static gboolean dsa_subject_public_key_from_attributes (GckAttributes *attrs, gulong klass, GNode *info_asn) { const GckAttribute *value, *g, *q, *p; GNode *key_asn, *params_asn; GBytes *key; p = gck_attributes_find (attrs, CKA_PRIME); q = gck_attributes_find (attrs, CKA_SUBPRIME); g = gck_attributes_find (attrs, CKA_BASE); value = gck_attributes_find (attrs, CKA_VALUE); if (p == NULL || gck_attribute_is_invalid (p) || q == NULL || gck_attribute_is_invalid (q) || g == NULL || gck_attribute_is_invalid (g) || value == NULL || gck_attribute_is_invalid (value)) return FALSE; key_asn = egg_asn1x_create (pk_asn1_tab, "DSAPublicPart"); g_return_val_if_fail (key_asn, FALSE); params_asn = egg_asn1x_create (pk_asn1_tab, "DSAParameters"); g_return_val_if_fail (params_asn, FALSE); egg_asn1x_take_integer_as_usg (egg_asn1x_node (params_asn, "p", NULL), g_bytes_new_with_free_func (p->value, p->length, gck_attributes_unref, gck_attributes_ref (attrs))); egg_asn1x_take_integer_as_usg (egg_asn1x_node (params_asn, "q", NULL), g_bytes_new_with_free_func (q->value, q->length, gck_attributes_unref, gck_attributes_ref (attrs))); egg_asn1x_take_integer_as_usg (egg_asn1x_node (params_asn, "g", NULL), g_bytes_new_with_free_func (g->value, g->length, gck_attributes_unref, gck_attributes_ref (attrs))); /* Are these attributes for a public or private key? */ if (klass == CKO_PRIVATE_KEY) { /* We need to calculate the public from the private key */ if (!dsa_subject_public_key_from_private (key_asn, p, q, g, value)) g_return_val_if_reached (FALSE); } else if (klass == CKO_PUBLIC_KEY) { egg_asn1x_take_integer_as_usg (key_asn, g_bytes_new_with_free_func (value->value, value->length, gck_attributes_unref, gck_attributes_ref (attrs))); } else { g_assert_not_reached (); } key = egg_asn1x_encode (key_asn, NULL); egg_asn1x_destroy (key_asn); egg_asn1x_set_bits_as_raw (egg_asn1x_node (info_asn, "subjectPublicKey", NULL), key, g_bytes_get_size (key) * 8); egg_asn1x_set_any_from (egg_asn1x_node (info_asn, "algorithm", "parameters", NULL), params_asn); egg_asn1x_set_oid_as_quark (egg_asn1x_node (info_asn, "algorithm", "algorithm", NULL), GCR_OID_PKIX1_DSA); g_bytes_unref (key); egg_asn1x_destroy (params_asn); return TRUE; }
/** * gcr_certificate_request_complete: * @self: a certificate request * @cancellable: a cancellation object * @error: location to place an error on failure * * Complete and sign a certificate request, so that it can be encoded * and sent to a certificate authority. * * This call may block as it signs the request using the private key. * * Returns: whether certificate request was successfully completed or not */ gboolean gcr_certificate_request_complete (GcrCertificateRequest *self, GCancellable *cancellable, GError **error) { GNode *subject_public_key; const gulong *mechanisms; gsize n_mechanisms; GckMechanism mechanism = { 0, }; GQuark algorithm = 0; GBytes *tbs; GckSession *session; guchar *signature; gsize n_signature; gboolean ret; g_return_val_if_fail (GCR_IS_CERTIFICATE_REQUEST (self), FALSE); g_return_val_if_fail (cancellable == NULL || G_CANCELLABLE (cancellable), FALSE); g_return_val_if_fail (error == NULL || *error == NULL, FALSE); subject_public_key = _gcr_subject_public_key_load (self->private_key, cancellable, error); if (subject_public_key == NULL) return FALSE; ret = prepare_subject_public_key_and_mechanisms (self, subject_public_key, &algorithm, &mechanisms, &n_mechanisms, error); if (!ret) { egg_asn1x_destroy (subject_public_key); return FALSE; } /* Figure out which mechanism to use */ mechanism.type = _gcr_key_mechanisms_check (self->private_key, mechanisms, n_mechanisms, CKA_SIGN, cancellable, NULL); if (mechanism.type == GCK_INVALID) { egg_asn1x_destroy (subject_public_key); g_set_error (error, GCK_ERROR, CKR_KEY_TYPE_INCONSISTENT, _("The key cannot be used to sign the request")); return FALSE; } tbs = prepare_to_be_signed (self, &mechanism); session = gck_object_get_session (self->private_key); signature = gck_session_sign_full (session, self->private_key, &mechanism, g_bytes_get_data (tbs, NULL), g_bytes_get_size (tbs), &n_signature, cancellable, error); g_object_unref (session); g_bytes_unref (tbs); if (!signature) { egg_asn1x_destroy (subject_public_key); return FALSE; } encode_take_signature_into_request (self, algorithm, subject_public_key, signature, n_signature); egg_asn1x_destroy (subject_public_key); return TRUE; }
/** * dfu_patch_apply: * @self: a #DfuPatch * @blob: a #GBytes, typically the old firmware image * @flags: a #DfuPatchApplyFlags, e.g. %DFU_PATCH_APPLY_FLAG_IGNORE_CHECKSUM * @error: a #GError, or %NULL * * Apply the currently loaded patch to a new firmware image. * * Return value: A #GBytes, typically saved as the new firmware file **/ GBytes * dfu_patch_apply (DfuPatch *self, GBytes *blob, DfuPatchApplyFlags flags, GError **error) { DfuPatchPrivate *priv = GET_PRIVATE (self); const guint8 *data_old; gsize sz; gsize sz_max = 0; g_autofree guint8 *data_new = NULL; g_autoptr(GBytes) blob_checksum_new = NULL; g_autoptr(GBytes) blob_checksum = NULL; g_autoptr(GBytes) blob_new = NULL; /* not loaded yet */ if (priv->chunks->len == 0) { g_set_error_literal (error, FWUPD_ERROR, FWUPD_ERROR_INVALID_FILE, "no patches loaded"); return NULL; } /* get the hash of the old firmware file */ blob_checksum = dfu_patch_calculate_checksum (blob); if ((flags & DFU_PATCH_APPLY_FLAG_IGNORE_CHECKSUM) == 0 && !g_bytes_equal (blob_checksum, priv->checksum_old)) { g_autofree gchar *actual = _g_bytes_to_string (blob_checksum); g_autofree gchar *expect = _g_bytes_to_string (priv->checksum_old); g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_INVALID_FILE, "checksum for source did not match, expected %s, got %s", expect, actual); return NULL; } /* get the size of the new image size */ for (guint i = 0; i < priv->chunks->len; i++) { DfuPatchChunk *chunk = g_ptr_array_index (priv->chunks, i); gsize chunk_sz = g_bytes_get_size (chunk->blob); if (chunk->off + chunk_sz > sz_max) sz_max = chunk->off + chunk_sz; } /* first, copy the data buffer */ data_old = g_bytes_get_data (blob, &sz); if (sz_max < sz) { g_set_error_literal (error, FWUPD_ERROR, FWUPD_ERROR_INVALID_FILE, "binary patch cannot truncate binary"); return NULL; } if (sz == sz_max) { g_debug ("binary staying same size: %" G_GSIZE_FORMAT, sz); } else { g_debug ("binary growing from: %" G_GSIZE_FORMAT " to %" G_GSIZE_FORMAT, sz, sz_max); } data_new = g_malloc0 (sz_max); memcpy (data_new, data_old, MIN (sz, sz_max)); for (guint i = 0; i < priv->chunks->len; i++) { DfuPatchChunk *chunk = g_ptr_array_index (priv->chunks, i); const guint8 *chunk_data; gsize chunk_sz; /* bigger than the total size */ chunk_data = g_bytes_get_data (chunk->blob, &chunk_sz); if (chunk->off + chunk_sz > sz_max) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_INVALID_FILE, "cannot apply chunk as larger than max size"); return NULL; } /* apply one chunk */ g_debug ("applying chunk %u/%u @0x%04x (length %" G_GSIZE_FORMAT ")", i + 1, priv->chunks->len, chunk->off, chunk_sz); memcpy (data_new + chunk->off, chunk_data, chunk_sz); } /* check we got the desired hash */ blob_new = g_bytes_new (data_new, sz_max); blob_checksum_new = dfu_patch_calculate_checksum (blob_new); if ((flags & DFU_PATCH_APPLY_FLAG_IGNORE_CHECKSUM) == 0 && !g_bytes_equal (blob_checksum_new, priv->checksum_new)) { g_autofree gchar *actual = _g_bytes_to_string (blob_checksum_new); g_autofree gchar *expect = _g_bytes_to_string (priv->checksum_new); g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_INVALID_FILE, "checksum for result did not match, expected %s, got %s", expect, actual); return NULL; } /* success */ return g_steal_pointer (&blob_new); }
static gboolean builder_source_file_download (BuilderSource *source, gboolean update_vcs, BuilderContext *context, GError **error) { BuilderSourceFile *self = BUILDER_SOURCE_FILE (source); g_autoptr(GFile) file = NULL; gboolean is_local, is_inline; g_autoptr (GFile) dir = NULL; g_autofree char *dir_path = NULL; g_autofree char *sha256 = NULL; g_autofree char *base_name = NULL; g_autoptr(GBytes) content = NULL; file = get_source_file (self, context, &is_local, &is_inline, error); if (file == NULL) return FALSE; base_name = g_file_get_basename (file); if (g_file_query_exists (file, NULL)) { if (is_local && self->sha256 != NULL && *self->sha256 != 0) { g_autofree char *data = NULL; gsize len; if (!g_file_load_contents (file, NULL, &data, &len, NULL, error)) return FALSE; sha256 = g_compute_checksum_for_string (G_CHECKSUM_SHA256, data, len); if (strcmp (sha256, self->sha256) != 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Wrong sha256 for %s, expected %s, was %s", base_name, self->sha256, sha256); return FALSE; } } return TRUE; } if (is_local) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Can't find file at %s", self->path); return FALSE; } content = download_uri (self->url, context, error); if (content == NULL) return FALSE; sha256 = g_compute_checksum_for_string (G_CHECKSUM_SHA256, g_bytes_get_data (content, NULL), g_bytes_get_size (content)); /* sha256 is optional for inline data */ if (((self->sha256 != NULL && *self->sha256 != 0) || !is_inline) && strcmp (sha256, self->sha256) != 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Wrong sha256 for %s, expected %s, was %s", base_name, self->sha256, sha256); return FALSE; } dir = g_file_get_parent (file); dir_path = g_file_get_path (dir); g_mkdir_with_parents (dir_path, 0755); if (!g_file_replace_contents (file, g_bytes_get_data (content, NULL), g_bytes_get_size (content), NULL, FALSE, G_FILE_CREATE_NONE, NULL, NULL, error)) return FALSE; return TRUE; }
gboolean _ostree_static_delta_part_open (GInputStream *part_in, GBytes *inline_part_bytes, OstreeStaticDeltaOpenFlags flags, const char *expected_checksum, GVariant **out_part, GCancellable *cancellable, GError **error) { gboolean ret = FALSE; const gboolean trusted = (flags & OSTREE_STATIC_DELTA_OPEN_FLAGS_VARIANT_TRUSTED) > 0; const gboolean skip_checksum = (flags & OSTREE_STATIC_DELTA_OPEN_FLAGS_SKIP_CHECKSUM) > 0; gsize bytes_read; guint8 comptype; g_autoptr(GChecksum) checksum = NULL; g_autoptr(GInputStream) checksum_in = NULL; g_autoptr(GVariant) ret_part = NULL; GInputStream *source_in; /* We either take a fd or a GBytes reference */ g_return_val_if_fail (G_IS_FILE_DESCRIPTOR_BASED (part_in) || inline_part_bytes != NULL, FALSE); g_return_val_if_fail (skip_checksum || expected_checksum != NULL, FALSE); if (!skip_checksum) { checksum = g_checksum_new (G_CHECKSUM_SHA256); checksum_in = (GInputStream*)ostree_checksum_input_stream_new (part_in, checksum); source_in = checksum_in; } else { source_in = part_in; } { guint8 buf[1]; /* First byte is compression type */ if (!g_input_stream_read_all (source_in, buf, sizeof(buf), &bytes_read, cancellable, error)) { g_prefix_error (error, "Reading initial compression flag byte: "); goto out; } comptype = buf[0]; } switch (comptype) { case 0: if (!inline_part_bytes) { int part_fd = g_file_descriptor_based_get_fd ((GFileDescriptorBased*)part_in); /* No compression, no checksums - a fast path */ if (!ot_util_variant_map_fd (part_fd, 1, G_VARIANT_TYPE (OSTREE_STATIC_DELTA_PART_PAYLOAD_FORMAT_V0), trusted, &ret_part, error)) goto out; } else { g_autoptr(GBytes) content_bytes = g_bytes_new_from_bytes (inline_part_bytes, 1, g_bytes_get_size (inline_part_bytes) - 1); ret_part = g_variant_new_from_bytes (G_VARIANT_TYPE (OSTREE_STATIC_DELTA_PART_PAYLOAD_FORMAT_V0), content_bytes, trusted); g_variant_ref_sink (ret_part); } if (!skip_checksum) g_checksum_update (checksum, g_variant_get_data (ret_part), g_variant_get_size (ret_part)); break; case 'x': { g_autofree char *tmppath = g_strdup ("/var/tmp/ostree-delta-XXXXXX"); g_autoptr(GConverter) decomp = (GConverter*) _ostree_lzma_decompressor_new (); g_autoptr(GInputStream) convin = g_converter_input_stream_new (source_in, decomp); g_autoptr(GOutputStream) unpacked_out = NULL; glnx_fd_close int unpacked_fd = -1; gssize n_bytes_written; unpacked_fd = g_mkstemp_full (tmppath, O_RDWR | O_CLOEXEC, 0640); if (unpacked_fd < 0) { glnx_set_error_from_errno (error); goto out; } /* Now make it autocleanup on process exit - in the future, we * should consider caching unpacked deltas as well. */ if (unlink (tmppath) < 0) { glnx_set_error_from_errno (error); goto out; } unpacked_out = g_unix_output_stream_new (unpacked_fd, FALSE); n_bytes_written = g_output_stream_splice (unpacked_out, convin, G_OUTPUT_STREAM_SPLICE_CLOSE_SOURCE | G_OUTPUT_STREAM_SPLICE_CLOSE_TARGET, cancellable, error); if (n_bytes_written < 0) goto out; if (!ot_util_variant_map_fd (unpacked_fd, 0, G_VARIANT_TYPE (OSTREE_STATIC_DELTA_PART_PAYLOAD_FORMAT_V0), trusted, &ret_part, error)) goto out; } break; default: g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Invalid compression type '%u'", comptype); goto out; } if (checksum) { const char *actual_checksum = g_checksum_get_string (checksum); g_assert (expected_checksum != NULL); if (strcmp (actual_checksum, expected_checksum) != 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Checksum mismatch in static delta part; expected=%s actual=%s", expected_checksum, actual_checksum); goto out; } } ret = TRUE; *out_part = g_steal_pointer (&ret_part); out: return ret; }
