gboolean nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, NMSetting8021x *setting, const char *con_uuid, guint32 mtu, gboolean wired, GError **error) { NMSupplicantConfigPrivate *priv; char *tmp; const char *peapver, *value, *path; gboolean added; GString *phase1, *phase2; GBytes *bytes; gboolean fast = FALSE; guint32 i, num_eap; gboolean fast_provisoning_allowed = FALSE; const char *ca_path_override = NULL, *ca_cert_override = NULL; guint32 frag, hdrs; gs_free char *frag_str = NULL; g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE); g_return_val_if_fail (setting != NULL, FALSE); g_return_val_if_fail (con_uuid != NULL, FALSE); priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); value = nm_setting_802_1x_get_password (setting); if (value) { if (!add_string_val (self, value, "password", FALSE, TRUE, error)) return FALSE; } else { bytes = nm_setting_802_1x_get_password_raw (setting); if (bytes) { if (!nm_supplicant_config_add_option (self, "password", (const char *) g_bytes_get_data (bytes, NULL), g_bytes_get_size (bytes), TRUE, error)) return FALSE; } } value = nm_setting_802_1x_get_pin (setting); if (!add_string_val (self, value, "pin", FALSE, TRUE, error)) return FALSE; if (wired) { if (!add_string_val (self, "IEEE8021X", "key_mgmt", FALSE, FALSE, error)) return FALSE; /* Wired 802.1x must always use eapol_flags=0 */ if (!add_string_val (self, "0", "eapol_flags", FALSE, FALSE, error)) return FALSE; priv->ap_scan = 0; } if (!ADD_STRING_LIST_VAL (self, setting, 802_1x, eap_method, eap_methods, "eap", ' ', TRUE, FALSE, error)) return FALSE; /* Check EAP method for special handling: PEAP + GTC, FAST */ num_eap = nm_setting_802_1x_get_num_eap_methods (setting); for (i = 0; i < num_eap; i++) { const char *method = nm_setting_802_1x_get_eap_method (setting, i); if (method && (strcasecmp (method, "fast") == 0)) { fast = TRUE; priv->fast_required = TRUE; } } /* Adjust the fragment size according to MTU, but do not set it higher than 1280-14 * for better compatibility */ hdrs = 14; /* EAPOL + EAP-TLS */ frag = 1280 - hdrs; if (mtu > hdrs) frag = CLAMP (mtu - hdrs, 100, frag); frag_str = g_strdup_printf ("%u", frag); if (!nm_supplicant_config_add_option (self, "fragment_size", frag_str, -1, FALSE, error)) return FALSE; phase1 = g_string_new (NULL); peapver = nm_setting_802_1x_get_phase1_peapver (setting); if (peapver) { if (!strcmp (peapver, "0")) g_string_append (phase1, "peapver=0"); else if (!strcmp (peapver, "1")) g_string_append (phase1, "peapver=1"); } if (nm_setting_802_1x_get_phase1_peaplabel (setting)) { if (phase1->len) g_string_append_c (phase1, ' '); g_string_append_printf (phase1, "peaplabel=%s", nm_setting_802_1x_get_phase1_peaplabel (setting)); } value = nm_setting_802_1x_get_phase1_fast_provisioning (setting); if (value) { if (phase1->len) g_string_append_c (phase1, ' '); g_string_append_printf (phase1, "fast_provisioning=%s", value); if (strcmp (value, "0") != 0) fast_provisoning_allowed = TRUE; } if (phase1->len) { if (!add_string_val (self, phase1->str, "phase1", FALSE, FALSE, error)) { g_string_free (phase1, TRUE); return FALSE; } } g_string_free (phase1, TRUE); phase2 = g_string_new (NULL); if (nm_setting_802_1x_get_phase2_auth (setting) && !fast_provisoning_allowed) { tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_auth (setting), -1); g_string_append_printf (phase2, "auth=%s", tmp); g_free (tmp); } if (nm_setting_802_1x_get_phase2_autheap (setting)) { if (phase2->len) g_string_append_c (phase2, ' '); tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_autheap (setting), -1); g_string_append_printf (phase2, "autheap=%s", tmp); g_free (tmp); } if (phase2->len) { if (!add_string_val (self, phase2->str, "phase2", FALSE, FALSE, error)) { g_string_free (phase2, TRUE); return FALSE; } } g_string_free (phase2, TRUE); /* PAC file */ path = nm_setting_802_1x_get_pac_file (setting); if (path) { if (!add_string_val (self, path, "pac_file", FALSE, FALSE, error)) return FALSE; } else { /* PAC file is not specified. * If provisioning is allowed, use an blob format. */ if (fast_provisoning_allowed) { gs_free char *blob_name = NULL; blob_name = g_strdup_printf ("blob://pac-blob-%s", con_uuid); if (!add_string_val (self, blob_name, "pac_file", FALSE, FALSE, error)) return FALSE; } else { /* This is only error for EAP-FAST; don't disturb other