gboolean
nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
NMSetting8021x *setting,
const char *con_uuid,
guint32 mtu,
gboolean wired,
GError **error)
{
NMSupplicantConfigPrivate *priv;
char *tmp;
const char *peapver, *value, *path;
gboolean added;
GString *phase1, *phase2;
GBytes *bytes;
gboolean fast = FALSE;
guint32 i, num_eap;
gboolean fast_provisoning_allowed = FALSE;
const char *ca_path_override = NULL, *ca_cert_override = NULL;
guint32 frag, hdrs;
gs_free char *frag_str = NULL;
g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE);
g_return_val_if_fail (setting != NULL, FALSE);
g_return_val_if_fail (con_uuid != NULL, FALSE);
priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self);
value = nm_setting_802_1x_get_password (setting);
if (value) {
if (!add_string_val (self, value, "password", FALSE, TRUE, error))
return FALSE;
} else {
bytes = nm_setting_802_1x_get_password_raw (setting);
if (bytes) {
if (!nm_supplicant_config_add_option (self,
"password",
(const char *) g_bytes_get_data (bytes, NULL),
g_bytes_get_size (bytes),
TRUE,
error))
return FALSE;
}
}
value = nm_setting_802_1x_get_pin (setting);
if (!add_string_val (self, value, "pin", FALSE, TRUE, error))
return FALSE;
if (wired) {
if (!add_string_val (self, "IEEE8021X", "key_mgmt", FALSE, FALSE, error))
return FALSE;
/* Wired 802.1x must always use eapol_flags=0 */
if (!add_string_val (self, "0", "eapol_flags", FALSE, FALSE, error))
return FALSE;
priv->ap_scan = 0;
}
if (!ADD_STRING_LIST_VAL (self, setting, 802_1x, eap_method, eap_methods, "eap", ' ', TRUE, FALSE, error))
return FALSE;
/* Check EAP method for special handling: PEAP + GTC, FAST */
num_eap = nm_setting_802_1x_get_num_eap_methods (setting);
for (i = 0; i < num_eap; i++) {
const char *method = nm_setting_802_1x_get_eap_method (setting, i);
if (method && (strcasecmp (method, "fast") == 0)) {
fast = TRUE;
priv->fast_required = TRUE;
}
}
/* Adjust the fragment size according to MTU, but do not set it higher than 1280-14
* for better compatibility */
hdrs = 14; /* EAPOL + EAP-TLS */
frag = 1280 - hdrs;
if (mtu > hdrs)
frag = CLAMP (mtu - hdrs, 100, frag);
frag_str = g_strdup_printf ("%u", frag);
if (!nm_supplicant_config_add_option (self, "fragment_size", frag_str, -1, FALSE, error))
return FALSE;
phase1 = g_string_new (NULL);
peapver = nm_setting_802_1x_get_phase1_peapver (setting);
if (peapver) {
if (!strcmp (peapver, "0"))
g_string_append (phase1, "peapver=0");
else if (!strcmp (peapver, "1"))
g_string_append (phase1, "peapver=1");
}
if (nm_setting_802_1x_get_phase1_peaplabel (setting)) {
if (phase1->len)
g_string_append_c (phase1, ' ');
g_string_append_printf (phase1, "peaplabel=%s", nm_setting_802_1x_get_phase1_peaplabel (setting));
}
value = nm_setting_802_1x_get_phase1_fast_provisioning (setting);
if (value) {
if (phase1->len)
g_string_append_c (phase1, ' ');
g_string_append_printf (phase1, "fast_provisioning=%s", value);
if (strcmp (value, "0") != 0)
fast_provisoning_allowed = TRUE;
}
if (phase1->len) {
if (!add_string_val (self, phase1->str, "phase1", FALSE, FALSE, error)) {
g_string_free (phase1, TRUE);
return FALSE;
}
}
g_string_free (phase1, TRUE);
phase2 = g_string_new (NULL);
if (nm_setting_802_1x_get_phase2_auth (setting) && !fast_provisoning_allowed) {
tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_auth (setting), -1);
g_string_append_printf (phase2, "auth=%s", tmp);
g_free (tmp);
}
if (nm_setting_802_1x_get_phase2_autheap (setting)) {
if (phase2->len)
g_string_append_c (phase2, ' ');
tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_autheap (setting), -1);
g_string_append_printf (phase2, "autheap=%s", tmp);
g_free (tmp);
}
if (phase2->len) {
if (!add_string_val (self, phase2->str, "phase2", FALSE, FALSE, error)) {
g_string_free (phase2, TRUE);
return FALSE;
}
}
g_string_free (phase2, TRUE);
/* PAC file */
path = nm_setting_802_1x_get_pac_file (setting);
if (path) {
if (!add_string_val (self, path, "pac_file", FALSE, FALSE, error))
return FALSE;
} else {
/* PAC file is not specified.