/** * fu_provider_schedule_update: **/ static gboolean fu_provider_schedule_update (FuProvider *provider, FuDevice *device, GInputStream *stream, GError **error) { gchar tmpname[] = {"XXXXXX.cap"}; guint i; _cleanup_bytes_unref_ GBytes *fwbin = NULL; _cleanup_free_ gchar *dirname = NULL; _cleanup_free_ gchar *filename = NULL; _cleanup_object_unref_ FuDevice *device_tmp = NULL; _cleanup_object_unref_ FuPending *pending = NULL; _cleanup_object_unref_ GFile *file = NULL; /* id already exists */ pending = fu_pending_new (); device_tmp = fu_pending_get_device (pending, fu_device_get_id (device), NULL); if (device_tmp != NULL) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_ALREADY_PENDING, "%s is already scheduled to be updated", fu_device_get_id (device)); return FALSE; } /* create directory */ dirname = g_build_filename (LOCALSTATEDIR, "lib", "fwupd", NULL); file = g_file_new_for_path (dirname); if (!g_file_query_exists (file, NULL)) { if (!g_file_make_directory_with_parents (file, NULL, error)) return FALSE; } /* get a random filename */ for (i = 0; i < 6; i++) tmpname[i] = g_random_int_range ('A', 'Z'); filename = g_build_filename (dirname, tmpname, NULL); /* just copy to the temp file */ fu_provider_set_status (provider, FWUPD_STATUS_SCHEDULING); if (!g_seekable_seek (G_SEEKABLE (stream), 0, G_SEEK_SET, NULL, error)) return FALSE; fwbin = g_input_stream_read_bytes (stream, FU_PROVIDER_FIRMWARE_MAX, NULL, error); if (fwbin == NULL) return FALSE; if (!g_file_set_contents (filename, g_bytes_get_data (fwbin, NULL), g_bytes_get_size (fwbin), error)) return FALSE; /* schedule for next boot */ g_debug ("schedule %s to be installed to %s on next boot", filename, fu_device_get_id (device)); fu_device_set_metadata (device, FU_DEVICE_KEY_FILENAME_CAB, filename); /* add to database */ if (!fu_pending_add_device (pending, device, error)) return FALSE; /* next boot we run offline */ return fu_provider_offline_setup (error); }
gboolean nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, NMSettingWirelessSecurity *setting, NMSetting8021x *setting_8021x, const char *con_uuid, guint32 mtu, GError **error) { const char *key_mgmt, *auth_alg; const char *psk; g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE); g_return_val_if_fail (setting != NULL, FALSE); g_return_val_if_fail (con_uuid != NULL, FALSE); g_return_val_if_fail (!error || !*error, FALSE); key_mgmt = nm_setting_wireless_security_get_key_mgmt (setting); if (!add_string_val (self, key_mgmt, "key_mgmt", TRUE, FALSE, error)) return FALSE; auth_alg = nm_setting_wireless_security_get_auth_alg (setting); if (!add_string_val (self, auth_alg, "auth_alg", TRUE, FALSE, error)) return FALSE; psk = nm_setting_wireless_security_get_psk (setting); if (psk) { size_t psk_len = strlen (psk); if (psk_len == 64) { gs_unref_bytes GBytes *bytes = NULL; /* Hex PSK */ bytes = nm_utils_hexstr2bin (psk); if (!bytes) { g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, "Cannot add psk to supplicant config due to invalid hex"); return FALSE; } if (!nm_supplicant_config_add_option (self, "psk", g_bytes_get_data (bytes, NULL), g_bytes_get_size (bytes), TRUE, error)) return FALSE; } else if (psk_len >= 8 && psk_len <= 63) { /* Use TYPE_STRING here so that it gets pushed to the * supplicant as a string, and therefore gets quoted, * and therefore the supplicant will interpret it as a * passphrase and not a hex key. */ if (!nm_supplicant_config_add_option_with_type (self, "psk", psk, -1, TYPE_STRING, TRUE, error)) return FALSE; } else { g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, "Cannot add psk to supplicant config due to invalid PSK length %u (not between 8 and 63 characters)", (guint) psk_len); return FALSE; } } /* Only WPA-specific things when using WPA */ if ( !strcmp (key_mgmt, "wpa-none") || !strcmp (key_mgmt, "wpa-psk") || !strcmp (key_mgmt, "wpa-eap")) { if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, proto, protos, "proto", ' ', TRUE, FALSE, error)) return FALSE; if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, pairwise, pairwise, "pairwise", ' ', TRUE, FALSE, error)) return FALSE; if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, group, groups, "group", ' ', TRUE, FALSE, error)) return FALSE; } /* WEP keys if required */ if (!strcmp (key_mgmt, "none")) { NMWepKeyType wep_type = nm_setting_wireless_security_get_wep_key_type (setting); const char *wep0 = nm_setting_wireless_security_get_wep_key (setting, 0); const char *wep1 = nm_setting_wireless_security_get_wep_key (setting, 1); const char *wep2 = nm_setting_wireless_security_get_wep_key (setting, 2); const char *wep3 = nm_setting_wireless_security_get_wep_key (setting, 3); if (!add_wep_key (self, wep0, "wep_key0", wep_type, error)) return FALSE; if (!add_wep_key (self, wep1, "wep_key1", wep_type, error)) return FALSE; if (!add_wep_key (self, wep2, "wep_key2", wep_type, error)) return FALSE; if (!add_wep_key (self, wep3, "wep_key3", wep_type, error)) return FALSE; if (wep0 || wep1 || wep2 || wep3) { gs_free char *value = NULL; value = g_strdup_printf ("%d", nm_setting_wireless_security_get_wep_tx_keyidx (setting)); if (!nm_supplicant_config_add_option (self, "wep_tx_keyidx", value, -1, FALSE, error)) return FALSE; } } if (auth_alg && !strcmp (auth_alg, "leap")) { /* LEAP */ if (!strcmp (key_mgmt, "ieee8021x")) { const char *tmp; tmp = nm_setting_wireless_security_get_leap_username (setting); if (!add_string_val (self, tmp, "identity", FALSE, FALSE, error)) return FALSE; tmp = nm_setting_wireless_security_get_leap_password (setting); if (!add_string_val (self, tmp, "password", FALSE, TRUE, error)) return FALSE; if (!add_string_val (self, "leap", "eap", TRUE, FALSE, error)) return FALSE; } else { g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, "Invalid key-mgmt \"%s\" for leap", key_mgmt); return FALSE; } } else { /* 802.1x for Dynamic WEP and WPA-Enterprise */ if (!strcmp (key_mgmt, "ieee8021x") || !strcmp (key_mgmt, "wpa-eap")) { if (!setting_8021x) { g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, "Cannot set key-mgmt %s with missing 8021x setting", key_mgmt); return FALSE; } if (!nm_supplicant_config_add_setting_8021x (self, setting_8021x, con_uuid, mtu, FALSE, error)) return FALSE; } if (!strcmp (key_mgmt, "wpa-eap")) { /* If using WPA Enterprise, enable optimized background scanning * to ensure roaming within an ESS works well. */ if (!nm_supplicant_config_add_option (self, "bgscan", "simple:30:-65:300", -1, FALSE, error)) return FALSE; /* When using WPA-Enterprise, we want to use Proactive Key Caching (also * called Opportunistic Key Caching) to avoid full EAP exchanges when * roaming between access points in the same mobility group. */ if (!nm_supplicant_config_add_option (self, "proactive_key_caching", "1", -1, FALSE, error)) return FALSE; } } return TRUE; }
GtkWidget * do_css_multiplebgs (GtkWidget *do_widget) { if (!window) { GtkWidget *paned, *container, *child; GtkStyleProvider *provider; GtkTextBuffer *text; GBytes *bytes; window = gtk_window_new (GTK_WINDOW_TOPLEVEL); gtk_window_set_transient_for (GTK_WINDOW (window), GTK_WINDOW (do_widget)); gtk_window_set_default_size (GTK_WINDOW (window), 400, 300); g_signal_connect (window, "destroy", G_CALLBACK (gtk_widget_destroyed), &window); container = gtk_overlay_new (); gtk_widget_add_events (container, GDK_ENTER_NOTIFY_MASK | GDK_LEAVE_NOTIFY_MASK | GDK_POINTER_MOTION_MASK); gtk_container_add (GTK_CONTAINER (window), container); child = gtk_drawing_area_new (); gtk_widget_set_name (child, "canvas"); g_signal_connect (child, "draw", G_CALLBACK (drawing_area_draw), NULL); gtk_container_add (GTK_CONTAINER (container), child); child = gtk_button_new (); gtk_widget_add_events (child, GDK_ENTER_NOTIFY_MASK | GDK_LEAVE_NOTIFY_MASK | GDK_POINTER_MOTION_MASK); gtk_overlay_add_overlay (GTK_OVERLAY (container), child); gtk_widget_set_name (child, "bricks-button"); gtk_widget_set_halign (child, GTK_ALIGN_CENTER); gtk_widget_set_valign (child, GTK_ALIGN_CENTER); gtk_widget_set_size_request (child, 200, 80); paned = gtk_paned_new (GTK_ORIENTATION_VERTICAL); gtk_overlay_add_overlay (GTK_OVERLAY (container), paned); /* Need a filler so we get a handle */ child = gtk_box_new (GTK_ORIENTATION_VERTICAL, 0); gtk_container_add (GTK_CONTAINER (paned), child); text = gtk_text_buffer_new (NULL); gtk_text_buffer_create_tag (text, "warning", "underline", PANGO_UNDERLINE_SINGLE, NULL); gtk_text_buffer_create_tag (text, "error", "underline", PANGO_UNDERLINE_ERROR, NULL); provider = GTK_STYLE_PROVIDER (gtk_css_provider_new ()); container = gtk_scrolled_window_new (NULL, NULL); gtk_container_add (GTK_CONTAINER (paned), container); child = gtk_text_view_new_with_buffer (text); gtk_container_add (GTK_CONTAINER (container), child); g_signal_connect (text, "changed", G_CALLBACK (css_text_changed), provider); bytes = g_resources_lookup_data ("/css_multiplebgs/gtk.css", 0, NULL); gtk_text_buffer_set_text (text, g_bytes_get_data (bytes, NULL), g_bytes_get_size (bytes)); g_signal_connect (provider, "parsing-error", G_CALLBACK (show_parsing_error), gtk_text_view_get_buffer (GTK_TEXT_VIEW (child))); apply_css (window, provider); } if (!gtk_widget_get_visible (window)) gtk_widget_show_all (window); else { gtk_widget_destroy (window); window = NULL; } return window; }
gboolean nm_supplicant_config_add_setting_wireless (NMSupplicantConfig * self, NMSettingWireless * setting, guint32 fixed_freq) { NMSupplicantConfigPrivate *priv; gboolean is_adhoc, is_ap; const char *mode, *band; GBytes *ssid; const char *bssid; g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE); g_return_val_if_fail (setting != NULL, FALSE); priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); mode = nm_setting_wireless_get_mode (setting); is_adhoc = (mode && !strcmp (mode, "adhoc")) ? TRUE : FALSE; is_ap = (mode && !strcmp (mode, "ap")) ? TRUE : FALSE; if (is_adhoc || is_ap) priv->ap_scan = 2; else priv->ap_scan = 1; ssid = nm_setting_wireless_get_ssid (setting); if (!nm_supplicant_config_add_option (self, "ssid", (char *) g_bytes_get_data (ssid, NULL), g_bytes_get_size (ssid), FALSE)) { nm_log_warn (LOGD_SUPPLICANT, "Error adding SSID to supplicant config."); return FALSE; } if (is_adhoc) { if (!nm_supplicant_config_add_option (self, "mode", "1", -1, FALSE)) { nm_log_warn (LOGD_SUPPLICANT, "Error adding mode=1 (adhoc) to supplicant config."); return FALSE; } } if (is_ap) { if (!nm_supplicant_config_add_option (self, "mode", "2", -1, FALSE)) { nm_log_warn (LOGD_SUPPLICANT, "Error adding mode=2 (ap) to supplicant config."); return FALSE; } } if ((is_adhoc || is_ap) && fixed_freq) { char *str_freq; str_freq = g_strdup_printf ("%u", fixed_freq); if (!nm_supplicant_config_add_option (self, "frequency", str_freq, -1, FALSE)) { g_free (str_freq); nm_log_warn (LOGD_SUPPLICANT, "Error adding Ad-Hoc/AP frequency to supplicant config."); return FALSE; } g_free (str_freq); } /* Except for Ad-Hoc and Hotspot, request that the driver probe for the * specific SSID we want to associate with. */ if (!(is_adhoc || is_ap)) { if (!nm_supplicant_config_add_option (self, "scan_ssid", "1", -1, FALSE)) return FALSE; } bssid = nm_setting_wireless_get_bssid (setting); if (bssid) { if (!nm_supplicant_config_add_option (self, "bssid", bssid, strlen (bssid), FALSE)) { nm_log_warn (LOGD_SUPPLICANT, "Error adding BSSID to supplicant config."); return FALSE; } } band = nm_setting_wireless_get_band (setting); if (band) { const char *freqs = NULL; if (!strcmp (band, "a")) freqs = FIVE_GHZ_FREQS; else if (!strcmp (band, "bg")) freqs = TWO_GHZ_FREQS; if (freqs && !nm_supplicant_config_add_option (self, "freq_list", freqs, strlen (freqs), FALSE)) { nm_log_warn (LOGD_SUPPLICANT, "Error adding frequency list/band to supplicant config."); return FALSE; } } // FIXME: channel config item return TRUE; }
