static void cdma_add_menu_item (NMDevice *device, guint32 n_devices, NMConnection *active, GtkWidget *menu, NMApplet *applet) { CdmaDeviceInfo *info; char *text; GtkWidget *item; GSList *connections, *all, *iter; info = g_object_get_data (G_OBJECT (device), "devinfo"); all = applet_get_all_connections (applet); connections = nm_device_filter_connections (device, all); g_slist_free (all); if (n_devices > 1) { const char *desc; desc = nma_utils_get_device_description (device); text = g_strdup_printf (_("Mobile Broadband (%s)"), desc); } else { text = g_strdup (_("Mobile Broadband")); } item = applet_menu_item_create_device_item_helper (device, applet, text); gtk_widget_set_sensitive (item, FALSE); gtk_menu_shell_append (GTK_MENU_SHELL (menu), item); gtk_widget_show (item); g_free (text); /* Add the active connection */ if (active) { NMSettingConnection *s_con; s_con = nm_connection_get_setting_connection (active); g_assert (s_con); item = nm_mb_menu_item_new (nm_setting_connection_get_id (s_con), info->quality_valid ? info->quality : 0, info->provider_name, TRUE, cdma_act_to_mb_act (info), cdma_state_to_mb_state (info), info->modem_enabled, applet); gtk_widget_set_sensitive (GTK_WIDGET (item), TRUE); add_connection_item (device, active, item, menu, applet); } /* Get the "disconnect" item if connected */ if (nm_device_get_state (device) > NM_DEVICE_STATE_DISCONNECTED) { item = nma_menu_device_get_menu_item (device, applet, NULL); if (item) { gtk_menu_shell_append (GTK_MENU_SHELL (menu), item); gtk_widget_show (item); } } else { /* Otherwise show idle registration state or disabled */ item = nm_mb_menu_item_new (NULL, info->quality_valid ? info->quality : 0, info->provider_name, FALSE, cdma_act_to_mb_act (info), cdma_state_to_mb_state (info), info->modem_enabled, applet); gtk_widget_set_sensitive (GTK_WIDGET (item), FALSE); gtk_menu_shell_append (GTK_MENU_SHELL (menu), item); } /* Add the default / inactive connection items */ if (!nma_menu_device_check_unusable (device)) { if ((!active && g_slist_length (connections)) || (active && g_slist_length (connections) > 1)) applet_menu_item_add_complex_separator_helper (menu, applet, _("Available"), -1); if (g_slist_length (connections)) { for (iter = connections; iter; iter = g_slist_next (iter)) { NMConnection *connection = NM_CONNECTION (iter->data); if (connection != active) { item = applet_new_menu_item_helper (connection, NULL, FALSE); add_connection_item (device, connection, item, menu, applet); } } } else { /* Default connection item */ item = gtk_check_menu_item_new_with_label (_("New Mobile Broadband (CDMA) connection...")); add_connection_item (device, NULL, item, menu, applet); } } g_slist_free (connections); }
static gboolean update_connection (NMVpnEditor *editor, NMConnection *connection, GError **error) { VpncEditor *self = VPNC_EDITOR (editor); VpncEditorPrivate *priv = VPNC_EDITOR_GET_PRIVATE (self); NMSettingConnection *s_con; NMSettingVpn *s_vpn; GtkWidget *widget; char *str; guint32 port; GtkTreeModel *model; GtkTreeIter iter; if (!check_validity (self, error)) return FALSE; s_con = nm_connection_get_setting_connection (connection); s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ()); g_object_set (s_vpn, NM_SETTING_VPN_SERVICE_TYPE, NM_DBUS_SERVICE_VPNC, NULL); /* Interface name */ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "interface_name_entry")); str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); if (str && strlen (str)) g_object_set (G_OBJECT (s_con), NM_SETTING_CONNECTION_INTERFACE_NAME, str, NULL); /* Gateway */ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "gateway_entry")); str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); if (str && strlen (str)) nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_GATEWAY, str); /* Group name */ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "group_entry")); str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); if (str && strlen (str)) nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_ID, str); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_entry")); str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); if (str && strlen (str)) nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_XAUTH_USER, str); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "domain_entry")); str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); if (str && strlen (str)) nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_DOMAIN, str); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "vendor_combo")); model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) { const char *vendor = NULL; gtk_tree_model_get (model, &iter, 1, &vendor, -1); nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_VENDOR, vendor); } else nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_VENDOR, NM_VPNC_VENDOR_CISCO); /* Application version */ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "application_version_entry")); str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); if (str && strlen (str)) nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_APP_VERSION, str); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "encryption_combo")); switch (gtk_combo_box_get_active (GTK_COMBO_BOX (widget))) { case ENC_TYPE_WEAK: nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_SINGLE_DES, "yes"); break; case ENC_TYPE_NONE: nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_NO_ENCRYPTION, "yes"); break; case ENC_TYPE_SECURE: default: break; } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "natt_combo")); model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) { const char *mode = NULL; gtk_tree_model_get (model, &iter, 1, &mode, -1); nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE, mode); } else nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE, NM_VPNC_NATT_MODE_NATT); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "dhgroup_combo")); model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) { const char *dhgroup = NULL; gtk_tree_model_get (model, &iter, 1, &dhgroup, -1); nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_DHGROUP, dhgroup); } else nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_DHGROUP, NM_VPNC_DHGROUP_DH2); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "pfsecrecy_combo")); model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) { const char *pfs = NULL; gtk_tree_model_get (model, &iter, 1, &pfs, -1); nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_PERFECT_FORWARD, pfs); } else nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_PERFECT_FORWARD, NM_VPNC_PFS_SERVER); /* Local port */ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "local_port_spinbutton")); port = gtk_spin_button_get_value_as_int (GTK_SPIN_BUTTON (widget)); nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_LOCAL_PORT, g_strdup_printf ("%d", port)); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dpd_checkbutton")); if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_DPD_IDLE_TIMEOUT, "0"); } else { /* If DPD was disabled and now the user wishes to enable it, just * don't pass the DPD_IDLE_TIMEOUT option to vpnc and thus use the * default DPD idle time. Otherwise keep the original DPD idle timeout. */ if (priv->orig_dpd_timeout >= 10) { char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout); nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_DPD_IDLE_TIMEOUT, tmp); g_free (tmp); } } /* User password */ save_one_password (s_vpn, priv->builder, "user_password_entry", NM_VPNC_KEY_XAUTH_PASSWORD, NM_VPNC_KEY_XAUTH_PASSWORD_TYPE); /* Group password */ save_one_password (s_vpn, priv->builder, "group_password_entry", NM_VPNC_KEY_SECRET, NM_VPNC_KEY_SECRET_TYPE); /* hybrid auth */ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "hybrid_checkbutton")); if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_AUTHMODE, "hybrid"); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "ca_file_chooser")); str = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); if (str && strlen (str)) nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_CA_FILE, str); nm_connection_add_setting (connection, NM_SETTING (s_vpn)); return TRUE; }
gboolean eap_method_nag_init (EAPMethod *method, const char *ca_cert_chooser, NMConnection *connection) { GtkWidget *dialog, *widget; NagDialogResponseInfo *info; GError *error = NULL; char *text; g_return_val_if_fail (method != NULL, FALSE); g_return_val_if_fail (ca_cert_chooser != NULL, FALSE); method->nag_builder = gtk_builder_new (); if (!gtk_builder_add_from_file (method->nag_builder, NAG_DIALOG_UI, &error)) { g_warning ("Couldn't load UI builder file " NAG_DIALOG_UI ": %s", error->message); g_error_free (error); return FALSE; } method->ca_cert_chooser = g_strdup (ca_cert_chooser); if (connection) { NMSettingConnection *s_con; const char *uuid; s_con = nm_connection_get_setting_connection (connection); g_assert (s_con); uuid = nm_setting_connection_get_uuid (s_con); g_assert (uuid); /* Figure out if the user wants to ignore missing CA cert */ method->ignore_ca_cert = _get_ignore_ca_cert (uuid, method->phase2); } info = g_malloc0 (sizeof (NagDialogResponseInfo)); info->method = method; info->connection = connection; dialog = GTK_WIDGET (gtk_builder_get_object (method->nag_builder, "nag_user_dialog")); g_assert (dialog); g_signal_connect (dialog, "response", G_CALLBACK (nag_dialog_response_cb), info); g_signal_connect (dialog, "delete-event", G_CALLBACK (nag_dialog_delete_event_cb), info); g_object_weak_ref (G_OBJECT (dialog), nag_dialog_destroyed, info); widget = GTK_WIDGET (gtk_builder_get_object (method->nag_builder, "content_label")); g_assert (widget); text = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s</span>\n\n%s", _("No Certificate Authority certificate chosen"), _("Not using a Certificate Authority (CA) certificate can result in connections to insecure, rogue Wi-Fi networks. Would you like to choose a Certificate Authority certificate?")); gtk_label_set_markup (GTK_LABEL (widget), text); g_free (text); widget = GTK_WIDGET (gtk_builder_get_object (method->nag_builder, "ignore_button")); gtk_button_set_label (GTK_BUTTON (widget), _("Ignore")); g_assert (widget); widget = GTK_WIDGET (gtk_builder_get_object (method->nag_builder, "change_button")); gtk_button_set_label (GTK_BUTTON (widget), _("Choose CA Certificate")); g_assert (widget); method->nag_dialog = dialog; return TRUE; }
NMConnection * nm_keyfile_plugin_connection_from_file (const char *filename, GError **error) { GKeyFile *key_file; struct stat statbuf; gboolean bad_owner, bad_permissions; NMConnection *connection = NULL; NMSettingConnection *s_con; NMSetting *setting; gchar **groups; gsize length; int i; gboolean vpn_secrets = FALSE; const char *ctype; GError *verify_error = NULL; if (stat (filename, &statbuf) != 0 || !S_ISREG (statbuf.st_mode)) { g_set_error_literal (error, KEYFILE_PLUGIN_ERROR, 0, "File did not exist or was not a regular file"); return NULL; } bad_owner = getuid () != statbuf.st_uid; bad_permissions = statbuf.st_mode & 0077; if (bad_owner || bad_permissions) { g_set_error (error, KEYFILE_PLUGIN_ERROR, 0, "File permissions (%o) or owner (%d) were insecure", statbuf.st_mode, statbuf.st_uid); return NULL; } key_file = g_key_file_new (); if (!g_key_file_load_from_file (key_file, filename, G_KEY_FILE_NONE, error)) goto out; connection = nm_connection_new (); groups = g_key_file_get_groups (key_file, &length); for (i = 0; i < length; i++) { /* Only read out secrets when needed */ if (!strcmp (groups[i], VPN_SECRETS_GROUP)) { vpn_secrets = TRUE; continue; } setting = read_setting (key_file, filename, groups[i]); if (setting) nm_connection_add_setting (connection, setting); } /* Make sure that we have the base device type setting even if * the keyfile didn't include it, which can happen when the base * device type setting is all default values (like ethernet where * the MAC address isn't given, or VLAN when the VLAN ID is zero). */ s_con = nm_connection_get_setting_connection (connection); if (s_con) { ctype = nm_setting_connection_get_connection_type (s_con); setting = nm_connection_get_setting_by_name (connection, ctype); if (ctype && !setting) { NMSetting *base_setting; GType base_setting_type; base_setting_type = nm_connection_lookup_setting_type (ctype); if (base_setting_type != G_TYPE_INVALID) { base_setting = (NMSetting *) g_object_new (base_setting_type, NULL); g_assert (base_setting); nm_connection_add_setting (connection, base_setting); } } } /* Handle vpn secrets after the 'vpn' setting was read */ if (vpn_secrets) { NMSettingVPN *s_vpn; s_vpn = nm_connection_get_setting_vpn (connection); if (s_vpn) read_vpn_secrets (key_file, s_vpn); } g_strfreev (groups); /* Verify the connection */ if (!nm_connection_verify (connection, &verify_error)) { g_set_error (error, KEYFILE_PLUGIN_ERROR, 0, "invalid or missing connection property '%s/%s'", verify_error ? g_type_name (nm_connection_lookup_setting_type_by_quark (verify_error->domain)) : "(unknown)", (verify_error && verify_error->message) ? verify_error->message : "(unknown)"); g_clear_error (&verify_error); g_object_unref (connection); connection = NULL; g_warning ("Connection failed to verify: %s", verify_error ? g_type_name (nm_connection_lookup_setting_type_by_quark (verify_error->domain)) : "(unknown)"); } out: g_key_file_free (key_file); return connection; }
