EAPMethodLEAP * eap_method_leap_new (WirelessSecurity *parent, NMConnection *connection) { EAPMethodLEAP *method; GtkWidget *widget; GtkBuilder *builder; method = g_slice_new0 (EAPMethodLEAP); if (!eap_method_init (EAP_METHOD (method), validate, add_to_size_group, fill_connection, destroy, "eap-leap.ui", "eap_leap_notebook")) { g_slice_free (EAPMethodLEAP, method); return NULL; } builder = EAP_METHOD (method)->builder; widget = GTK_WIDGET (gtk_builder_get_object (builder, "eap_leap_username_entry")); g_assert (widget); g_signal_connect (G_OBJECT (widget), "changed", (GCallback) wireless_security_changed_cb, parent); if (connection) { NMSetting8021x *s_8021x; s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X)); if (s_8021x && nm_setting_802_1x_get_identity (s_8021x)) gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_identity (s_8021x)); } widget = GTK_WIDGET (gtk_builder_get_object (builder, "eap_leap_password_entry")); g_assert (widget); g_signal_connect (G_OBJECT (widget), "changed", (GCallback) wireless_security_changed_cb, parent); /* Fill secrets, if any */ if (connection) { helper_fill_secret_entry (connection, GTK_ENTRY (widget), NM_TYPE_SETTING_802_1X, (HelperSecretFunc) nm_setting_802_1x_get_password, NM_SETTING_802_1X_SETTING_NAME, NM_SETTING_802_1X_PASSWORD); } widget = GTK_WIDGET (gtk_builder_get_object (builder, "eap_leap_show_checkbutton")); g_assert (widget); g_signal_connect (G_OBJECT (widget), "toggled", (GCallback) show_toggled_cb, method); return method; }
static void fill_connection (EAPMethod *parent, NMConnection *connection) { NMSetting8021x *s_8021x; GtkWidget *widget; const char *text; char *filename; EAPMethod *eap = NULL; GtkTreeModel *model; GtkTreeIter iter; s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X)); g_assert (s_8021x); nm_setting_802_1x_add_eap_method (s_8021x, "ttls"); widget = glade_xml_get_widget (parent->xml, "eap_ttls_anon_identity_entry"); g_assert (widget); text = gtk_entry_get_text (GTK_ENTRY (widget)); if (text && strlen (text)) g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL); widget = glade_xml_get_widget (parent->xml, "eap_ttls_ca_cert_button"); g_assert (widget); filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); if (filename) { g_object_set_data_full (G_OBJECT (connection), NMA_PATH_CA_CERT_TAG, g_strdup (filename), (GDestroyNotify) g_free); g_free (filename); } else { g_object_set_data (G_OBJECT (connection), NMA_PATH_CA_CERT_TAG, NULL); } if (eap_method_get_ignore_ca_cert (parent)) g_object_set_data (G_OBJECT (connection), NMA_CA_CERT_IGNORE_TAG, GUINT_TO_POINTER (TRUE)); else g_object_set_data (G_OBJECT (connection), NMA_CA_CERT_IGNORE_TAG, NULL); widget = glade_xml_get_widget (parent->xml, "eap_ttls_inner_auth_combo"); model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter); gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1); g_assert (eap); eap_method_fill_connection (eap, connection); eap_method_unref (eap); }
static void fill_connection (EAPMethod *parent, NMConnection *connection) { NMSetting8021x *s_8021x; GtkWidget *widget; s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X)); g_assert (s_8021x); nm_setting_802_1x_add_eap_method (s_8021x, "leap"); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_username_entry")); g_assert (widget); g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (GTK_ENTRY (widget)), NULL); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_password_entry")); g_assert (widget); g_object_set (s_8021x, NM_SETTING_802_1X_PASSWORD, gtk_entry_get_text (GTK_ENTRY (widget)), NULL); }