static void populate_ui (CEPageWifi *self) { CEPageWifiPrivate *priv = CE_PAGE_WIFI_GET_PRIVATE (self); NMSettingWireless *setting = priv->setting; GBytes *ssid; const char *mode; const char *band; int band_idx = 0; int rate_def; int tx_power_def; int mtu_def; char *utf8_ssid; const char *s_ifname, *s_mac, *s_bssid; GPtrArray *bssid_array; char **bssid_list; guint32 idx; rate_def = ce_get_property_default (NM_SETTING (setting), NM_SETTING_WIRELESS_RATE); g_signal_connect (priv->rate, "output", G_CALLBACK (ce_spin_output_with_automatic), GINT_TO_POINTER (rate_def)); g_signal_connect_swapped (priv->rate, "value-changed", G_CALLBACK (ce_page_changed), self); tx_power_def = ce_get_property_default (NM_SETTING (setting), NM_SETTING_WIRELESS_TX_POWER); g_signal_connect (priv->tx_power, "output", G_CALLBACK (ce_spin_output_with_automatic), GINT_TO_POINTER (tx_power_def)); g_signal_connect_swapped (priv->tx_power, "value-changed", G_CALLBACK (ce_page_changed), self); mtu_def = ce_get_property_default (NM_SETTING (setting), NM_SETTING_WIRELESS_MTU); g_signal_connect (priv->mtu, "output", G_CALLBACK (ce_spin_output_with_automatic), GINT_TO_POINTER (mtu_def)); g_signal_connect_swapped (priv->mtu, "value-changed", G_CALLBACK (ce_page_changed), self); ssid = nm_setting_wireless_get_ssid (setting); mode = nm_setting_wireless_get_mode (setting); band = nm_setting_wireless_get_band (setting); if (ssid) utf8_ssid = nm_utils_ssid_to_utf8 (g_bytes_get_data (ssid, NULL), g_bytes_get_size (ssid)); else utf8_ssid = g_strdup (""); gtk_entry_set_text (priv->ssid, utf8_ssid); g_signal_connect_swapped (priv->ssid, "changed", G_CALLBACK (ce_page_changed), self); g_free (utf8_ssid); /* Default to Infrastructure */ gtk_combo_box_set_active (priv->mode, 0); if (!g_strcmp0 (mode, "ap")) gtk_combo_box_set_active (priv->mode, 1); if (!g_strcmp0 (mode, "adhoc")) gtk_combo_box_set_active (priv->mode, 2); mode_combo_changed_cb (priv->mode, self); g_signal_connect (priv->mode, "changed", G_CALLBACK (mode_combo_changed_cb), self); g_signal_connect (priv->channel, "output", G_CALLBACK (channel_spin_output_cb), self); g_signal_connect (priv->channel, "input", G_CALLBACK (channel_spin_input_cb), self); gtk_widget_set_sensitive (GTK_WIDGET (priv->channel), FALSE); if (band) { if (!strcmp (band, "a")) { band_idx = 1; gtk_widget_set_sensitive (GTK_WIDGET (priv->channel), TRUE); } else if (!strcmp (band, "bg")) { band_idx = 2; gtk_widget_set_sensitive (GTK_WIDGET (priv->channel), TRUE); } } gtk_combo_box_set_active (priv->band, band_idx); g_signal_connect (priv->band, "changed", G_CALLBACK (band_value_changed_cb), self); /* Update the channel _after_ the band has been set so that it gets * the right values */ priv->last_channel = nm_setting_wireless_get_channel (setting); gtk_spin_button_set_value (priv->channel, (gdouble) priv->last_channel); g_signal_connect_swapped (priv->channel, "value-changed", G_CALLBACK (ce_page_changed), self); /* BSSID */ bssid_array = g_ptr_array_new (); for (idx = 0; idx < nm_setting_wireless_get_num_seen_bssids (setting); idx++) g_ptr_array_add (bssid_array, g_strdup (nm_setting_wireless_get_seen_bssid (setting, idx))); g_ptr_array_add (bssid_array, NULL); bssid_list = (char **) g_ptr_array_free (bssid_array, FALSE); s_bssid = nm_setting_wireless_get_bssid (setting); ce_page_setup_mac_combo (CE_PAGE (self), GTK_COMBO_BOX (priv->bssid), s_bssid, bssid_list); g_strfreev (bssid_list); g_signal_connect_swapped (priv->bssid, "changed", G_CALLBACK (ce_page_changed), self); /* Device MAC address */ s_ifname = nm_connection_get_interface_name (CE_PAGE (self)->connection); s_mac = nm_setting_wireless_get_mac_address (setting); ce_page_setup_device_combo (CE_PAGE (self), GTK_COMBO_BOX (priv->device_combo), NM_TYPE_DEVICE_WIFI, s_ifname, s_mac, NM_DEVICE_WIFI_PERMANENT_HW_ADDRESS, TRUE); g_signal_connect_swapped (priv->device_combo, "changed", G_CALLBACK (ce_page_changed), self); /* Cloned MAC address */ s_mac = nm_setting_wireless_get_cloned_mac_address (setting); if (s_mac) gtk_entry_set_text (priv->cloned_mac, s_mac); g_signal_connect_swapped (priv->cloned_mac, "changed", G_CALLBACK (ce_page_changed), self); gtk_spin_button_set_value (priv->rate, (gdouble) nm_setting_wireless_get_rate (setting)); gtk_spin_button_set_value (priv->tx_power, (gdouble) nm_setting_wireless_get_tx_power (setting)); gtk_spin_button_set_value (priv->mtu, (gdouble) nm_setting_wireless_get_mtu (setting)); }
gboolean _ostree_static_delta_part_open (GInputStream *part_in, GBytes *inline_part_bytes, OstreeStaticDeltaOpenFlags flags, const char *expected_checksum, GVariant **out_part, GCancellable *cancellable, GError **error) { const gboolean trusted = (flags & OSTREE_STATIC_DELTA_OPEN_FLAGS_VARIANT_TRUSTED) > 0; const gboolean skip_checksum = (flags & OSTREE_STATIC_DELTA_OPEN_FLAGS_SKIP_CHECKSUM) > 0; gsize bytes_read; guint8 comptype; g_autoptr(GChecksum) checksum = NULL; g_autoptr(GInputStream) checksum_in = NULL; GInputStream *source_in; /* We either take a fd or a GBytes reference */ g_return_val_if_fail (G_IS_FILE_DESCRIPTOR_BASED (part_in) || inline_part_bytes != NULL, FALSE); g_return_val_if_fail (skip_checksum || expected_checksum != NULL, FALSE); if (!skip_checksum) { checksum = g_checksum_new (G_CHECKSUM_SHA256); checksum_in = (GInputStream*)ostree_checksum_input_stream_new (part_in, checksum); source_in = checksum_in; } else { source_in = part_in; } { guint8 buf[1]; /* First byte is compression type */ if (!g_input_stream_read_all (source_in, buf, sizeof(buf), &bytes_read, cancellable, error)) return glnx_prefix_error (error, "Reading initial compression flag byte"); comptype = buf[0]; } g_autoptr(GVariant) ret_part = NULL; switch (comptype) { case 0: if (!inline_part_bytes) { int part_fd = g_file_descriptor_based_get_fd ((GFileDescriptorBased*)part_in); /* No compression, no checksums - a fast path */ if (!ot_util_variant_map_fd (part_fd, 1, G_VARIANT_TYPE (OSTREE_STATIC_DELTA_PART_PAYLOAD_FORMAT_V0), trusted, &ret_part, error)) return FALSE; } else { g_autoptr(GBytes) content_bytes = g_bytes_new_from_bytes (inline_part_bytes, 1, g_bytes_get_size (inline_part_bytes) - 1); ret_part = g_variant_new_from_bytes (G_VARIANT_TYPE (OSTREE_STATIC_DELTA_PART_PAYLOAD_FORMAT_V0), content_bytes, trusted); g_variant_ref_sink (ret_part); } if (!skip_checksum) g_checksum_update (checksum, g_variant_get_data (ret_part), g_variant_get_size (ret_part)); break; case 'x': { g_autoptr(GConverter) decomp = (GConverter*) _ostree_lzma_decompressor_new (); g_autoptr(GInputStream) convin = g_converter_input_stream_new (source_in, decomp); g_autoptr(GBytes) buf = ot_map_anonymous_tmpfile_from_content (convin, cancellable, error); if (!buf) return FALSE; ret_part = g_variant_new_from_bytes (G_VARIANT_TYPE (OSTREE_STATIC_DELTA_PART_PAYLOAD_FORMAT_V0), buf, FALSE); } break; default: return glnx_throw (error, "Invalid compression type '%u'", comptype); } if (checksum) { const char *actual_checksum = g_checksum_get_string (checksum); g_assert (expected_checksum != NULL); if (strcmp (actual_checksum, expected_checksum) != 0) return glnx_throw (error, "Checksum mismatch in static delta part; expected=%s actual=%s", expected_checksum, actual_checksum); } *out_part = g_steal_pointer (&ret_part); return TRUE; }
/** * cockpit_web_response_file: * @response: the response * @path: escaped path, or NULL to get from response * @roots: directories to look for file in * * Serve a file from disk as an HTTP response. */ void cockpit_web_response_file (CockpitWebResponse *response, const gchar *escaped, gboolean cache_forever, const gchar **roots) { const gchar *cache_control; GError *error = NULL; gchar *unescaped; char *path = NULL; gchar *built = NULL; GMappedFile *file = NULL; const gchar *root; GBytes *body; g_return_if_fail (COCKPIT_IS_WEB_RESPONSE (response)); if (!escaped) escaped = cockpit_web_response_get_path (response); g_return_if_fail (escaped != NULL); again: root = *(roots++); if (root == NULL) { cockpit_web_response_error (response, 404, NULL, "Not Found"); goto out; } unescaped = g_uri_unescape_string (escaped, NULL); built = g_build_filename (root, unescaped, NULL); g_free (unescaped); path = realpath (built, NULL); g_free (built); if (path == NULL) { if (errno == ENOENT || errno == ENOTDIR || errno == ELOOP || errno == ENAMETOOLONG) { g_debug ("%s: file not found in root: %s", escaped, root); goto again; } else if (errno == EACCES) { cockpit_web_response_error (response, 403, NULL, "Access Denied"); goto out; } else { g_warning ("%s: resolving path failed: %m", escaped); cockpit_web_response_error (response, 500, NULL, "Internal Server Error"); goto out; } } /* Double check that realpath() did the right thing */ g_return_if_fail (strstr (path, "../") == NULL); g_return_if_fail (!g_str_has_suffix (path, "/..")); /* Someone is trying to escape the root directory */ if (!path_has_prefix (path, root) && !path_has_prefix (path, cockpit_web_exception_escape_root)) { g_debug ("%s: request tried to escape the root directory: %s: %s", escaped, root, path); cockpit_web_response_error (response, 404, NULL, "Not Found"); goto out; } if (g_file_test (path, G_FILE_TEST_IS_DIR)) { cockpit_web_response_error (response, 403, NULL, "Directory Listing Denied"); goto out; } file = g_mapped_file_new (path, FALSE, &error); if (file == NULL) { if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_PERM) || g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ACCES) || g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ISDIR)) { cockpit_web_response_error (response, 403, NULL, "Access denied"); g_clear_error (&error); goto out; } else { g_warning ("%s: %s", path, error->message); cockpit_web_response_error (response, 500, NULL, "Internal server error"); g_clear_error (&error); goto out; } } body = g_mapped_file_get_bytes (file); cache_control = cache_forever ? "max-age=31556926, public" : NULL; cockpit_web_response_headers (response, 200, "OK", g_bytes_get_size (body), "Cache-Control", cache_control, NULL); if (cockpit_web_response_queue (response, body)) cockpit_web_response_complete (response); g_bytes_unref (body); out: free (path); if (file) g_mapped_file_unref (file); }
