1
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
2
/* NetworkManager Applet -- allow user control over networking
4
* Dan Williams <dcbw@redhat.com>
6
* This program is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 2 of the License, or
9
* (at your option) any later version.
11
* This program is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
16
* You should have received a copy of the GNU General Public License along
17
* with this program; if not, write to the Free Software Foundation, Inc.,
18
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20
* Copyright 2007 - 2014 Red Hat, Inc.
23
#include "nm-default.h"
27
#include "wireless-security.h"
28
#include "wireless-security-resources.h"
29
#include "eap-method.h"
33
wireless_security_get_type (void)
35
static GType type_id = 0;
38
g_resources_register (wireless_security_get_resource ());
40
type_id = g_boxed_type_register_static ("WirelessSecurity",
41
(GBoxedCopyFunc) wireless_security_ref,
42
(GBoxedFreeFunc) wireless_security_unref);
49
wireless_security_get_widget (WirelessSecurity *sec)
51
g_return_val_if_fail (sec != NULL, NULL);
53
return sec->ui_widget;
57
wireless_security_set_changed_notify (WirelessSecurity *sec,
61
g_return_if_fail (sec != NULL);
63
sec->changed_notify = func;
64
sec->changed_notify_data = user_data;
68
wireless_security_changed_cb (GtkWidget *ignored, gpointer user_data)
70
WirelessSecurity *sec = WIRELESS_SECURITY (user_data);
72
if (sec->changed_notify)
73
(*(sec->changed_notify)) (sec, sec->changed_notify_data);
77
wireless_security_validate (WirelessSecurity *sec, GError **error)
81
g_return_val_if_fail (sec != NULL, FALSE);
82
g_return_val_if_fail (!error || !*error, FALSE);
84
g_assert (sec->validate);
85
result = (*(sec->validate)) (sec, error);
86
if (!result && error && !*error)
87
g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("Unknown error validating 802.1X security"));
92
wireless_security_add_to_size_group (WirelessSecurity *sec, GtkSizeGroup *group)
94
g_return_if_fail (sec != NULL);
95
g_return_if_fail (group != NULL);
97
g_assert (sec->add_to_size_group);
98
return (*(sec->add_to_size_group)) (sec, group);
102
wireless_security_fill_connection (WirelessSecurity *sec,
103
NMConnection *connection)
105
g_return_if_fail (sec != NULL);
106
g_return_if_fail (connection != NULL);
108
g_assert (sec->fill_connection);
109
return (*(sec->fill_connection)) (sec, connection);
113
wireless_security_update_secrets (WirelessSecurity *sec, NMConnection *connection)
115
g_return_if_fail (sec != NULL);
116
g_return_if_fail (connection != NULL);
118
if (sec->update_secrets)
119
sec->update_secrets (sec, connection);
123
wireless_security_ref (WirelessSecurity *sec)
125
g_return_val_if_fail (sec != NULL, NULL);
126
g_return_val_if_fail (sec->refcount > 0, NULL);
133
wireless_security_unref (WirelessSecurity *sec)
135
g_return_if_fail (sec != NULL);
136
g_return_if_fail (sec->refcount > 0);
139
if (sec->refcount == 0) {
143
g_free (sec->username);
145
memset (sec->password, 0, strlen (sec->password));
146
g_free (sec->password);
150
g_object_unref (sec->builder);
152
g_object_unref (sec->ui_widget);
153
g_slice_free1 (sec->obj_size, sec);
158
wireless_security_init (gsize obj_size,
159
WSValidateFunc validate,
160
WSAddToSizeGroupFunc add_to_size_group,
161
WSFillConnectionFunc fill_connection,
162
WSUpdateSecretsFunc update_secrets,
163
WSDestroyFunc destroy,
164
const char *ui_resource,
165
const char *ui_widget_name,
166
const char *default_field)
168
WirelessSecurity *sec;
169
GError *error = NULL;
171
g_return_val_if_fail (obj_size > 0, NULL);
172
g_return_val_if_fail (ui_resource != NULL, NULL);
173
g_return_val_if_fail (ui_widget_name != NULL, NULL);
175
g_type_ensure (WIRELESS_TYPE_SECURITY);
177
sec = g_slice_alloc0 (obj_size);
181
sec->obj_size = obj_size;
183
sec->validate = validate;
184
sec->add_to_size_group = add_to_size_group;
