diff options
author | Lubomir Rintel <lkundrak@v3.sk> | 2019-10-04 10:31:01 +0200 |
---|---|---|
committer | Lubomir Rintel <lkundrak@v3.sk> | 2019-10-09 13:16:49 +0200 |
commit | 875d5fa82adb73ae84c781b9327af5f15a456c1e (patch) | |
tree | 3c4be23b6a9e941f12f5750c5003dae53419cc61 | |
parent | 62bc9a0a56a6894f8d4f6902d62cb938c4620a03 (diff) | |
download | network-manager-applet-875d5fa82adb73ae84c781b9327af5f15a456c1e.tar.gz |
wireless-security: add SAE support
This is used by WPA3 Personal and secured Meshes (which we don't support
in the applet).
-rw-r--r-- | Makefile.am | 3 | ||||
-rw-r--r-- | po/POTFILES.in | 2 | ||||
-rw-r--r-- | src/wireless-security/meson.build | 2 | ||||
-rw-r--r-- | src/wireless-security/wireless-security.c | 1 | ||||
-rw-r--r-- | src/wireless-security/wireless-security.h | 1 | ||||
-rw-r--r-- | src/wireless-security/ws-sae.c | 203 | ||||
-rw-r--r-- | src/wireless-security/ws-sae.h | 16 | ||||
-rw-r--r-- | src/wireless-security/ws-sae.ui | 98 | ||||
-rw-r--r-- | src/wireless-security/ws.gresource.xml | 1 |
9 files changed, 326 insertions, 1 deletions
diff --git a/Makefile.am b/Makefile.am index bce4be42..b863a683 100644 --- a/Makefile.am +++ b/Makefile.am @@ -275,6 +275,8 @@ wireless_security_c_gen = \ wireless_security_c_real = \ src/wireless-security/wireless-security.h \ src/wireless-security/wireless-security.c \ + src/wireless-security/ws-sae.h \ + src/wireless-security/ws-sae.c \ src/wireless-security/ws-wep-key.h \ src/wireless-security/ws-wep-key.c \ src/wireless-security/ws-wpa-psk.h \ @@ -392,6 +394,7 @@ EXTRA_DIST += \ src/wireless-security/eap-method-ttls.ui \ src/wireless-security/ws-dynamic-wep.ui \ src/wireless-security/ws-leap.ui \ + src/wireless-security/ws-sae.ui \ src/wireless-security/ws-wep-key.ui \ src/wireless-security/ws-wpa-eap.ui \ src/wireless-security/ws-wpa-psk.ui \ diff --git a/po/POTFILES.in b/po/POTFILES.in index 31cfdef8..c08b9128 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -125,6 +125,8 @@ src/wireless-security/wireless-security.c src/wireless-security/ws-dynamic-wep.ui src/wireless-security/ws-leap.c src/wireless-security/ws-leap.ui +src/wireless-security/ws-sae.c +src/wireless-security/ws-sae.ui src/wireless-security/ws-wep-key.c src/wireless-security/ws-wep-key.ui src/wireless-security/ws-wpa-eap.ui diff --git a/src/wireless-security/meson.build b/src/wireless-security/meson.build index 3a7cfc51..2348fcb9 100644 --- a/src/wireless-security/meson.build +++ b/src/wireless-security/meson.build @@ -12,6 +12,7 @@ sources = [version_header] + files( 'wireless-security.c', 'ws-dynamic-wep.c', 'ws-leap.c', + 'ws-sae.c', 'ws-wep-key.c', 'ws-wpa-eap.c', 'ws-wpa-psk.c' @@ -26,6 +27,7 @@ resource_data = files( 'eap-method-ttls.ui', 'ws-dynamic-wep.ui', 'ws-leap.ui', + 'ws-sae.ui', 'ws-wep-key.ui', 'ws-wpa-eap.ui', 'ws-wpa-psk.ui' diff --git a/src/wireless-security/wireless-security.c b/src/wireless-security/wireless-security.c index c02c885b..5fc110f1 100644 --- a/src/wireless-security/wireless-security.c +++ b/src/wireless-security/wireless-security.c @@ -592,4 +592,3 @@ ws_802_1x_update_secrets (WirelessSecurity *sec, } while (gtk_tree_model_iter_next (model, &iter)); } } - diff --git a/src/wireless-security/wireless-security.h b/src/wireless-security/wireless-security.h index 6c1c4a36..49289812 100644 --- a/src/wireless-security/wireless-security.h +++ b/src/wireless-security/wireless-security.h @@ -80,6 +80,7 @@ void wireless_security_unref (WirelessSecurity *sec); /* Below for internal use only */ +#include "ws-sae.h" #include "ws-wep-key.h" #include "ws-wpa-psk.h" #include "ws-leap.h" diff --git a/src/wireless-security/ws-sae.c b/src/wireless-security/ws-sae.c new file mode 100644 index 00000000..4bebf138 --- /dev/null +++ b/src/wireless-security/ws-sae.c @@ -0,0 +1,203 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#include "nm-default.h" +#include "nma-private.h" + +#include <ctype.h> +#include <string.h> + +#include "wireless-security.h" +#include "helpers.h" +#include "nma-ui-utils.h" +#include "utils.h" + +#define WPA_PMK_LEN 32 + +struct _WirelessSecuritySAE { + WirelessSecurity parent; + + gboolean editing_connection; + const char *password_flags_name; +}; + +static void +show_toggled_cb (GtkCheckButton *button, WirelessSecurity *sec) +{ + GtkWidget *widget; + gboolean visible; + + widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, "psk_entry")); + g_assert (widget); + + visible = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button)); + gtk_entry_set_visibility (GTK_ENTRY (widget), visible); +} + +static gboolean +validate (WirelessSecurity *parent, GError **error) +{ + GtkWidget *entry; + NMSettingSecretFlags secret_flags; + const char *key; + + entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, "psk_entry")); + g_assert (entry); + + secret_flags = nma_utils_menu_to_secret_flags (entry); + key = gtk_editable_get_text (GTK_EDITABLE (entry)); + + if ( secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED + || secret_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) { + /* All good. */ + } else if (key == NULL || key[0] == '\0') { + widget_set_error (entry); + g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing password")); + return FALSE; + } + widget_unset_error (entry); + + return TRUE; +} + +static void +add_to_size_group (WirelessSecurity *parent, GtkSizeGroup *group) +{ + GtkWidget *widget; + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "sae_type_label")); + gtk_size_group_add_widget (group, widget); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "sae_label")); + gtk_size_group_add_widget (group, widget); +} + +static void +fill_connection (WirelessSecurity *parent, NMConnection *connection) +{ + WirelessSecuritySAE *sae = (WirelessSecuritySAE *) parent; + GtkWidget *widget, *passwd_entry; + const char *key; + NMSettingWireless *s_wireless; + NMSettingWirelessSecurity *s_wireless_sec; + NMSettingSecretFlags secret_flags; + const char *mode; + gboolean is_adhoc = FALSE; + + s_wireless = nm_connection_get_setting_wireless (connection); + g_assert (s_wireless); + + mode = nm_setting_wireless_get_mode (s_wireless); + if (mode && !strcmp (mode, "adhoc")) + is_adhoc = TRUE; + + /* Blow away the old security setting by adding a clear one */ + s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); + nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "psk_entry")); + passwd_entry = widget; + key = gtk_editable_get_text (GTK_EDITABLE (widget)); + g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_PSK, key, NULL); + + /* Save PSK_FLAGS to the connection */ + secret_flags = nma_utils_menu_to_secret_flags (passwd_entry); + nm_setting_set_secret_flags (NM_SETTING (s_wireless_sec), NM_SETTING_WIRELESS_SECURITY_PSK, + secret_flags, NULL); + + /* Update secret flags and popup when editing the connection */ + if (sae->editing_connection) + nma_utils_update_password_storage (passwd_entry, secret_flags, + NM_SETTING (s_wireless_sec), sae->password_flags_name); + + wireless_security_clear_ciphers (connection); + if (is_adhoc) { + /* Ad-Hoc settings as specified by the supplicant */ + g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "sae", NULL); + nm_setting_wireless_security_add_proto (s_wireless_sec, "rsn"); + nm_setting_wireless_security_add_pairwise (s_wireless_sec, "ccmp"); + nm_setting_wireless_security_add_group (s_wireless_sec, "ccmp"); + } else { + g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "sae", NULL); + + /* Just leave ciphers and protocol empty, the supplicant will + * figure that out magically based on the AP IEs and card capabilities. + */ + } +} + +static void +update_secrets (WirelessSecurity *parent, NMConnection *connection) +{ + helper_fill_secret_entry (connection, + parent->builder, + "psk_entry", + NM_TYPE_SETTING_WIRELESS_SECURITY, + (HelperSecretFunc) nm_setting_wireless_security_get_psk); +} + +WirelessSecuritySAE * +ws_sae_new (NMConnection *connection, gboolean secrets_only) +{ + WirelessSecurity *parent; + WirelessSecuritySAE *sec; + NMSetting *setting = NULL; + GtkWidget *widget; + + parent = wireless_security_init (sizeof (WirelessSecuritySAE), + validate, + add_to_size_group, + fill_connection, + update_secrets, + NULL, + "/org/freedesktop/network-manager-applet/ws-sae.ui", + "sae_notebook", + "psk_entry"); + if (!parent) + return NULL; + + parent->adhoc_compatible = TRUE; + sec = (WirelessSecuritySAE *) parent; + sec->editing_connection = secrets_only ? FALSE : TRUE; + sec->password_flags_name = NM_SETTING_WIRELESS_SECURITY_PSK; + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "psk_entry")); + g_assert (widget); + g_signal_connect (G_OBJECT (widget), "changed", + (GCallback) wireless_security_changed_cb, + sec); + gtk_editable_set_width_chars (GTK_EDITABLE (widget), 28); + + /* Create password-storage popup menu for password entry under entry's secondary icon */ + if (connection) + setting = (NMSetting *) nm_connection_get_setting_wireless_security (connection); + nma_utils_setup_password_storage (widget, 0, setting, sec->password_flags_name, + FALSE, secrets_only); + + /* Fill secrets, if any */ + if (connection) + update_secrets (WIRELESS_SECURITY (sec), connection); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_sae")); + g_assert (widget); + g_signal_connect (G_OBJECT (widget), "toggled", + (GCallback) show_toggled_cb, + sec); + + /* Hide WPA/RSN for now since this can be autodetected by NM and the + * supplicant when