static void fill_connection (WirelessSecurity *parent, NMConnection *connection) { WirelessSecurityWPAPSK *wpa_psk = (WirelessSecurityWPAPSK *) parent; GtkWidget *widget, *passwd_entry; const char *key; NMSettingWireless *s_wireless; NMSettingWirelessSecurity *s_wireless_sec; NMSettingSecretFlags secret_flags; const char *mode; gboolean is_adhoc = FALSE; s_wireless = nm_connection_get_setting_wireless (connection); g_assert (s_wireless); mode = nm_setting_wireless_get_mode (s_wireless); if (mode && !strcmp (mode, "adhoc")) is_adhoc = TRUE; /* Blow away the old security setting by adding a clear one */ s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wpa_psk_entry")); passwd_entry = widget; key = gtk_entry_get_text (GTK_ENTRY (widget)); g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_PSK, key, NULL); /* Save PSK_FLAGS to the connection */ secret_flags = nma_utils_menu_to_secret_flags (passwd_entry); nm_setting_set_secret_flags (NM_SETTING (s_wireless_sec), NM_SETTING_WIRELESS_SECURITY_PSK, secret_flags, NULL); /* Update secret flags and popup when editing the connection */ if (wpa_psk->editing_connection) nma_utils_update_password_storage (passwd_entry, secret_flags, NM_SETTING (s_wireless_sec), wpa_psk->password_flags_name); wireless_security_clear_ciphers (connection); if (is_adhoc) { /* Ad-Hoc settings as specified by the supplicant */ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-none", NULL); nm_setting_wireless_security_add_proto (s_wireless_sec, "wpa"); nm_setting_wireless_security_add_pairwise (s_wireless_sec, "none"); /* Ad-hoc can only have _one_ group cipher... default to TKIP to be more * compatible for now. Maybe we'll support selecting CCMP later. */ nm_setting_wireless_security_add_group (s_wireless_sec, "tkip"); } else { g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL); /* Just leave ciphers and protocol empty, the supplicant will * figure that out magically based on the AP IEs and card capabilities. */ } }
static void test_nat_export (NMVpnPluginUiInterface *plugin, const char *dir, const char *tmpdir, const char *nat_mode) { NMConnection *connection; NMSettingVPN *s_vpn; NMConnection *reimported; char *path; gboolean success; GError *error = NULL; int ret; connection = get_basic_connection ("nat-export", plugin, dir, "basic.pcf"); ASSERT (connection != NULL, "nat-export", "failed to import connection"); s_vpn = nm_connection_get_setting_vpn (connection); ASSERT (s_vpn != NULL, "nat-export", "imported connection had no VPN setting"); nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE, nat_mode); path = g_build_path ("/", tmpdir, NAT_EXPORTED_NAME, NULL); success = nm_vpn_plugin_ui_interface_export (plugin, path, connection, &error); if (!success) { if (!error) FAIL ("nat-export", "export failed with missing error"); else FAIL ("nat-export", "export failed: %s", error->message); } /* Now re-import it and compare the connections to ensure they are the same */ reimported = get_basic_connection ("nat-export", plugin, tmpdir, NAT_EXPORTED_NAME); ret = unlink (path); ASSERT (connection != NULL, "nat-export", "failed to re-import connection"); /* Clear secrets first, since they don't get exported, and thus would * make the connection comparison below fail. */ remove_user_password (connection); /* Since we don't export the user password, but the original connection * had one, we need to add secret flags to the re-imported connection. */ s_vpn = nm_connection_get_setting_vpn (reimported); nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_VPNC_KEY_SECRET, NM_SETTING_SECRET_FLAG_AGENT_OWNED, NULL); ASSERT (nm_connection_compare (connection, reimported, NM_SETTING_COMPARE_FLAG_EXACT) == TRUE, "nat-export", "original and reimported connection differ"); g_object_unref (reimported); g_object_unref (connection); g_free (path); }
