442 lines
14 KiB
C
442 lines
14 KiB
C
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
|
|
/* NetworkManager Applet -- allow user control over networking
|
|
*
|
|
* Dan Williams <dcbw@redhat.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Copyright 2007 - 2014 Red Hat, Inc.
|
|
*/
|
|
|
|
#include "nm-default.h"
|
|
|
|
#include <string.h>
|
|
|
|
#include "wireless-security.h"
|
|
#include "wireless-security-resources.h"
|
|
#include "eap-method.h"
|
|
#include "eap-method-fast.h"
|
|
#include "eap-method-leap.h"
|
|
#include "eap-method-peap.h"
|
|
#include "eap-method-simple.h"
|
|
#include "eap-method-tls.h"
|
|
#include "eap-method-ttls.h"
|
|
#include "utils.h"
|
|
|
|
typedef struct {
|
|
char *username, *password;
|
|
gboolean always_ask, show_password;
|
|
} WirelessSecurityPrivate;
|
|
|
|
G_DEFINE_TYPE_WITH_PRIVATE (WirelessSecurity, wireless_security, G_TYPE_OBJECT)
|
|
|
|
enum {
|
|
CHANGED,
|
|
LAST_SIGNAL
|
|
};
|
|
|
|
static guint signals[LAST_SIGNAL] = { 0 };
|
|
|
|
static void
|
|
wireless_security_dispose (GObject *object)
|
|
{
|
|
WirelessSecurity *self = WIRELESS_SECURITY (object);
|
|
WirelessSecurityPrivate *priv = wireless_security_get_instance_private (self);
|
|
|
|
if (priv->password)
|
|
memset (priv->password, 0, strlen (priv->password));
|
|
|
|
g_clear_pointer (&priv->username, g_free);
|
|
g_clear_pointer (&priv->password, g_free);
|
|
|
|
G_OBJECT_CLASS (wireless_security_parent_class)->dispose (object);
|
|
}
|
|
|
|
void
|
|
wireless_security_init (WirelessSecurity *self)
|
|
{
|
|
g_resources_register (wireless_security_get_resource ());
|
|
}
|
|
|
|
void
|
|
wireless_security_class_init (WirelessSecurityClass *klass)
|
|
{
|
|
GObjectClass *object_class = G_OBJECT_CLASS (klass);
|
|
|
|
object_class->dispose = wireless_security_dispose;
|
|
|
|
signals[CHANGED] =
|
|
g_signal_new ("changed",
|
|
G_TYPE_FROM_CLASS (object_class),
|
|
G_SIGNAL_RUN_FIRST,
|
|
0,
|
|
NULL, NULL,
|
|
g_cclosure_marshal_VOID__VOID,
|
|
G_TYPE_NONE, 0);
|
|
}
|
|
|
|
GtkWidget *
|
|
wireless_security_get_widget (WirelessSecurity *self)
|
|
{
|
|
g_return_val_if_fail (WIRELESS_IS_SECURITY (self), NULL);
|
|
|
|
return WIRELESS_SECURITY_GET_CLASS (self)->get_widget (self);
|
|
}
|
|
|
|
void
|
|
wireless_security_notify_changed (WirelessSecurity *self)
|
|
{
|
|
g_return_if_fail (WIRELESS_IS_SECURITY (self));
|
|
|
|
g_signal_emit (self, signals[CHANGED], 0);
|
|
}
|
|
|
|
gboolean
|
|
wireless_security_validate (WirelessSecurity *self, GError **error)
|
|
{
|
|
gboolean result;
|
|
|
|
g_return_val_if_fail (WIRELESS_IS_SECURITY (self), FALSE);
|
|
g_return_val_if_fail (!error || !*error, FALSE);
|
|
|
|
result = WIRELESS_SECURITY_GET_CLASS (self)->validate (self, error);
|
|
if (!result && error && !*error)
|
|
g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("Unknown error validating 802.1X security"));
|
|
return result;
|
|
}
|
|
|
|
void
|
|
wireless_security_add_to_size_group (WirelessSecurity *self, GtkSizeGroup *group)
|
|
{
|
|
g_return_if_fail (WIRELESS_IS_SECURITY (self));
|
|
g_return_if_fail (GTK_IS_SIZE_GROUP (group));
|
|
|
|
return WIRELESS_SECURITY_GET_CLASS (self)->add_to_size_group (self, group);
|
|
}
|
|
|
|
void
|
|
wireless_security_fill_connection (WirelessSecurity *self,
|
|
NMConnection *connection)
|
|
{
|
|
g_return_if_fail (WIRELESS_IS_SECURITY (self));
|
|
g_return_if_fail (connection != NULL);
