static void
fill_connection (WirelessSecurity *parent, NMConnection *connection)
{
WirelessSecurityWPAPSK *wpa_psk = (WirelessSecurityWPAPSK *) parent;
GtkWidget *widget, *passwd_entry;
const char *key;
NMSettingWireless *s_wireless;
NMSettingWirelessSecurity *s_wireless_sec;
NMSettingSecretFlags secret_flags;
const char *mode;
gboolean is_adhoc = FALSE;
s_wireless = nm_connection_get_setting_wireless (connection);
g_assert (s_wireless);
mode = nm_setting_wireless_get_mode (s_wireless);
if (mode && !strcmp (mode, "adhoc"))
is_adhoc = TRUE;
/* Blow away the old security setting by adding a clear one */
s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new ();
nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wpa_psk_entry"));
passwd_entry = widget;
key = gtk_entry_get_text (GTK_ENTRY (widget));
g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_PSK, key, NULL);
/* Save PSK_FLAGS to the connection */
secret_flags = nma_utils_menu_to_secret_flags (passwd_entry);
nm_setting_set_secret_flags (NM_SETTING (s_wireless_sec), NM_SETTING_WIRELESS_SECURITY_PSK,
secret_flags, NULL);
/* Update secret flags and popup when editing the connection */
if (wpa_psk->editing_connection)
nma_utils_update_password_storage (passwd_entry, secret_flags,
NM_SETTING (s_wireless_sec), wpa_psk->password_flags_name);
wireless_security_clear_ciphers (connection);
if (is_adhoc) {
/* Ad-Hoc settings as specified by the supplicant */
g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-none", NULL);
nm_setting_wireless_security_add_proto (s_wireless_sec, "wpa");
nm_setting_wireless_security_add_pairwise (s_wireless_sec, "none");
/* Ad-hoc can only have _one_ group cipher... default to TKIP to be more
* compatible for now. Maybe we'll support selecting CCMP later.
*/
nm_setting_wireless_security_add_group (s_wireless_sec, "tkip");
} else {
g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL);
/* Just leave ciphers and protocol empty, the supplicant will
* figure that out magically based on the AP IEs and card capabilities.
*/
}
}
static void
test_nat_export (NMVpnPluginUiInterface *plugin,
const char *dir,
const char *tmpdir,
const char *nat_mode)
{
NMConnection *connection;
NMSettingVPN *s_vpn;
NMConnection *reimported;
char *path;
gboolean success;
GError *error = NULL;
int ret;
connection = get_basic_connection ("nat-export", plugin, dir, "basic.pcf");
ASSERT (connection != NULL, "nat-export", "failed to import connection");
s_vpn = nm_connection_get_setting_vpn (connection);
ASSERT (s_vpn != NULL, "nat-export", "imported connection had no VPN setting");
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE, nat_mode);
path = g_build_path ("/", tmpdir, NAT_EXPORTED_NAME, NULL);
success = nm_vpn_plugin_ui_interface_export (plugin, path, connection, &error);
if (!success) {
if (!error)
FAIL ("nat-export", "export failed with missing error");
else
FAIL ("nat-export", "export failed: %s", error->message);
}
/* Now re-import it and compare the connections to ensure they are the same */
reimported = get_basic_connection ("nat-export", plugin, tmpdir, NAT_EXPORTED_NAME);
ret = unlink (path);
ASSERT (connection != NULL, "nat-export", "failed to re-import connection");
/* Clear secrets first, since they don't get exported, and thus would
* make the connection comparison below fail.
*/
remove_user_password (connection);
/* Since we don't export the user password, but the original connection
* had one, we need to add secret flags to the re-imported connection.
*/
s_vpn = nm_connection_get_setting_vpn (reimported);
nm_setting_set_secret_flags (NM_SETTING (s_vpn),
NM_VPNC_KEY_SECRET,
NM_SETTING_SECRET_FLAG_AGENT_OWNED,
NULL);
ASSERT (nm_connection_compare (connection, reimported, NM_SETTING_COMPARE_FLAG_EXACT) == TRUE,
"nat-export", "original and reimported connection differ");
g_object_unref (reimported);
g_object_unref (connection);
g_free (path);
}
/**
* nma_utils_update_password_storage:
* @passwd_entry: #GtkEntry with the password
* @secret_flags: secret flags to set
* @setting: #NMSetting containing the password, or NULL
* @password_flags_name: name of the secret flags (like psk-flags), or NULL
*
* Updates secret flags in the password storage popup menu and also
* in the @setting (if @setting and @password_flags_name are not NULL).
