EAPMethodLEAP *
eap_method_leap_new (WirelessSecurity *parent,
NMConnection *connection)
{
EAPMethodLEAP *method;
GtkWidget *widget;
GtkBuilder *builder;
method = g_slice_new0 (EAPMethodLEAP);
if (!eap_method_init (EAP_METHOD (method), validate, add_to_size_group,
fill_connection, destroy, "eap-leap.ui", "eap_leap_notebook")) {
g_slice_free (EAPMethodLEAP, method);
return NULL;
}
builder = EAP_METHOD (method)->builder;
widget = GTK_WIDGET (gtk_builder_get_object (builder, "eap_leap_username_entry"));
g_assert (widget);
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) wireless_security_changed_cb,
parent);
if (connection) {
NMSetting8021x *s_8021x;
s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X));
if (s_8021x && nm_setting_802_1x_get_identity (s_8021x))
gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_identity (s_8021x));
}
widget = GTK_WIDGET (gtk_builder_get_object (builder, "eap_leap_password_entry"));
g_assert (widget);
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) wireless_security_changed_cb,
parent);
/* Fill secrets, if any */
if (connection) {
helper_fill_secret_entry (connection,
GTK_ENTRY (widget),
NM_TYPE_SETTING_802_1X,
(HelperSecretFunc) nm_setting_802_1x_get_password,
NM_SETTING_802_1X_SETTING_NAME,
NM_SETTING_802_1X_PASSWORD);
}
widget = GTK_WIDGET (gtk_builder_get_object (builder, "eap_leap_show_checkbutton"));
g_assert (widget);
g_signal_connect (G_OBJECT (widget), "toggled",
(GCallback) show_toggled_cb,
method);
return method;
}
static void
fill_connection (EAPMethod *parent, NMConnection *connection)
{
NMSetting8021x *s_8021x;
GtkWidget *widget;
const char *text;
char *filename;
EAPMethod *eap = NULL;
GtkTreeModel *model;
GtkTreeIter iter;
s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X));
g_assert (s_8021x);
nm_setting_802_1x_add_eap_method (s_8021x, "ttls");
widget = glade_xml_get_widget (parent->xml, "eap_ttls_anon_identity_entry");
g_assert (widget);
text = gtk_entry_get_text (GTK_ENTRY (widget));
if (text && strlen (text))
g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL);
widget = glade_xml_get_widget (parent->xml, "eap_ttls_ca_cert_button");
g_assert (widget);
filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
if (filename) {
g_object_set_data_full (G_OBJECT (connection),
NMA_PATH_CA_CERT_TAG, g_strdup (filename),
(GDestroyNotify) g_free);
g_free (filename);
} else {
g_object_set_data (G_OBJECT (connection), NMA_PATH_CA_CERT_TAG, NULL);
}
if (eap_method_get_ignore_ca_cert (parent))
g_object_set_data (G_OBJECT (connection), NMA_CA_CERT_IGNORE_TAG, GUINT_TO_POINTER (TRUE));
else
g_object_set_data (G_OBJECT (connection), NMA_CA_CERT_IGNORE_TAG, NULL);
widget = glade_xml_get_widget (parent->xml, "eap_ttls_inner_auth_combo");
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
g_assert (eap);
eap_method_fill_connection (eap, connection);
eap_method_unref (eap);
}
static void
fill_connection (EAPMethod *parent, NMConnection *connection)
{
NMSetting8021x *s_8021x;
GtkWidget *widget;
s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X));
g_assert (s_8021x);
nm_setting_802_1x_add_eap_method (s_8021x, "leap");
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_username_entry"));
g_assert (widget);
g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (GTK_ENTRY (widget)), NULL);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_password_entry"));
g_assert (widget);
g_object_set (s_8021x, NM_SETTING_802_1X_PASSWORD, gtk_entry_get_text (GTK_ENTRY (widget)), NULL);
}
EAPMethodPEAP *
eap_method_peap_new (const char *glade_file,
WirelessSecurity *parent,
NMConnection *connection)
{
EAPMethodPEAP *method;
GtkWidget *widget;
GladeXML *xml;
GtkFileFilter *filter;
NMSetting8021x *s_8021x = NULL;
const char *filename;
g_return_val_if_fail (glade_file != NULL, NULL);
xml = glade_xml_new (glade_file, "eap_peap_notebook", NULL);
