/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ /* NetworkManager Applet -- allow user control over networking * * Dan Williams * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * Copyright 2007 - 2014 Red Hat, Inc. */ #include "nm-default.h" #include #include "wireless-security.h" #include "wireless-security-resources.h" #include "eap-method.h" #include "eap-method-fast.h" #include "eap-method-leap.h" #include "eap-method-peap.h" #include "eap-method-simple.h" #include "eap-method-tls.h" #include "eap-method-ttls.h" #include "utils.h" typedef struct { gboolean adhoc_compatible; char *username, *password; gboolean always_ask, show_password; } WirelessSecurityPrivate; G_DEFINE_TYPE_WITH_PRIVATE (WirelessSecurity, wireless_security, G_TYPE_OBJECT) enum { CHANGED, LAST_SIGNAL }; static guint signals[LAST_SIGNAL] = { 0 }; static void wireless_security_dispose (GObject *object) { WirelessSecurity *self = WIRELESS_SECURITY (object); WirelessSecurityPrivate *priv = wireless_security_get_instance_private (self); if (priv->password) memset (priv->password, 0, strlen (priv->password)); g_clear_pointer (&priv->username, g_free); g_clear_pointer (&priv->password, g_free); G_OBJECT_CLASS (wireless_security_parent_class)->dispose (object); } void wireless_security_init (WirelessSecurity *self) { WirelessSecurityPrivate *priv = wireless_security_get_instance_private (self); g_resources_register (wireless_security_get_resource ()); priv->adhoc_compatible = TRUE; } void wireless_security_class_init (WirelessSecurityClass *klass) { GObjectClass *object_class = G_OBJECT_CLASS (klass); object_class->dispose = wireless_security_dispose; signals[CHANGED] = g_signal_new ("changed", G_TYPE_FROM_CLASS (object_class), G_SIGNAL_RUN_FIRST, 0, NULL, NULL, g_cclosure_marshal_VOID__VOID, G_TYPE_NONE, 0); } GtkWidget * wireless_security_get_widget (WirelessSecurity *self) { g_return_val_if_fail (WIRELESS_IS_SECURITY (self), NULL); return WIRELESS_SECURITY_GET_CLASS (self)->get_widget (self); } void wireless_security_notify_changed (WirelessSecurity *self) { g_return_if_fail (WIRELESS_IS_SECURITY (self)); g_signal_emit (self, signals[CHANGED], 0); } gboolean wireless_security_validate (WirelessSecurity *self, GError **error) { gboolean result; g_return_val_if_fail (WIRELESS_IS_SECURITY (self), FALSE); g_return_val_if_fail (!error || !*error, FALSE); result = WIRELESS_SECURITY_GET_CLASS (self)->validate (self, error); if (!result && error && !*error) g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("Unknown error validating 802.1X security")); return result; } void wireless_security_add_to_size_group (WirelessSecurity *self, GtkSizeGroup *group) { g_return_if_fail (WIRELESS_IS_SECURITY (self)); g_return_if_fail (GTK_IS_SIZE_GROUP (group)); return WIRELESS_SECURITY_GET_CLASS (self)->add_to_size_group (self, group); } void wireless_security_fill_connection (WirelessSecurity *self, NMConnection *connection) { g_return_if_fail (WIRELESS_IS_SECURITY (self)); g_return_if_fail (connection != NULL); return WIRELESS_SECURITY_GET_CLASS (self)->fill_connection (self, connection); } void wireless_security_set_adhoc_compatible (WirelessSecurity *self, gboolean adhoc_compatible) { WirelessSecurityPrivate *priv = wireless_security_get_instance_private (self); g_return_if_fail (WIRELESS_IS_SECURITY (self)); priv->adhoc_compatible = adhoc_compatible; } gboolean wireless_security_adhoc_compatible (WirelessSecurity *self) { WirelessSecurityPrivate *priv = wireless_security_get_instance_private (self); g_return_val_if_fail (WIRELESS_IS_SECURITY (self), FALSE); return priv->adhoc_compatible; } const gchar * wireless_security_get_username (WirelessSecurity *self) { WirelessSecurityPrivate *priv = wireless_security_get_instance_private (self); g_return_val_if_fail (WIRELESS_IS_SECURITY (self), NULL); return priv->username; } const gchar * wireless_security_get_password (WirelessSecurity *self) { WirelessSecurityPrivate *priv = wireless_security_get_instance_private (self); g_return_val_if_fail (WIRELESS_IS_SECURITY (self), NULL); return priv->password; } gboolean wireless_security_get_always_ask (WirelessSecurity *self) { WirelessSecurityPrivate *priv = wireless_security_get_instance_private (self); g_return_val_if_fail (WIRELESS_IS_SECURITY (self), FALSE); return priv->always_ask; } gboolean wireless_security_get_show_password (WirelessSecurity *self) { WirelessSecurityPrivate *priv = wireless_security_get_instance_private (self); g_return_val_if_fail (WIRELESS_IS_SECURITY (self), FALSE); return priv->show_password; } void wireless_security_set_userpass (WirelessSecurity *self, const char *user, const char *password, gboolean always_ask, gboolean show_password) { WirelessSecurityPrivate *priv = wireless_security_get_instance_private (self); g_clear_pointer (&priv->username, g_free); priv->username = g_strdup (user); if (priv->password) memset (priv->password, 0, strlen (priv->password)); g_clear_pointer (&priv->password, g_free); priv->password = g_strdup (password); if (always_ask != (gboolean) -1) priv->always_ask = always_ask; priv->show_password = show_password; } void wireless_security_clear_ciphers (NMConnection *connection) { NMSettingWirelessSecurity *s_wireless_sec; g_return_if_fail (connection != NULL); s_wireless_sec = nm_connection_get_setting_wireless_security (connection); g_assert (s_wireless_sec); nm_setting_wireless_security_clear_protos (s_wireless_sec); nm_setting_wireless_security_clear_pairwise (s_wireless_sec); nm_setting_wireless_security_clear_groups (s_wireless_sec); } EAPMethod * ws_802_1x_auth_combo_get_eap (GtkComboBox *combo) { GtkTreeModel *model; GtkTreeIter iter; g_autoptr(EAPMethod) eap = NULL; model = gtk_combo_box_get_model (combo); if (!gtk_combo_box_get_active_iter (combo, &iter)) return NULL; gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1); return eap; } void ws_802_1x_auth_combo_changed (GtkComboBox *combo, GtkBox *vbox, GtkSizeGroup *size_group) { EAPMethod *eap; GList *elt, *children; GtkWidget *eap_default_field; /* Remove any previous wireless security widgets */ children = gtk_container_get_children (GTK_CONTAINER (vbox)); for (elt = children; elt; elt = g_list_next (elt)) gtk_container_remove (GTK_CONTAINER (vbox), GTK_WIDGET (elt->data)); eap = ws_802_1x_auth_combo_get_eap (GTK_COMBO_BOX (combo)); g_assert (eap); gtk_widget_unparent (GTK_WIDGET (eap)); if (size_group) eap_method_add_to_size_group (eap, size_group); gtk_container_add (GTK_CONTAINER (vbox), g_object_ref (GTK_WIDGET (eap))); /* Refocus the EAP method's default widget */ eap_default_field = eap_method_get_default_field (eap); if (eap_default_field) gtk_widget_grab_focus (eap_default_field); } void ws_802_1x_auth_combo_init (WirelessSecurity *self, GtkComboBox *combo, NMConnection *connection, gboolean is_editor, gboolean secrets_only) { const gchar *user = NULL, *password = NULL; gboolean always_ask = FALSE; g_autoptr(GtkListStore) auth_model = NULL; GtkTreeIter iter; g_autoptr(EAPMethodTLS) em_tls = NULL; g_autoptr(EAPMethodSimple) em_pwd = NULL; g_autoptr(EAPMethodFAST) em_fast = NULL; g_autoptr(EAPMethodTTLS) em_ttls = NULL; g_autoptr(EAPMethodPEAP) em_peap = NULL; const char *default_method = NULL, *ctype = NULL; int active = -1, item = 0; gboolean wired = FALSE; EAPMethodSimpleFlags simple_flags = EAP_METHOD_SIMPLE_FLAG_NONE; /* Grab the default EAP method out of the security object */ if (connection) { NMSettingConnection *s_con; NMSetting8021x *s_8021x; s_con = nm_connection_get_setting_connection (connection); if (s_con) ctype = nm_setting_connection_get_connection_type (s_con); if ( (g_strcmp0 (ctype, NM_SETTING_WIRED_SETTING_NAME) == 0) || nm_connection_get_setting_wired (connection)) wired = TRUE; s_8021x = nm_connection_get_setting_802_1x (connection); if (s_8021x && nm_setting_802_1x_get_num_eap_methods (s_8021x)) default_method = nm_setting_802_1x_get_eap_method (s_8021x, 0); } /* initialize WirelessSecurity userpass from connection (clear if no connection) */ if (connection) { NMSetting8021x *setting; setting = nm_connection_get_setting_802_1x (connection); if (setting) { NMSettingSecretFlags flags; user = nm_setting_802_1x_get_identity (setting); password = nm_setting_802_1x_get_password (setting); if (nm_setting_get_secret_flags (NM_SETTING (setting), NM_SETTING_802_1X_PASSWORD, &flags, NULL)) always_ask = !!(flags & NM_SETTING_SECRET_FLAG_NOT_SAVED); } } wireless_security_set_userpass (self, user, password, always_ask, FALSE); auth_model = gtk_list_store_new (2, G_TYPE_STRING, eap_method_get_type ()); if (is_editor) simple_flags |= EAP_METHOD_SIMPLE_FLAG_IS_EDITOR; if (secrets_only) simple_flags |= EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY; if (wired) { g_autoptr(EAPMethodSimple) em_md5 = NULL; em_md5 = eap_method_simple_new (self, connection, EAP_METHOD_SIMPLE_TYPE_MD5, simple_flags); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, AUTH_NAME_COLUMN, _("MD5"), AUTH_METHOD_COLUMN, em_md5, -1); if (default_method && (active < 0) && !strcmp (default_method, "md5")) active = item; item++; } em_tls = eap_method_tls_new (self, connection, FALSE, secrets_only); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, AUTH_NAME_COLUMN, _("TLS"), AUTH_METHOD_COLUMN, em_tls, -1); if (default_method && (active < 0) && !strcmp (default_method, "tls")) active = item; item++; if (!wired) { g_autoptr(EAPMethodLEAP) em_leap = NULL; em_leap = eap_method_leap_new (self, connection, secrets_only); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, AUTH_NAME_COLUMN, _("LEAP"), AUTH_METHOD_COLUMN, em_leap, -1); if (default_method && (active < 0) && !strcmp (default_method, "leap")) active = item; item++; } em_pwd = eap_method_simple_new (self, connection, EAP_METHOD_SIMPLE_TYPE_PWD, simple_flags); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, AUTH_NAME_COLUMN, _("PWD"), AUTH_METHOD_COLUMN, em_pwd, -1); if (default_method && (active < 0) && !strcmp (default_method, "pwd")) active = item; item++; em_fast = eap_method_fast_new (self, connection, is_editor, secrets_only); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, AUTH_NAME_COLUMN, _("FAST"), AUTH_METHOD_COLUMN, em_fast, -1); if (default_method && (active < 0) && !strcmp (default_method, "fast")) active = item; item++; em_ttls = eap_method_ttls_new (self, connection, is_editor, secrets_only); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, AUTH_NAME_COLUMN, _("Tunneled TLS"), AUTH_METHOD_COLUMN, em_ttls, -1); if (default_method && (active < 0) && !strcmp (default_method, "ttls")) active = item; item++; em_peap = eap_method_peap_new (self, connection, is_editor, secrets_only); gtk_list_store_append (auth_model, &iter); gtk_list_store_set (auth_model, &iter, AUTH_NAME_COLUMN, _("Protected EAP (PEAP)"), AUTH_METHOD_COLUMN, em_peap, -1); if (default_method && (active < 0) && !strcmp (default_method, "peap")) active = item; item++; gtk_combo_box_set_model (combo, GTK_TREE_MODEL (auth_model)); gtk_combo_box_set_active (combo, active < 0 ? 0 : (guint32) active); } void ws_802_1x_fill_connection (GtkComboBox *combo, NMConnection *connection) { NMSettingWirelessSecurity *s_wireless_sec; NMSetting8021x *s_8021x; NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; EAPMethod *eap; /* Get the EAPMethod object */ eap = ws_802_1x_auth_combo_get_eap (combo); g_assert (eap); /* Get previous pasword flags, if any. Otherwise default to agent-owned secrets */ s_8021x = nm_connection_get_setting_802_1x (connection); if (s_8021x) nm_setting_get_secret_flags (NM_SETTING (s_8021x), eap_method_get_password_flags_name (eap), &secret_flags, NULL); else secret_flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED; /* Blow away the old wireless security setting by adding a clear one */ s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec); /* Blow away the old 802.1x setting by adding a clear one */ s_8021x = (NMSetting8021x *) nm_setting_802_1x_new (); nm_connection_add_setting (connection, (NMSetting *) s_8021x); eap_method_fill_connection (eap, connection, secret_flags); }