static gboolean
add_wireless_secrets (NMSecretAgentSimpleRequest *request,
GPtrArray *secrets)
{
NMSettingWirelessSecurity *s_wsec = nm_connection_get_setting_wireless_security (request->connection);
const char *key_mgmt = nm_setting_wireless_security_get_key_mgmt (s_wsec);
NMSecretAgentSimpleSecret *secret;
if (!key_mgmt)
return FALSE;
if (!strcmp (key_mgmt, "wpa-none") || !strcmp (key_mgmt, "wpa-psk")) {
secret = nm_secret_agent_simple_secret_new (_("Password"),
NM_SETTING (s_wsec),
NM_SETTING_WIRELESS_SECURITY_PSK,
TRUE);
g_ptr_array_add (secrets, secret);
return TRUE;
}
if (!strcmp (key_mgmt, "none")) {
int index;
char *key;
index = nm_setting_wireless_security_get_wep_tx_keyidx (s_wsec);
key = g_strdup_printf ("wep-key%d", index);
secret = nm_secret_agent_simple_secret_new (_("Key"),
NM_SETTING (s_wsec),
key,
TRUE);
g_free (key);
g_ptr_array_add (secrets, secret);
return TRUE;
}
if (!strcmp (key_mgmt, "iee8021x")) {
if (!g_strcmp0 (nm_setting_wireless_security_get_auth_alg (s_wsec), "leap")) {
secret = nm_secret_agent_simple_secret_new (_("Password"),
NM_SETTING (s_wsec),
NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD,
TRUE);
g_ptr_array_add (secrets, secret);
return TRUE;
} else
return add_8021x_secrets (request, secrets);
}
if (!strcmp (key_mgmt, "wpa-eap"))
return add_8021x_secrets (request, secrets);
return FALSE;
}
static gboolean
verify_no_wep (NMSettingWirelessSecurity *s_wsec, const char *tag, GError **error)
{
if ( nm_setting_wireless_security_get_wep_key (s_wsec, 0)
|| nm_setting_wireless_security_get_wep_key (s_wsec, 1)
|| nm_setting_wireless_security_get_wep_key (s_wsec, 2)
|| nm_setting_wireless_security_get_wep_key (s_wsec, 3)
|| nm_setting_wireless_security_get_wep_tx_keyidx (s_wsec)
|| nm_setting_wireless_security_get_wep_key_type (s_wsec)) {
/* Dynamic WEP cannot have any WEP keys set */
g_set_error (error,
NM_SETTING_WIRELESS_SECURITY_ERROR,
NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY,
"%s is incompatible with static WEP keys", tag);
return FALSE;
}
return TRUE;
}
static void
wep_key_setting_changed (GObject *object,
GParamSpec *pspec,
gpointer user_data)
{
NMEditorWepKeyBinding *binding = user_data;
const char *key;
int index;
if (binding->updating)
return;
index = nm_setting_wireless_security_get_wep_tx_keyidx (binding->s_wsec);
key = nm_setting_wireless_security_get_wep_key (binding->s_wsec, index);
binding->updating = TRUE;
g_object_set (binding->key_selector,
binding->key_selector_property, index,
NULL);
g_object_set (binding->entry,
binding->entry_property, key,
NULL);
binding->updating = FALSE;
}
gboolean
nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
NMSettingWirelessSecurity *setting,
NMSetting8021x *setting_8021x,
const char *con_uuid,
guint32 mtu,
GError **error)
{
const char *key_mgmt, *auth_alg;
const char *psk;
g_return_val_if_fail (NM_IS_SUPPLICANT_CONFIG (self), FALSE);
g_return_val_if_fail (setting != NULL, FALSE);
g_return_val_if_fail (con_uuid != NULL, FALSE);
g_return_val_if_fail (!error || !*error, FALSE);
key_mgmt = nm_setting_wireless_security_get_key_mgmt (setting);
if (!add_string_val (self, key_mgmt, "key_mgmt", TRUE, FALSE, error))
return FALSE;
auth_alg = nm_setting_wireless_security_get_auth_alg (setting);
if (!add_string_val (self, auth_alg, "auth_alg", TRUE, FALSE, error))
return FALSE;
psk = nm_setting_wireless_security_get_psk (setting);
if (psk) {
size_t psk_len = strlen (psk);
if (psk_len == 64) {
gs_unref_bytes GBytes *bytes = NULL;
/* Hex PSK */
bytes = nm_utils_hexstr2bin (psk);
if (!bytes) {
g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG,
"Cannot add psk to supplicant config due to invalid hex");
return FALSE;
}
if (!nm_supplicant_config_add_option (self,
"psk",
g_bytes_get_data (bytes, NULL),
g_bytes_get_size (bytes),
TRUE,
error))
return FALSE;
} else if (psk_len >= 8 && psk_len <= 63) {
/* Use TYPE_STRING here so that it gets pushed to the
* supplicant as a string, and therefore gets quoted,
* and therefore the supplicant will interpret it as a
* passphrase and not a hex key.