EAPMethodPEAP * eap_method_peap_new (const char *glade_file, WirelessSecurity *parent, NMConnection *connection) { EAPMethodPEAP *method; GtkWidget *widget; GladeXML *xml; GtkFileFilter *filter; NMSetting8021x *s_8021x = NULL; const char *filename; g_return_val_if_fail (glade_file != NULL, NULL); xml = glade_xml_new (glade_file, "eap_peap_notebook", NULL); if (xml == NULL) { g_warning ("Couldn't get eap_peap_widget from glade xml"); return NULL; } widget = glade_xml_get_widget (xml, "eap_peap_notebook"); g_assert (widget); g_object_ref_sink (widget); method = g_slice_new0 (EAPMethodPEAP); if (!method) { g_object_unref (xml); g_object_unref (widget); return NULL; } eap_method_init (EAP_METHOD (method), validate, add_to_size_group, fill_connection, destroy, xml, widget, "eap_peap_anon_identity_entry"); eap_method_nag_init (EAP_METHOD (method), glade_file, "eap_peap_ca_cert_button", connection); method->sec_parent = parent; if (connection) s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X)); widget = glade_xml_get_widget (xml, "eap_peap_ca_cert_button"); g_assert (widget); gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE); gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget), _("Choose a Certificate Authority certificate...")); g_signal_connect (G_OBJECT (widget), "selection-changed", (GCallback) wireless_security_changed_cb, parent); filter = eap_method_default_file_chooser_filter_new (FALSE); gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter); if (connection) { filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_CA_CERT_TAG); if (filename) gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename); } widget = inner_auth_combo_init (method, glade_file, connection, s_8021x); inner_auth_combo_changed_cb (widget, (gpointer) method); widget = glade_xml_get_widget (xml, "eap_peap_version_combo"); g_assert (widget); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0); if (s_8021x) { const char *peapver; peapver = nm_setting_802_1x_get_phase1_peapver (s_8021x); if (peapver) { /* Index 0 is "Automatic" */ if (!strcmp (peapver, "0")) gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1); else if (!strcmp (peapver, "1")) gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 2); } } g_signal_connect (G_OBJECT (widget), "changed", (GCallback) wireless_security_changed_cb, parent); widget = glade_xml_get_widget (xml, "eap_peap_anon_identity_entry"); if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x)) gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x)); g_signal_connect (G_OBJECT (widget), "changed", (GCallback) wireless_security_changed_cb, parent); return method; }
static NMSettingWirelessSecurity * get_security_for_ap (NMAccessPoint *ap, guint32 dev_caps, gboolean *supported, NMSetting8021x **s_8021x) { NMSettingWirelessSecurity *sec; NM80211Mode mode; guint32 flags; guint32 wpa_flags; guint32 rsn_flags; g_return_val_if_fail (NM_IS_ACCESS_POINT (ap), NULL); g_return_val_if_fail (supported != NULL, NULL); g_return_val_if_fail (*supported == TRUE, NULL); g_return_val_if_fail (s_8021x != NULL, NULL); g_return_val_if_fail (*s_8021x == NULL, NULL); sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); mode = nm_access_point_get_mode (ap); flags = nm_access_point_get_flags (ap); wpa_flags = nm_access_point_get_wpa_flags (ap); rsn_flags = nm_access_point_get_rsn_flags (ap); /* No security */ if ( !(flags & NM_802_11_AP_FLAGS_PRIVACY) && (wpa_flags == NM_802_11_AP_SEC_NONE) && (rsn_flags == NM_802_11_AP_SEC_NONE)) goto none; /* Static WEP, Dynamic WEP, or LEAP */ if (flags & NM_802_11_AP_FLAGS_PRIVACY) { if ((dev_caps & NM_WIFI_DEVICE_CAP_RSN) || (dev_caps & NM_WIFI_DEVICE_CAP_WPA)) { /* If the device can do WPA/RSN but the AP has no WPA/RSN informatoin * elements, it must be LEAP or static/dynamic WEP. */ if ((wpa_flags == NM_802_11_AP_SEC_NONE) && (rsn_flags == NM_802_11_AP_SEC_NONE)) { g_object_set (sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "none", NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX, 0, NULL); return sec; } /* Otherwise, the AP supports WPA or RSN, which is preferred */ } else { /* Device can't do WPA/RSN, but can at least pass through the * WPA/RSN information elements from a scan. Since Privacy was * advertised, LEAP or static/dynamic WEP must be in use. */ g_object_set (sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "none", NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX, 0, NULL); return sec; } } /* Stuff after this point requires infrastructure */ if (mode != NM_802_11_MODE_INFRA) { *supported = FALSE; goto none; } /* WPA2 PSK first */ if ( (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK) && (dev_caps & NM_WIFI_DEVICE_CAP_RSN)) { g_object_set (sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL); nm_setting_wireless_security_add_proto (sec, "rsn"); add_ciphers_from_flags (sec, rsn_flags, TRUE); add_ciphers_from_flags (sec, rsn_flags, FALSE); return sec; } /* WPA PSK */ if ( (wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK) && (dev_caps & NM_WIFI_DEVICE_CAP_WPA)) { g_object_set (sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL); nm_setting_wireless_security_add_proto (sec, "wpa"); add_ciphers_from_flags (sec, wpa_flags, TRUE); add_ciphers_from_flags (sec, wpa_flags, FALSE); return sec; } /* WPA2 Enterprise */ if ( (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X) && (dev_caps & NM_WIFI_DEVICE_CAP_RSN)) { g_object_set (sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", NULL); nm_setting_wireless_security_add_proto (sec, "rsn"); add_ciphers_from_flags (sec, rsn_flags, TRUE); add_ciphers_from_flags (sec, rsn_flags, FALSE); *s_8021x = NM_SETTING_802_1X (nm_setting_802_1x_new ()); nm_setting_802_1x_add_eap_method (*s_8021x, "ttls"); g_object_set (*s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "mschapv2", NULL); return sec; } /* WPA Enterprise */ if ( (wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X) && (dev_caps & NM_WIFI_DEVICE_CAP_WPA)) { g_object_set (sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", NULL); nm_setting_wireless_security_add_proto (sec, "wpa"); add_ciphers_from_flags (sec, wpa_flags, TRUE); add_ciphers_from_flags (sec, wpa_flags, FALSE); *s_8021x = NM_SETTING_802_1X (nm_setting_802_1x_new ()); nm_setting_802_1x_add_eap_method (*s_8021x, "ttls"); g_object_set (*s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "mschapv2", NULL); return sec; } *supported = FALSE; none: g_object_unref (sec); return NULL; }
EAPMethodTLS * eap_method_tls_new (const char *glade_file, WirelessSecurity *parent, NMConnection *connection, gboolean phase2) { EAPMethodTLS *method; GtkWidget *widget; GladeXML *xml; NMSetting8021x *s_8021x = NULL; g_return_val_if_fail (glade_file != NULL, NULL); xml = glade_xml_new (glade_file, "eap_tls_notebook", NULL); if (xml == NULL) { g_warning ("Couldn't get eap_tls_widget from glade xml"); return NULL; } widget = glade_xml_get_widget (xml, "eap_tls_notebook"); g_assert (widget); g_object_ref_sink (widget); method = g_slice_new0 (EAPMethodTLS); if (!method) { g_object_unref (xml); g_object_unref (widget); return NULL; } eap_method_init (EAP_METHOD (method), validate, add_to_size_group, fill_connection, update_secrets, destroy, xml, widget, "eap_tls_identity_entry"); eap_method_nag_init (EAP_METHOD (method), glade_file, "eap_tls_ca_cert_button", connection, phase2); method->phase2 = phase2; if (connection) s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X)); widget = glade_xml_get_widget (xml, "eap_tls_identity_entry"); g_assert (widget); g_signal_connect (G_OBJECT (widget), "changed", (GCallback) wireless_security_changed_cb, parent); if (s_8021x && nm_setting_802_1x_get_identity (s_8021x)) gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_identity (s_8021x)); setup_filepicker (xml, "eap_tls_user_cert_button", _("Choose your personal certificate..."), parent, method, s_8021x, phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme : nm_setting_802_1x_get_client_cert_scheme, phase2 ? nm_setting_802_1x_get_phase2_client_cert_path : nm_setting_802_1x_get_client_cert_path, FALSE, TRUE); setup_filepicker (xml, "eap_tls_ca_cert_button", _("Choose a Certificate Authority certificate..."), parent, method, s_8021x, phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme : nm_setting_802_1x_get_ca_cert_scheme, phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path : nm_setting_802_1x_get_ca_cert_path, FALSE, FALSE); setup_filepicker (xml, "eap_tls_private_key_button", _("Choose your private key..."), parent, method, s_8021x, phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : nm_setting_802_1x_get_private_key_scheme, phase2 ? nm_setting_802_1x_get_phase2_private_key_path : nm_setting_802_1x_get_private_key_path, TRUE, FALSE); /* Fill secrets, if any */ if (connection) update_secrets (EAP_METHOD (method), connection); widget = glade_xml_get_widget (xml, "eap_tls_private_key_password_entry"); g_assert (widget); g_signal_connect (G_OBJECT (widget), "changed", (GCallback) wireless_security_changed_cb, parent); widget = glade_xml_get_widget (xml, "show_checkbutton"); g_assert (widget); g_signal_connect (G_OBJECT (widget), "toggled", (GCallback) show_toggled_cb, method); return method; }
static void fill_connection (EAPMethod *parent, NMConnection *connection) { EAPMethodTLS *method = (EAPMethodTLS *) parent; NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; NMSetting8021x *s_8021x; NMSettingConnection *s_con; GtkWidget *widget; char *ca_filename, *pk_filename, *cc_filename; const char *password = NULL; GError *error = NULL; s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); g_assert (s_con); s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X)); g_assert (s_8021x); if (method->phase2) g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "tls", NULL); else nm_setting_802_1x_add_eap_method (s_8021x, "tls"); widget = glade_xml_get_widget (parent->xml, "eap_tls_identity_entry"); g_assert (widget); g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (GTK_ENTRY (widget)), NULL); /* TLS private key */ widget = glade_xml_get_widget (parent->xml, "eap_tls_private_key_password_entry"); g_assert (widget); password = gtk_entry_get_text (GTK_ENTRY (widget)); g_assert (password); widget = glade_xml_get_widget (parent->xml, "eap_tls_private_key_button"); g_assert (widget); pk_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); g_assert (pk_filename); if (method->phase2) { if (!nm_setting_802_1x_set_phase2_private_key (s_8021x, pk_filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read phase2 private key '%s': %s", pk_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } else { if (!nm_setting_802_1x_set_private_key (s_8021x, pk_filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read private key '%s': %s", pk_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } g_free (pk_filename); /* TLS client certificate */ if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* If the key is pkcs#12 nm_setting_802_1x_set_private_key() already * set the client certificate for us. */ widget = glade_xml_get_widget (parent->xml, "eap_tls_user_cert_button"); g_assert (widget); cc_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); g_assert (cc_filename); format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; if (method->phase2) { if (!nm_setting_802_1x_set_phase2_client_cert (s_8021x, cc_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read phase2 client certificate '%s': %s", cc_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } else { if (!nm_setting_802_1x_set_client_cert (s_8021x, cc_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read client certificate '%s': %s", cc_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } g_free (cc_filename); } /* TLS CA certificate */ widget = glade_xml_get_widget (parent->xml, "eap_tls_ca_cert_button"); g_assert (widget); ca_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; if (method->phase2) { if (!nm_setting_802_1x_set_phase2_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read phase2 CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } else { if (!nm_setting_802_1x_set_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } nm_gconf_set_ignore_ca_cert (nm_setting_connection_get_uuid (s_con), method->phase2, eap_method_get_ignore_ca_cert (parent)); }
