1
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
2
/* NetworkManager Applet -- allow user control over networking
4
* Dan Williams <dcbw@redhat.com>
6
* This program is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 2 of the License, or
9
* (at your option) any later version.
11
* This program is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
16
* You should have received a copy of the GNU General Public License along
17
* with this program; if not, write to the Free Software Foundation, Inc.,
18
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20
* Copyright 2007 - 2014 Red Hat, Inc.
23
#include "nm-default.h"
28
#include "eap-method.h"
29
#include "wireless-security.h"
32
#define I_NAME_COLUMN 0
33
#define I_METHOD_COLUMN 1
35
struct _EAPMethodTTLS {
38
GtkSizeGroup *size_group;
39
WirelessSecurity *sec_parent;
44
destroy (EAPMethod *parent)
46
EAPMethodTTLS *method = (EAPMethodTTLS *) parent;
48
if (method->size_group)
49
g_object_unref (method->size_group);
53
validate (EAPMethod *parent, GError **error)
58
EAPMethod *eap = NULL;
59
gboolean valid = FALSE;
62
if (!eap_method_validate_filepicker (parent->builder, "eap_ttls_ca_cert_button", TYPE_CA_CERT, NULL, NULL, &local)) {
63
g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid EAP-TTLS CA certificate: %s"), local->message);
64
g_clear_error (&local);
67
if (eap_method_ca_cert_required (parent->builder, "eap_ttls_ca_cert_not_required_checkbox", "eap_ttls_ca_cert_button")) {
68
g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid EAP-TTLS CA certificate: no certificate specified"));
72
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
75
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
76
gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
77
gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
79
valid = eap_method_validate (eap, error);
80
eap_method_unref (eap);
85
ca_cert_not_required_toggled (GtkWidget *ignored, gpointer user_data)
87
EAPMethod *parent = user_data;
89
eap_method_ca_cert_not_required_toggled (parent->builder, "eap_ttls_ca_cert_not_required_checkbox", "eap_ttls_ca_cert_button");
93
add_to_size_group (EAPMethod *parent, GtkSizeGroup *group)
95
EAPMethodTTLS *method = (EAPMethodTTLS *) parent;
101
if (method->size_group)
102
g_object_unref (method->size_group);
103
method->size_group = g_object_ref (group);
105
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_not_required_checkbox"));
107
gtk_size_group_add_widget (group, widget);
109
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_label"));
111
gtk_size_group_add_widget (group, widget);
113
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_label"));
115
gtk_size_group_add_widget (group, widget);
117
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label"));
119
gtk_size_group_add_widget (group, widget);
121
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
124
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
125
gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
126
gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
128
eap_method_add_to_size_group (eap, group);
129
eap_method_unref (eap);
133
fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFlags flags)
135
NMSetting8021x *s_8021x;
136
NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
140
EAPMethod *eap = NULL;
143
GError *error = NULL;
144
gboolean ca_cert_error = FALSE;
146
s_8021x = nm_connection_get_setting_802_1x (connection);
149
nm_setting_802_1x_add_eap_method (s_8021x, "ttls");
151
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry"));
153
text = gtk_entry_get_text (GTK_ENTRY (widget));
154
if (text && strlen (text))
155
g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL);
157
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button"));
159
filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
160
if (!nm_setting_802_1x_set_ca_cert (s_8021x, filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
161
g_warning ("Couldn't read CA certificate '%s': %s", filename, error ? error->message : "(unknown)");
162
g_clear_error (&error);
163
ca_cert_error = TRUE;
165
eap_method_ca_cert_ignore_set (parent, connection, filename, ca_cert_error);
168
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
169
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
170
gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
171
gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
174
eap_method_fill_connection (eap, connection, flags);
175
eap_method_unref (eap);
179
inner_auth_combo_changed_cb (GtkWidget *combo, gpointer user_data)
181
EAPMethod *parent = (EAPMethod *) user_data;
182
EAPMethodTTLS *method = (EAPMethodTTLS *) parent;
184
EAPMethod *eap = NULL;
185
GList *elt, *children;
188
GtkWidget *eap_widget;
190
vbox = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_vbox"));
193
/* Remove any previous wireless security widgets */
194
children = gtk_container_get_children (GTK_CONTAINER (vbox));
195
for (elt = children; elt; elt = g_list_next (elt))
196
gtk_container_remove (GTK_CONTAINER (vbox), GTK_WIDGET (elt->data));
197
g_list_free (children);
199
model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo));
200
gtk_combo_box_get_active_iter (GTK_COMBO_BOX (combo), &iter);
201
gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
204
eap_widget = eap_method_get_widget (eap);
205
g_assert (eap_widget);
206
gtk_widget_unparent (eap_widget);
208
if (method->size_group)
209
eap_method_add_to_size_group (eap, method->size_group);
210
gtk_container_add (GTK_CONTAINER (vbox), eap_widget);
212
eap_method_unref (eap);
214
wireless_security_changed_cb (combo, method->sec_parent);
218
inner_auth_combo_init (EAPMethodTTLS *method,
219
NMConnection *connection,
220
NMSetting8021x *s_8021x,
221
gboolean secrets_only)
223
EAPMethod *parent = (EAPMethod *) method;
225
GtkListStore *auth_model;
227
EAPMethodSimple *em_pap;
228
EAPMethodSimple *em_mschap;
229
EAPMethodSimple *em_mschap_v2;
230
EAPMethodSimple *em_plain_mschap_v2;
231
EAPMethodSimple *em_chap;
232
EAPMethodSimple *em_md5;
233
EAPMethodSimple *em_gtc;
235
const char *phase2_auth = NULL;
236
EAPMethodSimpleFlags simple_flags;
238
auth_model = gtk_list_store_new (2, G_TYPE_STRING, eap_method_get_type ());
241
if (nm_setting_802_1x_get_phase2_auth (s_8021x))
242
phase2_auth = nm_setting_802_1x_get_phase2_auth (s_8021x);
243
else if (nm_setting_802_1x_get_phase2_autheap (s_8021x))
244
phase2_auth = nm_setting_802_1x_get_phase2_autheap (s_8021x);
247
simple_flags = EAP_METHOD_SIMPLE_FLAG_PHASE2 | EAP_METHOD_SIMPLE_FLAG_AUTHEAP_ALLOWED;
248
if (method->is_editor)
249
simple_flags |= EAP_METHOD_SIMPLE_FLAG_IS_EDITOR;
251
simple_flags |= EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY;
253
em_pap = eap_method_simple_new (method->sec_parent,
255
EAP_METHOD_SIMPLE_TYPE_PAP,
257
gtk_list_store_append (auth_model, &iter);
258
gtk_list_store_set (auth_model, &iter,
259
I_NAME_COLUMN, _("PAP"),
260
I_METHOD_COLUMN, em_pap,
262
eap_method_unref (EAP_METHOD (em_pap));
264
/* Check for defaulting to PAP */
265
if (phase2_auth && !strcasecmp (phase2_auth, "pap"))
268
em_mschap = eap_method_simple_new (method->sec_parent,
270
EAP_METHOD_SIMPLE_TYPE_MSCHAP,
272
gtk_list_store_append (auth_model, &iter);
273
gtk_list_store_set (auth_model, &iter,
274
I_NAME_COLUMN, _("MSCHAP"),
275
I_METHOD_COLUMN, em_mschap,
277
eap_method_unref (EAP_METHOD (em_mschap));
279
/* Check for defaulting to MSCHAP */
280
if (phase2_auth && !strcasecmp (phase2_auth, "mschap"))
283
em_mschap_v2 = eap_method_simple_new (method->sec_parent,
285
EAP_METHOD_SIMPLE_TYPE_MSCHAP_V2,
287
gtk_list_store_append (auth_model, &iter);
288
gtk_list_store_set (auth_model, &iter,
289
I_NAME_COLUMN, _("MSCHAPv2"),
290
I_METHOD_COLUMN, em_mschap_v2,
292
eap_method_unref (EAP_METHOD (em_mschap_v2));
294
/* Check for defaulting to MSCHAPv2 */
295
if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2") &&
296
nm_setting_802_1x_get_phase2_autheap (s_8021x) != NULL)
299
em_plain_mschap_v2 = eap_method_simple_new (method->sec_parent,
301
EAP_METHOD_SIMPLE_TYPE_PLAIN_MSCHAP_V2,
303
gtk_list_store_append (auth_model, &iter);
304
gtk_list_store_set (auth_model, &iter,
305
I_NAME_COLUMN, _("MSCHAPv2 (no EAP)"),
306
I_METHOD_COLUMN, em_plain_mschap_v2,
308
eap_method_unref (EAP_METHOD (em_plain_mschap_v2));
310
/* Check for defaulting to plain MSCHAPv2 */
311
if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2") &&
312
nm_setting_802_1x_get_phase2_auth (s_8021x) != NULL)
315
em_chap = eap_method_simple_new (method->sec_parent,
317
EAP_METHOD_SIMPLE_TYPE_CHAP,
319
gtk_list_store_append (auth_model, &iter);
320
gtk_list_store_set (auth_model, &iter,
321
I_NAME_COLUMN, _("CHAP"),
322
I_METHOD_COLUMN, em_chap,
324