185
sec->fill_connection = fill_connection;
186
sec->update_secrets = update_secrets;
187
sec->default_field = default_field;
189
sec->builder = gtk_builder_new ();
190
if (!gtk_builder_add_from_resource (sec->builder, ui_resource, &error)) {
191
g_warning ("Couldn't load UI builder resource %s: %s",
192
ui_resource, error->message);
193
g_error_free (error);
194
wireless_security_unref (sec);
198
sec->ui_widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, ui_widget_name));
199
if (!sec->ui_widget) {
200
g_warning ("Couldn't load UI widget '%s' from UI file %s",
201
ui_widget_name, ui_resource);
202
wireless_security_unref (sec);
205
g_object_ref_sink (sec->ui_widget);
207
sec->destroy = destroy;
208
sec->adhoc_compatible = TRUE;
209
sec->hotspot_compatible = TRUE;
215
wireless_security_adhoc_compatible (WirelessSecurity *sec)
217
g_return_val_if_fail (sec != NULL, FALSE);
219
return sec->adhoc_compatible;
223
wireless_security_hotspot_compatible (WirelessSecurity *sec)
225
g_return_val_if_fail (sec != NULL, FALSE);
227
return sec->hotspot_compatible;
231
wireless_security_set_userpass (WirelessSecurity *sec,
233
const char *password,
235
gboolean show_password)
237
g_free (sec->username);
238
sec->username = g_strdup (user);
241
memset (sec->password, 0, strlen (sec->password));
242
g_free (sec->password);
244
sec->password = g_strdup (password);
246
if (always_ask != (gboolean) -1)
247
sec->always_ask = always_ask;
248
sec->show_password = show_password;
252
wireless_security_set_userpass_802_1x (WirelessSecurity *sec,
253
NMConnection *connection)
255
const char *user = NULL, *password = NULL;
256
gboolean always_ask = FALSE, show_password = FALSE;
257
NMSetting8021x *setting;
258
NMSettingSecretFlags flags;
263
setting = nm_connection_get_setting_802_1x (connection);
267
user = nm_setting_802_1x_get_identity (setting);
268
password = nm_setting_802_1x_get_password (setting);
270
if (nm_setting_get_secret_flags (NM_SETTING (setting), NM_SETTING_802_1X_PASSWORD, &flags, NULL))
271
always_ask = !!(flags & NM_SETTING_SECRET_FLAG_NOT_SAVED);
274
wireless_security_set_userpass (sec, user, password, always_ask, show_password);
278
wireless_security_clear_ciphers (NMConnection *connection)
280
NMSettingWirelessSecurity *s_wireless_sec;
282
g_return_if_fail (connection != NULL);
284
s_wireless_sec = nm_connection_get_setting_wireless_security (connection);
285
g_assert (s_wireless_sec);
287
nm_setting_wireless_security_clear_protos (s_wireless_sec);
288
nm_setting_wireless_security_clear_pairwise (s_wireless_sec);
289
nm_setting_wireless_security_clear_groups (s_wireless_sec);
293
ws_802_1x_add_to_size_group (WirelessSecurity *sec,
294
GtkSizeGroup *size_group,
295
const char *label_name,
296
const char *combo_name)
303
widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, label_name));
305
gtk_size_group_add_widget (size_group, widget);
307
widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, combo_name));
310
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
311
gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
312
gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1);
314
eap_method_add_to_size_group (eap, size_group);
315
eap_method_unref (eap);
319
ws_802_1x_validate (WirelessSecurity *sec, const char *combo_name, GError **error)
324
EAPMethod *eap = NULL;
325
gboolean valid = FALSE;
327
widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, combo_name));
330
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
331
gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
332
gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1);
334
valid = eap_method_validate (eap, error);
335
eap_method_unref (eap);
340
ws_802_1x_auth_combo_changed (GtkWidget *combo,
341
WirelessSecurity *sec,
342
const char *vbox_name,
343
GtkSizeGroup *size_group)
346
EAPMethod *eap = NULL;
347
GList *elt, *children;
350
GtkWidget *eap_widget;