static void fill_connection (EAPMethod *parent, NMConnection *connection) { EAPMethodTLS *method = (EAPMethodTLS *) parent; NMSetting8021xCKType key_type = NM_SETTING_802_1X_CK_TYPE_UNKNOWN; NMSetting8021x *s_8021x; GtkWidget *widget; char *filename, *pk_filename, *cc_filename; char *password = NULL; GError *error = NULL; s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X)); g_assert (s_8021x); if (method->phase2) g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "tls", NULL); else nm_setting_802_1x_add_eap_method (s_8021x, "tls"); widget = glade_xml_get_widget (parent->xml, "eap_tls_identity_entry"); g_assert (widget); g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (GTK_ENTRY (widget)), NULL); widget = glade_xml_get_widget (parent->xml, "eap_tls_private_key_password_entry"); g_assert (widget); password = g_strdup (gtk_entry_get_text (GTK_ENTRY (widget))); if (method->phase2) { g_object_set_data_full (G_OBJECT (connection), NMA_PHASE2_PRIVATE_KEY_PASSWORD_TAG, password, (GDestroyNotify) free_password); } else { g_object_set_data_full (G_OBJECT (connection), NMA_PRIVATE_KEY_PASSWORD_TAG, password, (GDestroyNotify) free_password); } /* TLS private key */ widget = glade_xml_get_widget (parent->xml, "eap_tls_private_key_button"); g_assert (widget); pk_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); g_assert (pk_filename); g_object_set_data_full (G_OBJECT (connection), method->phase2 ? NMA_PATH_PHASE2_PRIVATE_KEY_TAG : NMA_PATH_PRIVATE_KEY_TAG, g_strdup (pk_filename), (GDestroyNotify) g_free); if (method->phase2) { if (!nm_setting_802_1x_set_phase2_private_key_from_file (s_8021x, pk_filename, password, &key_type, &error)) { g_warning ("Couldn't read phase2 private key '%s': %s", pk_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } else { if (!nm_setting_802_1x_set_private_key_from_file (s_8021x, pk_filename, password, &key_type, &error)) { g_warning ("Couldn't read private key '%s': %s", pk_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } /* TLS client certificate */ if (key_type == NM_SETTING_802_1X_CK_TYPE_PKCS12) { /* if the key is pkcs#12, the cert is filled with the same data */ cc_filename = g_strdup (pk_filename); } else { widget = glade_xml_get_widget (parent->xml, "eap_tls_user_cert_button"); g_assert (widget); cc_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); } g_assert (cc_filename); g_object_set_data_full (G_OBJECT (connection), method->phase2 ? NMA_PATH_PHASE2_CLIENT_CERT_TAG : NMA_PATH_CLIENT_CERT_TAG, g_strdup (cc_filename), (GDestroyNotify) g_free); g_free (cc_filename); g_free (pk_filename); /* TLS CA certificate */ widget = glade_xml_get_widget (parent->xml, "eap_tls_ca_cert_button"); g_assert (widget); filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); if (filename) { g_object_set_data_full (G_OBJECT (connection), method->phase2 ? NMA_PATH_PHASE2_CA_CERT_TAG : NMA_PATH_CA_CERT_TAG, g_strdup (filename), (GDestroyNotify) g_free); g_free (filename); } else { g_object_set_data (G_OBJECT (connection), method->phase2 ? NMA_PATH_PHASE2_CA_CERT_TAG : NMA_PATH_CA_CERT_TAG, NULL); } if (eap_method_get_ignore_ca_cert (parent)) { g_object_set_data (G_OBJECT (connection), method->phase2 ? NMA_PHASE2_CA_CERT_IGNORE_TAG : NMA_CA_CERT_IGNORE_TAG, GUINT_TO_POINTER (TRUE)); } else { g_object_set_data (G_OBJECT (connection), method->phase2 ? NMA_PHASE2_CA_CERT_IGNORE_TAG : NMA_CA_CERT_IGNORE_TAG, NULL); } }
static void cert_writer (GKeyFile *file, const char *keyfile_dir, const char *uuid, NMSetting *setting, const char *key, const GValue *value) { const char *setting_name = nm_setting_get_name (setting); NMSetting8021xCKScheme scheme; NMSetting8021xCKFormat format; const char *path = NULL, *ext = "pem"; const ObjectType *objtype = NULL; int i; for (i = 0; i < G_N_ELEMENTS (objtypes) && objtypes[i].key; i++) { if (g_strcmp0 (objtypes[i].key, key) == 0) { objtype = &objtypes[i]; break; } } g_return_if_fail (objtype != NULL); scheme = objtypes->scheme_func (NM_SETTING_802_1X (setting)); if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) { path = objtype->path_func (NM_SETTING_802_1X (setting)); g_assert (path); /* If the path is rooted in the keyfile directory, just use a * relative path instead of an absolute one. */ if (g_str_has_prefix (path, keyfile_dir)) { path += strlen (keyfile_dir); while (*path == '/') path++; } g_key_file_set_string (file, setting_name, key, path); } else if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB) { const GByteArray *blob; gboolean success; GError *error = NULL; char *new_path; blob = objtype->blob_func (NM_SETTING_802_1X (setting)); g_assert (blob); if (objtype->format_func) { /* Get the extension for a private key */ format = objtype->format_func (NM_SETTING_802_1X (setting)); if (format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) ext = "p12"; } else { /* DER or PEM format certificate? */ if (blob->len > 2 && blob->data[0] == 0x30 && blob->data[1] == 0x82) ext = "der"; } /* Write the raw data out to the standard file so that we can use paths * from now on instead of pushing around the certificate data. */ new_path = g_strdup_printf ("%s/%s-%s.%s", keyfile_dir, uuid, objtype->suffix, ext); g_assert (new_path); success = write_cert_key_file (new_path, blob, &error); if (success) { /* Write the path value to the keyfile */ g_key_file_set_string (file, setting_name, key, new_path); } else { g_warning ("Failed to write certificate/key %s: %s", new_path, error->message); g_error_free (error); } g_free (new_path); } else g_assert_not_reached (); }
EAPMethodTLS * eap_method_tls_new (WirelessSecurity *parent, NMConnection *connection, gboolean phase2) { EAPMethodTLS *method; GtkBuilder *builder; GtkWidget *widget; NMSetting8021x *s_8021x = NULL; method = g_slice_new0 (EAPMethodTLS); if (!eap_method_init (EAP_METHOD (method), validate, add_to_size_group, fill_connection, destroy, "eap-tls.ui", "eap_tls_notebook")) { g_slice_free (EAPMethodTLS, method); return NULL; } builder = EAP_METHOD (method)->builder; eap_method_nag_init (EAP_METHOD (method), "ca-nag-dialog.ui", "eap_tls_ca_cert_button", connection, phase2); method->phase2 = phase2; if (connection) s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X)); widget = GTK_WIDGET (gtk_builder_get_object (builder, "eap_tls_identity_entry")); g_assert (widget); g_signal_connect (G_OBJECT (widget), "changed", (GCallback) wireless_security_changed_cb, parent); if (s_8021x && nm_setting_802_1x_get_identity (s_8021x)) gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_identity (s_8021x)); widget = GTK_WIDGET (gtk_builder_get_object (builder, "eap_tls_private_key_password_entry")); g_assert (widget); /* Fill secrets, if any */ if (connection) { helper_fill_secret_entry (connection, GTK_ENTRY (widget), NM_TYPE_SETTING_802_1X, phase2 ? (HelperSecretFunc) nm_setting_802_1x_get_phase2_private_key_password : (HelperSecretFunc) nm_setting_802_1x_get_private_key_password, NM_SETTING_802_1X_SETTING_NAME, phase2 ? NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD : NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD); } g_signal_connect (G_OBJECT (widget), "changed", (GCallback) wireless_security_changed_cb, parent); setup_filepicker (builder, "eap_tls_user_cert_button", _("Choose your personal certificate..."), parent, method, s_8021x, phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme : nm_setting_802_1x_get_client_cert_scheme, phase2 ? nm_setting_802_1x_get_phase2_client_cert_path : nm_setting_802_1x_get_client_cert_path, FALSE, TRUE); setup_filepicker (builder, "eap_tls_ca_cert_button", _("Choose a Certificate Authority certificate..."), parent, method, s_8021x, phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme : nm_setting_802_1x_get_ca_cert_scheme, phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path : nm_setting_802_1x_get_ca_cert_path, FALSE, FALSE); setup_filepicker (builder, "eap_tls_private_key_button", _("Choose your private key..."), parent, method, s_8021x, phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : nm_setting_802_1x_get_private_key_scheme, phase2 ? nm_setting_802_1x_get_phase2_private_key_path : nm_setting_802_1x_get_private_key_path, TRUE, FALSE); widget = GTK_WIDGET (gtk_builder_get_object (builder, "eap_tls_show_checkbutton")); g_assert (widget); g_signal_connect (G_OBJECT (widget), "toggled", (GCallback) show_toggled_cb, method); return method; }