/** * nma_utils_update_password_storage: * @passwd_entry: #GtkEntry with the password * @secret_flags: secret flags to set * @setting: #NMSetting containing the password, or NULL * @password_flags_name: name of the secret flags (like psk-flags), or NULL * * Updates secret flags in the password storage popup menu and also * in the @setting (if @setting and @password_flags_name are not NULL). * */ void nma_utils_update_password_storage (GtkWidget *passwd_entry, NMSettingSecretFlags secret_flags, NMSetting *setting, const char *password_flags_name) { GList *menu_list, *iter; GtkWidget *menu = NULL; /* Update secret flags (WEP_KEY_FLAGS, PSK_FLAGS, ...) in the security setting */ if (setting && password_flags_name) nm_setting_set_secret_flags (setting, password_flags_name, secret_flags, NULL); /* Update password-storage popup menu to reflect secret flags */ menu_list = gtk_menu_get_for_attach_widget (passwd_entry); for (iter = menu_list; iter; iter = g_list_next (iter)) { if (g_object_get_data (G_OBJECT (iter->data), PASSWORD_STORAGE_MENU_TAG)) { menu = iter->data; break; } } if (menu) { GtkRadioMenuItem *item; MenuItem idx; GSList *group; gboolean with_not_required; int i, last; /* radio menu group list contains the menu items in reverse order */ item = (GtkRadioMenuItem *) gtk_menu_get_active (GTK_MENU (menu)); group = gtk_radio_menu_item_get_group (item); with_not_required = !!g_object_get_data (G_OBJECT (menu), MENU_WITH_NOT_REQUIRED_TAG); idx = secret_flags_to_menu_item (secret_flags, with_not_required); last = g_slist_length (group) - idx - 1; for (i = 0; i < last; i++) group = g_slist_next (group); gtk_check_menu_item_set_active (GTK_CHECK_MENU_ITEM (group->data), TRUE); change_password_storage_icon (passwd_entry, idx); } }
static void save_one_password (NMSettingVPN *s_vpn, GtkBuilder *builder, const char *entry_name, const char *combo_name, const char *secret_key, const char *type_key) { NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; const char *data_val = NULL, *password; GtkWidget *entry, *combo; entry = GTK_WIDGET (gtk_builder_get_object (builder, entry_name)); flags = GPOINTER_TO_UINT (g_object_get_data (G_OBJECT (entry), "flags")); combo = GTK_WIDGET (gtk_builder_get_object (builder, combo_name)); switch (gtk_combo_box_get_active (GTK_COMBO_BOX (combo))) { case PW_TYPE_SAVE: password = gtk_entry_get_text (GTK_ENTRY (entry)); if (password && strlen (password)) nm_setting_vpn_add_secret (s_vpn, secret_key, password); data_val = NM_OPENSWAN_PW_TYPE_SAVE; break; case PW_TYPE_UNUSED: data_val = NM_OPENSWAN_PW_TYPE_UNUSED; flags |= NM_SETTING_SECRET_FLAG_NOT_REQUIRED; break; case PW_TYPE_ASK: default: data_val = NM_OPENSWAN_PW_TYPE_ASK; flags |= NM_SETTING_SECRET_FLAG_NOT_SAVED; break; } /* Set both new secret flags and old data item for backwards compat */ nm_setting_vpn_add_data_item (s_vpn, type_key, data_val); nm_setting_set_secret_flags (NM_SETTING (s_vpn), secret_key, flags, NULL); }
static void fill_connection (WirelessSecurity *parent, NMConnection *connection) { WirelessSecurityLEAP *sec = (WirelessSecurityLEAP *) parent; NMSettingWirelessSecurity *s_wireless_sec; NMSettingSecretFlags secret_flags; GtkWidget *widget, *passwd_entry; const char *leap_password = NULL, *leap_username = NULL; /* Blow away the old security setting by adding a clear one */ s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "leap_username_entry")); leap_username = gtk_entry_get_text (GTK_ENTRY (widget)); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "leap_password_entry")); passwd_entry = widget; leap_password = gtk_entry_get_text (GTK_ENTRY (widget)); g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "ieee8021x", NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "leap", NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME, leap_username, NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD, leap_password, NULL); /* Save LEAP_PASSWORD_FLAGS to the connection */ secret_flags = nma_utils_menu_to_secret_flags (passwd_entry); nm_setting_set_secret_flags (NM_SETTING (s_wireless_sec), sec->password_flags_name, secret_flags, NULL); /* Update secret flags and popup when editing the connection */ if (sec->editing_connection) nma_utils_update_password_storage (passwd_entry, secret_flags, NM_SETTING (s_wireless_sec), sec->password_flags_name); }
static void save_one_password (NMSettingVpn *s_vpn, GtkBuilder *builder, const char *entry_name, const char *secret_key, const char *type_key) { NMSettingSecretFlags flags; const char *data_val = NULL, *password; GtkWidget *entry; /* Get secret flags */ entry = GTK_WIDGET (gtk_builder_get_object (builder, entry_name)); flags = nma_utils_menu_to_secret_flags (entry); /* Save password and convert flags to legacy data items */ switch (flags) { case NM_SETTING_SECRET_FLAG_NONE: case NM_SETTING_SECRET_FLAG_AGENT_OWNED: password = gtk_entry_get_text (GTK_ENTRY (entry)); if (password && strlen (password)) nm_setting_vpn_add_secret (s_vpn, secret_key, password); data_val = NM_VPNC_PW_TYPE_SAVE; break; case NM_SETTING_SECRET_FLAG_NOT_REQUIRED: data_val = NM_VPNC_PW_TYPE_UNUSED; break; case NM_SETTING_SECRET_FLAG_NOT_SAVED: default: data_val = NM_VPNC_PW_TYPE_ASK; break; } /* Set both new secret flags and old data item for backwards compat */ nm_setting_vpn_add_data_item (s_vpn, type_key, data_val); nm_setting_set_secret_flags (NM_SETTING (s_vpn), secret_key, flags, NULL); }