351
GtkWidget *eap_default_widget = NULL;
353
vbox = GTK_WIDGET (gtk_builder_get_object (sec->builder, vbox_name));
356
/* Remove any previous wireless security widgets */
357
children = gtk_container_get_children (GTK_CONTAINER (vbox));
358
for (elt = children; elt; elt = g_list_next (elt))
359
gtk_container_remove (GTK_CONTAINER (vbox), GTK_WIDGET (elt->data));
361
model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo));
362
gtk_combo_box_get_active_iter (GTK_COMBO_BOX (combo), &iter);
363
gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1);
366
eap_widget = eap_method_get_widget (eap);
367
g_assert (eap_widget);
368
gtk_widget_unparent (eap_widget);
371
eap_method_add_to_size_group (eap, size_group);
372
gtk_container_add (GTK_CONTAINER (vbox), eap_widget);
374
/* Refocus the EAP method's default widget */
375
if (eap->default_field) {
376
eap_default_widget = GTK_WIDGET (gtk_builder_get_object (eap->builder, eap->default_field));
377
if (eap_default_widget)
378
gtk_widget_grab_focus (eap_default_widget);
381
eap_method_unref (eap);
383
wireless_security_changed_cb (combo, WIRELESS_SECURITY (sec));
387
ws_802_1x_auth_combo_init (WirelessSecurity *sec,
388
const char *combo_name,
389
const char *combo_label,
390
GCallback auth_combo_changed_cb,
391
NMConnection *connection,
393
gboolean secrets_only)
395
GtkWidget *combo, *widget;
396
GtkListStore *auth_model;
398
EAPMethodSimple *em_md5;
399
EAPMethodTLS *em_tls;
400
EAPMethodLEAP *em_leap;
401
EAPMethodSimple *em_pwd;
402
EAPMethodFAST *em_fast;
403
EAPMethodTTLS *em_ttls;
404
EAPMethodPEAP *em_peap;
405
const char *default_method = NULL, *ctype = NULL;
406
int active = -1, item = 0;
407
gboolean wired = FALSE;
408
EAPMethodSimpleFlags simple_flags = EAP_METHOD_SIMPLE_FLAG_NONE;
410
/* Grab the default EAP method out of the security object */
412
NMSettingConnection *s_con;
413
NMSetting8021x *s_8021x;
415
s_con = nm_connection_get_setting_connection (connection);
417
ctype = nm_setting_connection_get_connection_type (s_con);
418
if ( (g_strcmp0 (ctype, NM_SETTING_WIRED_SETTING_NAME) == 0)
419
|| nm_connection_get_setting_wired (connection))
422
s_8021x = nm_connection_get_setting_802_1x (connection);
423
if (s_8021x && nm_setting_802_1x_get_num_eap_methods (s_8021x))
424
default_method = nm_setting_802_1x_get_eap_method (s_8021x, 0);
427
/* initialize WirelessSecurity userpass from connection (clear if no connection) */
428
wireless_security_set_userpass_802_1x (sec, connection);
430
auth_model = gtk_list_store_new (2, G_TYPE_STRING, eap_method_get_type ());
433
simple_flags |= EAP_METHOD_SIMPLE_FLAG_IS_EDITOR;
435
simple_flags |= EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY;
438
em_md5 = eap_method_simple_new (sec, connection, EAP_METHOD_SIMPLE_TYPE_MD5, simple_flags);
439
gtk_list_store_append (auth_model, &iter);
440
gtk_list_store_set (auth_model, &iter,
441
AUTH_NAME_COLUMN, _("MD5"),
442
AUTH_METHOD_COLUMN, em_md5,
444
eap_method_unref (EAP_METHOD (em_md5));
445
if (default_method && (active < 0) && !strcmp (default_method, "md5"))
450
em_tls = eap_method_tls_new (sec, connection, FALSE, secrets_only);
451
gtk_list_store_append (auth_model, &iter);
452
gtk_list_store_set (auth_model, &iter,
453
AUTH_NAME_COLUMN, _("TLS"),
454
AUTH_METHOD_COLUMN, em_tls,
456
eap_method_unref (EAP_METHOD (em_tls));
457
if (default_method && (active < 0) && !strcmp (default_method, "tls"))
462
em_leap = eap_method_leap_new (sec, connection, secrets_only);
463
gtk_list_store_append (auth_model, &iter);
464
gtk_list_store_set (auth_model, &iter,
465
AUTH_NAME_COLUMN, _("LEAP"),
466
AUTH_METHOD_COLUMN, em_leap,
468
eap_method_unref (EAP_METHOD (em_leap));
469
if (default_method && (active < 0) && !strcmp (default_method, "leap"))
474
em_pwd = eap_method_simple_new (sec, connection, EAP_METHOD_SIMPLE_TYPE_PWD, simple_flags);
475
gtk_list_store_append (auth_model, &iter);
476
