|
Packit Service |
639700 |
// SPDX-License-Identifier: GPL-2.0+
|
|
Packit |
fabffb |
/* NetworkManager Applet -- allow user control over networking
|
|
Packit |
fabffb |
*
|
|
Packit |
fabffb |
* Dan Williams <dcbw@redhat.com>
|
|
Packit |
fabffb |
*
|
|
Packit |
fabffb |
* Copyright 2007 - 2017 Red Hat, Inc.
|
|
Packit |
fabffb |
*/
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
#include "nm-default.h"
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
#include <ctype.h>
|
|
Packit |
fabffb |
#include <string.h>
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
#include "eap-method.h"
|
|
Packit |
fabffb |
#include "wireless-security.h"
|
|
Packit |
fabffb |
#include "nma-cert-chooser.h"
|
|
Packit |
fabffb |
#include "utils.h"
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
#define I_NAME_COLUMN 0
|
|
Packit |
fabffb |
#define I_METHOD_COLUMN 1
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
struct _EAPMethodTTLS {
|
|
Packit |
fabffb |
EAPMethod parent;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
const char *password_flags_name;
|
|
Packit |
fabffb |
GtkSizeGroup *size_group;
|
|
Packit |
fabffb |
WirelessSecurity *sec_parent;
|
|
Packit |
fabffb |
gboolean is_editor;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
GtkWidget *ca_cert_chooser;
|
|
Packit |
fabffb |
};
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static void
|
|
Packit |
fabffb |
destroy (EAPMethod *parent)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
EAPMethodTTLS *method = (EAPMethodTTLS *) parent;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if (method->size_group)
|
|
Packit |
fabffb |
g_object_unref (method->size_group);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static gboolean
|
|
Packit |
fabffb |
validate (EAPMethod *parent, GError **error)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
EAPMethodTTLS *method = (EAPMethodTTLS *) parent;
|
|
Packit |
fabffb |
GtkWidget *widget;
|
|
Packit |
fabffb |
GtkTreeModel *model;
|
|
Packit |
fabffb |
GtkTreeIter iter;
|
|
Packit |
fabffb |
EAPMethod *eap = NULL;
|
|
Packit |
fabffb |
gboolean valid = FALSE;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if ( gtk_widget_get_sensitive (method->ca_cert_chooser)
|
|
Packit |
fabffb |
&& !nma_cert_chooser_validate (NMA_CERT_CHOOSER (method->ca_cert_chooser), error))
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
|
|
Packit |
fabffb |
g_assert (widget);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
|
|
Packit |
fabffb |
gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
|
|
Packit |
fabffb |
gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
|
|
Packit |
fabffb |
g_assert (eap);
|
|
Packit |
fabffb |
valid = eap_method_validate (eap, error);
|
|
Packit |
fabffb |
eap_method_unref (eap);
|
|
Packit |
fabffb |
return valid;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static void
|
|
Packit |
fabffb |
ca_cert_not_required_toggled (GtkWidget *button, gpointer user_data)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
EAPMethodTTLS *method = (EAPMethodTTLS *) user_data;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
gtk_widget_set_sensitive (method->ca_cert_chooser,
|
|
Packit |
fabffb |
!gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button)));
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static void
|
|
Packit |
fabffb |
add_to_size_group (EAPMethod *parent, GtkSizeGroup *group)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
EAPMethodTTLS *method = (EAPMethodTTLS *) parent;
|
|
Packit |
fabffb |
GtkWidget *widget;
|
|
Packit |
fabffb |
GtkTreeModel *model;
|
|
Packit |