static gboolean init_plugin_ui (VpncEditor *self, NMConnection *connection, gboolean new_connection, GError **error) { VpncEditorPrivate *priv = VPNC_EDITOR_GET_PRIVATE (self); NMSettingConnection *s_con = NULL; NMSettingVpn *s_vpn = NULL; GtkWidget *widget; GtkListStore *store; GtkTreeIter iter; const char *value = NULL; int active = -1; const char *natt_mode = NULL; const char *ike_dh_group = NULL; const char *vendor = NULL; const char *pfs_group = NULL; gboolean enabled = FALSE; GtkFileFilter *filter; if (connection) { s_con = nm_connection_get_setting_connection (connection); s_vpn = nm_connection_get_setting_vpn (connection); } priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "gateway_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_GATEWAY); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "group_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_ID); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "encryption_combo")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); store = gtk_list_store_new (1, G_TYPE_STRING); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Secure (default)"), -1); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Weak (use with caution)"), -1); if (s_vpn && (active < 0)) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_SINGLE_DES); if (value && !strcmp (value, "yes")) active = 1; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("None (completely insecure)"), -1); if (s_vpn && (active < 0)) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NO_ENCRYPTION); if (value && !strcmp (value, "yes")) active = 2; } gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); g_object_unref (store); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Fill the VPN passwords *before* initializing the PW type combos, since * knowing if there are passwords when initializing the combos is helpful. */ setup_password_widget (self, "user_password_entry", s_vpn, NM_VPNC_KEY_XAUTH_PASSWORD, new_connection); setup_password_widget (self, "group_password_entry", s_vpn, NM_VPNC_KEY_SECRET, new_connection); init_password_icon (self, s_vpn, NM_VPNC_KEY_XAUTH_PASSWORD, NM_VPNC_KEY_XAUTH_PASSWORD_TYPE, "user_password_entry"); init_password_icon (self, s_vpn, NM_VPNC_KEY_SECRET, NM_VPNC_KEY_SECRET_TYPE, "group_password_entry"); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_XAUTH_USER); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "domain_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_DOMAIN); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Vendor combo */ active = -1; store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING); if (s_vpn) vendor = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_VENDOR); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Cisco (default)"), 1, NM_VPNC_VENDOR_CISCO, -1); if ((active < 0) && vendor) { if (!strcmp (vendor, NM_VPNC_VENDOR_CISCO)) active = 0; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Netscreen"), 1, NM_VPNC_VENDOR_NETSCREEN, -1); if ((active < 0) && vendor) { if (!strcmp (vendor, NM_VPNC_VENDOR_NETSCREEN)) active = 1; } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "vendor_combo")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); g_object_unref (store); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Application version */ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "application_version_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_APP_VERSION); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Interface name */ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "interface_name_entry")); g_return_val_if_fail (widget != NULL, FALSE); if (s_con) { value = nm_setting_connection_get_interface_name (s_con); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); active = -1; store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING); if (s_vpn) natt_mode = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("NAT-T when available (default)"), 1, NM_VPNC_NATT_MODE_NATT, -1); if ((active < 0) && natt_mode) { if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NATT)) active = 0; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("NAT-T always"), 1, NM_VPNC_NATT_MODE_NATT_ALWAYS, -1); if ((active < 0) && natt_mode) { if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NATT_ALWAYS)) active = 1; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Cisco UDP"), 1, NM_VPNC_NATT_MODE_CISCO, -1); if ((active < 0) && natt_mode) { if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_CISCO)) active = 2; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Disabled"), 1, NM_VPNC_NATT_MODE_NONE, -1); if ((active < 0) && natt_mode) { if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NONE)) active = 3; } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "natt_combo")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); g_object_unref (store); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); active = -1; store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING); if (s_vpn) ike_dh_group = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_DHGROUP); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 1"), 1, NM_VPNC_DHGROUP_DH1, -1); if ((active < 0) && ike_dh_group) { if (!strcmp (ike_dh_group, NM_VPNC_DHGROUP_DH1)) active = 0; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 2 (default)"), 1, NM_VPNC_DHGROUP_DH2, -1); if ((active < 0) && ike_dh_group) { if (!strcmp (ike_dh_group, NM_VPNC_DHGROUP_DH2)) active = 1; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 5"), 1, NM_VPNC_DHGROUP_DH5, -1); if ((active < 0) && ike_dh_group) { if (!strcmp (ike_dh_group, NM_VPNC_DHGROUP_DH5)) active = 2; } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "dhgroup_combo")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); g_object_unref (store); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 1 : active); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Local Port */ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "local_port_spinbutton")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_LOCAL_PORT); if (value) { long int tmp; errno = 0; tmp = strtol (value, NULL, 10); if (errno != 0 || tmp < 0 || tmp > 65535) tmp = 0; widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "local_port_spinbutton")); gtk_spin_button_set_value (GTK_SPIN_BUTTON (widget), (gdouble) tmp); } } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (spinbutton_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dpd_checkbutton")); g_return_val_if_fail (widget != NULL, FALSE); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_DPD_IDLE_TIMEOUT); if (value) { long int tmp; errno = 0; tmp = strtol (value, NULL, 10); if (tmp >= 0 && tmp <= G_MAXUINT32 && errno == 0) priv->orig_dpd_timeout = (guint32) tmp; if (priv->orig_dpd_timeout == 0) gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); } } g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self); /* Perfect Forward Secrecy combo */ active = -1; store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING); if (s_vpn) pfs_group = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_PERFECT_FORWARD); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Server (default)"), 1, NM_VPNC_PFS_SERVER, -1); if ((active < 0) && pfs_group) { if (!strcmp (pfs_group, NM_VPNC_PFS_SERVER)) active = 0; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("None"), 1, NM_VPNC_PFS_NOPFS, -1); if ((active < 0) && pfs_group) { if (!strcmp (pfs_group, NM_VPNC_PFS_NOPFS)) active = 1; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 1"), 1, NM_VPNC_PFS_DH1, -1); if ((active < 0) && pfs_group) { if (!strcmp (pfs_group, NM_VPNC_PFS_DH1)) active = 2; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 2"), 1, NM_VPNC_PFS_DH2, -1); if ((active < 0) && pfs_group) { if (!strcmp (pfs_group, NM_VPNC_PFS_DH2)) active = 3; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 5"), 1, NM_VPNC_PFS_DH5, -1); if ((active < 0) && pfs_group) { if (!strcmp (pfs_group, NM_VPNC_PFS_DH5)) active = 4; } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "pfsecrecy_combo")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); g_object_unref (store); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "show_passwords_checkbutton")); g_return_val_if_fail (widget != NULL, FALSE); g_signal_connect (G_OBJECT (widget), "toggled", (GCallback) show_toggled_cb, self); /* hybrid auth */ enabled = FALSE; widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "hybrid_checkbutton")); g_return_val_if_fail (widget != NULL, FALSE); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_AUTHMODE); if (value && !strcmp("hybrid", value)) { gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); enabled = TRUE; } } g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (hybrid_toggled_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "ca_file_chooser")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, widget); gtk_widget_set_sensitive (widget, enabled); gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE); gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget), _("Choose a Certificate Authority (CA) certificate…")); filter = gtk_file_filter_new (); gtk_file_filter_add_custom (filter, GTK_FILE_FILTER_FILENAME, cert_filter, NULL, NULL); gtk_file_filter_set_name (filter, _("PEM certificates (*.pem, *.crt, *.cer)")); gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_CA_FILE); if (value && strlen (value)) gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); } g_signal_connect (G_OBJECT (widget), "file-set", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "cafile_label")); g_return_val_if_fail (widget != NULL, FALSE); gtk_widget_set_sensitive (widget, enabled); /* advanced dialog */ priv->advanced_dialog = GTK_WIDGET (gtk_builder_get_object (priv->builder, "vpnc-advanced-dialog")); g_return_val_if_fail (priv->advanced_dialog != NULL, FALSE); g_signal_connect (G_OBJECT (priv->advanced_dialog), "delete-event", G_CALLBACK (gtk_widget_hide_on_delete), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "advanced_button")); g_return_val_if_fail (widget != NULL, FALSE); g_signal_connect (G_OBJECT (widget), "clicked", (GCallback) toggle_advanced_dialog_cb, self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "apply_button")); g_return_val_if_fail (widget != NULL, FALSE); g_signal_connect (G_OBJECT (widget), "clicked", (GCallback) toggle_advanced_dialog_cb, self); return TRUE; }
static gboolean verify (NMSetting *setting, NMConnection *connection, GError **error) { NMSettingVlanPrivate *priv = NM_SETTING_VLAN_GET_PRIVATE (setting); NMSettingConnection *s_con; NMSettingWired *s_wired; if (connection) { s_con = nm_connection_get_setting_connection (connection); s_wired = nm_connection_get_setting_wired (connection); } else { s_con = NULL; s_wired = NULL; } if (priv->parent) { if (nm_utils_is_uuid (priv->parent)) { /* If we have an NMSettingConnection:master with slave-type="vlan", * then it must be the same UUID. */ if (s_con) { const char *master = NULL, *slave_type = NULL; slave_type = nm_setting_connection_get_slave_type (s_con); if (!g_strcmp0 (slave_type, NM_SETTING_VLAN_SETTING_NAME)) master = nm_setting_connection_get_master (s_con); if (master && g_strcmp0 (priv->parent, master) != 0) { g_set_error (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY, _("'%s' value doesn't match '%s=%s'"), priv->parent, NM_SETTING_CONNECTION_MASTER, master); g_prefix_error (error, "%s.%s: ", NM_SETTING_VLAN_SETTING_NAME, NM_SETTING_VLAN_PARENT); return FALSE; } } } else if (!nm_utils_iface_valid_name (priv->parent)) { /* parent must be either a UUID or an interface name */ g_set_error (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY, _("'%s' is neither an UUID nor an interface name"), priv->parent); g_prefix_error (error, "%s.%s: ", NM_SETTING_VLAN_SETTING_NAME, NM_SETTING_VLAN_PARENT); return FALSE; } } else { /* If parent is NULL, the parent must be specified via * NMSettingWired:mac-address. */ if ( connection && (!s_wired || !nm_setting_wired_get_mac_address (s_wired))) { g_set_error (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_MISSING_PROPERTY, _("property is not specified and neither is '%s:%s'"), NM_SETTING_WIRED_SETTING_NAME, NM_SETTING_WIRED_MAC_ADDRESS); g_prefix_error (error, "%s.%s: ", NM_SETTING_VLAN_SETTING_NAME, NM_SETTING_VLAN_PARENT); return FALSE; } } if (priv->id >= 4095) { g_set_error (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY, _("the vlan id must be in range 0-4094 but is %u"), priv->id); g_prefix_error (error, "%s.%s: ", NM_SETTING_VLAN_SETTING_NAME, NM_SETTING_VLAN_ID); } if (priv->flags & ~NM_VLAN_FLAGS_ALL) { g_set_error_literal (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY, _("flags are invalid")); g_prefix_error (error, "%s.%s: ", NM_SETTING_VLAN_SETTING_NAME, NM_SETTING_VLAN_FLAGS); return FALSE; } return TRUE; }
static gboolean master_update_slave_connection (NMDevice *self, NMDevice *slave, NMConnection *connection, GError **error) { NMSettingTeamPort *s_port; char *port_config = NULL; int err = 0; struct teamdctl *tdc; const char *team_port_config = NULL; const char *iface = nm_device_get_iface (self); const char *iface_slave = nm_device_get_iface (slave); tdc = teamdctl_alloc (); if (!tdc) { g_set_error (error, NM_DEVICE_ERROR, NM_DEVICE_ERROR_FAILED, "update slave connection for slave '%s' failed to connect to teamd for master %s (out of memory?)", iface_slave, iface); g_return_val_if_reached (FALSE); } err = teamdctl_connect (tdc, iface, NULL, NULL); if (err) { teamdctl_free (tdc); g_set_error (error, NM_DEVICE_ERROR, NM_DEVICE_ERROR_FAILED, "update slave connection for slave '%s' failed to connect to teamd for master %s (err=%d)", iface_slave, iface, err); return FALSE; } err = teamdctl_port_config_get_raw_direct (tdc, iface_slave, (char **)&team_port_config); port_config = g_strdup (team_port_config); teamdctl_free (tdc); if (err) { g_set_error (error, NM_DEVICE_ERROR, NM_DEVICE_ERROR_FAILED, "update slave connection for slave '%s' failed to get configuration from teamd master %s (err=%d)", iface_slave, iface, err); g_free (port_config); return FALSE; } s_port = nm_connection_get_setting_team_port (connection); if (!s_port) { s_port = (NMSettingTeamPort *) nm_setting_team_port_new (); nm_connection_add_setting (connection, NM_SETTING (s_port)); } g_object_set (G_OBJECT (s_port), NM_SETTING_TEAM_PORT_CONFIG, port_config, NULL); g_free (port_config); g_object_set (nm_connection_get_setting_connection (connection), NM_SETTING_CONNECTION_MASTER, iface, NM_SETTING_CONNECTION_SLAVE_TYPE, NM_SETTING_TEAM_SETTING_NAME, NULL); return TRUE; }
/** * nm_access_point_connection_valid: * @ap: an #NMAccessPoint to validate @connection against * @connection: an #NMConnection to validate against @ap * * Validates a given connection against a given Wi-Fi access point to ensure that * the connection may be activated with that AP. The connection must match the * @ap's SSID, (if given) BSSID, and other attributes like security settings, * channel, band, etc. * * Returns: %TRUE if the connection may be activated with this Wi-Fi AP, * %FALSE if it cannot be. **/ gboolean nm_access_point_connection_valid (NMAccessPoint *ap, NMConnection *connection) { NMSettingConnection *s_con; NMSettingWireless *s_wifi; NMSettingWirelessSecurity *s_wsec; const char *ctype, *ap_bssid_str; const GByteArray *setting_ssid; const GByteArray *ap_ssid; const GByteArray *setting_bssid; struct ether_addr *ap_bssid; const char *setting_mode; NM80211Mode ap_mode; const char *setting_band; guint32 ap_freq, setting_chan, ap_chan; s_con = nm_connection_get_setting_connection (connection); g_assert (s_con); ctype = nm_setting_connection_get_connection_type (s_con); if (strcmp (ctype, NM_SETTING_WIRELESS_SETTING_NAME) != 0) return FALSE; s_wifi = nm_connection_get_setting_wireless (connection); if (!s_wifi) return FALSE; /* SSID checks */ ap_ssid = nm_access_point_get_ssid (ap); g_warn_if_fail (ap_ssid != NULL); setting_ssid = nm_setting_wireless_get_ssid (s_wifi); if (!setting_ssid || !ap_ssid || (setting_ssid->len != ap_ssid->len)) return FALSE; if (memcmp (setting_ssid->data, ap_ssid->data, ap_ssid->len) != 0) return FALSE; /* BSSID checks */ ap_bssid_str = nm_access_point_get_bssid (ap); g_warn_if_fail (ap_bssid_str); setting_bssid = nm_setting_wireless_get_bssid (s_wifi); if (setting_bssid && ap_bssid_str) { g_assert (setting_bssid->len == ETH_ALEN); ap_bssid = ether_aton (ap_bssid_str); g_warn_if_fail (ap_bssid); if (ap_bssid) { if (memcmp (ap_bssid->ether_addr_octet, setting_bssid->data, ETH_ALEN) != 0) return FALSE; } } /* Mode */ ap_mode = nm_access_point_get_mode (ap); g_warn_if_fail (ap_mode != NM_802_11_MODE_UNKNOWN); setting_mode = nm_setting_wireless_get_mode (s_wifi); if (setting_mode && ap_mode) { if (!strcmp (setting_mode, "infrastructure") && (ap_mode != NM_802_11_MODE_INFRA)) return FALSE; if (!strcmp (setting_mode, "adhoc") && (ap_mode != NM_802_11_MODE_ADHOC)) return FALSE; /* Hotspot never matches against APs as it's a device-specific mode. */ if (!strcmp (setting_mode, "ap")) return FALSE; } /* Band and Channel/Frequency */ ap_freq = nm_access_point_get_frequency (ap); if (ap_freq) { setting_band = nm_setting_wireless_get_band (s_wifi); if (g_strcmp0 (setting_band, "a") == 0) { if (ap_freq < 4915 || ap_freq > 5825) return FALSE; } else if (g_strcmp0 (setting_band, "bg") == 0) { if (ap_freq < 2412 || ap_freq > 2484) return FALSE; } setting_chan = nm_setting_wireless_get_channel (s_wifi); if (setting_chan) { ap_chan = nm_utils_wifi_freq_to_channel (ap_freq); if (setting_chan != ap_chan) return FALSE; } } s_wsec = nm_connection_get_setting_wireless_security (connection); if (!nm_setting_wireless_ap_security_compatible (s_wifi, s_wsec, nm_access_point_get_flags (ap), nm_access_point_get_wpa_flags (ap), nm_access_point_get_rsn_flags (ap), ap_mode)) return FALSE; return TRUE; }