eap_method_unref (EAP_METHOD (em_chap));
326
/* Check for defaulting to CHAP */
327
if (phase2_auth && !strcasecmp (phase2_auth, "chap"))
330
em_md5 = eap_method_simple_new (method->sec_parent,
332
EAP_METHOD_SIMPLE_TYPE_MD5,
334
gtk_list_store_append (auth_model, &iter);
335
gtk_list_store_set (auth_model, &iter,
336
I_NAME_COLUMN, _("MD5"),
337
I_METHOD_COLUMN, em_md5,
339
eap_method_unref (EAP_METHOD (em_md5));
341
/* Check for defaulting to MD5 */
342
if (phase2_auth && !strcasecmp (phase2_auth, "md5"))
345
em_gtc = eap_method_simple_new (method->sec_parent,
347
EAP_METHOD_SIMPLE_TYPE_GTC,
349
gtk_list_store_append (auth_model, &iter);
350
gtk_list_store_set (auth_model, &iter,
351
I_NAME_COLUMN, _("GTC"),
352
I_METHOD_COLUMN, em_gtc,
354
eap_method_unref (EAP_METHOD (em_gtc));
356
/* Check for defaulting to GTC */
357
if (phase2_auth && !strcasecmp (phase2_auth, "gtc"))
360
combo = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
363
gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (auth_model));
364
g_object_unref (G_OBJECT (auth_model));
365
gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active);
367
g_signal_connect (G_OBJECT (combo), "changed",
368
(GCallback) inner_auth_combo_changed_cb,
374
update_secrets (EAPMethod *parent, NMConnection *connection)
376
eap_method_phase2_update_secrets_helper (parent,
378
"eap_ttls_inner_auth_combo",
383
eap_method_ttls_new (WirelessSecurity *ws_parent,
384
NMConnection *connection,
386
gboolean secrets_only)
389
EAPMethodTTLS *method;
390
GtkWidget *widget, *widget_ca_not_required_checkbox;
391
GtkFileFilter *filter;
392
NMSetting8021x *s_8021x = NULL;
393
const char *filename;
395
parent = eap_method_init (sizeof (EAPMethodTTLS),
401
"/org/freedesktop/network-manager-applet/eap-method-ttls.ui",
403
"eap_ttls_anon_identity_entry",
408
parent->password_flags_name = NM_SETTING_802_1X_PASSWORD;
409
method = (EAPMethodTTLS *) parent;
410
method->sec_parent = ws_parent;
411
method->is_editor = is_editor;
414
s_8021x = nm_connection_get_setting_802_1x (connection);
416
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_not_required_checkbox"));
418
g_signal_connect (G_OBJECT (widget), "toggled",
419
(GCallback) ca_cert_not_required_toggled,
421
g_signal_connect (G_OBJECT (widget), "toggled",
422
(GCallback) wireless_security_changed_cb,
424
widget_ca_not_required_checkbox = widget;
426
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button"));
428
gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
429
gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
430
_("Choose a Certificate Authority certificate"));
431
g_signal_connect (G_OBJECT (widget), "selection-changed",
432
(GCallback) wireless_security_changed_cb,
434
filter = eap_method_default_file_chooser_filter_new (FALSE);
435
gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
436
if (connection && s_8021x) {
438
if (nm_setting_802_1x_get_ca_cert_scheme (s_8021x) == NM_SETTING_802_1X_CK_SCHEME_PATH) {
439
filename = nm_setting_802_1x_get_ca_cert_path (s_8021x);
441
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename);
443
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget_ca_not_required_checkbox),
444
!filename && eap_method_ca_cert_ignore_get (parent, connection));
447
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry"));
448
if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x))
449
gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x));
450
g_signal_connect (G_OBJECT (widget), "changed",
451
(GCallback) wireless_security_changed_cb,
454
widget = inner_auth_combo_init (method, connection, s_8021x, secrets_only);
455
inner_auth_combo_changed_cb (widget, (gpointer) method);
458
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_label"));
459
gtk_widget_hide (widget);
460
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry"));
461
gtk_widget_hide (widget);
462
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_label"));
463
gtk_widget_hide (widget);
464
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button"));
465
gtk_widget_hide (widget);
466
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_not_required_checkbox"));
467
gtk_widget_hide (widget);
468
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label"));
469
gtk_widget_hide (widget);
470
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
471
gtk_widget_hide (widget);