,83 @@ + + + + + + diff --git a/src/nma-ws/nma-ws.c b/src/nma-ws/nma-ws.c new file mode 100644 index 00000000..1861f822 --- /dev/null +++ b/src/nma-ws/nma-ws.c @@ -0,0 +1,141 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#include "nm-default.h" + +#include + +#include "nma-ws.h" +#include "nma-ws-private.h" +#include "nma-eap.h" +#include "utils.h" + +G_DEFINE_INTERFACE (NMAWs, nma_ws, G_TYPE_OBJECT) + +void +nma_ws_changed_cb (GtkWidget *ignored, gpointer user_data) +{ + g_signal_emit_by_name (user_data, "ws-changed"); +} + +gboolean +nma_ws_validate (NMAWs *self, GError **error) +{ + NMAWsInterface *iface; + gboolean result; + + g_return_val_if_fail (self != NULL, FALSE); + g_return_val_if_fail (!error || !*error, FALSE); + + iface = NMA_WS_GET_INTERFACE (self); + g_return_val_if_fail (iface->validate, FALSE); + result = (*(iface->validate)) (self, error); + if (!result && error && !*error) + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("Unknown error validating 802.1X security")); + return result; +} + +void +nma_ws_add_to_size_group (NMAWs *self, GtkSizeGroup *group) +{ + NMAWsInterface *iface; + + g_return_if_fail (self != NULL); + g_return_if_fail (group != NULL); + + iface = NMA_WS_GET_INTERFACE (self); + g_return_if_fail (iface->add_to_size_group); + return (*(iface->add_to_size_group)) (self, group); +} + +void +nma_ws_fill_connection (NMAWs *self, + NMConnection *connection) +{ + NMAWsInterface *iface; + + g_return_if_fail (self != NULL); + g_return_if_fail (connection != NULL); + + iface = NMA_WS_GET_INTERFACE (self); + g_return_if_fail (iface->fill_connection); + return (*(iface->fill_connection)) (self, connection); +} + +void +nma_ws_update_secrets (NMAWs *self, NMConnection *connection) +{ + NMAWsInterface *iface; + + g_return_if_fail (self != NULL); + g_return_if_fail (connection != NULL); + + iface = NMA_WS_GET_INTERFACE (self); + if (iface->update_secrets) + iface->update_secrets (self, connection); +} + +void +nma_ws_default_init (NMAWsInterface *iface) +{ + GType iface_type = G_TYPE_FROM_INTERFACE (iface); + + g_signal_new ("ws-changed", + iface_type, + G_SIGNAL_RUN_FIRST, + 0, NULL, NULL, + g_cclosure_marshal_VOID__VOID, + G_TYPE_NONE, 0); + + iface->adhoc_compatible = TRUE; + iface->hotspot_compatible = TRUE; + + g_object_interface_install_property (iface, + g_param_spec_object ("connection", "", "", + NM_TYPE_CONNECTION, + G_PARAM_READWRITE + | G_PARAM_CONSTRUCT + | G_PARAM_STATIC_STRINGS)); + + g_object_interface_install_property (iface, + g_param_spec_boolean ("secrets-only", "", "", + FALSE, + G_PARAM_READWRITE + | G_PARAM_CONSTRUCT + | G_PARAM_STATIC_STRINGS)); +} + +gboolean +nma_ws_adhoc_compatible (NMAWs *self) +{ + g_return_val_if_fail (self != NULL, FALSE); + + return NMA_WS_GET_INTERFACE (self)->adhoc_compatible; +} + +gboolean +nma_ws_hotspot_compatible (NMAWs *self) +{ + g_return_val_if_fail (self != NULL, FALSE); + + return NMA_WS_GET_INTERFACE (self)->hotspot_compatible; +} + +void +nma_ws_clear_ciphers (NMConnection *connection) +{ + NMSettingWirelessSecurity *s_wireless_sec; + + g_return_if_fail (connection != NULL); + + s_wireless_sec = nm_connection_get_setting_wireless_security (connection); + g_return_if_fail (s_wireless_sec); + + nm_setting_wireless_security_clear_protos (s_wireless_sec); + nm_setting_wireless_security_clear_pairwise (s_wireless_sec); + nm_setting_wireless_security_clear_groups (s_wireless_sec); +} diff --git a/src/nma-ws/nma-ws.h b/src/nma-ws/nma-ws.h new file mode 100644 index 00000000..bbea4ded --- /dev/null +++ b/src/nma-ws/nma-ws.h @@ -0,0 +1,56 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Dan Williams + * + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef NMA_WS_H +#define NMA_WS_H + +#include "nma-version.h" + +G_BEGIN_DECLS + +typedef struct _NMAWs NMAWs; + +#define NMA_TYPE_WS (nma_ws_get_type ()) +#define NMA_WS(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NMA_TYPE_WS, NMAWs)) +#define NMA_IS_WS(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NMA_TYPE_WS)) +#define NMA_WS_GET_INTERFACE(obj) (G_TYPE_INSTANCE_GET_INTERFACE ((obj), NMA_TYPE_WS, NMAWsInterface)) + +NMA_AVAILABLE_IN_1_8_28 +GType nma_ws_get_type (void); + +NMA_AVAILABLE_IN_1_8_28 +gboolean nma_ws_validate (NMAWs *self, GError **error); + +NMA_AVAILABLE_IN_1_8_28 +void nma_ws_add_to_size_group (NMAWs *self, + GtkSizeGroup *group); + +NMA_AVAILABLE_IN_1_8_28 +void nma_ws_fill_connection (NMAWs *self, + NMConnection *connection); + +NMA_AVAILABLE_IN_1_8_28 +void nma_ws_update_secrets (NMAWs *self, + NMConnection *connection); + +NMA_AVAILABLE_IN_1_8_28 +gboolean nma_ws_adhoc_compatible (NMAWs *self); + +NMA_AVAILABLE_IN_1_8_28 +gboolean nma_ws_hotspot_compatible (NMAWs *self); + +G_END_DECLS + +#include "nma-ws-802-1x.h" +#include "nma-ws-dynamic-wep.h" +#include "nma-ws-leap.h" +#include "nma-ws-sae.h" +#include "nma-ws-wep-key.h" +#include "nma-ws-wpa-eap.h" +#include "nma-ws-wpa-psk.h" + +#endif /* NMA_WS_H */ diff --git a/src/nma.gresource.xml b/src/nma.gresource.xml index cfe41a7f..5c75f112 100644 --- a/src/nma.gresource.xml +++ b/src/nma.gresource.xml @@ -7,5 +7,16 @@ nma-mobile-wizard.ui nma-vpn-password-dialog.ui nma-bar-code-widget.ui + nma-ws/nma-ws-802-1x.ui + nma-ws/nma-ws-leap.ui + nma-ws/nma-ws-sae.ui + nma-ws/nma-ws-wep-key.ui + nma-ws/nma-ws-wpa-psk.ui + nma-ws/nma-eap-fast.ui + nma-ws/nma-eap-leap.ui + nma-ws/nma-eap-peap.ui + nma-ws/nma-eap-simple.ui + nma-ws/nma-eap-tls.ui + nma-ws/nma-eap-ttls.ui diff --git a/src/wireless-security/ws-leap.ui b/src/wireless-security/ws-leap.ui index df9ed78d..a3ff0a9a 100644 --- a/src/wireless-security/ws-leap.ui +++ b/src/wireless-security/ws-leap.ui @@ -1,5 +1,5 @@ - + -- GitLab From 5d6dd557134dda24d8e1934cbbd61f860ff90a3a Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Tue, 22 Oct 2019 06:59:58 +0200 Subject: [PATCH 3/5] tests/ws: add NMAWs demo program --- .gitignore | 2 + Makefile.am | 39 +++++++++++++++ src/tests/meson.build | 1 + src/tests/ws.c | 113 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 155 insertions(+) create mode 100644 src/tests/ws.c diff --git a/.gitignore b/.gitignore index 61273f62..4369118b 100644 --- a/.gitignore +++ b/.gitignore @@ -106,6 +106,8 @@ src/tests/wifi-dialog src/tests/wifi-dialog-gtk4 src/tests/wifi-dialog-secrets src/tests/wifi-dialog-secrets-gtk4 +src/tests/ws +src/tests/ws-gtk4 src/tests/bar-code src/tests/bar-code-gtk4 src/wireless-security/ws-resources.c diff --git a/Makefile.am b/Makefile.am index bb54e55b..96a2d629 100644 --- a/Makefile.am +++ b/Makefile.am @@ -483,6 +483,24 @@ src_tests_wifi_dialog_LDADD = \ $(LIBNM_LIBS) \ src/libnma.la +check_PROGRAMS_norun += src/tests/ws + +src_tests_ws_CPPFLAGS = \ + $(dflt_cppflags) \ + $(GLIB_CFLAGS) \ + $(GTK3_CFLAGS) \ + $(LIBNM_CFLAGS) \ + "-I$(srcdir)/shared/" \ + "-I$(srcdir)/src" \ + "-I$(srcdir)/src/nma-ws" \ + -Isrc + +src_tests_ws_LDADD = \ + $(GLIB_LIBS) \ + $(GTK3_LIBS) \ + $(LIBNM_LIBS) \ + src/libnma.la + check_PROGRAMS_norun += src/tests/wifi-dialog-secrets src_tests_wifi_dialog_secrets_CPPFLAGS = \ @@ -687,6 +705,27 @@ src_tests_wifi_dialog_gtk4_LDADD = \ $(LIBNM_LIBS) \ src/libnma-gtk4.la +check_PROGRAMS_norun += src/tests/ws-gtk4 + +src_tests_ws_gtk4_SOURCES = \ + src/tests/ws.c + +src_tests_ws_gtk4_CPPFLAGS = \ + $(dflt_cppflags) \ + $(GLIB_CFLAGS) \ + $(GTK4_CFLAGS) \ + $(LIBNM_CFLAGS) \ + "-I$(srcdir)/shared/" \ + "-I$(srcdir)/src" \ + "-I$(srcdir)/src/nma-ws" \ + -Isrc + +src_tests_ws_gtk4_LDADD = \ + $(GLIB_LIBS) \ + $(GTK4_LIBS) \ + $(LIBNM_LIBS) \ + src/libnma-gtk4.la + check_PROGRAMS_norun += src/tests/wifi-dialog-secrets-gtk4 src_tests_wifi_dialog_secrets_gtk4_SOURCES = \ diff --git a/src/tests/meson.build b/src/tests/meson.build index 253de9e7..33c04d84 100644 --- a/src/tests/meson.build +++ b/src/tests/meson.build @@ -6,6 +6,7 @@ tests = [ 'vpn-password-dialog', 'wifi-dialog', 'wifi-dialog-secrets', + 'ws', ] foreach tst : tests diff --git a/src/tests/ws.c b/src/tests/ws.c new file mode 100644 index 00000000..97fe37c2 --- /dev/null +++ b/src/tests/ws.c @@ -0,0 +1,113 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2019 Red Hat, Inc. + */ + +#include "nm-default.h" + +#include + +#include "nma-ws.h" + +static gboolean +delete (GtkWidget *widget, GdkEvent *event, gpointer user_data) +{ + gtk_main_quit (); + + return FALSE; +} + +static void +ws_changed_cb (NMAWs *ws, gpointer user_data) +{ + NMConnection *connection = user_data; + GError *error = NULL; + + nma_ws_fill_connection (ws, connection); + g_print ("\n=== Connection dump ===\n"); + nm_connection_dump (connection); + + if (nma_ws_validate (ws, &error)) + return; + + g_print ("*** Validation error: %s\n", error->message); + g_error_free (error); +} + +int +main (int argc, char *argv[]) +{ + GtkWidget *w; + GtkWidget *notebook; + NMConnection *connection = NULL; + const char *hints[] = { "hello", "world", NULL }; + + connection = nm_simple_connection_new (); + nm_connection_add_setting (connection, + nm_setting_wireless_new ()); + +#if GTK_CHECK_VERSION(3,90,0) + gtk_init (); +#else + gtk_init (&argc, &argv); +#endif + + w = gtk_window_new (GTK_WINDOW_TOPLEVEL); + gtk_widget_show (w); + g_signal_connect (w, "delete-event", G_CALLBACK (delete), NULL); + + notebook = gtk_notebook_new (); + gtk_widget_show (notebook); + gtk_container_add (GTK_CONTAINER (w), notebook); + + w = GTK_WIDGET (nma_ws_sae_new (connection, FALSE)); + gtk_widget_show (w); + gtk_notebook_append_page (GTK_NOTEBOOK (notebook), w, gtk_label_new ("SAE")); + nma_ws_add_to_size_group (NMA_WS (w), gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL)); + g_signal_connect (w, "ws-changed", G_CALLBACK (ws_changed_cb), connection); + ws_changed_cb (NMA_WS (w), connection); + + w = GTK_WIDGET (nma_ws_leap_new (connection, FALSE)); + gtk_widget_show (w); + gtk_notebook_append_page (GTK_NOTEBOOK (notebook), w, gtk_label_new ("LEAP")); + nma_ws_add_to_size_group (NMA_WS (w), gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL)); + g_signal_connect (w, "ws-changed", G_CALLBACK (ws_changed_cb), connection); + ws_changed_cb (NMA_WS (w), connection); + + w = GTK_WIDGET (nma_ws_wpa_psk_new (connection, FALSE)); + gtk_widget_show (w); + gtk_notebook_append_page (GTK_NOTEBOOK (notebook), w, gtk_label_new ("WPA PSK")); + nma_ws_add_to_size_group (NMA_WS (w), gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL)); + g_signal_connect (w, "ws-changed", G_CALLBACK (ws_changed_cb), connection); + ws_changed_cb (NMA_WS (w), connection); + + w = GTK_WIDGET (nma_ws_wep_key_new (connection, NM_WEP_KEY_TYPE_UNKNOWN, FALSE, FALSE)); + gtk_widget_show (w); + gtk_notebook_append_page (GTK_NOTEBOOK (notebook), w, gtk_label_new ("WEP Key")); + nma_ws_add_to_size_group (NMA_WS (w), gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL)); + g_signal_connect (w, "ws-changed", G_CALLBACK (ws_changed_cb), connection); + ws_changed_cb (NMA_WS (w), connection); + + w = GTK_WIDGET (nma_ws_802_1x_new (connection, FALSE, FALSE)); + gtk_widget_show (w); + gtk_notebook_append_page (GTK_NOTEBOOK (notebook), w, gtk_label_new ("802.1x")); + nma_ws_add_to_size_group (NMA_WS (w), gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL)); + g_signal_connect (w, "ws-changed", G_CALLBACK (ws_changed_cb), connection); + ws_changed_cb (NMA_WS (w), connection); + + w = GTK_WIDGET (nma_ws_dynamic_wep_new (connection, FALSE, FALSE)); + gtk_widget_show (w); + gtk_notebook_append_page (GTK_NOTEBOOK (notebook), w, gtk_label_new ("Dynamic WEP")); + nma_ws_add_to_size_group (NMA_WS (w), gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL)); + g_signal_connect (w, "ws-changed", G_CALLBACK (ws_changed_cb), connection); + ws_changed_cb (NMA_WS (w), connection); + + w = GTK_WIDGET (nma_ws_wpa_eap_new (connection, FALSE, FALSE, hints)); + gtk_widget_show (w); + gtk_notebook_append_page (GTK_NOTEBOOK (notebook), w, gtk_label_new ("WPA EAP")); + nma_ws_add_to_size_group (NMA_WS (w), gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL)); + g_signal_connect (w, "ws-changed", G_CALLBACK (ws_changed_cb), connection); + ws_changed_cb (NMA_WS (w), connection); + + gtk_main (); +} -- GitLab From bc1a11529e95cb19cd14896d63623c36ad6b3d2d Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Tue, 29 Oct 2019 17:00:27 +0100 Subject: [PATCH 4/5] wifi-dialog: carry over from wireless-security to libnma --- Makefile.am | 2 +- src/nma-wifi-dialog.c | 334 +++++++++++++++++++++--------------------- 2 files changed, 164 insertions(+), 172 deletions(-) diff --git a/Makefile.am b/Makefile.am index 96a2d629..57e847f6 100644 --- a/Makefile.am +++ b/Makefile.am @@ -386,7 +386,7 @@ src_libnma_la_CFLAGS = \ -DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_LIB \ "-I$(srcdir)/shared" \ "-I$(srcdir)/src/utils" \ - "-I$(srcdir)/src/wireless-security" \ + "-I$(srcdir)/src/nma-ws" \ "-I$(srcdir)/src" \ -Isrc \ $(GTK3_CFLAGS) \ diff --git a/src/nma-wifi-dialog.c b/src/nma-wifi-dialog.c index 8d70055e..8d585fc0 100644 --- a/src/nma-wifi-dialog.c +++ b/src/nma-wifi-dialog.c @@ -15,8 +15,11 @@ #include #include "nma-wifi-dialog.h" -#include "wireless-security.h" -#include "eap-method.h" +#include "nma-ws.h" +#include "nma-eap.h" + +/* For compatibility with NetworkManager-1.20 and earlier. */ +#define NMU_SEC_SAE 9 G_DEFINE_TYPE (NMAWifiDialog, nma_wifi_dialog, GTK_TYPE_DIALOG) @@ -134,17 +137,85 @@ size_group_add_permanent (GtkSizeGroup *group, gtk_size_group_add_widget (group, widget); } +static GBytes * +validate_dialog_ssid (NMAWifiDialog *self) +{ + NMAWifiDialogPrivate *priv = NMA_WIFI_DIALOG_GET_PRIVATE (self); + GtkWidget *widget; + const char *ssid; + GBytes *ssid_bytes; + + widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "network_name_entry")); + + ssid = gtk_editable_get_text (GTK_EDITABLE (widget)); + + if (!ssid || strlen (ssid) == 0 || strlen (ssid) > 32) + return NULL; + + ssid_bytes = g_bytes_new (ssid, strlen (ssid)); + return ssid_bytes; +} + +static void +stuff_changed_cb (NMAWs *ws, gpointer user_data) +{ + NMAWifiDialog *self = NMA_WIFI_DIALOG (user_data); + NMAWifiDialogPrivate *priv = NMA_WIFI_DIALOG_GET_PRIVATE (self); + GBytes *ssid = NULL; + gboolean free_ssid = TRUE; + gboolean valid = FALSE; + GtkTreeModel *model; + GtkTreeIter iter; + NMAWs *sel_ws = NULL; + gs_free_error GError *error = NULL; + + model = gtk_combo_box_get_model (GTK_COMBO_BOX (priv->sec_combo)); + if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (priv->sec_combo), &iter)) + gtk_tree_model_get (model, &iter, S_SEC_COLUMN, &sel_ws, -1); + + if (sel_ws) + g_object_unref (sel_ws); + + if (sel_ws != ws) + return; + + if (priv->connection) { + NMSettingWireless *s_wireless; + s_wireless = nm_connection_get_setting_wireless (priv->connection); + g_assert (s_wireless); + ssid = nm_setting_wireless_get_ssid (s_wireless); + free_ssid = FALSE; + } else { + ssid = validate_dialog_ssid (self); + } + + if (ssid) { + valid = nma_ws_validate (ws, &error); + if (free_ssid) + g_bytes_unref (ssid); + } + + /* But if there's an in-progress secrets call (which might require authorization) + * then we don't want to enable the OK button because we don't have all the + * connection details yet. + */ + if (priv->secrets_info) + valid = FALSE; + + _set_ok_sensitive (self, valid, error ? error->message : NULL); +} + static void security_combo_changed (GtkWidget *combo, gpointer user_data) { NMAWifiDialog *self = NMA_WIFI_DIALOG (user_data); NMAWifiDialogPrivate *priv = NMA_WIFI_DIALOG_GET_PRIVATE (self); - GtkWidget *vbox, *sec_widget, *def_widget; + GtkWidget *vbox; // *def_widget; GList *elt, *children; GtkTreeIter iter; GtkTreeModel *model; - WirelessSecurity *sec = NULL; + NMAWs *ws = NULL; vbox = GTK_WIDGET (gtk_builder_get_object (priv->builder, "security_vbox")); g_assert (vbox); @@ -163,8 +234,8 @@ security_combo_changed (GtkWidget *combo, return; } - gtk_tree_model_get (model, &iter, S_SEC_COLUMN, &sec, -1); - if (!sec) { + gtk_tree_model_get (model, &iter, S_SEC_COLUMN, &ws, -1); + if (!ws) { /* Revalidate dialog if the user picked "None" so the OK button * gets enabled if there's already a valid SSID. */ @@ -172,18 +243,17 @@ security_combo_changed (GtkWidget *combo, return; } - sec_widget = wireless_security_get_widget (sec); - g_assert (sec_widget); - gtk_widget_unparent (sec_widget); + gtk_widget_unparent (GTK_WIDGET (ws)); size_group_add_permanent (priv->group, priv->builder); - wireless_security_add_to_size_group (sec, priv->group); + nma_ws_add_to_size_group (ws, priv->group); - gtk_container_add (GTK_CONTAINER (vbox), sec_widget); + gtk_container_add (GTK_CONTAINER (vbox), GTK_WIDGET (ws)); /* Re-validate */ - wireless_security_changed_cb (NULL, sec); + stuff_changed_cb (ws, self); +#if 0 /* Set focus to the security method's default widget, but only if the * network name entry should not be focused. */ @@ -192,8 +262,9 @@ security_combo_changed (GtkWidget *combo, if (def_widget) gtk_widget_grab_focus (def_widget); } +#endif - wireless_security_unref (sec); + g_object_unref (ws); } static void @@ -210,81 +281,13 @@ security_combo_changed_manually (GtkWidget *combo, security_combo_changed (combo, user_data); } -static GBytes * -validate_dialog_ssid (NMAWifiDialog *self) -{ - NMAWifiDialogPrivate *priv = NMA_WIFI_DIALOG_GET_PRIVATE (self); - GtkWidget *widget; - const char *ssid; - GBytes *ssid_bytes; - - widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "network_name_entry")); - - ssid = gtk_editable_get_text (GTK_EDITABLE (widget)); - - if (!ssid || strlen (ssid) == 0 || strlen (ssid) > 32) - return NULL; - - ssid_bytes = g_bytes_new (ssid, strlen (ssid)); - return ssid_bytes; -} - -static void -stuff_changed_cb (WirelessSecurity *sec, gpointer user_data) -{ - NMAWifiDialog *self = NMA_WIFI_DIALOG (user_data); - NMAWifiDialogPrivate *priv = NMA_WIFI_DIALOG_GET_PRIVATE (self); - GBytes *ssid = NULL; - gboolean free_ssid = TRUE; - gboolean valid = FALSE; - GtkTreeModel *model; - GtkTreeIter iter; - WirelessSecurity *sel_sec = NULL; - gs_free_error GError *error = NULL; - - model = gtk_combo_box_get_model (GTK_COMBO_BOX (priv->sec_combo)); - if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (priv->sec_combo), &iter)) - gtk_tree_model_get (model, &iter, S_SEC_COLUMN, &sel_sec, -1); - - if (sel_sec) - wireless_security_unref (sel_sec); - - if (sel_sec != sec) - return; - - if (priv->connection) { - NMSettingWireless *s_wireless; - s_wireless = nm_connection_get_setting_wireless (priv->connection); - g_assert (s_wireless); - ssid = nm_setting_wireless_get_ssid (s_wireless); - free_ssid = FALSE; - } else { - ssid = validate_dialog_ssid (self); - } - - if (ssid) { - valid = wireless_security_validate (sec, &error); - if (free_ssid) - g_bytes_unref (ssid); - } - - /* But if there's an in-progress secrets call (which might require authorization) - * then we don't want to enable the OK button because we don't have all the - * connection details yet. - */ - if (priv->secrets_info) - valid = FALSE; - - _set_ok_sensitive (self, valid, error ? error->message : NULL); -} - static void ssid_entry_changed (GtkWidget *entry, gpointer user_data) { NMAWifiDialog *self = NMA_WIFI_DIALOG (user_data); NMAWifiDialogPrivate *priv = NMA_WIFI_DIALOG_GET_PRIVATE (self); GtkTreeIter iter; - WirelessSecurity *sec = NULL; + NMAWs *ws = NULL; GtkTreeModel *model; gboolean valid = FALSE; GBytes *ssid; @@ -303,11 +306,11 @@ ssid_entry_changed (GtkWidget *entry, gpointer user_data) model = gtk_combo_box_get_model (GTK_COMBO_BOX (priv->sec_combo)); if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (priv->sec_combo), &iter)) - gtk_tree_model_get (model, &iter, S_SEC_COLUMN, &sec, -1); + gtk_tree_model_get (model, &iter, S_SEC_COLUMN, &ws, -1); - if (sec) { - valid = wireless_security_validate (sec, &error); - wireless_security_unref (sec); + if (ws) { + valid = nma_ws_validate (ws, &error); + g_object_unref (ws); } else { valid = TRUE; } @@ -351,7 +354,7 @@ connection_combo_changed (GtkWidget *combo, C_NEW_COLUMN, &is_new, -1); if (priv->connection) - eap_method_ca_cert_ignore_load (priv->connection); + nma_eap_ca_cert_ignore_load (priv->connection); if (!security_combo_init (self, priv->secrets_only, NULL, NULL)) { g_warning ("Couldn't change Wi-Fi security combo box."); @@ -722,15 +725,18 @@ get_default_type_for_security (NMSettingWirelessSecurity *sec, static void add_security_item (NMAWifiDialog *self, - WirelessSecurity *sec, + NMAWs *ws, GtkListStore *model, GtkTreeIter *iter, const char *text) { - wireless_security_set_changed_notify (sec, stuff_changed_cb, self); + g_signal_connect (ws, "ws-changed", G_CALLBACK (stuff_changed_cb), self); gtk_list_store_append (model, iter); - gtk_list_store_set (model, iter, S_NAME_COLUMN, text, S_SEC_COLUMN, sec, -1); - wireless_security_unref (sec); + gtk_list_store_set (model, iter, + S_NAME_COLUMN, text, + S_SEC_COLUMN, g_object_ref_sink (ws), + -1); + g_object_unref (ws); } static void @@ -806,12 +812,12 @@ get_secrets_cb (GObject *object, model = gtk_combo_box_get_model (GTK_COMBO_BOX (priv->sec_combo)); if (gtk_tree_model_get_iter_first (model, &iter)) { do { - WirelessSecurity *sec = NULL; + NMAWs *ws = NULL; - gtk_tree_model_get (model, &iter, S_SEC_COLUMN, &sec, -1); - if (sec) { - wireless_security_update_secrets (sec, priv->connection); - wireless_security_unref (sec); + gtk_tree_model_get (model, &iter, S_SEC_COLUMN, &ws, -1); + if (ws) { + nma_ws_update_secrets (ws, priv->connection); + g_object_unref (ws); } } while (gtk_tree_model_iter_next (model, &iter)); } @@ -915,7 +921,7 @@ security_combo_init (NMAWifiDialog *self, gboolean secrets_only, wep_type = NM_WEP_KEY_TYPE_PASSPHRASE; } - sec_model = gtk_list_store_new (2, G_TYPE_STRING, WIRELESS_TYPE_SECURITY); + sec_model = gtk_list_store_new (2, G_TYPE_STRING, NMA_TYPE_WS); if (security_valid (NMU_SEC_NONE, mode, dev_caps, !!priv->ap, ap_flags, ap_wpa, ap_rsn)) { gtk_list_store_append (sec_model, &iter); @@ -932,25 +938,21 @@ security_combo_init (NMAWifiDialog *self, gboolean secrets_only, */ if ( security_valid (NMU_SEC_STATIC_WEP, mode, dev_caps, !!priv->ap, ap_flags, ap_wpa, ap_rsn) && ((!ap_wpa && !ap_rsn) || !(dev_caps & (NM_WIFI_DEVICE_CAP_WPA | NM_WIFI_DEVICE_CAP_RSN)))) { - WirelessSecurityWEPKey *ws_wep; - - ws_wep = ws_wep_key_new (priv->connection, NM_WEP_KEY_TYPE_KEY, mode == NM_802_11_MODE_ADHOC, secrets_only); - if (ws_wep) { - add_security_item (self, WIRELESS_SECURITY (ws_wep), sec_model, - &iter, _("WEP 40/128-bit Key (Hex or ASCII)")); - if ((active < 0) && (default_type == NMU_SEC_STATIC_WEP) && (wep_type == NM_WEP_KEY_TYPE_KEY)) - active = item; - item++; - } + NMAWsWepKey *ws_wep; - ws_wep = ws_wep_key_new (priv->connection, NM_WEP_KEY_TYPE_PASSPHRASE, mode == NM_802_11_MODE_ADHOC, secrets_only); - if (ws_wep) { - add_security_item (self, WIRELESS_SECURITY (ws_wep), sec_model, - &iter, _("WEP 128-bit Passphrase")); - if ((active < 0) && (default_type == NMU_SEC_STATIC_WEP) && (wep_type == NM_WEP_KEY_TYPE_PASSPHRASE)) - active = item; - item++; - } + ws_wep = nma_ws_wep_key_new (priv->connection, NM_WEP_KEY_TYPE_KEY, mode == NM_802_11_MODE_ADHOC, secrets_only); + add_security_item (self, NMA_WS (ws_wep), sec_model, + &iter, _("WEP 40/128-bit Key (Hex or ASCII)")); + if ((active < 0) && (default_type == NMU_SEC_STATIC_WEP) && (wep_type == NM_WEP_KEY_TYPE_KEY)) + active = item; + item++; + + ws_wep = nma_ws_wep_key_new (priv->connection, NM_WEP_KEY_TYPE_PASSPHRASE, mode == NM_802_11_MODE_ADHOC, secrets_only); + add_security_item (self, NMA_WS (ws_wep), sec_model, + &iter, _("WEP 128-bit Passphrase")); + if ((active < 0) && (default_type == NMU_SEC_STATIC_WEP) && (wep_type == NM_WEP_KEY_TYPE_PASSPHRASE)) + active = item; + item++; } /* Don't show LEAP if both the AP and the device are capable of WPA, @@ -958,74 +960,64 @@ security_combo_init (NMAWifiDialog *self, gboolean secrets_only, */ if ( security_valid (NMU_SEC_LEAP, mode, dev_caps, !!priv->ap, ap_flags, ap_wpa, ap_rsn) && ((!ap_wpa && !ap_rsn) || !