*/
if (!nm_supplicant_config_add_option_with_type (self, "psk", psk, -1, TYPE_STRING, TRUE, error))
return FALSE;
} else {
g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG,
"Cannot add psk to supplicant config due to invalid PSK length %u (not between 8 and 63 characters)",
(guint) psk_len);
return FALSE;
}
}
/* Only WPA-specific things when using WPA */
if ( !strcmp (key_mgmt, "wpa-none")
|| !strcmp (key_mgmt, "wpa-psk")
|| !strcmp (key_mgmt, "wpa-eap")) {
if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, proto, protos, "proto", ' ', TRUE, FALSE, error))
return FALSE;
if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, pairwise, pairwise, "pairwise", ' ', TRUE, FALSE, error))
return FALSE;
if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, group, groups, "group", ' ', TRUE, FALSE, error))
return FALSE;
}
/* WEP keys if required */
if (!strcmp (key_mgmt, "none")) {
NMWepKeyType wep_type = nm_setting_wireless_security_get_wep_key_type (setting);
const char *wep0 = nm_setting_wireless_security_get_wep_key (setting, 0);
const char *wep1 = nm_setting_wireless_security_get_wep_key (setting, 1);
const char *wep2 = nm_setting_wireless_security_get_wep_key (setting, 2);
const char *wep3 = nm_setting_wireless_security_get_wep_key (setting, 3);
if (!add_wep_key (self, wep0, "wep_key0", wep_type, error))
return FALSE;
if (!add_wep_key (self, wep1, "wep_key1", wep_type, error))
return FALSE;
if (!add_wep_key (self, wep2, "wep_key2", wep_type, error))
return FALSE;
if (!add_wep_key (self, wep3, "wep_key3", wep_type, error))
return FALSE;
if (wep0 || wep1 || wep2 || wep3) {
gs_free char *value = NULL;
value = g_strdup_printf ("%d", nm_setting_wireless_security_get_wep_tx_keyidx (setting));
if (!nm_supplicant_config_add_option (self, "wep_tx_keyidx", value, -1, FALSE, error))
return FALSE;
}
}
if (auth_alg && !strcmp (auth_alg, "leap")) {
/* LEAP */
if (!strcmp (key_mgmt, "ieee8021x")) {
const char *tmp;
tmp = nm_setting_wireless_security_get_leap_username (setting);
if (!add_string_val (self, tmp, "identity", FALSE, FALSE, error))
return FALSE;
tmp = nm_setting_wireless_security_get_leap_password (setting);
if (!add_string_val (self, tmp, "password", FALSE, TRUE, error))
return FALSE;
if (!add_string_val (self, "leap", "eap", TRUE, FALSE, error))
return FALSE;
} else {
g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG,
"Invalid key-mgmt \"%s\" for leap", key_mgmt);
return FALSE;
}
} else {
/* 802.1x for Dynamic WEP and WPA-Enterprise */
if (!strcmp (key_mgmt, "ieee8021x") || !strcmp (key_mgmt, "wpa-eap")) {
if (!setting_8021x) {
g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG,
"Cannot set key-mgmt %s with missing 8021x setting", key_mgmt);
return FALSE;
}
if (!nm_supplicant_config_add_setting_8021x (self, setting_8021x, con_uuid, mtu, FALSE, error))
return FALSE;
}
if (!strcmp (key_mgmt, "wpa-eap")) {
/* If using WPA Enterprise, enable optimized background scanning
* to ensure roaming within an ESS works well.
