// SPDX-License-Identifier: GPL-2.0+ /* NetworkManager Applet -- allow user control over networking * * Dan Williams * * Copyright 2007 - 2014 Red Hat, Inc. */ #include "nm-default.h" #include #include #include "eap-method.h" #include "wireless-security.h" #include "helpers.h" #include "nma-ui-utils.h" #include "utils.h" struct _EAPMethodSimple { EAPMethod parent; WirelessSecurity *ws_parent; const char *password_flags_name; EAPMethodSimpleType type; EAPMethodSimpleFlags flags; gboolean username_requested; gboolean password_requested; gboolean pkey_passphrase_requested; GtkEntry *username_entry; GtkEntry *password_entry; GtkToggleButton *show_password; GtkEntry *pkey_passphrase_entry; GtkToggleButton *show_pkey_passphrase; guint idle_func_id; }; static void show_password_toggled_cb (GtkToggleButton *button, EAPMethodSimple *method) { gboolean visible; visible = gtk_toggle_button_get_active (button); gtk_entry_set_visibility (method->password_entry, visible); } static void show_pkey_passphrase_toggled_cb (GtkToggleButton *button, EAPMethodSimple *method) { gboolean visible; visible = gtk_toggle_button_get_active (button); gtk_entry_set_visibility (method->pkey_passphrase_entry, visible); } static gboolean always_ask_selected (GtkEntry *passwd_entry) { return !!( nma_utils_menu_to_secret_flags (GTK_WIDGET (passwd_entry)) & NM_SETTING_SECRET_FLAG_NOT_SAVED); } static gboolean validate (EAPMethod *parent, GError **error) { EAPMethodSimple *method = (EAPMethodSimple *)parent; const char *text; gboolean ret = TRUE; if (method->username_requested) { text = gtk_entry_get_text (method->username_entry); if (!text || !strlen (text)) { widget_set_error (GTK_WIDGET (method->username_entry)); g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP username")); ret = FALSE; } else widget_unset_error (GTK_WIDGET (method->username_entry)); } /* Check if the password should always be requested */ if (method->password_requested) { if (always_ask_selected (method->password_entry)) widget_unset_error (GTK_WIDGET (method->password_entry)); else { text = gtk_entry_get_text (method->password_entry); if (!text || !strlen (text)) { widget_set_error (GTK_WIDGET (method->password_entry)); if (ret) { g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP password")); ret = FALSE; } } else widget_unset_error (GTK_WIDGET (method->password_entry)); } } if (method->pkey_passphrase_requested) { text = gtk_entry_get_text (method->pkey_passphrase_entry); if (!text || !strlen (text)) { widget_set_error (GTK_WIDGET (method->pkey_passphrase_entry)); if (ret) { g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP client Private Key passphrase")); ret = FALSE; } } else widget_unset_error (GTK_WIDGET (method->pkey_passphrase_entry)); } return ret; } static void add_to_size_group (EAPMethod *parent, GtkSizeGroup *group) { EAPMethodSimple *method = (EAPMethodSimple *) parent; GtkWidget *widget; if (method->username_requested) { widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_label")); g_assert (widget); gtk_size_group_add_widget (group, widget); } if (method->password_requested) { widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_label")); g_assert (widget); gtk_size_group_add_widget (group, widget); } if (method->pkey_passphrase_requested) { widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_pkey_passphrase_label")); g_assert (widget); gtk_size_group_add_widget (group, widget); } } typedef struct { const char *name; gboolean autheap_allowed; } EapType; /* Indexed by EAP_METHOD_SIMPLE_TYPE_* */ static const EapType eap_table[EAP_METHOD_SIMPLE_TYPE_LAST] = { [EAP_METHOD_SIMPLE_TYPE_PAP] = { "pap", FALSE }, [EAP_METHOD_SIMPLE_TYPE_MSCHAP] = { "mschap", FALSE }, [EAP_METHOD_SIMPLE_TYPE_MSCHAP_V2] = { "mschapv2", TRUE }, [EAP_METHOD_SIMPLE_TYPE_PLAIN_MSCHAP_V2] = { "mschapv2", FALSE }, [EAP_METHOD_SIMPLE_TYPE_MD5] = { "md5", TRUE }, [EAP_METHOD_SIMPLE_TYPE_PWD] = { "pwd", TRUE }, [EAP_METHOD_SIMPLE_TYPE_CHAP] = { "chap", FALSE }, [EAP_METHOD_SIMPLE_TYPE_GTC] = { "gtc", TRUE }, [EAP_METHOD_SIMPLE_TYPE_UNKNOWN] = { "unknown", TRUE }, }; static void fill_connection (EAPMethod *parent, NMConnection *connection) { EAPMethodSimple *method = (EAPMethodSimple *) parent; NMSetting8021x *s_8021x; gboolean not_saved = FALSE; NMSettingSecretFlags flags; const EapType *eap_type; s_8021x = nm_connection_get_setting_802_1x (connection); g_assert (s_8021x); if (!