/** * gs_plugin_file_to_app: */ gboolean gs_plugin_file_to_app (GsPlugin *plugin, GList **list, GFile *file, GCancellable *cancellable, GError **error) { g_autofree gchar *content_type = NULL; g_autofree gchar *id_prefixed = NULL; g_autoptr(GBytes) appstream_gz = NULL; g_autoptr(GBytes) icon_data = NULL; g_autoptr(GBytes) metadata = NULL; g_autoptr(GsApp) app = NULL; g_autoptr(XdgAppBundleRef) xref_bundle = NULL; const gchar *mimetypes[] = { "application/vnd.xdgapp", NULL }; /* does this match any of the mimetypes we support */ content_type = gs_utils_get_content_type (file, cancellable, error); if (content_type == NULL) return FALSE; if (!g_strv_contains (mimetypes, content_type)) return TRUE; /* load bundle */ xref_bundle = xdg_app_bundle_ref_new (file, error); if (xref_bundle == NULL) { g_prefix_error (error, "error loading bundle: "); return FALSE; } /* create a virtual ID */ id_prefixed = gs_plugin_xdg_app_build_id (XDG_APP_REF (xref_bundle)); /* load metadata */ app = gs_app_new (id_prefixed); gs_app_set_kind (app, AS_APP_KIND_DESKTOP); gs_app_set_state (app, AS_APP_STATE_AVAILABLE_LOCAL); gs_app_set_size_installed (app, xdg_app_bundle_ref_get_installed_size (xref_bundle)); gs_plugin_xdg_app_set_metadata (app, XDG_APP_REF (xref_bundle)); metadata = xdg_app_bundle_ref_get_metadata (xref_bundle); if (!gs_plugin_xdg_app_set_app_metadata (app, g_bytes_get_data (metadata, NULL), g_bytes_get_size (metadata), error)) return FALSE; /* load AppStream */ appstream_gz = xdg_app_bundle_ref_get_appstream (xref_bundle); if (appstream_gz != NULL) { g_autoptr(GZlibDecompressor) decompressor = NULL; g_autoptr(GInputStream) stream_gz = NULL; g_autoptr(GInputStream) stream_data = NULL; g_autoptr(GBytes) appstream = NULL; g_autoptr(AsStore) store = NULL; g_autofree gchar *id = NULL; AsApp *item; /* decompress data */ decompressor = g_zlib_decompressor_new (G_ZLIB_COMPRESSOR_FORMAT_GZIP); stream_gz = g_memory_input_stream_new_from_bytes (appstream_gz); if (stream_gz == NULL) return FALSE; stream_data = g_converter_input_stream_new (stream_gz, G_CONVERTER (decompressor)); appstream = g_input_stream_read_bytes (stream_data, 0x100000, /* 1Mb */ cancellable, error); if (appstream == NULL) return FALSE; store = as_store_new (); if (!as_store_from_bytes (store, appstream, cancellable, error)) return FALSE; /* find app */ id = g_strdup_printf ("%s.desktop", gs_app_get_xdgapp_name (app)); item = as_store_get_app_by_id (store, id); if (item == NULL) { g_set_error (error, GS_PLUGIN_ERROR, GS_PLUGIN_ERROR_FAILED, "application %s not found", id); return FALSE; } /* copy details from AppStream to app */ if (!gs_appstream_refine_app (plugin, app, item, error)) return FALSE; } /* load icon */ icon_data = xdg_app_bundle_ref_get_icon (xref_bundle, 64 * gs_plugin_get_scale (plugin)); if (icon_data == NULL) icon_data = xdg_app_bundle_ref_get_icon (xref_bundle, 64); if (icon_data != NULL) { g_autoptr(GInputStream) stream_icon = NULL; g_autoptr(GdkPixbuf) pixbuf = NULL; stream_icon = g_memory_input_stream_new_from_bytes (icon_data); pixbuf = gdk_pixbuf_new_from_stream (stream_icon, cancellable, error); if (pixbuf == NULL) return FALSE; gs_app_set_pixbuf (app, pixbuf); } else { g_autoptr(AsIcon) icon = NULL; icon = as_icon_new (); as_icon_set_kind (icon, AS_ICON_KIND_STOCK); as_icon_set_name (icon, "application-x-executable"); gs_app_set_icon (app, icon); } /* not quite true: this just means we can update this specific app */ if (xdg_app_bundle_ref_get_origin (xref_bundle)) gs_app_add_quirk (app, AS_APP_QUIRK_HAS_SOURCE); g_debug ("created local app: %s", gs_app_to_string (app)); gs_app_list_add (list, app); return TRUE; }
static void create_trust_file_for_issuer_and_serial (const gchar *filename, const gchar *certificate) { GError *err = NULL; GNode *asn, *cert, *choice, *ref; GNode *issuer, *serial; gchar *data; GBytes *result; GBytes *value; GBytes *element; gsize n_data; GBytes *bytes; if (!g_file_get_contents (certificate, &data, &n_data, &err)) barf_and_die ("couldn't read certificate file", egg_error_message (err)); /* Make sure the certificate is */ cert = egg_asn1x_create (pkix_asn1_tab, "Certificate"); g_return_if_fail (cert); bytes = g_bytes_new_take (data, n_data); if (!egg_asn1x_decode (cert, bytes)) barf_and_die ("couldn't parse der certificate file", egg_asn1x_message (cert)); g_bytes_unref (bytes); /* Dig out the issuer and serial */ issuer = egg_asn1x_node (cert, "tbsCertificate", "issuer", NULL); serial = egg_asn1x_node (cert, "tbsCertificate", "serialNumber", NULL); g_return_if_fail (issuer && serial); /* Create up the trust structure */ asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_if_fail (asn); /* Setup the type of trust assertion */ ref = egg_asn1x_node (asn, "reference", NULL); choice = egg_asn1x_node (ref, "certReference", NULL); if (!egg_asn1x_set_choice (ref, choice)) g_return_if_reached (); /* Copy over the serial and issuer */ element = egg_asn1x_get_element_raw (issuer); if (!egg_asn1x_set_any_raw (egg_asn1x_node (choice, "issuer", NULL), element)) g_return_if_reached (); g_bytes_unref (element); value = egg_asn1x_get_integer_as_raw (serial); egg_asn1x_set_integer_as_raw (egg_asn1x_node (choice, "serialNumber", NULL), value); g_bytes_unref (value); result = egg_asn1x_encode (asn, NULL); if (result == NULL) barf_and_die ("couldn't encode the trust file", egg_asn1x_message (asn)); g_free (data); egg_asn1x_destroy (cert); egg_asn1x_destroy (asn); if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL), g_bytes_get_size (result), &err)) barf_and_die ("couldn't write trust file", egg_error_message (err)); g_bytes_unref (result); }
/** * cockpit_web_response_file: * @response: the response * @path: escaped path, or NULL to get from response * @roots: directories to look for file in * * Serve a file from disk as an HTTP response. */ void cockpit_web_response_file (CockpitWebResponse *response, const gchar *escaped, const gchar **roots) { const gchar *csp_header; GError *error = NULL; gchar *unescaped = NULL; gchar *path = NULL; GMappedFile *file = NULL; const gchar *root; GBytes *body; g_return_if_fail (COCKPIT_IS_WEB_RESPONSE (response)); if (!escaped) escaped = cockpit_web_response_get_path (response); g_return_if_fail (escaped != NULL); /* Someone is trying to escape the root directory, or access hidden files? */ unescaped = g_uri_unescape_string (escaped, NULL); if (strstr (unescaped, "/.") || strstr (unescaped, "../") || strstr (unescaped, "//")) { g_debug ("%s: invalid path request", escaped); cockpit_web_response_error (response, 404, NULL, "Not Found"); goto out; } again: root = *(roots++); if (root == NULL) { cockpit_web_response_error (response, 404, NULL, "Not Found"); goto out; } g_free (path); path = g_build_filename (root, unescaped, NULL); if (g_file_test (path, G_FILE_TEST_IS_DIR)) { cockpit_web_response_error (response, 403, NULL, "Directory Listing Denied"); goto out; } /* As a double check of above behavior */ g_assert (path_has_prefix (path, root)); g_clear_error (&error); file = g_mapped_file_new (path, FALSE, &error); if (file == NULL) { if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NOENT) || g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NAMETOOLONG)) { g_debug ("%s: file not found in root: %s", escaped, root); goto again; } else if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_PERM) || g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ACCES) || g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_ISDIR)) { cockpit_web_response_error (response, 403, NULL, "Access denied"); goto out; } else { g_warning ("%s: %s", path, error->message); cockpit_web_response_error (response, 500, NULL, "Internal server error"); goto out; } } body = g_mapped_file_get_bytes (file); /* * The default Content-Security-Policy for .html files allows * the site to have inline <script> and <style> tags. This code * is not used when serving resources once logged in, only for * static resources when we don't yet have a session. */ csp_header = NULL; if (g_str_has_suffix (unescaped, ".html")) csp_header = "Content-Security-Policy"; cockpit_web_response_headers (response, 200, "OK", g_bytes_get_size (body), csp_header, "default-src 'self' 'unsafe-inline'; connect-src 'self' ws: wss:", NULL); if (cockpit_web_response_queue (response, body)) cockpit_web_response_complete (response); g_bytes_unref (body); out: g_free (unescaped); g_clear_error (&error); g_free (path); if (file) g_mapped_file_unref (file); }
gboolean nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, NMSetting8021x *setting, const char *con_uuid, gboolean wired) { NMSupplicantConfigPrivate *priv; char *tmp; const char *peapver, *value, *path; gboolean success, added; GString *phase1, *phase2; GBytes *bytes; gboolean fast = FALSE; guint32 i, num_eap; gboolean fast_provisoning_allowed = FALSE; g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE); g_return_val_if_fail (setting != NULL, FALSE); g_return_val_if_fail (con_uuid != NULL, FALSE); priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); value = nm_setting_802_1x_get_password (setting); if (value) { if (!add_string_val (self, value, "password", FALSE, TRUE)) return FALSE; } else { bytes = nm_setting_802_1x_get_password_raw (setting); if (bytes) { success = nm_supplicant_config_add_option (self, "password", (const char *) g_bytes_get_data (bytes, NULL), g_bytes_get_size (bytes), TRUE); if (!success) { nm_log_warn (LOGD_SUPPLICANT, "Error adding password-raw to supplicant config."); return FALSE; } } } value = nm_setting_802_1x_get_pin (setting); if (!add_string_val (self, value, "pin", FALSE, TRUE)) return FALSE; if (wired) { if (!add_string_val (self, "IEEE8021X", "key_mgmt", FALSE, FALSE)) return FALSE; /* Wired 802.1x must always use eapol_flags=0 */ if (!add_string_val (self, "0", "eapol_flags", FALSE, FALSE)) return FALSE; nm_supplicant_config_set_ap_scan (self, 0); } ADD_STRING_LIST_VAL (setting, 802_1x, eap_method, eap_methods, "eap", ' ', TRUE, FALSE); /* Check EAP method for special handling: PEAP + GTC, FAST */ num_eap = nm_setting_802_1x_get_num_eap_methods (setting); for (i = 0; i < num_eap; i++) { const char *method = nm_setting_802_1x_get_eap_method (setting, i); if (method && (strcasecmp (method, "fast") == 0)) { fast = TRUE; priv->fast_required = TRUE; } } /* Drop the fragment size a bit for better compatibility */ if (!nm_supplicant_config_add_option (self, "fragment_size", "1300", -1, FALSE)) return FALSE; phase1 = g_string_new (NULL); peapver = nm_setting_802_1x_get_phase1_peapver (setting); if (peapver) { if (!strcmp (peapver, "0")) g_string_append (phase1, "peapver=0"); else if (!strcmp (peapver, "1")) g_string_append (phase1, "peapver=1"); } if (nm_setting_802_1x_get_phase1_peaplabel (setting)) { if (phase1->len) g_string_append_c (phase1, ' '); g_string_append_printf (phase1, "peaplabel=%s", nm_setting_802_1x_get_phase1_peaplabel (setting)); } value = nm_setting_802_1x_get_phase1_fast_provisioning (setting); if (value) { if (phase1->len) g_string_append_c (phase1, ' '); g_string_append_printf (phase1, "fast_provisioning=%s", value); if (strcmp (value, "0") != 0) fast_provisoning_allowed = TRUE; } if (phase1->len) { if (!add_string_val (self, phase1->str, "phase1", FALSE, FALSE)) { g_string_free (phase1, TRUE); return FALSE; } } g_string_free (phase1, TRUE); phase2 = g_string_new (NULL); if (nm_setting_802_1x_get_phase2_auth (setting) && !fast_provisoning_allowed) { tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_auth (setting), -1); g_string_append_printf (phase2, "auth=%s", tmp); g_free (tmp); } if (nm_setting_802_1x_get_phase2_autheap (setting)) { if (phase2->len) g_string_append_c (phase2, ' '); tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_autheap (setting), -1); g_string_append_printf (phase2, "autheap=%s", tmp); g_free (tmp); } if (phase2->len) { if (!add_string_val (self, phase2->str, "phase2", FALSE, FALSE)) { g_string_free (phase2, TRUE); return FALSE; } } g_string_free (phase2, TRUE); /* PAC file */ path = nm_setting_802_1x_get_pac_file (setting); if (path) { if (!add_string_val (self, path, "pac_file", FALSE, FALSE)) return FALSE; } else { /* PAC file is not specified. * If provisioning is allowed, use an blob format. */ if (fast_provisoning_allowed) { char *blob_name = g_strdup_printf ("blob://pac-blob-%s", con_uuid); if (!add_string_val (self, blob_name, "pac_file", FALSE, FALSE)) { g_free (blob_name); return FALSE; } g_free (blob_name); } else { /* This is only error for EAP-FAST; don't disturb other methods. */ if (fast) { nm_log_err (LOGD_SUPPLICANT, "EAP-FAST error: no PAC file provided and " "automatic PAC provisioning is disabled."); return FALSE; } } } /* CA path */ path = nm_setting_802_1x_get_ca_path (setting); if (nm_setting_802_1x_get_system_ca_certs (setting)) path = SYSTEM_CA_PATH; if (path) { if (!add_string_val (self, path, "ca_path", FALSE, FALSE)) return FALSE; } /* Phase2 CA path */ path = nm_setting_802_1x_get_phase2_ca_path (setting); if (nm_setting_802_1x_get_system_ca_certs (setting)) path = SYSTEM_CA_PATH; if (path) { if (!add_string_val (self, path, "ca_path2", FALSE, FALSE)) return FALSE; } /* CA certificate */ switch (nm_setting_802_1x_get_ca_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_ca_cert_blob (setting); ADD_BLOB_VAL (bytes, "ca_cert", con_uuid); break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_ca_cert_path (setting); if (!add_string_val (self, path, "ca_cert", FALSE, FALSE)) return