*/
if (!nm_supplicant_config_add_option (self, "bgscan", "simple:30:-65:300", -1, FALSE, error))
return FALSE;
/* When using WPA-Enterprise, we want to use Proactive Key Caching (also
* called Opportunistic Key Caching) to avoid full EAP exchanges when
* roaming between access points in the same mobility group.
*/
if (!nm_supplicant_config_add_option (self, "proactive_key_caching", "1", -1, FALSE, error))
return FALSE;
}
}
return TRUE;
}
WirelessSecurityWEPKey *
ws_wep_key_new (NMConnection *connection,
NMWepKeyType type,
gboolean adhoc_create,
gboolean secrets_only)
{
WirelessSecurity *parent;
WirelessSecurityWEPKey *sec;
GtkWidget *widget;
NMSettingWirelessSecurity *s_wsec = NULL;
NMSetting *setting = NULL;
guint8 default_key_idx = 0;
gboolean is_adhoc = adhoc_create;
gboolean is_shared_key = FALSE;
parent = wireless_security_init (sizeof (WirelessSecurityWEPKey),
validate,
add_to_size_group,
fill_connection,
update_secrets,
destroy,
UIDIR "/ws-wep-key.ui",
"wep_key_notebook",
"wep_key_entry");
if (!parent)
return NULL;
sec = (WirelessSecurityWEPKey *) parent;
sec->editing_connection = secrets_only ? FALSE : TRUE;
sec->password_flags_name = NM_SETTING_WIRELESS_SECURITY_WEP_KEY0;
sec->type = type;
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wep_key_entry"));
g_assert (widget);
gtk_entry_set_width_chars (GTK_ENTRY (widget), 28);
/* Create password-storage popup menu for password entry under entry's secondary icon */
if (connection)
setting = (NMSetting *) nm_connection_get_setting_wireless_security (connection);
nma_utils_setup_password_storage (widget, 0, setting, sec->password_flags_name,
FALSE, secrets_only);
if (connection) {
NMSettingWireless *s_wireless;
const char *mode, *auth_alg;
s_wireless = nm_connection_get_setting_wireless (connection);
mode = s_wireless ? nm_setting_wireless_get_mode (s_wireless) : NULL;
if (mode && !strcmp (mode, "adhoc"))
is_adhoc = TRUE;
s_wsec = nm_connection_get_setting_wireless_security (connection);
if (s_wsec) {
auth_alg = nm_setting_wireless_security_get_auth_alg (s_wsec);
if (auth_alg && !strcmp (auth_alg, "shared"))
is_shared_key = TRUE;
}
}
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) wireless_security_changed_cb,
sec);
g_signal_connect (G_OBJECT (widget), "insert-text",
(GCallback) wep_entry_filter_cb,
sec);
if (sec->type == NM_WEP_KEY_TYPE_KEY)
gtk_entry_set_max_length (GTK_ENTRY (widget), 26);
else if (sec->type == NM_WEP_KEY_TYPE_PASSPHRASE)
gtk_entry_set_max_length (GTK_ENTRY (widget), 64);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "key_index_combo"));
if (connection && s_wsec)
default_key_idx = nm_setting_wireless_security_get_wep_tx_keyidx (s_wsec);
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), default_key_idx);
sec->cur_index = default_key_idx;
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) key_index_combo_changed_cb,
sec);
/* Key index is useless with adhoc networks */
if (is_adhoc || secrets_only) {
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "key_index_label"));
gtk_widget_hide (widget);
}
/* Fill the key entry with the key for that index */
if (connection)
update_secrets (WIRELESS_SECURITY (sec), connection);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_wep"));
g_assert (widget);
g_signal_connect (G_OBJECT (widget), "toggled",
(GCallback) show_toggled_cb,
sec);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "auth_method_combo"));
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), is_shared_key ? 1 : 0);
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) wireless_security_changed_cb,
sec);
/* Don't show auth method for adhoc (which always uses open-system) or
* when in "simple" mode.