fabffb |
GtkTreeIter iter;
|
|
Packit |
fabffb |
EAPMethod *eap;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if (method->size_group)
|
|
Packit |
fabffb |
g_object_unref (method->size_group);
|
|
Packit |
fabffb |
method->size_group = g_object_ref (group);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_label"));
|
|
Packit |
fabffb |
g_assert (widget);
|
|
Packit |
fabffb |
gtk_size_group_add_widget (group, widget);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_label"));
|
|
Packit |
fabffb |
g_assert (widget);
|
|
Packit |
fabffb |
gtk_size_group_add_widget (group, widget);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->ca_cert_chooser), group);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label"));
|
|
Packit |
fabffb |
g_assert (widget);
|
|
Packit |
fabffb |
gtk_size_group_add_widget (group, widget);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
|
|
Packit |
fabffb |
g_assert (widget);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
|
|
Packit |
fabffb |
gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
|
|
Packit |
fabffb |
gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
|
|
Packit |
fabffb |
g_assert (eap);
|
|
Packit |
fabffb |
eap_method_add_to_size_group (eap, group);
|
|
Packit |
fabffb |
eap_method_unref (eap);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static void
|
|
Packit |
fabffb |
fill_connection (EAPMethod *parent, NMConnection *connection)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
EAPMethodTTLS *method = (EAPMethodTTLS *) parent;
|
|
Packit |
fabffb |
NMSetting8021x *s_8021x;
|
|
Packit |
fabffb |
NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
|
|
Packit |
fabffb |
NMSettingSecretFlags secret_flags;
|
|
Packit |
fabffb |
GtkWidget *widget;
|
|
Packit |
fabffb |
const char *text;
|
|
Packit |
fabffb |
char *value = NULL;
|
|
Packit |
fabffb |
EAPMethod *eap = NULL;
|
|
Packit |
fabffb |
GtkTreeModel *model;
|
|
Packit |
fabffb |
GtkTreeIter iter;
|
|
Packit |
fabffb |
GError *error = NULL;
|
|
Packit |
fabffb |
NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN;
|
|
Packit |
fabffb |
gboolean ca_cert_error = FALSE;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
s_8021x = nm_connection_get_setting_802_1x (connection);
|
|
Packit |
fabffb |
g_assert (s_8021x);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
nm_setting_802_1x_add_eap_method (s_8021x, "ttls");
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry"));
|
|
Packit |
fabffb |
g_assert (widget);
|
|
Packit |
fabffb |
text = gtk_entry_get_text (GTK_ENTRY (widget));
|
|
Packit |
fabffb |
if (text && strlen (text))
|
|
Packit |
fabffb |
g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_entry"));
|
|
Packit |
fabffb |
g_assert (widget);
|
|
Packit |
fabffb |
text = gtk_entry_get_text (GTK_ENTRY (widget));
|
|
Packit |
fabffb |
if (text && strlen (text))
|
|
Packit |
fabffb |
g_object_set (s_8021x, NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH, text, NULL);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/* Save CA certificate PIN and its flags to the connection */
|
|
Packit |
fabffb |
secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser));
|
|
Packit |
fabffb |
nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_CA_CERT_PASSWORD,
|
|
Packit |
fabffb |
secret_flags, NULL);
|
|
Packit |
fabffb |
if (method->is_editor) {
|
|
Packit |
fabffb |
/* Update secret flags and popup when editing the connection */
|
|
Packit |
fabffb |
nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
|
|
Packit |
fabffb |
secret_flags, NM_SETTING (s_8021x),
|
|
Packit |
fabffb |