FALSE; break; default: break; } /* Phase 2 CA certificate */ switch (nm_setting_802_1x_get_phase2_ca_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_ca_cert_blob (setting); ADD_BLOB_VAL (bytes, "ca_cert2", con_uuid); break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_ca_cert_path (setting); if (!add_string_val (self, path, "ca_cert2", FALSE, FALSE)) return FALSE; break; default: break; } /* Subject match */ value = nm_setting_802_1x_get_subject_match (setting); if (!add_string_val (self, value, "subject_match", FALSE, FALSE)) return FALSE; value = nm_setting_802_1x_get_phase2_subject_match (setting); if (!add_string_val (self, value, "subject_match2", FALSE, FALSE)) return FALSE; /* altSubjectName match */ ADD_STRING_LIST_VAL (setting, 802_1x, altsubject_match, altsubject_matches, "altsubject_match", ';', FALSE, FALSE); ADD_STRING_LIST_VAL (setting, 802_1x, phase2_altsubject_match, phase2_altsubject_matches, "altsubject_match2", ';', FALSE, FALSE); /* Private key */ added = FALSE; switch (nm_setting_802_1x_get_private_key_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_private_key_blob (setting); ADD_BLOB_VAL (bytes, "private_key", con_uuid); added = TRUE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_private_key_path (setting); if (!add_string_val (self, path, "private_key", FALSE, FALSE)) return FALSE; added = TRUE; break; default: break; } if (added) { NMSetting8021xCKFormat format; NMSetting8021xCKScheme scheme; format = nm_setting_802_1x_get_private_key_format (setting); scheme = nm_setting_802_1x_get_private_key_scheme (setting); if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PATH || format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the private key password for PKCS#12 blobs and * all path schemes, since in both of these cases the private key * isn't decrypted at all. */ value = nm_setting_802_1x_get_private_key_password (setting); if (!add_string_val (self, value, "private_key_passwd", FALSE, TRUE)) return FALSE; } if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the client cert if the private key is not PKCS#12, as * wpa_supplicant configuration directs us to do. */ switch (nm_setting_802_1x_get_client_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_client_cert_blob (setting); ADD_BLOB_VAL (bytes, "client_cert", con_uuid); break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_client_cert_path (setting); if (!add_string_val (self, path, "client_cert", FALSE, FALSE)) return FALSE; break; default: break; } } } /* Phase 2 private key */ added = FALSE; switch (nm_setting_802_1x_get_phase2_private_key_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_private_key_blob (setting); ADD_BLOB_VAL (bytes, "private_key2", con_uuid); added = TRUE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_private_key_path (setting); if (!add_string_val (self, path, "private_key2", FALSE, FALSE)) return FALSE; added = TRUE; break; default: break; } if (added) { NMSetting8021xCKFormat format; NMSetting8021xCKScheme scheme; format = nm_setting_802_1x_get_phase2_private_key_format (setting); scheme = nm_setting_802_1x_get_phase2_private_key_scheme (setting); if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PATH || format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the private key password for PKCS#12 blobs and * all path schemes, since in both of these cases the private key * isn't decrypted at all. */ value = nm_setting_802_1x_get_phase2_private_key_password (setting); if (!add_string_val (self, value, "private_key2_passwd", FALSE, TRUE)) return FALSE; } if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the client cert if the private key is not PKCS#12, as * wpa_supplicant configuration directs us to do. */ switch (nm_setting_802_1x_get_phase2_client_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_client_cert_blob (setting); ADD_BLOB_VAL (bytes, "client_cert2", con_uuid); break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_client_cert_path (setting); if (!add_string_val (self, path, "client_cert2", FALSE, FALSE)) return FALSE; break; default: break; } } } value = nm_setting_802_1x_get_identity (setting); if (!add_string_val (self, value, "identity", FALSE, FALSE)) return FALSE; value = nm_setting_802_1x_get_anonymous_identity (setting); if (!add_string_val (self, value, "anonymous_identity", FALSE, FALSE)) return FALSE; return TRUE; }
GtkWidget * do_css_pixbufs (GtkWidget *do_widget) { static GtkWidget *window = NULL; if (!window) { GtkWidget *paned, *container, *child; GtkStyleProvider *provider; GtkTextBuffer *text; GBytes *bytes; window = gtk_window_new (GTK_WINDOW_TOPLEVEL); gtk_window_set_title (GTK_WINDOW (window), "Animated Backgrounds"); gtk_window_set_transient_for (GTK_WINDOW (window), GTK_WINDOW (do_widget)); gtk_window_set_default_size (GTK_WINDOW (window), 400, 300); g_signal_connect (window, "destroy", G_CALLBACK (gtk_widget_destroyed), &window); paned = gtk_paned_new (GTK_ORIENTATION_VERTICAL); gtk_container_add (GTK_CONTAINER (window), paned); /* Need a filler so we get a handle */ child = gtk_box_new (GTK_ORIENTATION_VERTICAL, 0); gtk_container_add (GTK_CONTAINER (paned), child); text = gtk_text_buffer_new (NULL); gtk_text_buffer_create_tag (text, "warning", "underline", PANGO_UNDERLINE_SINGLE, NULL); gtk_text_buffer_create_tag (text, "error", "underline", PANGO_UNDERLINE_ERROR, NULL); provider = GTK_STYLE_PROVIDER (gtk_css_provider_new ()); container = gtk_scrolled_window_new (NULL, NULL); gtk_container_add (GTK_CONTAINER (paned), container); child = gtk_text_view_new_with_buffer (text); gtk_container_add (GTK_CONTAINER (container), child); g_signal_connect (text, "changed", G_CALLBACK (css_text_changed), provider); bytes = g_resources_lookup_data ("/css_pixbufs/gtk.css", 0, NULL); gtk_text_buffer_set_text (text, g_bytes_get_data (bytes, NULL), g_bytes_get_size (bytes)); g_bytes_unref (bytes); g_signal_connect (provider, "parsing-error", G_CALLBACK (show_parsing_error), gtk_text_view_get_buffer (GTK_TEXT_VIEW (child))); apply_css (window, provider); } if (!gtk_widget_get_visible (window)) gtk_widget_show_all (window); else gtk_widget_destroy (window); return window; }
static gboolean realm_join_as_owner (UmRealmObject *realm, const gchar *owner, const gchar *login, const gchar *password, GBytes *credentials, GCancellable *cancellable, GAsyncReadyCallback callback, gpointer user_data) { UmRealmKerberosMembership *membership; GSimpleAsyncResult *async; GVariant *contents; GVariant *options; GVariant *option; GVariant *creds; const gchar *type; membership = um_realm_object_get_kerberos_membership (realm); g_return_val_if_fail (membership != NULL, FALSE); type = find_supported_credentials (membership, owner); if (type == NULL) { g_debug ("Couldn't find supported credential type for owner: %s", owner); g_object_unref (membership); return FALSE; } async = g_simple_async_result_new (G_OBJECT (realm), callback, user_data, realm_join_as_owner); if (g_str_equal (type, "ccache")) { g_debug ("Using a kerberos credential cache to join the realm"); contents = g_variant_new_from_data (G_VARIANT_TYPE ("ay"), g_bytes_get_data (credentials, NULL), g_bytes_get_size (credentials), TRUE, (GDestroyNotify)g_bytes_unref, credentials); } else if (g_str_equal (type, "password")) { g_debug ("Using a user/password to join the realm"); contents = g_variant_new ("(ss)", login, password); } else { g_assert_not_reached (); } creds = g_variant_new ("(ssv)", type, owner, contents); option = g_variant_new ("{sv}", "manage-system", g_variant_new_boolean (FALSE)); options = g_variant_new_array (G_VARIANT_TYPE ("{sv}"), &option, 1); g_debug ("Calling the Join() method with %s credentials", owner); um_realm_kerberos_membership_call_join (membership, creds, options, cancellable, on_realm_join_complete, g_object_ref (async)); g_object_unref (async); g_object_unref (membership); return TRUE; }
gboolean nm_supplicant_config_add_setting_wireless (NMSupplicantConfig * self, NMSettingWireless * setting, guint32 fixed_freq, GError **error) { NMSupplicantConfigPrivate *priv; gboolean is_adhoc, is_ap; const char *mode, *band; guint32 channel; GBytes *ssid; const char *bssid; g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE); g_return_val_if_fail (setting != NULL, FALSE); g_return_val_if_fail (!error || !*error, FALSE); priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); mode = nm_setting_wireless_get_mode (setting); is_adhoc = (mode && !strcmp (mode, "adhoc")) ? TRUE : FALSE; is_ap = (mode && !strcmp (mode, "ap")) ? TRUE : FALSE; if (is_adhoc || is_ap) priv->ap_scan = 2; else priv->ap_scan = 1; ssid = nm_setting_wireless_get_ssid (setting); if (!nm_supplicant_config_add_option (self, "ssid", (char *) g_bytes_get_data (ssid, NULL), g_bytes_get_size (ssid), FALSE, error)) return FALSE; if (is_adhoc) { if (!nm_supplicant_config_add_option (self, "mode", "1", -1, FALSE, error)) return FALSE; } if (is_ap) { if (!nm_supplicant_config_add_option (self, "mode", "2", -1, FALSE, error)) return FALSE; } if ((is_adhoc || is_ap) && fixed_freq) { gs_free char *str_freq = NULL; str_freq = g_strdup_printf ("%u", fixed_freq); if (!nm_supplicant_config_add_option (self, "frequency", str_freq, -1, FALSE, error)) return FALSE; } /* Except for Ad-Hoc and Hotspot, request that the driver probe for the * specific SSID we want to associate with. */ if (!(is_adhoc || is_ap)) { if (!nm_supplicant_config_add_option (self, "scan_ssid", "1", -1, FALSE, error)) return FALSE; } bssid = nm_setting_wireless_get_bssid (setting); if (bssid) { if (!nm_supplicant_config_add_option (self, "bssid", bssid, strlen (bssid), FALSE, error)) return FALSE; } band = nm_setting_wireless_get_band (setting); channel = nm_setting_wireless_get_channel (setting); if (band) { if (channel) { guint32 freq; gs_free char *str_freq = NULL; freq = nm_utils_wifi_channel_to_freq (channel, band); str_freq = g_strdup_printf ("%u", freq); if (!nm_supplicant_config_add_option (self, "freq_list", str_freq, -1, FALSE, error)) return FALSE; } else { const char *freqs = NULL; if (!strcmp (band, "a")) freqs = wifi_freqs_to_string (FALSE); else if (!strcmp (band, "bg")) freqs = wifi_freqs_to_string (TRUE); if (freqs && !nm_supplicant_config_add_option (self, "freq_list", freqs, strlen (freqs), FALSE, error)) return FALSE; } } return TRUE; }
static void add_data_tab (const gchar *demoname) { gchar *resource_dir, *resource_name; gchar **resources; GtkWidget *widget, *label; guint i; resource_dir = g_strconcat ("/", demoname, NULL); resources = g_resources_enumerate_children (resource_dir, 0, NULL); if (resources == NULL) { g_free (resource_dir); return; } for (i = 0; resources[i]; i++) { resource_name = g_strconcat (resource_dir, "/", resources[i], NULL); widget = gtk_image_new_from_resource (resource_name); if (gtk_image_get_pixbuf (GTK_IMAGE (widget)) == NULL && gtk_image_get_animation (GTK_IMAGE (widget)) == NULL) { GBytes *bytes; /* So we've used the best API available to figure out it's * not an image. Let's try something else then. */ g_object_ref_sink (widget); g_object_unref (widget); bytes = g_resources_lookup_data (resource_name, 0, NULL); g_assert (bytes); if (g_utf8_validate (g_bytes_get_data (bytes, NULL), g_bytes_get_size (bytes), NULL)) { /* Looks like it parses as text. Dump it into a textview then! */ GtkTextBuffer *buffer; GtkWidget *textview; widget = create_text (&textview, FALSE); buffer = gtk_text_buffer_new (NULL); gtk_text_buffer_set_text (buffer, g_bytes_get_data (bytes, NULL), g_bytes_get_size (bytes)); gtk_text_view_set_buffer (GTK_TEXT_VIEW (textview), buffer); } else { g_warning ("Don't know how to display resource '%s'\n", resource_name); widget = NULL; } g_bytes_unref (bytes); } gtk_widget_show_all (widget); label = gtk_label_new (resources[i]); gtk_widget_show (label); gtk_notebook_append_page (GTK_NOTEBOOK (notebook), widget, label); gtk_container_child_set (GTK_CONTAINER (notebook), GTK_WIDGET (widget), "tab-expand", TRUE, NULL); g_free (resource_name); } g_strfreev (resources); g_free (resource_dir); }
