static char * get_eap_label (NMSettingWirelessSecurity *sec, NMSetting8021x *s_8021x) { GString *str = NULL; char *phase2_str = NULL; if (sec) { const char *key_mgmt = nm_setting_wireless_security_get_key_mgmt (sec); const char *auth_alg = nm_setting_wireless_security_get_auth_alg (sec); if (!strcmp (key_mgmt, "ieee8021x")) { if (auth_alg && !strcmp (auth_alg, "leap")) str = g_string_new (_("LEAP")); else str = g_string_new (_("Dynamic WEP")); } else if (!strcmp (key_mgmt, "wpa-eap")) str = g_string_new (_("WPA/WPA2")); else return NULL; } else if (s_8021x) str = g_string_new ("802.1x"); if (!s_8021x) goto out; if (nm_setting_802_1x_get_num_eap_methods (s_8021x)) { char *eap_str = g_ascii_strup (nm_setting_802_1x_get_eap_method (s_8021x, 0), -1); g_string_append_printf (str, ", EAP-%s", eap_str); g_free (eap_str); } if (nm_setting_802_1x_get_phase2_auth (s_8021x)) phase2_str = g_ascii_strup (nm_setting_802_1x_get_phase2_auth (s_8021x), -1); else if (nm_setting_802_1x_get_phase2_autheap (s_8021x)) phase2_str = g_ascii_strup (nm_setting_802_1x_get_phase2_autheap (s_8021x), -1); if (phase2_str) { g_string_append (str, ", "); g_string_append (str, phase2_str); g_free (phase2_str); } out: return g_string_free (str, FALSE); }
static GtkWidget * inner_auth_combo_init (EAPMethodPEAP *method, const char *glade_file, NMConnection *connection, NMSetting8021x *s_8021x) { GladeXML *xml = EAP_METHOD (method)->xml; GtkWidget *combo; GtkListStore *auth_model; GtkTreeIter iter; EAPMethodSimple *em_mschap_v2; EAPMethodSimple *em_md5; EAPMethodSimple *em_gtc; guint32 active = 0; const char *phase2_auth = NULL; auth_model = gtk_list_store_new (2, G_TYPE_STRING, eap_method_get_g_type ()); if (s_8021x) { if (nm_setting_802_1x_get_phase2_auth (s_8021x)) phase2_auth = nm_setting_802_1x_get_phase2_auth (s_8021x); else if (nm_setting_802_1x_get_phase2_autheap (s_8021x)) phase2_auth = nm_setting_802_1x_get_phase2_autheap (s_8021x); } em_mschap_v2 = eap_method_simple_new (glade_file, method->sec_parent, connection, EAP_METHOD_SIMPLE_TYPE_MSCHAP_V2); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, I_NAME_COLUMN, _("MSCHAPv2"), I_METHOD_COLUMN, em_mschap_v2, -1); eap_method_unref (EAP_METHOD (em_mschap_v2)); /* Check for defaulting to MSCHAPv2 */ if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2")) active = 0; em_md5 = eap_method_simple_new (glade_file, method->sec_parent, connection, EAP_METHOD_SIMPLE_TYPE_MD5); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, I_NAME_COLUMN, _("MD5"), I_METHOD_COLUMN, em_md5, -1); eap_method_unref (EAP_METHOD (em_md5)); /* Check for defaulting to MD5 */ if (phase2_auth && !strcasecmp (phase2_auth, "md5")) active = 1; em_gtc = eap_method_simple_new (glade_file, method->sec_parent, connection, EAP_METHOD_SIMPLE_TYPE_GTC); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, I_NAME_COLUMN, _("GTC"), I_METHOD_COLUMN, em_gtc, -1); eap_method_unref (EAP_METHOD (em_gtc)); /* Check for defaulting to GTC */ if (phase2_auth && !strcasecmp (phase2_auth, "gtc")) active = 2; combo = glade_xml_get_widget (xml, "eap_peap_inner_auth_combo"); g_assert (combo); gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (auth_model)); g_object_unref (G_OBJECT (auth_model)); gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active); g_signal_connect (G_OBJECT (combo), "changed", (GCallback) inner_auth_combo_changed_cb, method); return combo; }
gboolean nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, NMSetting8021x *setting, const char *con_uuid, guint32 mtu, gboolean wired, GError **error) { NMSupplicantConfigPrivate *priv; char *tmp; const char *peapver, *value, *path; gboolean added; GString *phase1, *phase2; GBytes *bytes; gboolean fast = FALSE; guint32 i, num_eap; gboolean fast_provisoning_allowed = FALSE; const char *ca_path_override = NULL, *ca_cert_override = NULL; guint32 frag, hdrs; gs_free char *frag_str = NULL; g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE); g_return_val_if_fail (setting != NULL, FALSE); g_return_val_if_fail (con_uuid != NULL, FALSE); priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); value = nm_setting_802_1x_get_password (setting); if (value) { if (!add_string_val (self, value, "password", FALSE, TRUE, error)) return FALSE; } else { bytes = nm_setting_802_1x_get_password_raw (setting); if (bytes) { if (!nm_supplicant_config_add_option (self, "password", (const char *) g_bytes_get_data (bytes, NULL), g_bytes_get_size (bytes), TRUE, error)) return FALSE; } } value = nm_setting_802_1x_get_pin (setting); if (!add_string_val (self, value, "pin", FALSE, TRUE, error)) return FALSE; if (wired) { if (!add_string_val (self, "IEEE8021X", "key_mgmt", FALSE, FALSE, error)) return FALSE; /* Wired 802.1x must always use eapol_flags=0 */ if (!add_string_val (self, "0", "eapol_flags", FALSE, FALSE, error)) return FALSE; priv->ap_scan = 0; } if (!ADD_STRING_LIST_VAL (self, setting, 802_1x, eap_method, eap_methods, "eap", ' ', TRUE, FALSE, error)) return FALSE; /* Check EAP method for special handling: PEAP + GTC, FAST */ num_eap = nm_setting_802_1x_get_num_eap_methods (setting); for (i = 0; i < num_eap; i++) { const char *method = nm_setting_802_1x_get_eap_method (setting, i); if (method && (strcasecmp (method, "fast") == 0)) { fast = TRUE; priv->fast_required = TRUE; } } /* Adjust the fragment size according to MTU, but do not set it higher than 1280-14 * for better compatibility */ hdrs = 14; /* EAPOL + EAP-TLS */ frag = 1280 - hdrs; if (mtu > hdrs) frag = CLAMP (mtu - hdrs, 100, frag); frag_str = g_strdup_printf ("%u", frag); if (!nm_supplicant_config_add_option (self, "fragment_size", frag_str, -1, FALSE, error)) return FALSE; phase1 = g_string_new (NULL); peapver = nm_setting_802_1x_get_phase1_peapver (setting); if (peapver) { if (!strcmp (peapver, "0")) g_string_append (phase1, "peapver=0"); else if (!strcmp (peapver, "1")) g_string_append (phase1, "peapver=1"); } if (nm_setting_802_1x_get_phase1_peaplabel (setting)) { if (phase1->len) g_string_append_c (phase1, ' '); g_string_append_printf (phase1, "peaplabel=%s", nm_setting_802_1x_get_phase1_peaplabel (setting)); } value = nm_setting_802_1x_get_phase1_fast_provisioning (setting); if (value) { if (phase1->len) g_string_append_c (phase1, ' '); g_string_append_printf (phase1, "fast_provisioning=%s", value); if (strcmp (value, "0") != 0) fast_provisoning_allowed = TRUE; } if (phase1->len) { if (!add_string_val (self, phase1->str, "phase1", FALSE, FALSE, error)) { g_string_free (phase1, TRUE); return FALSE; } } g_string_free (phase1, TRUE); phase2 = g_string_new (NULL); if (nm_setting_802_1x_get_phase2_auth (setting) && !fast_provisoning_allowed) { tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_auth (setting), -1); g_string_append_printf (phase2, "auth=%s", tmp); g_free (tmp); } if (nm_setting_802_1x_get_phase2_autheap (setting)) { if (phase2->len) g_string_append_c (phase2, ' '); tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_autheap (setting), -1); g_string_append_printf (phase2, "autheap=%s", tmp); g_free (tmp); } if (phase2->len) { if (!add_string_val (self, phase2->str, "phase2", FALSE, FALSE, error)) { g_string_free (phase2, TRUE); return FALSE; } } g_string_free (phase2, TRUE); /* PAC file */ path = nm_setting_802_1x_get_pac_file (setting); if (path) { if (!add_string_val (self, path, "pac_file", FALSE, FALSE, error)) return FALSE; } else { /* PAC file is not specified. * If provisioning is allowed, use an blob format. */ if (fast_provisoning_allowed) { gs_free char *blob_name = NULL; blob_name = g_strdup_printf ("blob://pac-blob-%s", con_uuid); if (!add_string_val (self, blob_name, "pac_file", FALSE, FALSE, error)) return FALSE; } else { /* This is only error for EAP-FAST; don't disturb other methods. */ if (fast) { g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, "EAP-FAST error: no PAC file provided and " "automatic PAC provisioning is disabled"); return FALSE; } } } /* If user wants to use system CA certs, either populate ca_path (if the path * is a directory) or ca_cert (the path is a file name) */ if (nm_setting_802_1x_get_system_ca_certs (setting)) { if (g_file_test (SYSTEM_CA_PATH, G_FILE_TEST_IS_DIR)) ca_path_override = SYSTEM_CA_PATH; else ca_cert_override = SYSTEM_CA_PATH; } /* CA path */ path = nm_setting_802_1x_get_ca_path (setting); path = ca_path_override ? ca_path_override : path; if (path) { if (!add_string_val (self, path, "ca_path", FALSE, FALSE, error)) return FALSE; } /* Phase2 CA path */ path = nm_setting_802_1x_get_phase2_ca_path (setting); path = ca_path_override ? ca_path_override : path; if (path) { if (!add_string_val (self, path, "ca_path2", FALSE, FALSE, error)) return FALSE; } /* CA certificate */ if (ca_cert_override) { if (!add_string_val (self, ca_cert_override, "ca_cert", FALSE, FALSE, error)) return FALSE; } else { switch (nm_setting_802_1x_get_ca_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_ca_cert_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "ca_cert", con_uuid, error)) return FALSE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_ca_cert_path (setting); if (!add_string_val (self, path, "ca_cert", FALSE, FALSE, error)) return FALSE; break; default: break; } } /* Phase 2 CA certificate */ if (ca_cert_override) { if (!add_string_val (self, ca_cert_override, "ca_cert2", FALSE, FALSE, error)) return FALSE; } else { switch (nm_setting_802_1x_get_phase2_ca_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_ca_cert_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "ca_cert2", con_uuid, error)) return FALSE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_ca_cert_path (setting); if (!add_string_val (self, path, "ca_cert2", FALSE, FALSE, error)) return FALSE; break; default: break; } } /* Subject match */ value = nm_setting_802_1x_get_subject_match (setting); if (!add_string_val (self, value, "subject_match", FALSE, FALSE, error)) return FALSE; value = nm_setting_802_1x_get_phase2_subject_match (setting); if (!add_string_val (self, value, "subject_match2", FALSE, FALSE, error)) return FALSE; /* altSubjectName match */ if (!ADD_STRING_LIST_VAL (self, setting, 802_1x, altsubject_match, altsubject_matches, "altsubject_match", ';', FALSE, FALSE, error)) return FALSE; if (!ADD_STRING_LIST_VAL (self, setting, 802_1x, phase2_altsubject_match, phase2_altsubject_matches, "altsubject_match2", ';', FALSE, FALSE, error)) return FALSE; /* Domain suffix match */ value = nm_setting_802_1x_get_domain_suffix_match (setting); if (!add_string_val (self, value, "domain_suffix_match", FALSE, FALSE, error)) return FALSE; value = nm_setting_802_1x_get_phase2_domain_suffix_match (setting); if (!add_string_val (self, value, "domain_suffix_match2", FALSE, FALSE, error)) return FALSE; /* Private key */ added = FALSE; switch (nm_setting_802_1x_get_private_key_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_private_key_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "private_key", con_uuid, error)) return FALSE; added = TRUE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_private_key_path (setting); if (!add_string_val (self, path, "private_key", FALSE, FALSE, error)) return FALSE; added = TRUE; break; default: break; } if (added) { NMSetting8021xCKFormat format; NMSetting8021xCKScheme scheme; format = nm_setting_802_1x_get_private_key_format (setting); scheme = nm_setting_802_1x_get_private_key_scheme (setting); if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PATH || format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the private key password for PKCS#12 blobs and * all path schemes, since in both of these cases the private key * isn't decrypted at all. */ value = nm_setting_802_1x_get_private_key_password (setting); if (!add_string_val (self, value, "private_key_passwd", FALSE, TRUE, error)) return FALSE; } if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the client cert if the private key is not PKCS#12, as * wpa_supplicant configuration directs us to do. */ switch (nm_setting_802_1x_get_client_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_client_cert_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "client_cert", con_uuid, error)) return FALSE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_client_cert_path (setting); if (!add_string_val (self, path, "client_cert", FALSE, FALSE, error)) return FALSE; break; default: break; } } } /* Phase 2 private key */ added = FALSE; switch (nm_setting_802_1x_get_phase2_private_key_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_private_key_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "private_key2", con_uuid, error)) return FALSE; added = TRUE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_private_key_path (setting); if (!add_string_val (self, path, "private_key2", FALSE, FALSE, error)) return FALSE; added = TRUE; break; default: break; } if (added) { NMSetting8021xCKFormat format; NMSetting8021xCKScheme scheme; format = nm_setting_802_1x_get_phase2_private_key_format (setting); scheme = nm_setting_802_1x_get_phase2_private_key_scheme (setting); if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PATH || format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the private key password for PKCS#12 blobs and * all path schemes, since in both of these cases the private key * isn't decrypted at all. */ value = nm_setting_802_1x_get_phase2_private_key_password (setting); if (!add_string_val (self, value, "private_key2_passwd", FALSE, TRUE, error)) return FALSE; } if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the client cert if the private key is not PKCS#12, as * wpa_supplicant configuration directs us to do. */ switch (nm_setting_802_1x_get_phase2_client_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_client_cert_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "client_cert2", con_uuid, error)) return FALSE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_client_cert_path (setting); if (!add_string_val (self, path, "client_cert2", FALSE, FALSE, error)) return FALSE; break; default: break; } } } value = nm_setting_802_1x_get_identity (setting); if (!add_string_val (self, value, "identity", FALSE, FALSE, error)) return FALSE; value = nm_setting_802_1x_get_anonymous_identity (setting); if (!add_string_val (self, value, "anonymous_identity", FALSE, FALSE, error)) return FALSE; return TRUE; }
static GtkWidget * inner_auth_combo_init (EAPMethodTTLS *method, NMConnection *connection, NMSetting8021x *s_8021x, gboolean secrets_only) { EAPMethod *parent = (EAPMethod *) method; GtkWidget *combo; GtkListStore *auth_model; GtkTreeIter iter; EAPMethodSimple *em_pap; EAPMethodSimple *em_mschap; EAPMethodSimple *em_mschap_v2; EAPMethodSimple *em_chap; guint32 active = 0; const char *phase2_auth = NULL; auth_model = gtk_list_store_new (2, G_TYPE_STRING, eap_method_get_g_type ()); if (s_8021x) { if (nm_setting_802_1x_get_phase2_auth (s_8021x)) phase2_auth = nm_setting_802_1x_get_phase2_auth (s_8021x); else if (nm_setting_802_1x_get_phase2_autheap (s_8021x)) phase2_auth = nm_setting_802_1x_get_phase2_autheap (s_8021x); } em_pap = eap_method_simple_new (method->sec_parent, connection, EAP_METHOD_SIMPLE_TYPE_PAP, TRUE, method->is_editor, secrets_only); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, I_NAME_COLUMN, _("PAP"), I_METHOD_COLUMN, em_pap, -1); eap_method_unref (EAP_METHOD (em_pap)); /* Check for defaulting to PAP */ if (phase2_auth && !strcasecmp (phase2_auth, "pap")) active = 0; em_mschap = eap_method_simple_new (method->sec_parent, connection, EAP_METHOD_SIMPLE_TYPE_MSCHAP, TRUE, method->is_editor, secrets_only); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, I_NAME_COLUMN, _("MSCHAP"), I_METHOD_COLUMN, em_mschap, -1); eap_method_unref (EAP_METHOD (em_mschap)); /* Check for defaulting to MSCHAP */ if (phase2_auth && !strcasecmp (phase2_auth, "mschap")) active = 1; em_mschap_v2 = eap_method_simple_new (method->sec_parent, connection, EAP_METHOD_SIMPLE_TYPE_MSCHAP_V2, TRUE, method->is_editor, secrets_only); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, I_NAME_COLUMN, _("MSCHAPv2"), I_METHOD_COLUMN, em_mschap_v2, -1); eap_method_unref (EAP_METHOD (em_mschap_v2)); /* Check for defaulting to MSCHAPv2 */ if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2")) active = 2; em_chap = eap_method_simple_new (method->sec_parent, connection, EAP_METHOD_SIMPLE_TYPE_CHAP, TRUE, method->is_editor, secrets_only); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, I_NAME_COLUMN, _("CHAP"), I_METHOD_COLUMN, em_chap, -1); eap_method_unref (EAP_METHOD (em_chap)); /* Check for defaulting to CHAP */ if (phase2_auth && !strcasecmp (phase2_auth, "chap")) active = 3; combo = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo")); g_assert (combo); gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (auth_model)); g_object_unref (G_OBJECT (auth_model)); gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active); g_signal_connect (G_OBJECT (combo), "changed", (GCallback) inner_auth_combo_changed_cb, method); return combo; }