(method->flags & EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY)) { /* If this is the main EAP method, clear any existing methods because the * user-selected one will replace it. */ if (parent->phase2 == FALSE) nm_setting_802_1x_clear_eap_methods (s_8021x); eap_type = &eap_table[method->type]; if (parent->phase2) { /* If the outer EAP method (TLS, TTLS, PEAP, etc) allows inner/phase2 * EAP methods (which only TTLS allows) *and* the inner/phase2 method * supports being an inner EAP method, then set PHASE2_AUTHEAP. * Otherwise the inner/phase2 method goes into PHASE2_AUTH. */ if ((method->flags & EAP_METHOD_SIMPLE_FLAG_AUTHEAP_ALLOWED) && eap_type->autheap_allowed) { g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTHEAP, eap_type->name, NULL); g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, NULL, NULL); } else { g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, eap_type->name, NULL); g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTHEAP, NULL, NULL); } } else nm_setting_802_1x_add_eap_method (s_8021x, eap_type->name); } if (method->username_requested) g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (method->username_entry), NULL); if (method->password_requested) { /* Save the password always ask setting */ not_saved = always_ask_selected (method->password_entry); flags = nma_utils_menu_to_secret_flags (GTK_WIDGET (method->password_entry)); nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->password_flags_name, flags, NULL); /* Fill the connection's password if we're in the applet so that it'll get * back to NM. From the editor though, since the connection isn't going * back to NM in response to a GetSecrets() call, we don't save it if the * user checked "Always Ask". */ if (!(method->flags & EAP_METHOD_SIMPLE_FLAG_IS_EDITOR) || not_saved == FALSE) { g_object_set (s_8021x, NM_SETTING_802_1X_PASSWORD, gtk_entry_get_text (method->password_entry), NULL); } /* Update secret flags and popup when editing the connection */ if (!(method->flags & EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY)) { GtkWidget *passwd_entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_entry")); g_assert (passwd_entry); nma_utils_update_password_storage (passwd_entry, flags, NM_SETTING (s_8021x), method->password_flags_name); } } if (method->pkey_passphrase_requested) { g_object_set (s_8021x, NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD, gtk_entry_get_text (method->pkey_passphrase_entry), NULL); } } static void update_secrets (EAPMethod *parent, NMConnection *connection) { helper_fill_secret_entry (connection, parent->builder, "eap_simple_password_entry", NM_TYPE_SETTING_802_1X, (HelperSecretFunc) nm_setting_802_1x_get_password); helper_fill_secret_entry (connection, parent->builder, "eap_simple_pkey_passphrase_entry", NM_TYPE_SETTING_802_1X, (HelperSecretFunc) nm_setting_802_1x_get_private_key_password); } static gboolean stuff_changed (EAPMethodSimple *method) { wireless_security_changed_cb (NULL, method->ws_parent); method->idle_func_id = 0; return FALSE; } static void password_storage_changed (GObject *entry, GParamSpec *pspec, EAPMethodSimple *method) { gboolean always_ask; gboolean secrets_only = method->flags & EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY; always_ask = always_ask_selected (method->password_entry); if (always_ask && !secrets_only) { /* we always clear this button and do not restore it * (because we want to hide the password). */ gtk_toggle_button_set_active (method->show_password, FALSE); } gtk_widget_set_sensitive (GTK_WIDGET (method->show_password), !always_ask || secrets_only); if (!method->idle_func_id) method->idle_func_id = g_idle_add ((GSourceFunc) stuff_changed, method); } /* Set the UI fields for user, password, always_ask and show_password to the * values as provided by method->ws_parent. */ static void set_userpass_ui (EAPMethodSimple *method) { if (method->ws_parent->username) gtk_entry_set_text (method->username_entry, method->ws_parent->username); else gtk_entry_set_text (method->username_entry, ""); if (method->ws_parent->password && !method->ws_parent->always_ask) gtk_entry_set_text (method->password_entry, method->ws_parent->password); else gtk_entry_set_text (method->password_entry, ""); gtk_toggle_button_set_active (method->show_password, method->ws_parent->show_password); password_storage_changed (NULL, NULL, method); } static void widgets_realized (GtkWidget *widget, EAPMethodSimple *method) { set_userpass_ui (method); } static void widgets_unrealized (GtkWidget *widget, EAPMethodSimple *method) { wireless_security_set_userpass (method->ws_parent, gtk_entry_get_text (method->username_entry), gtk_entry_get_text (method->password_entry), always_ask_selected (method->password_entry), gtk_toggle_button_get_active (method->show_password)); } static void destroy (EAPMethod *parent) { EAPMethodSimple *method = (EAPMethodSimple *) parent; GtkWidget *widget; widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_notebook")); g_assert (widget); g_signal_handlers_disconnect_by_data (widget, method); g_signal_handlers_disconnect_by_data (method->username_entry, method->ws_parent); g_signal_handlers_disconnect_by_data (method->password_entry, method->ws_parent); g_signal_handlers_disconnect_by_data (method->password_entry, method); g_signal_handlers_disconnect_by_data (method->show_password, method); g_signal_handlers_disconnect_by_data (method->pkey_passphrase_entry, method->ws_parent); g_signal_handlers_disconnect_by_data (method->show_pkey_passphrase, method); nm_clear_g_source (&method->idle_func_id); } static void hide_row (GtkWidget **widgets, size_t num) { while (num--) gtk_widget_hide (*widgets++); } EAPMethodSimple * eap_method_simple_new (WirelessSecurity *ws_parent, NMConnection *connection, EAPMethodSimpleType type, EAPMethodSimpleFlags flags, const char *const*hints) { EAPMethod *parent; EAPMethodSimple *method; GtkWidget *widget; NMSetting8021x *s_8021x = NULL; GtkWidget *widget_row[10]; parent = eap_method_init (sizeof (EAPMethodSimple), validate, add_to_size_group, fill_connection, update_secrets, destroy, "/org/freedesktop/network-manager-applet/eap-method-simple.ui", "eap_simple_notebook", "eap_simple_username_entry", flags & EAP_METHOD_SIMPLE_FLAG_PHASE2); if (!parent) return NULL; method = (EAPMethodSimple *) parent; method->password_flags_name = NM_SETTING_802_1X_PASSWORD; method->ws_parent = ws_parent; method->flags = flags; method->type = type; g_assert (type < EAP_METHOD_SIMPLE_TYPE_LAST); g_assert ( type != EAP_METHOD_SIMPLE_TYPE_UNKNOWN || hints); if (hints) { for (; *hints; hints++) { if (!strcmp (*hints, NM_SETTING_802_1X_IDENTITY)) method->username_requested = TRUE; else if (!strcmp (*hints, NM_SETTING_802_1X_PASSWORD)) { method->password_requested = TRUE; method->password_flags_name = NM_SETTING_802_1X_PASSWORD; } else if (!strcmp (*hints, NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD)) method->pkey_passphrase_requested = TRUE; } } else { method->username_requested = TRUE; method->password_requested = TRUE; } widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_notebook")); g_assert (widget); g_signal_connect (G_OBJECT (widget), "realize", (GCallback) widgets_realized, method); g_signal_connect (G_OBJECT (widget), "unrealize", (GCallback) widgets_unrealized, method); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_entry")); g_assert (widget); method->username_entry = GTK_ENTRY (widget); g_signal_connect (G_OBJECT (widget), "changed", (GCallback) wireless_security_changed_cb, ws_parent); if ( (method->flags & EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY) && !method->username_requested) gtk_widget_set_sensitive (widget, FALSE); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_entry")); g_assert (widget); method->password_entry = GTK_ENTRY (widget); g_signal_connect (G_OBJECT (widget), "changed", (GCallback) wireless_security_changed_cb, ws_parent); /* Create password-storage popup menu for password entry under entry's secondary icon */ if (connection) s_8021x = nm_connection_get_setting_802_1x (connection); nma_utils_setup_password_storage (widget, 0, (NMSetting *) s_8021x, method->password_flags_name, FALSE, flags & EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY); g_signal_connect (method->password_entry, "notify::secondary-icon-name", G_CALLBACK (password_storage_changed), method); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_eapsimple")); g_assert (widget); method->show_password = GTK_TOGGLE_BUTTON (widget); g_signal_connect (G_OBJECT (widget), "toggled", (GCallback) show_password_toggled_cb, method); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_pkey_passphrase_entry")); g_assert (widget); method->pkey_passphrase_entry = GTK_ENTRY (widget); g_signal_connect (G_OBJECT (widget), "changed", (GCallback) wireless_security_changed_cb, ws_parent); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_show_pkey_passphrase_checkbutton")); g_assert (widget); method->show_pkey_passphrase = GTK_TOGGLE_BUTTON (widget); g_signal_connect (G_OBJECT (widget), "toggled", (GCallback) show_pkey_passphrase_toggled_cb, method); widget_row[0] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_label")); widget_row[1] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_entry")); if (!method->username_requested) hide_row (widget_row, 2); widget_row[0] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_label")); widget_row[1] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_entry")); widget_row[2] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_eapsimple")); if (!method->password_requested) hide_row (widget_row, 3); widget_row[0] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_pkey_passphrase_label")); widget_row[1] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_pkey_passphrase_entry")); widget_row[2] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_show_pkey_passphrase_checkbutton")); if (!method->pkey_passphrase_requested) hide_row (widget_row, 3); /* Initialize the UI fields with the security settings from method->ws_parent. * This will be done again when the widget gets realized. It must be done here as well, * because the outer dialog will ask to 'validate' the connection before the security tab * is shown/realized (to enable the 'Apply' button). * As 'validate' accesses the contents of the UI fields, they must be initialized now, even * if the widgets are not yet visible. */ set_userpass_ui (method); return method; }