NM_SETTING_802_1X_CA_CERT_PASSWORD);
|
|
Packit |
fabffb |
g_object_set (s_8021x, NM_SETTING_802_1X_CA_CERT_PASSWORD,
|
|
Packit |
fabffb |
nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->ca_cert_chooser)),
|
|
Packit |
fabffb |
NULL);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/* TLS CA certificate */
|
|
Packit |
fabffb |
if (gtk_widget_get_sensitive (method->ca_cert_chooser))
|
|
Packit |
fabffb |
value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme);
|
|
Packit |
fabffb |
format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
|
|
Packit |
fabffb |
if (!nm_setting_802_1x_set_ca_cert (s_8021x, value, scheme, &format, &error)) {
|
|
Packit |
fabffb |
g_warning ("Couldn't read CA certificate '%s': %s", value, error ? error->message : "(unknown)");
|
|
Packit |
fabffb |
g_clear_error (&error);
|
|
Packit |
fabffb |
ca_cert_error = TRUE;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
eap_method_ca_cert_ignore_set (parent, connection, value, ca_cert_error);
|
|
Packit |
fabffb |
g_free (value);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
|
|
Packit |
fabffb |
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
|
|
Packit |
fabffb |
gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
|
|
Packit |
fabffb |
gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
|
|
Packit |
fabffb |
g_assert (eap);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
eap_method_fill_connection (eap, connection);
|
|
Packit |
fabffb |
eap_method_unref (eap);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static void
|
|
Packit |
fabffb |
inner_auth_combo_changed_cb (GtkWidget *combo, gpointer user_data)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
EAPMethod *parent = (EAPMethod *) user_data;
|
|
Packit |
fabffb |
EAPMethodTTLS *method = (EAPMethodTTLS *) parent;
|
|
Packit |
fabffb |
GtkWidget *vbox;
|
|
Packit |
fabffb |
EAPMethod *eap = NULL;
|
|
Packit |
fabffb |
GList *elt, *children;
|
|
Packit |
fabffb |
GtkTreeModel *model;
|
|
Packit |
fabffb |
GtkTreeIter iter;
|
|
Packit |
fabffb |
GtkWidget *eap_widget;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
vbox = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_vbox"));
|
|
Packit |
fabffb |
g_assert (vbox);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/* Remove any previous wireless security widgets */
|
|
Packit |
fabffb |
children = gtk_container_get_children (GTK_CONTAINER (vbox));
|
|
Packit |
fabffb |
for (elt = children; elt; elt = g_list_next (elt))
|
|
Packit |
fabffb |
gtk_container_remove (GTK_CONTAINER (vbox), GTK_WIDGET (elt->data));
|
|
Packit |
fabffb |
g_list_free (children);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo));
|
|
Packit |
fabffb |
gtk_combo_box_get_active_iter (GTK_COMBO_BOX (combo), &iter);
|
|
Packit |
fabffb |
gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
|
|
Packit |
fabffb |
g_assert (eap);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
eap_widget = eap_method_get_widget (eap);
|
|
Packit |
fabffb |
g_assert (eap_widget);
|
|
Packit |
fabffb |
gtk_widget_unparent (eap_widget);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if (method->size_group)
|
|
Packit |
fabffb |
eap_method_add_to_size_group (eap, method->size_group);
|
|
Packit |
fabffb |
gtk_container_add (GTK_CONTAINER (vbox), eap_widget);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
eap_method_unref (eap);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
wireless_security_changed_cb (combo, method->sec_parent);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static GtkWidget *
|
|
Packit |
fabffb |
inner_auth_combo_init (EAPMethodTTLS *method,