gboolean nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, NMSetting8021x *setting, const char *con_uuid, gboolean wired) { NMSupplicantConfigPrivate *priv; char *tmp; const char *peapver, *value, *path; gboolean success, added; GString *phase1, *phase2; GBytes *bytes; gboolean fast = FALSE; guint32 i, num_eap; gboolean fast_provisoning_allowed = FALSE; g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE); g_return_val_if_fail (setting != NULL, FALSE); g_return_val_if_fail (con_uuid != NULL, FALSE); priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); value = nm_setting_802_1x_get_password (setting); if (value) { if (!add_string_val (self, value, "password", FALSE, TRUE)) return FALSE; } else { bytes = nm_setting_802_1x_get_password_raw (setting); if (bytes) { success = nm_supplicant_config_add_option (self, "password", (const char *) g_bytes_get_data (bytes, NULL), g_bytes_get_size (bytes), TRUE); if (!success) { nm_log_warn (LOGD_SUPPLICANT, "Error adding password-raw to supplicant config."); return FALSE; } } } value = nm_setting_802_1x_get_pin (setting); if (!add_string_val (self, value, "pin", FALSE, TRUE)) return FALSE; if (wired) { if (!add_string_val (self, "IEEE8021X", "key_mgmt", FALSE, FALSE)) return FALSE; /* Wired 802.1x must always use eapol_flags=0 */ if (!add_string_val (self, "0", "eapol_flags", FALSE, FALSE)) return FALSE; nm_supplicant_config_set_ap_scan (self, 0); } ADD_STRING_LIST_VAL (setting, 802_1x, eap_method, eap_methods, "eap", ' ', TRUE, FALSE); /* Check EAP method for special handling: PEAP + GTC, FAST */ num_eap = nm_setting_802_1x_get_num_eap_methods (setting); for (i = 0; i < num_eap; i++) { const char *method = nm_setting_802_1x_get_eap_method (setting, i); if (method && (strcasecmp (method, "fast") == 0)) { fast = TRUE; priv->fast_required = TRUE; } } /* Drop the fragment size a bit for better compatibility */ if (!nm_supplicant_config_add_option (self, "fragment_size", "1300", -1, FALSE)) return FALSE; phase1 = g_string_new (NULL); peapver = nm_setting_802_1x_get_phase1_peapver (setting); if (peapver) { if (!strcmp (peapver, "0")) g_string_append (phase1, "peapver=0"); else if (!strcmp (peapver, "1")) g_string_append (phase1, "peapver=1"); } if (nm_setting_802_1x_get_phase1_peaplabel (setting)) { if (phase1->len) g_string_append_c (phase1, ' '); g_string_append_printf (phase1, "peaplabel=%s", nm_setting_802_1x_get_phase1_peaplabel (setting)); } value = nm_setting_802_1x_get_phase1_fast_provisioning (setting); if (value) { if (phase1->len) g_string_append_c (phase1, ' '); g_string_append_printf (phase1, "fast_provisioning=%s", value); if (strcmp (value, "0") != 0) fast_provisoning_allowed = TRUE; } if (phase1->len) { if (!add_string_val (self, phase1->str, "phase1", FALSE, FALSE)) { g_string_free (phase1, TRUE); return FALSE; } } g_string_free (phase1, TRUE); phase2 = g_string_new (NULL); if (nm_setting_802_1x_get_phase2_auth (setting) && !fast_provisoning_allowed) { tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_auth (setting), -1); g_string_append_printf (phase2, "auth=%s", tmp); g_free (tmp); } if (nm_setting_802_1x_get_phase2_autheap (setting)) { if (phase2->len) g_string_append_c (phase2, ' '); tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_autheap (setting), -1); g_string_append_printf (phase2, "autheap=%s", tmp); g_free (tmp); } if (phase2->len) { if (!add_string_val (self, phase2->str, "phase2", FALSE, FALSE)) { g_string_free (phase2, TRUE); return FALSE; } } g_string_free (phase2, TRUE); /* PAC file */ path = nm_setting_802_1x_get_pac_file (setting); if (path) { if (!add_string_val (self, path, "pac_file", FALSE, FALSE)) return FALSE; } else { /* PAC file is not specified. * If provisioning is allowed, use an blob format. */ if (fast_provisoning_allowed) { char *blob_name = g_strdup_printf ("blob://pac-blob-%s", con_uuid); if (!add_string_val (self, blob_name, "pac_file", FALSE, FALSE)) { g_free (blob_name); return FALSE; } g_free (blob_name); } else { /* This is only error for EAP-FAST; don't disturb other methods. */ if (fast) { nm_log_err (LOGD_SUPPLICANT, "EAP-FAST error: no PAC file provided and " "automatic PAC provisioning is disabled."); return FALSE; } } } /* CA path */ path = nm_setting_802_1x_get_ca_path (setting); if (nm_setting_802_1x_get_system_ca_certs (setting)) path = SYSTEM_CA_PATH; if (path) { if (!add_string_val (self, path, "ca_path", FALSE, FALSE)) return FALSE; } /* Phase2 CA path */ path = nm_setting_802_1x_get_phase2_ca_path (setting); if (nm_setting_802_1x_get_system_ca_certs (setting)) path = SYSTEM_CA_PATH; if (path) { if (!add_string_val (self, path, "ca_path2", FALSE, FALSE)) return FALSE; } /* CA certificate */ switch (nm_setting_802_1x_get_ca_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_ca_cert_blob (setting); ADD_BLOB_VAL (bytes, "ca_cert", con_uuid); break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_ca_cert_path (setting); if (!add_string_val (self, path, "ca_cert", FALSE, FALSE)) return FALSE; break; default: break; } /* Phase 2 CA certificate */ switch (nm_setting_802_1x_get_phase2_ca_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_ca_cert_blob (setting); ADD_BLOB_VAL (bytes, "ca_cert2", con_uuid); break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_ca_cert_path (setting); if (!add_string_val (self, path, "ca_cert2", FALSE, FALSE)) return FALSE; break; default: break; } /* Subject match */ value = nm_setting_802_1x_get_subject_match (setting); if (!add_string_val (self, value, "subject_match", FALSE, FALSE)) return FALSE; value = nm_setting_802_1x_get_phase2_subject_match (setting); if (!add_string_val (self, value, "subject_match2", FALSE, FALSE)) return FALSE; /* altSubjectName match */ ADD_STRING_LIST_VAL (setting, 802_1x, altsubject_match, altsubject_matches, "altsubject_match", ';', FALSE, FALSE); ADD_STRING_LIST_VAL (setting, 802_1x, phase2_altsubject_match, phase2_altsubject_matches, "altsubject_match2", ';', FALSE, FALSE); /* Private key */ added = FALSE; switch (nm_setting_802_1x_get_private_key_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_private_key_blob (setting); ADD_BLOB_VAL (bytes, "private_key", con_uuid); added = TRUE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_private_key_path (setting); if (!add_string_val (self, path, "private_key", FALSE, FALSE)) return FALSE; added = TRUE; break; default: break; } if (added) { NMSetting8021xCKFormat format; NMSetting8021xCKScheme scheme; format = nm_setting_802_1x_get_private_key_format (setting); scheme = nm_setting_802_1x_get_private_key_scheme (setting); if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PATH || format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the private key password for PKCS#12 blobs and * all path schemes, since in both of these cases the private key * isn't decrypted at all. */ value = nm_setting_802_1x_get_private_key_password (setting); if (!add_string_val (self, value, "private_key_passwd", FALSE, TRUE)) return FALSE; } if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the client cert if the private key is not PKCS#12, as * wpa_supplicant configuration directs us to do. */ switch (nm_setting_802_1x_get_client_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_client_cert_blob (setting); ADD_BLOB_VAL (bytes, "client_cert", con_uuid); break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_client_cert_path (setting); if (!add_string_val (self, path, "client_cert", FALSE, FALSE)) return FALSE; break; default: break; } } } /* Phase 2 private key */ added = FALSE; switch (nm_setting_802_1x_get_phase2_private_key_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_private_key_blob (setting); ADD_BLOB_VAL (bytes, "private_key2", con_uuid); added = TRUE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_private_key_path (setting); if (!add_string_val (self, path, "private_key2", FALSE, FALSE)) return FALSE; added = TRUE; break; default: break; } if (added) { NMSetting8021xCKFormat format; NMSetting8021xCKScheme scheme; format = nm_setting_802_1x_get_phase2_private_key_format (setting); scheme = nm_setting_802_1x_get_phase2_private_key_scheme (setting); if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PATH || format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the private key password for PKCS#12 blobs and * all path schemes, since in both of these cases the private key * isn't decrypted at all. */ value = nm_setting_802_1x_get_phase2_private_key_password (setting); if (!add_string_val (self, value, "private_key2_passwd", FALSE, TRUE)) return FALSE; } if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the client cert if the private key is not PKCS#12, as * wpa_supplicant configuration directs us to do. */ switch (nm_setting_802_1x_get_phase2_client_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_client_cert_blob (setting); ADD_BLOB_VAL (bytes, "client_cert2", con_uuid); break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_client_cert_path (setting); if (!add_string_val (self, path, "client_cert2", FALSE, FALSE)) return FALSE; break; default: break; } } } value = nm_setting_802_1x_get_identity (setting); if (!add_string_val (self, value, "identity", FALSE, FALSE)) return FALSE; value = nm_setting_802_1x_get_anonymous_identity (setting); if (!add_string_val (self, value, "anonymous_identity", FALSE, FALSE)) return FALSE; return TRUE; }
static GtkWidget * inner_auth_combo_init (EAPMethodPEAP *method, NMConnection *connection, NMSetting8021x *s_8021x, gboolean secrets_only) { EAPMethod *parent = (EAPMethod *) method; GtkWidget *combo; GtkListStore *auth_model; GtkTreeIter iter; EAPMethodSimple *em_mschap_v2; EAPMethodSimple *em_md5; EAPMethodSimple *em_gtc; guint32 active = 0; const char *phase2_auth = NULL; EAPMethodSimpleFlags simple_flags; auth_model = gtk_list_store_new (2, G_TYPE_STRING, eap_method_get_type ()); if (s_8021x) { if (nm_setting_802_1x_get_phase2_auth (s_8021x)) phase2_auth = nm_setting_802_1x_get_phase2_auth (s_8021x); else if (nm_setting_802_1x_get_phase2_autheap (s_8021x)) phase2_auth = nm_setting_802_1x_get_phase2_autheap (s_8021x); } simple_flags = EAP_METHOD_SIMPLE_FLAG_PHASE2; if (method->is_editor) simple_flags |= EAP_METHOD_SIMPLE_FLAG_IS_EDITOR; if (secrets_only) simple_flags |= EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY; em_mschap_v2 = eap_method_simple_new (method->sec_parent, connection, EAP_METHOD_SIMPLE_TYPE_MSCHAP_V2, simple_flags); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, I_NAME_COLUMN, _("MSCHAPv2"), I_METHOD_COLUMN, em_mschap_v2, -1); eap_method_unref (EAP_METHOD (em_mschap_v2)); /* Check for defaulting to MSCHAPv2 */ if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2")) active = 0; em_md5 = eap_method_simple_new (method->sec_parent, connection, EAP_METHOD_SIMPLE_TYPE_MD5, simple_flags); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, I_NAME_COLUMN, _("MD5"), I_METHOD_COLUMN, em_md5, -1); eap_method_unref (EAP_METHOD (em_md5)); /* Check for defaulting to MD5 */ if (phase2_auth && !strcasecmp (phase2_auth, "md5")) active = 1; em_gtc = eap_method_simple_new (method->sec_parent, connection, EAP_METHOD_SIMPLE_TYPE_GTC, simple_flags); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, I_NAME_COLUMN, _("GTC"), I_METHOD_COLUMN, em_gtc, -1); eap_method_unref (EAP_METHOD (em_gtc)); /* Check for defaulting to GTC */ if (phase2_auth && !strcasecmp (phase2_auth, "gtc")) active = 2; combo = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo")); g_assert (combo); gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (auth_model)); g_object_unref (G_OBJECT (auth_model)); gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active); g_signal_connect (G_OBJECT (combo), "changed", (GCallback) inner_auth_combo_changed_cb, method); return combo; }