gboolean nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, NMSetting8021x *setting, const char *con_uuid, guint32 mtu, gboolean wired, GError **error) { NMSupplicantConfigPrivate *priv; char *tmp; const char *peapver, *value, *path; gboolean added; GString *phase1, *phase2; GBytes *bytes; gboolean fast = FALSE; guint32 i, num_eap; gboolean fast_provisoning_allowed = FALSE; const char *ca_path_override = NULL, *ca_cert_override = NULL; guint32 frag, hdrs; gs_free char *frag_str = NULL; g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE); g_return_val_if_fail (setting != NULL, FALSE); g_return_val_if_fail (con_uuid != NULL, FALSE); priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); value = nm_setting_802_1x_get_password (setting); if (value) { if (!add_string_val (self, value, "password", FALSE, TRUE, error)) return FALSE; } else { bytes = nm_setting_802_1x_get_password_raw (setting); if (bytes) { if (!nm_supplicant_config_add_option (self, "password", (const char *) g_bytes_get_data (bytes, NULL), g_bytes_get_size (bytes), TRUE, error)) return FALSE; } } value = nm_setting_802_1x_get_pin (setting); if (!add_string_val (self, value, "pin", FALSE, TRUE, error)) return FALSE; if (wired) { if (!add_string_val (self, "IEEE8021X", "key_mgmt", FALSE, FALSE, error)) return FALSE; /* Wired 802.1x must always use eapol_flags=0 */ if (!add_string_val (self, "0", "eapol_flags", FALSE, FALSE, error)) return FALSE; priv->ap_scan = 0; } if (!ADD_STRING_LIST_VAL (self, setting, 802_1x, eap_method, eap_methods, "eap", ' ', TRUE, FALSE, error)) return FALSE; /* Check EAP method for special handling: PEAP + GTC, FAST */ num_eap = nm_setting_802_1x_get_num_eap_methods (setting); for (i = 0; i < num_eap; i++) { const char *method = nm_setting_802_1x_get_eap_method (setting, i); if (method && (strcasecmp (method, "fast") == 0)) { fast = TRUE; priv->fast_required = TRUE; } } /* Adjust the fragment size according to MTU, but do not set it higher than 1280-14 * for better compatibility */ hdrs = 14; /* EAPOL + EAP-TLS */ frag = 1280 - hdrs; if (mtu > hdrs) frag = CLAMP (mtu - hdrs, 100, frag); frag_str = g_strdup_printf ("%u", frag); if (!nm_supplicant_config_add_option (self, "fragment_size", frag_str, -1, FALSE, error)) return FALSE; phase1 = g_string_new (NULL); peapver = nm_setting_802_1x_get_phase1_peapver (setting); if (peapver) { if (!strcmp (peapver, "0")) g_string_append (phase1, "peapver=0"); else if (!strcmp (peapver, "1")) g_string_append (phase1, "peapver=1"); } if (nm_setting_802_1x_get_phase1_peaplabel (setting)) { if (phase1->len) g_string_append_c (phase1, ' '); g_string_append_printf (phase1, "peaplabel=%s", nm_setting_802_1x_get_phase1_peaplabel (setting)); } value = nm_setting_802_1x_get_phase1_fast_provisioning (setting); if (value) { if (phase1->len) g_string_append_c (phase1, ' '); g_string_append_printf (phase1, "fast_provisioning=%s", value); if (strcmp (value, "0") != 0) fast_provisoning_allowed = TRUE; } if (phase1->len) { if (!add_string_val (self, phase1->str, "phase1", FALSE, FALSE, error)) { g_string_free (phase1, TRUE); return FALSE; } } g_string_free (phase1, TRUE); phase2 = g_string_new (NULL); if (nm_setting_802_1x_get_phase2_auth (setting) && !fast_provisoning_allowed) { tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_auth (setting), -1); g_string_append_printf (phase2, "auth=%s", tmp); g_free (tmp); } if (nm_setting_802_1x_get_phase2_autheap (setting)) { if (phase2->len) g_string_append_c (phase2, ' '); tmp = g_ascii_strup (nm_setting_802_1x_get_phase2_autheap (setting), -1); g_string_append_printf (phase2, "autheap=%s", tmp); g_free (tmp); } if (phase2->len) { if (!add_string_val (self, phase2->str, "phase2", FALSE, FALSE, error)) { g_string_free (phase2, TRUE); return FALSE; } } g_string_free (phase2, TRUE); /* PAC file */ path = nm_setting_802_1x_get_pac_file (setting); if (path) { if (!add_string_val (self, path, "pac_file", FALSE, FALSE, error)) return FALSE; } else { /* PAC file is not specified. * If provisioning is allowed, use an blob format. */ if (fast_provisoning_allowed) { gs_free char *blob_name = NULL; blob_name = g_strdup_printf ("blob://pac-blob-%s", con_uuid); if (!add_string_val (self, blob_name, "pac_file", FALSE, FALSE, error)) return FALSE; } else { /* This is only error for EAP-FAST; don't disturb other methods. */ if (fast) { g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, "EAP-FAST error: no PAC file provided and " "automatic PAC provisioning is disabled"); return FALSE; } } } /* If user wants to use system CA certs, either populate ca_path (if the path * is a directory) or ca_cert (the path is a file name) */ if (nm_setting_802_1x_get_system_ca_certs (setting)) { if (g_file_test (SYSTEM_CA_PATH, G_FILE_TEST_IS_DIR)) ca_path_override = SYSTEM_CA_PATH; else ca_cert_override = SYSTEM_CA_PATH; } /* CA path */ path = nm_setting_802_1x_get_ca_path (setting); path = ca_path_override ? ca_path_override : path; if (path) { if (!add_string_val (self, path, "ca_path", FALSE, FALSE, error)) return FALSE; } /* Phase2 CA path */ path = nm_setting_802_1x_get_phase2_ca_path (setting); path = ca_path_override ? ca_path_override : path; if (path) { if (!add_string_val (self, path, "ca_path2", FALSE, FALSE, error)) return FALSE; } /* CA certificate */ if (ca_cert_override) { if (!add_string_val (self, ca_cert_override, "ca_cert", FALSE, FALSE, error)) return FALSE; } else { switch (nm_setting_802_1x_get_ca_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_ca_cert_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "ca_cert", con_uuid, error)) return FALSE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_ca_cert_path (setting); if (!add_string_val (self, path, "ca_cert", FALSE, FALSE, error)) return FALSE; break; default: break; } } /* Phase 2 CA certificate */ if (ca_cert_override) { if (!add_string_val (self, ca_cert_override, "ca_cert2", FALSE, FALSE, error)) return FALSE; } else { switch (nm_setting_802_1x_get_phase2_ca_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_ca_cert_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "ca_cert2", con_uuid, error)) return FALSE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_ca_cert_path (setting); if (!add_string_val (self, path, "ca_cert2", FALSE, FALSE, error)) return FALSE; break; default: break; } } /* Subject match */ value = nm_setting_802_1x_get_subject_match (setting); if (!add_string_val (self, value, "subject_match", FALSE, FALSE, error)) return FALSE; value = nm_setting_802_1x_get_phase2_subject_match (setting); if (!add_string_val (self, value, "subject_match2", FALSE, FALSE, error)) return FALSE; /* altSubjectName match */ if (!ADD_STRING_LIST_VAL (self, setting, 802_1x, altsubject_match, altsubject_matches, "altsubject_match", ';', FALSE, FALSE, error)) return FALSE; if (!ADD_STRING_LIST_VAL (self, setting, 802_1x, phase2_altsubject_match, phase2_altsubject_matches, "altsubject_match2", ';', FALSE, FALSE, error)) return FALSE; /* Domain suffix match */ value = nm_setting_802_1x_get_domain_suffix_match (setting); if (!add_string_val (self, value, "domain_suffix_match", FALSE, FALSE, error)) return FALSE; value = nm_setting_802_1x_get_phase2_domain_suffix_match (setting); if (!add_string_val (self, value, "domain_suffix_match2", FALSE, FALSE, error)) return FALSE; /* Private key */ added = FALSE; switch (nm_setting_802_1x_get_private_key_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_private_key_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "private_key", con_uuid, error)) return FALSE; added = TRUE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_private_key_path (setting); if (!add_string_val (self, path, "private_key", FALSE, FALSE, error)) return FALSE; added = TRUE; break; default: break; } if (added) { NMSetting8021xCKFormat format; NMSetting8021xCKScheme scheme; format = nm_setting_802_1x_get_private_key_format (setting); scheme = nm_setting_802_1x_get_private_key_scheme (setting); if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PATH || format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the private key password for PKCS#12 blobs and * all path schemes, since in both of these cases the private key * isn't decrypted at all. */ value = nm_setting_802_1x_get_private_key_password (setting); if (!add_string_val (self, value, "private_key_passwd", FALSE, TRUE, error)) return FALSE; } if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the client cert if the private key is not PKCS#12, as * wpa_supplicant configuration directs us to do. */ switch (nm_setting_802_1x_get_client_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_client_cert_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "client_cert", con_uuid, error)) return FALSE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_client_cert_path (setting); if (!add_string_val (self, path, "client_cert", FALSE, FALSE, error)) return FALSE; break; default: break; } } } /* Phase 2 private key */ added = FALSE; switch (nm_setting_802_1x_get_phase2_private_key_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_private_key_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "private_key2", con_uuid, error)) return FALSE; added = TRUE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_private_key_path (setting); if (!add_string_val (self, path, "private_key2", FALSE, FALSE, error)) return FALSE; added = TRUE; break; default: break; } if (added) { NMSetting8021xCKFormat format; NMSetting8021xCKScheme scheme; format = nm_setting_802_1x_get_phase2_private_key_format (setting); scheme = nm_setting_802_1x_get_phase2_private_key_scheme (setting); if ( scheme == NM_SETTING_802_1X_CK_SCHEME_PATH || format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the private key password for PKCS#12 blobs and * all path schemes, since in both of these cases the private key * isn't decrypted at all. */ value = nm_setting_802_1x_get_phase2_private_key_password (setting); if (!add_string_val (self, value, "private_key2_passwd", FALSE, TRUE, error)) return FALSE; } if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* Only add the client cert if the private key is not PKCS#12, as * wpa_supplicant configuration directs us to do. */ switch (nm_setting_802_1x_get_phase2_client_cert_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: bytes = nm_setting_802_1x_get_phase2_client_cert_blob (setting); if (!nm_supplicant_config_add_blob_for_connection (self, bytes, "client_cert2", con_uuid, error)) return FALSE; break; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_client_cert_path (setting); if (!add_string_val (self, path, "client_cert2", FALSE, FALSE, error)) return FALSE; break; default: break; } } } value = nm_setting_802_1x_get_identity (setting); if (!add_string_val (self, value, "identity", FALSE, FALSE, error)) return FALSE; value = nm_setting_802_1x_get_anonymous_identity (setting); if (!add_string_val (self, value, "anonymous_identity", FALSE, FALSE, error)) return FALSE; return TRUE; }
