static void fill_connection (EAPMethod *parent, NMConnection *connection) { EAPMethodTLS *method = (EAPMethodTLS *) parent; NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; NMSetting8021x *s_8021x; GtkWidget *widget; char *ca_filename, *pk_filename, *cc_filename; const char *password = NULL; GError *error = NULL; const char *secret_flag_prop = NULL; s_8021x = nm_connection_get_setting_802_1x (connection); g_assert (s_8021x); if (parent->phase2) g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "tls", NULL); else nm_setting_802_1x_add_eap_method (s_8021x, "tls"); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_entry")); g_assert (widget); g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (GTK_ENTRY (widget)), NULL); /* TLS private key */ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_password_entry")); g_assert (widget); password = gtk_entry_get_text (GTK_ENTRY (widget)); g_assert (password); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_button")); g_assert (widget); pk_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); g_assert (pk_filename); if (parent->phase2) { if (!nm_setting_802_1x_set_phase2_private_key (s_8021x, pk_filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read phase2 private key '%s': %s", pk_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } secret_flag_prop = NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS; } else { if (!nm_setting_802_1x_set_private_key (s_8021x, pk_filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read private key '%s': %s", pk_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } secret_flag_prop = NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS; } g_free (pk_filename); /* Default to agent-owned secrets for new connections */ if (method->new_connection) { g_object_set (s_8021x, secret_flag_prop, NM_SETTING_SECRET_FLAG_AGENT_OWNED, NM_SETTING_802_1X_SYSTEM_CA_CERTS, TRUE, NULL); } /* TLS client certificate */ if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* If the key is pkcs#12 nm_setting_802_1x_set_private_key() already * set the client certificate for us. */ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_user_cert_button")); g_assert (widget); cc_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); g_assert (cc_filename); format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; if (parent->phase2) { if (!nm_setting_802_1x_set_phase2_client_cert (s_8021x, cc_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read phase2 client certificate '%s': %s", cc_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } else { if (!nm_setting_802_1x_set_client_cert (s_8021x, cc_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read client certificate '%s': %s", cc_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } g_free (cc_filename); } /* TLS CA certificate */ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_ca_cert_button")); g_assert (widget); ca_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; if (parent->phase2) { if (!nm_setting_802_1x_set_phase2_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read phase2 CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } else { if (!nm_setting_802_1x_set_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } }
static void fill_connection (EAPMethod *parent, NMConnection *connection) { EAPMethodTLS *method = (EAPMethodTLS *) parent; NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; NMSetting8021x *s_8021x; NMSettingConnection *s_con; GtkWidget *widget; char *ca_filename, *pk_filename, *cc_filename; const char *password = NULL; GError *error = NULL; s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); g_assert (s_con); s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X)); g_assert (s_8021x); if (method->phase2) g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "tls", NULL); else nm_setting_802_1x_add_eap_method (s_8021x, "tls"); widget = glade_xml_get_widget (parent->xml, "eap_tls_identity_entry"); g_assert (widget); g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (GTK_ENTRY (widget)), NULL); /* TLS private key */ widget = glade_xml_get_widget (parent->xml, "eap_tls_private_key_password_entry"); g_assert (widget); password = gtk_entry_get_text (GTK_ENTRY (widget)); g_assert (password); widget = glade_xml_get_widget (parent->xml, "eap_tls_private_key_button"); g_assert (widget); pk_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); g_assert (pk_filename); if (method->phase2) { if (!nm_setting_802_1x_set_phase2_private_key (s_8021x, pk_filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read phase2 private key '%s': %s", pk_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } else { if (!nm_setting_802_1x_set_private_key (s_8021x, pk_filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read private key '%s': %s", pk_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } g_free (pk_filename); /* TLS client certificate */ if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* If the key is pkcs#12 nm_setting_802_1x_set_private_key() already * set the client certificate for us. */ widget = glade_xml_get_widget (parent->xml, "eap_tls_user_cert_button"); g_assert (widget); cc_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); g_assert (cc_filename); format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; if (method->phase2) { if (!nm_setting_802_1x_set_phase2_client_cert (s_8021x, cc_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read phase2 client certificate '%s': %s", cc_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } else { if (!nm_setting_802_1x_set_client_cert (s_8021x, cc_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read client certificate '%s': %s", cc_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } g_free (cc_filename); } /* TLS CA certificate */ widget = glade_xml_get_widget (parent->xml, "eap_tls_ca_cert_button"); g_assert (widget); ca_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; if (method->phase2) { if (!nm_setting_802_1x_set_phase2_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read phase2 CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } else { if (!nm_setting_802_1x_set_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } nm_gconf_set_ignore_ca_cert (nm_setting_connection_get_uuid (s_con), method->phase2, eap_method_get_ignore_ca_cert (parent)); }