* If provisioning is allowed, use an blob format.
*/
if (fast_provisoning_allowed) {
gs_free char *blob_name = NULL;
blob_name = g_strdup_printf ("blob://pac-blob-%s", con_uuid);
if (!add_string_val (self, blob_name, "pac_file", FALSE, FALSE, error))
return FALSE;
} else {
/* This is only error for EAP-FAST; don't disturb other methods. */
if (fast) {
g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG,
"EAP-FAST error: no PAC file provided and "
"automatic PAC provisioning is disabled");
return FALSE;
}
}
}
/* If user wants to use system CA certs, either populate ca_path (if the path
* is a directory) or ca_cert (the path is a file name) */
if (nm_setting_802_1x_get_system_ca_certs (setting)) {
if (g_file_test (SYSTEM_CA_PATH, G_FILE_TEST_IS_DIR))
ca_path_override = SYSTEM_CA_PATH;
else
ca_cert_override = SYSTEM_CA_PATH;
}
/* CA path */
path = nm_setting_802_1x_get_ca_path (setting);
path = ca_path_override ? ca_path_override : path;
if (path) {
if (!add_string_val (self, path, "ca_path", FALSE, FALSE, error))
return FALSE;
}
/* Phase2 CA path */
path = nm_setting_802_1x_get_phase2_ca_path (setting);
path = ca_path_override ? ca_path_override : path;
if (path) {
if (!add_string_val (self, path, "ca_path2", FALSE, FALSE, error))
return FALSE;
}
/* CA certificate */
if (ca_cert_override) {
if (!add_string_val (self, ca_cert_override, "ca_cert", FALSE, FALSE, error))
return FALSE;
} else {
switch (nm_setting_802_1x_get_ca_cert_scheme (setting)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
bytes = nm_setting_802_1x_get_ca_cert_blob (setting);
if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "ca_cert", con_uuid, error))
return FALSE;
break;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
path = nm_setting_802_1x_get_ca_cert_path (setting);
if (!add_string_val (self, path, "ca_cert", FALSE, FALSE, error))
return FALSE;
break;
default:
break;
}
}
/* Phase 2 CA certificate */
if (ca_cert_override) {
if (!add_string_val (self, ca_cert_override, "ca_cert2", FALSE, FALSE, error))
return FALSE;
} else {
switch (nm_setting_802_1x_get_phase2_ca_cert_scheme (setting)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
bytes = nm_setting_802_1x_get_phase2_ca_cert_blob (setting);
if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "ca_cert2", con_uuid, error))
return FALSE;
break;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
path = nm_setting_802_1x_get_phase2_ca_cert_path (setting);
if (!add_string_val (self, path, "ca_cert2", FALSE, FALSE, error))
return FALSE;
break;
default:
break;
}
}
/* Subject match */
value = nm_setting_802_1x_get_subject_match (setting);
if (!add_string_val (self, value, "subject_match", FALSE, FALSE, error))
return FALSE;
value = nm_setting_802_1x_get_phase2_subject_match (setting);
if (!add_string_val (self, value, "subject_match2", FALSE, FALSE, error))
return FALSE;
/* altSubjectName match */
if (!ADD_STRING_LIST_VAL (self, setting, 802_1x, altsubject_match, altsubject_matches, "altsubject_match", ';', FALSE, FALSE, error))
return FALSE;
if (!ADD_STRING_LIST_VAL (self, setting, 802_1x, phase2_altsubject_match, phase2_altsubject_matches, "altsubject_match2", ';', FALSE, FALSE, error))
return FALSE;
/* Domain suffix match */
value = nm_setting_802_1x_get_domain_suffix_match (setting);
if (!add_string_val (self, value, "domain_suffix_match", FALSE, FALSE, error))
return FALSE;