(dev_caps & (NM_WIFI_DEVICE_CAP_WPA | NM_WIFI_DEVICE_CAP_RSN)))) { - WirelessSecurityLEAP *ws_leap; - - ws_leap = ws_leap_new (priv->connection, secrets_only); - if (ws_leap) { - add_security_item (self, WIRELESS_SECURITY (ws_leap), sec_model, - &iter, _("LEAP")); - if ((active < 0) && (default_type == NMU_SEC_LEAP)) - active = item; - item++; - } + NMAWsLeap *ws_leap; + + ws_leap = nma_ws_leap_new (priv->connection, secrets_only); + add_security_item (self, NMA_WS (ws_leap), sec_model, + &iter, _("LEAP")); + if ((active < 0) && (default_type == NMU_SEC_LEAP)) + active = item; + item++; } if (security_valid (NMU_SEC_DYNAMIC_WEP, mode, dev_caps, !!priv->ap, ap_flags, ap_wpa, ap_rsn)) { - WirelessSecurityDynamicWEP *ws_dynamic_wep; - - ws_dynamic_wep = ws_dynamic_wep_new (priv->connection, FALSE, secrets_only); - if (ws_dynamic_wep) { - add_security_item (self, WIRELESS_SECURITY (ws_dynamic_wep), sec_model, - &iter, _("Dynamic WEP (802.1x)")); - if ((active < 0) && (default_type == NMU_SEC_DYNAMIC_WEP)) - active = item; - item++; - } + NMAWsDynamicWep *ws_dynamic_wep; + + ws_dynamic_wep = nma_ws_dynamic_wep_new (priv->connection, FALSE, secrets_only); + add_security_item (self, NMA_WS (ws_dynamic_wep), sec_model, + &iter, _("Dynamic WEP (802.1x)")); + if ((active < 0) && (default_type == NMU_SEC_DYNAMIC_WEP)) + active = item; + item++; } if ( security_valid (NMU_SEC_WPA_PSK, mode, dev_caps, !!priv->ap, ap_flags, ap_wpa, ap_rsn) || security_valid (NMU_SEC_WPA2_PSK, mode, dev_caps, !!priv->ap, ap_flags, ap_wpa, ap_rsn)) { - WirelessSecurityWPAPSK *ws_wpa_psk; - - ws_wpa_psk = ws_wpa_psk_new (priv->connection, secrets_only); - if (ws_wpa_psk) { - add_security_item (self, WIRELESS_SECURITY (ws_wpa_psk), sec_model, - &iter, _("WPA & WPA2 Personal")); - if ((active < 0) && ((default_type == NMU_SEC_WPA_PSK) || (default_type == NMU_SEC_WPA2_PSK))) - active = item; - item++; - } + NMAWsWpaPsk *ws_wpa_psk; + + ws_wpa_psk = nma_ws_wpa_psk_new (priv->connection, secrets_only); + add_security_item (self, NMA_WS (ws_wpa_psk), sec_model, + &iter, _("WPA & WPA2 Personal")); + if ((active < 0) && ((default_type == NMU_SEC_WPA_PSK) || (default_type == NMU_SEC_WPA2_PSK))) + active = item; + item++; } if ( security_valid (NMU_SEC_WPA_ENTERPRISE, mode, dev_caps, !!priv->ap, ap_flags, ap_wpa, ap_rsn) || security_valid (NMU_SEC_WPA2_ENTERPRISE, mode, dev_caps, !!priv->ap, ap_flags, ap_wpa, ap_rsn)) { - WirelessSecurityWPAEAP *ws_wpa_eap; + NMAWsWpaEap *ws_wpa_eap; const char *const*hints = NULL; if (secrets_setting_name && !strcmp (secrets_setting_name, NM_SETTING_802_1X_SETTING_NAME)) hints = secrets_hints; - ws_wpa_eap = ws_wpa_eap_new (priv->connection, FALSE, secrets_only, hints); - if (ws_wpa_eap) { - add_security_item (self, WIRELESS_SECURITY (ws_wpa_eap), sec_model, - &iter, _("WPA & WPA2 Enterprise")); - if ((active < 0) && ((default_type == NMU_SEC_WPA_ENTERPRISE) || (default_type == NMU_SEC_WPA2_ENTERPRISE))) - active = item; - item++; - } + ws_wpa_eap = nma_ws_wpa_eap_new (priv->connection, FALSE, secrets_only, hints); + add_security_item (self, NMA_WS (ws_wpa_eap), sec_model, + &iter, _("WPA & WPA2 Enterprise")); + if ((active < 0) && ((default_type == NMU_SEC_WPA_ENTERPRISE) || (default_type == NMU_SEC_WPA2_ENTERPRISE))) + active = item; + item++; } if (security_valid (NMU_SEC_SAE, mode, dev_caps, !!priv->ap, ap_flags, ap_wpa, ap_rsn)) { - WirelessSecuritySAE *ws_sae; - - ws_sae = ws_sae_new (priv->connection, secrets_only); - if (ws_sae) { - add_security_item (self, WIRELESS_SECURITY (ws_sae), sec_model, - &iter, _("WPA3 Personal")); - if (active < 0 && default_type == NMU_SEC_SAE) - active = item; - item++; - } + NMAWsSae *ws_sae; + + ws_sae = nma_ws_sae_new (priv->connection, secrets_only); + add_security_item (self, NMA_WS (ws_sae), sec_model, + &iter, _("WPA3 Personal")); + if (active < 0 && default_type == NMU_SEC_SAE) + active = item; + item++; } gtk_combo_box_set_model (GTK_COMBO_BOX (priv->sec_combo), GTK_TREE_MODEL (sec_model)); @@ -1245,7 +1237,7 @@ nma_wifi_dialog_get_connection (NMAWifiDialog *self, NMAWifiDialogPrivate *priv; GtkWidget *combo; GtkTreeModel *model; - WirelessSecurity *sec = NULL; + NMAWs *ws = NULL; GtkTreeIter iter; NMConnection *connection; NMSettingWireless *s_wireless; @@ -1298,14 +1290,14 @@ nma_wifi_dialog_get_connection (NMAWifiDialog *self, /* Fill security */ model = gtk_combo_box_get_model (GTK_COMBO_BOX (priv->sec_combo)); if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (priv->sec_combo), &iter)) - gtk_tree_model_get (model, &iter, S_SEC_COLUMN, &sec, -1); - if (sec) { - wireless_security_fill_connection (sec, connection); - wireless_security_unref (sec); + gtk_tree_model_get (model, &iter, S_SEC_COLUMN, &ws, -1); + if (ws) { + nma_ws_fill_connection (ws, connection); + g_object_unref (ws); } /* Save new CA cert ignore values to GSettings */ - eap_method_ca_cert_ignore_save (connection); + nma_eap_ca_cert_ignore_save (connection); /* Fill device */ if (device) { @@ -1348,7 +1340,7 @@ internal_new_dialog (NMClient *client, priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL); /* Handle CA cert ignore stuff */ - eap_method_ca_cert_ignore_load (connection); + nma_eap_ca_cert_ignore_load (connection); if (!internal_init (self, connection, device, secrets_only, secrets_setting_name, secrets_hints)) { g_warning ("Couldn't create Wi-Fi security dialog."); -- GitLab From 77e859fd3fb3c8112554d4e01f3cc08147393ad9 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Tue, 29 Oct 2019 16:28:05 +0100 Subject: [PATCH 5/5] wireless-security: drop This is now replaced by functionality provided directly by libnma, --- Makefile.am | 127 +---- meson.build | 2 - po/POTFILES.in | 24 - src/meson.build | 4 - src/wireless-security/eap-method-fast.c | 439 --------------- src/wireless-security/eap-method-fast.h | 22 - src/wireless-security/eap-method-fast.ui | 183 ------- src/wireless-security/eap-method-leap.c | 257 --------- src/wireless-security/eap-method-leap.h | 21 - src/wireless-security/eap-method-leap.ui | 99 ---- src/wireless-security/eap-method-peap.c | 487 ----------------- src/wireless-security/eap-method-peap.h | 22 - src/wireless-security/eap-method-peap.ui | 215 -------- src/wireless-security/eap-method-simple.c | 484 ----------------- src/wireless-security/eap-method-simple.h | 51 -- src/wireless-security/eap-method-simple.ui | 158 ------ src/wireless-security/eap-method-tls.c | 498 ----------------- src/wireless-security/eap-method-tls.h | 22 - src/wireless-security/eap-method-tls.ui | 106 ---- src/wireless-security/eap-method-ttls.c | 522 ------------------ src/wireless-security/eap-method-ttls.h | 22 - src/wireless-security/eap-method-ttls.ui | 165 ------ src/wireless-security/eap-method.c | 427 --------------- src/wireless-security/eap-method.h | 107 ---- src/wireless-security/helpers.c | 39 -- src/wireless-security/helpers.h | 21 - src/wireless-security/meson.build | 75 --- src/wireless-security/wireless-security.c | 594 --------------------- src/wireless-security/wireless-security.h | 137 ----- src/wireless-security/ws-dynamic-wep.c | 119 ----- src/wireless-security/ws-dynamic-wep.h | 18 - src/wireless-security/ws-dynamic-wep.ui | 87 --- src/wireless-security/ws-leap.c | 207 ------- src/wireless-security/ws-leap.h | 16 - src/wireless-security/ws-leap.ui | 100 ---- src/wireless-security/ws-sae.c | 203 ------- src/wireless-security/ws-sae.h | 16 - src/wireless-security/ws-sae.ui | 98 ---- src/wireless-security/ws-wep-key.c | 355 ------------ src/wireless-security/ws-wep-key.h | 19 - src/wireless-security/ws-wep-key.ui | 172 ------ src/wireless-security/ws-wpa-eap.c | 121 ----- src/wireless-security/ws-wpa-eap.h | 19 - src/wireless-security/ws-wpa-eap.ui | 87 --- src/wireless-security/ws-wpa-psk.c | 220 -------- src/wireless-security/ws-wpa-psk.h | 16 - src/wireless-security/ws-wpa-psk.ui | 98 ---- src/wireless-security/ws.gresource.xml | 17 - 48 files changed, 3 insertions(+), 7315 deletions(-) delete mode 100644 src/wireless-security/eap-method-fast.c delete mode 100644 src/wireless-security/eap-method-fast.h delete mode 100644 src/wireless-security/eap-method-fast.ui delete mode 100644 src/wireless-security/eap-method-leap.c delete mode 100644 src/wireless-security/eap-method-leap.h delete mode 100644 src/wireless-security/eap-method-leap.ui delete mode 100644 src/wireless-security/eap-method-peap.c delete mode 100644 src/wireless-security/eap-method-peap.h delete mode 100644 src/wireless-security/eap-method-peap.ui delete mode 100644 src/wireless-security/eap-method-simple.c delete mode 100644 src/wireless-security/eap-method-simple.h delete mode 100644 src/wireless-security/eap-method-simple.ui delete mode 100644 src/wireless-security/eap-method-tls.c delete mode 100644 src/wireless-security/eap-method-tls.h delete mode 100644 src/wireless-security/eap-method-tls.ui delete mode 100644 src/wireless-security/eap-method-ttls.c delete mode 100644 src/wireless-security/eap-method-ttls.h delete mode 100644 src/wireless-security/eap-method-ttls.ui delete mode 100644 src/wireless-security/eap-method.c delete mode 100644 src/wireless-security/eap-method.h delete mode 100644 src/wireless-security/helpers.c delete mode 100644 src/wireless-security/helpers.h delete mode 100644 src/wireless-security/meson.build delete mode 100644 src/wireless-security/wireless-security.c delete mode 100644 src/wireless-security/wireless-security.h delete mode 100644 src/wireless-security/ws-dynamic-wep.c delete mode 100644 src/wireless-security/ws-dynamic-wep.h delete mode 100644 src/wireless-security/ws-dynamic-wep.ui delete mode 100644 src/wireless-security/ws-leap.c delete mode 100644 src/wireless-security/ws-leap.h delete mode 100644 src/wireless-security/ws-leap.ui delete mode 100644 src/wireless-security/ws-sae.c delete mode 100644 src/wireless-security/ws-sae.h delete mode 100644 src/wireless-security/ws-sae.ui delete mode 100644 src/wireless-security/ws-wep-key.c delete mode 100644 src/wireless-security/ws-wep-key.h delete mode 100644 src/wireless-security/ws-wep-key.ui delete mode 100644 src/wireless-security/ws-wpa-eap.c delete mode 100644 src/wireless-security/ws-wpa-eap.h delete mode 100644 src/wireless-security/ws-wpa-eap.ui delete mode 100644 src/wireless-security/ws-wpa-psk.c delete mode 100644 src/wireless-security/ws-wpa-psk.h delete mode 100644 src/wireless-security/ws-wpa-psk.ui delete mode 100644 src/wireless-security/ws.gresource.xml diff --git a/Makefile.am b/Makefile.am index 57e847f6..839e4bb6 100644 --- a/Makefile.am +++ b/Makefile.am @@ -128,124 +128,6 @@ EXTRA_DIST += src/utils/meson.build ############################################################################### -src/wireless-security/ws-resources.h: src/wireless-security/ws.gresource.xml - $(AM_V_GEN) $(GLIB_COMPILE_RESOURCES) $< --target=$@ --sourcedir=$(srcdir)/src/wireless-security --generate-header --internal - -src/wireless-security/ws-resources.c: src/wireless-security/ws.gresource.xml $(shell $(GLIB_COMPILE_RESOURCES) --sourcedir=$(srcdir)/src/wireless-security --generate-dependencies $(srcdir)/src/wireless-security/ws.gresource.xml) - $(AM_V_GEN) $(GLIB_COMPILE_RESOURCES) $< --target=$@ --sourcedir=$(srcdir)/src/wireless-security --generate-source --internal - -CLEANFILES += \ - $(wireless_security_h_gen) \ - $(wireless_security_c_gen) - -wireless_security_h_gen = \ - src/wireless-security/ws-resources.h - -wireless_security_c_gen = \ - src/wireless-security/ws-resources.c - -wireless_security_c_real = \ - src/wireless-security/wireless-security.h \ - src/wireless-security/wireless-security.c \ - src/wireless-security/ws-sae.h \ - src/wireless-security/ws-sae.c \ - src/wireless-security/ws-wep-key.h \ - src/wireless-security/ws-wep-key.c \ - src/wireless-security/ws-wpa-psk.h \ - src/wireless-security/ws-wpa-psk.c \ - src/wireless-security/ws-leap.h \ - src/wireless-security/ws-leap.c \ - src/wireless-security/ws-wpa-eap.h \ - src/wireless-security/ws-wpa-eap.c \ - src/wireless-security/ws-dynamic-wep.h \ - src/wireless-security/ws-dynamic-wep.c \ - src/wireless-security/eap-method.h \ - src/wireless-security/eap-method.c \ - src/wireless-security/eap-method-tls.h \ - src/wireless-security/eap-method-tls.c \ - src/wireless-security/eap-method-leap.h \ - src/wireless-security/eap-method-leap.c \ - src/wireless-security/eap-method-fast.h \ - src/wireless-security/eap-method-fast.c \ - src/wireless-security/eap-method-ttls.h \ - src/wireless-security/eap-method-ttls.c \ - src/wireless-security/eap-method-peap.h \ - src/wireless-security/eap-method-peap.c \ - src/wireless-security/eap-method-simple.h \ - src/wireless-security/eap-method-simple.c \ - src/wireless-security/helpers.h \ - src/wireless-security/helpers.c - - -noinst_LTLIBRARIES += src/wireless-security/libwireless-security-libnm.la - -src_wireless_security_libwireless_security_libnm_la_SOURCES = \ - $(wireless_security_c_real) - -nodist_src_wireless_security_libwireless_security_libnm_la_SOURCES = \ - $(wireless_security_c_gen) - -src_wireless_security_libwireless_security_libnm_la_CPPFLAGS = \ - $(dflt_cppflags) \ - "-I$(srcdir)/shared" \ - "-I$(srcdir)/src/utils" \ - "-I$(srcdir)/src" \ - -Isrc \ - $(GTK3_CFLAGS) \ - $(LIBNM_CFLAGS) - -src_wireless_security_libwireless_security_libnm_la_LIBADD = \ - src/utils/libutils-libnm.la \ - $(GTK3_LIBS) \ - $(LIBNM_LIBS) - -$(src_wireless_security_libwireless_security_libnm_la_OBJECTS): $(wireless_security_h_gen) - -if WITH_LIBNMA_GTK4 - -noinst_LTLIBRARIES += src/wireless-security/libwireless-security-libnm-gtk4.la - -src_wireless_security_libwireless_security_libnm_gtk4_la_SOURCES = \ - $(wireless_security_c_real) - -nodist_src_wireless_security_libwireless_security_libnm_gtk4_la_SOURCES = \ - $(wireless_security_c_gen) - -src_wireless_security_libwireless_security_libnm_gtk4_la_CPPFLAGS = \ - "-I$(srcdir)/shared" \ - "-I$(srcdir)/src/utils" \ - "-I$(srcdir)/src" \ - -Isrc \ - $(GTK4_CFLAGS) \ - $(LIBNM_CFLAGS) - -src_wireless_security_libwireless_security_libnm_gtk4_la_LIBADD = \ - src/utils/libutils-libnm-gtk4.la \ - $(GTK4_LIBS) \ - $(LIBNM_LIBS) - -$(src_wireless_security_libwireless_security_libnm_gtk4_la_OBJECTS): $(wireless_security_h_gen) - -endif - -EXTRA_DIST += \ - src/wireless-security/eap-method-fast.ui \ - src/wireless-security/eap-method-leap.ui \ - src/wireless-security/eap-method-peap.ui \ - src/wireless-security/eap-method-simple.ui \ - src/wireless-security/eap-method-tls.ui \ - src/wireless-security/eap-method-ttls.ui \ - src/wireless-security/ws-dynamic-wep.ui \ - src/wireless-security/ws-leap.ui \ - src/wireless-security/ws-sae.ui \ - src/wireless-security/ws-wep-key.ui \ - src/wireless-security/ws-wpa-eap.ui \ - src/wireless-security/ws-wpa-psk.ui \ - src/wireless-security/ws.gresource.xml \ - src/wireless-security/meson.build - -############################################################################### - src/nma-resources.h: src/nma.gresource.xml $(AM_V_GEN) $(GLIB_COMPILE_RESOURCES) $< --target=$@ --sourcedir=$(srcdir)/src --generate-header --internal @@ -394,7 +276,7 @@ src_libnma_la_CFLAGS = \ $(GCR_CFLAGS) src_libnma_la_LIBADD = \ - src/wireless-security/libwireless-security-libnm.la \ + src/utils/libutils-libnm.la \ $(GTK3_LIBS) \ $(LIBNM_LIBS) \ $(GCR_LIBS) @@ -598,7 +480,6 @@ src_libnma_gtk4_la_CFLAGS = \ -DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_LIB \ "-I$(srcdir)/shared" \ "-I$(srcdir)/src/utils" \ - "-I$(srcdir)/src/wireless-security" \ "-I$(srcdir)/src/nma-ws" \ "-I$(srcdir)/src" \ -Isrc \ @@ -607,7 +488,7 @@ src_libnma_gtk4_la_CFLAGS = \ $(GCR_GCR4_CFLAGS) src_libnma_gtk4_la_LIBADD = \ - src/wireless-security/libwireless-security-libnm-gtk4.la \ + src/utils/libutils-libnm-gtk4.la \ $(GTK4_LIBS) \ $(LIBNM_LIBS) \ $(GCR_GCR4_LIBS) @@ -881,9 +762,7 @@ IGNORE_HFILES = \ nma-pkcs11-token-login-dialog.h \ nma-pkcs11-cert-chooser-dialog.h \ nma-cert-chooser-button.h \ - nma-eap.h \ - eap-method.h \ - wireless-security.h + nma-eap.h mkdb_ignore_c_files = \ nma-resources.c \ diff --git a/meson.build b/meson.build index 41724fa8..f673ecdd 100644 --- a/meson.build +++ b/meson.build @@ -313,8 +313,6 @@ if enable_gtk_doc 'nma-private.h', 'nma-version.h', 'nma-eap.h', - 'eap-method.h', - 'wireless-security.h', ] private_sources = [ diff --git a/po/POTFILES.in b/po/POTFILES.in index 87c2a3de..6982ea78 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -46,27 +46,3 @@ src/nma-ws/nma-ws-wpa-psk.c src/nma-ws/nma-ws-wpa-psk.ui src/wifi.ui src/utils/utils.c -src/wireless-security/eap-method.c -src/wireless-security/eap-method-fast.c -src/wireless-security/eap-method-fast.ui -src/wireless-security/eap-method-leap.c -src/wireless-security/eap-method-leap.ui -src/wireless-security/eap-method-peap.c -src/wireless-security/eap-method-peap.ui -src/wireless-security/eap-method-simple.c -src/wireless-security/eap-method-simple.ui -src/wireless-security/eap-method-tls.c -src/wireless-security/eap-method-tls.ui -src/wireless-security/eap-method-ttls.c -src/wireless-security/eap-method-ttls.ui -src/wireless-security/wireless-security.c -src/wireless-security/ws-dynamic-wep.ui -src/wireless-security/ws-leap.c -src/wireless-security/ws-leap.ui -src/wireless-security/ws-sae.c -src/wireless-security/ws-sae.ui -src/wireless-security/ws-wep-key.c -src/wireless-security/ws-wep-key.ui -src/wireless-security/ws-wpa-eap.ui -src/wireless-security/ws-wpa-psk.c -src/wireless-security/ws-wpa-psk.ui diff --git a/src/meson.build b/src/meson.build index 58948758..e4ca8752 100644 --- a/src/meson.build +++ b/src/meson.build @@ -15,7 +15,6 @@ version_header = configure_file( ) subdir('utils') -subdir('wireless-security') subdir('nma-ws') cert_chooser_headers = files('nma-cert-chooser.h') @@ -70,7 +69,6 @@ incs = [ top_inc, shared_inc, src_inc, - wireless_security_inc, nma_ws_inc, ] @@ -113,7 +111,6 @@ libnma = shared_library( c_args: cflags, link_args: '-Wl,--version-script,' + symbol_map, link_depends: symbol_map, - link_whole: libwireless_security_libnm, install: true, install_dir: nma_libdir ) @@ -133,7 +130,6 @@ if enable_libnma_gtk4 c_args: cflags, link_args: '-Wl,--version-script,' + symbol_map, link_depends: symbol_map, - link_whole: libwireless_security_libnma_gtk4, install: true, install_dir: nma_libdir ) diff --git a/src/wireless-security/eap-method-fast.c b/src/wireless-security/eap-method-fast.c deleted file mode 100644 index 4dd56b23..00000000 --- a/src/wireless-security/eap-method-fast.c +++ /dev/null @@ -1,439 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* - * EAP-FAST authentication method (RFC4851) - * - * Copyright 2012 - 2017 Red Hat, Inc. - */ - -#include "nm-default.h" -#include "nma-private.h" - -#include -#include - -#include "eap-method.h" -#include "wireless-security.h" -#include "utils.h" -#include "helpers.h" - -#define I_NAME_COLUMN 0 -#define I_METHOD_COLUMN 1 - -struct _EAPMethodFAST { - EAPMethod parent; - - const char *password_flags_name; - GtkSizeGroup *size_group; - WirelessSecurity *sec_parent; - gboolean is_editor; -}; - -static void -destroy (EAPMethod *parent) -{ - EAPMethodFAST *method = (EAPMethodFAST *) parent; - - if (method->size_group) - g_object_unref (method->size_group); -} - -static gboolean -validate (EAPMethod *parent, GError **error) -{ - GtkWidget *widget; - GtkTreeModel *model; - GtkTreeIter iter; - EAPMethod *eap = NULL; - const char *file; - gboolean provisioning; - gboolean valid = TRUE; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_checkbutton")); - g_assert (widget); - provisioning = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_button")); - g_assert (widget); - file = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); - if (!provisioning && !file) { - widget_set_error (widget); - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP-FAST PAC file")); - valid = FALSE; - } else - widget_unset_error (widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_combo")); - g_assert (widget); - model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); - gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); - gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); - g_assert (eap); - valid = eap_method_validate (eap, valid ? error : NULL) && valid; - eap_method_unref (eap); - return valid; -} - -static void -add_to_size_group (EAPMethod *parent, GtkSizeGroup *group) -{ - EAPMethodFAST *method = (EAPMethodFAST *) parent; - GtkWidget *widget; - GtkTreeModel *model; - GtkTreeIter iter; - EAPMethod *eap; - - if (method->size_group) - g_object_unref (method->size_group); - method->size_group = g_object_ref (group); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_anon_identity_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_checkbutton")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_combo")); - g_assert (widget); - - model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); - gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); - gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); - g_assert (eap); - eap_method_add_to_size_group (eap, group); - eap_method_unref (eap); -} - -static void -fill_connection (EAPMethod *parent, NMConnection *connection) -{ - NMSetting8021x *s_8021x; - GtkWidget *widget; - const char *text; - char *filename; - EAPMethod *eap = NULL; - GtkTreeModel *model; - GtkTreeIter iter; - gboolean enabled; - int pac_provisioning = 0; - - s_8021x = nm_connection_get_setting_802_1x (connection); - g_assert (s_8021x); - - nm_setting_802_1x_add_eap_method (s_8021x, "fast"); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_anon_identity_entry")); - g_assert (widget); - text = gtk_editable_get_text (GTK_EDITABLE (widget)); - if (text && strlen (text)) - g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_button")); - g_assert (widget); - filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); - g_object_set (s_8021x, NM_SETTING_802_1X_PAC_FILE, filename, NULL); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_checkbutton")); - enabled = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)); - - if (!enabled) - g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING, "0", NULL); - else { - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_combo")); - pac_provisioning = gtk_combo_box_get_active (GTK_COMBO_BOX (widget)); - - switch (pac_provisioning) { - case 0: /* Anonymous */ - g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING, "1", NULL); - break; - case 1: /* Authenticated */ - g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING, "2", NULL); - break; - case 2: /* Both - anonymous and authenticated */ - g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING, "3", NULL); - break; - default: /* Should not happen */ - g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING, "1", NULL); - break; - } - } - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_combo")); - model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); - gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); - gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); - g_assert (eap); - - eap_method_fill_connection (eap, connection); - eap_method_unref (eap); -} - -static void -inner_auth_combo_changed_cb (GtkWidget *combo, gpointer user_data) -{ - EAPMethod *parent = (EAPMethod *) user_data; - EAPMethodFAST *method = (EAPMethodFAST *) parent; - GtkWidget *vbox; - EAPMethod *eap = NULL; - GList *elt, *children; - GtkTreeModel *model; - GtkTreeIter iter; - GtkWidget *eap_widget; - - vbox = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_vbox")); - g_assert (vbox); - - /* Remove any previous wireless security widgets */ - children = gtk_container_get_children (GTK_CONTAINER (vbox)); - for (elt = children; elt; elt = g_list_next (elt)) - gtk_container_remove (GTK_CONTAINER (vbox), GTK_WIDGET (elt->data)); - g_list_free (children); - - model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); - gtk_combo_box_get_active_iter (GTK_COMBO_BOX (combo), &iter); - gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); - g_assert (eap); - - eap_widget = eap_method_get_widget (eap); - g_assert (eap_widget); - gtk_widget_unparent (eap_widget); - - if (method->size_group) - eap_method_add_to_size_group (eap, method->size_group); - gtk_container_add (GTK_CONTAINER (vbox), eap_widget); - - eap_method_unref (eap); - - wireless_security_changed_cb (combo, method->sec_parent); -} - -static GtkWidget * -inner_auth_combo_init (EAPMethodFAST *method, - NMConnection *connection, - NMSetting8021x *s_8021x, - gboolean secrets_only) -{ - EAPMethod *parent = (EAPMethod *) method; - GtkWidget *combo; - GtkListStore *auth_model; - GtkTreeIter iter; - EAPMethodSimple *em_gtc; - EAPMethodSimple *em_mschap_v2; - guint32 active = 0; - const char *phase2_auth = NULL; - EAPMethodSimpleFlags simple_flags; - - auth_model = gtk_list_store_new (2, G_TYPE_STRING, eap_method_get_type ()); - - if (s_8021x) { - if (nm_setting_802_1x_get_phase2_auth (s_8021x)) - phase2_auth = nm_setting_802_1x_get_phase2_auth (s_8021x); - else if (nm_setting_802_1x_get_phase2_autheap (s_8021x)) - phase2_auth = nm_setting_802_1x_get_phase2_autheap (s_8021x); - } - - simple_flags = EAP_METHOD_SIMPLE_FLAG_PHASE2; - if (method->is_editor) - simple_flags |= EAP_METHOD_SIMPLE_FLAG_IS_EDITOR; - if (secrets_only) - simple_flags |= EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY; - - em_gtc = eap_method_simple_new (method->sec_parent, - connection, - EAP_METHOD_SIMPLE_TYPE_GTC, - simple_flags, - NULL); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - I_NAME_COLUMN, _("GTC"), - I_METHOD_COLUMN, em_gtc, - -1); - eap_method_unref (EAP_METHOD (em_gtc)); - - /* Check for defaulting to GTC */ - if (phase2_auth && !strcasecmp (phase2_auth, "gtc")) - active = 0; - - em_mschap_v2 = eap_method_simple_new (method->sec_parent, - connection, - EAP_METHOD_SIMPLE_TYPE_MSCHAP_V2, - simple_flags, - NULL); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - I_NAME_COLUMN, _("MSCHAPv2"), - I_METHOD_COLUMN, em_mschap_v2, - -1); - eap_method_unref (EAP_METHOD (em_mschap_v2)); - - /* Check for defaulting to MSCHAPv2 */ - if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2")) - active = 1; - - combo = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_combo")); - g_assert (combo); - - gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (auth_model)); - g_object_unref (G_OBJECT (auth_model)); - gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active); - - g_signal_connect (G_OBJECT (combo), "changed", - (GCallback) inner_auth_combo_changed_cb, - method); - return combo; -} - -static void -update_secrets (EAPMethod *parent, NMConnection *connection) -{ - eap_method_phase2_update_secrets_helper (parent, - connection, - "eap_fast_inner_auth_combo", - I_METHOD_COLUMN); -} - -static void -pac_toggled_cb (GtkWidget *widget, gpointer user_data) -{ - EAPMethod *parent = (EAPMethod *) user_data; - EAPMethodFAST *method = (EAPMethodFAST *) parent; - gboolean enabled = FALSE; - GtkWidget *provision_combo; - - provision_combo = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_combo")); - g_return_if_fail (provision_combo); - - enabled = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)); - - gtk_widget_set_sensitive (provision_combo, enabled); - - wireless_security_changed_cb (widget, method->sec_parent); -} - -EAPMethodFAST * -eap_method_fast_new (WirelessSecurity *ws_parent, - NMConnection *connection, - gboolean is_editor, - gboolean secrets_only) -{ - EAPMethod *parent; - EAPMethodFAST *method; - GtkWidget *widget; - GtkFileFilter *filter; - NMSetting8021x *s_8021x = NULL; - const char *filename; - gboolean provisioning_enabled = TRUE; - - parent = eap_method_init (sizeof (EAPMethodFAST), - validate, - add_to_size_group, - fill_connection, - update_secrets, - destroy, - "/org/gnome/libnma/eap-method-fast.ui", - "eap_fast_notebook", - "eap_fast_anon_identity_entry", - FALSE); - if (!parent) - return NULL; - - method = (EAPMethodFAST *) parent; - method->password_flags_name = NM_SETTING_802_1X_PASSWORD; - method->sec_parent = ws_parent; - method->is_editor = is_editor; - - if (connection) - s_8021x = nm_connection_get_setting_802_1x (connection); - - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_combo")); - g_assert (widget); - gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0); - if (s_8021x) { - const char *fast_prov; - - fast_prov = nm_setting_802_1x_get_phase1_fast_provisioning (s_8021x); - if (fast_prov) { - if (!strcmp (fast_prov, "0")) - provisioning_enabled = FALSE; - else if (!strcmp (fast_prov, "1")) - gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0); - else if (!strcmp (fast_prov, "2")) - gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1); - else if (!strcmp (fast_prov, "3")) - gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 2); - } - } - gtk_widget_set_sensitive (widget, provisioning_enabled); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - ws_parent); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_checkbutton")); - gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), provisioning_enabled); - g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (pac_toggled_cb), parent); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_anon_identity_entry")); - if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x)) - gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x)); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - ws_parent); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_button")); - g_assert (widget); - gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE); - gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget), - _("Choose a PAC file")); - g_signal_connect (G_OBJECT (widget), "selection-changed", - (GCallback) wireless_security_changed_cb, - ws_parent); - - filter = gtk_file_filter_new (); - gtk_file_filter_add_pattern (filter, "*.pac"); - gtk_file_filter_set_name (filter, _("PAC files (*.pac)")); - gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter); - filter = gtk_file_filter_new (); - gtk_file_filter_add_pattern (filter, "*"); - gtk_file_filter_set_name (filter, _("All files")); - gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter); - - if (connection && s_8021x) { - filename = nm_setting_802_1x_get_pac_file (s_8021x); - if (filename) - gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename); - } - - widget = inner_auth_combo_init (method, connection, s_8021x, secrets_only); - inner_auth_combo_changed_cb (widget, (gpointer) method); - - if (secrets_only) { - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_anon_identity_label")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_anon_identity_entry")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_checkbutton")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_combo")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_label")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_button")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_label")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_combo")); - gtk_widget_hide (widget); - } - - return method; -} - diff --git a/src/wireless-security/eap-method-fast.h b/src/wireless-security/eap-method-fast.h deleted file mode 100644 index 0948eb1d..00000000 --- a/src/wireless-security/eap-method-fast.h +++ /dev/null @@ -1,22 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* vim: set ft=c ts=4 sts=4 sw=4 noexpandtab smartindent: */ - -/* EAP-FAST authentication method (RFC4851) - * - * (C) Copyright 2012 Red Hat, Inc. - */ - -#ifndef EAP_METHOD_FAST_H -#define EAP_METHOD_FAST_H - -#include "wireless-security.h" - -typedef struct _EAPMethodFAST EAPMethodFAST; - -EAPMethodFAST *eap_method_fast_new (WirelessSecurity *ws_parent, - NMConnection *connection, - gboolean is_editor, - gboolean secrets_only); - -#endif /* EAP_METHOD_FAST_H */ - diff --git a/src/wireless-security/eap-method-fast.ui b/src/wireless-security/eap-method-fast.ui deleted file mode 100644 index a6b101b1..00000000 --- a/src/wireless-security/eap-method-fast.ui +++ /dev/null @@ -1,183 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - Anonymous - - - Authenticated - - - Both - - - - - True - False - False - False - - - True - False - 6 - 6 - - - True - False - Anony_mous identity - True - eap_fast_anon_identity_entry - 1 - - - 0 - 0 - - - - - True - True - True - True - - - 1 - 0 - - - - - True - False - PAC _file - True - eap_fast_pac_file_button - 1 - - - 0 - 2 - - - - - True - False - - - 1 - 2 - - - - - vertical - True - False - - - - - - 0 - 4 - 2 - - - - - True - False - _Inner authentication - True - eap_fast_inner_auth_combo - 1 - - - 0 - 3 - - - - - True - False - model8 - - - - 0 - - - - - 1 - 3 - - - - - Allow automatic PAC pro_visioning - True - True - False - True - True - - - 0 - 1 - - - - - True - False - model9 - - - - 0 - - - - - 1 - 1 - - - - - - - True - False - - - False - - - - diff --git a/src/wireless-security/eap-method-leap.c b/src/wireless-security/eap-method-leap.c deleted file mode 100644 index ae970736..00000000 --- a/src/wireless-security/eap-method-leap.c +++ /dev/null @@ -1,257 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2014 Red Hat, Inc. - */ - -#include "nm-default.h" -#include "nma-private.h" - -#include -#include - -#include "eap-method.h" -#include "wireless-security.h" -#include "helpers.h" -#include "nma-ui-utils.h" -#include "utils.h" - -struct _EAPMethodLEAP { - EAPMethod parent; - - WirelessSecurity *ws_parent; - - gboolean editing_connection; - - const char *password_flags_name; - GtkEntry *username_entry; - GtkEntry *password_entry; - GtkToggleButton *show_password; -}; - -static void -show_toggled_cb (GtkToggleButton *button, EAPMethodLEAP *method) -{ - gboolean visible; - - visible = gtk_toggle_button_get_active (button); - gtk_entry_set_visibility (method->password_entry, visible); -} - -static gboolean -validate (EAPMethod *parent, GError **error) -{ - EAPMethodLEAP *method = (EAPMethodLEAP *)parent; - const char *text; - gboolean ret = TRUE; - - text = gtk_editable_get_text (GTK_EDITABLE (method->username_entry)); - if (!text || !strlen (text)) { - widget_set_error (GTK_WIDGET (method->username_entry)); - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP-LEAP username")); - ret = FALSE; - } else - widget_unset_error (GTK_WIDGET (method->username_entry)); - - text = gtk_editable_get_text (GTK_EDITABLE (method->password_entry)); - if (!text || !strlen (text)) { - widget_set_error (GTK_WIDGET (method->password_entry)); - if (ret) { - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP-LEAP password")); - ret = FALSE; - } - } else - widget_unset_error (GTK_WIDGET (method->password_entry)); - - return ret; -} - -static void -add_to_size_group (EAPMethod *parent, GtkSizeGroup *group) -{ - GtkWidget *widget; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_username_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_password_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); -} - -static void -fill_connection (EAPMethod *parent, NMConnection *connection) -{ - EAPMethodLEAP *method = (EAPMethodLEAP *) parent; - NMSetting8021x *s_8021x; - NMSettingSecretFlags secret_flags; - GtkWidget *passwd_entry; - - s_8021x = nm_connection_get_setting_802_1x (connection); - g_assert (s_8021x); - - nm_setting_802_1x_add_eap_method (s_8021x, "leap"); - - g_object_set (s_8021x, - NM_SETTING_802_1X_IDENTITY, gtk_editable_get_text (GTK_EDITABLE (method->username_entry)), - NM_SETTING_802_1X_PASSWORD, gtk_editable_get_text (GTK_EDITABLE (method->password_entry)), - NULL); - - passwd_entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_password_entry")); - g_assert (passwd_entry); - - /* Save 802.1X password flags to the connection */ - secret_flags = nma_utils_menu_to_secret_flags (passwd_entry); - nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->password_flags_name, - secret_flags, NULL); - - /* Update secret flags and popup when editing the connection */ - if (method->editing_connection) - nma_utils_update_password_storage (passwd_entry, secret_flags, - NM_SETTING (s_8021x), method->password_flags_name); -} - -static void -update_secrets (EAPMethod *parent, NMConnection *connection) -{ - helper_fill_secret_entry (connection, - parent->builder, - "eap_leap_password_entry", - NM_TYPE_SETTING_802_1X, - (HelperSecretFunc) nm_setting_802_1x_get_password); -} - -/* Set the UI fields for user, password and show_password to the - * values as provided by method->ws_parent. */ -static void -set_userpass_ui (EAPMethodLEAP *method) -{ - if (method->ws_parent->username) { - gtk_editable_set_text (GTK_EDITABLE (method->username_entry), - method->ws_parent->username); - } else { - gtk_editable_set_text (GTK_EDITABLE (method->username_entry), ""); - } - - if (method->ws_parent->password && !method->ws_parent->always_ask) { - gtk_editable_set_text (GTK_EDITABLE (method->password_entry), - method->ws_parent->password); - } else { - gtk_editable_set_text (GTK_EDITABLE (method->password_entry), ""); - } - - gtk_toggle_button_set_active (method->show_password, method->ws_parent->show_password); -} - -static void -widgets_realized (GtkWidget *widget, EAPMethodLEAP *method) -{ - set_userpass_ui (method); -} - -static void -widgets_unrealized (GtkWidget *widget, EAPMethodLEAP *method) -{ - wireless_security_set_userpass (method->ws_parent, - gtk_editable_get_text (GTK_EDITABLE (method->username_entry)), - gtk_editable_get_text (GTK_EDITABLE (method->password_entry)), - (gboolean) -1, - gtk_toggle_button_get_active (method->show_password)); -} - -static void -destroy (EAPMethod *parent) -{ - EAPMethodLEAP *method = (EAPMethodLEAP *) parent; - GtkWidget *widget; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_notebook")); - g_assert (widget); - g_signal_handlers_disconnect_by_data (widget, method); - - g_signal_handlers_disconnect_by_data (method->username_entry, method->ws_parent); - g_signal_handlers_disconnect_by_data (method->password_entry, method->ws_parent); - g_signal_handlers_disconnect_by_data (method->show_password, method); -} - -EAPMethodLEAP * -eap_method_leap_new (WirelessSecurity *ws_parent, - NMConnection *connection, - gboolean secrets_only) -{ - EAPMethodLEAP *method; - EAPMethod *parent; - GtkWidget *widget; - NMSetting8021x *s_8021x = NULL; - - parent = eap_method_init (sizeof (EAPMethodLEAP), - validate, - add_to_size_group, - fill_connection, - update_secrets, - destroy, - "/org/gnome/libnma/eap-method-leap.ui", - "eap_leap_notebook", - "eap_leap_username_entry", - FALSE); - if (!parent) - return NULL; - - method = (EAPMethodLEAP *) parent; - method->password_flags_name = NM_SETTING_802_1X_PASSWORD; - method->editing_connection = secrets_only ? FALSE : TRUE; - method->ws_parent = ws_parent; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_notebook")); - g_assert (widget); - g_signal_connect (G_OBJECT (widget), "realize", - (GCallback) widgets_realized, - method); - g_signal_connect (G_OBJECT (widget), "unrealize", - (GCallback) widgets_unrealized, - method); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_username_entry")); - g_assert (widget); - method->username_entry = GTK_ENTRY (widget); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - ws_parent); - - if (secrets_only) - gtk_widget_set_sensitive (widget, FALSE); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_password_entry")); - g_assert (widget); - method->password_entry = GTK_ENTRY (widget); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - ws_parent); - - /* Create password-storage popup menu for password entry under entry's secondary icon */ - if (connection) - s_8021x = nm_connection_get_setting_802_1x (connection); - nma_utils_setup_password_storage (widget, 0, (NMSetting *) s_8021x, method->password_flags_name, - FALSE, secrets_only); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_eapleap")); - g_assert (widget); - method->show_password = GTK_TOGGLE_BUTTON (widget); - g_signal_connect (G_OBJECT (widget), "toggled", - (GCallback) show_toggled_cb, - parent); - - /* Initialize the UI fields with the security settings from method->ws_parent. - * This will be done again when the widget gets realized. It must be done here as well, - * because the outer dialog will ask to 'validate' the connection before the security tab - * is shown/realized (to enable the 'Apply' button). - * As 'validate' accesses the contents of the UI fields, they must be initialized now, even - * if the widgets are not yet visible. */ - set_userpass_ui (method); - - return method; -} - diff --git a/src/wireless-security/eap-method-leap.h b/src/wireless-security/eap-method-leap.h deleted file mode 100644 index 457d13ca..00000000 --- a/src/wireless-security/eap-method-leap.h +++ /dev/null @@ -1,21 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * (C) Copyright 2007 - 2010 Red Hat, Inc. - */ - -#ifndef EAP_METHOD_LEAP_H -#define EAP_METHOD_LEAP_H - -#include "wireless-security.h" - -typedef struct _EAPMethodLEAP EAPMethodLEAP; - -EAPMethodLEAP *eap_method_leap_new (WirelessSecurity *ws_parent, - NMConnection *connection, - gboolean secrets_only); - -#endif /* EAP_METHOD_LEAP_H */ - diff --git a/src/wireless-security/eap-method-leap.ui b/src/wireless-security/eap-method-leap.ui deleted file mode 100644 index 406a61a2..00000000 --- a/src/wireless-security/eap-method-leap.ui +++ /dev/null @@ -1,99 +0,0 @@ - - - - - - True - False - False - False - - - True - False - start - 6 - 6 - - - True - False - _Username - True - eap_leap_username_entry - 1 - - - 0 - 0 - - - - - True - False - _Password - True - eap_leap_password_entry - 1 - - - 0 - 1 - - - - - True - True - True - False - True - - - 1 - 1 - - - - - Sho_w password - True - True - False - True - True - True - - - 1 - 2 - - - - - True - True - True - - - 1 - 0 - - - - - - - - - - True - False - - - False - - - - diff --git a/src/wireless-security/eap-method-peap.c b/src/wireless-security/eap-method-peap.c deleted file mode 100644 index 6b263649..00000000 --- a/src/wireless-security/eap-method-peap.c +++ /dev/null @@ -1,487 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2017 Red Hat, Inc. - */ - -#include "nm-default.h" -#include "nma-private.h" - -#include -#include - -#include "eap-method.h" -#include "wireless-security.h" -#include "nma-cert-chooser.h" -#include "utils.h" - -#define I_NAME_COLUMN 0 -#define I_METHOD_COLUMN 1 - -struct _EAPMethodPEAP { - EAPMethod parent; - - const char *password_flags_name; - GtkSizeGroup *size_group; - WirelessSecurity *sec_parent; - gboolean is_editor; - GtkWidget *ca_cert_chooser; -}; - -static void -destroy (EAPMethod *parent) -{ - EAPMethodPEAP *method = (EAPMethodPEAP *) parent; - - if (method->size_group) - g_object_unref (method->size_group); -} - -static gboolean -validate (EAPMethod *parent, GError **error) -{ - EAPMethodPEAP *method = (EAPMethodPEAP *) parent; - GtkWidget *widget; - GtkTreeModel *model; - GtkTreeIter iter; - EAPMethod *eap = NULL; - gboolean valid = FALSE; - - if ( gtk_widget_get_sensitive (method->ca_cert_chooser) - && !nma_cert_chooser_validate (NMA_CERT_CHOOSER (method->ca_cert_chooser), error)) - return FALSE; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo")); - g_assert (widget); - - model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); - gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); - gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); - g_assert (eap); - valid = eap_method_validate (eap, error); - eap_method_unref (eap); - return valid; -} - -static void -ca_cert_not_required_toggled (GtkWidget *button, gpointer user_data) -{ - EAPMethodPEAP *method = (EAPMethodPEAP *) user_data; - - gtk_widget_set_sensitive (method->ca_cert_chooser, - !gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button))); -} - -static void -add_to_size_group (EAPMethod *parent, GtkSizeGroup *group) -{ - EAPMethodPEAP *method = (EAPMethodPEAP *) parent; - GtkWidget *widget; - GtkTreeModel *model; - GtkTreeIter iter; - EAPMethod *eap; - - if (method->size_group) - g_object_unref (method->size_group); - method->size_group = g_object_ref (group); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_domain_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - - nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->ca_cert_chooser), group); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo")); - g_assert (widget); - - model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); - gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); - gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); - g_assert (eap); - eap_method_add_to_size_group (eap, group); - eap_method_unref (eap); -} - -static void -fill_connection (EAPMethod *parent, NMConnection *connection) -{ - EAPMethodPEAP *method = (EAPMethodPEAP *) parent; - NMSetting8021x *s_8021x; - NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; - GtkWidget *widget; - const char *text; - char *value = NULL; - EAPMethod *eap = NULL; - GtkTreeModel *model; - GtkTreeIter iter; - int peapver_active = 0; - GError *error = NULL; - gboolean ca_cert_error = FALSE; - NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN; - NMSettingSecretFlags secret_flags; - - s_8021x = nm_connection_get_setting_802_1x (connection); - g_assert (s_8021x); - - nm_setting_802_1x_add_eap_method (s_8021x, "peap"); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_entry")); - g_assert (widget); - text = gtk_editable_get_text (GTK_EDITABLE (widget)); - if (text && strlen (text)) - g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_domain_entry")); - g_assert (widget); - text = gtk_editable_get_text (GTK_EDITABLE (widget)); - if (text && strlen (text)) - g_object_set (s_8021x, NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH, text, NULL); - - /* Save CA certificate PIN and its flags to the connection */ - secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser)); - nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_CA_CERT_PASSWORD, - secret_flags, NULL); - if (method->is_editor) { - /* Update secret flags and popup when editing the connection */ - nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser), - secret_flags, NM_SETTING (s_8021x), - NM_SETTING_802_1X_CA_CERT_PASSWORD); - g_object_set (s_8021x, NM_SETTING_802_1X_CA_CERT_PASSWORD, - nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->ca_cert_chooser)), - NULL); - } - - /* TLS CA certificate */ - if (gtk_widget_get_sensitive (method->ca_cert_chooser)) - value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme); - format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; - if (!nm_setting_802_1x_set_ca_cert (s_8021x, value, scheme, &format, &error)) { - g_warning ("Couldn't read CA certificate '%s': %s", value, error ? error->message : "(unknown)"); - g_clear_error (&error); - ca_cert_error = TRUE; - } - eap_method_ca_cert_ignore_set (parent, connection, value, ca_cert_error); - g_free (value); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_combo")); - peapver_active = gtk_combo_box_get_active (GTK_COMBO_BOX (widget)); - switch (peapver_active) { - case 1: /* PEAP v0 */ - g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_PEAPVER, "0", NULL); - break; - case 2: /* PEAP v1 */ - g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_PEAPVER, "1", NULL); - break; - default: /* Automatic */ - g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_PEAPVER, NULL, NULL); - break; - } - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo")); - model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); - gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); - gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); - g_assert (eap); - - eap_method_fill_connection (eap, connection); - eap_method_unref (eap); -} -static void -inner_auth_combo_changed_cb (GtkWidget *combo, gpointer user_data) -{ - EAPMethod *parent = (EAPMethod *) user_data; - EAPMethodPEAP *method = (EAPMethodPEAP *) parent; - GtkWidget *vbox; - EAPMethod *eap = NULL; - GList *elt, *children; - GtkTreeModel *model; - GtkTreeIter iter; - GtkWidget *eap_widget; - - vbox = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_vbox")); - g_assert (vbox); - - /* Remove any previous wireless security widgets */ - children = gtk_container_get_children (GTK_CONTAINER (vbox)); - for (elt = children; elt; elt = g_list_next (elt)) - gtk_container_remove (GTK_CONTAINER (vbox), GTK_WIDGET (elt->data)); - - model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); - gtk_combo_box_get_active_iter (GTK_COMBO_BOX (combo), &iter); - gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); - g_assert (eap); - - eap_widget = eap_method_get_widget (eap); - g_assert (eap_widget); - gtk_widget_unparent (eap_widget); - - if (method->size_group) - eap_method_add_to_size_group (eap, method->size_group); - gtk_container_add (GTK_CONTAINER (vbox), eap_widget); - - eap_method_unref (eap); - - wireless_security_changed_cb (combo, method->sec_parent); -} - -static GtkWidget * -inner_auth_combo_init (EAPMethodPEAP *method, - NMConnection *connection, - NMSetting8021x *s_8021x, - gboolean secrets_only) -{ - EAPMethod *parent = (EAPMethod *) method; - GtkWidget *combo; - GtkListStore *auth_model; - GtkTreeIter iter; - EAPMethodSimple *em_mschap_v2; - EAPMethodSimple *em_md5; - EAPMethodSimple *em_gtc; - guint32 active = 0; - const char *phase2_auth = NULL; - EAPMethodSimpleFlags simple_flags; - - auth_model = gtk_list_store_new (2, G_TYPE_STRING, eap_method_get_type ()); - - if (s_8021x) { - if (nm_setting_802_1x_get_phase2_auth (s_8021x)) - phase2_auth = nm_setting_802_1x_get_phase2_auth (s_8021x); - else if (nm_setting_802_1x_get_phase2_autheap (s_8021x)) - phase2_auth = nm_setting_802_1x_get_phase2_autheap (s_8021x); - } - - simple_flags = EAP_METHOD_SIMPLE_FLAG_PHASE2; - if (method->is_editor) - simple_flags |= EAP_METHOD_SIMPLE_FLAG_IS_EDITOR; - if (secrets_only) - simple_flags |= EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY; - - em_mschap_v2 = eap_method_simple_new (method->sec_parent, - connection, - EAP_METHOD_SIMPLE_TYPE_MSCHAP_V2, - simple_flags, - NULL); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - I_NAME_COLUMN, _("MSCHAPv2"), - I_METHOD_COLUMN, em_mschap_v2, - -1); - eap_method_unref (EAP_METHOD (em_mschap_v2)); - - /* Check for defaulting to MSCHAPv2 */ - if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2")) - active = 0; - - em_md5 = eap_method_simple_new (method->sec_parent, - connection, - EAP_METHOD_SIMPLE_TYPE_MD5, - simple_flags, - NULL); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - I_NAME_COLUMN, _("MD5"), - I_METHOD_COLUMN, em_md5, - -1); - eap_method_unref (EAP_METHOD (em_md5)); - - /* Check for defaulting to MD5 */ - if (phase2_auth && !strcasecmp (phase2_auth, "md5")) - active = 1; - - em_gtc = eap_method_simple_new (method->sec_parent, - connection, - EAP_METHOD_SIMPLE_TYPE_GTC, - simple_flags, - NULL); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - I_NAME_COLUMN, _("GTC"), - I_METHOD_COLUMN, em_gtc, - -1); - eap_method_unref (EAP_METHOD (em_gtc)); - - /* Check for defaulting to GTC */ - if (phase2_auth && !strcasecmp (phase2_auth, "gtc")) - active = 2; - - combo = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo")); - g_assert (combo); - - gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (auth_model)); - g_object_unref (G_OBJECT (auth_model)); - gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active); - - g_signal_connect (G_OBJECT (combo), "changed", - (GCallback) inner_auth_combo_changed_cb, - method); - return combo; -} - -static void -update_secrets (EAPMethod *parent, NMConnection *connection) -{ - eap_method_phase2_update_secrets_helper (parent, - connection, - "eap_peap_inner_auth_combo", - I_METHOD_COLUMN); -} - -EAPMethodPEAP * -eap_method_peap_new (WirelessSecurity *ws_parent, - NMConnection *connection, - gboolean is_editor, - gboolean secrets_only) -{ - EAPMethod *parent; - EAPMethodPEAP *method; - GtkWidget *widget; - NMSetting8021x *s_8021x = NULL; - gboolean ca_not_required = FALSE; - - parent = eap_method_init (sizeof (EAPMethodPEAP), - validate, - add_to_size_group, - fill_connection, - update_secrets, - destroy, - "/org/gnome/libnma/eap-method-peap.ui", - "eap_peap_notebook", - "eap_peap_anon_identity_entry", - FALSE); - if (!parent) - return NULL; - - method = (EAPMethodPEAP *) parent; - method->password_flags_name = NM_SETTING_802_1X_PASSWORD; - method->sec_parent = ws_parent; - method->is_editor = is_editor; - - if (connection) - s_8021x = nm_connection_get_setting_802_1x (connection); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_grid")); - g_assert (widget); - - method->ca_cert_chooser = nma_cert_chooser_new ("CA", - NMA_CERT_CHOOSER_FLAG_CERT - | (secrets_only ? NMA_CERT_CHOOSER_FLAG_PASSWORDS : 0)); - gtk_grid_attach (GTK_GRID (widget), method->ca_cert_chooser, 0, 2, 2, 1); - gtk_widget_show (method->ca_cert_chooser); - - g_signal_connect (method->ca_cert_chooser, - "cert-validate", - G_CALLBACK (eap_method_ca_cert_validate_cb), - NULL); - g_signal_connect (method->ca_cert_chooser, - "changed", - G_CALLBACK (wireless_security_changed_cb), - ws_parent); - - eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x, - nm_setting_802_1x_get_ca_cert_scheme, - nm_setting_802_1x_get_ca_cert_path, - nm_setting_802_1x_get_ca_cert_uri, - nm_setting_802_1x_get_ca_cert_password, - NULL, - NULL, - NULL, - NULL); - - if (connection && eap_method_ca_cert_ignore_get (parent, connection)) { - gchar *ca_cert; - NMSetting8021xCKScheme scheme; - - ca_cert = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme); - if (ca_cert) - g_free (ca_cert); - else - ca_not_required = TRUE; - } - - if (secrets_only) - ca_not_required = TRUE; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_not_required_checkbox")); - g_assert (widget); - g_signal_connect (G_OBJECT (widget), "toggled", - (GCallback) ca_cert_not_required_toggled, - parent); - g_signal_connect (G_OBJECT (widget), "toggled", - (GCallback) wireless_security_changed_cb, - ws_parent); - gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), ca_not_required); - - widget = inner_auth_combo_init (method, connection, s_8021x, secrets_only); - inner_auth_combo_changed_cb (widget, (gpointer) method); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_combo")); - g_assert (widget); - gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0); - if (s_8021x) { - const char *peapver; - - peapver = nm_setting_802_1x_get_phase1_peapver (s_8021x); - if (peapver) { - /* Index 0 is "Automatic" */ - if (!strcmp (peapver, "0")) - gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1); - else if (!strcmp (peapver, "1")) - gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 2); - } - } - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - ws_parent); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_entry")); - if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x)) - gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x)); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - ws_parent); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_domain_entry")); - if (s_8021x && nm_setting_802_1x_get_domain_suffix_match (s_8021x)) - gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_domain_suffix_match (s_8021x)); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - ws_parent); - - if (secrets_only) { - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_label")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_entry")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_domain_label")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_domain_entry")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_not_required_checkbox")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_label")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_label")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_combo")); - gtk_widget_hide (widget); - } - - return method; -} - diff --git a/src/wireless-security/eap-method-peap.h b/src/wireless-security/eap-method-peap.h deleted file mode 100644 index 812d5b70..00000000 --- a/src/wireless-security/eap-method-peap.h +++ /dev/null @@ -1,22 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * (C) Copyright 2007 - 2010 Red Hat, Inc. - */ - -#ifndef EAP_METHOD_PEAP_H -#define EAP_METHOD_PEAP_H - -#include "wireless-security.h" - -typedef struct _EAPMethodPEAP EAPMethodPEAP; - -EAPMethodPEAP *eap_method_peap_new (WirelessSecurity *ws_parent, - NMConnection *connection, - gboolean is_editor, - gboolean secrets_only); - -#endif /* EAP_METHOD_PEAP_H */ - diff --git a/src/wireless-security/eap-method-peap.ui b/src/wireless-security/eap-method-peap.ui deleted file mode 100644 index 65ca6258..00000000 --- a/src/wireless-security/eap-method-peap.ui +++ /dev/null @@ -1,215 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - Automatic - - - Version 0 - - - Version 1 - - - - - True - False - False - False - - - True - False - 6 - 6 - - - True - False - Anony_mous identity - True - eap_peap_anon_identity_entry - 1 - - - 0 - 0 - - - - - True - True - True - True - - - 1 - 0 - - - - - No CA certificate is _required - True - True - False - True - True - True - - - 1 - 3 - - - - - True - False - PEAP _version - True - eap_peap_version_combo - 1 - - - 0 - 4 - - - - - True - False - True - model9 - - - - 0 - - - - - 1 - 4 - - - - - True - False - _Inner authentication - True - eap_peap_inner_auth_combo - 1 - - - 0 - 5 - - - - - True - False - True - model8 - - - - 0 - - - - - 1 - 5 - - - - - vertical - True - False - - - - - - 0 - 6 - 2 - - - - - True - False - Suffix of the server certificate name. - _Domain - True - eap_peap_domain_entry - 1 - - - 0 - 1 - - - - - True - True - True - True - - - 1 - 1 - - - - - - - - - - - - - - eap_peap_grid - - - - - True - False - - - False - - - - diff --git a/src/wireless-security/eap-method-simple.c b/src/wireless-security/eap-method-simple.c deleted file mode 100644 index 8f3b03e0..00000000 --- a/src/wireless-security/eap-method-simple.c +++ /dev/null @@ -1,484 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2014 Red Hat, Inc. - */ - -#include "nm-default.h" -#include "nma-private.h" - -#include -#include - -#include "eap-method.h" -#include "wireless-security.h" -#include "helpers.h" -#include "nma-ui-utils.h" -#include "utils.h" - -struct _EAPMethodSimple { - EAPMethod parent; - - WirelessSecurity *ws_parent; - - const char *password_flags_name; - EAPMethodSimpleType type; - EAPMethodSimpleFlags flags; - - gboolean username_requested; - gboolean password_requested; - gboolean pkey_passphrase_requested; - GtkEntry *username_entry; - GtkEntry *password_entry; - GtkToggleButton *show_password; - GtkEntry *pkey_passphrase_entry; - GtkToggleButton *show_pkey_passphrase; - guint idle_func_id; -}; - -static void -show_password_toggled_cb (GtkToggleButton *button, EAPMethodSimple *method) -{ - gboolean visible; - - visible = gtk_toggle_button_get_active (button); - gtk_entry_set_visibility (method->password_entry, visible); -} - -static void -show_pkey_passphrase_toggled_cb (GtkToggleButton *button, EAPMethodSimple *method) -{ - gboolean visible; - - visible = gtk_toggle_button_get_active (button); - gtk_entry_set_visibility (method->pkey_passphrase_entry, visible); -} - -static gboolean -always_ask_selected (GtkEntry *passwd_entry) -{ - return !!