methods. */ if (fast) { g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, "EAP-FAST error: no PAC file provided and " "automatic PAC provisioning is disabled"); return FALSE; } } } /* If user wants to use system CA certs, either populate ca_path (if the path * is a directory) or ca_cert (the path is a file name) */ if (nm_setting_802_1x_get_system_ca_certs (setting)) { if (g_file_test (SYSTEM_CA_PATH, G_FILE_TEST_IS_DIR)) ca_path_override = SYSTEM_CA_PATH; else ca_cert_override = SYSTEM_CA_PATH; } /* CA path */ path = nm_setting_802_1x_get_ca_path (setting); path = ca_path_override ? ca_path_override : path; if (path) { if (!add_string_val (self, path, "ca_path", FALSE, FALSE, error)) return FALSE; } /* Phase2 CA path */ path = nm_setting_802_1x_get_phase2_ca_path (setting); path = ca_path_override ? ca_path_override : path; if (path) { if (!add_string_val (self, path, "ca_path2", FALSE, FALSE, error)) return FALSE; } /* CA certificate */ if (ca_cert_override) { if (!add_string_val (self, ca_cert_override, "ca_cert", FALSE, FALSE, error)) return FALSE; } else { switch (nm_setting_802_1x_get_ca_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_ca_cert_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "ca_cert", con_uuid, error)) return FALSE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_ca_cert_path (setting); if (!add_string_val (self, path, "ca_cert", FALSE, FALSE, error)) return FALSE; break; default: break; } } /* Phase 2 CA certificate */ if (ca_cert_override) { if (!add_string_val (self, ca_cert_override, "ca_cert2", FALSE, FALSE, error)) return FALSE; } else { switch (nm_setting_802_1x_get_phase2_ca_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_ca_cert_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "ca_cert2", con_uuid, error)) return FALSE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_ca_cert_path (setting); if (!add_string_val (self, path, "ca_cert2", FALSE, FALSE, error)) return FALSE; break; default: break; } } /* Subject match */ value = nm_setting_802_1x_get_subject_match (setting); if (!add_string_val (self, value, "subject_match", FALSE, FALSE, error)) return FALSE; value = nm_setting_802_1x_get_phase2_subject_match (setting); if (!add_string_val (self, value, "subject_match2", FALSE, FALSE, error)) return FALSE; /* altSubjectName match */ if (!ADD_STRING_LIST_VAL (self, setting, 802_1x, altsubject_match, altsubject_matches, "altsubject_match", ';', FALSE, FALSE, error)) return FALSE; if (!ADD_STRING_LIST_VAL (self, setting, 802_1x, phase2_altsubject_match, phase2_altsubject_matches, "altsubject_match2", ';', FALSE, FALSE, error)) return FALSE; /* Domain suffix match */ value = nm_setting_802_1x_get_domain_suffix_match (setting); if (!add_string_val (self, value, "domain_suffix_match", FALSE, FALSE, error)) return FALSE; value = nm_setting_802_1x_get_phase2_domain_suffix_match (setting); if (!add_string_val (self, value, "domain_suffix_match2", FALSE, FALSE, error)) return FALSE; /* Private key */ added = FALSE; switch (nm_setting_802_1x_get_private_key_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_private_key_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "private_key", con_uuid, error)) return FALSE; added = TRUE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_private_key_path (setting); if (!add_string_val (self, path, "private_key", FALSE, FALSE, error)) return FALSE; added = TRUE; break; default: break; } if (added) { NMSetting8021xCKFormat format; NMSetting8021xCKScheme scheme; format = nm_setting_802_1x_get_private_key_format (setting); scheme = nm_setting_802_1x_get_private_key_scheme (setting); if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PATH || format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the private key password for PKCS#12 blobs and * all path schemes, since in both of these cases the private key * isn't decrypted at all. */ value = nm_setting_802_1x_get_private_key_password (setting); if (!add_string_val (self, value, "private_key_passwd", FALSE, TRUE, error)) return FALSE; } if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the client cert if the private key is not PKCS#12, as * wpa_supplicant configuration directs us to do. */ switch (nm_setting_802_1x_get_client_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_client_cert_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "client_cert", con_uuid, error)) return