static void activate_menu_item_cb (GtkMenuItem *menuitem, gpointer user_data) { PopupMenuItemInfo *info = (PopupMenuItemInfo *) user_data; NMSettingSecretFlags flags; /* Update password flags according to the password-storage popup menu */ if (gtk_check_menu_item_get_active (GTK_CHECK_MENU_ITEM (menuitem))) { flags = menu_item_to_secret_flags (info->item_number); /* Update the secret flags in the setting */ if (info->setting) nm_setting_set_secret_flags (info->setting, info->password_flags_name, flags, NULL); /* Change icon */ if (info->passwd_entry) { change_password_storage_icon (info->passwd_entry, info->item_number); /* Emit "changed" signal on the entry */ g_signal_emit_by_name (G_OBJECT (info->passwd_entry), "changed"); } } }
static void fill_connection (EAPMethod *parent, NMConnection *connection) { EAPMethodSimple *method = (EAPMethodSimple *) parent; NMSetting8021x *s_8021x; GtkWidget *widget; gboolean not_saved = FALSE; const char *eap = NULL; NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; s_8021x = nm_connection_get_setting_802_1x (connection); g_assert (s_8021x); /* If this is the main EAP method, clear any existing methods because the * user-selected on will replace it. */ if (parent->phase2 == FALSE) nm_setting_802_1x_clear_eap_methods (s_8021x); switch (method->type) { case EAP_METHOD_SIMPLE_TYPE_PAP: eap = "pap"; break; case EAP_METHOD_SIMPLE_TYPE_MSCHAP: eap = "mschap"; break; case EAP_METHOD_SIMPLE_TYPE_MSCHAP_V2: eap = "mschapv2"; break; case EAP_METHOD_SIMPLE_TYPE_MD5: eap = "md5"; break; case EAP_METHOD_SIMPLE_TYPE_CHAP: eap = "chap"; break; case EAP_METHOD_SIMPLE_TYPE_GTC: eap = "gtc"; break; default: g_assert_not_reached (); break; } if (parent->phase2) g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, eap, NULL); else nm_setting_802_1x_add_eap_method (s_8021x, eap); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_entry")); g_assert (widget); g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (GTK_ENTRY (widget)), NULL); /* Save the password always ask setting */ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_password_always_ask")); g_assert (widget); not_saved = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)); nm_setting_get_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_PASSWORD, &flags, NULL); flags &= ~(NM_SETTING_SECRET_FLAG_NOT_SAVED); if (not_saved) flags |= NM_SETTING_SECRET_FLAG_NOT_SAVED; nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_PASSWORD, flags, NULL); /* Fill the connection's password if we're in the applet so that it'll get * back to NM. From the editor though, since the connection isn't going * back to NM in response to a GetSecrets() call, we don't save it if the * user checked "Always Ask". */ if (method->is_editor == FALSE || not_saved == FALSE) { widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_entry")); g_assert (widget); g_object_set (s_8021x, NM_SETTING_802_1X_PASSWORD, gtk_entry_get_text (GTK_ENTRY (widget)), NULL); } /* Default to agent-owned secrets for new connections */ if (method->new_connection && (not_saved == FALSE)) { g_object_set (s_8021x, NM_SETTING_802_1X_PASSWORD_FLAGS, NM_SETTING_SECRET_FLAG_AGENT_OWNED, NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE, NULL); } }