|
|
Packit |
fabffb |
NMConnection *connection,
|
|
Packit |
fabffb |
NMSetting8021x *s_8021x,
|
|
Packit |
fabffb |
gboolean secrets_only)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
EAPMethod *parent = (EAPMethod *) method;
|
|
Packit |
fabffb |
GtkWidget *combo;
|
|
Packit |
fabffb |
GtkListStore *auth_model;
|
|
Packit |
fabffb |
GtkTreeIter iter;
|
|
Packit |
fabffb |
EAPMethodSimple *em_pap;
|
|
Packit |
fabffb |
EAPMethodSimple *em_mschap;
|
|
Packit |
fabffb |
EAPMethodSimple *em_mschap_v2;
|
|
Packit |
fabffb |
EAPMethodSimple *em_plain_mschap_v2;
|
|
Packit |
fabffb |
EAPMethodSimple *em_chap;
|
|
Packit |
fabffb |
EAPMethodSimple *em_md5;
|
|
Packit |
fabffb |
EAPMethodSimple *em_gtc;
|
|
Packit |
fabffb |
guint32 active = 0;
|
|
Packit |
fabffb |
const char *phase2_auth = NULL;
|
|
Packit |
fabffb |
EAPMethodSimpleFlags simple_flags;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
auth_model = gtk_list_store_new (2, G_TYPE_STRING, eap_method_get_type ());
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if (s_8021x) {
|
|
Packit |
fabffb |
if (nm_setting_802_1x_get_phase2_auth (s_8021x))
|
|
Packit |
fabffb |
phase2_auth = nm_setting_802_1x_get_phase2_auth (s_8021x);
|
|
Packit |
fabffb |
else if (nm_setting_802_1x_get_phase2_autheap (s_8021x))
|
|
Packit |
fabffb |
phase2_auth = nm_setting_802_1x_get_phase2_autheap (s_8021x);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
simple_flags = EAP_METHOD_SIMPLE_FLAG_PHASE2 | EAP_METHOD_SIMPLE_FLAG_AUTHEAP_ALLOWED;
|
|
Packit |
fabffb |
if (method->is_editor)
|
|
Packit |
fabffb |
simple_flags |= EAP_METHOD_SIMPLE_FLAG_IS_EDITOR;
|
|
Packit |
fabffb |
if (secrets_only)
|
|
Packit |
fabffb |
simple_flags |= EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
em_pap = eap_method_simple_new (method->sec_parent,
|
|
Packit |
fabffb |
connection,
|
|
Packit |
fabffb |
EAP_METHOD_SIMPLE_TYPE_PAP,
|
|
Packit |
fabffb |
simple_flags,
|
|
Packit |
fabffb |
NULL);
|
|
Packit |
fabffb |
gtk_list_store_append (auth_model, &iter);
|
|
Packit |
fabffb |
gtk_list_store_set (auth_model, &iter,
|
|
Packit |
fabffb |
I_NAME_COLUMN, _("PAP"),
|
|
Packit |
fabffb |
I_METHOD_COLUMN, em_pap,
|
|
Packit |
fabffb |
-1);
|
|
Packit |
fabffb |
eap_method_unref (EAP_METHOD (em_pap));
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/* Check for defaulting to PAP */
|
|
Packit |
fabffb |
if (phase2_auth && !strcasecmp (phase2_auth, "pap"))
|
|
Packit |
fabffb |
active = 0;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
em_mschap = eap_method_simple_new (method->sec_parent,
|
|
Packit |
fabffb |
connection,
|
|
Packit |
fabffb |
EAP_METHOD_SIMPLE_TYPE_MSCHAP,
|
|
Packit |
fabffb |
simple_flags,
|
|
Packit |
fabffb |
NULL);
|
|
Packit |
fabffb |
gtk_list_store_append (auth_model, &iter);
|
|
Packit |
fabffb |
gtk_list_store_set (auth_model, &iter,
|
|
Packit |
fabffb |
I_NAME_COLUMN, _("MSCHAP"),
|
|
Packit |
fabffb |
I_METHOD_COLUMN, em_mschap,
|
|
Packit |
fabffb |
-1);
|
|
Packit |
fabffb |
eap_method_unref (EAP_METHOD (em_mschap));
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/* Check for defaulting to MSCHAP */
|
|
Packit |
fabffb |
if (phase2_auth && !strcasecmp (phase2_auth, "mschap"))
|
|
Packit |
fabffb |
active = 1;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
em_mschap_v2 = eap_method_simple_new (method->sec_parent,
|
|
Packit |
fabffb |
connection,
|
|
Packit |
fabffb |
EAP_METHOD_SIMPLE_TYPE_MSCHAP_V2,
|
|
Packit |
fabffb |
simple_flags,
|
|
Packit |
fabffb |
NULL);
|
|
Packit |
fabffb |
gtk_list_store_append (auth_model, &iter);
|
|
Packit |
fabffb |
gtk_list_store_set (auth_model, &iter,