FALSE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_client_cert_path (setting); if (!add_string_val (self, path, "client_cert", FALSE, FALSE, error)) return FALSE; break; default: break; } } } /* Phase 2 private key */ added = FALSE; switch (nm_setting_802_1x_get_phase2_private_key_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_private_key_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "private_key2", con_uuid, error)) return FALSE; added = TRUE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_private_key_path (setting); if (!add_string_val (self, path, "private_key2", FALSE, FALSE, error)) return FALSE; added = TRUE; break; default: break; } if (added) { NMSetting8021xCKFormat format; NMSetting8021xCKScheme scheme; format = nm_setting_802_1x_get_phase2_private_key_format (setting); scheme = nm_setting_802_1x_get_phase2_private_key_scheme (setting); if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PATH || format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the private key password for PKCS#12 blobs and * all path schemes, since in both of these cases the private key * isn't decrypted at all. */ value = nm_setting_802_1x_get_phase2_private_key_password (setting); if (!add_string_val (self, value, "private_key2_passwd", FALSE, TRUE, error)) return FALSE; } if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the client cert if the private key is not PKCS#12, as * wpa_supplicant configuration directs us to do. */ switch (nm_setting_802_1x_get_phase2_client_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_client_cert_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "client_cert2", con_uuid, error)) return FALSE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_client_cert_path (setting); if (!add_string_val (self, path, "client_cert2", FALSE, FALSE, error)) return FALSE; break; default: break; } } } value = nm_setting_802_1x_get_identity (setting); if (!add_string_val (self, value, "identity", FALSE, FALSE, error)) return FALSE; value = nm_setting_802_1x_get_anonymous_identity (setting); if (!add_string_val (self, value, "anonymous_identity", FALSE, FALSE, error)) return FALSE; return TRUE; }
gboolean nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, NMSetting8021x *setting, const char *con_uuid, gboolean wired) { NMSupplicantConfigPrivate *priv; char *tmp; const char *peapver, *value, *path; gboolean success, added; GString *phase1, *phase2; GBytes *bytes; gboolean fast = FALSE; guint32 i, num_eap; gboolean fast_provisoning_allowed = FALSE; g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE); g_return_val_if_fail (setting != NULL, FALSE); g_return_val_if_fail (con_uuid != NULL, FALSE); priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); value = nm_setting_802_1x_get_password (setting); if (value) { if (!add_string_val (self, value, "password", FALSE, TRUE)) return FALSE; } else { bytes = nm_setting_802_1x_get_password_raw (setting); if (bytes) { success = nm_supplicant_config_add_option (self, "password", (const char *) g_bytes_get_data (bytes, NULL), g_bytes_get_size (bytes), TRUE); if (!success) { nm_log_warn (LOGD_SUPPLICANT, "Error adding password-raw to supplicant config."); return FALSE; } } } value = nm_setting_802_1x_get_pin (setting); if (!add_string_val (self, value, "pin", FALSE, TRUE)) return FALSE; if (wired) { if (!add_string_val (self, "IEEE8021X", "key_mgmt", FALSE, FALSE)) return FALSE; /* Wired 802.1x must always use eapol_flags=0 */ if (!add_string_val (self, "0", "eapol_flags", FALSE, FALSE)) return FALSE; nm_supplicant_config_set_ap_scan (self, 0); } ADD_STRING_LIST_VAL (setting, 802_1x, eap_method, eap_methods, "eap", ' ', TRUE, FALSE); /* Check EAP method for special handling: PEAP + GTC, FAST */ num_eap = nm_setting_802_1x_get_num_eap_methods (setting); for (i = 0; i < num_eap; i++) { const char *method = nm_setting_802_1x_get_eap_method (setting, i); if (method && (strcasecmp (method, "fast") == 0)) { fast = TRUE; priv->fast_required = TRUE; } } /* Drop the fragment size a bit for better compatibility */ if (!nm_supplicant_config_add_option (self, "fragment_size", "1300", -1, FALSE)) return FALSE; phase1 = g_string_new (NULL); peapver = nm_setting_802_1x_get_phase1_peapver (setting); if (peapver) { if (!strcmp (peapver, "0")) g_string_append (phase1, "peapver=0"); else if (!strcmp (peapver, "1")) g_string_append (phase1, "peapver=1"); } if (nm_setting_802_1x_get_phase1_peaplabel (setting)) { if (phase1->len) g_string_append_c (phase1, ' '); g_string_append_printf (phase1, "peaplabel=%s", nm_setting_802_1x_get_phase1_peaplabel (setting)); } value = nm_setting_802_1x_get_phase1_fast_provisioning (setting); if (value) { if (phase1->len) g_string_append_c (phase1, ' '); g_string_append_printf (phase1, "fast_provisioning=%s", value); if (strcmp (value, "0") != 0) fast_provisoning_allowed = TRUE; } if (phase1->len) { if (!add_string_val (self, phase1->str, "phase1", FALSE, FALSE)) { g_string_free (phase1, TRUE); return FALSE; } } g_string_free (phase1, TRUE); phase2 = g_string_new (NULL); if (nm_setting_802_1x_get_phase2_auth (setting) && !fast_provisoning_allowed) { tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_auth (setting), -1); g_string_append_printf (phase2, "auth=%s", tmp); g_free (tmp); } if (nm_setting_802_1x_get_phase2_autheap (setting)) { if (phase2->len) g_string_append_c (phase2, ' '); tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_autheap (setting), -1); g_string_append_printf (phase2, "autheap=%s", tmp); g_free (tmp); } if (phase2->len) { if (!add_string_val (self, phase2->str, "phase2", FALSE, FALSE)) { g_string_free (phase2, TRUE); return FALSE; } } g_string_free (phase2, TRUE); /* PAC file */ path = nm_setting_802_1x_get_pac_file (setting); if (path) { if (!add_string_val (self, path, "pac_file", FALSE, FALSE)) return FALSE; } else { /* PAC file is not specified. * If provisioning is allowed, use an blob format. */ if (fast_provisoning_allowed) { char *blob_name = g_strdup_printf ("blob://pac-blob-%s", con_uuid); if (!add_string_val (self, blob_name, "pac_file", FALSE, FALSE)) { g_free (blob_name); return FALSE; } g_free (blob_name); } else { /* This is only error for EAP-FAST; don't disturb other methods. */ if (fast) { nm_log_err (LOGD_SUPPLICANT, "EAP-FAST error: no PAC file provided and " "automatic PAC provisioning is disabled."); return FALSE; } } } /* CA path */ path = nm_setting_802_1x_get_ca_path (setting); if (nm_setting_802_1x_get_system_ca_certs (setting)) path = SYSTEM_CA_PATH; if (path) { if (!add_string_val (self, path, "ca_path", FALSE, FALSE)) return FALSE; } /* Phase2 CA path */ path = nm_setting_802_1x_get_phase2_ca_path (setting); if (nm_setting_802_1x_get_system_ca_certs (setting)) path = SYSTEM_CA_PATH; if (path) { if (!add_string_val (self, path, "ca_path2", FALSE, FALSE)) return FALSE; } /* CA certificate */ switch (nm_setting_802_1x_get_ca_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_ca_cert_blob (setting); ADD_BLOB_VAL (bytes, "ca_cert", con_uuid); break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_ca_cert_path (setting); if (!add_string_val (self, path, "ca_cert", FALSE, FALSE)) return FALSE; break; default: break; } /* Phase 2 CA certificate */ switch (nm_setting_802_1x_get_phase2_ca_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_ca_cert_blob (setting); ADD_BLOB_VAL (bytes, "ca_cert2", con_uuid); break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_ca_cert_path (setting); if (!add_string_val (self, path, "ca_cert2", FALSE, FALSE)) return FALSE; break; default: break; } /* Subject match */ value = nm_setting_802_1x_get_subject_match (setting); if (!add_string_val (self, value, "subject_match", FALSE, FALSE)) return FALSE; value = nm_setting_802_1x_get_phase2_subject_match (setting); if (!add_string_val (self, value, "subject_match2", FALSE, FALSE)) return FALSE; /* altSubjectName match */ ADD_STRING_LIST_VAL (setting, 802_1x, altsubject_match, altsubject_matches, "altsubject_match", ';', FALSE, FALSE); ADD_STRING_LIST_VAL (setting, 802_1x, phase2_altsubject_match, phase2_altsubject_matches, "altsubject_match2", ';', FALSE, FALSE); /* Private key */ added = FALSE; switch (nm_setting_802_1x_get_private_key_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_private_key_blob (setting); ADD_BLOB_VAL (bytes, "private_key", con_uuid); added = TRUE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_private_key_path (setting); if (!add_string_val (self, path, "private_key", FALSE, FALSE)) return FALSE; added = TRUE; break; default: break; } if (added) { NMSetting8021xCKFormat format; NMSetting8021xCKScheme