static NMConnection * make_tls_phase2_connection (const char *detail, NMSetting8021xCKScheme scheme) { NMConnection *connection; NMSettingConnection *s_con; NMSetting8021x *s_8021x; NMSettingWired *s_wired; NMSettingIP4Config *s_ip4; char *uuid; gboolean success; GError *error = NULL; connection = nm_connection_new (); ASSERT (connection != NULL, detail, "failed to allocate new connection"); /* Connection setting */ s_con = (NMSettingConnection *) nm_setting_connection_new (); ASSERT (s_con != NULL, detail, "failed to allocate new %s setting", NM_SETTING_CONNECTION_SETTING_NAME); nm_connection_add_setting (connection, NM_SETTING (s_con)); uuid = nm_utils_uuid_generate (); g_object_set (s_con, NM_SETTING_CONNECTION_ID, "Test Need TLS Secrets", NM_SETTING_CONNECTION_UUID, uuid, NM_SETTING_CONNECTION_AUTOCONNECT, TRUE, NM_SETTING_CONNECTION_TYPE, NM_SETTING_WIRED_SETTING_NAME, NULL); g_free (uuid); /* Wired setting */ s_wired = (NMSettingWired *) nm_setting_wired_new (); ASSERT (s_wired != NULL, detail, "failed to allocate new %s setting", NM_SETTING_WIRED_SETTING_NAME); nm_connection_add_setting (connection, NM_SETTING (s_wired)); /* Wireless security setting */ s_8021x = (NMSetting8021x *) nm_setting_802_1x_new (); ASSERT (s_8021x != NULL, detail, "failed to allocate new %s setting", NM_SETTING_802_1X_SETTING_NAME); nm_connection_add_setting (connection, NM_SETTING (s_8021x)); g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, "blahblah", NULL); g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, "Bill Smith", NULL); nm_setting_802_1x_add_eap_method (s_8021x, "ttls"); g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "tls", NULL); success = nm_setting_802_1x_set_phase2_ca_cert (s_8021x, TEST_NEED_SECRETS_EAP_TLS_CA_CERT, scheme, NULL, &error); ASSERT (success == TRUE, detail, "failed to set phase2 CA certificate '%s': %s", TEST_NEED_SECRETS_EAP_TLS_CA_CERT, error->message); success = nm_setting_802_1x_set_phase2_client_cert (s_8021x, TEST_NEED_SECRETS_EAP_TLS_CLIENT_CERT, scheme, NULL, &error); ASSERT (success == TRUE, detail, "failed to set phase2 client certificate '%s': %s", TEST_NEED_SECRETS_EAP_TLS_CLIENT_CERT, error->message); success = nm_setting_802_1x_set_phase2_private_key (s_8021x, TEST_NEED_SECRETS_EAP_TLS_PRIVATE_KEY, "test", scheme, NULL, &error); ASSERT (success == TRUE, detail, "failed to set phase2 private key '%s': %s", TEST_NEED_SECRETS_EAP_TLS_PRIVATE_KEY, error->message); /* IP4 setting */ s_ip4 = (NMSettingIP4Config *) nm_setting_ip4_config_new (); ASSERT (s_ip4 != NULL, detail, "failed to allocate new %s setting", NM_SETTING_IP4_CONFIG_SETTING_NAME); nm_connection_add_setting (connection, NM_SETTING (s_ip4)); g_object_set (s_ip4, NM_SETTING_IP4_CONFIG_METHOD, NM_SETTING_IP4_CONFIG_METHOD_AUTO, NULL); ASSERT (nm_connection_verify (connection, &error) == TRUE, detail, "failed to verify connection: %s", (error && error->message) ? error->message : "(unknown)"); return connection; }
static void fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFlags flags) { EAPMethodTLS *method = (EAPMethodTLS *) parent; NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; NMSetting8021x *s_8021x; NMSettingSecretFlags secret_flags; GtkWidget *widget, *passwd_entry; char *ca_filename, *pk_filename, *cc_filename; const char *password = NULL; GError *error = NULL; gboolean ca_cert_error = FALSE; s_8021x = nm_connection_get_setting_802_1x (connection); g_assert (s_8021x); if (parent->phase2) g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "tls", NULL); else nm_setting_802_1x_add_eap_method (s_8021x, "tls"); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_entry")); g_assert (widget); g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (GTK_ENTRY (widget)), NULL); /* TLS private key */ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_password_entry")); g_assert (widget); password = gtk_entry_get_text (GTK_ENTRY (widget)); g_assert (password); passwd_entry = widget; widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_button")); g_assert (widget); pk_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); g_assert (pk_filename); if (parent->phase2) { if (!nm_setting_802_1x_set_phase2_private_key (s_8021x, pk_filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read phase2 private key '%s': %s", pk_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } else { if (!nm_setting_802_1x_set_private_key (s_8021x, pk_filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read private key '%s': %s", pk_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } g_free (pk_filename); /* Save 802.1X password flags to the connection */ secret_flags = nma_utils_menu_to_secret_flags (passwd_entry); nm_setting_set_secret_flags (NM_SETTING (s_8021x), parent->password_flags_name, secret_flags, NULL); /* Update secret flags and popup when editing the connection */ if (method->editing_connection) { nma_utils_update_password_storage (passwd_entry, secret_flags, NM_SETTING (s_8021x), parent->password_flags_name); } /* TLS client certificate */ if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) { /* If the key is pkcs#12 nm_setting_802_1x_set_private_key() already * set the client certificate for us. */ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_user_cert_button")); g_assert (widget); cc_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); g_assert (cc_filename); format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; if (parent->phase2) { if (!nm_setting_802_1x_set_phase2_client_cert (s_8021x, cc_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read phase2 client certificate '%s': %s", cc_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } else { if (!nm_setting_802_1x_set_client_cert (s_8021x, cc_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read client certificate '%s': %s", cc_filename, error ? error->message : "(unknown)"); g_clear_error (&error); } } g_free (cc_filename); } /* TLS CA certificate */ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_ca_cert_button")); g_assert (widget); ca_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; if (parent->phase2) { if (!nm_setting_802_1x_set_phase2_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read phase2 CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)"); g_clear_error (&error); ca_cert_error = TRUE; } } else { if (!nm_setting_802_1x_set_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { g_warning ("Couldn't read CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)"); g_clear_error (&error); ca_cert_error = TRUE; } } eap_method_ca_cert_ignore_set (parent, connection, ca_filename, ca_cert_error); g_free (ca_filename); }