( nma_utils_menu_to_secret_flags (GTK_WIDGET (passwd_entry)) - & NM_SETTING_SECRET_FLAG_NOT_SAVED); -} - -static gboolean -validate (EAPMethod *parent, GError **error) -{ - EAPMethodSimple *method = (EAPMethodSimple *)parent; - const char *text; - gboolean ret = TRUE; - - if (method->username_requested) { - text = gtk_editable_get_text (GTK_EDITABLE (method->username_entry)); - if (!text || !strlen (text)) { - widget_set_error (GTK_WIDGET (method->username_entry)); - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP username")); - ret = FALSE; - } else - widget_unset_error (GTK_WIDGET (method->username_entry)); - } - - /* Check if the password should always be requested */ - if (method->password_requested) { - if (always_ask_selected (method->password_entry)) - widget_unset_error (GTK_WIDGET (method->password_entry)); - else { - text = gtk_editable_get_text (GTK_EDITABLE (method->password_entry)); - if (!text || !strlen (text)) { - widget_set_error (GTK_WIDGET (method->password_entry)); - if (ret) { - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, - _("missing EAP password")); - ret = FALSE; - } - } else - widget_unset_error (GTK_WIDGET (method->password_entry)); - } - } - - if (method->pkey_passphrase_requested) { - text = gtk_editable_get_text (GTK_EDITABLE (method->pkey_passphrase_entry)); - if (!text || !strlen (text)) { - widget_set_error (GTK_WIDGET (method->pkey_passphrase_entry)); - if (ret) { - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, - _("missing EAP client Private Key passphrase")); - ret = FALSE; - } - } else - widget_unset_error (GTK_WIDGET (method->pkey_passphrase_entry)); - } - - return ret; -} - -static void -add_to_size_group (EAPMethod *parent, GtkSizeGroup *group) -{ - EAPMethodSimple *method = (EAPMethodSimple *) parent; - GtkWidget *widget; - - if (method->username_requested) { - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - } - - if (method->password_requested) { - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - } - - if (method->pkey_passphrase_requested) { - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_pkey_passphrase_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - } -} - -typedef struct { - const char *name; - gboolean autheap_allowed; -} EapType; - -/* Indexed by EAP_METHOD_SIMPLE_TYPE_* */ -static const EapType eap_table[EAP_METHOD_SIMPLE_TYPE_LAST] = { - [EAP_METHOD_SIMPLE_TYPE_PAP] = { "pap", FALSE }, - [EAP_METHOD_SIMPLE_TYPE_MSCHAP] = { "mschap", FALSE }, - [EAP_METHOD_SIMPLE_TYPE_MSCHAP_V2] = { "mschapv2", TRUE }, - [EAP_METHOD_SIMPLE_TYPE_PLAIN_MSCHAP_V2] = { "mschapv2", FALSE }, - [EAP_METHOD_SIMPLE_TYPE_MD5] = { "md5", TRUE }, - [EAP_METHOD_SIMPLE_TYPE_PWD] = { "pwd", TRUE }, - [EAP_METHOD_SIMPLE_TYPE_CHAP] = { "chap", FALSE }, - [EAP_METHOD_SIMPLE_TYPE_GTC] = { "gtc", TRUE }, - [EAP_METHOD_SIMPLE_TYPE_UNKNOWN] = { "unknown", TRUE }, -}; - -static void -fill_connection (EAPMethod *parent, NMConnection *connection) -{ - EAPMethodSimple *method = (EAPMethodSimple *) parent; - NMSetting8021x *s_8021x; - gboolean not_saved = FALSE; - NMSettingSecretFlags flags; - const EapType *eap_type; - - s_8021x = nm_connection_get_setting_802_1x (connection); - g_assert (s_8021x); - - if (!(method->flags & EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY)) { - /* If this is the main EAP method, clear any existing methods because the - * user-selected one will replace it. - */ - if (parent->phase2 == FALSE) - nm_setting_802_1x_clear_eap_methods (s_8021x); - - eap_type = &eap_table[method->type]; - if (parent->phase2) { - /* If the outer EAP method (TLS, TTLS, PEAP, etc) allows inner/phase2 - * EAP methods (which only TTLS allows) *and* the inner/phase2 method - * supports being an inner EAP method, then set PHASE2_AUTHEAP. - * Otherwise the inner/phase2 method goes into PHASE2_AUTH. - */ - if ((method->flags & EAP_METHOD_SIMPLE_FLAG_AUTHEAP_ALLOWED) && eap_type->autheap_allowed) { - g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTHEAP, eap_type->name, NULL); - g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, NULL, NULL); - } else { - g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, eap_type->name, NULL); - g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTHEAP, NULL, NULL); - } - } else - nm_setting_802_1x_add_eap_method (s_8021x, eap_type->name); - } - - if (method->username_requested) { - g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, - gtk_editable_get_text (GTK_EDITABLE (method->username_entry)), - NULL); - } - - if (method->password_requested) { - /* Save the password always ask setting */ - not_saved = always_ask_selected (method->password_entry); - flags = nma_utils_menu_to_secret_flags (GTK_WIDGET (method->password_entry)); - nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->password_flags_name, flags, NULL); - - /* Fill the connection's password if we're in the applet so that it'll get - * back to NM. From the editor though, since the connection isn't going - * back to NM in response to a GetSecrets() call, we don't save it if the - * user checked "Always Ask". - */ - if (!(method->flags & EAP_METHOD_SIMPLE_FLAG_IS_EDITOR) || not_saved == FALSE) { - g_object_set (s_8021x, NM_SETTING_802_1X_PASSWORD, - gtk_editable_get_text (GTK_EDITABLE (method->password_entry)), - NULL); - } - - /* Update secret flags and popup when editing the connection */ - if (!(method->flags & EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY)) { - GtkWidget *passwd_entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, - "eap_simple_password_entry")); - g_assert (passwd_entry); - - nma_utils_update_password_storage (passwd_entry, flags, - NM_SETTING (s_8021x), method->password_flags_name); - } - } - - if (method->pkey_passphrase_requested) { - g_object_set (s_8021x, NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD, - gtk_editable_get_text (GTK_EDITABLE (method->pkey_passphrase_entry)), - NULL); - } -} - -static void -update_secrets (EAPMethod *parent, NMConnection *connection) -{ - helper_fill_secret_entry (connection, - parent->builder, - "eap_simple_password_entry", - NM_TYPE_SETTING_802_1X, - (HelperSecretFunc) nm_setting_802_1x_get_password); - helper_fill_secret_entry (connection, - parent->builder, - "eap_simple_pkey_passphrase_entry", - NM_TYPE_SETTING_802_1X, - (HelperSecretFunc) nm_setting_802_1x_get_private_key_password); -} - -static gboolean -stuff_changed (EAPMethodSimple *method) -{ - wireless_security_changed_cb (NULL, method->ws_parent); - method->idle_func_id = 0; - return FALSE; -} - -static void -password_storage_changed (GObject *entry, - GParamSpec *pspec, - EAPMethodSimple *method) -{ - gboolean always_ask; - gboolean secrets_only = method->flags & EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY; - - always_ask = always_ask_selected (method->password_entry); - - if (always_ask && !secrets_only) { - /* we always clear this button and do not restore it - * (because we want to hide the password). */ - gtk_toggle_button_set_active (method->show_password, FALSE); - } - - gtk_widget_set_sensitive (GTK_WIDGET (method->show_password), - !always_ask || secrets_only); - - if (!method->idle_func_id) - method->idle_func_id = g_idle_add ((GSourceFunc) stuff_changed, method); -} - -/* Set the UI fields for user, password, always_ask and show_password to the - * values as provided by method->ws_parent. */ -static void -set_userpass_ui (EAPMethodSimple *method) -{ - if (method->ws_parent->username) { - gtk_editable_set_text (GTK_EDITABLE (method->username_entry), - method->ws_parent->username); - } else { - gtk_editable_set_text (GTK_EDITABLE (method->username_entry), ""); - } - - if (method->ws_parent->password && !method->ws_parent->always_ask) { - gtk_editable_set_text (GTK_EDITABLE (method->password_entry), - method->ws_parent->password); - } else { - gtk_editable_set_text (GTK_EDITABLE (method->password_entry), ""); - } - - gtk_toggle_button_set_active (method->show_password, method->ws_parent->show_password); - password_storage_changed (NULL, NULL, method); -} - -static void -widgets_realized (GtkWidget *widget, EAPMethodSimple *method) -{ - set_userpass_ui (method); -} - -static void -widgets_unrealized (GtkWidget *widget, EAPMethodSimple *method) -{ - wireless_security_set_userpass (method->ws_parent, - gtk_editable_get_text (GTK_EDITABLE (method->username_entry)), - gtk_editable_get_text (GTK_EDITABLE (method->password_entry)), - always_ask_selected (method->password_entry), - gtk_toggle_button_get_active (method->show_password)); -} - -static void -destroy (EAPMethod *parent) -{ - EAPMethodSimple *method = (EAPMethodSimple *) parent; - GtkWidget *widget; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_notebook")); - g_assert (widget); - g_signal_handlers_disconnect_by_data (widget, method); - - g_signal_handlers_disconnect_by_data (method->username_entry, method->ws_parent); - g_signal_handlers_disconnect_by_data (method->password_entry, method->ws_parent); - g_signal_handlers_disconnect_by_data (method->password_entry, method); - g_signal_handlers_disconnect_by_data (method->show_password, method); - g_signal_handlers_disconnect_by_data (method->pkey_passphrase_entry, method->ws_parent); - g_signal_handlers_disconnect_by_data (method->show_pkey_passphrase, method); - - nm_clear_g_source (&method->idle_func_id); -} - -static void -hide_row (GtkWidget **widgets, size_t num) -{ - while (num--) - gtk_widget_hide (*widgets++); -} - -EAPMethodSimple * -eap_method_simple_new (WirelessSecurity *ws_parent, - NMConnection *connection, - EAPMethodSimpleType type, - EAPMethodSimpleFlags flags, - const char *const*hints) -{ - EAPMethod *parent; - EAPMethodSimple *method; - GtkWidget *widget; - NMSetting8021x *s_8021x = NULL; - GtkWidget *widget_row[10]; - - parent = eap_method_init (sizeof (EAPMethodSimple), - validate, - add_to_size_group, - fill_connection, - update_secrets, - destroy, - "/org/gnome/libnma/eap-method-simple.ui", - "eap_simple_notebook", - "eap_simple_username_entry", - flags & EAP_METHOD_SIMPLE_FLAG_PHASE2); - if (!parent) - return NULL; - - method = (EAPMethodSimple *) parent; - method->password_flags_name = NM_SETTING_802_1X_PASSWORD; - method->ws_parent = ws_parent; - method->flags = flags; - method->type = type; - g_assert (type < EAP_METHOD_SIMPLE_TYPE_LAST); - g_assert ( type != EAP_METHOD_SIMPLE_TYPE_UNKNOWN - || hints); - - if (hints) { - for (; *hints; hints++) { - if (!strcmp (*hints, NM_SETTING_802_1X_IDENTITY)) - method->username_requested = TRUE; - else if (!strcmp (*hints, NM_SETTING_802_1X_PASSWORD)) { - method->password_requested = TRUE; - method->password_flags_name = NM_SETTING_802_1X_PASSWORD; - } else if (!strcmp (*hints, NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD)) - method->pkey_passphrase_requested = TRUE; - } - } else { - method->username_requested = TRUE; - method->password_requested = TRUE; - } - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_notebook")); - g_assert (widget); - g_signal_connect (G_OBJECT (widget), "realize", - (GCallback) widgets_realized, - method); - g_signal_connect (G_OBJECT (widget), "unrealize", - (GCallback) widgets_unrealized, - method); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_entry")); - g_assert (widget); - method->username_entry = GTK_ENTRY (widget); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - ws_parent); - - if ( (method->flags & EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY) - && !method->username_requested) - gtk_widget_set_sensitive (widget, FALSE); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_entry")); - g_assert (widget); - method->password_entry = GTK_ENTRY (widget); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - ws_parent); - - /* Create password-storage popup menu for password entry under entry's secondary icon */ - if (connection) - s_8021x = nm_connection_get_setting_802_1x (connection); - nma_utils_setup_password_storage (widget, 0, (NMSetting *) s_8021x, method->password_flags_name, - FALSE, flags & EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY); - - g_signal_connect (method->password_entry, "notify::secondary-icon-name", - G_CALLBACK (password_storage_changed), - method); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_eapsimple")); - g_assert (widget); - method->show_password = GTK_TOGGLE_BUTTON (widget); - g_signal_connect (G_OBJECT (widget), "toggled", - (GCallback) show_password_toggled_cb, - method); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_pkey_passphrase_entry")); - g_assert (widget); - method->pkey_passphrase_entry = GTK_ENTRY (widget); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - ws_parent); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_show_pkey_passphrase_checkbutton")); - g_assert (widget); - method->show_pkey_passphrase = GTK_TOGGLE_BUTTON (widget); - g_signal_connect (G_OBJECT (widget), "toggled", - (GCallback) show_pkey_passphrase_toggled_cb, - method); - - widget_row[0] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_label")); - widget_row[1] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_entry")); - if (!method->username_requested) - hide_row (widget_row, 2); - - widget_row[0] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_label")); - widget_row[1] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_entry")); - widget_row[2] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_eapsimple")); - if (!method->password_requested) - hide_row (widget_row, 3); - - widget_row[0] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_pkey_passphrase_label")); - widget_row[1] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_pkey_passphrase_entry")); - widget_row[2] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_show_pkey_passphrase_checkbutton")); - if (!method->pkey_passphrase_requested) - hide_row (widget_row, 3); - - /* Initialize the UI fields with the security settings from method->ws_parent. - * This will be done again when the widget gets realized. It must be done here as well, - * because the outer dialog will ask to 'validate' the connection before the security tab - * is shown/realized (to enable the 'Apply' button). - * As 'validate' accesses the contents of the UI fields, they must be initialized now, even - * if the widgets are not yet visible. */ - set_userpass_ui (method); - - return method; -} diff --git a/src/wireless-security/eap-method-simple.h b/src/wireless-security/eap-method-simple.h deleted file mode 100644 index 2c93ab9a..00000000 --- a/src/wireless-security/eap-method-simple.h +++ /dev/null @@ -1,51 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * (C) Copyright 2007 - 2010 Red Hat, Inc. - */ - -#ifndef EAP_METHOD_SIMPLE_H -#define EAP_METHOD_SIMPLE_H - -#include "wireless-security.h" - -typedef enum { - /* NOTE: when updating this table, also update eap_methods[] */ - EAP_METHOD_SIMPLE_TYPE_PAP = 0, - EAP_METHOD_SIMPLE_TYPE_MSCHAP, - EAP_METHOD_SIMPLE_TYPE_MSCHAP_V2, - EAP_METHOD_SIMPLE_TYPE_PLAIN_MSCHAP_V2, - EAP_METHOD_SIMPLE_TYPE_MD5, - EAP_METHOD_SIMPLE_TYPE_PWD, - EAP_METHOD_SIMPLE_TYPE_CHAP, - EAP_METHOD_SIMPLE_TYPE_GTC, - EAP_METHOD_SIMPLE_TYPE_UNKNOWN, - - /* Boundary value, do not use */ - EAP_METHOD_SIMPLE_TYPE_LAST -} EAPMethodSimpleType; - -typedef enum { - EAP_METHOD_SIMPLE_FLAG_NONE = 0x00, - /* Indicates the EAP method is an inner/phase2 method */ - EAP_METHOD_SIMPLE_FLAG_PHASE2 = 0x01, - /* Set by TTLS to indicate that inner/phase2 EAP is allowed */ - EAP_METHOD_SIMPLE_FLAG_AUTHEAP_ALLOWED = 0x02, - /* Set from nm-connection-editor or the GNOME network panel */ - EAP_METHOD_SIMPLE_FLAG_IS_EDITOR = 0x04, - /* Set to indicate that this request is only for secrets */ - EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY = 0x08 -} EAPMethodSimpleFlags; - -typedef struct _EAPMethodSimple EAPMethodSimple; - -EAPMethodSimple *eap_method_simple_new (WirelessSecurity *ws_parent, - NMConnection *connection, - EAPMethodSimpleType type, - EAPMethodSimpleFlags flags, - const char *const*hints); - -#endif /* EAP_METHOD_SIMPLE_H */ - diff --git a/src/wireless-security/eap-method-simple.ui b/src/wireless-security/eap-method-simple.ui deleted file mode 100644 index dd2a343a..00000000 --- a/src/wireless-security/eap-method-simple.ui +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - True - False - False - False - - - True - False - start - 6 - 6 - - - True - False - _Username - True - eap_simple_username_entry - 1 - - - 0 - 0 - - - - - True - False - _Password - True - eap_simple_password_entry - 1 - - - 0 - 1 - - - - - True - True - True - False - True - - - 1 - 1 - - - - - True - True - True - True - - - 1 - 0 - - - - - vertical - True - False - - - Sho_w password - True - True - False - True - True - - - True - True - 0 - - - - - - - - 1 - 2 - - - - - True - False - P_rivate Key Passphrase - True - eap_simple_pkey_passphrase_entry - 1 - - - 0 - 3 - - - - - True - True - True - False - True - - - 1 - 3 - - - - - Sh_ow passphrase - True - True - False - True - True - - - 1 - 4 - - - - - - - - - - - - - True - False - - - False - - - - diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c deleted file mode 100644 index 936753a0..00000000 --- a/src/wireless-security/eap-method-tls.c +++ /dev/null @@ -1,498 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * Lubomir Rintel - * - * Copyright 2007 - 2017 Red Hat, Inc. - */ - -#include "nm-default.h" -#include "nma-private.h" - -#include -#include - -#include "eap-method.h" -#include "wireless-security.h" -#include "helpers.h" -#include "nma-ui-utils.h" -#include "nma-cert-chooser.h" -#include "utils.h" - -struct _EAPMethodTLS { - EAPMethod parent; - - const char *ca_cert_password_flags_name; - const char *client_cert_password_flags_name; - const char *client_key_password_flags_name; - - gboolean editing_connection; - GtkWidget *ca_cert_chooser; - GtkWidget *client_cert_chooser; -}; - - -static gboolean -validate (EAPMethod *parent, GError **error) -{ - EAPMethodTLS *method = (EAPMethodTLS *) parent; - GtkWidget *widget; - const char *identity; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_entry")); - g_assert (widget); - identity = gtk_editable_get_text (GTK_EDITABLE (widget)); - if (!identity || !strlen (identity)) { - widget_set_error (widget); - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP-TLS identity")); - return FALSE; - } else { - widget_unset_error (widget); - } - - if ( gtk_widget_get_sensitive (method->ca_cert_chooser) - && !nma_cert_chooser_validate (NMA_CERT_CHOOSER (method->ca_cert_chooser), error)) - return FALSE; - - if (!nma_cert_chooser_validate (NMA_CERT_CHOOSER (method->client_cert_chooser), error)) - return FALSE; - - return TRUE; -} - -static void -ca_cert_not_required_toggled (GtkWidget *button, gpointer user_data) -{ - EAPMethodTLS *method = (EAPMethodTLS *) user_data; - - gtk_widget_set_sensitive (method->ca_cert_chooser, - !gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button))); -} - -static void -add_to_size_group (EAPMethod *parent, GtkSizeGroup *group) -{ - EAPMethodTLS *method = (EAPMethodTLS *) parent; - GtkWidget *widget; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_domain_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - - nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->client_cert_chooser), group); - nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->ca_cert_chooser), group); -} - -static void -fill_connection (EAPMethod *parent, NMConnection *connection) -{ - EAPMethodTLS *method = (EAPMethodTLS *) parent; - NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; - NMSetting8021x *s_8021x; - NMSettingSecretFlags secret_flags; - GtkWidget *widget; - char *value = NULL; - const char *password = NULL; - GError *error = NULL; - gboolean ca_cert_error = FALSE; - NMSetting8021xCKScheme scheme; - - s_8021x = nm_connection_get_setting_802_1x (connection); - g_assert (s_8021x); - - if (parent->phase2) - g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "tls", NULL); - else - nm_setting_802_1x_add_eap_method (s_8021x, "tls"); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_entry")); - g_assert (widget); - g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_editable_get_text (GTK_EDITABLE (widget)), NULL); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_domain_entry")); - g_assert (widget); - g_object_set (s_8021x, - parent->phase2 ? NM_SETTING_802_1X_PHASE2_DOMAIN_SUFFIX_MATCH : NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH, - gtk_editable_get_text (GTK_EDITABLE (widget)), NULL); - - /* TLS private key */ - password = nma_cert_chooser_get_key_password (NMA_CERT_CHOOSER (method->client_cert_chooser)); - value = nma_cert_chooser_get_key (NMA_CERT_CHOOSER (method->client_cert_chooser), &scheme); - - if (parent->phase2) { - if (!nm_setting_802_1x_set_phase2_private_key (s_8021x, value, password, scheme, &format, &error)) { - g_warning ("Couldn't read phase2 private key '%s': %s", value, error ? error->message : "(unknown)"); - g_clear_error (&error); - } - } else { - if (!nm_setting_802_1x_set_private_key (s_8021x, value, password, scheme, &format, &error)) { - g_warning ("Couldn't read private key '%s': %s", value, error ? error->message : "(unknown)"); - g_clear_error (&error); - } - } - g_free (value); - - /* Save CA certificate PIN and its flags to the connection */ - secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser)); - nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->ca_cert_password_flags_name, - secret_flags, NULL); - if (method->editing_connection) { - /* Update secret flags and popup when editing the connection */ - nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser), - secret_flags, NM_SETTING (s_8021x), - method->ca_cert_password_flags_name); - g_object_set (s_8021x, method->ca_cert_password_flags_name, - nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->ca_cert_chooser)), - NULL); - } - - /* Save user certificate PIN and its flags flags to the connection */ - secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->client_cert_chooser)); - nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->client_cert_password_flags_name, - secret_flags, NULL); - if (method->editing_connection) { - nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->client_cert_chooser), - secret_flags, NM_SETTING (s_8021x), - method->client_cert_password_flags_name); - g_object_set (s_8021x, method->client_cert_password_flags_name, - nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->client_cert_chooser)), - NULL); - } - - /* Save user private key password flags to the connection */ - secret_flags = nma_cert_chooser_get_key_password_flags (NMA_CERT_CHOOSER (method->client_cert_chooser)); - nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->client_key_password_flags_name, - secret_flags, NULL); - if (method->editing_connection) { - nma_cert_chooser_update_key_password_storage (NMA_CERT_CHOOSER (method->client_cert_chooser), - secret_flags, NM_SETTING (s_8021x), - method->client_key_password_flags_name); - } - - /* TLS client certificate */ - if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { - /* If the key is pkcs#12 nm_setting_802_1x_set_private_key() already - * set the client certificate for us. - */ - value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->client_cert_chooser), &scheme); - format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; - if (parent->phase2) { - if (!nm_setting_802_1x_set_phase2_client_cert (s_8021x, value, scheme, &format, &error)) { - g_warning ("Couldn't read phase2 client certificate '%s': %s", value, error ? error->message : "(unknown)"); - g_clear_error (&error); - } - } else { - if (!nm_setting_802_1x_set_client_cert (s_8021x, value, scheme, &format, &error)) { - g_warning ("Couldn't read client certificate '%s': %s", value, error ? error->message : "(unknown)"); - g_clear_error (&error); - } - } - g_free (value); - } - - /* TLS CA certificate */ - if (gtk_widget_get_sensitive (method->ca_cert_chooser)) - value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme); - else - value = NULL; - format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; - if (parent->phase2) { - if (!nm_setting_802_1x_set_phase2_ca_cert (s_8021x, value, scheme, &format, &error)) { - g_warning ("Couldn't read phase2 CA certificate '%s': %s", value, error ? error->message : "(unknown)"); - g_clear_error (&error); - ca_cert_error = TRUE; - } - } else { - if (!nm_setting_802_1x_set_ca_cert (s_8021x, value, scheme, &format, &error)) { - g_warning ("Couldn't read CA certificate '%s': %s", value, error ? error->message : "(unknown)"); - g_clear_error (&error); - ca_cert_error = TRUE; - } - } - eap_method_ca_cert_ignore_set (parent, connection, value, ca_cert_error); - g_free (value); -} - -static GError * -client_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data) -{ - NMSetting8021xCKScheme scheme; - NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; - gs_unref_object NMSetting8021x *setting = NULL; - gs_free char *value = NULL; - GError *local = NULL; - - setting = (NMSetting8021x *) nm_setting_802_1x_new (); - - value = nma_cert_chooser_get_cert (cert_chooser, &scheme); - if (!value) { - return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, - _("no user certificate selected")); - } - if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) { - if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) { - return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, - _("selected user certificate file does not exist")); - } - } - - if (!nm_setting_802_1x_set_client_cert (setting, value, scheme, &format, &local)) - return local; - - return NULL; -} - -static GError * -client_key_validate_cb (NMACertChooser *cert_chooser, gpointer user_data) -{ - NMSetting8021xCKScheme scheme; - gs_free char *value = NULL; - - - value = nma_cert_chooser_get_key (cert_chooser, &scheme); - if (!value) { - return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, - _("no key selected")); - } - if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) { - if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) { - return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, - _("selected key file does not exist")); - } - } - - return NULL; -} - -static GError * -client_key_password_validate_cb (NMACertChooser *cert_chooser, gpointer user_data) -{ - NMSetting8021xCKScheme scheme; - NMSettingSecretFlags secret_flags; - gs_unref_object NMSetting8021x *setting = NULL; - gs_free char *value = NULL; - const