if (xml == NULL) {
g_warning ("Couldn't get eap_peap_widget from glade xml");
return NULL;
}
widget = glade_xml_get_widget (xml, "eap_peap_notebook");
g_assert (widget);
g_object_ref_sink (widget);
method = g_slice_new0 (EAPMethodPEAP);
if (!method) {
g_object_unref (xml);
g_object_unref (widget);
return NULL;
}
eap_method_init (EAP_METHOD (method),
validate,
add_to_size_group,
fill_connection,
destroy,
xml,
widget,
"eap_peap_anon_identity_entry");
eap_method_nag_init (EAP_METHOD (method),
glade_file,
"eap_peap_ca_cert_button",
connection);
method->sec_parent = parent;
if (connection)
s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X));
widget = glade_xml_get_widget (xml, "eap_peap_ca_cert_button");
g_assert (widget);
gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
_("Choose a Certificate Authority certificate..."));
g_signal_connect (G_OBJECT (widget), "selection-changed",
(GCallback) wireless_security_changed_cb,
parent);
filter = eap_method_default_file_chooser_filter_new (FALSE);
gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
if (connection) {
filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_CA_CERT_TAG);
if (filename)
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename);
}
widget = inner_auth_combo_init (method, glade_file, connection, s_8021x);
inner_auth_combo_changed_cb (widget, (gpointer) method);
widget = glade_xml_get_widget (xml, "eap_peap_version_combo");
g_assert (widget);
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0);
if (s_8021x) {
const char *peapver;
peapver = nm_setting_802_1x_get_phase1_peapver (s_8021x);
if (peapver) {
/* Index 0 is "Automatic" */
if (!strcmp (peapver, "0"))
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1);
else if (!strcmp (peapver, "1"))
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 2);
}
}
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) wireless_security_changed_cb,
parent);
widget = glade_xml_get_widget (xml, "eap_peap_anon_identity_entry");
if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x))
gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x));
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) wireless_security_changed_cb,
parent);
return method;
}
static NMSettingWirelessSecurity *
get_security_for_ap (NMAccessPoint *ap,
guint32 dev_caps,
gboolean *supported,
NMSetting8021x **s_8021x)
{
NMSettingWirelessSecurity *sec;
NM80211Mode mode;
guint32 flags;
guint32 wpa_flags;
guint32 rsn_flags;
g_return_val_if_fail (NM_IS_ACCESS_POINT (ap), NULL);
g_return_val_if_fail (supported != NULL, NULL);
g_return_val_if_fail (*supported == TRUE, NULL);
g_return_val_if_fail (s_8021x != NULL, NULL);
g_return_val_if_fail (*s_8021x == NULL, NULL);
sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new ();
mode = nm_access_point_get_mode (ap);
flags = nm_access_point_get_flags (ap);
wpa_flags = nm_access_point_get_wpa_flags (ap);
rsn_flags = nm_access_point_get_rsn_flags (ap);
/* No security */
if ( !(flags & NM_802_11_AP_FLAGS_PRIVACY)
&& (wpa_flags == NM_802_11_AP_SEC_NONE)
&& (rsn_flags == NM_802_11_AP_SEC_NONE))
goto none;
/* Static WEP, Dynamic WEP, or LEAP */
if (flags & NM_802_11_AP_FLAGS_PRIVACY) {
if ((dev_caps & NM_WIFI_DEVICE_CAP_RSN) || (dev_caps & NM_WIFI_DEVICE_CAP_WPA)) {
/* If the device can do WPA/RSN but the AP has no WPA/RSN informatoin
* elements, it must be LEAP or static/dynamic WEP.
*/
if ((wpa_flags == NM_802_11_AP_SEC_NONE) && (rsn_flags == NM_802_11_AP_SEC_NONE)) {
g_object_set (sec,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "none",
NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX, 0,
NULL);
return sec;
}
/* Otherwise, the AP supports WPA or RSN, which is preferred */
} else {
/* Device can't do WPA/RSN, but can at least pass through the
* WPA/RSN information elements from a scan. Since Privacy was
* advertised, LEAP or static/dynamic WEP must be in use.