|
|
Packit |
fabffb |
I_NAME_COLUMN, _("MSCHAPv2"),
|
|
Packit |
fabffb |
I_METHOD_COLUMN, em_mschap_v2,
|
|
Packit |
fabffb |
-1);
|
|
Packit |
fabffb |
eap_method_unref (EAP_METHOD (em_mschap_v2));
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/* Check for defaulting to MSCHAPv2 */
|
|
Packit |
fabffb |
if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2") &&
|
|
Packit |
fabffb |
nm_setting_802_1x_get_phase2_autheap (s_8021x) != NULL)
|
|
Packit |
fabffb |
active = 2;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
em_plain_mschap_v2 = eap_method_simple_new (method->sec_parent,
|
|
Packit |
fabffb |
connection,
|
|
Packit |
fabffb |
EAP_METHOD_SIMPLE_TYPE_PLAIN_MSCHAP_V2,
|
|
Packit |
fabffb |
simple_flags,
|
|
Packit |
fabffb |
NULL);
|
|
Packit |
fabffb |
gtk_list_store_append (auth_model, &iter);
|
|
Packit |
fabffb |
gtk_list_store_set (auth_model, &iter,
|
|
Packit |
fabffb |
I_NAME_COLUMN, _("MSCHAPv2 (no EAP)"),
|
|
Packit |
fabffb |
I_METHOD_COLUMN, em_plain_mschap_v2,
|
|
Packit |
fabffb |
-1);
|
|
Packit |
fabffb |
eap_method_unref (EAP_METHOD (em_plain_mschap_v2));
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/* Check for defaulting to plain MSCHAPv2 */
|
|
Packit |
fabffb |
if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2") &&
|
|
Packit |
fabffb |
nm_setting_802_1x_get_phase2_auth (s_8021x) != NULL)
|
|
Packit |
fabffb |
active = 3;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
em_chap = eap_method_simple_new (method->sec_parent,
|
|
Packit |
fabffb |
connection,
|
|
Packit |
fabffb |
EAP_METHOD_SIMPLE_TYPE_CHAP,
|
|
Packit |
fabffb |
simple_flags,
|
|
Packit |
fabffb |
NULL);
|
|
Packit |
fabffb |
gtk_list_store_append (auth_model, &iter);
|
|
Packit |
fabffb |
gtk_list_store_set (auth_model, &iter,
|
|
Packit |
fabffb |
I_NAME_COLUMN, _("CHAP"),
|
|
Packit |
fabffb |
I_METHOD_COLUMN, em_chap,
|
|
Packit |
fabffb |
-1);
|
|
Packit |
fabffb |
eap_method_unref (EAP_METHOD (em_chap));
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/* Check for defaulting to CHAP */
|
|
Packit |
fabffb |
if (phase2_auth && !strcasecmp (phase2_auth, "chap"))
|
|
Packit |
fabffb |
active = 4;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
em_md5 = eap_method_simple_new (method->sec_parent,
|
|
Packit |
fabffb |
connection,
|
|
Packit |
fabffb |
EAP_METHOD_SIMPLE_TYPE_MD5,
|
|
Packit |
fabffb |
simple_flags,
|
|
Packit |
fabffb |
NULL);
|
|
Packit |
fabffb |
gtk_list_store_append (auth_model, &iter);
|
|
Packit |
fabffb |
gtk_list_store_set (auth_model, &iter,
|
|
Packit |
fabffb |
I_NAME_COLUMN, _("MD5"),
|
|
Packit |
fabffb |
I_METHOD_COLUMN, em_md5,
|
|
Packit |
fabffb |
-1);
|
|
Packit |
fabffb |
eap_method_unref (EAP_METHOD (em_md5));
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/* Check for defaulting to MD5 */
|
|
Packit |
fabffb |
if (phase2_auth && !strcasecmp (phase2_auth, "md5"))
|
|
Packit |
fabffb |
active = 5;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
em_gtc = eap_method_simple_new (method->sec_parent,
|
|
Packit |
fabffb |
connection,
|
|
Packit |
fabffb |
EAP_METHOD_SIMPLE_TYPE_GTC,
|
|
Packit |
fabffb |
simple_flags,
|
|
Packit |
fabffb |
NULL);
|
|
Packit |
fabffb |
gtk_list_store_append (auth_model, &iter);
|
|
Packit |
fabffb |
gtk_list_store_set (auth_model, &iter,
|
|
Packit |
fabffb |
I_NAME_COLUMN, _("GTC"),
|
|
Packit |
fabffb |
I_METHOD_COLUMN, em_gtc,
|
|
Packit |
fabffb |
-1);
|
|
Packit |
fabffb |
eap_method_unref (EAP_METHOD (em_gtc));
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/* Check for defaulting to GTC */
|
|
Packit |
fabffb |