scheme; format = nm_setting_802_1x_get_private_key_format (setting); scheme = nm_setting_802_1x_get_private_key_scheme (setting); if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PATH || format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the private key password for PKCS#12 blobs and * all path schemes, since in both of these cases the private key * isn't decrypted at all. */ value = nm_setting_802_1x_get_private_key_password (setting); if (!add_string_val (self, value, "private_key_passwd", FALSE, TRUE)) return FALSE; } if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the client cert if the private key is not PKCS#12, as * wpa_supplicant configuration directs us to do. */ switch (nm_setting_802_1x_get_client_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_client_cert_blob (setting); ADD_BLOB_VAL (bytes, "client_cert", con_uuid); break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_client_cert_path (setting); if (!add_string_val (self, path, "client_cert", FALSE, FALSE)) return FALSE; break; default: break; } } } /* Phase 2 private key */ added = FALSE; switch (nm_setting_802_1x_get_phase2_private_key_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_private_key_blob (setting); ADD_BLOB_VAL (bytes, "private_key2", con_uuid); added = TRUE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_private_key_path (setting); if (!add_string_val (self, path, "private_key2", FALSE, FALSE)) return FALSE; added = TRUE; break; default: break; } if (added) { NMSetting8021xCKFormat format; NMSetting8021xCKScheme scheme; format = nm_setting_802_1x_get_phase2_private_key_format (setting); scheme = nm_setting_802_1x_get_phase2_private_key_scheme (setting); if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PATH || format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the private key password for PKCS#12 blobs and * all path schemes, since in both of these cases the private key * isn't decrypted at all. */ value = nm_setting_802_1x_get_phase2_private_key_password (setting); if (!add_string_val (self, value, "private_key2_passwd", FALSE, TRUE)) return FALSE; } if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the client cert if the private key is not PKCS#12, as * wpa_supplicant configuration directs us to do. */ switch (nm_setting_802_1x_get_phase2_client_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_client_cert_blob (setting); ADD_BLOB_VAL (bytes, "client_cert2", con_uuid); break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_client_cert_path (setting); if (!add_string_val (self, path, "client_cert2", FALSE, FALSE)) return FALSE; break; default: break; } } } value = nm_setting_802_1x_get_identity (setting); if (!add_string_val (self, value, "identity", FALSE, FALSE)) return FALSE; value = nm_setting_802_1x_get_anonymous_identity (setting); if (!add_string_val (self, value, "anonymous_identity", FALSE, FALSE)) return FALSE; return TRUE; }
EAPMethodTTLS * eap_method_ttls_new (WirelessSecurity *ws_parent, NMConnection *connection, gboolean is_editor, gboolean secrets_only) { EAPMethod *parent; EAPMethodTTLS *method; GtkWidget *widget; GtkFileFilter *filter; NMSetting8021x *s_8021x = NULL; const char *filename; parent = eap_method_init (sizeof (EAPMethodTTLS), validate, add_to_size_group, fill_connection, update_secrets, destroy, UIDIR "/eap-method-ttls.ui", "eap_ttls_notebook", "eap_ttls_anon_identity_entry", FALSE); if (!parent) return NULL; eap_method_nag_init (parent, "eap_ttls_ca_cert_button", connection); method = (EAPMethodTTLS *) parent; method->sec_parent = ws_parent; method->is_editor = is_editor; if (connection) s_8021x = nm_connection_get_setting_802_1x (connection); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button")); g_assert (widget); gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE); gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget), _("Choose a Certificate Authority certificate...")); g_signal_connect (G_OBJECT (widget), "selection-changed", (GCallback) wireless_security_changed_cb, ws_parent); filter = eap_method_default_file_chooser_filter_new (FALSE); gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter); if (connection && s_8021x) { if (nm_setting_802_1x_get_ca_cert_scheme (s_8021x) == NM_SETTING_802_1X_CK_SCHEME_PATH) { filename = nm_setting_802_1x_get_ca_cert_path (s_8021x); if (filename) gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename); } } widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry")); if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x)) gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x)); g_signal_connect (G_OBJECT (widget), "changed", (GCallback) wireless_security_changed_cb, ws_parent); widget = inner_auth_combo_init (method, connection, s_8021x, secrets_only); inner_auth_combo_changed_cb (widget, (gpointer) method); if (secrets_only) { widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_label")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_label")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo")); gtk_widget_hide (widget); } return method; }
EAPMethodPEAP * eap_method_peap_new (WirelessSecurity *ws_parent, NMConnection *connection, gboolean is_editor, gboolean secrets_only) { EAPMethod *parent; EAPMethodPEAP *method; GtkWidget *widget, *widget_ca_not_required_checkbox; GtkFileFilter *filter; NMSetting8021x *s_8021x = NULL; const char *filename; parent = eap_method_init (sizeof (EAPMethodPEAP), validate, add_to_size_group, fill_connection, update_secrets, destroy, "/org/freedesktop/network-manager-applet/eap-method-peap.ui", "eap_peap_notebook", "eap_peap_anon_identity_entry", FALSE); if (!parent) return NULL; parent->password_flags_name = NM_SETTING_802_1X_PASSWORD; method = (EAPMethodPEAP *) parent; method->sec_parent = ws_parent; method->is_editor = is_editor; if (connection) s_8021x = nm_connection_get_setting_802_1x (connection); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_not_required_checkbox")); g_assert (widget); g_signal_connect (G_OBJECT (widget), "toggled", (GCallback) ca_cert_not_required_toggled, parent); g_signal_connect (G_OBJECT (widget), "toggled", (GCallback) wireless_security_changed_cb, ws_parent); widget_ca_not_required_checkbox = widget; widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_button")); g_assert (widget); gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE); gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget), _("Choose a Certificate Authority certificate")); g_signal_connect (G_OBJECT (widget), "selection-changed", (GCallback) wireless_security_changed_cb, ws_parent); filter = eap_method_default_file_chooser_filter_new (FALSE); gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter); if (connection && s_8021x) { filename = NULL; if (nm_setting_802_1x_get_ca_cert_scheme (s_8021x) == NM_SETTING_802_1X_CK_SCHEME_PATH) { filename = nm_setting_802_1x_get_ca_cert_path (s_8021x); if (filename) gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename); } gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget_ca_not_required_checkbox), !filename && eap_method_ca_cert_ignore_get (parent, connection)); } widget = inner_auth_combo_init (method, connection, s_8021x, secrets_only); inner_auth_combo_changed_cb (widget, (gpointer) method); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_combo")); g_assert (widget); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0); if (s_8021x) { const char *peapver; peapver = nm_setting_802_1x_get_phase1_peapver (s_8021x); if (peapver) { /* Index 0 is "Automatic" */ if (!strcmp (peapver, "0")) gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1); else if (!strcmp (peapver, "1")) gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 2); } } g_signal_connect (G_OBJECT (widget), "changed", (GCallback) wireless_security_changed_cb, ws_parent); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_entry")); if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x)) gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x)); g_signal_connect (G_OBJECT (widget), "changed", (GCallback) wireless_security_changed_cb, ws_parent); if (secrets_only) { widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_label")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_entry")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_label")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_button")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_not_required_checkbox")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_label")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_label")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_combo")); gtk_widget_hide (widget); } return method; }