value = nm_setting_802_1x_get_phase2_domain_suffix_match (setting);
if (!add_string_val (self, value, "domain_suffix_match2", FALSE, FALSE, error))
return FALSE;
/* Private key */
added = FALSE;
switch (nm_setting_802_1x_get_private_key_scheme (setting)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
bytes = nm_setting_802_1x_get_private_key_blob (setting);
if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "private_key", con_uuid, error))
return FALSE;
added = TRUE;
break;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
path = nm_setting_802_1x_get_private_key_path (setting);
if (!add_string_val (self, path, "private_key", FALSE, FALSE, error))
return FALSE;
added = TRUE;
break;
default:
break;
}
if (added) {
NMSetting8021xCKFormat format;
NMSetting8021xCKScheme scheme;
format = nm_setting_802_1x_get_private_key_format (setting);
scheme = nm_setting_802_1x_get_private_key_scheme (setting);
if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PATH
|| format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
/* Only add the private key password for PKCS#12 blobs and
* all path schemes, since in both of these cases the private key
* isn't decrypted at all.
*/
value = nm_setting_802_1x_get_private_key_password (setting);
if (!add_string_val (self, value, "private_key_passwd", FALSE, TRUE, error))
return FALSE;
}
if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
/* Only add the client cert if the private key is not PKCS#12, as
* wpa_supplicant configuration directs us to do.
*/
switch (nm_setting_802_1x_get_client_cert_scheme (setting)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
bytes = nm_setting_802_1x_get_client_cert_blob (setting);
if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "client_cert", con_uuid, error))
return FALSE;
break;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
path = nm_setting_802_1x_get_client_cert_path (setting);
if (!add_string_val (self, path, "client_cert", FALSE, FALSE, error))
return FALSE;
break;
default:
break;
}
}
}
/* Phase 2 private key */
added = FALSE;
switch (nm_setting_802_1x_get_phase2_private_key_scheme (setting)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
bytes = nm_setting_802_1x_get_phase2_private_key_blob (setting);
if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "private_key2", con_uuid, error))
return FALSE;
added = TRUE;
break;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
path = nm_setting_802_1x_get_phase2_private_key_path (setting);
if (!add_string_val (self, path, "private_key2", FALSE, FALSE, error))
return FALSE;
added = TRUE;
break;
default:
break;
}
if (added) {
NMSetting8021xCKFormat format;
NMSetting8021xCKScheme scheme;
format = nm_setting_802_1x_get_phase2_private_key_format (setting);
scheme = nm_setting_802_1x_get_phase2_private_key_scheme (setting);
if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PATH
|| format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
/* Only add the private key password for PKCS#12 blobs and
* all path schemes, since in both of these cases the private key
* isn't decrypted at all.
*/
value = nm_setting_802_1x_get_phase2_private_key_password (setting);
if (!add_string_val (self, value, "private_key2_passwd", FALSE, TRUE, error))
return FALSE;
}
if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
/* Only add the client cert if the private key is not PKCS#12, as
* wpa_supplicant configuration directs us to do.