|
|
|
|
return WIRELESS_SECURITY_GET_CLASS (self)->fill_connection (self, connection);
|
|
}
|
|
|
|
gboolean
|
|
wireless_security_adhoc_compatible (WirelessSecurity *self)
|
|
{
|
|
if (WIRELESS_SECURITY_GET_CLASS (self)->adhoc_compatible)
|
|
return WIRELESS_SECURITY_GET_CLASS (self)->adhoc_compatible (self);
|
|
else
|
|
return TRUE;
|
|
}
|
|
|
|
const gchar *
|
|
wireless_security_get_username (WirelessSecurity *self)
|
|
{
|
|
WirelessSecurityPrivate *priv = wireless_security_get_instance_private (self);
|
|
|
|
g_return_val_if_fail (WIRELESS_IS_SECURITY (self), NULL);
|
|
|
|
return priv->username;
|
|
}
|
|
|
|
const gchar *
|
|
wireless_security_get_password (WirelessSecurity *self)
|
|
{
|
|
WirelessSecurityPrivate *priv = wireless_security_get_instance_private (self);
|
|
|
|
g_return_val_if_fail (WIRELESS_IS_SECURITY (self), NULL);
|
|
|
|
return priv->password;
|
|
}
|
|
|
|
gboolean
|
|
wireless_security_get_always_ask (WirelessSecurity *self)
|
|
{
|
|
WirelessSecurityPrivate *priv = wireless_security_get_instance_private (self);
|
|
|
|
g_return_val_if_fail (WIRELESS_IS_SECURITY (self), FALSE);
|
|
|
|
return priv->always_ask;
|
|
}
|
|
|
|
gboolean
|
|
wireless_security_get_show_password (WirelessSecurity *self)
|
|
{
|
|
WirelessSecurityPrivate *priv = wireless_security_get_instance_private (self);
|
|
|
|
g_return_val_if_fail (WIRELESS_IS_SECURITY (self), FALSE);
|
|
|
|
return priv->show_password;
|
|
}
|
|
|
|
void
|
|
wireless_security_set_userpass (WirelessSecurity *self,
|
|
const char *user,
|
|
const char *password,
|
|
gboolean always_ask,
|
|
gboolean show_password)
|
|
{
|
|
WirelessSecurityPrivate *priv = wireless_security_get_instance_private (self);
|
|
|
|
g_clear_pointer (&priv->username, g_free);
|
|
priv->username = g_strdup (user);
|
|
|
|
if (priv->password)
|
|
memset (priv->password, 0, strlen (priv->password));
|
|
|
|
g_clear_pointer (&priv->password, g_free);
|
|
priv->password = g_strdup (password);
|
|
|
|
if (always_ask != (gboolean) -1)
|
|
priv->always_ask = always_ask;
|
|
priv->show_password = show_password;
|
|
}
|
|
|
|
void
|
|
wireless_security_clear_ciphers (NMConnection *connection)
|
|
{
|
|
NMSettingWirelessSecurity *s_wireless_sec;
|
|
|
|
g_return_if_fail (connection != NULL);
|
|
|
|
s_wireless_sec = nm_connection_get_setting_wireless_security (connection);
|
|
g_assert (s_wireless_sec);
|
|
|
|
nm_setting_wireless_security_clear_protos (s_wireless_sec);
|
|
nm_setting_wireless_security_clear_pairwise (s_wireless_sec);
|
|
nm_setting_wireless_security_clear_groups (s_wireless_sec);
|
|
}
|
|
|
|
EAPMethod *
|
|
ws_802_1x_auth_combo_get_eap (GtkComboBox *combo)
|
|
{
|
|
GtkTreeModel *model;
|
|
GtkTreeIter iter;
|
|
g_autoptr(EAPMethod) eap = NULL;
|
|
|
|
model = gtk_combo_box_get_model (combo);
|
|
if (!gtk_combo_box_get_active_iter (combo, &iter))
|
|
return NULL;
|
|
|
|
gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1);
|
|
return eap;
|
|
}
|
|
|
|
void
|
|
ws_802_1x_auth_combo_changed (GtkComboBox *combo,
|
|
GtkBox *vbox,
|
|
GtkSizeGroup *size_group)
|
|
{
|
|
EAPMethod *eap;
|
|
GList *elt, *children;
|
|
GtkWidget *eap_default_field;
|
|
|
|
/* Remove any previous wireless security widgets */
|
|
children = gtk_container_get_children (GTK_CONTAINER (vbox));
|
|
for (elt = children; elt; elt = g_list_next (elt))
|
|
