Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:13.2:Update
NetworkManager-gnome
nm-applet-probe-radius-server-cert.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nm-applet-probe-radius-server-cert.patch of Package NetworkManager-gnome
From 3905d452df85a9da2a46cd82de41c4be17ad8cb2 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <chingpang@gmail.com> Date: Wed, 18 Jul 2012 14:52:29 +0800 Subject: [PATCH 1/5] security: new entry for the subject and support server hash --- src/wireless-security/eap-method-peap.c | 86 +++++++++++++++++++++++++++++++ src/wireless-security/eap-method-peap.ui | 74 ++++++++++++++++++++------ src/wireless-security/eap-method-tls.c | 73 ++++++++++++++++++++++++++ src/wireless-security/eap-method-tls.ui | 63 ++++++++++++++++------ src/wireless-security/eap-method-ttls.c | 86 +++++++++++++++++++++++++++++++ src/wireless-security/eap-method-ttls.ui | 66 +++++++++++++++++++----- src/wireless-security/wireless-security.c | 22 ++++++++ src/wireless-security/wireless-security.h | 3 ++ 8 files changed, 426 insertions(+), 47 deletions(-) diff --git a/src/wireless-security/eap-method-peap.c b/src/wireless-security/eap-method-peap.c index d4fa7db..e8d09ee 100644 --- a/src/wireless-security/eap-method-peap.c +++ b/src/wireless-security/eap-method-peap.c @@ -35,6 +35,8 @@ #define I_NAME_COLUMN 0 #define I_METHOD_COLUMN 1 +#define SUBJECT_NOTE _("<will be filled automatically>") + struct _EAPMethodPEAP { EAPMethod parent; @@ -107,6 +109,10 @@ add_to_size_group (EAPMethod *parent, GtkSizeGroup *group) g_assert (widget); gtk_size_group_add_widget (group, widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_subject_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_label")); g_assert (widget); gtk_size_group_add_widget (group, widget); @@ -156,6 +162,12 @@ fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFla if (text && strlen (text)) g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_subject_entry")); + g_assert (widget); + text = gtk_entry_get_text (GTK_ENTRY (widget)); + if (text && strlen (text) && g_strcmp0 (text, SUBJECT_NOTE) != 0) + g_object_set (s_8021x, NM_SETTING_802_1X_SUBJECT_MATCH, text, NULL); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_button")); g_assert (widget); filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); @@ -327,6 +339,37 @@ update_secrets (EAPMethod *parent, NMConnection *connection) I_METHOD_COLUMN); } +static gboolean +subject_entry_focus_in_cb (GtkWidget *widget, + GdkEvent *event, + gpointer user_data) +{ + const char *text = gtk_entry_get_text (GTK_ENTRY (widget)); + if (g_strcmp0 (text, SUBJECT_NOTE) == 0) { + gtk_entry_set_text (GTK_ENTRY (widget), ""); + gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, NULL); + } + return FALSE; +} + +static gboolean +subject_entry_focus_out_cb (GtkWidget *widget, + GdkEvent *event, + gpointer user_data) +{ + const char *text = gtk_entry_get_text (GTK_ENTRY (widget)); + GtkStyleContext *context; + GdkRGBA color; + + if (!text || !strlen (text)) { + gtk_entry_set_text (GTK_ENTRY (widget), SUBJECT_NOTE); + context = gtk_widget_get_style_context (widget); + gtk_style_context_get_color (context, GTK_STATE_FLAG_INSENSITIVE, &color); + gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, &color); + } + return FALSE; +} + EAPMethodPEAP * eap_method_peap_new (WirelessSecurity *ws_parent, NMConnection *connection, @@ -414,6 +457,43 @@ eap_method_peap_new (WirelessSecurity *ws_parent, (GCallback) wireless_security_changed_cb, ws_parent); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_subject_entry")); + if (s_8021x) { + const char *text = nm_setting_802_1x_get_subject_match (s_8021x); + if (!text) { + GtkStyleContext *context; + GdkRGBA color; + context = gtk_widget_get_style_context (widget); + gtk_style_context_get_color (context, GTK_STATE_FLAG_INSENSITIVE, &color); + gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, &color); + gtk_entry_set_text (GTK_ENTRY (widget), SUBJECT_NOTE); + } else { + gtk_entry_set_text (GTK_ENTRY (widget), text); + } + g_signal_connect (G_OBJECT (widget), "focus-in-event", + (GCallback) subject_entry_focus_in_cb, + NULL); + g_signal_connect (G_OBJECT (widget), "focus-out-event", + (GCallback) subject_entry_focus_out_cb, + NULL); + } + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) wireless_security_changed_cb, + ws_parent); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_note_label")); + if (s_8021x) { + NMSetting8021xCKScheme cert_scheme; + cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x); + if (cert_scheme == NM_SETTING_802_1X_CK_SCHEME_HASH) { + gtk_label_set_text (GTK_LABEL (widget), + _("<b>Note:</b> Server hash is used instead of CA certificate")); + gtk_label_set_use_markup (GTK_LABEL (widget), TRUE); + } else { + gtk_widget_hide (widget); + } + } + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_entry")); if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x)) gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x)); @@ -426,12 +506,18 @@ eap_method_peap_new (WirelessSecurity *ws_parent, gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_entry")); gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_subject_label")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_subject_entry")); + gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_label")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_button")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_not_required_checkbox")); gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_note_label")); + gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_label")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo")); diff --git a/src/wireless-security/eap-method-peap.ui b/src/wireless-security/eap-method-peap.ui index 3bb455a..a158408 100644 --- a/src/wireless-security/eap-method-peap.ui +++ b/src/wireless-security/eap-method-peap.ui @@ -38,7 +38,7 @@ <object class="GtkTable" id="table13"> <property name="visible">True</property> <property name="can_focus">False</property> - <property name="n_rows">5</property> + <property name="n_rows">8</property> <property name="n_columns">2</property> <property name="column_spacing">12</property> <property name="row_spacing">6</property> @@ -69,6 +69,35 @@ </packing> </child> <child> + <object