*/
switch (nm_setting_802_1x_get_phase2_client_cert_scheme (setting)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
bytes = nm_setting_802_1x_get_phase2_client_cert_blob (setting);
if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "client_cert2", con_uuid, error))
return FALSE;
break;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
path = nm_setting_802_1x_get_phase2_client_cert_path (setting);
if (!add_string_val (self, path, "client_cert2", FALSE, FALSE, error))
return FALSE;
break;
default:
break;
}
}
}
value = nm_setting_802_1x_get_identity (setting);
if (!add_string_val (self, value, "identity", FALSE, FALSE, error))
return FALSE;
value = nm_setting_802_1x_get_anonymous_identity (setting);
if (!add_string_val (self, value, "anonymous_identity", FALSE, FALSE, error))
return FALSE;
return TRUE;
}
gboolean
nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self,
NMSetting8021x *setting,
const char *con_uuid,
gboolean wired)
{
NMSupplicantConfigPrivate *priv;
char *tmp;
const char *peapver, *value, *path;
gboolean success, added;
GString *phase1, *phase2;
GBytes *bytes;
gboolean fast = FALSE;
guint32 i, num_eap;
gboolean fast_provisoning_allowed = FALSE;
g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE);
g_return_val_if_fail (setting != NULL, FALSE);
g_return_val_if_fail (con_uuid != NULL, FALSE);
priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self);
value = nm_setting_802_1x_get_password (setting);
if (value) {
if (!add_string_val (self, value, "password", FALSE, TRUE))
return FALSE;
} else {
bytes = nm_setting_802_1x_get_password_raw (setting);
if (bytes) {
success = nm_supplicant_config_add_option (self,
"password",
(const char *) g_bytes_get_data (bytes, NULL),
g_bytes_get_size (bytes),
TRUE);
if (!success) {
nm_log_warn (LOGD_SUPPLICANT, "Error adding password-raw to supplicant config.");
return FALSE;
}
}
}
value = nm_setting_802_1x_get_pin (setting);
if (!add_string_val (self, value, "pin", FALSE, TRUE))
return FALSE;
if (wired) {
if (!add_string_val (self, "IEEE8021X", "key_mgmt", FALSE, FALSE))
return FALSE;
/* Wired 802.1x must always use eapol_flags=0 */
if (!add_string_val (self, "0", "eapol_flags", FALSE, FALSE))
return FALSE;
nm_supplicant_config_set_ap_scan (self, 0);
}
ADD_STRING_LIST_VAL (setting, 802_1x, eap_method, eap_methods, "eap", ' ', TRUE, FALSE);
/* Check EAP method for special handling: PEAP + GTC, FAST */
num_eap = nm_setting_802_1x_get_num_eap_methods (setting);
for (i = 0; i < num_eap; i++) {
const char *method = nm_setting_802_1x_get_eap_method (setting, i);
if (method && (strcasecmp (method, "fast") == 0)) {
fast = TRUE;
priv->fast_required = TRUE;
}
}
/* Drop the fragment size a bit for better compatibility */
if (!nm_supplicant_config_add_option (self, "fragment_size", "1300", -1, FALSE))
return FALSE;
phase1 = g_string_new (NULL);
peapver = nm_setting_802_1x_get_phase1_peapver (setting);
if (peapver) {
if (!strcmp (peapver, "0"))
g_string_append (phase1, "peapver=0");
else if (!strcmp (peapver, "1"))
g_string_append (phase1, "peapver=1");
}
if (nm_setting_802_1x_get_phase1_peaplabel (setting)) {
if (phase1->len)
g_string_append_c (phase1, ' ');
g_string_append_printf (phase1, "peaplabel=%s", nm_setting_802_1x_get_phase1_peaplabel (setting));
}
value = nm_setting_802_1x_get_phase1_fast_provisioning (setting);
if (value) {
if (phase1->len)
g_string_append_c (phase1, ' ');
g_string_append_printf (phase1, "fast_provisioning=%s", value);
if (strcmp (value, "0") != 0)
fast_provisoning_allowed = TRUE;
}
if (phase1->len) {
if (!add_string_val (self, phase1->str, "phase1", FALSE, FALSE)) {
g_string_free (phase1, TRUE);
return FALSE;
}
}
g_string_free (phase1, TRUE);
phase2 = g_string_new (NULL);
if (nm_setting_802_1x_get_phase2_auth (setting) && !fast_provisoning_allowed) {
tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_auth (setting), -1);
g_string_append_printf (phase2, "auth=%s", tmp);
g_free (tmp);
}
if (nm_setting_802_1x_get_phase2_autheap (setting)) {
if (phase2->len)
g_string_append_c (phase2, ' ');
tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_autheap (setting), -1);
g_string_append_printf (phase2, "autheap=%s", tmp);
g_free (tmp);
}
if (phase2->len) {
if (!add_string_val (self, phase2->str, "phase2", FALSE, FALSE)) {
g_string_free (phase2, TRUE);
return FALSE;
}
}
g_string_free (phase2, TRUE);
/* PAC file */
path = nm_setting_802_1x_get_pac_file (setting);
if (path) {
if (!add_string_val (self, path, "pac_file", FALSE, FALSE))
return FALSE;
} else {
/* PAC file is not specified.