if (phase2_auth && !strcasecmp (phase2_auth, "gtc"))
|
|
Packit |
fabffb |
active = 6;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
combo = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
|
|
Packit |
fabffb |
g_assert (combo);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (auth_model));
|
|
Packit |
fabffb |
g_object_unref (G_OBJECT (auth_model));
|
|
Packit |
fabffb |
gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
g_signal_connect (G_OBJECT (combo), "changed",
|
|
Packit |
fabffb |
(GCallback) inner_auth_combo_changed_cb,
|
|
Packit |
fabffb |
method);
|
|
Packit |
fabffb |
return combo;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static void
|
|
Packit |
fabffb |
update_secrets (EAPMethod *parent, NMConnection *connection)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
eap_method_phase2_update_secrets_helper (parent,
|
|
Packit |
fabffb |
connection,
|
|
Packit |
fabffb |
"eap_ttls_inner_auth_combo",
|
|
Packit |
fabffb |
I_METHOD_COLUMN);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
EAPMethodTTLS *
|
|
Packit |
fabffb |
eap_method_ttls_new (WirelessSecurity *ws_parent,
|
|
Packit |
fabffb |
NMConnection *connection,
|
|
Packit |
fabffb |
gboolean is_editor,
|
|
Packit |
fabffb |
gboolean secrets_only)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
EAPMethod *parent;
|
|
Packit |
fabffb |
EAPMethodTTLS *method;
|
|
Packit |
fabffb |
GtkWidget *widget;
|
|
Packit |
fabffb |
NMSetting8021x *s_8021x = NULL;
|
|
Packit |
fabffb |
gboolean ca_not_required = FALSE;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
parent = eap_method_init (sizeof (EAPMethodTTLS),
|
|
Packit |
fabffb |
validate,
|
|
Packit |
fabffb |
add_to_size_group,
|
|
Packit |
fabffb |
fill_connection,
|
|
Packit |
fabffb |
update_secrets,
|
|
Packit |
fabffb |
destroy,
|
|
Packit |
fabffb |
"/org/freedesktop/network-manager-applet/eap-method-ttls.ui",
|
|
Packit |
fabffb |
"eap_ttls_notebook",
|
|
Packit |
fabffb |
"eap_ttls_anon_identity_entry",
|
|
Packit |
fabffb |
FALSE);
|
|
Packit |
fabffb |
if (!parent)
|
|
Packit |
fabffb |
return NULL;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
method = (EAPMethodTTLS *) parent;
|
|
Packit |
fabffb |
method->password_flags_name = NM_SETTING_802_1X_PASSWORD;
|
|
Packit |
fabffb |
method->sec_parent = ws_parent;
|
|
Packit |
fabffb |
method->is_editor = is_editor;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if (connection)
|
|
Packit |
fabffb |
s_8021x = nm_connection_get_setting_802_1x (connection);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_grid"));
|
|
Packit |
fabffb |
g_assert (widget);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
method->ca_cert_chooser = nma_cert_chooser_new ("CA",
|
|
Packit |
fabffb |
NMA_CERT_CHOOSER_FLAG_CERT
|
|
Packit |
fabffb |
| (secrets_only ? NMA_CERT_CHOOSER_FLAG_PASSWORDS : 0));
|
|
Packit |
fabffb |
gtk_grid_attach (GTK_GRID (widget), method->ca_cert_chooser, 0, 2, 2, 1);
|
|
Packit |
fabffb |
gtk_widget_show (method->ca_cert_chooser);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
g_signal_connect (method->ca_cert_chooser,
|
|
Packit |
fabffb |
"cert-validate",
|
|
Packit |
fabffb |
G_CALLBACK (eap_method_ca_cert_validate_cb),
|
|
Packit |
fabffb |
NULL);
|
|
Packit |
fabffb |
g_signal_connect (method->ca_cert_chooser,
|
|
Packit |
fabffb |
"changed",
|
|
Packit |
fabffb |
G_CALLBACK (wireless_security_changed_cb),
|
|
Packit |
fabffb |
ws_parent);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x,
|
|
Packit |
fabffb |
nm_setting_802_1x_get_ca_cert_scheme,
|
|
Packit |
fabffb |
nm_setting_802_1x_get_ca_cert_path,
|
|
Packit |
fabffb |