gtk_container_remove (GTK_CONTAINER (vbox), GTK_WIDGET (elt->data));
|
|
|
|
eap = ws_802_1x_auth_combo_get_eap (GTK_COMBO_BOX (combo));
|
|
g_assert (eap);
|
|
|
|
gtk_widget_unparent (GTK_WIDGET (eap));
|
|
if (size_group)
|
|
eap_method_add_to_size_group (eap, size_group);
|
|
gtk_container_add (GTK_CONTAINER (vbox), g_object_ref (GTK_WIDGET (eap)));
|
|
|
|
/* Refocus the EAP method's default widget */
|
|
eap_default_field = eap_method_get_default_field (eap);
|
|
if (eap_default_field)
|
|
gtk_widget_grab_focus (eap_default_field);
|
|
}
|
|
|
|
void
|
|
ws_802_1x_auth_combo_init (WirelessSecurity *self,
|
|
GtkComboBox *combo,
|
|
NMConnection *connection,
|
|
gboolean is_editor,
|
|
gboolean secrets_only)
|
|
{
|
|
const gchar *user = NULL, *password = NULL;
|
|
gboolean always_ask = FALSE;
|
|
g_autoptr(GtkListStore) auth_model = NULL;
|
|
GtkTreeIter iter;
|
|
g_autoptr(EAPMethodTLS) em_tls = NULL;
|
|
g_autoptr(EAPMethodSimple) em_pwd = NULL;
|
|
g_autoptr(EAPMethodFAST) em_fast = NULL;
|
|
g_autoptr(EAPMethodTTLS) em_ttls = NULL;
|
|
g_autoptr(EAPMethodPEAP) em_peap = NULL;
|
|
const char *default_method = NULL, *ctype = NULL;
|
|
int active = -1, item = 0;
|
|
gboolean wired = FALSE;
|
|
EAPMethodSimpleFlags simple_flags = EAP_METHOD_SIMPLE_FLAG_NONE;
|
|
|
|
/* Grab the default EAP method out of the security object */
|
|
if (connection) {
|
|
NMSettingConnection *s_con;
|
|
NMSetting8021x *s_8021x;
|
|
|
|
s_con = nm_connection_get_setting_connection (connection);
|
|
if (s_con)
|
|
ctype = nm_setting_connection_get_connection_type (s_con);
|
|
if ( (g_strcmp0 (ctype, NM_SETTING_WIRED_SETTING_NAME) == 0)
|
|
|| nm_connection_get_setting_wired (connection))
|
|
wired = TRUE;
|
|
|
|
s_8021x = nm_connection_get_setting_802_1x (connection);
|
|
if (s_8021x && nm_setting_802_1x_get_num_eap_methods (s_8021x))
|
|
default_method = nm_setting_802_1x_get_eap_method (s_8021x, 0);
|
|
}
|
|
|
|
/* initialize WirelessSecurity userpass from connection (clear if no connection) */
|
|
if (connection) {
|
|
NMSetting8021x *setting;
|
|
|
|
setting = nm_connection_get_setting_802_1x (connection);
|
|
if (setting) {
|
|
NMSettingSecretFlags flags;
|
|
|
|
user = nm_setting_802_1x_get_identity (setting);
|
|
password = nm_setting_802_1x_get_password (setting);
|
|
|
|
if (nm_setting_get_secret_flags (NM_SETTING (setting), NM_SETTING_802_1X_PASSWORD, &flags, NULL))
|
|
always_ask = !!(flags & NM_SETTING_SECRET_FLAG_NOT_SAVED);
|
|
}
|
|
}
|
|
wireless_security_set_userpass (self, user, password, always_ask, FALSE);
|
|
|
|
auth_model = gtk_list_store_new (2, G_TYPE_STRING, eap_method_get_type ());
|
|
|
|
if (is_editor)
|
|
simple_flags |= EAP_METHOD_SIMPLE_FLAG_IS_EDITOR;
|
|
if (secrets_only)
|
|
simple_flags |= EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY;
|
|
|
|
if (wired) {
|
|
g_autoptr(EAPMethodSimple) em_md5 = NULL;
|
|
|
|
em_md5 = eap_method_simple_new (self, connection, EAP_METHOD_SIMPLE_TYPE_MD5, simple_flags);
|
|
gtk_list_store_append (auth_model, &iter);
|
|
gtk_list_store_set (auth_model, &iter,
|
|
AUTH_NAME_COLUMN, _("MD5"),
|
|
AUTH_METHOD_COLUMN, em_md5,
|
|
-1);
|
|
if (default_method && (active < 0) && !strcmp (default_method, "md5"))
|
|
active = item;
|
|
item++;
|
|
}
|
|
|
|
em_tls = eap_method_tls_new (self, connection, FALSE, secrets_only);
|
|
gtk_list_store_append (auth_model, &iter);
|
|
gtk_list_store_set (auth_model, &iter,
|
|