*/
if (is_adhoc || secrets_only) {
/* Ad-Hoc connections can't use Shared Key auth */
if (is_adhoc)
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0);
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "auth_method_label"));
gtk_widget_hide (widget);
}
return sec;
}
WirelessSecurityWEPKey *
ws_wep_key_new (const char *glade_file,
NMConnection *connection,
NMWepKeyType type,
gboolean adhoc_create,
gboolean simple)
{
WirelessSecurityWEPKey *sec;
GtkWidget *widget;
GladeXML *xml;
NMSettingWirelessSecurity *s_wsec = NULL;
guint8 default_key_idx = 0;
gboolean is_adhoc = adhoc_create;
gboolean is_shared_key = FALSE;
g_return_val_if_fail (glade_file != NULL, NULL);
xml = glade_xml_new (glade_file, "wep_key_notebook", NULL);
if (xml == NULL) {
g_warning ("Couldn't get wep_key_widget from glade xml");
return NULL;
}
widget = glade_xml_get_widget (xml, "wep_key_notebook");
g_assert (widget);
g_object_ref_sink (widget);
sec = g_slice_new0 (WirelessSecurityWEPKey);
if (!sec) {
g_object_unref (xml);
g_object_unref (widget);
return NULL;
}
wireless_security_init (WIRELESS_SECURITY (sec),
validate,
add_to_size_group,
fill_connection,
update_secrets,
destroy,
xml,
widget,
"wep_key_entry");
sec->type = type;
widget = glade_xml_get_widget (xml, "wep_key_entry");
g_assert (widget);
gtk_entry_set_width_chars (GTK_ENTRY (widget), 28);
if (connection) {
NMSettingWireless *s_wireless;
const char *mode, *auth_alg;
s_wireless = (NMSettingWireless *) nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS);
mode = s_wireless ? nm_setting_wireless_get_mode (s_wireless) : NULL;
if (mode && !strcmp (mode, "adhoc"))
is_adhoc = TRUE;
s_wsec = NM_SETTING_WIRELESS_SECURITY (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS_SECURITY));
if (s_wsec) {
auth_alg = nm_setting_wireless_security_get_auth_alg (s_wsec);
if (auth_alg && !strcmp (auth_alg, "shared"))
is_shared_key = TRUE;
}
}
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) wireless_security_changed_cb,
sec);
g_signal_connect (G_OBJECT (widget), "insert-text",
(GCallback) wep_entry_filter_cb,
sec);
if (sec->type == NM_WEP_KEY_TYPE_KEY)
gtk_entry_set_max_length (GTK_ENTRY (widget), 26);
else if (sec->type == NM_WEP_KEY_TYPE_PASSPHRASE)
gtk_entry_set_max_length (GTK_ENTRY (widget), 64);
widget = glade_xml_get_widget (xml, "key_index_combo");
if (connection && s_wsec)
default_key_idx = nm_setting_wireless_security_get_wep_tx_keyidx (s_wsec);
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), default_key_idx);
sec->cur_index = default_key_idx;
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) key_index_combo_changed_cb,
sec);
/* Key index is useless with adhoc networks */
if (is_adhoc || simple) {
gtk_widget_hide (widget);
widget = glade_xml_get_widget (xml, "key_index_label");
gtk_widget_hide (widget);
}
/* Fill the key entry with the key for that index */
if (connection)
update_secrets (WIRELESS_SECURITY (sec), connection);
widget = glade_xml_get_widget (xml, "show_checkbutton");
g_assert (widget);
g_signal_connect (G_OBJECT (widget), "toggled",
(GCallback) show_toggled_cb,
sec);
widget = glade_xml_get_widget (xml, "auth_method_combo");
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), is_shared_key ? 1 : 0);
g_signal_connect (G_OBJECT (widget), "changed",
(GCallback) wireless_security_changed_cb,
sec);
/* Don't show auth method for adhoc (which always uses open-system) or
* when in "simple" mode.
*/
if (is_adhoc || simple) {
/* Ad-Hoc connections can't use Shared Key auth */
if (is_adhoc)
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0);
gtk_widget_hide (widget);
widget = glade_xml_get_widget (xml, "auth_method_label");
gtk_widget_hide (widget);
}
return sec;
}