nm_setting_802_1x_get_ca_cert_uri,
|
|
Packit |
fabffb |
nm_setting_802_1x_get_ca_cert_password,
|
|
Packit |
fabffb |
NULL,
|
|
Packit |
fabffb |
NULL,
|
|
Packit |
fabffb |
NULL,
|
|
Packit |
fabffb |
NULL);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if (connection && eap_method_ca_cert_ignore_get (parent, connection)) {
|
|
Packit |
fabffb |
gchar *ca_cert;
|
|
Packit |
fabffb |
NMSetting8021xCKScheme scheme;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
ca_cert = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme);
|
|
Packit |
fabffb |
if (ca_cert)
|
|
Packit |
fabffb |
g_free (ca_cert);
|
|
Packit |
fabffb |
else
|
|
Packit |
fabffb |
ca_not_required = TRUE;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if (secrets_only)
|
|
Packit |
fabffb |
ca_not_required = TRUE;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_not_required_checkbox"));
|
|
Packit |
fabffb |
g_assert (widget);
|
|
Packit |
fabffb |
g_signal_connect (G_OBJECT (widget), "toggled",
|
|
Packit |
fabffb |
(GCallback) ca_cert_not_required_toggled,
|
|
Packit |
fabffb |
parent);
|
|
Packit |
fabffb |
g_signal_connect (G_OBJECT (widget), "toggled",
|
|
Packit |
fabffb |
(GCallback) wireless_security_changed_cb,
|
|
Packit |
fabffb |
ws_parent);
|
|
Packit Service |
639700 |
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), ca_not_required);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry"));
|
|
Packit |
fabffb |
if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x))
|
|
Packit |
fabffb |
gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x));
|
|
Packit |
fabffb |
g_signal_connect (G_OBJECT (widget), "changed",
|
|
Packit |
fabffb |
(GCallback) wireless_security_changed_cb,
|
|
Packit |
fabffb |
ws_parent);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_entry"));
|
|
Packit |
fabffb |
if (s_8021x && nm_setting_802_1x_get_domain_suffix_match (s_8021x))
|
|
Packit |
fabffb |
gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_domain_suffix_match (s_8021x));
|
|
Packit |
fabffb |
g_signal_connect (G_OBJECT (widget), "changed",
|
|
Packit |
fabffb |
(GCallback) wireless_security_changed_cb,
|
|
Packit |
fabffb |
ws_parent);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
widget = inner_auth_combo_init (method, connection, s_8021x, secrets_only);
|
|
Packit |
fabffb |
inner_auth_combo_changed_cb (widget, (gpointer) method);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if (secrets_only) {
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_label"));
|
|
Packit |
fabffb |
gtk_widget_hide (widget);
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry"));
|
|
Packit |
fabffb |
gtk_widget_hide (widget);
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_label"));
|
|
Packit |
fabffb |
gtk_widget_hide (widget);
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_entry"));
|
|
Packit |
fabffb |
gtk_widget_hide (widget);
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_not_required_checkbox"));
|
|
Packit |
fabffb |
gtk_widget_hide (widget);
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label"));
|
|
Packit |
fabffb |
gtk_widget_hide (widget);
|
|
Packit |
fabffb |
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
|
|
Packit |
fabffb |
gtk_widget_hide (widget);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
nma_cert_chooser_setup_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
|
|
Packit |
fabffb |
0, (NMSetting *) s_8021x, NM_SETTING_802_1X_CA_CERT_PASSWORD,
|
|
Packit |
fabffb |
FALSE, secrets_only);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
return method;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|