static gboolean fu_provider_chug_update (FuProvider *provider, FuDevice *device, GBytes *blob_fw, FwupdInstallFlags flags, GError **error) { FuProviderChug *provider_chug = FU_PROVIDER_CHUG (provider); FuProviderChugPrivate *priv = GET_PRIVATE (provider_chug); FuProviderChugItem *item; g_autoptr(GError) error_local = NULL; /* find item */ item = g_hash_table_lookup (priv->devices, fu_device_get_id (device)); if (item == NULL) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_NOT_FOUND, "cannot find: %s", fu_device_get_id (device)); return FALSE; } /* this file is so small, just slurp it all in one go */ item->fw_bin = g_bytes_ref (blob_fw); /* check this firmware is actually for this device */ if (!ch_device_check_firmware (item->usb_device, g_bytes_get_data (item->fw_bin, NULL), g_bytes_get_size (item->fw_bin), &error_local)) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_NOT_SUPPORTED, "firmware is not suitable: %s", error_local->message); return FALSE; } /* switch to bootloader mode */ if (!item->is_bootloader) { g_debug ("ColorHug: Switching to bootloader mode"); if (!fu_provider_chug_open (item, error)) return FALSE; ch_device_queue_reset (priv->device_queue, item->usb_device); fu_provider_set_status (provider, FWUPD_STATUS_DEVICE_RESTART); if (!ch_device_queue_process (priv->device_queue, CH_DEVICE_QUEUE_PROCESS_FLAGS_NONE, NULL, &error_local)) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_WRITE, "failed to reset device: %s", error_local->message); g_usb_device_close (item->usb_device, NULL); return FALSE; } /* this device has just gone away, no error possible */ g_usb_device_close (item->usb_device, NULL); /* wait for reconnection */ g_debug ("ColorHug: Waiting for bootloader"); if (!fu_provider_chug_wait_for_connect (provider_chug, item, error)) return FALSE; } /* open the device, which is now in bootloader mode */ if (!fu_provider_chug_open (item, error)) return FALSE; /* write firmware */ g_debug ("ColorHug: Writing firmware"); ch_device_queue_write_firmware (priv->device_queue, item->usb_device, g_bytes_get_data (item->fw_bin, NULL), g_bytes_get_size (item->fw_bin)); fu_provider_set_status (provider, FWUPD_STATUS_DEVICE_WRITE); if (!ch_device_queue_process (priv->device_queue, CH_DEVICE_QUEUE_PROCESS_FLAGS_NONE, NULL, &error_local)) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_WRITE, "failed to write firmware: %s", error_local->message); g_usb_device_close (item->usb_device, NULL); return FALSE; } /* verify firmware */ g_debug ("ColorHug: Veifying firmware"); ch_device_queue_verify_firmware (priv->device_queue, item->usb_device, g_bytes_get_data (item->fw_bin, NULL), g_bytes_get_size (item->fw_bin)); fu_provider_set_status (provider, FWUPD_STATUS_DEVICE_VERIFY); if (!ch_device_queue_process (priv->device_queue, CH_DEVICE_QUEUE_PROCESS_FLAGS_NONE, NULL, &error_local)) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_WRITE, "failed to verify firmware: %s", error_local->message); g_usb_device_close (item->usb_device, NULL); return FALSE; } /* boot into the new firmware */ g_debug ("ColorHug: Booting new firmware"); ch_device_queue_boot_flash (priv->device_queue, item->usb_device); fu_provider_set_status (provider, FWUPD_STATUS_DEVICE_RESTART); if (!ch_device_queue_process (priv->device_queue, CH_DEVICE_QUEUE_PROCESS_FLAGS_NONE, NULL, &error_local)) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_WRITE, "failed to boot flash: %s", error_local->message); g_usb_device_close (item->usb_device, NULL); return FALSE; } /* this device has just gone away, no error possible */ g_usb_device_close (item->usb_device, NULL); /* wait for firmware mode */ if (!fu_provider_chug_wait_for_connect (provider_chug, item, error)) return FALSE; if (!fu_provider_chug_open (item, error)) return FALSE; /* set flash success */ g_debug ("ColorHug: Setting flash success"); ch_device_queue_set_flash_success (priv->device_queue, item->usb_device, 1); if (!ch_device_queue_process (priv->device_queue, CH_DEVICE_QUEUE_PROCESS_FLAGS_NONE, NULL, &error_local)) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_WRITE, "failed to set flash success: %s", error_local->message); g_usb_device_close (item->usb_device, NULL); return FALSE; } /* close, orderly */ if (!g_usb_device_close (item->usb_device, &error_local)) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_WRITE, "failed to close device: %s", error_local->message); g_usb_device_close (item->usb_device, NULL); return FALSE; } /* get the new firmware version */ g_debug ("ColorHug: Getting new firmware version"); item->got_version = FALSE; fu_provider_chug_get_firmware_version (item); if (item->got_version) g_debug ("ColorHug: DONE!"); return TRUE; }
static gboolean builder_source_file_extract (BuilderSource *source, GFile *dest, BuilderContext *context, GError **error) { BuilderSourceFile *self = BUILDER_SOURCE_FILE (source); g_autoptr(GFile) src = NULL; g_autoptr(GFile) dest_file = NULL; g_autofree char *dest_filename = NULL; gboolean is_local, is_inline; src = get_source_file (self, context, &is_local, &is_inline, error); if (src == NULL) return FALSE; if (self->dest_filename) dest_filename = g_strdup (self->dest_filename); else { if (is_inline) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "No dest-filename set for inline file data"); return FALSE; } dest_filename = g_file_get_basename (src); } dest_file = g_file_get_child (dest, dest_filename); if (is_inline) { g_autoptr(GBytes) content = NULL; content = download_uri (self->url, context, error); if (content == NULL) return FALSE; if (!g_file_replace_contents (dest_file, g_bytes_get_data (content, NULL), g_bytes_get_size (content), NULL, FALSE, G_FILE_CREATE_NONE, NULL, NULL, error)) return FALSE; } else { if (is_local) { g_autofree char *data = NULL; g_autofree char *base64 = NULL; gsize len; if (!g_file_load_contents (src, NULL, &data, &len, NULL, error)) return FALSE; base64 = g_base64_encode ((const guchar *)data, len); g_free (self->url); self->url = g_strdup_printf ("data:text/plain;charset=utf8;base64,%s", base64); if (self->dest_filename == NULL || *self->dest_filename == 0) { g_free (self->dest_filename); self->dest_filename = g_file_get_basename (src); } } if (!g_file_copy (src, dest_file, G_FILE_COPY_OVERWRITE, NULL, NULL, NULL, error)) return FALSE; } return TRUE; }
static void add_data_tab (const gchar *demoname) { gchar *resource_dir, *resource_name, *content_type, *content_mime; gchar **resources; GBytes *bytes; GtkWidget *widget, *label; guint i; resource_dir = g_strconcat ("/", demoname, NULL); resources = g_resources_enumerate_children (resource_dir, 0, NULL); if (resources == NULL) { g_free (resource_dir); return; } for (i = 0; resources[i]; i++) { resource_name = g_strconcat (resource_dir, "/", resources[i], NULL); bytes = g_resources_lookup_data (resource_name, 0, NULL); g_assert (bytes); content_type = g_content_type_guess (resource_name, g_bytes_get_data (bytes, NULL), g_bytes_get_size (bytes), NULL); content_mime = g_content_type_get_mime_type (content_type); /* In theory we should look at all the mime types gdk-pixbuf supports * and go from there, but we know what file types we've added. */ if (g_content_type_is_a (content_mime, "image/png") || g_content_type_is_a (content_mime, "image/gif") || g_content_type_is_a (content_mime, "image/jpeg")) { widget = gtk_image_new_from_resource (resource_name); } else if (g_content_type_is_a (content_mime, "text/plain") || g_content_type_is_a (content_mime, "application/x-ext-ui") || g_content_type_is_a (content_mime, "text/css")) { GtkTextBuffer *buffer; GtkWidget *textview; widget = create_text (&textview, FALSE); buffer = gtk_text_buffer_new (NULL); gtk_text_buffer_set_text (buffer, g_bytes_get_data (bytes, NULL), g_bytes_get_size (bytes)); gtk_text_view_set_buffer (GTK_TEXT_VIEW (textview), buffer); } else { g_warning ("Don't know how to display resource '%s' of type '%s'\n", resource_name, content_mime); widget = NULL; } gtk_widget_show_all (widget); label = gtk_label_new (resources[i]); gtk_widget_show (label); gtk_notebook_append_page (GTK_NOTEBOOK (notebook), widget, label); gtk_container_child_set (GTK_CONTAINER (notebook), GTK_WIDGET (widget), "tab-expand", TRUE, NULL); g_free (content_mime); g_free (content_type); g_free (resource_name); g_bytes_unref (bytes); } g_strfreev (resources); g_free (resource_dir); }
int main (int argc, char *argv[]) { char *bad_domains = NULL; GError *error = NULL; gboolean wrote_pidfile = FALSE; gs_free char *pidfile = NULL; gs_unref_object NMDhcpClient *dhcp4_client = NULL; gs_unref_object NMRDisc *rdisc = NULL; GByteArray *hwaddr = NULL; size_t hwaddr_len = 0; gconstpointer tmp; gs_free NMUtilsIPv6IfaceId *iid = NULL; guint sd_id; nm_g_type_init (); setpgid (getpid (), getpid ()); do_early_setup (&argc, &argv); if (global_opt.g_fatal_warnings) { GLogLevelFlags fatal_mask; fatal_mask = g_log_set_always_fatal (G_LOG_FATAL_MASK); fatal_mask |= G_LOG_LEVEL_WARNING | G_LOG_LEVEL_CRITICAL; g_log_set_always_fatal (fatal_mask); } if (global_opt.show_version) { fprintf (stdout, NM_DIST_VERSION "\n"); exit (0); } nm_main_utils_ensure_root (); if (!global_opt.ifname || !global_opt.uuid) { fprintf (stderr, _("An interface name and UUID are required\n")); exit (1); } ifindex = if_nametoindex (global_opt.ifname); if (ifindex <= 0) { fprintf (stderr, _("Failed to find interface index for %s (%s)\n"), global_opt.ifname, strerror (errno)); exit (1); } pidfile = g_strdup_printf (NMIH_PID_FILE_FMT, ifindex); nm_main_utils_ensure_not_running_pidfile (pidfile); nm_main_utils_ensure_rundir (); if (!nm_logging_setup (global_opt.opt_log_level, global_opt.opt_log_domains, &bad_domains, &error)) { fprintf (stderr, _("%s. Please use --help to see a list of valid options.\n"), error->message); exit (1); } else if (bad_domains) { fprintf (stderr, _("Ignoring unrecognized log domain(s) '%s' passed on command line.\n"), bad_domains); g_clear_pointer (&bad_domains, g_free); } if (global_opt.become_daemon && !global_opt.debug) { if (daemon (0, 0) < 0) { int saved_errno; saved_errno = errno; fprintf (stderr, _("Could not daemonize: %s [error %u]\n"), g_strerror (saved_errno), saved_errno); exit (1); } if (nm_main_utils_write_pidfile (pidfile)) wrote_pidfile = TRUE; } /* Set up unix signal handling - before creating threads, but after daemonizing! */ main_loop = g_main_loop_new (NULL, FALSE); setup_signals (); nm_logging_syslog_openlog (global_opt.logging_backend ? global_opt.logging_backend : (global_opt.debug ? "debug" : NULL)); nm_log_info (LOGD_CORE, "nm-iface-helper (version " NM_DIST_VERSION ") is starting..."); /* Set up platform interaction layer */ nm_linux_platform_setup (); tmp = nm_platform_link_get_address (NM_PLATFORM_GET, ifindex, &hwaddr_len); if (tmp) { hwaddr = g_byte_array_sized_new (hwaddr_len); g_byte_array_append (hwaddr, tmp, hwaddr_len); } if (global_opt.iid_str) { GBytes *bytes; gsize ignored = 0; bytes = nm_utils_hexstr2bin (global_opt.iid_str); if (!bytes || g_bytes_get_size (bytes) != sizeof (*iid)) { fprintf (stderr, _("(%s): Invalid IID %s\n"), global_opt.ifname, global_opt.iid_str); exit (1); } iid = g_bytes_unref_to_data (bytes, &ignored); } if (global_opt.dhcp4_address) { nm_platform_sysctl_set (NM_PLATFORM_GET, nm_utils_ip4_property_path (global_opt.ifname, "promote_secondaries"), "1"); dhcp4_client = nm_dhcp_manager_start_ip4 (nm_dhcp_manager_get (), global_opt.ifname, ifindex, hwaddr, global_opt.uuid, global_opt.priority_v4, !!global_opt.dhcp4_hostname, global_opt.dhcp4_hostname, global_opt.dhcp4_fqdn, global_opt.dhcp4_clientid, 45, NULL, global_opt.dhcp4_address); g_assert (dhcp4_client); g_signal_connect (dhcp4_client, NM_DHCP_CLIENT_SIGNAL_STATE_CHANGED, G_CALLBACK (dhcp4_state_changed), NULL); } if (global_opt.slaac) { nm_platform_link_set_user_ipv6ll_enabled (NM_PLATFORM_GET, ifindex, TRUE); rdisc = nm_lndp_rdisc_new (NM_PLATFORM_GET, ifindex, global_opt.ifname, global_opt.uuid, global_opt.addr_gen_mode, NULL); g_assert (rdisc); if (iid) nm_rdisc_set_iid (rdisc, *iid); nm_platform_sysctl_set (NM_PLATFORM_GET, nm_utils_ip6_property_path (global_opt.ifname, "accept_ra"), "1"); nm_platform_sysctl_set (NM_PLATFORM_GET, nm_utils_ip6_property_path (global_opt.ifname, "accept_ra_defrtr"), "0"); nm_platform_sysctl_set (NM_PLATFORM_GET, nm_utils_ip6_property_path (global_opt.ifname, "accept_ra_pinfo"), "0"); nm_platform_sysctl_set (NM_PLATFORM_GET, nm_utils_ip6_property_path (global_opt.ifname, "accept_ra_rtr_pref"), "0"); g_signal_connect (NM_PLATFORM_GET, NM_PLATFORM_SIGNAL_IP6_ADDRESS_CHANGED, G_CALLBACK (ip6_address_changed), rdisc); g_signal_connect (rdisc, NM_RDISC_CONFIG_CHANGED, G_CALLBACK (rdisc_config_changed), NULL); g_signal_connect (rdisc, NM_RDISC_RA_TIMEOUT, G_CALLBACK (rdisc_ra_timeout), NULL); nm_rdisc_start (rdisc); } sd_id = nm_sd_event_attach_default (); g_main_loop_run (main_loop); g_clear_pointer (&hwaddr, g_byte_array_unref); if (pidfile && wrote_pidfile) unlink (pidfile); nm_log_info (LOGD_CORE, "exiting"); nm_clear_g_source (&sd_id); exit (0); }