class="GtkLabel" id="eap_peap_subject_label"> + <property name="visible">True</property> + <property name="xalign">0</property> + <property name="label" translatable="yes">_Subject:</property> + <property name="use_underline">True</property> + <property name="mnemonic_widget">eap_peap_subject_entry</property> + </object> + <packing> + <property name="top_attach">1</property> + <property name="bottom_attach">2</property> + <property name="x_options">GTK_FILL</property> + <property name="y_options"></property> + </packing> + </child> + <child> + <object class="GtkEntry" id="eap_peap_subject_entry"> + <property name="visible">True</property> + <property name="can_focus">True</property> + <property name="activates_default">True</property> + </object> + <packing> + <property name="left_attach">1</property> + <property name="right_attach">2</property> + <property name="top_attach">1</property> + <property name="bottom_attach">2</property> + <property name="y_options"></property> + </packing> + </child> + <child> <object class="GtkLabel" id="eap_peap_ca_cert_label"> <property name="visible">True</property> <property name="can_focus">False</property> @@ -78,8 +107,8 @@ <property name="mnemonic_widget">eap_peap_ca_cert_button</property> </object> <packing> - <property name="top_attach">1</property> - <property name="bottom_attach">2</property> + <property name="top_attach">2</property> + <property name="bottom_attach">3</property> <property name="x_options">GTK_FILL</property> <property name="y_options"/> </packing> @@ -92,8 +121,8 @@ <packing> <property name="left_attach">1</property> <property name="right_attach">2</property> - <property name="top_attach">1</property> - <property name="bottom_attach">2</property> + <property name="top_attach">2</property> + <property name="bottom_attach">3</property> <property name="x_options">GTK_FILL</property> <property name="y_options">GTK_FILL</property> </packing> @@ -111,13 +140,24 @@ <packing> <property name="left_attach">1</property> <property name="right_attach">2</property> - <property name="top_attach">2</property> - <property name="bottom_attach">3</property> + <property name="top_attach">3</property> + <property name="bottom_attach">4</property> <property name="x_options">GTK_FILL</property> <property name="y_options"/> </packing> </child> <child> + <object class="GtkLabel" id="eap_peap_note_label"> + <property name="visible">True</property> + <property name="label" translatable="yes">Note</property> + </object> + <packing> + <property name="right_attach">2</property> + <property name="top_attach">4</property> + <property name="bottom_attach">5</property> + </packing> + </child> + <child> <object class="GtkVBox" id="eap_peap_inner_auth_vbox"> <property name="visible">True</property> <property name="can_focus">False</property> @@ -127,8 +167,8 @@ </object> <packing> <property name="right_attach">2</property> - <property name="top_attach">5</property> - <property name="bottom_attach">6</property> + <property name="top_attach">7</property> + <property name="bottom_attach">8</property> <property name="x_options">GTK_FILL</property> </packing> </child> @@ -142,8 +182,8 @@ <property name="mnemonic_widget">eap_peap_inner_auth_combo</property> </object> <packing> - <property name="top_attach">4</property> - <property name="bottom_attach">5</property> + <property name="top_attach">6</property> + <property name="bottom_attach">7</property> <property name="x_options">GTK_FILL</property> <property name="y_options"/> </packing> @@ -163,8 +203,8 @@ <packing> <property name="left_attach">1</property> <property name="right_attach">2</property> - <property name="top_attach">4</property> - <property name="bottom_attach">5</property> + <property name="top_attach">6</property> + <property name="bottom_attach">7</property> <property name="x_options">GTK_FILL</property> <property name="y_options">GTK_FILL</property> </packing> @@ -179,8 +219,8 @@ <property name="mnemonic_widget">eap_peap_version_combo</property> </object> <packing> - <property name="top_attach">3</property> - <property name="bottom_attach">4</property> + <property name="top_attach">5</property> + <property name="bottom_attach">6</property> <property name="x_options">GTK_FILL</property> <property name="y_options"/> </packing> @@ -200,8 +240,8 @@ <packing> <property name="left_attach">1</property> <property name="right_attach">2</property> - <property name="top_attach">3</property> - <property name="bottom_attach">4</property> + <property name="top_attach">5</property> + <property name="bottom_attach">6</property> <property name="x_options">GTK_FILL</property> <property name="y_options">GTK_FILL</property> </packing> diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c index 6daa8f8..d64eddb 100644 --- a/src/wireless-security/eap-method-tls.c +++ b/src/wireless-security/eap-method-tls.c @@ -34,6 +34,8 @@ #include "helpers.h" #include "utils.h" +#define SUBJECT_NOTE _("<will be filled automatically>") + struct _EAPMethodTLS { EAPMethod parent; @@ -123,6 +125,10 @@ add_to_size_group (EAPMethod *parent, GtkSizeGroup *group) g_assert (widget); gtk_size_group_add_widget (group, widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_subject_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_label")); g_assert (widget); gtk_size_group_add_widget (group, widget); @@ -140,6 +146,7 @@ fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFla NMSetting8021x *s_8021x; GtkWidget *widget, *passwd_entry; char *ca_filename, *pk_filename, *cc_filename; + const char *subject; const char *password = NULL; GError *error = NULL; gboolean ca_cert_error = FALSE; @@ -232,6 +239,12 @@ fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFla } eap_method_ca_cert_ignore_set (parent, connection, ca_filename, ca_cert_error); g_free (ca_filename); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_subject_entry")); + g_assert (widget); + subject = gtk_entry_get_text (GTK_ENTRY (widget)); + if (subject && strlen (subject) && g_strcmp0 (subject, SUBJECT_NOTE) != 0) + g_object_set (s_8021x, NM_SETTING_802_1X_SUBJECT_MATCH, subject, NULL); } static void @@ -400,6 +413,37 @@ update_secrets (EAPMethod *parent, NMConnection *connection) } } +static gboolean +subject_entry_focus_in_cb (GtkWidget *widget, + GdkEvent *event, + gpointer user_data) +{ + const char *text = gtk_entry_get_text (GTK_ENTRY (widget)); + if (g_strcmp0 (text, SUBJECT_NOTE) == 0) { + gtk_entry_set_text (GTK_ENTRY (widget), ""); + gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, NULL); + } + return FALSE; +} + +static gboolean +subject_entry_focus_out_cb (GtkWidget *widget, + GdkEvent *event, + gpointer user_data) +{ + const char *text = gtk_entry_get_text (GTK_ENTRY (widget)); + GtkStyleContext *context; + GdkRGBA color; + + if (!text || !strlen (text)) { + gtk_entry_set_text (GTK_ENTRY (widget), SUBJECT_NOTE); + context = gtk_widget_get_style_context (widget); + gtk_style_context_get_color (context, GTK_STATE_FLAG_INSENSITIVE, &color); + gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, &color); + } + return FALSE; +} + EAPMethodTLS * eap_method_tls_new (WirelessSecurity *ws_parent, NMConnection *connection, @@ -463,6 +507,31 @@ eap_method_tls_new (WirelessSecurity *ws_parent, phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme : nm_setting_802_1x_get_ca_cert_scheme, phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path : nm_setting_802_1x_get_ca_cert_path, FALSE, FALSE); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_subject_entry")); + if (s_8021x) { + const char *text = nm_setting_802_1x_get_subject_match (s_8021x); + if (!text) { + GtkStyleContext *context; + GdkRGBA color; + context = gtk_widget_get_style_context (widget); + gtk_style_context_get_color (context, GTK_STATE_FLAG_INSENSITIVE, &color); + gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, &color); + gtk_entry_set_text (GTK_ENTRY (widget), SUBJECT_NOTE); + } else { + gtk_entry_set_text (GTK_ENTRY (widget), text); + } + g_signal_connect (G_OBJECT (widget), "focus-in-event", + (GCallback) subject_entry_focus_in_cb, + NULL); + g_signal_connect (G_OBJECT (widget), "focus-out-event", + (GCallback) subject_entry_focus_out_cb, + NULL); + } + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) wireless_security_changed_cb, + ws_parent); + setup_filepicker (parent->builder, "eap_tls_private_key_button", _("Choose your private key..."), ws_parent, parent, s_8021x, @@ -513,6 +582,10 @@ eap_method_tls_new (WirelessSecurity *ws_parent, gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_ca_cert_not_required_checkbox")); gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_subject_label")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_subject_entry")); + gtk_widget_hide (widget); } return method; diff --git a/src/wireless-security/eap-method-tls.ui b/src/wireless-security/eap-method-tls.ui index dac5fda..5539615 100644 --- a/src/wireless-security/eap-method-tls.ui +++ b/src/wireless-security/eap-method-tls.ui @@ -11,7 +11,7 @@ <property name="visible">True</property> <property name="can_focus">False</property> <property name="valign">start</property> - <property name="n_rows">6</property> + <property name="n_rows">7</property> <property name="n_columns">2</property> <property name="column_spacing">12</property> <property name="row_spacing">6</property> @@ -61,6 +61,35 @@ </packing> </child> <child> + <object class="GtkLabel" id="eap_tls_subject_label"> + <property name="visible">True</property> + <property name="xalign">0</property> + <property name="label" translatable="yes">CA _subject:</property> + <property name="use_underline">True</property> + <property name="mnemonic_widget">eap_tls_subject_entry</property> + </object> + <packing> + <property name="top_attach">2</property> + <property name="bottom_attach">3</property> + <property name="x_options">GTK_FILL</property> + <property name="y_options"/> + </packing> + </child> + <child> + <object class="GtkEntry" id="eap_tls_subject_entry"> + <property name="visible">True</property> + <property name="can_focus">True</property> + <property name="activates_default">True</property> + </object> + <packing> + <property name="left_attach">1</property> + <property name="right_attach">2</property> + <property name="top_attach">2</property> + <property name="bottom_attach">3</property> + <property name="y_options"/> + </packing> + </child> + <child> <object class="GtkLabel" id="eap_tls_ca_cert_label"> <property name="visible">True</property> <property name="can_focus">False</property> @@ -70,8 +99,8 @@ <property name="mnemonic_widget">eap_tls_ca_cert_button</property> </object> <packing> - <property name="top_attach">2</property> - <property name="bottom_attach">3</property> + <property name="top_attach">3</property> + <property name="bottom_attach">4</property> <property name="x_options">GTK_FILL</property> <property name="y_options"/> </packing> @@ -84,8 +113,8 @@ <packing> <property name="left_attach">1</property> <property name="right_attach">2</property> - <property name="top_attach">2</property> - <property name="bottom_attach">3</property> + <property name="top_attach">3</property> + <property name="bottom_attach">4</property> <property name="x_options">GTK_FILL</property> <property name="y_options">GTK_FILL</property> </packing> @@ -103,8 +132,8 @@ <packing> <property name="left_attach">1</property> <property name="right_attach">2</property> - <property name="top_attach">3</property> - <property name="bottom_attach">4</property> + <property name="top_attach">4</property> + <property name="bottom_attach">5</property> <property name="x_options">GTK_FILL</property> <property name="y_options"/> </packing> @@ -119,8 +148,8 @@ <property name="mnemonic_widget">eap_tls_private_key_button</property> </object> <packing> - <property name="top_attach">4</property> - <property name="bottom_attach">5</property> + <property name="top_attach">5</property> + <property name="bottom_attach">6</property> <property name="x_options">GTK_FILL</property> <property name="y_options"/> </packing> @@ -133,8 +162,8 @@ <packing> <property name="left_attach">1</property> <property name="right_attach">2</property> - <property name="top_attach">4</property> - <property name="bottom_attach">5</property> + <property name="top_attach">5</property> + <property name="bottom_attach">6</property> <property name="x_options">GTK_FILL</property> <property name="y_options">GTK_FILL</property> </packing> @@ -149,8 +178,8 @@ <property name="mnemonic_widget">eap_tls_private_key_password_entry</property> </object> <packing> - <property name="top_attach">5</property> - <property