static void get_secrets (NMSecretAgentOld *agent, NMConnection *connection, const char *connection_path, const char *setting_name, const char **hints, guint32 flags, NMSecretAgentOldGetSecretsFunc callback, gpointer callback_data) { AppletAgentPrivate *priv = APPLET_AGENT_GET_PRIVATE (agent); Request *r; GError *error = NULL; NMSettingConnection *s_con; NMSetting *setting; const char *uuid, *ctype; GHashTable *attrs; setting = nm_connection_get_setting_by_name (connection, setting_name); if (!setting) { error = g_error_new (NM_SECRET_AGENT_ERROR, NM_SECRET_AGENT_ERROR_INVALID_CONNECTION, "%s.%d - Connection didn't have requested setting '%s'.", __FILE__, __LINE__, setting_name); callback (agent, connection, NULL, error, callback_data); g_error_free (error); return; } uuid = nm_connection_get_uuid (connection); s_con = nm_connection_get_setting_connection (connection); g_assert (s_con); ctype = nm_setting_connection_get_connection_type (s_con); if (!uuid || !ctype) { error = g_error_new (NM_SECRET_AGENT_ERROR, NM_SECRET_AGENT_ERROR_INVALID_CONNECTION, "%s.%d - Connection didn't have required UUID.", __FILE__, __LINE__); callback (agent, connection, NULL, error, callback_data); g_error_free (error); return; } /* Track the secrets request */ r = request_new (agent, connection, connection_path, setting_name, hints, flags, callback, NULL, NULL, callback_data); g_hash_table_insert (priv->requests, GUINT_TO_POINTER (r->id), r); /* VPN passwords are handled by the VPN plugin's auth dialog */ if (!strcmp (ctype, NM_SETTING_VPN_SETTING_NAME)) { ask_for_secrets (r); return; } /* Only handle non-VPN secrets if we're supposed to */ if (priv->vpn_only == TRUE) { error = g_error_new_literal (NM_SECRET_AGENT_ERROR, NM_SECRET_AGENT_ERROR_NO_SECRETS, "Only handling VPN secrets at this time."); callback (agent, connection, NULL, error, callback_data); g_error_free (error); return; } /* For everything else we scrape the keyring for secrets first, and ask * later if required. */ attrs = secret_attributes_build (&network_manager_secret_schema, KEYRING_UUID_TAG, uuid, KEYRING_SN_TAG, setting_name, NULL); secret_service_search (NULL, &network_manager_secret_schema, attrs, SECRET_SEARCH_ALL | SECRET_SEARCH_UNLOCK | SECRET_SEARCH_LOAD_SECRETS, r->cancellable, keyring_find_secrets_cb, r); r->keyring_calls++; g_hash_table_unref (attrs); }
gboolean nm_modem_check_connection_compatible (NMModem *self, NMConnection *connection) { NMModemPrivate *priv = NM_MODEM_GET_PRIVATE (self); NMSettingConnection *s_con; s_con = nm_connection_get_setting_connection (connection); g_assert (s_con); if (g_str_equal (nm_setting_connection_get_connection_type (s_con), NM_SETTING_GSM_SETTING_NAME)) { NMSettingGsm *s_gsm; const char *str; s_gsm = nm_connection_get_setting_gsm (connection); if (!s_gsm) return FALSE; str = nm_setting_gsm_get_device_id (s_gsm); if (str) { if (!priv->device_id) { nm_log_dbg (LOGD_MB, "(%s): %s/%s has device-id, device does not", priv->uid, nm_connection_get_uuid (connection), nm_connection_get_id (connection)); return FALSE; } if (strcmp (str, priv->device_id)) { nm_log_dbg (LOGD_MB, "(%s): %s/%s device-id mismatch", priv->uid, nm_connection_get_uuid (connection), nm_connection_get_id (connection)); return FALSE; } } /* SIM properties may not be available before the SIM is unlocked, so * to ensure that autoconnect works, the connection's SIM properties * are only compared if present on the device. */ str = nm_setting_gsm_get_sim_id (s_gsm); if (str && priv->sim_id) { if (strcmp (str, priv->sim_id)) { nm_log_dbg (LOGD_MB, "(%s): %s/%s sim-id mismatch", priv->uid, nm_connection_get_uuid (connection), nm_connection_get_id (connection)); return FALSE; } } str = nm_setting_gsm_get_sim_operator_id (s_gsm); if (str && priv->sim_operator_id) { if (strcmp (str, priv->sim_operator_id)) { nm_log_dbg (LOGD_MB, "(%s): %s/%s sim-operator-id mismatch", priv->uid, nm_connection_get_uuid (connection), nm_connection_get_id (connection)); return FALSE; } } } if (NM_MODEM_GET_CLASS (self)->check_connection_compatible) return NM_MODEM_GET_CLASS (self)->check_connection_compatible (self, connection); return FALSE; }