* If provisioning is allowed, use an blob format.
*/
if (fast_provisoning_allowed) {
char *blob_name = g_strdup_printf ("blob://pac-blob-%s", con_uuid);
if (!add_string_val (self, blob_name, "pac_file", FALSE, FALSE)) {
g_free (blob_name);
return FALSE;
}
g_free (blob_name);
} else {
/* This is only error for EAP-FAST; don't disturb other methods. */
if (fast) {
nm_log_err (LOGD_SUPPLICANT, "EAP-FAST error: no PAC file provided and "
"automatic PAC provisioning is disabled.");
return FALSE;
}
}
}
/* CA path */
path = nm_setting_802_1x_get_ca_path (setting);
if (nm_setting_802_1x_get_system_ca_certs (setting))
path = SYSTEM_CA_PATH;
if (path) {
if (!add_string_val (self, path, "ca_path", FALSE, FALSE))
return FALSE;
}
/* Phase2 CA path */
path = nm_setting_802_1x_get_phase2_ca_path (setting);
if (nm_setting_802_1x_get_system_ca_certs (setting))
path = SYSTEM_CA_PATH;
if (path) {
if (!add_string_val (self, path, "ca_path2", FALSE, FALSE))
return FALSE;
}
/* CA certificate */
switch (nm_setting_802_1x_get_ca_cert_scheme (setting)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
bytes = nm_setting_802_1x_get_ca_cert_blob (setting);
ADD_BLOB_VAL (bytes, "ca_cert", con_uuid);
break;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
path = nm_setting_802_1x_get_ca_cert_path (setting);
if (!add_string_val (self, path, "ca_cert", FALSE, FALSE))
return FALSE;
break;
default:
break;
}
/* Phase 2 CA certificate */
switch (nm_setting_802_1x_get_phase2_ca_cert_scheme (setting)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
bytes = nm_setting_802_1x_get_phase2_ca_cert_blob (setting);
ADD_BLOB_VAL (bytes, "ca_cert2", con_uuid);
break;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
path = nm_setting_802_1x_get_phase2_ca_cert_path (setting);
if (!add_string_val (self, path, "ca_cert2", FALSE, FALSE))
return FALSE;
break;
default:
break;
}
/* Subject match */
value = nm_setting_802_1x_get_subject_match (setting);
if (!add_string_val (self, value, "subject_match", FALSE, FALSE))
return FALSE;
value = nm_setting_802_1x_get_phase2_subject_match (setting);
if (!add_string_val (self, value, "subject_match2", FALSE, FALSE))
return FALSE;
/* altSubjectName match */
ADD_STRING_LIST_VAL (setting, 802_1x, altsubject_match, altsubject_matches, "altsubject_match", ';', FALSE, FALSE);
ADD_STRING_LIST_VAL (setting, 802_1x, phase2_altsubject_match, phase2_altsubject_matches, "altsubject_match2", ';', FALSE, FALSE);
/* Private key */
added = FALSE;
switch (nm_setting_802_1x_get_private_key_scheme (setting)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
bytes = nm_setting_802_1x_get_private_key_blob (setting);
ADD_BLOB_VAL (bytes, "private_key", con_uuid);
added = TRUE;
break;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
path = nm_setting_802_1x_get_private_key_path (setting);
if (!add_string_val (self, path, "private_key", FALSE, FALSE))
return FALSE;
added = TRUE;
break;
default:
break;
}
if (added) {
NMSetting8021xCKFormat format;
NMSetting8021xCKScheme scheme;
format = nm_setting_802_1x_get_private_key_format (setting);
scheme = nm_setting_802_1x_get_private_key_scheme (setting);
if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PATH
|| format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
/* Only add the private key password for PKCS#12 blobs and
* all path schemes, since in both of these cases the private key
* isn't decrypted at all.