name="bottom_attach">6</property> + <property name="top_attach">6</property> + <property name="bottom_attach">7</property> <property name="x_options">GTK_FILL</property> <property name="y_options"/> </packing> @@ -165,8 +194,8 @@ <packing> <property name="left_attach">1</property> <property name="right_attach">2</property> - <property name="top_attach">5</property> - <property name="bottom_attach">6</property> + <property name="top_attach">6</property> + <property name="bottom_attach">7</property> <property name="y_options"/> </packing> </child> @@ -183,8 +212,8 @@ <packing> <property name="left_attach">1</property> <property name="right_attach">2</property> - <property name="top_attach">6</property> - <property name="bottom_attach">7</property> + <property name="top_attach">7</property> + <property name="bottom_attach">8</property> <property name="x_options">GTK_FILL</property> <property name="y_options"/> </packing> diff --git a/src/wireless-security/eap-method-ttls.c b/src/wireless-security/eap-method-ttls.c index 294734d..17b4a60 100644 --- a/src/wireless-security/eap-method-ttls.c +++ b/src/wireless-security/eap-method-ttls.c @@ -35,6 +35,8 @@ #define I_NAME_COLUMN 0 #define I_METHOD_COLUMN 1 +#define SUBJECT_NOTE _("<will be filled automatically>") + struct _EAPMethodTTLS { EAPMethod parent; @@ -107,6 +109,10 @@ add_to_size_group (EAPMethod *parent, GtkSizeGroup *group) g_assert (widget); gtk_size_group_add_widget (group, widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_subject_label")); + g_assert (widget); + gtk_size_group_add_widget (group, widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_label")); g_assert (widget); gtk_size_group_add_widget (group, widget); @@ -151,6 +157,12 @@ fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFla if (text && strlen (text)) g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_subject_entry")); + g_assert (widget); + text = gtk_entry_get_text (GTK_ENTRY (widget)); + if (text && strlen (text) && g_strcmp0 (text, SUBJECT_NOTE) != 0) + g_object_set (s_8021x, NM_SETTING_802_1X_SUBJECT_MATCH, text, NULL); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button")); g_assert (widget); filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); @@ -358,6 +370,37 @@ update_secrets (EAPMethod *parent, NMConnection *connection) I_METHOD_COLUMN); } +static gboolean +subject_entry_focus_in_cb (GtkWidget *widget, + GdkEvent *event, + gpointer user_data) +{ + const char *text = gtk_entry_get_text (GTK_ENTRY (widget)); + if (g_strcmp0 (text, SUBJECT_NOTE) == 0) { + gtk_entry_set_text (GTK_ENTRY (widget), ""); + gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, NULL); + } + return FALSE; +} + +static gboolean +subject_entry_focus_out_cb (GtkWidget *widget, + GdkEvent *event, + gpointer user_data) +{ + const char *text = gtk_entry_get_text (GTK_ENTRY (widget)); + GtkStyleContext *context; + GdkRGBA color; + + if (!text || !strlen (text)) { + gtk_entry_set_text (GTK_ENTRY (widget), SUBJECT_NOTE); + context = gtk_widget_get_style_context (widget); + gtk_style_context_get_color (context, GTK_STATE_FLAG_INSENSITIVE, &color); + gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, &color); + } + return FALSE; +} + EAPMethodTTLS * eap_method_ttls_new (WirelessSecurity *ws_parent, NMConnection *connection, @@ -423,6 +466,43 @@ eap_method_ttls_new (WirelessSecurity *ws_parent, !filename && eap_method_ca_cert_ignore_get (parent, connection)); } + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_subject_entry")); + if (s_8021x) { + const char *text = nm_setting_802_1x_get_subject_match (s_8021x); + if (!text) { + GtkStyleContext *context; + GdkRGBA color; + context = gtk_widget_get_style_context (widget); + gtk_style_context_get_color (context, GTK_STATE_FLAG_INSENSITIVE, &color); + gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, &color); + gtk_entry_set_text (GTK_ENTRY (widget), SUBJECT_NOTE); + } else { + gtk_entry_set_text (GTK_ENTRY (widget), text); + } + g_signal_connect (G_OBJECT (widget), "focus-in-event", + (GCallback) subject_entry_focus_in_cb, + NULL); + g_signal_connect (G_OBJECT (widget), "focus-out-event", + (GCallback) subject_entry_focus_out_cb, + NULL); + } + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) wireless_security_changed_cb, + ws_parent); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_note_label")); + if (s_8021x) { + NMSetting8021xCKScheme cert_scheme; + cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x); + if (cert_scheme == NM_SETTING_802_1X_CK_SCHEME_HASH) { + gtk_label_set_text (GTK_LABEL (widget), + _("<b>Note:</b> Server hash is used instead of CA certificate")); + gtk_label_set_use_markup (GTK_LABEL (widget), TRUE); + } else { + gtk_widget_hide (widget); + } + } + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry")); if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x)) gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x)); @@ -438,12 +518,18 @@ eap_method_ttls_new (WirelessSecurity *ws_parent, gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry")); gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_subject_label")); + gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_subject_entry")); + gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_label")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_not_required_checkbox")); gtk_widget_hide (widget); + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_note_label")); + gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo")); diff --git a/src/wireless-security/eap-method-ttls.ui b/src/wireless-security/eap-method-ttls.ui index 312695d..edc428c 100644 --- a/src/wireless-security/eap-method-ttls.ui +++ b/src/wireless-security/eap-method-ttls.ui @@ -21,7 +21,7 @@ <object class="GtkTable" id="table10"> <property name="visible">True</property> <property name="can_focus">False</property> - <property name="n_rows">4</property> + <property name="n_rows">7</property> <property name="n_columns">2</property> <property name="column_spacing">12</property> <property name="row_spacing">6</property> @@ -52,6 +52,35 @@ </packing> </child> <child> + <object class="GtkLabel" id="eap_ttls_subject_label"> + <property name="visible">True</property> + <property name="xalign">0</property> + <property