*
*/
void
nma_utils_update_password_storage (GtkWidget *passwd_entry,
NMSettingSecretFlags secret_flags,
NMSetting *setting,
const char *password_flags_name)
{
GList *menu_list, *iter;
GtkWidget *menu = NULL;
/* Update secret flags (WEP_KEY_FLAGS, PSK_FLAGS, ...) in the security setting */
if (setting && password_flags_name)
nm_setting_set_secret_flags (setting, password_flags_name, secret_flags, NULL);
/* Update password-storage popup menu to reflect secret flags */
menu_list = gtk_menu_get_for_attach_widget (passwd_entry);
for (iter = menu_list; iter; iter = g_list_next (iter)) {
if (g_object_get_data (G_OBJECT (iter->data), PASSWORD_STORAGE_MENU_TAG)) {
menu = iter->data;
break;
}
}
if (menu) {
GtkRadioMenuItem *item;
MenuItem idx;
GSList *group;
gboolean with_not_required;
int i, last;
/* radio menu group list contains the menu items in reverse order */
item = (GtkRadioMenuItem *) gtk_menu_get_active (GTK_MENU (menu));
group = gtk_radio_menu_item_get_group (item);
with_not_required = !!g_object_get_data (G_OBJECT (menu), MENU_WITH_NOT_REQUIRED_TAG);
idx = secret_flags_to_menu_item (secret_flags, with_not_required);
last = g_slist_length (group) - idx - 1;
for (i = 0; i < last; i++)
group = g_slist_next (group);
gtk_check_menu_item_set_active (GTK_CHECK_MENU_ITEM (group->data), TRUE);
change_password_storage_icon (passwd_entry, idx);
}
}
static void
save_one_password (NMSettingVPN *s_vpn,
GtkBuilder *builder,
const char *entry_name,
const char *combo_name,
const char *secret_key,
const char *type_key)
{
NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
const char *data_val = NULL, *password;
GtkWidget *entry, *combo;
entry = GTK_WIDGET (gtk_builder_get_object (builder, entry_name));
flags = GPOINTER_TO_UINT (g_object_get_data (G_OBJECT (entry), "flags"));
combo = GTK_WIDGET (gtk_builder_get_object (builder, combo_name));
switch (gtk_combo_box_get_active (GTK_COMBO_BOX (combo))) {
case PW_TYPE_SAVE:
password = gtk_entry_get_text (GTK_ENTRY (entry));
if (password && strlen (password))
nm_setting_vpn_add_secret (s_vpn, secret_key, password);
data_val = NM_OPENSWAN_PW_TYPE_SAVE;
break;
case PW_TYPE_UNUSED:
data_val = NM_OPENSWAN_PW_TYPE_UNUSED;
flags |= NM_SETTING_SECRET_FLAG_NOT_REQUIRED;
break;
case PW_TYPE_ASK:
default:
data_val = NM_OPENSWAN_PW_TYPE_ASK;
flags |= NM_SETTING_SECRET_FLAG_NOT_SAVED;
break;
}
/* Set both new secret flags and old data item for backwards compat */
nm_setting_vpn_add_data_item (s_vpn, type_key, data_val);
nm_setting_set_secret_flags (NM_SETTING (s_vpn), secret_key, flags, NULL);
}
static void
fill_connection (WirelessSecurity *parent, NMConnection *connection)
{
WirelessSecurityLEAP *sec = (WirelessSecurityLEAP *) parent;
NMSettingWirelessSecurity *s_wireless_sec;
NMSettingSecretFlags secret_flags;
GtkWidget *widget, *passwd_entry;
const char *leap_password = NULL, *leap_username = NULL;
/* Blow away the old security setting by adding a clear one */
s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new ();
nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "leap_username_entry"));
leap_username = gtk_entry_get_text (GTK_ENTRY (widget));
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "leap_password_entry"));
passwd_entry = widget;
leap_password = gtk_entry_get_text (GTK_ENTRY (widget));
g_object_set (s_wireless_sec,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "ieee8021x",
NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "leap",
NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME, leap_username,
NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD, leap_password,
NULL);
/* Save LEAP_PASSWORD_FLAGS to the connection */
secret_flags = nma_utils_menu_to_secret_flags (passwd_entry);
nm_setting_set_secret_flags (NM_SETTING (s_wireless_sec), sec->password_flags_name,
secret_flags, NULL);
/* Update secret flags and popup when editing the connection */
if (sec->editing_connection)