char *password = NULL; - GError *local = NULL; - - secret_flags = nma_cert_chooser_get_key_password_flags (cert_chooser); - if ( secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED - || secret_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) - return NULL; - - setting = (NMSetting8021x *) nm_setting_802_1x_new (); - - value = nma_cert_chooser_get_key (cert_chooser, &scheme); - password = nma_cert_chooser_get_key_password (cert_chooser); - if (!nm_setting_802_1x_set_private_key (setting, value, password, scheme, NULL, &local)) - return local; - - return NULL; -} - -static void -client_cert_fixup_pkcs12 (NMACertChooser *cert_chooser, gpointer user_data) -{ - NMSetting8021xCKScheme cert_scheme, key_scheme; - NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; - gs_free char *cert_value = NULL; - gs_free char *key_value = NULL; - gs_unref_object NMSetting8021x *setting = NULL; - - setting = (NMSetting8021x *) nm_setting_802_1x_new (); - - cert_value = nma_cert_chooser_get_cert (cert_chooser, &cert_scheme); - key_value = nma_cert_chooser_get_key (cert_chooser, &key_scheme); - - if ( !cert_value || key_value - || !nm_setting_802_1x_set_client_cert (setting, cert_value, cert_scheme, &format, NULL)) - return; - - if (format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) - nma_cert_chooser_set_key (cert_chooser, cert_value, cert_scheme); -} - -static void -update_secrets (EAPMethod *parent, NMConnection *connection) -{ - EAPMethodTLS *method = (EAPMethodTLS *) parent; - - eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser), - nm_connection_get_setting_802_1x (connection), - NULL, - NULL, - NULL, - parent->phase2 ? nm_setting_802_1x_get_phase2_client_cert_password : nm_setting_802_1x_get_client_cert_password, - parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : nm_setting_802_1x_get_private_key_scheme, - parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_path : nm_setting_802_1x_get_private_key_path, - parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_uri : nm_setting_802_1x_get_private_key_uri, - parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_password : nm_setting_802_1x_get_private_key_password); -} - -EAPMethodTLS * -eap_method_tls_new (WirelessSecurity *ws_parent, - NMConnection *connection, - gboolean phase2, - gboolean secrets_only) -{ - EAPMethodTLS *method; - EAPMethod *parent; - GtkWidget *widget; - NMSetting8021x *s_8021x = NULL; - gboolean ca_not_required = FALSE; - - parent = eap_method_init (sizeof (EAPMethodTLS), - validate, - add_to_size_group, - fill_connection, - update_secrets, - NULL, - "/org/gnome/libnma/eap-method-tls.ui", - "eap_tls_notebook", - "eap_tls_identity_entry", - phase2); - if (!parent) - return NULL; - - method = (EAPMethodTLS *) parent; - method->ca_cert_password_flags_name = phase2 - ? NM_SETTING_802_1X_PHASE2_CA_CERT_PASSWORD - : NM_SETTING_802_1X_CA_CERT_PASSWORD; - method->client_cert_password_flags_name = phase2 - ? NM_SETTING_802_1X_PHASE2_CLIENT_CERT_PASSWORD - : NM_SETTING_802_1X_CLIENT_CERT_PASSWORD; - method->client_key_password_flags_name = phase2 - ? NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD - : NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD; - method->editing_connection = secrets_only ? FALSE : TRUE; - - if (connection) - s_8021x = nm_connection_get_setting_802_1x (connection); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_ca_cert_not_required_checkbox")); - g_assert (widget); - g_signal_connect (G_OBJECT (widget), "toggled", - (GCallback) ca_cert_not_required_toggled, - parent); - g_signal_connect (G_OBJECT (widget), "toggled", - (GCallback) wireless_security_changed_cb, - ws_parent); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_entry")); - g_assert (widget); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - ws_parent); - if (s_8021x && nm_setting_802_1x_get_identity (s_8021x)) - gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_identity (s_8021x)); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_domain_entry")); - g_assert (widget); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - ws_parent); - if (phase2) { - if (s_8021x && nm_setting_802_1x_get_phase2_domain_suffix_match (s_8021x)) - gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_phase2_domain_suffix_match (s_8021x)); - } else { - if (s_8021x && nm_setting_802_1x_get_domain_suffix_match (s_8021x)) - gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_domain_suffix_match (s_8021x)); - } - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_grid")); - g_assert (widget); - - method->ca_cert_chooser = nma_cert_chooser_new ("CA", - NMA_CERT_CHOOSER_FLAG_CERT - | (secrets_only ? NMA_CERT_CHOOSER_FLAG_PASSWORDS : 0)); - gtk_grid_attach (GTK_GRID (widget), method->ca_cert_chooser, 0, 2, 2, 1); - gtk_widget_show (method->ca_cert_chooser); - - g_signal_connect (method->ca_cert_chooser, - "cert-validate", - G_CALLBACK (eap_method_ca_cert_validate_cb), - NULL); - g_signal_connect (method->ca_cert_chooser, - "changed", - G_CALLBACK (wireless_security_changed_cb), - ws_parent); - - eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x, - phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme : nm_setting_802_1x_get_ca_cert_scheme, - phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path : nm_setting_802_1x_get_ca_cert_path, - phase2 ? nm_setting_802_1x_get_phase2_ca_cert_uri : nm_setting_802_1x_get_ca_cert_uri, - phase2 ? nm_setting_802_1x_get_phase2_ca_cert_password : nm_setting_802_1x_get_ca_cert_password, - NULL, - NULL, - NULL, - NULL); - - if (connection && eap_method_ca_cert_ignore_get (parent, connection)) { - gchar *ca_cert; - NMSetting8021xCKScheme scheme; - - ca_cert = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme); - if (ca_cert) - g_free (ca_cert); - else - ca_not_required = TRUE; - } - - if (secrets_only) - ca_not_required = TRUE; - - method->client_cert_chooser = nma_cert_chooser_new ("User", - secrets_only ? NMA_CERT_CHOOSER_FLAG_PASSWORDS : 0); - gtk_grid_attach (GTK_GRID (widget), method->client_cert_chooser, 0, 4, 2, 1); - gtk_widget_show (method->client_cert_chooser); - - g_signal_connect (method->client_cert_chooser, "cert-validate", - G_CALLBACK (client_cert_validate_cb), - NULL); - g_signal_connect (method->client_cert_chooser, - "key-validate", - G_CALLBACK (client_key_validate_cb), - NULL); - g_signal_connect (method->client_cert_chooser, - "key-password-validate", - G_CALLBACK (client_key_password_validate_cb), - NULL); - g_signal_connect (method->client_cert_chooser, - "changed", - G_CALLBACK (client_cert_fixup_pkcs12), - ws_parent); - g_signal_connect (method->client_cert_chooser, - "changed", - G_CALLBACK (wireless_security_changed_cb), - ws_parent); - - eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser), s_8021x, - phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme : nm_setting_802_1x_get_client_cert_scheme, - phase2 ? nm_setting_802_1x_get_phase2_client_cert_path : nm_setting_802_1x_get_client_cert_path, - phase2 ? nm_setting_802_1x_get_phase2_client_cert_uri : nm_setting_802_1x_get_client_cert_uri, - phase2 ? nm_setting_802_1x_get_phase2_client_cert_password : nm_setting_802_1x_get_client_cert_password, - phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : nm_setting_802_1x_get_private_key_scheme, - phase2 ? nm_setting_802_1x_get_phase2_private_key_path : nm_setting_802_1x_get_private_key_path, - phase2 ? nm_setting_802_1x_get_phase2_private_key_uri : nm_setting_802_1x_get_private_key_uri, - phase2 ? nm_setting_802_1x_get_phase2_private_key_password : nm_setting_802_1x_get_private_key_password); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_ca_cert_not_required_checkbox")); - gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), ca_not_required); - - /* Create password-storage popup menus for password entries under their secondary icon */ - nma_cert_chooser_setup_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser), - 0, (NMSetting *) s_8021x, method->ca_cert_password_flags_name, - FALSE, secrets_only); - nma_cert_chooser_setup_cert_password_storage (NMA_CERT_CHOOSER (method->client_cert_chooser), - 0, (NMSetting *) s_8021x, method->client_cert_password_flags_name, - FALSE, secrets_only); - nma_cert_chooser_setup_key_password_storage (NMA_CERT_CHOOSER (method->client_cert_chooser), - 0, (NMSetting *) s_8021x, method->client_key_password_flags_name, - FALSE, secrets_only); - - return method; -} diff --git a/src/wireless-security/eap-method-tls.h b/src/wireless-security/eap-method-tls.h deleted file mode 100644 index 03d3a1fa..00000000 --- a/src/wireless-security/eap-method-tls.h +++ /dev/null @@ -1,22 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * (C) Copyright 2007 - 2010 Red Hat, Inc. - */ - -#ifndef EAP_METHOD_TLS_H -#define EAP_METHOD_TLS_H - -#include "wireless-security.h" - -typedef struct _EAPMethodTLS EAPMethodTLS; - -EAPMethodTLS *eap_method_tls_new (WirelessSecurity *ws_parent, - NMConnection *connection, - gboolean phase2, - gboolean secrets_only); - -#endif /* EAP_METHOD_TLS_H */ - diff --git a/src/wireless-security/eap-method-tls.ui b/src/wireless-security/eap-method-tls.ui deleted file mode 100644 index 0a2a9d34..00000000 --- a/src/wireless-security/eap-method-tls.ui +++ /dev/null @@ -1,106 +0,0 @@ - - - - - - True - False - False - False - - - True - False - 6 - 6 - - - True - False - I_dentity - True - eap_tls_identity_entry - 1 - - - 0 - 0 - - - - - True - True - True - True - - - 1 - 0 - - - - - No CA certificate is _required - True - True - False - start - True - True - True - - - 1 - 3 - - - - - True - False - Suffix of the server certificate name. - _Domain - True - eap_tls_domain_entry - 1 - - - 0 - 1 - - - - - True - True - True - True - - - 1 - 1 - - - - - - - - - - - - - - - - True - False - - - False - - - - diff --git a/src/wireless-security/eap-method-ttls.c b/src/wireless-security/eap-method-ttls.c deleted file mode 100644 index 32e8b319..00000000 --- a/src/wireless-security/eap-method-ttls.c +++ /dev/null @@ -1,522 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2017 Red Hat, Inc. - */ - -#include "nm-default.h" -#include "nma-private.h" - -#include -#include - -#include "eap-method.h" -#include "wireless-security.h" -#include "nma-cert-chooser.h" -#include "utils.h" - -#define I_NAME_COLUMN 0 -#define I_METHOD_COLUMN 1 - -struct _EAPMethodTTLS { - EAPMethod parent; - - const char *password_flags_name; - GtkSizeGroup *size_group; - WirelessSecurity *sec_parent; - gboolean is_editor; - - GtkWidget *ca_cert_chooser; -}; - -static void -destroy (EAPMethod *parent) -{ - EAPMethodTTLS *method = (EAPMethodTTLS *) parent; - - if (method->size_group) - g_object_unref (method->size_group); -} - -static gboolean -validate (EAPMethod *parent, GError **error) -{ - EAPMethodTTLS *method = (EAPMethodTTLS *) parent; - GtkWidget *widget; - GtkTreeModel *model; - GtkTreeIter iter; - EAPMethod *eap = NULL; - gboolean valid = FALSE; - - if ( gtk_widget_get_sensitive (method->ca_cert_chooser) - && !nma_cert_chooser_validate (NMA_CERT_CHOOSER (method->ca_cert_chooser), error)) - return FALSE; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo")); - g_assert (widget); - - model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); - gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); - gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); - g_assert (eap); - valid = eap_method_validate (eap, error); - eap_method_unref (eap); - return valid; -} - -static void -ca_cert_not_required_toggled (GtkWidget *button, gpointer user_data) -{ - EAPMethodTTLS *method = (EAPMethodTTLS *) user_data; - - gtk_widget_set_sensitive (method->ca_cert_chooser, - !gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button))); -} - -static void -add_to_size_group (EAPMethod *parent, GtkSizeGroup *group) -{ - EAPMethodTTLS *method = (EAPMethodTTLS *) parent; - GtkWidget *widget; - GtkTreeModel *model; - GtkTreeIter iter; - EAPMethod *eap; - - if (method->size_group) - g_object_unref (method->size_group); - method->size_group = g_object_ref (group); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - - nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->ca_cert_chooser), group); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo")); - g_assert (widget); - - model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); - gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); - gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); - g_assert (eap); - eap_method_add_to_size_group (eap, group); - eap_method_unref (eap); -} - -static void -fill_connection (EAPMethod *parent, NMConnection *connection) -{ - EAPMethodTTLS *method = (EAPMethodTTLS *) parent; - NMSetting8021x *s_8021x; - NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; - NMSettingSecretFlags secret_flags; - GtkWidget *widget; - const char *text; - char *value = NULL; - EAPMethod *eap = NULL; - GtkTreeModel *model; - GtkTreeIter iter; - GError *error = NULL; - NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN; - gboolean ca_cert_error = FALSE; - - s_8021x = nm_connection_get_setting_802_1x (connection); - g_assert (s_8021x); - - nm_setting_802_1x_add_eap_method (s_8021x, "ttls"); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry")); - g_assert (widget); - text = gtk_editable_get_text (GTK_EDITABLE (widget)); - if (text && strlen (text)) - g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_entry")); - g_assert (widget); - text = gtk_editable_get_text (GTK_EDITABLE (widget)); - if (text && strlen (text)) - g_object_set (s_8021x, NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH, text, NULL); - - /* Save CA certificate PIN and its flags to the connection */ - secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser)); - nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_CA_CERT_PASSWORD, - secret_flags, NULL); - if (method->is_editor) { - /* Update secret flags and popup when editing the connection */ - nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser), - secret_flags, NM_SETTING (s_8021x), - NM_SETTING_802_1X_CA_CERT_PASSWORD); - g_object_set (s_8021x, NM_SETTING_802_1X_CA_CERT_PASSWORD, - nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->ca_cert_chooser)), - NULL); - } - - /* TLS CA certificate */ - if (gtk_widget_get_sensitive (method->ca_cert_chooser)) - value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme); - format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; - if (!nm_setting_802_1x_set_ca_cert (s_8021x, value, scheme, &format, &error)) { - g_warning ("Couldn't read CA certificate '%s': %s", value, error ? error->message : "(unknown)"); - g_clear_error (&error); - ca_cert_error = TRUE; - } - eap_method_ca_cert_ignore_set (parent, connection, value, ca_cert_error); - g_free (value); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo")); - model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); - gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); - gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); - g_assert (eap); - - eap_method_fill_connection (eap, connection); - eap_method_unref (eap); -} - -static void -inner_auth_combo_changed_cb (GtkWidget *combo, gpointer user_data) -{ - EAPMethod *parent = (EAPMethod *) user_data; - EAPMethodTTLS *method = (EAPMethodTTLS *) parent; - GtkWidget *vbox; - EAPMethod *eap = NULL; - GList *elt, *children; - GtkTreeModel *model; - GtkTreeIter iter; - GtkWidget *eap_widget; - - vbox = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_vbox")); - g_assert (vbox); - - /* Remove any previous wireless security widgets */ - children = gtk_container_get_children (GTK_CONTAINER (vbox)); - for (elt = children; elt; elt = g_list_next (elt)) - gtk_container_remove (GTK_CONTAINER (vbox), GTK_WIDGET (elt->data)); - g_list_free (children); - - model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); - gtk_combo_box_get_active_iter (GTK_COMBO_BOX (combo), &iter); - gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); - g_assert (eap); - - eap_widget = eap_method_get_widget (eap); - g_assert (eap_widget); - gtk_widget_unparent (eap_widget); - - if (method->size_group) - eap_method_add_to_size_group (eap, method->size_group); - gtk_container_add (GTK_CONTAINER (vbox), eap_widget); - - eap_method_unref (eap); - - wireless_security_changed_cb (combo, method->sec_parent); -} - -static GtkWidget * -inner_auth_combo_init (EAPMethodTTLS *method, - NMConnection *connection, - NMSetting8021x *s_8021x, - gboolean secrets_only) -{ - EAPMethod *parent = (EAPMethod *) method; - GtkWidget *combo; - GtkListStore *auth_model; - GtkTreeIter iter; - EAPMethodSimple *em_pap; - EAPMethodSimple *em_mschap; - EAPMethodSimple *em_mschap_v2; - EAPMethodSimple *em_plain_mschap_v2; - EAPMethodSimple *em_chap; - EAPMethodSimple *em_md5; - EAPMethodSimple *em_gtc; - guint32 active = 0; - const char *phase2_auth = NULL; - EAPMethodSimpleFlags simple_flags; - - auth_model = gtk_list_store_new (2, G_TYPE_STRING, eap_method_get_type ()); - - if (s_8021x) { - if (nm_setting_802_1x_get_phase2_auth (s_8021x)) - phase2_auth = nm_setting_802_1x_get_phase2_auth (s_8021x); - else if (nm_setting_802_1x_get_phase2_autheap (s_8021x)) - phase2_auth = nm_setting_802_1x_get_phase2_autheap (s_8021x); - } - - simple_flags = EAP_METHOD_SIMPLE_FLAG_PHASE2 | EAP_METHOD_SIMPLE_FLAG_AUTHEAP_ALLOWED; - if (method->is_editor) - simple_flags |= EAP_METHOD_SIMPLE_FLAG_IS_EDITOR; - if (secrets_only) - simple_flags |= EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY; - - em_pap = eap_method_simple_new (method->sec_parent, - connection, - EAP_METHOD_SIMPLE_TYPE_PAP, - simple_flags, - NULL); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - I_NAME_COLUMN, _("PAP"), - I_METHOD_COLUMN, em_pap, - -1); - eap_method_unref (EAP_METHOD (em_pap)); - - /* Check for defaulting to PAP */ - if (phase2_auth && !strcasecmp (phase2_auth, "pap")) - active = 0; - - em_mschap = eap_method_simple_new (method->sec_parent, - connection, - EAP_METHOD_SIMPLE_TYPE_MSCHAP, - simple_flags, - NULL); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - I_NAME_COLUMN, _("MSCHAP"), - I_METHOD_COLUMN, em_mschap, - -1); - eap_method_unref (EAP_METHOD (em_mschap)); - - /* Check for defaulting to MSCHAP */ - if (phase2_auth && !strcasecmp (phase2_auth, "mschap")) - active = 1; - - em_mschap_v2 = eap_method_simple_new (method->sec_parent, - connection, - EAP_METHOD_SIMPLE_TYPE_MSCHAP_V2, - simple_flags, - NULL); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - I_NAME_COLUMN, _("MSCHAPv2"), - I_METHOD_COLUMN, em_mschap_v2, - -1); - eap_method_unref (EAP_METHOD (em_mschap_v2)); - - /* Check for defaulting to MSCHAPv2 */ - if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2") && - nm_setting_802_1x_get_phase2_autheap (s_8021x) != NULL) - active = 2; - - em_plain_mschap_v2 = eap_method_simple_new (method->sec_parent, - connection, - EAP_METHOD_SIMPLE_TYPE_PLAIN_MSCHAP_V2, - simple_flags, - NULL); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - I_NAME_COLUMN, _("MSCHAPv2 (no EAP)"), - I_METHOD_COLUMN, em_plain_mschap_v2, - -1); - eap_method_unref (EAP_METHOD (em_plain_mschap_v2)); - - /* Check for defaulting to plain MSCHAPv2 */ - if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2") && - nm_setting_802_1x_get_phase2_auth (s_8021x) != NULL) - active = 3; - - em_chap = eap_method_simple_new (method->sec_parent, - connection, - EAP_METHOD_SIMPLE_TYPE_CHAP, - simple_flags, - NULL); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - I_NAME_COLUMN, _("CHAP"), - I_METHOD_COLUMN, em_chap, - -1); - eap_method_unref (EAP_METHOD (em_chap)); - - /* Check for defaulting to CHAP */ - if (phase2_auth && !strcasecmp (phase2_auth, "chap")) - active = 4; - - em_md5 = eap_method_simple_new (method->sec_parent, - connection, - EAP_METHOD_SIMPLE_TYPE_MD5, - simple_flags, - NULL); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - I_NAME_COLUMN, _("MD5"), - I_METHOD_COLUMN, em_md5, - -1); - eap_method_unref (EAP_METHOD (em_md5)); - - /* Check for defaulting to MD5 */ - if (phase2_auth && !strcasecmp (phase2_auth, "md5")) - active = 5; - - em_gtc = eap_method_simple_new (method->sec_parent, - connection, - EAP_METHOD_SIMPLE_TYPE_GTC, - simple_flags, - NULL); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - I_NAME_COLUMN, _("GTC"), - I_METHOD_COLUMN, em_gtc, - -1); - eap_method_unref (EAP_METHOD (em_gtc)); - - /* Check for defaulting to GTC */ - if (phase2_auth && !strcasecmp (phase2_auth, "gtc")) - active = 6; - - combo = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo")); - g_assert (combo); - - gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (auth_model)); - g_object_unref (G_OBJECT (auth_model)); - gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active); - - g_signal_connect (G_OBJECT (combo), "changed", - (GCallback) inner_auth_combo_changed_cb, - method); - return combo; -} - -static void -update_secrets (EAPMethod *parent, NMConnection *connection) -{ - eap_method_phase2_update_secrets_helper (parent, - connection, - "eap_ttls_inner_auth_combo", - I_METHOD_COLUMN); -} - -EAPMethodTTLS * -eap_method_ttls_new (WirelessSecurity *ws_parent, - NMConnection *connection, - gboolean is_editor, - gboolean secrets_only) -{ - EAPMethod *parent; - EAPMethodTTLS *method; - GtkWidget *widget; - NMSetting8021x *s_8021x = NULL; - gboolean ca_not_required = FALSE; - - parent = eap_method_init (sizeof (EAPMethodTTLS), - validate, - add_to_size_group, - fill_connection, - update_secrets, - destroy, - "/org/gnome/libnma/eap-method-ttls.ui", - "eap_ttls_notebook", - "eap_ttls_anon_identity_entry", - FALSE); - if (!parent) - return NULL; - - method = (EAPMethodTTLS *) parent; - method->password_flags_name = NM_SETTING_802_1X_PASSWORD; - method->sec_parent = ws_parent; - method->is_editor = is_editor; - - if (connection) - s_8021x = nm_connection_get_setting_802_1x (connection); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_grid")); - g_assert (widget); - - method->ca_cert_chooser = nma_cert_chooser_new ("CA", - NMA_CERT_CHOOSER_FLAG_CERT - | (secrets_only ? NMA_CERT_CHOOSER_FLAG_PASSWORDS : 0)); - gtk_grid_attach (GTK_GRID (widget), method->ca_cert_chooser, 0, 2, 2, 1); - gtk_widget_show (method->ca_cert_chooser); - - g_signal_connect (method->ca_cert_chooser, - "cert-validate", - G_CALLBACK (eap_method_ca_cert_validate_cb), - NULL); - g_signal_connect (method->ca_cert_chooser, - "changed", - G_CALLBACK (wireless_security_changed_cb), - ws_parent); - - eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x, - nm_setting_802_1x_get_ca_cert_scheme, - nm_setting_802_1x_get_ca_cert_path, - nm_setting_802_1x_get_ca_cert_uri, - nm_setting_802_1x_get_ca_cert_password, - NULL, - NULL, - NULL, - NULL); - - if (connection && eap_method_ca_cert_ignore_get (parent, connection)) { - gchar *ca_cert; - NMSetting8021xCKScheme scheme; - - ca_cert = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme); - if (ca_cert) - g_free (ca_cert); - else - ca_not_required = TRUE; - } - - if (secrets_only) - ca_not_required = TRUE; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_not_required_checkbox")); - g_assert (widget); - g_signal_connect (G_OBJECT (widget), "toggled", - (GCallback) ca_cert_not_required_toggled, - parent); - g_signal_connect (G_OBJECT (widget), "toggled", - (GCallback) wireless_security_changed_cb, - ws_parent); - gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), ca_not_required); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry")); - if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x)) - gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x)); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - ws_parent); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_entry")); - if (s_8021x && nm_setting_802_1x_get_domain_suffix_match (s_8021x)) - gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_domain_suffix_match (s_8021x)); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - ws_parent); - - widget = inner_auth_combo_init (method, connection, s_8021x, secrets_only); - inner_auth_combo_changed_cb (widget, (gpointer) method); - - if (secrets_only) { - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_label")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_label")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_entry")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_not_required_checkbox")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo")); - gtk_widget_hide (widget); - } - - nma_cert_chooser_setup_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser), - 0, (NMSetting *) s_8021x, NM_SETTING_802_1X_CA_CERT_PASSWORD, - FALSE, secrets_only); - - return method; -} - diff --git a/src/wireless-security/eap-method-ttls.h b/src/wireless-security/eap-method-ttls.h deleted file mode 100644 index a1899c12..00000000 --- a/src/wireless-security/eap-method-ttls.h +++ /dev/null @@ -1,22 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * (C) Copyright 2007 - 2010 Red Hat, Inc. - */ - -#ifndef EAP_METHOD_TTLS_H -#define EAP_METHOD_TTLS_H - -#include "wireless-security.h" - -typedef struct _EAPMethodTTLS EAPMethodTTLS; - -EAPMethodTTLS *eap_method_ttls_new (WirelessSecurity *ws_parent, - NMConnection *connection, - gboolean is_editor, - gboolean secrets_only); - -#endif /* EAP_METHOD_TLS_H */ - diff --git a/src/wireless-security/eap-method-ttls.ui b/src/wireless-security/eap-method-ttls.ui deleted file mode 100644 index 26f0ca59..00000000 --- a/src/wireless-security/eap-method-ttls.ui +++ /dev/null @@ -1,165 +0,0 @@ - - - - - - - - - - - - - - - - - True - False - False - False - - - True - False - 6 - 6 - - - True - True - True - True - - - 1 - 0 - - - - - vertical - True - False - 6 - - - - - - 0 - 5 - 2 - - - - - True - False - True - model6 - - - - 0 - - - - - 1 - 4 - - - - - True - False - _Inner authentication - True - eap_ttls_inner_auth_combo - 1 - - - 0 - 4 - - - - - No CA certificate is _required - True - True - False - start - True - True - True - - - 1 - 3 - - - - - True - True - True - True - - - 1 - 1 - - - - - True - False - Anony_mous identity - True - eap_ttls_anon_identity_entry - 1 - - - 0 - 0 - - - - - True - False - Suffix of the server certificate name. - _Domain - True - eap_ttls_domain_entry - 1 - - - 0 - 1 - - - - - - - - - - - - - - - - True - False - - - False - - - - diff --git a/src/wireless-security/eap-method.c b/src/wireless-security/eap-method.c deleted file mode 100644 index b7c1a82e..00000000 --- a/src/wireless-security/eap-method.c +++ /dev/null @@ -1,427 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ - -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2014 Red Hat, Inc. - */ - -#include "nm-default.h" - -#include -#include -#include -#include -#include - -#include "eap-method.h" -#include "nm-utils.h" -#include "utils.h" -#include "helpers.h" - -G_DEFINE_BOXED_TYPE (EAPMethod, eap_method, eap_method_ref, eap_method_unref) - -GtkWidget * -eap_method_get_widget (EAPMethod *method) -{ - g_return_val_if_fail (method != NULL, NULL); - - return method->ui_widget; -} - -gboolean -eap_method_validate (EAPMethod *method, GError **error) -{ - gboolean result; - - g_return_val_if_fail (method != NULL, FALSE); - - g_assert (method->validate); - result = (*(method->validate)) (method, error); - if (!result && error && !