name="label" translatable="yes">_Subject:</property> + <property name="use_underline">True</property> + <property name="mnemonic_widget">eap_ttls_subject_entry</property> + </object> + <packing> + <property name="top_attach">1</property> + <property name="bottom_attach">2</property> + <property name="x_options">GTK_FILL</property> + <property name="y_options"></property> + </packing> + </child> + <child> + <object class="GtkEntry" id="eap_ttls_subject_entry"> + <property name="visible">True</property> + <property name="can_focus">True</property> + <property name="activates_default">True</property> + </object> + <packing> + <property name="left_attach">1</property> + <property name="right_attach">2</property> + <property name="top_attach">1</property> + <property name="bottom_attach">2</property> + <property name="y_options"></property> + </packing> + </child> + <child> <object class="GtkLabel" id="eap_ttls_ca_cert_label"> <property name="visible">True</property> <property name="can_focus">False</property> @@ -61,8 +90,8 @@ <property name="mnemonic_widget">eap_ttls_ca_cert_button</property> </object> <packing> - <property name="top_attach">1</property> - <property name="bottom_attach">2</property> + <property name="top_attach">2</property> + <property name="bottom_attach">3</property> <property name="x_options">GTK_FILL</property> <property name="y_options"/> </packing> @@ -75,8 +104,8 @@ <packing> <property name="left_attach">1</property> <property name="right_attach">2</property> - <property name="top_attach">1</property> - <property name="bottom_attach">2</property> + <property name="top_attach">2</property> + <property name="bottom_attach">3</property> <property name="x_options">GTK_FILL</property> <property name="y_options">GTK_FILL</property> </packing> @@ -94,13 +123,24 @@ <packing> <property name="left_attach">1</property> <property name="right_attach">2</property> - <property name="top_attach">2</property> - <property name="bottom_attach">3</property> + <property name="top_attach">3</property> + <property name="bottom_attach">4</property> <property name="x_options">GTK_FILL</property> <property name="y_options"/> </packing> </child> <child> + <object class="GtkLabel" id="eap_ttls_note_label"> + <property name="visible">True</property> + <property name="label" translatable="yes">Note</property> + </object> + <packing> + <property name="right_attach">2</property> + <property name="top_attach">4</property> + <property name="bottom_attach">5</property> + </packing> + </child> + <child> <object class="GtkLabel" id="eap_ttls_inner_auth_label"> <property name="visible">True</property> <property name="can_focus">False</property> @@ -110,8 +150,8 @@ <property name="mnemonic_widget">eap_ttls_inner_auth_combo</property> </object> <packing> - <property name="top_attach">3</property> - <property name="bottom_attach">4</property> + <property name="top_attach">5</property> + <property name="bottom_attach">6</property> <property name="x_options">GTK_FILL</property> <property name="y_options"/> </packing> @@ -131,8 +171,8 @@ <packing> <property name="left_attach">1</property> <property name="right_attach">2</property> - <property name="top_attach">3</property> - <property name="bottom_attach">4</property> + <property name="top_attach">5</property> + <property name="bottom_attach">6</property> <property name="x_options">GTK_FILL</property> <property name="y_options">GTK_FILL</property> </packing> @@ -148,8 +188,8 @@ </object> <packing> <property name="right_attach">2</property> - <property name="top_attach">4</property> - <property name="bottom_attach">5</property> + <property name="top_attach">6</property> + <property name="bottom_attach">7</property> <property name="x_options">GTK_FILL</property> </packing> </child> diff --git a/src/wireless-security/wireless-security.c b/src/wireless-security/wireless-security.c index 7e009d5..a52e79b 100644 --- a/src/wireless-security/wireless-security.c +++ b/src/wireless-security/wireless-security.c @@ -519,9 +519,11 @@ ws_802_1x_fill_connection (WirelessSecurity *sec, NMSettingWirelessSecurity *s_wireless_sec; NMSetting8021x *s_8021x; NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; + NMSetting8021xCKScheme cert_scheme; EAPMethod *eap = NULL; GtkTreeModel *model; GtkTreeIter iter; + char *subject, *cert_hash; /* Get the EAPMethod object */ widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, combo_name)); @@ -547,6 +549,26 @@ ws_802_1x_fill_connection (WirelessSecurity *sec, eap_method_fill_connection (eap, connection, secret_flags); eap_method_unref (eap); + + /* Fetch subject and cert_hash from connection */ + subject = (char *)g_object_get_data (G_OBJECT (connection), NMA_SERVER_SUBJECT); + if (subject && !nm_setting_802_1x_get_subject_match (s_8021x)) + g_object_set (s_8021x, NM_SETTING_802_1X_SUBJECT_MATCH, subject, NULL); + + cert_hash = (char *)g_object_get_data (G_OBJECT (connection), NMA_SERVER_CERT_HASH); + cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x); + if (cert_hash && cert_scheme == NM_SETTING_802_1X_CK_SCHEME_UNKNOWN) { + NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + GError *error = NULL; + if (!nm_setting_802_1x_set_ca_cert (s_8021x, + cert_hash, + NM_SETTING_802_1X_CK_SCHEME_HASH, + &format, + &error)) { + g_warning ("Couldn't set CA certificate '%s': %s", cert_hash, error ? error->message : "(unknown)"); + g_error_free (error); + } + } } void diff --git a/src/wireless-security/wireless-security.h b/src/wireless-security/wireless-security.h index 4a1a4fe..7749a77 100644 --- a/src/wireless-security/wireless-security.h +++ b/src/wireless-security/wireless-security.h @@ -28,6 +28,9 @@ #include <nm-connection.h> +#define NMA_SERVER_SUBJECT "nma-server-subject" +#define NMA_SERVER_CERT_HASH "mna-server-cert-hash" + typedef struct _WirelessSecurity WirelessSecurity; typedef void (*WSChangedFunc) (WirelessSecurity *sec, gpointer user_data); -- 1.8.4.5 From 46551eb4bcf27a9e45d13595d50b6f45318a53bf Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <chingpang@gmail.com> Date: Fri, 8 Feb 2013 13:57:50 +0800 Subject: [PATCH 2/5] wifi: check the subject and the CA cerificate --- src/libnm-gtk/nm-wifi-dialog.c | 239 +++++++++++++++++++++++++++++++++++++ src/libnm-gtk/nm-wifi-dialog.h | 3 + src/libnm-gtk/nm-wireless-dialog.c | 11 ++ src/libnm-gtk/nm-wireless-dialog.h | 6 + 4 files changed, 259 insertions(+) diff --git a/src/libnm-gtk/nm-wifi-dialog.c b/src/libnm-gtk/nm-wifi-dialog.c index ace323b..31b9851 100644 --- a/src/libnm-gtk/nm-wifi-dialog.c +++ b/src/libnm-gtk/nm-wifi-dialog.c @@ -77,6 +77,10 @@ typedef struct { GetSecretsInfo *secrets_info; gboolean disposed; + + /* For Server certificate probe */ + guint cert_id; + guint timeout_id; } NMAWifiDialogPrivate; enum { @@ -110,6 +114,236 @@ nma_wifi_dialog_get_nag_ignored (NMAWifiDialog *self) return TRUE; } +gboolean +nma_wifi_dialog_need_cert_probe (NMAWifiDialog *self) +{ + NMAWifiDialogPrivate *priv; + NMSetting8021x *s_8021x; + NMSetting8021xCKScheme cert_scheme; + int i, num_eap; + char *subject, *cert_hash; + gboolean need_ca = FALSE; + + g_return_val_if_fail (self != NULL, FALSE); + + priv = NMA_WIFI_DIALOG_GET_PRIVATE (self); + + s_8021x = nm_connection_get_setting_802_1x (priv->connection); + if (!s_8021x) + return FALSE; + + num_eap = nm_setting_802_1x_get_num_eap_methods (s_8021x); + for (i = 0; i < num_eap; i++) { + const char *eap; + eap = nm_setting_802_1x_get_eap_method (s_8021x, i); + if ( g_strcmp0 (eap, "ttls") == 0 + || g_strcmp0 (eap, "peap") == 0 + || g_strcmp0 (eap, "tls") == 0) { + need_ca = TRUE; + break; + } + } + + if (!need_ca) + return FALSE; + + subject = (char *)g_object_get_data (G_OBJECT (priv->connection), NMA_SERVER_SUBJECT); + cert_hash = (char *)g_object_get_data (G_OBJECT (priv->connection), NMA_SERVER_CERT_HASH); + cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x); + + if ( (!subject && !nm_setting_802_1x_get_subject_match (s_8021x)) + || (!cert_hash && (cert_scheme == NM_SETTING_802_1X_CK_SCHEME_UNKNOWN))) + return TRUE; + + return FALSE; +} + +static gboolean +show_probe_result_dialog (GtkWindow *parent, + NMConnection *connection, + NMSetting8021x *s_8021x, + const char *subject, + const char *cert_hash) +{ + NMSettingWireless *s_wireless; + GtkWidget *notify_dialog, *content; + GtkWidget *grid; + GtkWidget *context, *label, *entry; + char *ssid, *string; + int response_id; + + s_wireless = nm_connection_get_setting_wireless (connection); + ssid = nm_utils_ssid_to_utf8 (nm_setting_wireless_get_ssid (s_wireless)); + + notify_dialog = gtk_dialog_new_with_buttons (ssid, parent, + GTK_DIALOG_MODAL, + GTK_STOCK_NO, GTK_RESPONSE_NO, + GTK_STOCK_YES, GTK_RESPONSE_YES, + NULL); + gtk_window_set_resizable (GTK_WINDOW (notify_dialog), FALSE); + content = gtk_dialog_get_content_area (GTK_DIALOG (notify_dialog)); + + grid = gtk_grid_new (); + gtk_grid_set_row_spacing (GTK_GRID (grid), 12); + gtk_container_set_border_width (GTK_CONTAINER (grid), 5); + gtk_container_add (GTK_CONTAINER (content), grid); + + entry = gtk_entry_new (); + gtk_editable_set_editable (GTK_EDITABLE (entry), FALSE); + if (!cert_hash) { + string = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s %s</span>\n\n%s\n%s", + _("Server Certificate Probed:"), + ssid, + _("The subject is going to be filled with the probe result."), + _("Do you agree?")); + label = gtk_label_new (_("Subject:")); + gtk_entry_set_text (GTK_ENTRY (entry), subject); + } else { + string = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s %s</span>\n\n%s\n%s", + _("Server Certificate Probed:"), + ssid, + _("The CA certificate is going to be filled with the probed server hash."), + _("Do you agree?")); + label = gtk_label_new (_("CA Certificate:")); + gtk_entry_set_text (GTK_ENTRY (entry), cert_hash); + } + context = gtk_label_new (string); + g_free (string); + g_free (ssid); + gtk_label_set_line_wrap (GTK_LABEL (context), TRUE); + gtk_label_set_use_markup (GTK_LABEL (context), TRUE); + gtk_grid_attach (GTK_GRID (grid), context, 0, 0, 10, 1); + gtk_grid_attach (GTK_GRID (grid), label, 0, 1, 1, 1); + gtk_grid_attach (GTK_GRID (grid), entry, 1, 1, 9, 1); + + gtk_widget_show_all (notify_dialog); + + response_id = gtk_dialog_run (GTK_DIALOG (notify_dialog)); + + gtk_widget_destroy (notify_dialog); + + if (response_id == GTK_RESPONSE_YES) + return TRUE; + + return FALSE; +} + +static void +wifi_got_cert_cb (NMDeviceWifi *wifi, + GHashTable *cert, + gpointer user_data) +{ + NMAWifiDialog *self = NMA_WIFI_DIALOG (user_data); + NMAWifiDialogPrivate *priv; + NMSetting8021x *s_8021x; + const char *subject = NULL, *hash = NULL; + GValue *value; + gboolean response = FALSE; + + priv = NMA_WIFI_DIALOG_GET_PRIVATE (self); + + g_signal_handler_disconnect (NM_DEVICE_WIFI (priv->device), priv->cert_id); + if (priv->timeout_id) { + g_source_remove (priv->timeout_id); + priv->timeout_id = 0; + } + + value = g_hash_table_lookup (cert, "subject"); + if (value && G_VALUE_HOLDS_STRING (value)) + subject = g_value_get_string (value); + + value = g_hash_table_lookup (cert, "cert_hash"); + if (value && G_VALUE_HOLDS_STRING (value)) + hash = g_value_get_string (value); + + if (!subject || !hash) + goto out; + + s_8021x = nm_connection_get_setting_802_1x (priv->connection); + if (s_8021x) { + NMSetting8021xCKScheme cert_scheme; + char *hash_path = NULL; + gboolean ret; + + cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x); + if (cert_scheme == NM_SETTING_802_1X_CK_SCHEME_UNKNOWN) + hash_path = g_strconcat ("hash://server/sha256/", hash, NULL); + ret = show_probe_result_dialog (gtk_window_get_transient_for (GTK_WINDOW (self)), + priv->connection, + s_8021x, + subject, + hash_path); + if (!ret) { + g_free (hash_path); + goto out; + } + + g_object_set_data_full (G_OBJECT (priv->connection), + NMA_SERVER_SUBJECT, g_strdup (subject), + (GDestroyNotify) g_free); + g_object_set_data_full (G_OBJECT (priv->connection), + NMA_SERVER_CERT_HASH, hash_path, + (GDestroyNotify) g_free); + response = TRUE; + } +out: + if (response) + gtk_dialog_response (GTK_DIALOG (self), GTK_RESPONSE_OK); + else + gtk_widget_show (GTK_WIDGET (self)); +} + +static gboolean +wifi_cert_timeout_cb (gpointer user_data) +{ + NMAWifiDialog *self = (NMAWifiDialog *)user_data; + NMAWifiDialogPrivate *priv; + + priv = NMA_WIFI_DIALOG_GET_PRIVATE (self); + + priv->timeout_id = 0; + + g_signal_handler_disconnect (NM_DEVICE_WIFI (priv->device), priv->cert_id); + + gtk_widget_show (GTK_WIDGET (self)); + + return FALSE; +} + +gboolean +nma_wifi_dialog_probe_cert (NMAWifiDialog *self) +{ + NMAWifiDialogPrivate *priv; + NMSettingWireless *s_wireless; + NMDeviceWifi *wifi; + guint