static void fill_connection (WirelessSecurity *parent, NMConnection *connection) { NMSettingWirelessSecurity *s_wireless_sec; ws_802_1x_fill_connection (parent, "dynamic_wep_auth_combo", connection); s_wireless_sec = nm_connection_get_setting_wireless_security (connection); g_assert (s_wireless_sec); g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "ieee8021x", NULL); nm_setting_wireless_security_add_pairwise (s_wireless_sec, "wep40"); nm_setting_wireless_security_add_pairwise (s_wireless_sec, "wep104"); nm_setting_wireless_security_add_group (s_wireless_sec, "wep40"); nm_setting_wireless_security_add_group (s_wireless_sec, "wep104"); }
static void fill_connection (WirelessSecurity *parent, NMConnection *connection) { WirelessSecurityWPAPSK *wpa_psk = (WirelessSecurityWPAPSK *) parent; GtkWidget *widget, *passwd_entry; const char *key; NMSettingWireless *s_wireless; NMSettingWirelessSecurity *s_wireless_sec; NMSettingSecretFlags secret_flags; const char *mode; gboolean is_adhoc = FALSE; s_wireless = nm_connection_get_setting_wireless (connection); g_assert (s_wireless); mode = nm_setting_wireless_get_mode (s_wireless); if (mode && !strcmp (mode, "adhoc")) is_adhoc = TRUE; /* Blow away the old security setting by adding a clear one */ s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wpa_psk_entry")); passwd_entry = widget; key = gtk_entry_get_text (GTK_ENTRY (widget)); g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_PSK, key, NULL); /* Save PSK_FLAGS to the connection */ secret_flags = nma_utils_menu_to_secret_flags (passwd_entry); nm_setting_set_secret_flags (NM_SETTING (s_wireless_sec), NM_SETTING_WIRELESS_SECURITY_PSK, secret_flags, NULL); /* Update secret flags and popup when editing the connection */ if (wpa_psk->editing_connection) nma_utils_update_password_storage (passwd_entry, secret_flags, NM_SETTING (s_wireless_sec), wpa_psk->password_flags_name); wireless_security_clear_ciphers (connection); if (is_adhoc) { /* Ad-Hoc settings as specified by the supplicant */ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-none", NULL); nm_setting_wireless_security_add_proto (s_wireless_sec, "wpa"); nm_setting_wireless_security_add_pairwise (s_wireless_sec, "none"); /* Ad-hoc can only have _one_ group cipher... default to TKIP to be more * compatible for now. Maybe we'll support selecting CCMP later. */ nm_setting_wireless_security_add_group (s_wireless_sec, "tkip"); } else { g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL); /* Just leave ciphers and protocol empty, the supplicant will * figure that out magically based on the AP IEs and card capabilities. */ } }
static void add_ciphers_from_flags (NMSettingWirelessSecurity *sec, guint32 flags, gboolean pairwise) { if (pairwise) { if (flags & NM_802_11_AP_SEC_PAIR_TKIP) nm_setting_wireless_security_add_pairwise (sec, "tkip"); if (flags & NM_802_11_AP_SEC_PAIR_CCMP) nm_setting_wireless_security_add_pairwise (sec, "ccmp"); } else { if (flags & NM_802_11_AP_SEC_GROUP_WEP40) nm_setting_wireless_security_add_group (sec, "wep40"); if (flags & NM_802_11_AP_SEC_GROUP_WEP104) nm_setting_wireless_security_add_group (sec, "wep104"); if (flags & NM_802_11_AP_SEC_GROUP_TKIP) nm_setting_wireless_security_add_group (sec, "tkip"); if (flags & NM_802_11_AP_SEC_GROUP_CCMP) nm_setting_wireless_security_add_group (sec, "ccmp"); } }
static void fill_connection (WirelessSecurity *parent, NMConnection *connection) { GtkWidget *widget; const char *key; NMSettingWireless *s_wireless; NMSettingWirelessSecurity *s_wireless_sec; const char *mode; gboolean is_adhoc = FALSE; s_wireless = NM_SETTING_WIRELESS (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS)); g_assert (s_wireless); mode = nm_setting_wireless_get_mode (s_wireless); if (mode && !strcmp (mode, "adhoc")) is_adhoc = TRUE; g_object_set (s_wireless, NM_SETTING_WIRELESS_SEC, NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NULL); /* Blow away the old security setting by adding a clear one */ s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec); widget = glade_xml_get_widget (parent->xml, "wpa_psk_entry"); key = gtk_entry_get_text (GTK_ENTRY (widget)); g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_PSK, key, NULL); wireless_security_clear_ciphers (connection); if (is_adhoc) { /* Ad-Hoc settings as specified by the supplicant */ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-none", NULL); nm_setting_wireless_security_add_proto (s_wireless_sec, "wpa"); nm_setting_wireless_security_add_pairwise (s_wireless_sec, "none"); /* Ad-hoc can only have _one_ group cipher... default to TKIP to be more * compatible for now. Maybe we'll support selecting CCMP later. */ nm_setting_wireless_security_add_group (s_wireless_sec, "tkip"); } else { g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL); /* Just leave ciphers and protocol empty, the supplicant will * figure that out magically based on the AP IEs and card capabilities. */ } }
static void test_wifi_wpa_psk (const char *detail, OptType key_type, const char *key_data, const unsigned char *expected, size_t expected_size) { NMConnection *connection; NMSettingConnection *s_con; NMSettingWireless *s_wifi; NMSettingWirelessSecurity *s_wsec; NMSettingIP4Config *s_ip4; NMSupplicantConfig *config; GHashTable *hash; char *uuid; gboolean success; GError *error = NULL; GByteArray *ssid; const unsigned char ssid_data[] = { 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x53, 0x49, 0x44 }; GByteArray *bssid; const unsigned char bssid_data[] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66 }; const char *bssid_str = "11:22:33:44:55:66"; connection = nm_connection_new (); ASSERT (connection != NULL, detail, "failed to allocate new connection"); /* Connection setting */ s_con = (NMSettingConnection *) nm_setting_connection_new (); ASSERT (s_con != NULL, detail, "failed to allocate new %s setting", NM_SETTING_CONNECTION_SETTING_NAME); nm_connection_add_setting (connection, NM_SETTING (s_con)); uuid = nm_utils_uuid_generate (); g_object_set (s_con, NM_SETTING_CONNECTION_ID, "Test Wifi WEP Key", NM_SETTING_CONNECTION_UUID, uuid, NM_SETTING_CONNECTION_AUTOCONNECT, TRUE, NM_SETTING_CONNECTION_TYPE, NM_SETTING_WIRELESS_SETTING_NAME, NULL); g_free (uuid); /* Wifi setting */ s_wifi = (NMSettingWireless *) nm_setting_wireless_new (); ASSERT (s_wifi != NULL, detail, "failed to allocate new %s setting", NM_SETTING_WIRELESS_SETTING_NAME); nm_connection_add_setting (connection, NM_SETTING (s_wifi)); ssid = g_byte_array_sized_new (sizeof (ssid_data)); g_byte_array_append (ssid, ssid_data, sizeof (ssid_data)); bssid = g_byte_array_sized_new (sizeof (bssid_data)); g_byte_array_append (bssid, bssid_data, sizeof (bssid_data)); g_object_set (s_wifi, NM_SETTING_WIRELESS_SSID, ssid, NM_SETTING_WIRELESS_BSSID, bssid, NM_SETTING_WIRELESS_MODE, "infrastructure", NM_SETTING_WIRELESS_BAND, "bg", NM_SETTING_WIRELESS_SEC, NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NULL); g_byte_array_free (ssid, TRUE); g_byte_array_free (bssid, TRUE); /* Wifi Security setting */ s_wsec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); ASSERT (s_wsec != NULL, detail, "failed to allocate new %s setting", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME); nm_connection_add_setting (connection, NM_SETTING (s_wsec)); g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NM_SETTING_WIRELESS_SECURITY_PSK, key_data, NULL); nm_setting_wireless_security_add_proto (s_wsec, "wpa"); nm_setting_wireless_security_add_proto (s_wsec, "rsn"); nm_setting_wireless_security_add_pairwise (s_wsec, "tkip"); nm_setting_wireless_security_add_pairwise (s_wsec, "ccmp"); nm_setting_wireless_security_add_group (s_wsec, "tkip"); nm_setting_wireless_security_add_group (s_wsec, "ccmp"); /* IP4 setting */ s_ip4 = (NMSettingIP4Config *) nm_setting_ip4_config_new (); ASSERT (s_ip4 != NULL, detail, "failed to allocate new %s setting", NM_SETTING_IP4_CONFIG_SETTING_NAME); nm_connection_add_setting (connection, NM_SETTING (s_ip4)); g_object_set (s_ip4, NM_SETTING_IP4_CONFIG_METHOD, NM_SETTING_IP4_CONFIG_METHOD_AUTO, NULL); ASSERT (nm_connection_verify (connection, &error) == TRUE, detail, "failed to verify connection: %s", (error && error->message) ? error->message : "(unknown)"); config = nm_supplicant_config_new (); ASSERT (config != NULL, detail, "failed to create new supplicant config"); success = nm_supplicant_config_add_setting_wireless (config, s_wifi, TRUE, 0, TRUE); ASSERT (success == TRUE, detail, "failed to add wireless setting to supplicant config."); success = nm_supplicant_config_add_setting_wireless_security (config, s_wsec, NULL, "376aced7-b28c-46be-9a62-fcdf072571da"); ASSERT (success == TRUE, detail, "failed to add wireless security to supplicant config."); hash = nm_supplicant_config_get_hash (config); ASSERT (hash != NULL, detail, "failed to hash supplicant config options."); validate_opt (detail, hash, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1), -1); validate_opt (detail, hash, "ssid", TYPE_BYTES, ssid_data, sizeof (ssid_data)); validate_opt (detail, hash, "bssid", TYPE_KEYWORD, bssid_str, -1); validate_opt (detail, hash, "key_mgmt", TYPE_KEYWORD, "WPA-PSK", -1); validate_opt (detail, hash, "proto", TYPE_KEYWORD, "WPA RSN", -1); validate_opt (detail, hash, "pairwise", TYPE_KEYWORD, "TKIP CCMP", -1); validate_opt (detail, hash, "group", TYPE_KEYWORD, "TKIP CCMP", -1); validate_opt (detail, hash, "psk", key_type, expected, expected_size); g_object_unref (connection); }
gboolean nm_ap_utils_complete_connection (const GByteArray *ap_ssid, const guint8 ap_bssid[ETH_ALEN], NM80211Mode ap_mode, guint32 ap_flags, guint32 ap_wpa_flags, guint32 ap_rsn_flags, NMConnection *connection, gboolean lock_bssid, GError **error) { NMSettingWireless *s_wifi; NMSettingWirelessSecurity *s_wsec; NMSetting8021x *s_8021x; const GByteArray *ssid; const char *mode, *key_mgmt, *auth_alg, *leap_username; gboolean adhoc = FALSE; s_wifi = nm_connection_get_setting_wireless (connection); g_assert (s_wifi); s_wsec = nm_connection_get_setting_wireless_security (connection); s_8021x = nm_connection_get_setting_802_1x (connection); /* Fill in missing SSID */ ssid = nm_setting_wireless_get_ssid (s_wifi); if (!ssid) g_object_set (G_OBJECT (s_wifi), NM_SETTING_WIRELESS_SSID, ap_ssid, NULL); else if ( ssid->len != ap_ssid->len || memcmp (ssid->data, ap_ssid->data, ssid->len)) { g_set_error_literal (error, NM_SETTING_WIRELESS_ERROR, NM_SETTING_WIRELESS_ERROR_INVALID_PROPERTY, "Setting SSID did not match AP SSID"); return FALSE; } if (lock_bssid && !nm_setting_wireless_get_bssid (s_wifi)) { GByteArray *bssid; bssid = g_byte_array_sized_new (ETH_ALEN); g_byte_array_append (bssid, ap_bssid, ETH_ALEN); g_object_set (G_OBJECT (s_wifi), NM_SETTING_WIRELESS_BSSID, bssid, NULL); g_byte_array_free (bssid, TRUE); } /* And mode */ mode = nm_setting_wireless_get_mode (s_wifi); if (mode) { gboolean valid = FALSE; /* Make sure the supplied mode matches the AP's */ if (!strcmp (mode, NM_SETTING_WIRELESS_MODE_INFRA)) { if (ap_mode == NM_802_11_MODE_INFRA) valid = TRUE; } else if (!strcmp (mode, NM_SETTING_WIRELESS_MODE_ADHOC)) { if (ap_mode == NM_802_11_MODE_ADHOC) valid = TRUE; adhoc = TRUE; } if (valid == FALSE) { g_set_error (error, NM_SETTING_WIRELESS_ERROR, NM_SETTING_WIRELESS_ERROR_INVALID_PROPERTY, NM_SETTING_WIRELESS_MODE); return FALSE; } } else { mode = NM_SETTING_WIRELESS_MODE_INFRA; if (ap_mode == NM_802_11_MODE_ADHOC) { mode = NM_SETTING_WIRELESS_MODE_ADHOC; adhoc = TRUE; } g_object_set (G_OBJECT (s_wifi), NM_SETTING_WIRELESS_MODE, mode, NULL); } /* Security */ /* Open */ if ( !(ap_flags & NM_802_11_AP_FLAGS_PRIVACY) && (ap_wpa_flags == NM_802_11_AP_SEC_NONE) && (ap_rsn_flags == NM_802_11_AP_SEC_NONE)) { /* Make sure the connection doesn't specify security */ if (nm_setting_wireless_get_security (s_wifi) || s_wsec || s_8021x) { g_set_error_literal (error, NM_SETTING_WIRELESS_SECURITY_ERROR, NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, "AP is unencrypted but setting specifies security"); return FALSE; } return TRUE; } /* Everything else requires security */ g_object_set (G_OBJECT (s_wifi), NM_SETTING_WIRELESS_SEC, NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NULL); if (!s_wsec) { s_wsec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); nm_connection_add_setting (connection, NM_SETTING (s_wsec)); } key_mgmt = nm_setting_wireless_security_get_key_mgmt (s_wsec); auth_alg = nm_setting_wireless_security_get_auth_alg (s_wsec); leap_username = nm_setting_wireless_security_get_leap_username (s_wsec); /* Ad-Hoc checks */ if (!verify_adhoc (s_wsec, s_8021x, adhoc, error)) return FALSE; /* Static WEP, Dynamic WEP, or LEAP */ if ( (ap_flags & NM_802_11_AP_FLAGS_PRIVACY) && (ap_wpa_flags == NM_802_11_AP_SEC_NONE) && (ap_rsn_flags == NM_802_11_AP_SEC_NONE)) { const char *tag = "WEP"; gboolean is_dynamic_wep = FALSE; if (!verify_leap (s_wsec, s_8021x, adhoc, error)) return FALSE; if (leap_username) { tag = "LEAP"; } else { /* Static or Dynamic WEP */ if (!verify_dynamic_wep (s_wsec, s_8021x, adhoc, error)) return FALSE; if (s_8021x || (key_mgmt && !strcmp (key_mgmt, "ieee8021x"))) { is_dynamic_wep = TRUE; tag = "Dynamic WEP"; } } /* Nothing WPA-related can be set */ if (!verify_no_wpa (s_wsec, tag, error)) return FALSE; if (leap_username) { /* LEAP */ g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "ieee8021x", NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "leap", NULL); } else if (is_dynamic_wep) { /* Dynamic WEP */ g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "ieee8021x", NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "open", NULL); nm_setting_wireless_security_add_pairwise (s_wsec, "wep40"); nm_setting_wireless_security_add_pairwise (s_wsec, "wep104"); nm_setting_wireless_security_add_group (s_wsec, "wep40"); nm_setting_wireless_security_add_group (s_wsec, "wep104"); if (s_8021x) { /* Dynamic WEP requires a valid 802.1x setting since we can't * autocomplete 802.1x. */ if (!nm_setting_verify (NM_SETTING (s_8021x), NULL, error)) return FALSE; } } else { /* Static WEP */ g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "none", NULL); } return TRUE; } /* WPA/RSN */ g_assert (ap_wpa_flags || ap_rsn_flags); /* Ensure key management is valid for WPA */ if ((key_mgmt && !strcmp (key_mgmt, "ieee8021x")) || leap_username) { g_set_error_literal (error, NM_SETTING_WIRELESS_SECURITY_ERROR, NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, "WPA incompatible with non-EAP (original) LEAP or Dynamic WEP"); return FALSE; } /* 'shared' auth incompatible with any type of WPA */ if (auth_alg && strcmp (auth_alg, "open")) { g_set_error_literal (error, NM_SETTING_WIRELESS_SECURITY_ERROR, NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, "WPA incompatible with Shared Key authentication"); return FALSE; } if (!verify_no_wep (s_wsec, "WPA", error)) return FALSE; if (!verify_wpa_psk (s_wsec, s_8021x, adhoc, ap_wpa_flags, ap_rsn_flags, error)) return FALSE; if (!adhoc && !verify_wpa_eap (s_wsec, s_8021x, ap_wpa_flags, ap_rsn_flags, error)) return FALSE; if (adhoc) { g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-none", NULL); /* Ad-Hoc does not support RSN/WPA2 */ nm_setting_wireless_security_add_proto (s_wsec, "wpa"); nm_setting_wireless_security_add_pairwise (s_wsec, "none"); nm_setting_wireless_security_add_group (s_wsec, "tkip"); } else if (s_8021x) { g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "open", NULL); /* Leave proto/pairwise/group as client set them; if they are unset the * supplicant will figure out the best combination at connect time. */ /* 802.1x also requires the client to completely fill in the 8021x * setting. Since there's so much configuration required for it, there's * no way it can be automatically completed. */ } else if ( (key_mgmt && !strcmp (key_mgmt, "wpa-psk")) || (ap_wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK) || (ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK)) { g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "open", NULL); /* Leave proto/pairwise/group as client set them; if they are unset the * supplicant will figure out the best combination at connect time. */ } else { g_set_error_literal (error, NM_SETTING_WIRELESS_SECURITY_ERROR, NM_SETTING_WIRELESS_SECURITY_ERROR_INVALID_PROPERTY, "Failed to determine AP security information"); return FALSE; } return TRUE; }