static void fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFlags prev_flags) { EAPMethodSimple *method = (EAPMethodSimple *) parent; NMSetting8021x *s_8021x; gboolean not_saved = FALSE; NMSettingSecretFlags flags = prev_flags; const EapType *eap_type; s_8021x = nm_connection_get_setting_802_1x (connection); g_assert (s_8021x); /* If this is the main EAP method, clear any existing methods because the * user-selected on will replace it. */ if (parent->phase2 == FALSE) nm_setting_802_1x_clear_eap_methods (s_8021x); eap_type = &eap_table[method->type]; if (parent->phase2) { /* If the outer EAP method (TLS, TTLS, PEAP, etc) allows inner/phase2 * EAP methods (which only TTLS allows) *and* the inner/phase2 method * supports being an inner EAP method, then set PHASE2_AUTHEAP. * Otherwise the inner/phase2 method goes into PHASE2_AUTH. */ if ((method->flags & EAP_METHOD_SIMPLE_FLAG_AUTHEAP_ALLOWED) && eap_type->autheap_allowed) { g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTHEAP, eap_type->name, NULL); g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, NULL, NULL); } else { g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, eap_type->name, NULL); g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTHEAP, NULL, NULL); } } else nm_setting_802_1x_add_eap_method (s_8021x, eap_type->name); g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (method->username_entry), NULL); /* Save the password always ask setting */ not_saved = gtk_toggle_button_get_active (method->always_ask); flags &= ~(NM_SETTING_SECRET_FLAG_NOT_SAVED); if (not_saved) flags |= NM_SETTING_SECRET_FLAG_NOT_SAVED; nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_PASSWORD, flags, NULL); /* Fill the connection's password if we're in the applet so that it'll get * back to NM. From the editor though, since the connection isn't going * back to NM in response to a GetSecrets() call, we don't save it if the * user checked "Always Ask". */ if (!(method->flags & EAP_METHOD_SIMPLE_FLAG_IS_EDITOR) || not_saved == FALSE) g_object_set (s_8021x, NM_SETTING_802_1X_PASSWORD, gtk_entry_get_text (method->password_entry), NULL); /* Update secret flags and popup when editing the connection */ if (!(method->flags & EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY)) { GtkWidget *passwd_entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_entry")); g_assert (passwd_entry); utils_update_password_storage (NM_SETTING (s_8021x), flags, passwd_entry, parent->password_flags_name); } }
static gboolean update_connection (NMVpnPluginUiWidgetInterface *iface, NMConnection *connection, GError **error) { StrongswanPluginUiWidget *self = STRONGSWAN_PLUGIN_UI_WIDGET (iface); StrongswanPluginUiWidgetPrivate *priv = STRONGSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); NMSettingVPN *settings; GtkWidget *widget; gboolean active; char *str; if (!check_validity (self, error)) return FALSE; settings = NM_SETTING_VPN (nm_setting_vpn_new ()); g_object_set (settings, NM_SETTING_VPN_SERVICE_TYPE, NM_DBUS_SERVICE_STRONGSWAN, NULL); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "address-entry")); str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); if (str && strlen (str)) { nm_setting_vpn_add_data_item (settings, "address", str); } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "certificate-button")); str = (char *) gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); if (str) { nm_setting_vpn_add_data_item (settings, "certificate", str); } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "method-combo")); switch (gtk_combo_box_get_active (GTK_COMBO_BOX (widget))) { default: case 0: widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "userkey-button")); str = (char *) gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); if (str) { nm_setting_vpn_add_data_item (settings, "userkey", str); } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "usercert-button")); str = (char *) gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); if (str) { nm_setting_vpn_add_data_item (settings, "usercert", str); } str = "key"; break; case 1: widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "usercert-button")); str = (char *) gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); if (str) { nm_setting_vpn_add_data_item (settings, "usercert", str); } str = "agent"; break; case 2: str = "smartcard"; break; case 3: widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user-entry")); str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); if (str && strlen (str)) { nm_setting_vpn_add_data_item (settings, "user", str); } str = "eap"; break; case 4: widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user-entry")); str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); if (str && strlen (str)) { nm_setting_vpn_add_data_item (settings, "user", str); } str = "psk"; break; } nm_setting_vpn_add_data_item (settings, "method", str); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "virtual-check")); active = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget)); nm_setting_vpn_add_data_item (settings, "virtual", active ? "yes" : "no"); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "encap-check")); active = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget)); nm_setting_vpn_add_data_item (settings, "encap", active ? "yes" : "no"); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "ipcomp-check")); active = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget)); nm_setting_vpn_add_data_item (settings, "ipcomp", active ? "yes" : "no"); nm_setting_set_secret_flags (NM_SETTING (settings), "password", NM_SETTING_SECRET_FLAG_AGENT_OWNED, NULL); nm_connection_add_setting (connection, NM_SETTING (settings)); return TRUE; }
static void fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFlags flags) { EAPMethodTLS *method = (EAPMethodTLS *) parent; NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; NMSetting8021x *s_8021x; NMSettingSecretFlags secret_flags; GtkWidget *widget, *passwd_entry; char *ca_filename, *pk_filename, *cc_filename; const char *password = NULL; GError *error = NULL; gboolean ca_cert_error = FALSE; s_8021x = nm_connection_get_setting_802_1x (connection); g_assert (s_8021x); if (parent->phase2) g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "tls", NULL); else nm_setting_802_1x_add_eap_method (s_8021x, "tls"); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_entry")); g_assert (widget); g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (GTK_ENTRY (widget)), NULL); /* TLS private key */ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_password_entry")); g_assert (widget); password = gtk_entry_get_text (GTK_ENTRY (widget)); g_assert (password); passwd_entry = widget; widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_button")); g_assert (widget); pk_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); g_assert (pk_filename); if (parent->phase2) { if (!nm_setting_802_1x_set_phase2_private_key (s_8021x, pk_filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read phase2 private key '%s': %s", pk_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } else { if (!nm_setting_802_1x_set_private_key (s_8021x, pk_filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read private key '%s': %s", pk_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } g_free (pk_filename); /* Save 802.1X password flags to the connection */ secret_flags = nma_utils_menu_to_secret_flags (passwd_entry); nm_setting_set_secret_flags (NM_SETTING (s_8021x), parent->password_flags_name, secret_flags, NULL); /* Update secret flags and popup when editing the connection */ if (method->editing_connection) { nma_utils_update_password_storage (passwd_entry, secret_flags, NM_SETTING (s_8021x), parent->password_flags_name); } /* TLS client certificate */ if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* If the key is pkcs#12 nm_setting_802_1x_set_private_key() already * set the client certificate for us. */ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_user_cert_button")); g_assert (widget); cc_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); g_assert (cc_filename); format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; if (parent->phase2) { if (!nm_setting_802_1x_set_phase2_client_cert (s_8021x, cc_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read phase2 client certificate '%s': %s", cc_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } else { if (!nm_setting_802_1x_set_client_cert (s_8021x, cc_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read client certificate '%s': %s", cc_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } g_free (cc_filename); } /* TLS CA certificate */ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_ca_cert_button")); g_assert (widget); ca_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; if (parent->phase2) { if (!nm_setting_802_1x_set_phase2_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read phase2 CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)"); g_clear_error (&error); ca_cert_error = TRUE; } } else { if (!nm_setting_802_1x_set_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)"); g_clear_error (&error); ca_cert_error = TRUE; } } eap_method_ca_cert_ignore_set (parent, connection, ca_filename, ca_cert_error); g_free (ca_filename); }