AUTH_NAME_COLUMN, _("TLS"),
|
|
AUTH_METHOD_COLUMN, em_tls,
|
|
-1);
|
|
if (default_method && (active < 0) && !strcmp (default_method, "tls"))
|
|
active = item;
|
|
item++;
|
|
|
|
if (!wired) {
|
|
g_autoptr(EAPMethodLEAP) em_leap = NULL;
|
|
|
|
em_leap = eap_method_leap_new (self, connection, secrets_only);
|
|
gtk_list_store_append (auth_model, &iter);
|
|
gtk_list_store_set (auth_model, &iter,
|
|
AUTH_NAME_COLUMN, _("LEAP"),
|
|
AUTH_METHOD_COLUMN, em_leap,
|
|
-1);
|
|
if (default_method && (active < 0) && !strcmp (default_method, "leap"))
|
|
active = item;
|
|
item++;
|
|
}
|
|
|
|
em_pwd = eap_method_simple_new (self, connection, EAP_METHOD_SIMPLE_TYPE_PWD, simple_flags);
|
|
gtk_list_store_append (auth_model, &iter);
|
|
gtk_list_store_set (auth_model, &iter,
|
|
AUTH_NAME_COLUMN, _("PWD"),
|
|
AUTH_METHOD_COLUMN, em_pwd,
|
|
-1);
|
|
if (default_method && (active < 0) && !strcmp (default_method, "pwd"))
|
|
active = item;
|
|
item++;
|
|
|
|
em_fast = eap_method_fast_new (self, connection, is_editor, secrets_only);
|
|
gtk_list_store_append (auth_model, &iter);
|
|
gtk_list_store_set (auth_model, &iter,
|
|
AUTH_NAME_COLUMN, _("FAST"),
|
|
AUTH_METHOD_COLUMN, em_fast,
|
|
-1);
|
|
if (default_method && (active < 0) && !strcmp (default_method, "fast"))
|
|
active = item;
|
|
item++;
|
|
|
|
em_ttls = eap_method_ttls_new (self, connection, is_editor, secrets_only);
|
|
gtk_list_store_append (auth_model, &iter);
|
|
gtk_list_store_set (auth_model, &iter,
|
|
AUTH_NAME_COLUMN, _("Tunneled TLS"),
|
|
AUTH_METHOD_COLUMN, em_ttls,
|
|
-1);
|
|
if (default_method && (active < 0) && !strcmp (default_method, "ttls"))
|
|
active = item;
|
|
item++;
|
|
|
|
em_peap = eap_method_peap_new (self, connection, is_editor, secrets_only);
|
|
gtk_list_store_append (auth_model, &iter);
|
|
gtk_list_store_set (auth_model, &iter,
|
|
AUTH_NAME_COLUMN, _("Protected EAP (PEAP)"),
|
|
AUTH_METHOD_COLUMN, em_peap,
|
|
-1);
|
|
if (default_method && (active < 0) && !strcmp (default_method, "peap"))
|
|
active = item;
|
|
item++;
|
|
|
|
gtk_combo_box_set_model (combo, GTK_TREE_MODEL (auth_model));
|
|
gtk_combo_box_set_active (combo, active < 0 ? 0 : (guint32) active);
|
|
}
|
|
|
|
void
|
|
ws_802_1x_fill_connection (GtkComboBox *combo,
|
|
NMConnection *connection)
|
|
{
|
|
NMSettingWirelessSecurity *s_wireless_sec;
|
|
NMSetting8021x *s_8021x;
|
|
NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE;
|
|
EAPMethod *eap;
|
|
|
|
/* Get the EAPMethod object */
|
|
eap = ws_802_1x_auth_combo_get_eap (combo);
|
|
g_assert (eap);
|
|
|
|
/* Get previous pasword flags, if any. Otherwise default to agent-owned secrets */
|
|
s_8021x = nm_connection_get_setting_802_1x (connection);
|
|
if (s_8021x)
|
|
nm_setting_get_secret_flags (NM_SETTING (s_8021x), eap_method_get_password_flags_name (eap), &secret_flags, NULL);
|
|
else
|
|
secret_flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED;
|
|
|
|
/* Blow away the old wireless security setting by adding a clear one */
|
|
s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new ();
|
|
nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec);
|
|
|
|
/* Blow away the old 802.1x setting by adding a clear one */
|
|
s_8021x = (NMSetting8021x *) nm_setting_802_1x_new ();
|
|
nm_connection_add_setting (connection, (NMSetting *) s_8021x);
|
|
|
|
eap_method_fill_connection (eap, connection, secret_flags);
|
|
}
|