*error) - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("undefined error in 802.1X security (wpa-eap)")); - return result; -} - -void -eap_method_add_to_size_group (EAPMethod *method, GtkSizeGroup *group) -{ - g_return_if_fail (method != NULL); - g_return_if_fail (group != NULL); - - g_assert (method->add_to_size_group); - return (*(method->add_to_size_group)) (method, group); -} - -void -eap_method_fill_connection (EAPMethod *method, - NMConnection *connection) -{ - g_return_if_fail (method != NULL); - g_return_if_fail (connection != NULL); - - g_assert (method->fill_connection); - return (*(method->fill_connection)) (method, connection); -} - -void -eap_method_update_secrets (EAPMethod *method, NMConnection *connection) -{ - g_return_if_fail (method != NULL); - g_return_if_fail (connection != NULL); - - if (method->update_secrets) - method->update_secrets (method, connection); -} - -void -eap_method_phase2_update_secrets_helper (EAPMethod *method, - NMConnection *connection, - const char *combo_name, - guint32 column) -{ - GtkWidget *combo; - GtkTreeIter iter; - GtkTreeModel *model; - - g_return_if_fail (method != NULL); - g_return_if_fail (connection != NULL); - g_return_if_fail (combo_name != NULL); - - combo = GTK_WIDGET (gtk_builder_get_object (method->builder, combo_name)); - g_assert (combo); - - /* Let each EAP phase2 method try to update its secrets */ - model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); - if (gtk_tree_model_get_iter_first (model, &iter)) { - do { - EAPMethod *eap = NULL; - - gtk_tree_model_get (model, &iter, column, &eap, -1); - if (eap) { - eap_method_update_secrets (eap, connection); - eap_method_unref (eap); - } - } while (gtk_tree_model_iter_next (model, &iter)); - } -} - -EAPMethod * -eap_method_init (gsize obj_size, - EMValidateFunc validate, - EMAddToSizeGroupFunc add_to_size_group, - EMFillConnectionFunc fill_connection, - EMUpdateSecretsFunc update_secrets, - EMDestroyFunc destroy, - const char *ui_resource, - const char *ui_widget_name, - const char *default_field, - gboolean phase2) -{ - EAPMethod *method; - GError *error = NULL; - - g_return_val_if_fail (obj_size > 0, NULL); - g_return_val_if_fail (ui_resource != NULL, NULL); - g_return_val_if_fail (ui_widget_name != NULL, NULL); - - method = g_slice_alloc0 (obj_size); - g_assert (method); - - method->refcount = 1; - method->obj_size = obj_size; - method->validate = validate; - method->add_to_size_group = add_to_size_group; - method->fill_connection = fill_connection; - method->update_secrets = update_secrets; - method->default_field = default_field; - method->phase2 = phase2; - - method->builder = gtk_builder_new (); - if (!gtk_builder_add_from_resource (method->builder, ui_resource, &error)) { - g_warning ("Couldn't load UI builder resource %s: %s", - ui_resource, error->message); - eap_method_unref (method); - return NULL; - } - - method->ui_widget = GTK_WIDGET (gtk_builder_get_object (method->builder, ui_widget_name)); - if (!method->ui_widget) { - g_warning ("Couldn't load UI widget '%s' from UI file %s", - ui_widget_name, ui_resource); - eap_method_unref (method); - return NULL; - } - g_object_ref_sink (method->ui_widget); - - method->destroy = destroy; - - return method; -} - - -EAPMethod * -eap_method_ref (EAPMethod *method) -{ - g_return_val_if_fail (method != NULL, NULL); - g_return_val_if_fail (method->refcount > 0, NULL); - - method->refcount++; - return method; -} - -void -eap_method_unref (EAPMethod *method) -{ - g_return_if_fail (method != NULL); - g_return_if_fail (method->refcount > 0); - - method->refcount--; - if (method->refcount == 0) { - if (method->destroy) - method->destroy (method); - - if (method->builder) - g_object_unref (method->builder); - if (method->ui_widget) - g_object_unref (method->ui_widget); - - g_slice_free1 (method->obj_size, method); - } -} - -/* Used as both GSettings keys and GObject data tags */ -#define IGNORE_CA_CERT_TAG "ignore-ca-cert" -#define IGNORE_PHASE2_CA_CERT_TAG "ignore-phase2-ca-cert" - -/** - * eap_method_ca_cert_ignore_set: - * @method: the #EAPMethod object - * @connection: the #NMConnection - * @filename: the certificate file, if any - * @ca_cert_error: %TRUE if an error was encountered loading the given CA - * certificate, %FALSE if not or if a CA certificate is not present - * - * Updates the connection's CA cert ignore value to %TRUE if the "CA certificate - * not required" checkbox is checked. If @ca_cert_error is %TRUE, then the - * connection's CA cert ignore value will always be set to %FALSE, because it - * means that the user selected an invalid certificate (thus he does not want to - * ignore the CA cert).. - */ -void -eap_method_ca_cert_ignore_set (EAPMethod *method, - NMConnection *connection, - const char *filename, - gboolean ca_cert_error) -{ - NMSetting8021x *s_8021x; - gboolean ignore; - - s_8021x = nm_connection_get_setting_802_1x (connection); - if (s_8021x) { - ignore = !ca_cert_error && filename == NULL; - g_object_set_data (G_OBJECT (s_8021x), - method->phase2 ? IGNORE_PHASE2_CA_CERT_TAG : IGNORE_CA_CERT_TAG, - GUINT_TO_POINTER (ignore)); - } -} - -/** - * eap_method_ca_cert_ignore_get: - * @method: the #EAPMethod object - * @connection: the #NMConnection - * - * Returns: %TRUE if a missing CA certificate can be ignored, %FALSE if a CA - * certificate should be required for the connection to be valid. - */ -gboolean -eap_method_ca_cert_ignore_get (EAPMethod *method, NMConnection *connection) -{ - NMSetting8021x *s_8021x; - - s_8021x = nm_connection_get_setting_802_1x (connection); - if (s_8021x) { - return !!g_object_get_data (G_OBJECT (s_8021x), - method->phase2 ? IGNORE_PHASE2_CA_CERT_TAG : IGNORE_CA_CERT_TAG); - } - return FALSE; -} - -static GSettings * -_get_ca_ignore_settings (NMConnection *connection) -{ - GSettings *settings; - char *path = NULL; - const char *uuid; - - g_return_val_if_fail (connection, NULL); - - uuid = nm_connection_get_uuid (connection); - g_return_val_if_fail (uuid && *uuid, NULL); - - path = g_strdup_printf ("/org/gnome/nm-applet/eap/%s/", uuid); - settings = g_settings_new_with_path ("org.gnome.nm-applet.eap", path); - g_free (path); - - return settings; -} - -/** - * eap_method_ca_cert_ignore_save: - * @connection: the connection for which to save CA cert ignore values to GSettings - * - * Reads the CA cert ignore tags from the 802.1x setting GObject data and saves - * then to GSettings if present, using the connection UUID as the index. - */ -void -eap_method_ca_cert_ignore_save (NMConnection *connection) -{ - NMSetting8021x *s_8021x; - GSettings *settings; - gboolean ignore = FALSE, phase2_ignore = FALSE; - - g_return_if_fail (connection); - - s_8021x = nm_connection_get_setting_802_1x (connection); - if (s_8021x) { - ignore = !!g_object_get_data (G_OBJECT (s_8021x), IGNORE_CA_CERT_TAG); - phase2_ignore = !!g_object_get_data (G_OBJECT (s_8021x), IGNORE_PHASE2_CA_CERT_TAG); - } - - settings = _get_ca_ignore_settings (connection); - if (!settings) - return; - - g_settings_set_boolean (settings, IGNORE_CA_CERT_TAG, ignore); - g_settings_set_boolean (settings, IGNORE_PHASE2_CA_CERT_TAG, phase2_ignore); - g_object_unref (settings); -} - -/** - * eap_method_ca_cert_ignore_load: - * @connection: the connection for which to load CA cert ignore values to GSettings - * - * Reads the CA cert ignore tags from the 802.1x setting GObject data and saves - * then to GSettings if present, using the connection UUID as the index. - */ -void -eap_method_ca_cert_ignore_load (NMConnection *connection) -{ - GSettings *settings; - NMSetting8021x *s_8021x; - gboolean ignore, phase2_ignore; - - g_return_if_fail (connection); - - s_8021x = nm_connection_get_setting_802_1x (connection); - if (!s_8021x) - return; - - settings = _get_ca_ignore_settings (connection); - if (!settings) - return; - - ignore = g_settings_get_boolean (settings, IGNORE_CA_CERT_TAG); - phase2_ignore = g_settings_get_boolean (settings, IGNORE_PHASE2_CA_CERT_TAG); - - g_object_set_data (G_OBJECT (s_8021x), - IGNORE_CA_CERT_TAG, - GUINT_TO_POINTER (ignore)); - g_object_set_data (G_OBJECT (s_8021x), - IGNORE_PHASE2_CA_CERT_TAG, - GUINT_TO_POINTER (phase2_ignore)); - g_object_unref (settings); -} - -GError * -eap_method_ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data) -{ - NMSetting8021xCKScheme scheme; - NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; - gs_unref_object NMSetting8021x *setting = NULL; - gs_free char *value = NULL; - GError *local = NULL; - - setting = (NMSetting8021x *) nm_setting_802_1x_new (); - - value = nma_cert_chooser_get_cert (cert_chooser, &scheme); - if (!value) { - return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, - _("no CA certificate selected")); - } - if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) { - if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) { - return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, - _("selected CA certificate file does not exist")); - } - } - - if (!nm_setting_802_1x_set_ca_cert (setting, value, scheme, &format, &local)) - return local; - - return NULL; -} - -void -eap_method_setup_cert_chooser (NMACertChooser *cert_chooser, - NMSetting8021x *s_8021x, - NMSetting8021xCKScheme (*cert_scheme_func) (NMSetting8021x *setting), - const char *(*cert_path_func) (NMSetting8021x *setting), - const char *(*cert_uri_func) (NMSetting8021x *setting), - const char *(*cert_password_func) (NMSetting8021x *setting), - NMSetting8021xCKScheme (*key_scheme_func) (NMSetting8021x *setting), - const char *(*key_path_func) (NMSetting8021x *setting), - const char *(*key_uri_func) (NMSetting8021x *setting), - const char *(*key_password_func) (NMSetting8021x *setting)) -{ - NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN; - const char *value = NULL; - const char *password = NULL; - - - if (s_8021x && cert_path_func && cert_uri_func && cert_scheme_func) { - scheme = cert_scheme_func (s_8021x); - switch (scheme) { - case NM_SETTING_802_1X_CK_SCHEME_PATH: - value = cert_path_func (s_8021x); - break; - case NM_SETTING_802_1X_CK_SCHEME_PKCS11: - value = cert_uri_func (s_8021x); - password = cert_password_func ? cert_password_func (s_8021x) : NULL; - if (password) - nma_cert_chooser_set_cert_password (cert_chooser, password); - break; - case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN: - /* No CA set. */ - break; - default: - g_warning ("unhandled certificate scheme %d", scheme); - } - - } - nma_cert_chooser_set_cert (cert_chooser, value, scheme); - - if (s_8021x && key_path_func && key_uri_func && key_scheme_func) { - scheme = key_scheme_func (s_8021x); - switch (scheme) { - case NM_SETTING_802_1X_CK_SCHEME_PATH: - value = key_path_func (s_8021x); - break; - case NM_SETTING_802_1X_CK_SCHEME_PKCS11: - value = key_uri_func (s_8021x); - break; - case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN: - /* No certificate set. */ - break; - default: - g_warning ("unhandled key scheme %d", scheme); - } - - nma_cert_chooser_set_key (cert_chooser, value, scheme); - } - - password = s_8021x && key_password_func ? key_password_func (s_8021x) : NULL; - if (password) - nma_cert_chooser_set_key_password (cert_chooser, key_password_func (s_8021x)); -} diff --git a/src/wireless-security/eap-method.h b/src/wireless-security/eap-method.h deleted file mode 100644 index ed9e1ac8..00000000 --- a/src/wireless-security/eap-method.h +++ /dev/null @@ -1,107 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2014 Red Hat, Inc. - */ - -#ifndef EAP_METHOD_H -#define EAP_METHOD_H - -typedef struct _EAPMethod EAPMethod; - -typedef void (*EMAddToSizeGroupFunc) (EAPMethod *method, GtkSizeGroup *group); -typedef void (*EMFillConnectionFunc) (EAPMethod *method, NMConnection *connection); -typedef void (*EMUpdateSecretsFunc) (EAPMethod *method, NMConnection *connection); -typedef void (*EMDestroyFunc) (EAPMethod *method); -typedef gboolean (*EMValidateFunc) (EAPMethod *method, GError **error); - -struct _EAPMethod { - guint32 refcount; - gsize obj_size; - - GtkBuilder *builder; - GtkWidget *ui_widget; - - const char *default_field; - - gboolean phase2; - gboolean secrets_only; - - EMAddToSizeGroupFunc add_to_size_group; - EMFillConnectionFunc fill_connection; - EMUpdateSecretsFunc update_secrets; - EMValidateFunc validate; - EMDestroyFunc destroy; -}; - -#define EAP_METHOD(x) ((EAPMethod *) x) - - -GtkWidget *eap_method_get_widget (EAPMethod *method); - -gboolean eap_method_validate (EAPMethod *method, GError **error); - -void eap_method_add_to_size_group (EAPMethod *method, GtkSizeGroup *group); - -void eap_method_fill_connection (EAPMethod *method, - NMConnection *connection); - -void eap_method_update_secrets (EAPMethod *method, NMConnection *connection); - -EAPMethod *eap_method_ref (EAPMethod *method); - -void eap_method_unref (EAPMethod *method); - -GType eap_method_get_type (void); - -/* Below for internal use only */ - -#include "nma-cert-chooser.h" -#include "eap-method-tls.h" -#include "eap-method-leap.h" -#include "eap-method-fast.h" -#include "eap-method-ttls.h" -#include "eap-method-peap.h" -#include "eap-method-simple.h" - -EAPMethod *eap_method_init (gsize obj_size, - EMValidateFunc validate, - EMAddToSizeGroupFunc add_to_size_group, - EMFillConnectionFunc fill_connection, - EMUpdateSecretsFunc update_secrets, - EMDestroyFunc destroy, - const char *ui_resource, - const char *ui_widget_name, - const char *default_field, - gboolean phase2); - -void eap_method_phase2_update_secrets_helper (EAPMethod *method, - NMConnection *connection, - const char *combo_name, - guint32 column); - -void eap_method_ca_cert_ignore_set (EAPMethod *method, - NMConnection *connection, - const char *filename, - gboolean ca_cert_error); -gboolean eap_method_ca_cert_ignore_get (EAPMethod *method, NMConnection *connection); - -void eap_method_ca_cert_ignore_save (NMConnection *connection); -void eap_method_ca_cert_ignore_load (NMConnection *connection); - -GError *eap_method_ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data); - -void eap_method_setup_cert_chooser (NMACertChooser *cert_chooser, - NMSetting8021x *s_8021x, - NMSetting8021xCKScheme (*cert_scheme_func) (NMSetting8021x *setting), - const char *(*cert_path_func) (NMSetting8021x *setting), - const char *(*cert_uri_func) (NMSetting8021x *setting), - const char *(*cert_password_func) (NMSetting8021x *setting), - NMSetting8021xCKScheme (*key_scheme_func) (NMSetting8021x *setting), - const char *(*key_path_func) (NMSetting8021x *setting), - const char *(*key_uri_func) (NMSetting8021x *setting), - const char *(*key_password_func) (NMSetting8021x *setting)); - -#endif /* EAP_METHOD_H */ diff --git a/src/wireless-security/helpers.c b/src/wireless-security/helpers.c deleted file mode 100644 index 31009cb2..00000000 --- a/src/wireless-security/helpers.c +++ /dev/null @@ -1,39 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2009 - 2014 Red Hat, Inc. - */ - -#include "nm-default.h" -#include "nma-private.h" -#include "helpers.h" - -void -helper_fill_secret_entry (NMConnection *connection, - GtkBuilder *builder, - const char *entry_name, - GType setting_type, - HelperSecretFunc func) -{ - GtkWidget *widget; - NMSetting *setting; - const char *tmp; - - g_return_if_fail (connection != NULL); - g_return_if_fail (builder != NULL); - g_return_if_fail (entry_name != NULL); - g_return_if_fail (func != NULL); - - setting = nm_connection_get_setting (connection, setting_type); - if (setting) { - tmp = (*func) (setting); - if (tmp) { - widget = GTK_WIDGET (gtk_builder_get_object (builder, entry_name)); - g_assert (widget); - gtk_editable_set_text (GTK_EDITABLE (widget), tmp); - } - } -} - diff --git a/src/wireless-security/helpers.h b/src/wireless-security/helpers.h deleted file mode 100644 index 8326cc18..00000000 --- a/src/wireless-security/helpers.h +++ /dev/null @@ -1,21 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2009 - 2014 Red Hat, Inc. - */ - -#ifndef _HELPERS_H_ -#define _HELPERS_H_ - -typedef const char * (*HelperSecretFunc)(NMSetting *); - -void helper_fill_secret_entry (NMConnection *connection, - GtkBuilder *builder, - const char *entry_name, - GType setting_type, - HelperSecretFunc func); - -#endif /* _HELPERS_H_ */ - diff --git a/src/wireless-security/meson.build b/src/wireless-security/meson.build deleted file mode 100644 index 64f126ab..00000000 --- a/src/wireless-security/meson.build +++ /dev/null @@ -1,75 +0,0 @@ -wireless_security_inc = include_directories('.') - -sources = [version_header] + files( - 'eap-method.c', - 'eap-method-fast.c', - 'eap-method-leap.c', - 'eap-method-peap.c', - 'eap-method-simple.c', - 'eap-method-tls.c', - 'eap-method-ttls.c', - 'helpers.c', - 'wireless-security.c', - 'ws-dynamic-wep.c', - 'ws-leap.c', - 'ws-sae.c', - 'ws-wep-key.c', - 'ws-wpa-eap.c', - 'ws-wpa-psk.c' -) - -resource_data = files( - 'eap-method-fast.ui', - 'eap-method-leap.ui', - 'eap-method-peap.ui', - 'eap-method-simple.ui', - 'eap-method-tls.ui', - 'eap-method-ttls.ui', - 'ws-dynamic-wep.ui', - 'ws-leap.ui', - 'ws-sae.ui', - 'ws-wep-key.ui', - 'ws-wpa-eap.ui', - 'ws-wpa-psk.ui' -) - -sources += gnome.compile_resources( - 'ws-resources', - 'ws.gresource.xml', - dependencies: resource_data -) - -incs = [ - top_inc, - shared_inc, - src_inc -] - -deps = [ - gtk_dep, - libnm_dep, - libutils_libnm_dep -] - -libwireless_security_libnm = static_library( - 'wireless-security-libnm', - sources: sources, - include_directories: incs, - dependencies: deps -) - -if enable_libnma_gtk4 - deps = [ - gtk4_dep, - libnm_dep, - libutils_libnm_dep - ] - - libwireless_security_libnma_gtk4 = static_library( - 'wireless-security-libnma-gtk4', - sources: sources, - include_directories: incs, - dependencies: deps, - c_args: cflags - ) -endif diff --git a/src/wireless-security/wireless-security.c b/src/wireless-security/wireless-security.c deleted file mode 100644 index 5fc110f1..00000000 --- a/src/wireless-security/wireless-security.c +++ /dev/null @@ -1,594 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2014 Red Hat, Inc. - */ - -#include "nm-default.h" - -#include - -#include "wireless-security.h" -#include "eap-method.h" -#include "utils.h" - -G_DEFINE_BOXED_TYPE (WirelessSecurity, wireless_security, wireless_security_ref, wireless_security_unref) - -GtkWidget * -wireless_security_get_widget (WirelessSecurity *sec) -{ - g_return_val_if_fail (sec != NULL, NULL); - - return sec->ui_widget; -} - -void -wireless_security_set_changed_notify (WirelessSecurity *sec, - WSChangedFunc func, - gpointer user_data) -{ - g_return_if_fail (sec != NULL); - - sec->changed_notify = func; - sec->changed_notify_data = user_data; -} - -void -wireless_security_changed_cb (GtkWidget *ignored, gpointer user_data) -{ - WirelessSecurity *sec = WIRELESS_SECURITY (user_data); - - if (sec->changed_notify) - (*(sec->changed_notify)) (sec, sec->changed_notify_data); -} - -gboolean -wireless_security_validate (WirelessSecurity *sec, GError **error) -{ - gboolean result; - - g_return_val_if_fail (sec != NULL, FALSE); - g_return_val_if_fail (!error || !*error, FALSE); - - g_assert (sec->validate); - result = (*(sec->validate)) (sec, error); - if (!result && error && !*error) - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("Unknown error validating 802.1X security")); - return result; -} - -void -wireless_security_add_to_size_group (WirelessSecurity *sec, GtkSizeGroup *group) -{ - g_return_if_fail (sec != NULL); - g_return_if_fail (group != NULL); - - g_assert (sec->add_to_size_group); - return (*(sec->add_to_size_group)) (sec, group); -} - -void -wireless_security_fill_connection (WirelessSecurity *sec, - NMConnection *connection) -{ - g_return_if_fail (sec != NULL); - g_return_if_fail (connection != NULL); - - g_assert (sec->fill_connection); - return (*(sec->fill_connection)) (sec, connection); -} - -void -wireless_security_update_secrets (WirelessSecurity *sec, NMConnection *connection) -{ - g_return_if_fail (sec != NULL); - g_return_if_fail (connection != NULL); - - if (sec->update_secrets) - sec->update_secrets (sec, connection); -} - -WirelessSecurity * -wireless_security_ref (WirelessSecurity *sec) -{ - g_return_val_if_fail (sec != NULL, NULL); - g_return_val_if_fail (sec->refcount > 0, NULL); - - sec->refcount++; - return sec; -} - -void -wireless_security_unref (WirelessSecurity *sec) -{ - g_return_if_fail (sec != NULL); - g_return_if_fail (sec->refcount > 0); - - sec->refcount--; - if (sec->refcount == 0) { - if (sec->destroy) - sec->destroy (sec); - - g_free (sec->username); - if (sec->password) { - memset (sec->password, 0, strlen (sec->password)); - g_free (sec->password); - } - - if (sec->builder) - g_object_unref (sec->builder); - if (sec->ui_widget) - g_object_unref (sec->ui_widget); - g_slice_free1 (sec->obj_size, sec); - } -} - -WirelessSecurity * -wireless_security_init (gsize obj_size, - WSValidateFunc validate, - WSAddToSizeGroupFunc add_to_size_group, - WSFillConnectionFunc fill_connection, - WSUpdateSecretsFunc update_secrets, - WSDestroyFunc destroy, - const char *ui_resource, - const char *ui_widget_name, - const char *default_field) -{ - WirelessSecurity *sec; - GError *error = NULL; - - g_return_val_if_fail (obj_size > 0, NULL); - g_return_val_if_fail (ui_resource != NULL, NULL); - g_return_val_if_fail (ui_widget_name != NULL, NULL); - - sec = g_slice_alloc0 (obj_size); - g_assert (sec); - - sec->refcount = 1; - sec->obj_size = obj_size; - - sec->validate = validate; - sec->add_to_size_group = add_to_size_group; - sec->fill_connection = fill_connection; - sec->update_secrets = update_secrets; - sec->default_field = default_field; - - sec->builder = gtk_builder_new (); - if (!gtk_builder_add_from_resource (sec->builder, ui_resource, &error)) { - g_warning ("Couldn't load UI builder resource %s: %s", - ui_resource, error->message); - g_error_free (error); - wireless_security_unref (sec); - return NULL; - } - - sec->ui_widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, ui_widget_name)); - if (!sec->ui_widget) { - g_warning ("Couldn't load UI widget '%s' from UI file %s", - ui_widget_name, ui_resource); - wireless_security_unref (sec); - return NULL; - } - g_object_ref_sink (sec->ui_widget); - - sec->destroy = destroy; - sec->adhoc_compatible = TRUE; - sec->hotspot_compatible = TRUE; - - return sec; -} - -gboolean -wireless_security_adhoc_compatible (WirelessSecurity *sec) -{ - g_return_val_if_fail (sec != NULL, FALSE); - - return sec->adhoc_compatible; -} - -gboolean -wireless_security_hotspot_compatible (WirelessSecurity *sec) -{ - g_return_val_if_fail (sec != NULL, FALSE); - - return sec->hotspot_compatible; -} - -void -wireless_security_set_userpass (WirelessSecurity *sec, - const char *user, - const char *password, - gboolean always_ask, - gboolean show_password) -{ - g_free (sec->username); - sec->username = g_strdup (user); - - if (sec->password) { - memset (sec->password, 0, strlen (sec->password)); - g_free (sec->password); - } - sec->password = g_strdup (password); - - if (always_ask != (gboolean) -1) - sec->always_ask = always_ask; - sec->show_password = show_password; -} - -void -wireless_security_set_userpass_802_1x (WirelessSecurity *sec, - NMConnection *connection) -{ - const char *user = NULL, *password = NULL; - gboolean always_ask = FALSE, show_password = FALSE; - NMSetting8021x *setting; - NMSettingSecretFlags flags; - - if (!connection) - goto set; - - setting = nm_connection_get_setting_802_1x (connection); - if (!setting) - goto set; - - user = nm_setting_802_1x_get_identity (setting); - password = nm_setting_802_1x_get_password (setting); - - if (nm_setting_get_secret_flags (NM_SETTING (setting), NM_SETTING_802_1X_PASSWORD, &flags, NULL)) - always_ask = !!