id; + + g_return_val_if_fail (self != NULL, FALSE); + + priv = NMA_WIFI_DIALOG_GET_PRIVATE (self); + wifi = NM_DEVICE_WIFI (priv->device); + + s_wireless = nm_connection_get_setting_wireless (priv->connection); + if (!nm_device_wifi_probe_cert (wifi, nm_setting_wireless_get_ssid (s_wireless))) + return FALSE; + + id = g_timeout_add_seconds (30, + (GSourceFunc)wifi_cert_timeout_cb, + (gpointer)self); + if (id <= 0) { + g_warning ("Failed to add timeout for server certificate probe"); + return FALSE; + } + priv->timeout_id = id; + + id = g_signal_connect (wifi, "cert-received", G_CALLBACK (wifi_got_cert_cb), self); + priv->cert_id = id; + + gtk_widget_hide (GTK_WIDGET (self)); + + return TRUE; +} + static void size_group_clear (GtkSizeGroup *group) { @@ -1162,6 +1396,9 @@ internal_init (NMAWifiDialog *self, */ priv->revalidate_id = g_idle_add (revalidate, self); + priv->cert_id = 0; + priv->timeout_id = 0; + return TRUE; } @@ -1223,6 +1460,8 @@ nma_wifi_dialog_get_connection (NMAWifiDialog *self, g_assert_not_reached (); nm_connection_add_setting (connection, (NMSetting *) s_wireless); + + priv->connection = g_object_ref (connection); } else connection = g_object_ref (priv->connection); diff --git a/src/libnm-gtk/nm-wifi-dialog.h b/src/libnm-gtk/nm-wifi-dialog.h index eb837c2..29e4b77 100644 --- a/src/libnm-gtk/nm-wifi-dialog.h +++ b/src/libnm-gtk/nm-wifi-dialog.h @@ -83,6 +83,9 @@ gboolean nma_wifi_dialog_get_nag_ignored (NMAWifiDialog *self); GLIB_DEPRECATED_FOR(nma_wifi_dialog_new_for_hidden) GtkWidget *nma_wifi_dialog_new_for_other (NMClient *client, NMRemoteSettings *settings); +gboolean nma_wifi_dialog_need_cert_probe (NMAWifiDialog *dialog); + +gboolean nma_wifi_dialog_probe_cert (NMAWifiDialog *dialog); #endif /* NMA_WIFI_DIALOG_H */ diff --git a/src/libnm-gtk/nm-wireless-dialog.c b/src/libnm-gtk/nm-wireless-dialog.c index efa2a3a..e8eac65 100644 --- a/src/libnm-gtk/nm-wireless-dialog.c +++ b/src/libnm-gtk/nm-wireless-dialog.c @@ -64,3 +64,14 @@ nma_wireless_dialog_new_for_create (NMClient *client, NMRemoteSettings *settings return nma_wifi_dialog_new_for_create (client, settings); } +gboolean +nma_wireless_dialog_need_cert_probe (NMAWirelessDialog *self) +{ + return nma_wifi_dialog_need_cert_probe ((NMAWifiDialog *)self); +} + +gboolean +nma_wireless_dialog_probe_cert (NMAWirelessDialog *self) +{ + return nma_wifi_dialog_probe_cert ((NMAWifiDialog *)self); +} diff --git a/src/libnm-gtk/nm-wireless-dialog.h b/src/libnm-gtk/nm-wireless-dialog.h index 7c48166..ef15666 100644 --- a/src/libnm-gtk/nm-wireless-dialog.h +++ b/src/libnm-gtk/nm-wireless-dialog.h @@ -76,5 +76,11 @@ NMConnection * nma_wireless_dialog_get_connection (NMAWirelessDialog *dialog, NMDevice **device, NMAccessPoint **ap); +GLIB_DEPRECATED_FOR(nma_wifi_dialog_need_cert_probe) +gboolean nma_wireless_dialog_need_cert_probe (NMAWirelessDialog *dialog); + +GLIB_DEPRECATED_FOR(nma_wifi_dialog_probe_cert) +gboolean nma_wireless_dialog_probe_cert (NMAWirelessDialog *dialog); + #endif /* NMA_WIRELESS_DIALOG_H */ -- 1.8.4.5 From 4634c59caa3eb640bf733ae8604e5906429af46e Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <chingpang@gmail.com> Date: Fri, 8 Feb 2013 12:04:58 +0800 Subject: [PATCH 3/5] Keep the CA hash until it's replaced by a file --- src/wireless-security/eap-method-peap.c | 11 +++++++---- src/wireless-security/eap-method-tls.c | 11 +++++++---- src/wireless-security/eap-method-ttls.c | 11 +++++++---- src/wireless-security/wireless-security.c | 24 +++++++++++++++++++++++- 4 files changed, 44 insertions(+), 13 deletions(-) diff --git a/src/wireless-security/eap-method-peap.c b/src/wireless-security/eap-method-peap.c index e8d09ee..73a8571 100644 --- a/src/wireless-security/eap-method-peap.c +++ b/src/wireless-security/eap-method-peap.c @@ -141,6 +141,7 @@ fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFla { NMSetting8021x *s_8021x; NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + NMSetting8021xCKScheme cert_scheme; GtkWidget *widget; const char *text; char *filename; @@ -171,10 +172,12 @@ fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFla widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_button")); g_assert (widget); filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); - if (!nm_setting_802_1x_set_ca_cert (s_8021x, filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { - g_warning ("Couldn't read CA certificate '%s': %s", filename, error ? error->message : "(unknown)"); - g_clear_error (&error); - ca_cert_error = TRUE; + cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x); + if (filename || cert_scheme != NM_SETTING_802_1X_CK_SCHEME_HASH) { + if (!nm_setting_802_1x_set_ca_cert (s_8021x, filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { + g_warning ("Couldn't read CA certificate '%s': %s", filename, error ? error->message : "(unknown)"); + g_clear_error (&error); + } } eap_method_ca_cert_ignore_set (parent, connection, filename, ca_cert_error); g_free (filename); diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c index d64eddb..7fe25f5 100644 --- a/src/wireless-security/eap-method-tls.c +++ b/src/wireless-security/eap-method-tls.c @@ -143,6 +143,7 @@ fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFla { EAPMethodTLS *method = (EAPMethodTLS *) parent; NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + NMSetting8021xCKScheme cert_scheme; NMSetting8021x *s_8021x; GtkWidget *widget, *passwd_entry; char *ca_filename, *pk_filename, *cc_filename; @@ -231,10 +232,12 @@ fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFla ca_cert_error = TRUE; } } else { - if (!nm_setting_802_1x_set_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { - g_warning ("Couldn't read CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)"); - g_clear_error (&error); - ca_cert_error = TRUE; + cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x); + if (ca_filename || cert_scheme != NM_SETTING_802_1X_CK_SCHEME_HASH) { + if (!nm_setting_802_1x_set_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { + g_warning ("Couldn't read CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)"); + g_clear_error (&error); + } } } eap_method_ca_cert_ignore_set (parent, connection, ca_filename, ca_cert_error); diff --git a/src/wireless-security/eap-method-ttls.c b/src/wireless-security/eap-method-ttls.c index 