*/
g_object_set (sec,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "none",
NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX, 0,
NULL);
return sec;
}
}
/* Stuff after this point requires infrastructure */
if (mode != NM_802_11_MODE_INFRA) {
*supported = FALSE;
goto none;
}
/* WPA2 PSK first */
if ( (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK)
&& (dev_caps & NM_WIFI_DEVICE_CAP_RSN)) {
g_object_set (sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL);
nm_setting_wireless_security_add_proto (sec, "rsn");
add_ciphers_from_flags (sec, rsn_flags, TRUE);
add_ciphers_from_flags (sec, rsn_flags, FALSE);
return sec;
}
/* WPA PSK */
if ( (wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK)
&& (dev_caps & NM_WIFI_DEVICE_CAP_WPA)) {
g_object_set (sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL);
nm_setting_wireless_security_add_proto (sec, "wpa");
add_ciphers_from_flags (sec, wpa_flags, TRUE);
add_ciphers_from_flags (sec, wpa_flags, FALSE);
return sec;
}
/* WPA2 Enterprise */
if ( (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)
&& (dev_caps & NM_WIFI_DEVICE_CAP_RSN)) {
g_object_set (sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", NULL);
nm_setting_wireless_security_add_proto (sec, "rsn");
add_ciphers_from_flags (sec, rsn_flags, TRUE);
add_ciphers_from_flags (sec, rsn_flags, FALSE);
*s_8021x = NM_SETTING_802_1X (nm_setting_802_1x_new ());
nm_setting_802_1x_add_eap_method (*s_8021x, "ttls");
g_object_set (*s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "mschapv2", NULL);
return sec;
}
/* WPA Enterprise */
if ( (wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)
&& (dev_caps & NM_WIFI_DEVICE_CAP_WPA)) {
g_object_set (sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", NULL);
nm_setting_wireless_security_add_proto (sec, "wpa");
add_ciphers_from_flags (sec, wpa_flags, TRUE);
add_ciphers_from_flags (sec, wpa_flags, FALSE);
*s_8021x = NM_SETTING_802_1X (nm_setting_802_1x_new ());
nm_setting_802_1x_add_eap_method (*s_8021x, "ttls");
g_object_set (*s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "mschapv2", NULL);
return sec;
}
*supported = FALSE;
none:
g_object_unref (sec);
return NULL;
}
EAPMethodTLS *
eap_method_tls_new (const char *glade_file,
WirelessSecurity *parent,
NMConnection *connection,
gboolean phase2)
{
EAPMethodTLS *method;
GtkWidget *widget;
GladeXML *xml;
NMSetting8021x *s_8021x = NULL;
g_return_val_if_fail (glade_file != NULL, NULL);
xml = glade_xml_new (glade_file, "eap_tls_notebook", NULL);
if (xml == NULL) {
g_warning ("Couldn't get eap_tls_widget from glade xml");
return NULL;
}
widget = glade_xml_get_widget (xml, "eap_tls_notebook");
g_assert (widget);
g_object_ref_sink (widget);
method = g_slice_new0 (EAPMethodTLS);
if (!method) {
g_object_unref (xml);
g_object_unref (widget);
return NULL;
}
eap_method_init (EAP_METHOD (method),
validate,
add_to_size_group,
fill_connection,
update_secrets,
destroy,
xml,
widget,
"eap_tls_identity_entry");
eap_method_nag_init (EAP_METHOD (method),
glade_file,
"eap_tls_ca_cert_button",
connection,
phase2);
method->phase2 = phase2;
if (connection)
s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X));
widget = glade_xml_get_widget (xml, "eap_tls_identity_entry");
g_assert (widget);
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) wireless_security_changed_cb,
parent);
if (s_8021x && nm_setting_802_1x_get_identity (s_8021x))
gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_identity (s_8021x));
setup_filepicker (xml, "eap_tls_user_cert_button",
_("Choose your personal certificate..."),
parent, method, s_8021x,
phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme : nm_setting_802_1x_get_client_cert_scheme,
phase2 ? nm_setting_802_1x_get_phase2_client_cert_path : nm_setting_802_1x_get_client_cert_path,
FALSE, TRUE);
setup_filepicker (xml, "eap_tls_ca_cert_button",
_("Choose a Certificate Authority certificate..."),
parent, method, s_8021x,
phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme : nm_setting_802_1x_get_ca_cert_scheme,
phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path : nm_setting_802_1x_get_ca_cert_path,
FALSE, FALSE);
setup_filepicker (xml, "eap_tls_private_key_button",