static void request_secrets_from_ui (NMSecretAgentSimpleRequest *request) { GPtrArray *secrets; NMSecretAgentSimpleSecret *secret; const char *title; char *msg; gboolean ok = TRUE; secrets = g_ptr_array_new_with_free_func ((GDestroyNotify) nm_secret_agent_simple_secret_free); if (nm_connection_is_type (request->connection, NM_SETTING_WIRELESS_SETTING_NAME)) { NMSettingWireless *s_wireless; GBytes *ssid; char *ssid_utf8; s_wireless = nm_connection_get_setting_wireless (request->connection); ssid = nm_setting_wireless_get_ssid (s_wireless); ssid_utf8 = nm_utils_ssid_to_utf8 (g_bytes_get_data (ssid, NULL), g_bytes_get_size (ssid)); title = _("Authentication required by wireless network"); msg = g_strdup_printf (_("Passwords or encryption keys are required to access the wireless network '%s'."), ssid_utf8); ok = add_wireless_secrets (request, secrets); } else if (nm_connection_is_type (request->connection, NM_SETTING_WIRED_SETTING_NAME)) { NMSettingConnection *s_con; s_con = nm_connection_get_setting_connection (request->connection); title = _("Wired 802.1X authentication"); msg = NULL; secret = nm_secret_agent_simple_secret_new (_("Network name"), NM_SETTING (s_con), NM_SETTING_CONNECTION_ID, FALSE); g_ptr_array_add (secrets, secret); ok = add_8021x_secrets (request, secrets); } else if (nm_connection_is_type (request->connection, NM_SETTING_PPPOE_SETTING_NAME)) { title = _("DSL authentication"); msg = NULL; ok = add_pppoe_secrets (request, secrets); } else if (nm_connection_is_type (request->connection, NM_SETTING_GSM_SETTING_NAME)) { NMSettingGsm *s_gsm = nm_connection_get_setting_gsm (request->connection); if (strv_has (request->hints, "pin")) { title = _("PIN code required"); msg = g_strdup (_("PIN code is needed for the mobile broadband device")); secret = nm_secret_agent_simple_secret_new (_("PIN"), NM_SETTING (s_gsm), NM_SETTING_GSM_PIN, FALSE); g_ptr_array_add (secrets, secret); } else { title = _("Mobile broadband network password"); msg = g_strdup_printf (_("A password is required to connect to '%s'."), nm_connection_get_id (request->connection)); secret = nm_secret_agent_simple_secret_new (_("Password"), NM_SETTING (s_gsm), NM_SETTING_GSM_PASSWORD, TRUE); g_ptr_array_add (secrets, secret); } } else if (nm_connection_is_type (request->connection, NM_SETTING_CDMA_SETTING_NAME)) { NMSettingCdma *s_cdma = nm_connection_get_setting_cdma (request->connection); title = _("Mobile broadband network password"); msg = g_strdup_printf (_("A password is required to connect to '%s'."), nm_connection_get_id (request->connection)); secret = nm_secret_agent_simple_secret_new (_("Password"), NM_SETTING (s_cdma), NM_SETTING_CDMA_PASSWORD, TRUE); g_ptr_array_add (secrets, secret); } else if (nm_connection_is_type (request->connection, NM_SETTING_BLUETOOTH_SETTING_NAME)) { NMSetting *setting; setting = nm_connection_get_setting_by_name (request->connection, NM_SETTING_GSM_SETTING_NAME); if (!setting) setting = nm_connection_get_setting_by_name (request->connection, NM_SETTING_CDMA_SETTING_NAME); title = _("Mobile broadband network password"); msg = g_strdup_printf (_("A password is required to connect to '%s'."), nm_connection_get_id (request->connection)); secret = nm_secret_agent_simple_secret_new (_("Password"), setting, "password", TRUE); g_ptr_array_add (secrets, secret); } else ok = FALSE; if (!ok) { g_ptr_array_unref (secrets); return; } g_signal_emit (request->self, signals[REQUEST_SECRETS], 0, request->request_id, title, msg, secrets); }
/** * dfu_patch_export: * @self: a #DfuPatch * @error: a #GError, or %NULL * * Converts the patch to a binary blob that can be stored as a file. * * Return value: (transfer full): blob **/ GBytes * dfu_patch_export (DfuPatch *self, GError **error) { DfuPatchPrivate *priv = GET_PRIVATE (self); gsize addr; gsize sz; guint8 *data; g_return_val_if_fail (DFU_IS_PATCH (self), NULL); /* check we have something to write */ if (priv->chunks->len == 0) { g_set_error_literal (error, FWUPD_ERROR, FWUPD_ERROR_INVALID_FILE, "no chunks to process"); return NULL; } /* calculate the size of the new blob */ sz = sizeof(DfuPatchFileHeader); for (guint i = 0; i < priv->chunks->len; i++) { DfuPatchChunk *chunk = g_ptr_array_index (priv->chunks, i); sz += sizeof(DfuPatchChunkHeader) + g_bytes_get_size (chunk->blob); } g_debug ("blob size is %" G_GSIZE_FORMAT, sz); /* actually allocate and fill in the blob */ data = g_malloc0 (sz); memcpy (data, "DfuP", 4); /* add checksums */ if (priv->checksum_old != NULL) { gsize csum_sz = 0; const guint8 *csum_data = g_bytes_get_data (priv->checksum_old, &csum_sz); memcpy (data + G_STRUCT_OFFSET(DfuPatchFileHeader,checksum_old), csum_data, csum_sz); } if (priv->checksum_new != NULL) { gsize csum_sz = 0; const guint8 *csum_data = g_bytes_get_data (priv->checksum_new, &csum_sz); memcpy (data + G_STRUCT_OFFSET(DfuPatchFileHeader,checksum_new), csum_data, csum_sz); } addr = sizeof(DfuPatchFileHeader); for (guint i = 0; i < priv->chunks->len; i++) { DfuPatchChunk *chunk = g_ptr_array_index (priv->chunks, i); DfuPatchChunkHeader chunkhdr; gsize sz_tmp = 0; const guint8 *data_new = g_bytes_get_data (chunk->blob, &sz_tmp); /* build chunk header and append data */ chunkhdr.off = GUINT32_TO_LE (chunk->off); chunkhdr.sz = GUINT32_TO_LE (sz_tmp); chunkhdr.flags = 0; memcpy (data + addr, &chunkhdr, sizeof(DfuPatchChunkHeader)); memcpy (data + addr + sizeof(DfuPatchChunkHeader), data_new, sz_tmp); /* move up after the copied data */ addr += sizeof(DfuPatchChunkHeader) + sz_tmp; } return g_bytes_new_take (data, sz); }
static gboolean gs_plugin_fwupd_refresh_remote (GsPlugin *plugin, FwupdRemote *remote, guint cache_age, GCancellable *cancellable, GError **error) { GsPluginData *priv = gs_plugin_get_data (plugin); GChecksumType checksum_kind; const gchar *url_sig = NULL; const gchar *url = NULL; g_autoptr(GError) error_local = NULL; g_autofree gchar *basename = NULL; g_autofree gchar *basename_sig = NULL; g_autofree gchar *cache_id = NULL; g_autofree gchar *checksum = NULL; g_autofree gchar *filename = NULL; g_autofree gchar *filename_sig = NULL; g_autoptr(GBytes) data = NULL; g_autoptr(GsApp) app_dl = gs_app_new (gs_plugin_get_name (plugin)); /* sanity check */ if (fwupd_remote_get_filename_cache_sig (remote) == NULL) { g_set_error (error, GS_PLUGIN_ERROR, GS_PLUGIN_ERROR_FAILED, "remote %s has no cache signature", fwupd_remote_get_id (remote)); return FALSE; } /* check cache age */ if (cache_age > 0) { guint64 age = fwupd_remote_get_age (remote); guint tmp = age < G_MAXUINT ? (guint) age : G_MAXUINT; if (tmp < cache_age) { g_debug ("%s is only %u seconds old, so ignoring refresh", filename_sig, tmp); return TRUE; } } /* download the signature first, it's smaller */ cache_id = g_strdup_printf ("fwupd/remotes.d/%s", fwupd_remote_get_id (remote)); basename_sig = g_path_get_basename (fwupd_remote_get_filename_cache_sig (remote)); filename_sig = gs_utils_get_cache_filename (cache_id, basename_sig, GS_UTILS_CACHE_FLAG_WRITEABLE, error); /* download the signature first, it's smaller */ url_sig = fwupd_remote_get_metadata_uri_sig (remote); gs_app_set_summary_missing (app_dl, /* TRANSLATORS: status text when downloading */ _("Downloading firmware update signature…")); data = gs_plugin_download_data (plugin, app_dl, url_sig, cancellable, error); if (data == NULL) { gs_utils_error_add_origin_id (error, priv->cached_origin); return FALSE; } /* is the signature hash the same as we had before? */ checksum_kind = fwupd_checksum_guess_kind (fwupd_remote_get_checksum (remote)); checksum = g_compute_checksum_for_data (checksum_kind, (const guchar *) g_bytes_get_data (data, NULL), g_bytes_get_size (data)); if (g_strcmp0 (checksum, fwupd_remote_get_checksum (remote)) == 0) { g_debug ("signature of %s is unchanged", url_sig); return TRUE; } /* save to a file */ g_debug ("saving new remote signature to %s:", filename_sig); if (!g_file_set_contents (filename_sig, g_bytes_get_data (data, NULL), (guint) g_bytes_get_size (data), &error_local)) { g_set_error (error, GS_PLUGIN_ERROR, GS_PLUGIN_ERROR_WRITE_FAILED, "Failed to save firmware signature: %s", error_local->message); return FALSE; } /* download the payload and save to file */ basename = g_path_get_basename (fwupd_remote_get_filename_cache (remote)); filename = gs_utils_get_cache_filename (cache_id, basename, GS_UTILS_CACHE_FLAG_WRITEABLE, error); if (filename == NULL) return FALSE; g_debug ("saving new firmware metadata to %s:", filename); gs_app_set_summary_missing (app_dl, /* TRANSLATORS: status text when downloading */ _("Downloading firmware update metadata…")); url = fwupd_remote_get_metadata_uri (remote); if (!gs_plugin_download_file (plugin, app_dl, url, filename, cancellable, error)) { gs_utils_error_add_origin_id (error, priv->cached_origin); return FALSE; } /* phew, lets send all this to fwupd */ if (!fwupd_client_update_metadata (priv->client, fwupd_remote_get_id (remote), filename, filename_sig, cancellable, error)) { gs_plugin_fwupd_error_convert (error); return FALSE; } return TRUE; }
static gboolean gkm_gnome2_private_key_real_load (GkmSerializable *base, GkmSecret *login, GBytes *data) { GkmGnome2PrivateKey *self = GKM_GNOME2_PRIVATE_KEY (base); GkmDataResult res; gcry_sexp_t sexp, pub; GkmSexp *wrapper; const gchar *password; gsize n_password; if (g_bytes_get_size (data) == 0) return FALSE; res = gkm_data_der_read_private_pkcs8 (data, NULL, 0, &sexp); /* An unencrypted pkcs8 file */ if (res == GKM_DATA_SUCCESS) { self->is_encrypted = FALSE; /* If it's locked, then use our token password */ } else if (res == GKM_DATA_LOCKED) { self->is_encrypted = TRUE; if (!login) { g_message ("encountered private key but no private key present"); return FALSE; } password = gkm_secret_get_password (login, &n_password); res = gkm_data_der_read_private_pkcs8 (data, password, n_password, &sexp); } switch (res) { case GKM_DATA_LOCKED: g_message ("private key is encrypted with wrong password"); return FALSE; case GKM_DATA_FAILURE: g_message ("couldn't parse private key"); return FALSE; case GKM_DATA_UNRECOGNIZED: g_message ("invalid or unrecognized private key"); return FALSE; case GKM_DATA_SUCCESS: break; default: g_assert_not_reached(); } /* Calculate a public key as our 'base' */ if (!gkm_sexp_key_to_public (sexp, &pub)) g_return_val_if_reached (FALSE); /* Keep the public part of the key around for answering queries */ wrapper = gkm_sexp_new (pub); gkm_sexp_key_set_base (GKM_SEXP_KEY (self), wrapper); gkm_sexp_unref (wrapper); /* Encrypted private key, keep login and data */ if (self->is_encrypted) { if (self->private_bytes) g_bytes_unref (self->private_bytes); self->private_bytes = g_bytes_ref (data); g_object_ref (login); if (self->login) g_object_unref (self->login); self->login = login; /* Don't need the private key any more */ gcry_sexp_release (sexp); /* Not encrypted, just keep the parsed key */ } else { wrapper = gkm_sexp_new (sexp); if (self->private_sexp) gkm_sexp_unref (self->private_sexp); self->private_sexp = wrapper; if (self->login) g_object_unref (login); self->login = NULL; } return TRUE; }
static gboolean package_checksum_file (GChecksum *checksum, GHashTable *depends, const gchar *root, const gchar *filename) { gchar *path = NULL; const gchar *string; GError *error = NULL; GChecksum *inner = NULL; GMappedFile *mapped = NULL; gboolean ret = FALSE; GList *output = NULL; GBytes *bytes; GList *l; if (!validate_path (filename)) { g_warning ("package has an invalid path name: %s", filename); goto out; } path = g_build_filename (root, filename, NULL); if (g_file_test (path, G_FILE_TEST_IS_DIR)) { ret = package_checksum_directory (checksum, depends, root, filename); goto out; } mapped = g_mapped_file_new (path, FALSE, &error); if (error) { g_warning ("couldn't open file: %s: %s", path, error->message); g_error_free (error); goto out; } bytes = g_mapped_file_get_bytes (mapped); output = cockpit_template_expand (bytes, gather_depends, depends); g_bytes_unref (bytes); inner = g_checksum_new (G_CHECKSUM_SHA1); for (l = output; l != NULL; l = g_list_next (l)) { g_checksum_update (inner, g_bytes_get_data (l->data, NULL), g_bytes_get_size (l->data)); } string = g_checksum_get_string (inner); /* * Place file name and hex checksum into checksum, * include the null terminators so these values * cannot be accidentally have a boundary discrepancy. */ g_checksum_update (checksum, (const guchar *)filename, strlen (filename) + 1); g_checksum_update (checksum, (const guchar *)string, strlen (string) + 1); ret = TRUE; out: g_list_free_full (output, (GDestroyNotify)g_bytes_unref); g_checksum_free (inner); if (mapped) g_mapped_file_unref (mapped); g_free (path); return ret; }