*/
value = nm_setting_802_1x_get_private_key_password (setting);
if (!add_string_val (self, value, "private_key_passwd", FALSE, TRUE))
return FALSE;
}
if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
/* Only add the client cert if the private key is not PKCS#12, as
* wpa_supplicant configuration directs us to do.
*/
switch (nm_setting_802_1x_get_client_cert_scheme (setting)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
bytes = nm_setting_802_1x_get_client_cert_blob (setting);
ADD_BLOB_VAL (bytes, "client_cert", con_uuid);
break;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
path = nm_setting_802_1x_get_client_cert_path (setting);
if (!add_string_val (self, path, "client_cert", FALSE, FALSE))
return FALSE;
break;
default:
break;
}
}
}
/* Phase 2 private key */
added = FALSE;
switch (nm_setting_802_1x_get_phase2_private_key_scheme (setting)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
bytes = nm_setting_802_1x_get_phase2_private_key_blob (setting);
ADD_BLOB_VAL (bytes, "private_key2", con_uuid);
added = TRUE;
break;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
path = nm_setting_802_1x_get_phase2_private_key_path (setting);
if (!add_string_val (self, path, "private_key2", FALSE, FALSE))
return FALSE;
added = TRUE;
break;
default:
break;
}
if (added) {
NMSetting8021xCKFormat format;
NMSetting8021xCKScheme scheme;
format = nm_setting_802_1x_get_phase2_private_key_format (setting);
scheme = nm_setting_802_1x_get_phase2_private_key_scheme (setting);
if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PATH
|| format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
/* Only add the private key password for PKCS#12 blobs and
* all path schemes, since in both of these cases the private key
* isn't decrypted at all.
*/
value = nm_setting_802_1x_get_phase2_private_key_password (setting);
if (!add_string_val (self, value, "private_key2_passwd", FALSE, TRUE))
return FALSE;
}
if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
/* Only add the client cert if the private key is not PKCS#12, as
* wpa_supplicant configuration directs us to do.
*/
switch (nm_setting_802_1x_get_phase2_client_cert_scheme (setting)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
bytes = nm_setting_802_1x_get_phase2_client_cert_blob (setting);
ADD_BLOB_VAL (bytes, "client_cert2", con_uuid);
break;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
path = nm_setting_802_1x_get_phase2_client_cert_path (setting);
if (!add_string_val (self, path, "client_cert2", FALSE, FALSE))
return FALSE;
break;
default:
break;
}
}
}
value = nm_setting_802_1x_get_identity (setting);
if (!add_string_val (self, value, "identity", FALSE, FALSE))
return FALSE;
value = nm_setting_802_1x_get_anonymous_identity (setting);
if (!add_string_val (self, value, "anonymous_identity", FALSE, FALSE))
return FALSE;
return TRUE;
}
EAPMethodTTLS *
eap_method_ttls_new (WirelessSecurity *ws_parent,
NMConnection *connection,
gboolean is_editor,
gboolean secrets_only)
{
EAPMethod *parent;
EAPMethodTTLS *method;
GtkWidget *widget;
GtkFileFilter *filter;
NMSetting8021x *s_8021x = NULL;
const char *filename;
parent = eap_method_init (sizeof (EAPMethodTTLS),
validate,
add_to_size_group,
fill_connection,
update_secrets,
destroy,
UIDIR "/eap-method-ttls.ui",
"eap_ttls_notebook",
"eap_ttls_anon_identity_entry",
FALSE);
if (!parent)
return NULL;
eap_method_nag_init (parent, "eap_ttls_ca_cert_button", connection);
method = (EAPMethodTTLS *) parent;
method->sec_parent = ws_parent;
method->is_editor = is_editor;
if (connection)
s_8021x = nm_connection_get_setting_802_1x (connection);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button"));
g_assert (widget);
gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
_("Choose a Certificate Authority certificate..."));
g_signal_connect (G_OBJECT (widget), "selection-changed",
(GCallback) wireless_security_changed_cb,
ws_parent);
filter = eap_method_default_file_chooser_filter_new (FALSE);
gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
if (connection && s_8021x) {
if (nm_setting_802_1x_get_ca_cert_scheme (s_8021x) == NM_SETTING_802_1X_CK_SCHEME_PATH) {
filename = nm_setting_802_1x_get_ca_cert_path (s_8021x);
if (filename)