(flags & NM_SETTING_SECRET_FLAG_NOT_SAVED); - -set: - wireless_security_set_userpass (sec, user, password, always_ask, show_password); -} - -void -wireless_security_clear_ciphers (NMConnection *connection) -{ - NMSettingWirelessSecurity *s_wireless_sec; - - g_return_if_fail (connection != NULL); - - s_wireless_sec = nm_connection_get_setting_wireless_security (connection); - g_assert (s_wireless_sec); - - nm_setting_wireless_security_clear_protos (s_wireless_sec); - nm_setting_wireless_security_clear_pairwise (s_wireless_sec); - nm_setting_wireless_security_clear_groups (s_wireless_sec); -} - -void -ws_802_1x_add_to_size_group (WirelessSecurity *sec, - GtkSizeGroup *size_group, - const char *label_name, - const char *combo_name) -{ - GtkWidget *widget; - GtkTreeModel *model; - GtkTreeIter iter; - EAPMethod *eap; - - widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, label_name)); - g_assert (widget); - gtk_size_group_add_widget (size_group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, combo_name)); - g_assert (widget); - - model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); - gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); - gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1); - g_assert (eap); - eap_method_add_to_size_group (eap, size_group); - eap_method_unref (eap); -} - -gboolean -ws_802_1x_validate (WirelessSecurity *sec, const char *combo_name, GError **error) -{ - GtkWidget *widget; - GtkTreeModel *model; - GtkTreeIter iter; - EAPMethod *eap = NULL; - gboolean valid = FALSE; - - widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, combo_name)); - g_assert (widget); - - model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); - gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); - gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1); - g_assert (eap); - valid = eap_method_validate (eap, error); - eap_method_unref (eap); - return valid; -} - -void -ws_802_1x_auth_combo_changed (GtkWidget *combo, - WirelessSecurity *sec, - const char *vbox_name, - GtkSizeGroup *size_group) -{ - GtkWidget *vbox; - EAPMethod *eap = NULL; - GList *elt, *children; - GtkTreeModel *model; - GtkTreeIter iter; - GtkWidget *eap_widget; - GtkWidget *eap_default_widget = NULL; - - vbox = GTK_WIDGET (gtk_builder_get_object (sec->builder, vbox_name)); - g_assert (vbox); - - /* Remove any previous wireless security widgets */ - children = gtk_container_get_children (GTK_CONTAINER (vbox)); - for (elt = children; elt; elt = g_list_next (elt)) - gtk_container_remove (GTK_CONTAINER (vbox), GTK_WIDGET (elt->data)); - - model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); - gtk_combo_box_get_active_iter (GTK_COMBO_BOX (combo), &iter); - gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1); - g_assert (eap); - - eap_widget = eap_method_get_widget (eap); - g_assert (eap_widget); - gtk_widget_unparent (eap_widget); - - if (size_group) - eap_method_add_to_size_group (eap, size_group); - gtk_container_add (GTK_CONTAINER (vbox), eap_widget); - - /* Refocus the EAP method's default widget */ - if (eap->default_field) { - eap_default_widget = GTK_WIDGET (gtk_builder_get_object (eap->builder, eap->default_field)); - if (eap_default_widget) - gtk_widget_grab_focus (eap_default_widget); - } - - eap_method_unref (eap); - - wireless_security_changed_cb (combo, WIRELESS_SECURITY (sec)); -} - -GtkWidget * -ws_802_1x_auth_combo_init (WirelessSecurity *sec, - const char *combo_name, - const char *combo_label, - GCallback auth_combo_changed_cb, - NMConnection *connection, - gboolean is_editor, - gboolean secrets_only, - const char *const*secrets_hints) -{ - GtkWidget *combo, *widget; - GtkListStore *auth_model; - GtkTreeIter iter; - EAPMethodSimple *em_md5; - EAPMethodTLS *em_tls; - EAPMethodLEAP *em_leap; - EAPMethodSimple *em_pwd; - EAPMethodFAST *em_fast; - EAPMethodTTLS *em_ttls; - EAPMethodPEAP *em_peap; - const char *default_method = NULL, *ctype = NULL; - int active = -1, item = 0; - gboolean wired = FALSE; - EAPMethodSimpleFlags simple_flags = EAP_METHOD_SIMPLE_FLAG_NONE; - - /* Grab the default EAP method out of the security object */ - if (connection) { - NMSettingConnection *s_con; - NMSetting8021x *s_8021x; - - s_con = nm_connection_get_setting_connection (connection); - if (s_con) - ctype = nm_setting_connection_get_connection_type (s_con); - if ( (g_strcmp0 (ctype, NM_SETTING_WIRED_SETTING_NAME) == 0) - || nm_connection_get_setting_wired (connection)) - wired = TRUE; - - s_8021x = nm_connection_get_setting_802_1x (connection); - if (s_8021x && nm_setting_802_1x_get_num_eap_methods (s_8021x)) - default_method = nm_setting_802_1x_get_eap_method (s_8021x, 0); - } - - /* initialize WirelessSecurity userpass from connection (clear if no connection) */ - wireless_security_set_userpass_802_1x (sec, connection); - - auth_model = gtk_list_store_new (2, G_TYPE_STRING, eap_method_get_type ()); - - if (is_editor) - simple_flags |= EAP_METHOD_SIMPLE_FLAG_IS_EDITOR; - if (secrets_only) - simple_flags |= EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY; - - if (wired) { - em_md5 = eap_method_simple_new (sec, connection, EAP_METHOD_SIMPLE_TYPE_MD5, simple_flags, NULL); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - AUTH_NAME_COLUMN, _("MD5"), - AUTH_METHOD_COLUMN, em_md5, - -1); - eap_method_unref (EAP_METHOD (em_md5)); - if (default_method && (active < 0) && !strcmp (default_method, "md5")) - active = item; - item++; - } - - em_tls = eap_method_tls_new (sec, connection, FALSE, secrets_only); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - AUTH_NAME_COLUMN, _("TLS"), - AUTH_METHOD_COLUMN, em_tls, - -1); - eap_method_unref (EAP_METHOD (em_tls)); - if (default_method && (active < 0) && !strcmp (default_method, "tls")) - active = item; - item++; - - if (!wired) { - em_leap = eap_method_leap_new (sec, connection, secrets_only); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - AUTH_NAME_COLUMN, _("LEAP"), - AUTH_METHOD_COLUMN, em_leap, - -1); - eap_method_unref (EAP_METHOD (em_leap)); - if (default_method && (active < 0) && !strcmp (default_method, "leap")) - active = item; - item++; - } - - em_pwd = eap_method_simple_new (sec, connection, EAP_METHOD_SIMPLE_TYPE_PWD, simple_flags, NULL); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - AUTH_NAME_COLUMN, _("PWD"), - AUTH_METHOD_COLUMN, em_pwd, - -1); - eap_method_unref (EAP_METHOD (em_pwd)); - if (default_method && (active < 0) && !strcmp (default_method, "pwd")) - active = item; - item++; - - em_fast = eap_method_fast_new (sec, connection, is_editor, secrets_only); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - AUTH_NAME_COLUMN, _("FAST"), - AUTH_METHOD_COLUMN, em_fast, - -1); - eap_method_unref (EAP_METHOD (em_fast)); - if (default_method && (active < 0) && !strcmp (default_method, "fast")) - active = item; - item++; - - em_ttls = eap_method_ttls_new (sec, connection, is_editor, secrets_only); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - AUTH_NAME_COLUMN, _("Tunneled TLS"), - AUTH_METHOD_COLUMN, em_ttls, - -1); - eap_method_unref (EAP_METHOD (em_ttls)); - if (default_method && (active < 0) && !strcmp (default_method, "ttls")) - active = item; - item++; - - em_peap = eap_method_peap_new (sec, connection, is_editor, secrets_only); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - AUTH_NAME_COLUMN, _("Protected EAP (PEAP)"), - AUTH_METHOD_COLUMN, em_peap, - -1); - eap_method_unref (EAP_METHOD (em_peap)); - if (default_method && (active < 0) && !strcmp (default_method, "peap")) - active = item; - item++; - - if (secrets_hints && secrets_hints[0]) { - EAPMethodSimple *em_hints; - - em_hints = eap_method_simple_new (sec, connection, EAP_METHOD_SIMPLE_TYPE_UNKNOWN, - simple_flags, secrets_hints); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - AUTH_NAME_COLUMN, _("Unknown"), - AUTH_METHOD_COLUMN, em_hints, - -1); - eap_method_unref (EAP_METHOD (em_hints)); - active = item; - item++; - } else if (default_method && !strcmp (default_method, "external")) { - EAPMethodSimple *em_extern; - const char *empty_hints[] = { NULL }; - - em_extern = eap_method_simple_new (sec, connection, EAP_METHOD_SIMPLE_TYPE_UNKNOWN, - simple_flags, empty_hints); - gtk_list_store_append (auth_model, &iter); - gtk_list_store_set (auth_model, &iter, - AUTH_NAME_COLUMN, _("Externally configured"), - AUTH_METHOD_COLUMN, em_extern, - -1); - eap_method_unref (EAP_METHOD (em_extern)); - active = item; - item++; - } - - combo = GTK_WIDGET (gtk_builder_get_object (sec->builder, combo_name)); - g_assert (combo); - - gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (auth_model)); - g_object_unref (G_OBJECT (auth_model)); - gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active < 0 ? 0 : (guint32) active); - - g_signal_connect (G_OBJECT (combo), "changed", auth_combo_changed_cb, sec); - - if (secrets_only) { - gtk_widget_hide (combo); - widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, combo_label)); - gtk_widget_hide (widget); - } - - return combo; -} - -void -ws_802_1x_fill_connection (WirelessSecurity *sec, - const char *combo_name, - NMConnection *connection) -{ - GtkWidget *widget; - NMSettingWirelessSecurity *s_wireless_sec; - NMSetting8021x *s_8021x; - EAPMethod *eap = NULL; - GtkTreeModel *model; - GtkTreeIter iter; - - /* Get the EAPMethod object */ - widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, combo_name)); - model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); - gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); - gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1); - g_assert (eap); - - /* Blow away the old wireless security setting by adding a clear one */ - s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); - nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec); - - /* Blow away the old 802.1x setting by adding a clear one */ - s_8021x = (NMSetting8021x *) nm_setting_802_1x_new (); - nm_connection_add_setting (connection, (NMSetting *) s_8021x); - - eap_method_fill_connection (eap, connection); - eap_method_unref (eap); -} - -void -ws_802_1x_update_secrets (WirelessSecurity *sec, - const char *combo_name, - NMConnection *connection) -{ - GtkWidget *widget; - EAPMethod *eap = NULL; - GtkTreeModel *model; - GtkTreeIter iter; - - g_return_if_fail (sec != NULL); - g_return_if_fail (combo_name != NULL); - g_return_if_fail (connection != NULL); - - widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, combo_name)); - g_return_if_fail (widget != NULL); - model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); - - /* Let each EAP method try to update its secrets */ - if (gtk_tree_model_get_iter_first (model, &iter)) { - do { - gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1); - if (eap) { - eap_method_update_secrets (eap, connection); - eap_method_unref (eap); - } - } while (gtk_tree_model_iter_next (model, &iter)); - } -} diff --git a/src/wireless-security/wireless-security.h b/src/wireless-security/wireless-security.h deleted file mode 100644 index 49289812..00000000 --- a/src/wireless-security/wireless-security.h +++ /dev/null @@ -1,137 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2014 Red Hat, Inc. - */ - -#ifndef WIRELESS_SECURITY_H -#define WIRELESS_SECURITY_H - -typedef struct _WirelessSecurity WirelessSecurity; -GType wireless_security_get_type (void); - -#define WIRELESS_TYPE_SECURITY (wireless_security_get_type ()) -#define WIRELESS_SECURITY(x) ((WirelessSecurity *) x) - -typedef void (*WSChangedFunc) (WirelessSecurity *sec, gpointer user_data); - -typedef void (*WSAddToSizeGroupFunc) (WirelessSecurity *sec, GtkSizeGroup *group); -typedef void (*WSFillConnectionFunc) (WirelessSecurity *sec, NMConnection *connection); -typedef void (*WSUpdateSecretsFunc) (WirelessSecurity *sec, NMConnection *connection); -typedef void (*WSDestroyFunc) (WirelessSecurity *sec); -typedef gboolean (*WSValidateFunc) (WirelessSecurity *sec, GError **error); -typedef GtkWidget * (*WSNagUserFunc) (WirelessSecurity *sec); - -struct _WirelessSecurity { - guint32 refcount; - gsize obj_size; - GtkBuilder *builder; - GtkWidget *ui_widget; - WSChangedFunc changed_notify; - gpointer changed_notify_data; - const char *default_field; - gboolean adhoc_compatible; - gboolean hotspot_compatible; - - char *username, *password; - gboolean always_ask, show_password; - - WSAddToSizeGroupFunc add_to_size_group; - WSFillConnectionFunc fill_connection; - WSUpdateSecretsFunc update_secrets; - WSValidateFunc validate; - WSDestroyFunc destroy; -}; - -GtkWidget *wireless_security_get_widget (WirelessSecurity *sec); - -void wireless_security_set_changed_notify (WirelessSecurity *sec, - WSChangedFunc func, - gpointer user_data); - -gboolean wireless_security_validate (WirelessSecurity *sec, GError **error); - -void wireless_security_add_to_size_group (WirelessSecurity *sec, - GtkSizeGroup *group); - -void wireless_security_fill_connection (WirelessSecurity *sec, - NMConnection *connection); - -void wireless_security_update_secrets (WirelessSecurity *sec, - NMConnection *connection); - -gboolean wireless_security_adhoc_compatible (WirelessSecurity *sec); - -gboolean wireless_security_hotspot_compatible (WirelessSecurity *sec); - -void wireless_security_set_userpass (WirelessSecurity *sec, - const char *user, - const char *password, - gboolean always_ask, - gboolean show_password); -void wireless_security_set_userpass_802_1x (WirelessSecurity *sec, - NMConnection *connection); - -WirelessSecurity *wireless_security_ref (WirelessSecurity *sec); - -void wireless_security_unref (WirelessSecurity *sec); - -/* Below for internal use only */ - -#include "ws-sae.h" -#include "ws-wep-key.h" -#include "ws-wpa-psk.h" -#include "ws-leap.h" -#include "ws-wpa-eap.h" -#include "ws-dynamic-wep.h" - -WirelessSecurity *wireless_security_init (gsize obj_size, - WSValidateFunc validate, - WSAddToSizeGroupFunc add_to_size_group, - WSFillConnectionFunc fill_connection, - WSUpdateSecretsFunc update_secrets, - WSDestroyFunc destroy, - const char *ui_resource, - const char *ui_widget_name, - const char *default_field); - -void wireless_security_changed_cb (GtkWidget *entry, gpointer user_data); - -void wireless_security_clear_ciphers (NMConnection *connection); - -#define AUTH_NAME_COLUMN 0 -#define AUTH_METHOD_COLUMN 1 - -GtkWidget *ws_802_1x_auth_combo_init (WirelessSecurity *sec, - const char *combo_name, - const char *combo_label, - GCallback auth_combo_changed_cb, - NMConnection *connection, - gboolean is_editor, - gboolean secrets_only, - const char *const*secrets_hints); - -void ws_802_1x_auth_combo_changed (GtkWidget *combo, - WirelessSecurity *sec, - const char *vbox_name, - GtkSizeGroup *size_group); - -gboolean ws_802_1x_validate (WirelessSecurity *sec, const char *combo_name, GError **error); - -void ws_802_1x_add_to_size_group (WirelessSecurity *sec, - GtkSizeGroup *size_group, - const char *label_name, - const char *combo_name); - -void ws_802_1x_fill_connection (WirelessSecurity *sec, - const char *combo_name, - NMConnection *connection); - -void ws_802_1x_update_secrets (WirelessSecurity *sec, - const char *combo_name, - NMConnection *connection); - -#endif /* WIRELESS_SECURITY_H */ - diff --git a/src/wireless-security/ws-dynamic-wep.c b/src/wireless-security/ws-dynamic-wep.c deleted file mode 100644 index 7375fecb..00000000 --- a/src/wireless-security/ws-dynamic-wep.c +++ /dev/null @@ -1,119 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2014 Red Hat, Inc. - */ - -#include "nm-default.h" - -#include -#include - -#include "wireless-security.h" -#include "eap-method.h" - -struct _WirelessSecurityDynamicWEP { - WirelessSecurity parent; - - GtkSizeGroup *size_group; -}; - -static void -destroy (WirelessSecurity *parent) -{ - WirelessSecurityDynamicWEP *sec = (WirelessSecurityDynamicWEP *) parent; - - if (sec->size_group) - g_object_unref (sec->size_group); -} - -static gboolean -validate (WirelessSecurity *parent, GError **error) -{ - return ws_802_1x_validate (parent, "dynamic_wep_auth_combo", error); -} - -static void -add_to_size_group (WirelessSecurity *parent, GtkSizeGroup *group) -{ - WirelessSecurityDynamicWEP *sec = (WirelessSecurityDynamicWEP *) parent; - - if (sec->size_group) - g_object_unref (sec->size_group); - sec->size_group = g_object_ref (group); - - ws_802_1x_add_to_size_group (parent, - sec->size_group, - "dynamic_wep_auth_label", - "dynamic_wep_auth_combo"); -} - -static void -fill_connection (WirelessSecurity *parent, NMConnection *connection) -{ - NMSettingWirelessSecurity *s_wireless_sec; - - ws_802_1x_fill_connection (parent, "dynamic_wep_auth_combo", connection); - - s_wireless_sec = nm_connection_get_setting_wireless_security (connection); - g_assert (s_wireless_sec); - - g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "ieee8021x", NULL); -} - -static void -auth_combo_changed_cb (GtkWidget *combo, gpointer user_data) -{ - WirelessSecurity *parent = WIRELESS_SECURITY (user_data); - WirelessSecurityDynamicWEP *sec = (WirelessSecurityDynamicWEP *) parent; - - ws_802_1x_auth_combo_changed (combo, - parent, - "dynamic_wep_method_vbox", - sec->size_group); -} - -static void -update_secrets (WirelessSecurity *parent, NMConnection *connection) -{ - ws_802_1x_update_secrets (parent, "dynamic_wep_auth_combo", connection); -} - -WirelessSecurityDynamicWEP * -ws_dynamic_wep_new (NMConnection *connection, - gboolean is_editor, - gboolean secrets_only) -{ - WirelessSecurity *parent; - GtkWidget *widget; - - parent = wireless_security_init (sizeof (WirelessSecurityDynamicWEP), - validate, - add_to_size_group, - fill_connection, - update_secrets, - destroy, - "/org/gnome/libnma/ws-dynamic-wep.ui", - "dynamic_wep_notebook", - NULL); - if (!parent) - return NULL; - - parent->adhoc_compatible = FALSE; - parent->hotspot_compatible = FALSE; - - widget = ws_802_1x_auth_combo_init (parent, - "dynamic_wep_auth_combo", - "dynamic_wep_auth_label", - (GCallback) auth_combo_changed_cb, - connection, - is_editor, - secrets_only, - NULL); - auth_combo_changed_cb (widget, (gpointer) parent); - - return (WirelessSecurityDynamicWEP *) parent; -} - diff --git a/src/wireless-security/ws-dynamic-wep.h b/src/wireless-security/ws-dynamic-wep.h deleted file mode 100644 index 9bac4ad9..00000000 --- a/src/wireless-security/ws-dynamic-wep.h +++ /dev/null @@ -1,18 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2014 Red Hat, Inc. - */ - -#ifndef WS_DYNAMIC_WEP_H -#define WS_DYNAMIC_WEP_H - -typedef struct _WirelessSecurityDynamicWEP WirelessSecurityDynamicWEP; - -WirelessSecurityDynamicWEP *ws_dynamic_wep_new (NMConnection *connection, - gboolean is_editor, - gboolean secrets_only); - -#endif /* WS_DYNAMIC_WEP_H */ diff --git a/src/wireless-security/ws-dynamic-wep.ui b/src/wireless-security/ws-dynamic-wep.ui deleted file mode 100644 index 9a39aa0d..00000000 --- a/src/wireless-security/ws-dynamic-wep.ui +++ /dev/null @@ -1,87 +0,0 @@ - - - - - - - - - - - - - - - - - True - False - False - False - - - True - False - 6 - 6 - - - True - False - Au_thentication - True - dynamic_wep_auth_combo - 1 - - - 0 - 0 - - - - - True - False - True - model7 - - - - 0 - - - - - 1 - 0 - - - - - vertical - True - False - 6 - - - - - - 0 - 1 - 2 - - - - - - - True - False - - - False - - - - diff --git a/src/wireless-security/ws-leap.c b/src/wireless-security/ws-leap.c deleted file mode 100644 index 2da71115..00000000 --- a/src/wireless-security/ws-leap.c +++ /dev/null @@ -1,207 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2014 Red Hat, Inc. - */ - -#include "nm-default.h" -#include "nma-private.h" - -#include - -#include "wireless-security.h" -#include "helpers.h" -#include "nma-ui-utils.h" -#include "utils.h" - -struct _WirelessSecurityLEAP { - WirelessSecurity parent; - gboolean editing_connection; - const char *password_flags_name; -}; - -static void -show_toggled_cb (GtkCheckButton *button, WirelessSecurity *sec) -{ - GtkWidget *widget; - gboolean visible; - - widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, "leap_password_entry")); - g_assert (widget); - - visible = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button)); - gtk_entry_set_visibility (GTK_ENTRY (widget), visible); -} - -static gboolean -validate (WirelessSecurity *parent, GError **error) -{ - GtkWidget *entry; - NMSettingSecretFlags secret_flags; - const char *text; - gboolean ret = TRUE; - - entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, "leap_username_entry")); - g_assert (entry); - text = gtk_editable_get_text (GTK_EDITABLE (entry)); - if (!text || !strlen (text)) { - widget_set_error (entry); - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing leap-username")); - ret = FALSE; - } else - widget_unset_error (entry); - - entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, "leap_password_entry")); - g_assert (entry); - - secret_flags = nma_utils_menu_to_secret_flags (entry); - text = gtk_editable_get_text (GTK_EDITABLE (entry)); - - if ( secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED - || secret_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED - || (text && strlen (text))) { - widget_unset_error (entry); - } else { - widget_set_error (entry); - if (ret) { - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing leap-password")); - ret = FALSE; - } - } - - return ret; -} - -static void -add_to_size_group (WirelessSecurity *parent, GtkSizeGroup *group) -{ - GtkWidget *widget; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "leap_username_label")); - gtk_size_group_add_widget (group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "leap_password_label")); - gtk_size_group_add_widget (group, widget); -} - -static void -fill_connection (WirelessSecurity *parent, NMConnection *connection) -{ - WirelessSecurityLEAP *sec = (WirelessSecurityLEAP *) parent; - NMSettingWirelessSecurity *s_wireless_sec; - NMSettingSecretFlags secret_flags; - GtkWidget *widget, *passwd_entry; - const char *leap_password = NULL, *leap_username = NULL; - - /* Blow away the old security setting by adding a clear one */ - s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); - nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "leap_username_entry")); - leap_username = gtk_editable_get_text (GTK_EDITABLE (widget)); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "leap_password_entry")); - passwd_entry = widget; - leap_password = gtk_editable_get_text (GTK_EDITABLE (widget)); - - g_object_set (s_wireless_sec, - NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "ieee8021x", - NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "leap", - NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME, leap_username, - NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD, leap_password, - NULL); - - /* Save LEAP_PASSWORD_FLAGS to the connection */ - secret_flags = nma_utils_menu_to_secret_flags (passwd_entry); - nm_setting_set_secret_flags (NM_SETTING (s_wireless_sec), sec->password_flags_name, - secret_flags, NULL); - - /* Update secret flags and popup when editing the connection */ - if (sec->editing_connection) - nma_utils_update_password_storage (passwd_entry, secret_flags, - NM_SETTING (s_wireless_sec), sec->password_flags_name); -} - -static void -update_secrets (WirelessSecurity *parent, NMConnection *connection) -{ - helper_fill_secret_entry (connection, - parent->builder, - "leap_password_entry", - NM_TYPE_SETTING_WIRELESS_SECURITY, - (HelperSecretFunc) nm_setting_wireless_security_get_leap_password); -} - -WirelessSecurityLEAP * -ws_leap_new (NMConnection *connection, gboolean secrets_only) -{ - WirelessSecurity *parent; - WirelessSecurityLEAP *sec; - GtkWidget *widget; - NMSettingWirelessSecurity *wsec = NULL; - - parent = wireless_security_init (sizeof (WirelessSecurityLEAP), - validate, - add_to_size_group, - fill_connection, - update_secrets, - NULL, - "/org/gnome/libnma/ws-leap.ui", - "leap_notebook", - "leap_username_entry"); - if (!parent) - return NULL; - - if (connection) { - wsec = nm_connection_get_setting_wireless_security (connection); - if (wsec) { - const char *auth_alg; - - /* Ignore if wireless security doesn't specify LEAP */ - auth_alg = nm_setting_wireless_security_get_auth_alg (wsec); - if (!auth_alg || strcmp (auth_alg, "leap")) - wsec = NULL; - } - } - - parent->adhoc_compatible = FALSE; - parent->hotspot_compatible = FALSE; - sec = (WirelessSecurityLEAP *) parent; - sec->editing_connection = secrets_only ? FALSE : TRUE; - sec->password_flags_name = NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "leap_password_entry")); - g_assert (widget); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - sec); - - /* Create password-storage popup menu for password entry under entry's secondary icon */ - nma_utils_setup_password_storage (widget, 0, (NMSetting *) wsec, sec->password_flags_name, - FALSE, secrets_only); - - if (wsec) - update_secrets (WIRELESS_SECURITY (sec), connection); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "leap_username_entry")); - g_assert (widget); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - sec); - if (wsec) - gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_wireless_security_get_leap_username (wsec)); - - if (secrets_only) - gtk_widget_hide (widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_leap")); - g_assert (widget); - g_signal_connect (G_OBJECT (widget), "toggled", - (GCallback) show_toggled_cb, - sec); - - return sec; -} - diff --git a/src/wireless-security/ws-leap.h b/src/wireless-security/ws-leap.h deleted file mode 100644 index f0221bd9..00000000 --- a/src/wireless-security/ws-leap.h +++ /dev/null @@ -1,16 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2014 Red Hat, Inc. - */ - -#ifndef WS_LEAP_H -#define WS_LEAP_H - -typedef struct _WirelessSecurityLEAP WirelessSecurityLEAP; - -WirelessSecurityLEAP * ws_leap_new (NMConnection *connection, gboolean secrets_only); - -#endif /* WS_LEAP_H */ diff --git a/src/wireless-security/ws-leap.ui b/src/wireless-security/ws-leap.ui deleted file mode 100644 index a3ff0a9a..00000000 --- a/src/wireless-security/ws-leap.ui +++ /dev/null @@ -1,100 +0,0 @@ - - - - - - True - False - False - False - - - True - False - start - 6 - 6 - - - True - False - _Username - True - leap_username_entry - 1 - - - 0 - 0 - - - - - True - False - _Password - True - leap_password_entry - 1 - - - 0 - 1 - - - - - True - True - True - False - True - - - 1 - 1 - - - - - Sho_w password - True - True - False - True - True - True - - - 1 - 2 - - - - - True - True - True - True - - - 1 - 0 - - - - - - - - - - True - False - - - False - - - - diff --git a/src/wireless-security/ws-sae.c b/src/wireless-security/ws-sae.c deleted file mode 100644 index 49cbde3d..00000000 --- a/src/wireless-security/ws-sae.c +++ /dev/null @@ -1,203 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* - * Copyright 2007 - 2019 Red Hat, Inc. - */ - -#include "nm-default.h" -#include "nma-private.h" - -#include -#include - -#include "wireless-security.h" -#include "helpers.h" -#include "nma-ui-utils.h" -#include "utils.h" - -#define WPA_PMK_LEN 32 - -struct _WirelessSecuritySAE { - WirelessSecurity parent; - - gboolean editing_connection; - const char *password_flags_name; -}; - -static void -show_toggled_cb (GtkCheckButton *button, WirelessSecurity *sec) -{ - GtkWidget *widget; - gboolean visible; - - widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, "psk_entry")); - g_assert (widget); - - visible = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button)); - gtk_entry_set_visibility (GTK_ENTRY (widget), visible); -} - -static gboolean -validate (WirelessSecurity *parent, GError **error) -{ - GtkWidget *entry; - NMSettingSecretFlags secret_flags; - const char *key; - - entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, "psk_entry")); - g_assert (entry); - - secret_flags = nma_utils_menu_to_secret_flags (entry); - key = gtk_editable_get_text (GTK_EDITABLE (entry)); - - if ( secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED - || secret_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) { - /* All good. */ - } else if (key == NULL || key[0] == '\0') { - widget_set_error (entry); - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing password")); - return FALSE; - } - widget_unset_error (entry); - - return TRUE; -} - -static void -add_to_size_group (WirelessSecurity *parent, GtkSizeGroup *group) -{ - GtkWidget *widget; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "sae_type_label")); - gtk_size_group_add_widget (group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "sae_label")); - gtk_size_group_add_widget (group, widget); -} - -static void -fill_connection (WirelessSecurity *parent, NMConnection *connection) -{ - WirelessSecuritySAE *sae = (WirelessSecuritySAE *) parent; - GtkWidget *widget, *passwd_entry; - const char *key; - NMSettingWireless *s_wireless; - NMSettingWirelessSecurity *s_wireless_sec; - NMSettingSecretFlags secret_flags; - const char *mode; - gboolean is_adhoc = FALSE; - - s_wireless = nm_connection_get_setting_wireless (connection); - g_assert (s_wireless); - - mode = nm_setting_wireless_get_mode (s_wireless); - if (mode && !strcmp (mode, "adhoc")) - is_adhoc = TRUE; - - /* Blow away the old security setting by adding a clear one */ - s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); - nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "psk_entry")); - passwd_entry = widget; - key = gtk_editable_get_text (GTK_EDITABLE (widget)); - g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_PSK, key, NULL); - - /* Save PSK_FLAGS to the connection */ - secret_flags = nma_utils_menu_to_secret_flags (passwd_entry); - nm_setting_set_secret_flags (NM_SETTING (s_wireless_sec), NM_SETTING_WIRELESS_SECURITY_PSK, - secret_flags, NULL); - - /* Update secret flags and popup when editing the connection */ - if (sae->editing_connection) - nma_utils_update_password_storage (passwd_entry, secret_flags, - NM_SETTING (s_wireless_sec), sae->password_flags_name); - - wireless_security_clear_ciphers (connection); - if (is_adhoc) { - /* Ad-Hoc settings as specified by the supplicant */ - g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "sae", NULL); - nm_setting_wireless_security_add_proto (s_wireless_sec, "rsn"); - nm_setting_wireless_security_add_pairwise (s_wireless_sec, "ccmp"); - nm_setting_wireless_security_add_group (s_wireless_sec, "ccmp"); - } else { - g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "sae", NULL); - - /* Just leave ciphers and protocol empty, the supplicant will - * figure that out magically based on the AP IEs and card capabilities. - */ - } -} - -static void -update_secrets (WirelessSecurity *parent, NMConnection *connection) -{ - helper_fill_secret_entry (connection, - parent->builder, - "psk_entry", - NM_TYPE_SETTING_WIRELESS_SECURITY, - (HelperSecretFunc) nm_setting_wireless_security_get_psk); -} - -WirelessSecuritySAE * -ws_sae_new (NMConnection *connection, gboolean secrets_only) -{ - WirelessSecurity *parent; - WirelessSecuritySAE *sec; - NMSetting *setting = NULL; - GtkWidget *widget; - - parent = wireless_security_init (sizeof (WirelessSecuritySAE), - validate, - add_to_size_group, - fill_connection, - update_secrets, - NULL, - "/org/gnome/libnma/ws-sae.ui", - "sae_notebook", - "psk_entry"); - if (!parent) - return NULL; - - parent->adhoc_compatible = TRUE; - sec = (WirelessSecuritySAE *) parent; - sec->editing_connection = secrets_only ? FALSE : TRUE; - sec->password_flags_name = NM_SETTING_WIRELESS_SECURITY_PSK; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "psk_entry")); - g_assert (widget); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - sec); - gtk_editable_set_width_chars (GTK_EDITABLE (widget), 28); - - /* Create password-storage popup menu for password entry under entry's secondary icon */ - if (connection) - setting = (NMSetting *) nm_connection_get_setting_wireless_security (connection); - nma_utils_setup_password_storage (widget, 0, setting, sec->password_flags_name, - FALSE, secrets_only); - - /* Fill secrets, if any */ - if (connection) - update_secrets (WIRELESS_SECURITY (sec), connection); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_sae")); - g_assert (widget); - g_signal_connect (G_OBJECT (widget), "toggled", - (GCallback) show_toggled_cb, - sec); - - /* Hide WPA/RSN for now since this can be autodetected by NM and the - * supplicant when connecting to the AP. - */ - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "sae_type_combo")); - g_assert (widget); - gtk_widget_hide (widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "sae_type_label")); - g_assert (widget); - gtk_widget_hide (widget); - - return sec; -} - diff --git a/src/wireless-security/ws-sae.h b/src/wireless-security/ws-sae.h deleted file mode 100644 index e864d90d..00000000 --- a/src/wireless-security/ws-sae.h +++ /dev/null @@ -1,16 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* - * Copyright 2007 - 2019 Red Hat, Inc. - */ - -#ifndef WS_SAE_H -#define WS_SAE_H - -/* For compatibility with NetworkManager-1.20 and earlier. */ -#define NMU_SEC_SAE 9 - -typedef struct _WirelessSecuritySAE WirelessSecuritySAE; - -WirelessSecuritySAE * ws_sae_new (NMConnection *connection, gboolean secrets_only); - -#endif /* WS_SAE_H */ diff --git a/src/wireless-security/ws-sae.ui b/src/wireless-security/ws-sae.ui deleted file mode 100644 index 23a18258..00000000 --- a/src/wireless-security/ws-sae.ui +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - True - False - False - False - - - True - False - 6 - 6 - - - True - False - _Password - True - psk_entry - 1 - - - 0 - 0 - - - - - True - True - True - 64 - False - True - - - 1 - 0 - - - - - True - False - _Type - True - sae_type_combo - 1 - - - 0 - 2 - - - - - Sho_w password - True - True - False - True - True - True - - - 1 - 1 - - - - - True - False - - - 1 - 2 - - - - - - - - - - True - False - - - False - - - - diff --git a/src/wireless-security/ws-wep-key.c b/src/wireless-security/ws-wep-key.c deleted file mode 100644 index 7a967abe..00000000 --- a/src/wireless-security/ws-wep-key.c +++ /dev/null @@ -1,355 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2014 Red Hat, Inc. - */ - -#include "nm-default.h" -#include "nma-private.h" - -#include - -#include "wireless-security.h" -#include "utils.h" -#include "helpers.h" -#include "nma-ui-utils.h" - -struct _WirelessSecurityWEPKey { - WirelessSecurity parent; - - gboolean editing_connection; - const char *password_flags_name; - - NMWepKeyType type; - char keys[4][65]; - guint8 cur_index; -}; - -static void -show_toggled_cb (GtkCheckButton *button, WirelessSecurity *sec) -{ - GtkWidget *widget; - gboolean visible; - - widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, "wep_key_entry")); - g_assert (widget); - - visible = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button)); - gtk_entry_set_visibility (GTK_ENTRY (widget), visible); -} - -static void -key_index_combo_changed_cb (GtkWidget *combo, WirelessSecurity *parent) -{ - WirelessSecurityWEPKey *sec = (WirelessSecurityWEPKey *) parent; - GtkWidget *entry; - const char *key; - int key_index; - - /* Save WEP key for old key index */ - entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wep_key_entry")); - key = gtk_editable_get_text (GTK_EDITABLE (entry)); - if (key) - g_strlcpy (sec->keys[sec->cur_index], key, sizeof (sec->keys[sec->cur_index])); - else - memset (sec->keys[sec->cur_index], 0, sizeof (sec->keys[sec->cur_index])); - - key_index = gtk_combo_box_get_active (GTK_COMBO_BOX (combo)); - g_return_if_fail (key_index <= 3); - g_return_if_fail (key_index >= 0); - - /* Populate entry with key from new index */ - gtk_editable_set_text (GTK_EDITABLE (entry), sec->keys[key_index]); - sec->cur_index = key_index; - - wireless_security_changed_cb (combo, parent); -} - -static void -destroy (WirelessSecurity *parent) -{ - WirelessSecurityWEPKey *sec = (WirelessSecurityWEPKey *) parent; - int i; - - for (i = 0; i < 4; i++) - memset (sec->keys[i], 0, sizeof (sec->keys[i])); -} - -static gboolean -validate (WirelessSecurity *parent, GError **error) -{ - WirelessSecurityWEPKey *sec = (WirelessSecurityWEPKey *) parent; - NMSettingSecretFlags secret_flags; - GtkWidget *entry; - const char *key; - int i; - - entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wep_key_entry")); - g_assert (entry); - - secret_flags = nma_utils_menu_to_secret_flags (entry); - key = gtk_editable_get_text (GTK_EDITABLE (entry)); - - if ( secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED - || secret_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) { - /* All good. */ - } else if (!key) { - widget_set_error (entry); - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing wep-key")); - return FALSE; - } else if (sec->type == NM_WEP_KEY_TYPE_KEY) { - if ((strlen (key) == 10) || (strlen (key) == 26)) { - for (i = 0; i < strlen (key); i++) { - if (!g_ascii_isxdigit (key[i])) { - widget_set_error (entry); - g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wep-key: key with a length of %zu must contain only hex-digits"), strlen (key)); - return FALSE; - } - } - } else if ((strlen (key) == 5) || (strlen (key) == 13)) { - for (i = 0; i < strlen (key); i++) { - if (!utils_char_is_ascii_print (key[i])) { - widget_set_error (entry); - g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wep-key: key with a length of %zu must contain only ascii characters"), strlen (key)); - return FALSE; - } - } - } else { - widget_set_error (entry); - g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wep-key: wrong key length %zu. A key must be either of length 5/13 (ascii) or 10/26 (hex)"), strlen (key)); - return FALSE; - } - } else if (sec->type == NM_WEP_KEY_TYPE_PASSPHRASE) { - if (!*key || (strlen (key) > 64)) { - widget_set_error (entry); - if (!*key) - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wep-key: passphrase must be non-empty")); - else - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wep-key: passphrase must be shorter than 64 characters")); - return FALSE; - } - } - widget_unset_error (entry); - - return TRUE; -} - -static void -add_to_size_group (WirelessSecurity *parent, GtkSizeGroup *group) -{ - GtkWidget *widget; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "auth_method_label")); - gtk_size_group_add_widget (group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wep_key_label")); - gtk_size_group_add_widget (group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "key_index_label")); - gtk_size_group_add_widget (group, widget); -} - -static void -fill_connection (WirelessSecurity *parent, NMConnection *connection) -{ - WirelessSecurityWEPKey *sec = (WirelessSecurityWEPKey *) parent; - NMSettingWirelessSecurity *s_wsec; - NMSettingSecretFlags secret_flags; - GtkWidget *widget, *passwd_entry; - gint auth_alg; - const char *key; - int i; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "auth_method_combo")); - auth_alg = gtk_combo_box_get_active (GTK_COMBO_BOX (widget)); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wep_key_entry")); - passwd_entry = widget; - key = gtk_editable_get_text (GTK_EDITABLE (widget)); - g_strlcpy (sec->keys[sec->cur_index], key, sizeof (sec->keys[sec->cur_index])); - - /* Blow away the old security setting by adding a clear one */ - s_wsec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); - nm_connection_add_setting (connection, (NMSetting *) s_wsec); - - g_object_set (s_wsec, - NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "none", - NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX, sec->cur_index, - NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, (auth_alg == 1) ? "shared" : "open", - NM_SETTING_WIRELESS_SECURITY_WEP_KEY_TYPE, sec->type, - NULL); - - for (i = 0; i < 4; i++) { - if (strlen (sec->keys[i])) - nm_setting_wireless_security_set_wep_key (s_wsec, i, sec->keys[i]); - } - - /* Save WEP_KEY_FLAGS to the connection */ - secret_flags = nma_utils_menu_to_secret_flags (passwd_entry); - g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_WEP_KEY_FLAGS, secret_flags, NULL); - - /* Update secret flags and popup when editing the connection */ - if (sec->editing_connection) - nma_utils_update_password_storage (passwd_entry, secret_flags, - NM_SETTING (s_wsec), sec->password_flags_name); -} - -static void -wep_entry_filter_cb (GtkEditable *editable, - gchar *text, - gint length, - gint *position, - gpointer data) -{ - WirelessSecurityWEPKey *sec = (WirelessSecurityWEPKey *) data; - - if (sec->type == NM_WEP_KEY_TYPE_KEY) { - utils_filter_editable_on_insert_text (editable, - text, length, position, data, - utils_char_is_ascii_print, - wep_entry_filter_cb); - } -} - -static void -update_secrets (WirelessSecurity *parent, NMConnection *connection) -{ - WirelessSecurityWEPKey *sec = (WirelessSecurityWEPKey *) parent; - NMSettingWirelessSecurity *s_wsec; - GtkEditable *entry; - const char *tmp; - int i; - - s_wsec = nm_connection_get_setting_wireless_security (connection); - for (i = 0; s_wsec && i < 4; i++) { - tmp = nm_setting_wireless_security_get_wep_key (s_wsec, i); - if (tmp) - g_strlcpy (sec->keys[i], tmp, sizeof (sec->keys[i])); - } - - entry = GTK_EDITABLE (gtk_builder_get_object (parent->builder, "wep_key_entry")); - if (strlen (sec->keys[sec->cur_index])) - gtk_editable_set_text (entry, sec->keys[sec->cur_index]); -} - -WirelessSecurityWEPKey * -ws_wep_key_new (NMConnection *connection, - NMWepKeyType type, - gboolean adhoc_create, - gboolean secrets_only) -{ - WirelessSecurity *parent; - WirelessSecurityWEPKey *sec; - GtkWidget *widget; - NMSettingWirelessSecurity *s_wsec = NULL; - NMSetting *setting = NULL; - guint8 default_key_idx = 0; - gboolean is_adhoc = adhoc_create; - gboolean is_shared_key = FALSE; - - parent = wireless_security_init (sizeof (WirelessSecurityWEPKey), - validate, - add_to_size_group, - fill_connection, - update_secrets, - destroy, - "/org/gnome/libnma/ws-wep-key.ui", - "wep_key_notebook", - "wep_key_entry"); - if (!parent) - return NULL; - - sec = (WirelessSecurityWEPKey *) parent; - sec->editing_connection = secrets_only ? FALSE : TRUE; - sec->password_flags_name = NM_SETTING_WIRELESS_SECURITY_WEP_KEY0; - sec->type = type; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wep_key_entry")); - g_assert (widget); - gtk_editable_set_width_chars (GTK_EDITABLE (widget), 28); - - /* Create password-storage popup menu for password entry under entry's secondary icon */ - if (connection) - setting = (NMSetting *) nm_connection_get_setting_wireless_security (connection); - nma_utils_setup_password_storage (widget, 0, setting, sec->password_flags_name, - FALSE, secrets_only); - - if (connection) { - NMSettingWireless *s_wireless; - const char *mode, *auth_alg; - - s_wireless = nm_connection_get_setting_wireless (connection); - mode = s_wireless ? nm_setting_wireless_get_mode (s_wireless) : NULL; - if (mode && !strcmp (mode, "adhoc")) - is_adhoc = TRUE; - - s_wsec = nm_connection_get_setting_wireless_security (connection); - if (s_wsec) { - auth_alg = nm_setting_wireless_security_get_auth_alg (s_wsec); - if (auth_alg && !strcmp (auth_alg, "shared")) - is_shared_key = TRUE; - } - } - - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - sec); - g_signal_connect (G_OBJECT (widget), "insert-text", - (GCallback) wep_entry_filter_cb, - sec); - if (sec->type == NM_WEP_KEY_TYPE_KEY) - gtk_entry_set_max_length (GTK_ENTRY (widget), 26); - else if (sec->type == NM_WEP_KEY_TYPE_PASSPHRASE) - gtk_entry_set_max_length (GTK_ENTRY (widget), 64); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "key_index_combo")); - if (connection && s_wsec) - default_key_idx = nm_setting_wireless_security_get_wep_tx_keyidx (s_wsec); - - gtk_combo_box_set_active (GTK_COMBO_BOX (widget), default_key_idx); - sec->cur_index = default_key_idx; - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) key_index_combo_changed_cb, - sec); - - /* Key index is useless with adhoc networks */ - if (is_adhoc || secrets_only) { - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "key_index_label")); - gtk_widget_hide (widget); - } - - /* Fill the key entry with the key for that index */ - if (connection) - update_secrets (WIRELESS_SECURITY (sec), connection); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_wep")); - g_assert (widget); - g_signal_connect (G_OBJECT (widget), "toggled", - (GCallback) show_toggled_cb, - sec); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "auth_method_combo")); - gtk_combo_box_set_active (GTK_COMBO_BOX (widget), is_shared_key ? 1 : 0); - - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - sec); - - /* Don't show auth method for adhoc (which always uses open-system) or - * when in "simple" mode. - */ - if (is_adhoc || secrets_only) { - /* Ad-Hoc connections can't use Shared Key auth */ - if (is_adhoc) - gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "auth_method_label")); - gtk_widget_hide (widget); - } - - return sec; -} - diff --git a/src/wireless-security/ws-wep-key.h b/src/wireless-security/ws-wep-key.h deleted file mode 100644 index cd82e453..00000000 --- a/src/wireless-security/ws-wep-key.h +++ /dev/null @@ -1,19 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2014 Red Hat, Inc. - */ - -#ifndef WS_WEP_KEY_H -#define WS_WEP_KEY_H - -typedef struct _WirelessSecurityWEPKey WirelessSecurityWEPKey; - -WirelessSecurityWEPKey *ws_wep_key_new (NMConnection *connection, - NMWepKeyType type, - gboolean adhoc_create, - gboolean secrets_only); - -#endif /* WS_WEP_KEY_H */ diff --git a/src/wireless-security/ws-wep-key.ui b/src/wireless-security/ws-wep-key.ui deleted file mode 100644 index 2e1828af..00000000 --- a/src/wireless-security/ws-wep-key.ui +++ /dev/null @@ -1,172 +0,0 @@ - - - - - - - - - - - - Open System - - - Shared Key - - - - - - - - - - - 1 (Default) - - - 2 - - - 3 - - - 4 - - - - - True - False - False - False - - - True - False - 6 - 6 - - - True - False - _Key - True - wep_key_entry - 1 - - - 0 - 0 - - - - - True - True - True - 64 - False - True - - - 1 - 0 - - - - - Sho_w key - True - True - False - True - True - True - - - 1 - 1 - - - - - True - False - Au_thentication - True - auth_method_combo - 1 - - - 0 - 3 - - - - - True - False - True - model3 - - - - 0 - - - - - 1 - 3 - - - - - True - False - WEP inde_x - True - key_index_combo - 1 - - - 0 - 2 - - - - - True - False - True - model4 - - - - 0 - - - - - 1 - 2 - - - - - - - - - - True - False - - - False - - - - diff --git a/src/wireless-security/ws-wpa-eap.c b/src/wireless-security/ws-wpa-eap.c deleted file mode 100644 index 889e8431..00000000 --- a/src/wireless-security/ws-wpa-eap.c +++ /dev/null @@ -1,121 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2014 Red Hat, Inc. - */ - -#include "nm-default.h" - -#include -#include - -#include "wireless-security.h" -#include "eap-method.h" - -struct _WirelessSecurityWPAEAP { - WirelessSecurity parent; - - GtkSizeGroup *size_group; -}; - - -static void -destroy (WirelessSecurity *parent) -{ - WirelessSecurityWPAEAP *sec = (WirelessSecurityWPAEAP *) parent; - - if (sec->size_group) - g_object_unref (sec->size_group); -} - -static gboolean -validate (WirelessSecurity *parent, GError **error) -{ - return ws_802_1x_validate (parent, "wpa_eap_auth_combo", error); -} - -static void -add_to_size_group (WirelessSecurity *parent, GtkSizeGroup *group) -{ - WirelessSecurityWPAEAP *sec = (WirelessSecurityWPAEAP *) parent; - - if (sec->size_group) - g_object_unref (sec->size_group); - sec->size_group = g_object_ref (group); - - ws_802_1x_add_to_size_group (parent, - sec->size_group, - "wpa_eap_auth_label", - "wpa_eap_auth_combo"); -} - -static void -fill_connection (WirelessSecurity *parent, NMConnection *connection) -{ - NMSettingWirelessSecurity *s_wireless_sec; - - ws_802_1x_fill_connection (parent, "wpa_eap_auth_combo", connection); - - s_wireless_sec = nm_connection_get_setting_wireless_security (connection); - g_assert (s_wireless_sec); - - g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", NULL); -} - -static void -auth_combo_changed_cb (GtkWidget *combo, gpointer user_data) -{ - WirelessSecurity *parent = WIRELESS_SECURITY (user_data); - WirelessSecurityWPAEAP *sec = (WirelessSecurityWPAEAP *) parent; - - ws_802_1x_auth_combo_changed (combo, - parent, - "wpa_eap_method_vbox", - sec->size_group); -} - -static void -update_secrets (WirelessSecurity *parent, NMConnection *connection) -{ - ws_802_1x_update_secrets (parent, "wpa_eap_auth_combo", connection); -} - -WirelessSecurityWPAEAP * -ws_wpa_eap_new (NMConnection *connection, - gboolean is_editor, - gboolean secrets_only, - const char *const*secrets_hints) -{ - WirelessSecurity *parent; - GtkWidget *widget; - - parent = wireless_security_init (sizeof (WirelessSecurityWPAEAP), - validate, - add_to_size_group, - fill_connection, - update_secrets, - destroy, - "/org/gnome/libnma/ws-wpa-eap.ui", - "wpa_eap_notebook", - NULL); - if (!parent) - return NULL; - - parent->adhoc_compatible = FALSE; - parent->hotspot_compatible = FALSE; - - widget = ws_802_1x_auth_combo_init (parent, - "wpa_eap_auth_combo", - "wpa_eap_auth_label", - (GCallback) auth_combo_changed_cb, - connection, - is_editor, - secrets_only, - secrets_hints); - auth_combo_changed_cb (widget, parent); - - return (WirelessSecurityWPAEAP *) parent; -} - diff --git a/src/wireless-security/ws-wpa-eap.h b/src/wireless-security/ws-wpa-eap.h deleted file mode 100644 index 755188e3..00000000 --- a/src/wireless-security/ws-wpa-eap.h +++ /dev/null @@ -1,19 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2014 Red Hat, Inc. - */ - -#ifndef WS_WPA_EAP_H -#define WS_WPA_EAP_H - -typedef struct _WirelessSecurityWPAEAP WirelessSecurityWPAEAP; - -WirelessSecurityWPAEAP * ws_wpa_eap_new (NMConnection *connection, - gboolean is_editor, - gboolean secrets_only, - const char *const*secrets_hints); - -#endif /* WS_WPA_EAP_H */ diff --git a/src/wireless-security/ws-wpa-eap.ui b/src/wireless-security/ws-wpa-eap.ui deleted file mode 100644 index 6dd17a4a..00000000 --- a/src/wireless-security/ws-wpa-eap.ui +++ /dev/null @@ -1,87 +0,0 @@ - - - - - - - - - - - - - - - - - True - False - False - False - - - True - False - 6 - 6 - - - True - False - Au_thentication - True - wpa_eap_auth_combo - 1 - - - 0 - 0 - - - - - True - False - True - model5 - - - - 0 - - - - - 1 - 0 - - - - - True - False - True - vertical - - - - - - 0 - 1 - 2 - - - - - - - True - False - - - False - - - - diff --git a/src/wireless-security/ws-wpa-psk.c b/src/wireless-security/ws-wpa-psk.c deleted file mode 100644 index d16726e1..00000000 --- a/src/wireless-security/ws-wpa-psk.c +++ /dev/null @@ -1,220 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2014 Red Hat, Inc. - */ - -#include "nm-default.h" -#include "nma-private.h" - -#include -#include - -#include "wireless-security.h" -#include "helpers.h" -#include "nma-ui-utils.h" -#include "utils.h" - -#define WPA_PMK_LEN 32 - -struct _WirelessSecurityWPAPSK { - WirelessSecurity parent; - - gboolean editing_connection; - const char *password_flags_name; -}; - -static void -show_toggled_cb (GtkCheckButton *button, WirelessSecurity *sec) -{ - GtkWidget *widget; - gboolean visible; - - widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, "wpa_psk_entry")); - g_assert (widget); - - visible = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button)); - gtk_entry_set_visibility (GTK_ENTRY (widget), visible); -} - -static gboolean -validate (WirelessSecurity *parent, GError **error) -{ - GtkWidget *entry; - NMSettingSecretFlags secret_flags; - const char *key; - gsize len; - int i; - - entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wpa_psk_entry")); - g_assert (entry); - - secret_flags = nma_utils_menu_to_secret_flags (entry); - key = gtk_editable_get_text (GTK_EDITABLE (entry)); - len = key ? strlen (key) : 0; - - if ( secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED - || secret_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) { - /* All good. */ - } else if ((len < 8) || (len > 64)) { - widget_set_error (entry); - g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wpa-psk: invalid key-length %zu. Must be [8,63] bytes or 64 hex digits"), len); - return FALSE; - } else if (len == 64) { - /* Hex PSK */ - for (i = 0; i < len; i++) { - if (!isxdigit (key[i])) { - widget_set_error (entry); - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wpa-psk: cannot interpret key with 64 bytes as hex")); - return FALSE; - } - } - } - widget_unset_error (entry); - - /* passphrase can be between 8 and 63 characters inclusive */ - - return TRUE; -} - -static void -add_to_size_group (WirelessSecurity *parent, GtkSizeGroup *group) -{ - GtkWidget *widget; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wpa_psk_type_label")); - gtk_size_group_add_widget (group, widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wpa_psk_label")); - gtk_size_group_add_widget (group, widget); -} - -static void -fill_connection (WirelessSecurity *parent, NMConnection *connection) -{ - WirelessSecurityWPAPSK *wpa_psk = (WirelessSecurityWPAPSK *) parent; - GtkWidget *widget, *passwd_entry; - const char *key; - NMSettingWireless *s_wireless; - NMSettingWirelessSecurity *s_wireless_sec; - NMSettingSecretFlags secret_flags; - const char *mode; - gboolean is_adhoc = FALSE; - - s_wireless = nm_connection_get_setting_wireless (connection); - g_assert (s_wireless); - - mode = nm_setting_wireless_get_mode (s_wireless); - if (mode && !strcmp (mode, "adhoc")) - is_adhoc = TRUE; - - /* Blow away the old security setting by adding a clear one */ - s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); - nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wpa_psk_entry")); - passwd_entry = widget; - key = gtk_editable_get_text (GTK_EDITABLE (widget)); - g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_PSK, key, NULL); - - /* Save PSK_FLAGS to the connection */ - secret_flags = nma_utils_menu_to_secret_flags (passwd_entry); - nm_setting_set_secret_flags (NM_SETTING (s_wireless_sec), NM_SETTING_WIRELESS_SECURITY_PSK, - secret_flags, NULL); - - /* Update secret flags and popup when editing the connection */ - if (wpa_psk->editing_connection) - nma_utils_update_password_storage (passwd_entry, secret_flags, - NM_SETTING (s_wireless_sec), wpa_psk->password_flags_name); - - wireless_security_clear_ciphers (connection); - if (is_adhoc) { - /* Ad-Hoc settings as specified by the supplicant */ - g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL); - nm_setting_wireless_security_add_proto (s_wireless_sec, "rsn"); - nm_setting_wireless_security_add_pairwise (s_wireless_sec, "ccmp"); - nm_setting_wireless_security_add_group (s_wireless_sec, "ccmp"); - } else { - g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL); - - /* Just leave ciphers and protocol empty, the supplicant will - * figure that out magically based on the AP IEs and card capabilities. - */ - } -} - -static void -update_secrets (WirelessSecurity *parent, NMConnection *connection) -{ - helper_fill_secret_entry (connection, - parent->builder, - "wpa_psk_entry", - NM_TYPE_SETTING_WIRELESS_SECURITY, - (HelperSecretFunc) nm_setting_wireless_security_get_psk); -} - -WirelessSecurityWPAPSK * -ws_wpa_psk_new (NMConnection *connection, gboolean secrets_only) -{ - WirelessSecurity *parent; - WirelessSecurityWPAPSK *sec; - NMSetting *setting = NULL; - GtkWidget *widget; - - parent = wireless_security_init (sizeof (WirelessSecurityWPAPSK), - validate, - add_to_size_group, - fill_connection, - update_secrets, - NULL, - "/org/gnome/libnma/ws-wpa-psk.ui", - "wpa_psk_notebook", - "wpa_psk_entry"); - if (!parent) - return NULL; - - parent->adhoc_compatible = TRUE; - sec = (WirelessSecurityWPAPSK *) parent; - sec->editing_connection = secrets_only ? FALSE : TRUE; - sec->password_flags_name = NM_SETTING_WIRELESS_SECURITY_PSK; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wpa_psk_entry")); - g_assert (widget); - g_signal_connect (G_OBJECT (widget), "changed", - (GCallback) wireless_security_changed_cb, - sec); - gtk_editable_set_width_chars (GTK_EDITABLE (widget), 28); - - /* Create password-storage popup menu for password entry under entry's secondary icon */ - if (connection) - setting = (NMSetting *) nm_connection_get_setting_wireless_security (connection); - nma_utils_setup_password_storage (widget, 0, setting, sec->password_flags_name, - FALSE, secrets_only); - - /* Fill secrets, if any */ - if (connection) - update_secrets (WIRELESS_SECURITY (sec), connection); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_wpa")); - g_assert (widget); - g_signal_connect (G_OBJECT (widget), "toggled", - (GCallback) show_toggled_cb, - sec); - - /* Hide WPA/RSN for now since this can be autodetected by NM and the - * supplicant when connecting to the AP. - */ - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wpa_psk_type_combo")); - g_assert (widget); - gtk_widget_hide (widget); - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wpa_psk_type_label")); - g_assert (widget); - gtk_widget_hide (widget); - - return sec; -} - diff --git a/src/wireless-security/ws-wpa-psk.h b/src/wireless-security/ws-wpa-psk.h deleted file mode 100644 index 4ad01030..00000000 --- a/src/wireless-security/ws-wpa-psk.h +++ /dev/null @@ -1,16 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0+ -/* NetworkManager Applet -- allow user control over networking - * - * Dan Williams - * - * Copyright 2007 - 2014 Red Hat, Inc. - */ - -#ifndef WS_WPA_PSK_H -#define WS_WPA_PSK_H - -typedef struct _WirelessSecurityWPAPSK WirelessSecurityWPAPSK; - -WirelessSecurityWPAPSK * ws_wpa_psk_new (NMConnection *connection, gboolean secrets_only); - -#endif /* WS_WEP_KEY_H */ diff --git a/src/wireless-security/ws-wpa-psk.ui b/src/wireless-security/ws-wpa-psk.ui deleted file mode 100644 index 8f94f9da..00000000 --- a/src/wireless-security/ws-wpa-psk.ui +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - True - False - False - False - - - True - False - 6 - 6 - - - True - False - _Password - True - wpa_psk_entry - 1 - - - 0 - 0 - - - - - True - True - True - 64 - False - True - - - 1 - 0 - - - - - True - False - _Type - True - wpa_psk_type_combo - 1 - - - 0 - 2 - - - - - Sho_w password - True - True - False - True - True - True - - - 1 - 1 - - - - - True - False - - - 1 - 2 - - - - - - - - - - True - False - - - False - - - - diff --git a/src/wireless-security/ws.gresource.xml b/src/wireless-security/ws.gresource.xml deleted file mode 100644 index 088770e4..00000000 --- a/src/wireless-security/ws.gresource.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - ws-dynamic-wep.ui - ws-leap.ui - ws-sae.ui - ws-wep-key.ui - ws-wpa-eap.ui - ws-wpa-psk.ui - eap-method-fast.ui - eap-method-leap.ui - eap-method-peap.ui - eap-method-simple.ui - eap-method-tls.ui - eap-method-ttls.ui - - -- GitLab