gtk_list_store_set (auth_model, &iter,
477
AUTH_NAME_COLUMN, _("PWD"),
478
AUTH_METHOD_COLUMN, em_pwd,
480
eap_method_unref (EAP_METHOD (em_pwd));
481
if (default_method && (active < 0) && !strcmp (default_method, "pwd"))
485
em_fast = eap_method_fast_new (sec, connection, is_editor, secrets_only);
486
gtk_list_store_append (auth_model, &iter);
487
gtk_list_store_set (auth_model, &iter,
488
AUTH_NAME_COLUMN, _("FAST"),
489
AUTH_METHOD_COLUMN, em_fast,
491
eap_method_unref (EAP_METHOD (em_fast));
492
if (default_method && (active < 0) && !strcmp (default_method, "fast"))
496
em_ttls = eap_method_ttls_new (sec, connection, is_editor, secrets_only);
497
gtk_list_store_append (auth_model, &iter);
498
gtk_list_store_set (auth_model, &iter,
499
AUTH_NAME_COLUMN, _("Tunneled TLS"),
500
AUTH_METHOD_COLUMN, em_ttls,
502
eap_method_unref (EAP_METHOD (em_ttls));
503
if (default_method && (active < 0) && !strcmp (default_method, "ttls"))
507
em_peap = eap_method_peap_new (sec, connection, is_editor, secrets_only);
508
gtk_list_store_append (auth_model, &iter);
509
gtk_list_store_set (auth_model, &iter,
510
AUTH_NAME_COLUMN, _("Protected EAP (PEAP)"),
511
AUTH_METHOD_COLUMN, em_peap,
513
eap_method_unref (EAP_METHOD (em_peap));
514
if (default_method && (active < 0) && !strcmp (default_method, "peap"))
518
combo = GTK_WIDGET (gtk_builder_get_object (sec->builder, combo_name));
521
gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (auth_model));
522
g_object_unref (G_OBJECT (auth_model));
523
gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active < 0 ? 0 : (guint32) active);
525
g_signal_connect (G_OBJECT (combo), "changed", auth_combo_changed_cb, sec);
528
gtk_widget_hide (combo);
529
widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, combo_label));
530
gtk_widget_hide (widget);
537
ws_802_1x_fill_connection (WirelessSecurity *sec,
538
const char *combo_name,
539
NMConnection *connection)
542
NMSettingWirelessSecurity *s_wireless_sec;
543
NMSetting8021x *s_8021x;
544
NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE;
545
EAPMethod *eap = NULL;
549
/* Get the EAPMethod object */
550
widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, combo_name));
551
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
552
gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
553
gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1);
556
/* Get previous pasword flags, if any. Otherwise default to agent-owned secrets */
557
s_8021x = nm_connection_get_setting_802_1x (connection);
559
nm_setting_get_secret_flags (NM_SETTING (s_8021x), eap->password_flags_name, &secret_flags, NULL);
561
secret_flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED;
563
/* Blow away the old wireless security setting by adding a clear one */
564
s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new ();
565
nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec);
567
/* Blow away the old 802.1x setting by adding a clear one */
568
s_8021x = (NMSetting8021x *) nm_setting_802_1x_new ();
569
nm_connection_add_setting (connection, (NMSetting *) s_8021x);
571
eap_method_fill_connection (eap, connection, secret_flags);
572
eap_method_unref (eap);
576
ws_802_1x_update_secrets (WirelessSecurity *sec,
577
const char *combo_name,
578
NMConnection *connection)
581
EAPMethod *eap = NULL;
585
g_return_if_fail (sec != NULL);
586
g_return_if_fail (combo_name != NULL);
587
g_return_if_fail (connection != NULL);
589
widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, combo_name));
590
g_return_if_fail (widget != NULL);
591
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
593
/* Let each EAP method try to update its secrets */
594
if (gtk_tree_model_get_iter_first (model, &iter)) {
596
gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1);
598
eap_method_update_secrets (eap, connection);
599
eap_method_unref (eap);
601
} while (gtk_tree_model_iter_next (model, &iter));