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename);
}
}
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry"));
if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x))
gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x));
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) wireless_security_changed_cb,
ws_parent);
widget = inner_auth_combo_init (method, connection, s_8021x, secrets_only);
inner_auth_combo_changed_cb (widget, (gpointer) method);
if (secrets_only) {
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_label"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_label"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
gtk_widget_hide (widget);
}
return method;
}
EAPMethodPEAP *
eap_method_peap_new (WirelessSecurity *ws_parent,
NMConnection *connection,
gboolean is_editor,
gboolean secrets_only)
{
EAPMethod *parent;
EAPMethodPEAP *method;
GtkWidget *widget, *widget_ca_not_required_checkbox;
GtkFileFilter *filter;
NMSetting8021x *s_8021x = NULL;
const char *filename;
parent = eap_method_init (sizeof (EAPMethodPEAP),
validate,
add_to_size_group,
fill_connection,
update_secrets,
destroy,
"/org/freedesktop/network-manager-applet/eap-method-peap.ui",
"eap_peap_notebook",
"eap_peap_anon_identity_entry",
FALSE);
if (!parent)
return NULL;
parent->password_flags_name = NM_SETTING_802_1X_PASSWORD;
method = (EAPMethodPEAP *) parent;
method->sec_parent = ws_parent;
method->is_editor = is_editor;
if (connection)
s_8021x = nm_connection_get_setting_802_1x (connection);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_not_required_checkbox"));
g_assert (widget);
g_signal_connect (G_OBJECT (widget), "toggled",
(GCallback) ca_cert_not_required_toggled,
parent);
g_signal_connect (G_OBJECT (widget), "toggled",
(GCallback) wireless_security_changed_cb,
ws_parent);
widget_ca_not_required_checkbox = widget;
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_button"));
g_assert (widget);
gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
_("Choose a Certificate Authority certificate"));
g_signal_connect (G_OBJECT (widget), "selection-changed",
(GCallback) wireless_security_changed_cb,
ws_parent);
filter = eap_method_default_file_chooser_filter_new (FALSE);
gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
if (connection && s_8021x) {
filename = NULL;
if (nm_setting_802_1x_get_ca_cert_scheme (s_8021x) == NM_SETTING_802_1X_CK_SCHEME_PATH) {
filename = nm_setting_802_1x_get_ca_cert_path (s_8021x);
if (filename)
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename);
}
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget_ca_not_required_checkbox),
!filename && eap_method_ca_cert_ignore_get (parent, connection));
}
widget = inner_auth_combo_init (method, connection, s_8021x, secrets_only);
inner_auth_combo_changed_cb (widget, (gpointer) method);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_combo"));
g_assert (widget);
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0);
if (s_8021x) {
const char *peapver;
peapver = nm_setting_802_1x_get_phase1_peapver (s_8021x);
if (peapver) {
/* Index 0 is "Automatic" */
if (!strcmp (peapver, "0"))
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1);
else if (!strcmp (peapver, "1"))
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 2);
}
}
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) wireless_security_changed_cb,
ws_parent);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_entry"));
if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x))
gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x));
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) wireless_security_changed_cb,
ws_parent);
if (secrets_only) {
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_label"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_entry"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_label"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_button"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_not_required_checkbox"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_label"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_label"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_combo"));
gtk_widget_hide (widget);
}
return method;
}