nma_utils_update_password_storage (passwd_entry, secret_flags,
NM_SETTING (s_wireless_sec), sec->password_flags_name);
}
static void
save_one_password (NMSettingVpn *s_vpn,
GtkBuilder *builder,
const char *entry_name,
const char *secret_key,
const char *type_key)
{
NMSettingSecretFlags flags;
const char *data_val = NULL, *password;
GtkWidget *entry;
/* Get secret flags */
entry = GTK_WIDGET (gtk_builder_get_object (builder, entry_name));
flags = nma_utils_menu_to_secret_flags (entry);
/* Save password and convert flags to legacy data items */
switch (flags) {
case NM_SETTING_SECRET_FLAG_NONE:
case NM_SETTING_SECRET_FLAG_AGENT_OWNED:
password = gtk_entry_get_text (GTK_ENTRY (entry));
if (password && strlen (password))
nm_setting_vpn_add_secret (s_vpn, secret_key, password);
data_val = NM_VPNC_PW_TYPE_SAVE;
break;
case NM_SETTING_SECRET_FLAG_NOT_REQUIRED:
data_val = NM_VPNC_PW_TYPE_UNUSED;
break;
case NM_SETTING_SECRET_FLAG_NOT_SAVED:
default:
data_val = NM_VPNC_PW_TYPE_ASK;
break;
}
/* Set both new secret flags and old data item for backwards compat */
nm_setting_vpn_add_data_item (s_vpn, type_key, data_val);
nm_setting_set_secret_flags (NM_SETTING (s_vpn), secret_key, flags, NULL);
}
static void
activate_menu_item_cb (GtkMenuItem *menuitem, gpointer user_data)
{
PopupMenuItemInfo *info = (PopupMenuItemInfo *) user_data;
NMSettingSecretFlags flags;
/* Update password flags according to the password-storage popup menu */
if (gtk_check_menu_item_get_active (GTK_CHECK_MENU_ITEM (menuitem))) {
flags = menu_item_to_secret_flags (info->item_number);
/* Update the secret flags in the setting */
if (info->setting)
nm_setting_set_secret_flags (info->setting, info->password_flags_name,
flags, NULL);
/* Change icon */
if (info->passwd_entry) {
change_password_storage_icon (info->passwd_entry, info->item_number);
/* Emit "changed" signal on the entry */
g_signal_emit_by_name (G_OBJECT (info->passwd_entry), "changed");
}
}
}
static void
fill_connection (EAPMethod *parent, NMConnection *connection)
{
EAPMethodSimple *method = (EAPMethodSimple *) parent;
NMSetting8021x *s_8021x;
GtkWidget *widget;
gboolean not_saved = FALSE;
const char *eap = NULL;
NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
s_8021x = nm_connection_get_setting_802_1x (connection);
g_assert (s_8021x);
/* If this is the main EAP method, clear any existing methods because the
* user-selected on will replace it.
*/
if (parent->phase2 == FALSE)
nm_setting_802_1x_clear_eap_methods (s_8021x);
switch (method->type) {
case EAP_METHOD_SIMPLE_TYPE_PAP:
eap = "pap";
break;
case EAP_METHOD_SIMPLE_TYPE_MSCHAP:
eap = "mschap";
break;
case EAP_METHOD_SIMPLE_TYPE_MSCHAP_V2:
eap = "mschapv2";
break;
case EAP_METHOD_SIMPLE_TYPE_MD5:
eap = "md5";
break;
case EAP_METHOD_SIMPLE_TYPE_CHAP:
eap = "chap";
break;
case EAP_METHOD_SIMPLE_TYPE_GTC:
eap = "gtc";
break;
default:
g_assert_not_reached ();
break;
}
if (parent->phase2)
g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, eap, NULL);
else
nm_setting_802_1x_add_eap_method (s_8021x, eap);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_entry"));
g_assert (widget);
g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (GTK_ENTRY (widget)), NULL);
/* Save the password always ask setting */
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_password_always_ask"));
g_assert (widget);
not_saved = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget));
nm_setting_get_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_PASSWORD, &flags, NULL);
flags &= ~(NM_SETTING_SECRET_FLAG_NOT_SAVED);
if (not_saved)
flags |= NM_SETTING_SECRET_FLAG_NOT_SAVED;
nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_PASSWORD, flags, NULL);
/* Fill the connection's password if we're in the applet so that it'll get
* back to NM. From the editor though, since the connection isn't going
* back to NM in response to a GetSecrets() call, we don't save it if the
* user checked "Always Ask".