_("Choose your private key..."),
parent, method, s_8021x,
phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : nm_setting_802_1x_get_private_key_scheme,
phase2 ? nm_setting_802_1x_get_phase2_private_key_path : nm_setting_802_1x_get_private_key_path,
TRUE, FALSE);
/* Fill secrets, if any */
if (connection)
update_secrets (EAP_METHOD (method), connection);
widget = glade_xml_get_widget (xml, "eap_tls_private_key_password_entry");
g_assert (widget);
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) wireless_security_changed_cb,
parent);
widget = glade_xml_get_widget (xml, "show_checkbutton");
g_assert (widget);
g_signal_connect (G_OBJECT (widget), "toggled",
(GCallback) show_toggled_cb,
method);
return method;
}
static void
fill_connection (EAPMethod *parent, NMConnection *connection)
{
EAPMethodTLS *method = (EAPMethodTLS *) parent;
NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
NMSetting8021x *s_8021x;
NMSettingConnection *s_con;
GtkWidget *widget;
char *ca_filename, *pk_filename, *cc_filename;
const char *password = NULL;
GError *error = NULL;
s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION));
g_assert (s_con);
s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X));
g_assert (s_8021x);
if (method->phase2)
g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "tls", NULL);
else
nm_setting_802_1x_add_eap_method (s_8021x, "tls");
widget = glade_xml_get_widget (parent->xml, "eap_tls_identity_entry");
g_assert (widget);
g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (GTK_ENTRY (widget)), NULL);
/* TLS private key */
widget = glade_xml_get_widget (parent->xml, "eap_tls_private_key_password_entry");
g_assert (widget);
password = gtk_entry_get_text (GTK_ENTRY (widget));
g_assert (password);
widget = glade_xml_get_widget (parent->xml, "eap_tls_private_key_button");
g_assert (widget);
pk_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
g_assert (pk_filename);
if (method->phase2) {
if (!nm_setting_802_1x_set_phase2_private_key (s_8021x, pk_filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
g_warning ("Couldn't read phase2 private key '%s': %s", pk_filename, error ? error->message : "(unknown)");
g_clear_error (&error);
}
} else {
if (!nm_setting_802_1x_set_private_key (s_8021x, pk_filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
g_warning ("Couldn't read private key '%s': %s", pk_filename, error ? error->message : "(unknown)");
g_clear_error (&error);
}
}
g_free (pk_filename);
/* TLS client certificate */
if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
/* If the key is pkcs#12 nm_setting_802_1x_set_private_key() already
* set the client certificate for us.
*/
widget = glade_xml_get_widget (parent->xml, "eap_tls_user_cert_button");
g_assert (widget);
cc_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
g_assert (cc_filename);
format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
if (method->phase2) {
if (!nm_setting_802_1x_set_phase2_client_cert (s_8021x, cc_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
g_warning ("Couldn't read phase2 client certificate '%s': %s", cc_filename, error ? error->message : "(unknown)");
g_clear_error (&error);
}
} else {
if (!nm_setting_802_1x_set_client_cert (s_8021x, cc_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
g_warning ("Couldn't read client certificate '%s': %s", cc_filename, error ? error->message : "(unknown)");
g_clear_error (&error);
}
}
g_free (cc_filename);
}
/* TLS CA certificate */
widget = glade_xml_get_widget (parent->xml, "eap_tls_ca_cert_button");
g_assert (widget);
ca_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
if (method->phase2) {
if (!nm_setting_802_1x_set_phase2_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
g_warning ("Couldn't read phase2 CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)");
g_clear_error (&error);
}
} else {
if (!nm_setting_802_1x_set_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
g_warning ("Couldn't read CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)");
g_clear_error (&error);
}
}
nm_gconf_set_ignore_ca_cert (nm_setting_connection_get_uuid (s_con),
method->phase2,
eap_method_get_ignore_ca_cert (parent));
}
static void
fill_connection (EAPMethod *parent, NMConnection *connection)
{
EAPMethodTLS *method = (EAPMethodTLS *) parent;
NMSetting8021xCKType key_type = NM_SETTING_802_1X_CK_TYPE_UNKNOWN;
NMSetting8021x *s_8021x;
GtkWidget *widget;
char *filename, *pk_filename, *cc_filename;
char *password = NULL;
GError *error = NULL;
s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X));
g_assert (s_8021x);
if (method->phase2)
g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "tls", NULL);
else
nm_setting_802_1x_add_eap_method (s_8021x, "tls");
widget = glade_xml_get_widget (parent->xml, "eap_tls_identity_entry");
g_assert (widget);
g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (GTK_ENTRY (widget)), NULL);
widget = glade_xml_get_widget (parent->xml, "eap_tls_private_key_password_entry");
g_assert (widget);
password = g_strdup (gtk_entry_get_text (GTK_ENTRY (widget)));
if (method->phase2) {
g_object_set_data_full (G_OBJECT (connection),
NMA_PHASE2_PRIVATE_KEY_PASSWORD_TAG,
password,
(GDestroyNotify) free_password);
} else {
g_object_set_data_full (G_OBJECT (connection),
NMA_PRIVATE_KEY_PASSWORD_TAG,
password,
(GDestroyNotify) free_password);
}
/* TLS private key */
widget = glade_xml_get_widget (parent->xml, "eap_tls_private_key_button");
g_assert (widget);
pk_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
g_assert (pk_filename);
g_object_set_data_full (G_OBJECT (connection),
method->phase2 ? NMA_PATH_PHASE2_PRIVATE_KEY_TAG : NMA_PATH_PRIVATE_KEY_TAG,
g_strdup (pk_filename),
(GDestroyNotify) g_free);
if (method->phase2) {
if (!nm_setting_802_1x_set_phase2_private_key_from_file (s_8021x, pk_filename, password, &key_type, &error)) {
g_warning ("Couldn't read phase2 private key '%s': %s", pk_filename, error ? error->message : "(unknown)");
g_clear_error (&error);
}
} else {
if (!nm_setting_802_1x_set_private_key_from_file (s_8021x, pk_filename, password, &key_type, &error)) {
g_warning ("Couldn't read private key '%s': %s", pk_filename, error ? error->message : "(unknown)");
g_clear_error (&error);
}
}
/* TLS client certificate */
if (key_type == NM_SETTING_802_1X_CK_TYPE_PKCS12) {
/* if the key is pkcs#12, the cert is filled with the same data */
cc_filename = g_strdup (pk_filename);
} else {
widget = glade_xml_get_widget (parent->xml, "eap_tls_user_cert_button");
g_assert (widget);
cc_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
}
g_assert (cc_filename);
g_object_set_data_full (G_OBJECT (connection),
method->phase2 ? NMA_PATH_PHASE2_CLIENT_CERT_TAG : NMA_PATH_CLIENT_CERT_TAG,
g_strdup (cc_filename),
(GDestroyNotify) g_free);
g_free (cc_filename);
g_free (pk_filename);
/* TLS CA certificate */
widget = glade_xml_get_widget (parent->xml, "eap_tls_ca_cert_button");
g_assert (widget);
filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
if (filename) {
g_object_set_data_full (G_OBJECT (connection),
method->phase2 ? NMA_PATH_PHASE2_CA_CERT_TAG : NMA_PATH_CA_CERT_TAG,
g_strdup (filename),
(GDestroyNotify) g_free);
g_free (filename);
} else {
g_object_set_data (G_OBJECT (connection),
method->phase2 ? NMA_PATH_PHASE2_CA_CERT_TAG : NMA_PATH_CA_CERT_TAG,
NULL);
}
if (eap_method_get_ignore_ca_cert (parent)) {
g_object_set_data (G_OBJECT (connection),
method->phase2 ? NMA_PHASE2_CA_CERT_IGNORE_TAG : NMA_CA_CERT_IGNORE_TAG,
GUINT_TO_POINTER (TRUE));
} else {
g_object_set_data (G_OBJECT (connection),
method->phase2 ? NMA_PHASE2_CA_CERT_IGNORE_TAG : NMA_CA_CERT_IGNORE_TAG,
NULL);
}
}
static void
cert_writer (GKeyFile *file,
const char *keyfile_dir,
const char *uuid,
NMSetting *setting,
const char *key,
const GValue *value)
{
const char *setting_name = nm_setting_get_name (setting);
NMSetting8021xCKScheme scheme;
NMSetting8021xCKFormat format;
const char *path = NULL, *ext = "pem";
const ObjectType *objtype = NULL;
int i;
for (i = 0; i < G_N_ELEMENTS (objtypes) && objtypes[i].key; i++) {
if (g_strcmp0 (objtypes[i].key, key) == 0) {
objtype = &objtypes[i];
break;
}
}
g_return_if_fail (objtype != NULL);
scheme = objtypes->scheme_func (NM_SETTING_802_1X (setting));
if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
path = objtype->path_func (NM_SETTING_802_1X (setting));
g_assert (path);
/* If the path is rooted in the keyfile directory, just use a
* relative path instead of an absolute one.
*/
if (g_str_has_prefix (path, keyfile_dir)) {
path += strlen (keyfile_dir);
while (*path == '/')
path++;
}
g_key_file_set_string (file, setting_name, key, path);
} else if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB) {
const GByteArray *blob;
gboolean success;
GError *error = NULL;
char *new_path;
blob = objtype->blob_func (NM_SETTING_802_1X (setting));
g_assert (blob);
if (objtype->format_func) {
/* Get the extension for a private key */
format = objtype->format_func (NM_SETTING_802_1X (setting));
if (format == NM_SETTING_802_1X_CK_FORMAT_PKCS12)
ext = "p12";
} else {
/* DER or PEM format certificate? */
if (blob->len > 2 && blob->data[0] == 0x30 && blob->data[1] == 0x82)
ext = "der";
}
/* Write the raw data out to the standard file so that we can use paths
* from now on instead of pushing around the certificate data.
*/
new_path = g_strdup_printf ("%s/%s-%s.%s", keyfile_dir, uuid, objtype->suffix, ext);
g_assert (new_path);
success = write_cert_key_file (new_path, blob, &error);
if (success) {
/* Write the path value to the keyfile */
g_key_file_set_string (file, setting_name, key, new_path);
} else {
g_warning ("Failed to write certificate/key %s: %s", new_path, error->message);
g_error_free (error);
}
g_free (new_path);
} else
g_assert_not_reached ();
}
EAPMethodTLS *
eap_method_tls_new (WirelessSecurity *parent,
NMConnection *connection,
gboolean phase2)
{
EAPMethodTLS *method;
GtkBuilder *builder;
GtkWidget *widget;
NMSetting8021x *s_8021x = NULL;
method = g_slice_new0 (EAPMethodTLS);
if (!eap_method_init (EAP_METHOD (method), validate, add_to_size_group,
fill_connection, destroy, "eap-tls.ui", "eap_tls_notebook")) {
g_slice_free (EAPMethodTLS, method);
return NULL;
}
builder = EAP_METHOD (method)->builder;
eap_method_nag_init (EAP_METHOD (method), "ca-nag-dialog.ui", "eap_tls_ca_cert_button", connection, phase2);
method->phase2 = phase2;
if (connection)
s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X));
widget = GTK_WIDGET (gtk_builder_get_object (builder, "eap_tls_identity_entry"));
g_assert (widget);
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) wireless_security_changed_cb,
parent);
if (s_8021x && nm_setting_802_1x_get_identity (s_8021x))
gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_identity (s_8021x));
widget = GTK_WIDGET (gtk_builder_get_object (builder, "eap_tls_private_key_password_entry"));
g_assert (widget);
/* Fill secrets, if any */
if (connection) {
helper_fill_secret_entry (connection,
GTK_ENTRY (widget),
NM_TYPE_SETTING_802_1X,
phase2 ? (HelperSecretFunc) nm_setting_802_1x_get_phase2_private_key_password :
(HelperSecretFunc) nm_setting_802_1x_get_private_key_password,
NM_SETTING_802_1X_SETTING_NAME,
phase2 ? NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD :
NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD);
}
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) wireless_security_changed_cb,
parent);
setup_filepicker (builder, "eap_tls_user_cert_button",
_("Choose your personal certificate..."),
parent, method, s_8021x,
phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme : nm_setting_802_1x_get_client_cert_scheme,
phase2 ? nm_setting_802_1x_get_phase2_client_cert_path : nm_setting_802_1x_get_client_cert_path,
FALSE, TRUE);
setup_filepicker (builder, "eap_tls_ca_cert_button",
_("Choose a Certificate Authority certificate..."),
parent, method, s_8021x,
phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme : nm_setting_802_1x_get_ca_cert_scheme,
phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path : nm_setting_802_1x_get_ca_cert_path,
FALSE, FALSE);
setup_filepicker (builder,
"eap_tls_private_key_button",
_("Choose your private key..."),
parent, method, s_8021x,
phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : nm_setting_802_1x_get_private_key_scheme,
phase2 ? nm_setting_802_1x_get_phase2_private_key_path : nm_setting_802_1x_get_private_key_path,
TRUE, FALSE);
widget = GTK_WIDGET (gtk_builder_get_object (builder, "eap_tls_show_checkbutton"));
g_assert (widget);
g_signal_connect (G_OBJECT (widget), "toggled",
(GCallback) show_toggled_cb,
method);
return method;
}