connecting to the AP. + */ + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "sae_type_combo")); + g_assert (widget); + gtk_widget_hide (widget); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "sae_type_label")); + g_assert (widget); + gtk_widget_hide (widget); + + return sec; +} + diff --git a/src/wireless-security/ws-sae.h b/src/wireless-security/ws-sae.h new file mode 100644 index 00000000..e864d90d --- /dev/null +++ b/src/wireless-security/ws-sae.h @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2007 - 2019 Red Hat, Inc. + */ + +#ifndef WS_SAE_H +#define WS_SAE_H + +/* For compatibility with NetworkManager-1.20 and earlier. */ +#define NMU_SEC_SAE 9 + +typedef struct _WirelessSecuritySAE WirelessSecuritySAE; + +WirelessSecuritySAE * ws_sae_new (NMConnection *connection, gboolean secrets_only); + +#endif /* WS_SAE_H */ diff --git a/src/wireless-security/ws-sae.ui b/src/wireless-security/ws-sae.ui new file mode 100644 index 00000000..8f0d0413 --- /dev/null +++ b/src/wireless-security/ws-sae.ui @@ -0,0 +1,98 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Generated with glade 3.20.0 --> +<interface domain="nm-applet"> + <requires lib="gtk+" version="3.10"/> + <object class="GtkNotebook" id="sae_notebook"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="show_tabs">False</property> + <property name="show_border">False</property> + <child> + <object class="GtkGrid" id="sae_table"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="row_spacing">6</property> + <property name="column_spacing">6</property> + <child> + <object class="GtkLabel" id="sae_label"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="label" translatable="yes">_Password</property> + <property name="use_underline">True</property> + <property name="mnemonic_widget">psk_entry</property> + <property name="xalign">1</property> + </object> + <packing> + <property name="left_attach">0</property> + <property name="top_attach">0</property> + </packing> + </child> + <child> + <object class="GtkEntry" id="psk_entry"> + <property name="visible">True</property> + <property name="can_focus">True</property> + <property name="hexpand">True</property> + <property name="max_length">64</property> + <property name="visibility">False</property> + <property name="activates_default">True</property> + </object> + <packing> + <property name="left_attach">1</property> + <property name="top_attach">0</property> + </packing> + </child> + <child> + <object class="GtkLabel" id="sae_type_label"> + <property name="visible">True</property> + <property name="can_focus">False</property> + <property name="label" translatable="yes">_Type</property> + <property name="use_underline">True</property> + <property name="mnemonic_widget">sae_type_combo</property> + <property name="xalign">1</property> + </object> + <packing> + <property name="left_attach">0</property> + <property name="top_attach">2</property> + </packing> + </child> + <child> + <object class="GtkCheckButton" id="show_checkbutton_sae"> + <property name="label" translatable="yes">Sho_w password</property> + <property name="visible">True</property> + <property name="can_focus">True</property> + <property name="receives_default">False</property> + <property name="hexpand">True</property> + <property name="use_underline">True</property> + <property name="draw_indicator">True</property> + </object> + <packing> + <property name="left_attach">1</property> + <property name="top_attach">1</property> + </packing> + </child> + <child> + <object class="GtkComboBox" id="sae_type_combo"> + <property name="visible">True</property> + <property name="can_focus">False</property> + </object> + <packing> + <property name="left_attach">1</property> + <property name="top_attach">2</property> + </packing> + </child> + <child> + <placeholder/> + </child> + </object> + </child> + <child type="tab"> + <object class="GtkLabel" id="GtkLabel2"> + <property name="visible">True</property> + <property name="can_focus">False</property> + </object> + <packing> + <property name="tab_fill">False</property> + </packing> + </child> + </object> +</interface> diff --git a/src/wireless-security/ws.gresource.xml b/src/wireless-security/ws.gresource.xml index 7aa6c0f9..5af6115d 100644 --- a/src/wireless-security/ws.gresource.xml +++ b/src/wireless-security/ws.gresource.xml @@ -3,6 +3,7 @@ <gresource prefix="/org/freedesktop/network-manager-applet"> <file preprocess="xml-stripblanks">ws-dynamic-wep.ui</file> <file preprocess="xml-stripblanks">ws-leap.ui</file> + <file preprocess="xml-stripblanks">ws-sae.ui</file> <file preprocess="xml-stripblanks">ws-wep-key.ui</file> <file preprocess="xml-stripblanks">ws-wpa-eap.ui</file> <file preprocess="xml-stripblanks">ws-wpa-psk.ui</file> |