*/
if (method->is_editor == FALSE || not_saved == FALSE) {
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_entry"));
g_assert (widget);
g_object_set (s_8021x, NM_SETTING_802_1X_PASSWORD, gtk_entry_get_text (GTK_ENTRY (widget)), NULL);
}
/* Default to agent-owned secrets for new connections */
if (method->new_connection && (not_saved == FALSE)) {
g_object_set (s_8021x,
NM_SETTING_802_1X_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED,
NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE,
NULL);
}
}
static void
fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFlags prev_flags)
{
EAPMethodSimple *method = (EAPMethodSimple *) parent;
NMSetting8021x *s_8021x;
gboolean not_saved = FALSE;
NMSettingSecretFlags flags = prev_flags;
const EapType *eap_type;
s_8021x = nm_connection_get_setting_802_1x (connection);
g_assert (s_8021x);
/* If this is the main EAP method, clear any existing methods because the
* user-selected on will replace it.
*/
if (parent->phase2 == FALSE)
nm_setting_802_1x_clear_eap_methods (s_8021x);
eap_type = &eap_table[method->type];
if (parent->phase2) {
/* If the outer EAP method (TLS, TTLS, PEAP, etc) allows inner/phase2
* EAP methods (which only TTLS allows) *and* the inner/phase2 method
* supports being an inner EAP method, then set PHASE2_AUTHEAP.
* Otherwise the inner/phase2 method goes into PHASE2_AUTH.
*/
if ((method->flags & EAP_METHOD_SIMPLE_FLAG_AUTHEAP_ALLOWED) && eap_type->autheap_allowed) {
g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTHEAP, eap_type->name, NULL);
g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, NULL, NULL);
} else {
g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, eap_type->name, NULL);
g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTHEAP, NULL, NULL);
}
} else
nm_setting_802_1x_add_eap_method (s_8021x, eap_type->name);
g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (method->username_entry), NULL);
/* Save the password always ask setting */
not_saved = gtk_toggle_button_get_active (method->always_ask);
flags &= ~(NM_SETTING_SECRET_FLAG_NOT_SAVED);
if (not_saved)
flags |= NM_SETTING_SECRET_FLAG_NOT_SAVED;
nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_PASSWORD, flags, NULL);
/* Fill the connection's password if we're in the applet so that it'll get
* back to NM. From the editor though, since the connection isn't going
* back to NM in response to a GetSecrets() call, we don't save it if the
* user checked "Always Ask".
*/
if (!(method->flags & EAP_METHOD_SIMPLE_FLAG_IS_EDITOR) || not_saved == FALSE)
g_object_set (s_8021x, NM_SETTING_802_1X_PASSWORD, gtk_entry_get_text (method->password_entry), NULL);
/* Update secret flags and popup when editing the connection */
if (!(method->flags & EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY)) {
GtkWidget *passwd_entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_entry"));
g_assert (passwd_entry);
utils_update_password_storage (NM_SETTING (s_8021x), flags, passwd_entry, parent->password_flags_name);
}
}
static gboolean
update_connection (NMVpnPluginUiWidgetInterface *iface,
NMConnection *connection,
GError **error)
{
StrongswanPluginUiWidget *self = STRONGSWAN_PLUGIN_UI_WIDGET (iface);
StrongswanPluginUiWidgetPrivate *priv = STRONGSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self);
NMSettingVPN *settings;
GtkWidget *widget;
gboolean active;
char *str;
if (!check_validity (self, error))
return FALSE;
settings = NM_SETTING_VPN (nm_setting_vpn_new ());
g_object_set (settings, NM_SETTING_VPN_SERVICE_TYPE,
NM_DBUS_SERVICE_STRONGSWAN, NULL);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "address-entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str)) {
nm_setting_vpn_add_data_item (settings, "address", str);
}
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "certificate-button"));
str = (char *) gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
if (str) {
nm_setting_vpn_add_data_item (settings, "certificate", str);
}
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "method-combo"));
switch (gtk_combo_box_get_active (GTK_COMBO_BOX (widget)))
{
default:
case 0:
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "userkey-button"));
str = (char *) gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
if (str) {
nm_setting_vpn_add_data_item (settings, "userkey", str);
}
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "usercert-button"));
str = (char *) gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
if (str) {
nm_setting_vpn_add_data_item (settings, "usercert", str);
}
str = "key";
break;
case 1:
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "usercert-button"));
str = (char *) gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
if (str) {
nm_setting_vpn_add_data_item (settings, "usercert", str);
}
str = "agent";
break;
case 2:
str = "smartcard";
break;
case 3:
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user-entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str)) {
nm_setting_vpn_add_data_item (settings, "user", str);