17b4a60..523f6e4 100644 --- a/src/wireless-security/eap-method-ttls.c +++ b/src/wireless-security/eap-method-ttls.c @@ -137,6 +137,7 @@ fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFla { NMSetting8021x *s_8021x; NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + NMSetting8021xCKScheme cert_scheme; GtkWidget *widget; const char *text; char *filename; @@ -166,10 +167,12 @@ fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFla widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button")); g_assert (widget); filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); - if (!nm_setting_802_1x_set_ca_cert (s_8021x, filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { - g_warning ("Couldn't read CA certificate '%s': %s", filename, error ? error->message : "(unknown)"); - g_clear_error (&error); - ca_cert_error = TRUE; + cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x); + if (filename || cert_scheme != NM_SETTING_802_1X_CK_SCHEME_HASH) { + if (!nm_setting_802_1x_set_ca_cert (s_8021x, filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { + g_warning ("Couldn't read CA certificate '%s': %s", filename, error ? error->message : "(unknown)"); + g_clear_error (&error); + } } eap_method_ca_cert_ignore_set (parent, connection, filename, ca_cert_error); g_free (filename); diff --git a/src/wireless-security/wireless-security.c b/src/wireless-security/wireless-security.c index a52e79b..48361cd 100644 --- a/src/wireless-security/wireless-security.c +++ b/src/wireless-security/wireless-security.c @@ -517,13 +517,14 @@ ws_802_1x_fill_connection (WirelessSecurity *sec, { GtkWidget *widget; NMSettingWirelessSecurity *s_wireless_sec; - NMSetting8021x *s_8021x; + NMSetting8021x *s_8021x, *old_s_8021x; NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; NMSetting8021xCKScheme cert_scheme; EAPMethod *eap = NULL; GtkTreeModel *model; GtkTreeIter iter; char *subject, *cert_hash; + char *old_hash = NULL; /* Get the EAPMethod object */ widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, combo_name)); @@ -539,6 +540,12 @@ ws_802_1x_fill_connection (WirelessSecurity *sec, else secret_flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED; + old_s_8021x = nm_connection_get_setting_802_1x (connection); + if (old_s_8021x && + nm_setting_802_1x_get_ca_cert_scheme (old_s_8021x) == NM_SETTING_802_1X_CK_SCHEME_HASH) { + old_hash = g_strdup (nm_setting_802_1x_get_ca_cert_hash (old_s_8021x)); + } + /* Blow away the old wireless security setting by adding a clear one */ s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec); @@ -547,6 +554,21 @@ ws_802_1x_fill_connection (WirelessSecurity *sec, s_8021x = (NMSetting8021x *) nm_setting_802_1x_new (); nm_connection_add_setting (connection, (NMSetting *) s_8021x); + if (old_hash) { + NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + GError *error = NULL; + if (!nm_setting_802_1x_set_ca_cert (s_8021x, + old_hash, + NM_SETTING_802_1X_CK_SCHEME_HASH, + &format, + &error)) { + g_warning ("Couldn't set CA certificate '%s': %s", old_hash, + error ? error->message : "(unknown)"); + g_error_free (error); + } + g_free (old_hash); + } + eap_method_fill_connection (eap, connection, secret_flags); eap_method_unref (eap); -- 1.8.4.5 From 0e451b827a34cf9372c55a6edb588ba5f0431c99 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <chingpang@gmail.com> Date: Thu, 25 Apr 2013 11:24:00 +0800 Subject: [PATCH 4/5] wifi: Use the updated probe method --- src/libnm-gtk/nm-wifi-dialog.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/libnm-gtk/nm-wifi-dialog.c b/src/libnm-gtk/nm-wifi-dialog.c index 31b9851..c833400 100644 --- a/src/libnm-gtk/nm-wifi-dialog.c +++ b/src/libnm-gtk/nm-wifi-dialog.c @@ -314,7 +314,6 @@ gboolean nma_wifi_dialog_probe_cert (NMAWifiDialog *self) { NMAWifiDialogPrivate *priv; - NMSettingWireless *s_wireless; NMDeviceWifi *wifi; guint id; @@ -323,8 +322,7 @@ nma_wifi_dialog_probe_cert (NMAWifiDialog *self) priv = NMA_WIFI_DIALOG_GET_PRIVATE (self); wifi = NM_DEVICE_WIFI (priv->device); - s_wireless = nm_connection_get_setting_wireless (priv->connection); - if (!nm_device_wifi_probe_cert (wifi, nm_setting_wireless_get_ssid (s_wireless))) + if (!nm_device_wifi_probe_cert (wifi, priv->connection)) return FALSE; id = g_timeout_add_seconds (30, -- 1.8.4.5 From ee642132f982f5ff49c471e85e34b98be8ce385f Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <chingpang@gmail.com> Date: Thu, 25 Apr 2013 11:36:21 +0800 Subject: [PATCH 5/5] wifi: show the note widget only if necessary --- src/wireless-security/eap-method-peap.c | 4 ++-- src/wireless-security/eap-method-ttls.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/wireless-security/eap-method-peap.c b/src/wireless-security/eap-method-peap.c index 73a8571..2f78504 100644 --- a/src/wireless-security/eap-method-peap.c +++ b/src/wireless-security/eap-method-peap.c @@ -485,6 +485,7 @@ eap_method_peap_new (WirelessSecurity *ws_parent, ws_parent); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_note_label")); + gtk_widget_hide (widget); if (s_8021x) { NMSetting8021xCKScheme cert_scheme; cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x); @@ -492,8 +493,7 @@ eap_method_peap_new (WirelessSecurity *ws_parent, gtk_label_set_text (GTK_LABEL (widget), _("<b>Note:</b> Server hash is used instead of CA certificate")); gtk_label_set_use_markup (GTK_LABEL (widget), TRUE); - } else { - gtk_widget_hide (widget); + gtk_widget_show (widget); } } diff --git a/src/wireless-security/eap-method-ttls.c b/src/wireless-security/eap-method-ttls.c index 523f6e4..a2815b0 100644 --- a/src/wireless-security/eap-method-ttls.c +++ b/src/wireless-security/eap-method-ttls.c @@ -494,6 +494,7 @@ eap_method_ttls_new (WirelessSecurity *ws_parent, ws_parent); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_note_label")); + gtk_widget_hide (widget); if (s_8021x) { NMSetting8021xCKScheme cert_scheme; cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x); @@ -501,8 +502,7 @@ eap_method_ttls_new (WirelessSecurity *ws_parent, gtk_label_set_text (GTK_LABEL (widget), _("<b>Note:</b> Server hash is used instead of CA certificate")); gtk_label_set_use_markup (GTK_LABEL (widget), TRUE); - } else { - gtk_widget_hide (widget); + gtk_widget_show (widget); } } -- 1.8.4.5
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor