setting-wireless: add wps-pin property

Will be used to store the PIN for the WPS PIN method.

4 files changed, 83 insertions, 0 deletions

diff --git a/clients/common/settings-docs.c.in b/clients/common/settings-docs.c.in
index c4e1a3e30c..fda138f54f 100644
--- a/clients/common/settings-docs.c.in
+++ b/clients/common/settings-docs.c.in
@@ -41,6 +41,7 @@
 #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_WEP_KEY3 N_("Index 3 WEP key.  This WEP index is not used by most networks.  See the \"wep-key-type\" property for a description of how this key is interpreted.")
 #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX N_("When static WEP is used (ie, key-mgmt = \"none\") and a non-default WEP key index is used by the AP, put that WEP key index here.  Valid values are 0 (default key) through 3.  Note that some consumer access points (like the Linksys WRT54G) number the keys 1 - 4.")
 #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_WPS_METHOD N_("Flags indicating which mode of WPS is to be used if any. There's little point in changing the default setting as NetworkManager will automatically determine whether it's feasible to start WPS enrollment from the Access Point capabilities. WPS can by disabled by setting this property to a value of 1.")
+#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_WPS_PIN N_("The PIN used for WPS. Please note that this property is not handled as a secret and will be visible to the users of the machine. Aside from that, there's a known security flaw in the PIN based method that makes the PIN easy to guess. Enabling PIN method it on your router introduces a substantial risk that unauthorized nodes will join the wireless network.")
 #define DESCRIBE_DOC_NM_SETTING_802_1X_ALTSUBJECT_MATCHES N_("List of strings to be matched against the altSubjectName of the certificate presented by the authentication server. If the list is empty, no verification of the server certificate's altSubjectName is performed.")
 #define DESCRIBE_DOC_NM_SETTING_802_1X_ANONYMOUS_IDENTITY N_("Anonymous identity string for EAP authentication methods.  Used as the unencrypted identity with EAP types that support different tunneled identity like EAP-TTLS.")
 #define DESCRIBE_DOC_NM_SETTING_802_1X_AUTH_TIMEOUT N_("A timeout for the authentication. Zero means the global default; if the global default is not set, the authentication timeout is 25 seconds.")
diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c
index 9f3be6803a..5f1a172eee 100644
--- a/libnm-core/nm-setting-wireless-security.c
+++ b/libnm-core/nm-setting-wireless-security.c
@@ -87,6 +87,7 @@ typedef struct {
 
 	/* WPS */
 	NMSettingWirelessSecurityWpsMethod wps_method;
+	char *wps_pin;
 } NMSettingWirelessSecurityPrivate;
 
 enum {
@@ -110,6 +111,7 @@ enum {
 	PROP_LEAP_PASSWORD,
 	PROP_LEAP_PASSWORD_FLAGS,
 	PROP_WPS_METHOD,
+	PROP_WPS_PIN,
 
 	LAST_PROP
 };
@@ -882,6 +884,22 @@ no_secrets:
 	return NULL;
 }
 
+/**
+ * nm_setting_wireless_security_get_wps_pin:
+ * @setting: the #NMSettingWirelessSecurity
+ *
+ * Returns: the #NMSettingWirelessSecurity:wps-pin property of the setting
+ *
+ * Since: 1.10
+ **/
+const char *
+nm_setting_wireless_security_get_wps_pin (NMSettingWirelessSecurity *setting)
+{
+	g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), NULL);
+
+	return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->wps_pin;
+}
+
 static gboolean
 verify (NMSetting *setting, NMConnection *connection, GError **error)
 {
@@ -892,6 +910,8 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
 	const char *valid_protos[] = { "wpa", "rsn", NULL };
 	const char *valid_pairwise[] = { "tkip", "ccmp", NULL };
 	const char *valid_groups[] = { "wep40", "wep104", "tkip", "ccmp", NULL };
+	guint wps_csum = 0;
+	int i;
 
 	if (!priv->key_mgmt) {
 		g_set_error_literal (error,
@@ -1096,6 +1116,39 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
 		return FALSE;
 	}
 
+	if (priv->wps_pin) {
+		if (strlen (priv->wps_pin) != 8) {
+			g_set_error_literal (error,
+			                     NM_CONNECTION_ERROR,
+			                     NM_CONNECTION_ERROR_INVALID_PROPERTY,
+			                     _("WPS PIN needs to be 8 digits long"));
+			g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WPS_PIN);
+			return FALSE;
+		}
+
+		for (i = 0; i < 8; i++) {
+			if (g_ascii_isdigit (priv->wps_pin[i]))
+				continue;
+			g_set_error_literal (error,
+			                     NM_CONNECTION_ERROR,
+			                     NM_CONNECTION_ERROR_INVALID_PROPERTY,
+			                     _("WPS PIN can only contain digits"));
+			g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WPS_PIN);
+			return FALSE;
+		}
+
+		for (i = 6; i >= 0; i--)
+			wps_csum += (i % 2 ? 1 : 3) * g_ascii_digit_value (priv->wps_pin[i]);
+		if (g_ascii_digit_value (priv->wps_pin[7]) != (10 - wps_csum % 10) % 10) {
+			g_set_error_literal (error,
+			                     NM_CONNECTION_ERROR,
+			                     NM_CONNECTION_ERROR_INVALID_PROPERTY,
+			                     _("WPS PIN is not valid"));
+			g_prefix_error (error, "%s.%s: ", NM_SETTING_WIRELESS_SECURITY_SETTING_NAME, NM_SETTING_WIRELESS_SECURITY_WPS_PIN);
+			return FALSE;
+		}
+	}
+
 	return TRUE;
 }
 
@@ -1327,6 +1380,10 @@ set_property (GObject *object, guint prop_id,
 	case PROP_WPS_METHOD:
 		priv->wps_method = g_value_get_uint (value);
 		break;
+	case PROP_WPS_PIN:
+		g_free (priv->wps_pin);
+		priv->wps_pin = g_value_dup_string (value);
+		break;
 	default:
 		G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
 		break;
@@ -1398,6 +1455,9 @@ get_property (GObject *object, guint prop_id,
 	case PROP_WPS_METHOD:
 		g_value_set_uint (value, priv->wps_method);
 		break;
+	case PROP_WPS_PIN:
+		g_value_set_string (value, priv->wps_pin);
+		break;
 	default:
 		G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
 		break;
@@ -1864,4 +1924,22 @@ nm_setting_wireless_security_class_init (NMSettingWirelessSecurityClass *setting
 		                    G_PARAM_CONSTRUCT |
 		                    NM_SETTING_PARAM_FUZZY_IGNORE |
 		                    G_PARAM_STATIC_STRINGS));
+
+	/**
+	 * NMSettingWirelessSecurity:wps-pin:
+	 *
+	 * The PIN used for WPS.
+	 *
+	 * NetworkManager will automatically disable WPS and unset this property
+	 * after a successful WPS enrollment.
+	 *
+	 * Since: 1.10
+	 **/
+	g_object_class_install_property
+		(object_class, PROP_WPS_PIN,
+		 g_param_spec_string (NM_SETTING_WIRELESS_SECURITY_WPS_PIN, "", "",
+		                      NULL,
+		                      G_PARAM_READWRITE |
+		                      NM_SETTING_PARAM_FUZZY_IGNORE |
+		                      G_PARAM_STATIC_STRINGS));
 }
diff --git a/libnm-core/nm-setting-wireless-security.h b/libnm-core/nm-setting-wireless-security.h
index 548fea762d..5ffed57d6e 100644
--- a/libnm-core/nm-setting-wireless-security.h
+++ b/libnm-core/nm-setting-wireless-security.h
@@ -128,6 +128,7 @@ typedef enum {
 #define NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD "leap-password"
 #define NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD_FLAGS "leap-password-flags"
 #define NM_SETTING_WIRELESS_SECURITY_WPS_METHOD "wps-method"
+#define NM_SETTING_WIRELESS_SECURITY_WPS_PIN "wps-pin"
 
 /**
  * NMSettingWirelessSecurity:
@@ -192,6 +193,8 @@ NMWepKeyType nm_setting_wireless_security_get_wep_key_type (NMSettingWirelessSec
 
 NM_AVAILABLE_IN_1_10
 NMSettingWirelessSecurityWpsMethod nm_setting_wireless_security_get_wps_method (NMSettingWirelessSecurity *setting);
+NM_AVAILABLE_IN_1_10
+const char                        *nm_setting_wireless_security_get_wps_pin    (NMSettingWirelessSecurity *setting);
 
 G_END_DECLS
 
diff --git a/libnm/libnm.ver b/libnm/libnm.ver
index b9a3df2aae..2af0d11362 100644
--- a/libnm/libnm.ver
+++ b/libnm/libnm.ver
@@ -1182,6 +1182,7 @@ libnm_1_10_0 {
 global:
 	nm_setting_wireless_security_get_pmf;
 	nm_setting_wireless_security_get_wps_method;
+	nm_setting_wireless_security_get_wps_pin;
 	nm_setting_wireless_security_pmf_get_type;
 	nm_setting_wireless_security_wps_method_get_type;
 } libnm_1_8_0;