}
str = "eap";
break;
case 4:
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user-entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str)) {
nm_setting_vpn_add_data_item (settings, "user", str);
}
str = "psk";
break;
}
nm_setting_vpn_add_data_item (settings, "method", str);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "virtual-check"));
active = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget));
nm_setting_vpn_add_data_item (settings, "virtual", active ? "yes" : "no");
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "encap-check"));
active = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget));
nm_setting_vpn_add_data_item (settings, "encap", active ? "yes" : "no");
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "ipcomp-check"));
active = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget));
nm_setting_vpn_add_data_item (settings, "ipcomp", active ? "yes" : "no");
nm_setting_set_secret_flags (NM_SETTING (settings), "password",
NM_SETTING_SECRET_FLAG_AGENT_OWNED, NULL);
nm_connection_add_setting (connection, NM_SETTING (settings));
return TRUE;
}
static void
fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFlags flags)
{
EAPMethodTLS *method = (EAPMethodTLS *) parent;
NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
NMSetting8021x *s_8021x;
NMSettingSecretFlags secret_flags;
GtkWidget *widget, *passwd_entry;
char *ca_filename, *pk_filename, *cc_filename;
const char *password = NULL;
GError *error = NULL;
gboolean ca_cert_error = FALSE;
s_8021x = nm_connection_get_setting_802_1x (connection);
g_assert (s_8021x);
if (parent->phase2)
g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "tls", NULL);
else
nm_setting_802_1x_add_eap_method (s_8021x, "tls");
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_entry"));
g_assert (widget);
g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (GTK_ENTRY (widget)), NULL);
/* TLS private key */
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_password_entry"));
g_assert (widget);
password = gtk_entry_get_text (GTK_ENTRY (widget));
g_assert (password);
passwd_entry = widget;
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_button"));
g_assert (widget);
pk_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
g_assert (pk_filename);
if (parent->phase2) {
if (!nm_setting_802_1x_set_phase2_private_key (s_8021x, pk_filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
g_warning ("Couldn't read phase2 private key '%s': %s", pk_filename, error ? error->message : "(unknown)");
g_clear_error (&error);
}
} else {
if (!nm_setting_802_1x_set_private_key (s_8021x, pk_filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
g_warning ("Couldn't read private key '%s': %s", pk_filename, error ? error->message : "(unknown)");
g_clear_error (&error);
}
}
g_free (pk_filename);
/* Save 802.1X password flags to the connection */
secret_flags = nma_utils_menu_to_secret_flags (passwd_entry);
nm_setting_set_secret_flags (NM_SETTING (s_8021x), parent->password_flags_name,
secret_flags, NULL);
/* Update secret flags and popup when editing the connection */
if (method->editing_connection) {
nma_utils_update_password_storage (passwd_entry, secret_flags,
NM_SETTING (s_8021x), parent->password_flags_name);
}
/* TLS client certificate */
if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
/* If the key is pkcs#12 nm_setting_802_1x_set_private_key() already
* set the client certificate for us.
*/
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_user_cert_button"));
g_assert (widget);
cc_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
g_assert (cc_filename);
format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
if (parent->phase2) {
if (!nm_setting_802_1x_set_phase2_client_cert (s_8021x, cc_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
g_warning ("Couldn't read phase2 client certificate '%s': %s", cc_filename, error ? error->message : "(unknown)");
g_clear_error (&error);
}
} else {
if (!nm_setting_802_1x_set_client_cert (s_8021x, cc_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
g_warning ("Couldn't read client certificate '%s': %s", cc_filename, error ? error->message : "(unknown)");
g_clear_error (&error);
}
}
g_free (cc_filename);
}
/* TLS CA certificate */
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_ca_cert_button"));
g_assert (widget);
ca_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
if (parent->phase2) {
if (!nm_setting_802_1x_set_phase2_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
g_warning ("Couldn't read phase2 CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)");
g_clear_error (&error);
ca_cert_error = TRUE;
}
} else {
if (!nm_setting_802_1x_set_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
g_warning ("Couldn't read CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)");
g_clear_error (&error);
ca_cert_error = TRUE;
}
}
eap_method_ca_cert_ignore_set (parent, connection, ca_filename, ca_cert_error);
g_free (ca_filename);
}
