diff options
author | Lubomir Rintel <lkundrak@v3.sk> | 2017-06-09 18:58:19 +0200 |
---|---|---|
committer | Lubomir Rintel <lkundrak@v3.sk> | 2017-06-13 15:02:26 +0200 |
commit | 8fb89a6a7a37ad9ad6ce21651cde835fad496fc5 (patch) | |
tree | 53021d4114c89672972b2b10386d8bf5c991f536 | |
parent | 3d40d61a355b1cdc85f96a2ede40a933c44b9e54 (diff) | |
download | network-manager-applet-8fb89a6a7a37ad9ad6ce21651cde835fad496fc5.tar.gz |
wireless-security/eap: move cert picker setup and validation to common location
It is now used by the TLS method, but makes sense for TTLS and PEAP too.
-rw-r--r-- | Makefile.am | 1 | ||||
-rw-r--r-- | src/wireless-security/eap-method-tls.c | 172 | ||||
-rw-r--r-- | src/wireless-security/eap-method.c | 94 | ||||
-rw-r--r-- | src/wireless-security/eap-method.h | 28 |
4 files changed, 152 insertions, 143 deletions
diff --git a/Makefile.am b/Makefile.am index 5cf9efff..be5cc3f8 100644 --- a/Makefile.am +++ b/Makefile.am @@ -393,6 +393,7 @@ src_libnm_gtk_libnm_gtk_la_CFLAGS = \ "-I$(srcdir)/src/utils" \ "-I$(srcdir)/src/wireless-security" \ "-I$(srcdir)/src/libnm-gtk" \ + "-I$(srcdir)/src/libnma" \ -Isrc/libnma \ $(GTK_CFLAGS) \ $(LIBNM_GLIB_CFLAGS) \ diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c index 83c64f5f..b22357d3 100644 --- a/src/wireless-security/eap-method-tls.c +++ b/src/wireless-security/eap-method-tls.c @@ -298,35 +298,6 @@ client_key_password_validate_cb (NMACertChooser *cert_chooser, gpointer user_dat return NULL; } -static GError * -ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data) -{ - NMSetting8021xCKScheme scheme; - NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; - gs_unref_object NMSetting8021x *setting = NULL; - gs_free char *value = NULL; - GError *local = NULL; - - setting = (NMSetting8021x *) nm_setting_802_1x_new (); - - value = nma_cert_chooser_get_cert (cert_chooser, &scheme); - if (!value) { - return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, - _("no CA certificate selected")); - } - if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) { - if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) { - return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, - _("selected CA certificate file does not exist")); - } - } - - if (!nm_setting_802_1x_set_ca_cert (setting, value, scheme, &format, &local)) - return local; - - return NULL; -} - static void client_cert_fixup_pkcs12 (NMACertChooser *cert_chooser, gpointer user_data) { @@ -349,106 +320,21 @@ client_cert_fixup_pkcs12 (NMACertChooser *cert_chooser, gpointer user_data) nma_cert_chooser_set_key (cert_chooser, cert_value, cert_scheme); } -typedef const char * (*PathFunc) (NMSetting8021x *setting); -typedef const char * (*UriFunc) (NMSetting8021x *setting); -typedef NMSetting8021xCKScheme (*SchemeFunc) (NMSetting8021x *setting); -typedef const char * (*PasswordFunc) (NMSetting8021x *setting); - -static void -setup_cert_chooser (NMACertChooser *cert_chooser, - NMSetting8021x *s_8021x, - SchemeFunc cert_scheme_func, - PathFunc cert_path_func, - UriFunc cert_uri_func, - PasswordFunc cert_password_func, - SchemeFunc key_scheme_func, - PathFunc key_path_func, - UriFunc key_uri_func, - PasswordFunc key_password_func) -{ - NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN; - const char *value = NULL; - - - if (s_8021x && cert_path_func && cert_uri_func && cert_scheme_func) { - scheme = cert_scheme_func (s_8021x); - switch (scheme) { - case NM_SETTING_802_1X_CK_SCHEME_PATH: - value = cert_path_func (s_8021x); - break; -#if LIBNM_BUILD -/* Not available in libnm-glib */ - case NM_SETTING_802_1X_CK_SCHEME_PKCS11: - value = cert_uri_func (s_8021x); - if (cert_password_func) - nma_cert_chooser_set_cert_password (cert_chooser, cert_password_func (s_8021x)); - break; -#endif - case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN: - /* No CA set. */ - break; - default: - g_warning ("unhandled certificate scheme %d", scheme); - } - - } - nma_cert_chooser_set_cert (cert_chooser, value, scheme); - - if (s_8021x && key_path_func && key_uri_func && key_scheme_func) { - scheme = key_scheme_func (s_8021x); - switch (scheme) { - case NM_SETTING_802_1X_CK_SCHEME_PATH: - value = key_path_func (s_8021x); - break; -#if LIBNM_BUILD -/* Not available in libnm-glib */ - case NM_SETTING_802_1X_CK_SCHEME_PKCS11: - value = key_uri_func (s_8021x); - break; -#endif - case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN: - /* No certificate set. */ - break; - default: - g_warning ("unhandled key scheme %d", scheme); - } - - nma_cert_chooser_set_key (cert_chooser, value, scheme); - } - - if (s_8021x && key_password_func) - nma_cert_chooser_set_key_password (cert_chooser, key_password_func (s_8021x)); -} - -#if !LIBNM_BUILD -/* Not available in libnm-glib */ -#define nm_setting_802_1x_get_ca_cert_password NULL -#define nm_setting_802_1x_get_ca_cert_uri NULL -#define nm_setting_802_1x_get_client_cert_password NULL -#define nm_setting_802_1x_get_client_cert_uri NULL -#define nm_setting_802_1x_get_private_key_uri NULL -#define nm_setting_802_1x_get_phase2_ca_cert_password NULL -#define nm_setting_802_1x_get_phase2_ca_cert_uri NULL -#define nm_setting_802_1x_get_phase2_client_cert_password NULL -#define nm_setting_802_1x_get_phase2_client_cert_uri NULL -#define nm_setting_802_1x_get_phase2_private_key_uri NULL -#endif - static void update_secrets (EAPMethod *parent, NMConnection *connection) { EAPMethodTLS *method = (EAPMethodTLS *) parent; - setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser), - nm_connection_get_setting_802_1x (connection), - NULL, - NULL, - NULL, - parent->phase2 ? nm_setting_802_1x_get_phase2_client_cert_password : nm_setting_802_1x_get_client_cert_password, - parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : nm_setting_802_1x_get_private_key_scheme, - parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_path : nm_setting_802_1x_get_private_key_path, - parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_uri : nm_setting_802_1x_get_private_key_uri, - parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_password : nm_setting_802_1x_get_private_key_password); + eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser), + nm_connection_get_setting_802_1x (connection), + NULL, + NULL, + NULL, + parent->phase2 ? nm_setting_802_1x_get_phase2_client_cert_password : nm_setting_802_1x_get_client_cert_password, + parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : nm_setting_802_1x_get_private_key_scheme, + parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_path : nm_setting_802_1x_get_private_key_path, + parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_uri : nm_setting_802_1x_get_private_key_uri, + parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_password : nm_setting_802_1x_get_private_key_password); } EAPMethodTLS * @@ -539,15 +425,15 @@ eap_method_tls_new (WirelessSecurity *ws_parent, G_CALLBACK (wireless_security_changed_cb), ws_parent); - setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser), s_8021x, - phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme : nm_setting_802_1x_get_client_cert_scheme, - phase2 ? nm_setting_802_1x_get_phase2_client_cert_path : nm_setting_802_1x_get_client_cert_path, - phase2 ? nm_setting_802_1x_get_phase2_client_cert_uri : nm_setting_802_1x_get_client_cert_uri, - phase2 ? nm_setting_802_1x_get_phase2_client_cert_password : nm_setting_802_1x_get_client_cert_password, - phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : nm_setting_802_1x_get_private_key_scheme, - phase2 ? nm_setting_802_1x_get_phase2_private_key_path : nm_setting_802_1x_get_private_key_path, - phase2 ? nm_setting_802_1x_get_phase2_private_key_uri : nm_setting_802_1x_get_private_key_uri, - phase2 ? nm_setting_802_1x_get_phase2_private_key_password : nm_setting_802_1x_get_private_key_password); + eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser), s_8021x, + phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme : nm_setting_802_1x_get_client_cert_scheme, + phase2 ? nm_setting_802_1x_get_phase2_client_cert_path : nm_setting_802_1x_get_client_cert_path, + phase2 ? nm_setting_802_1x_get_phase2_client_cert_uri : nm_setting_802_1x_get_client_cert_uri, + phase2 ? nm_setting_802_1x_get_phase2_client_cert_password : nm_setting_802_1x_get_client_cert_password, + phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : nm_setting_802_1x_get_private_key_scheme, + phase2 ? nm_setting_802_1x_get_phase2_private_key_path : nm_setting_802_1x_get_private_key_path, + phase2 ? nm_setting_802_1x_get_phase2_private_key_uri : nm_setting_802_1x_get_private_key_uri, + phase2 ? nm_setting_802_1x_get_phase2_private_key_password : nm_setting_802_1x_get_private_key_password); method->ca_cert_chooser = nma_cert_chooser_new ("CA", NMA_CERT_CHOOSER_FLAG_CERT @@ -557,22 +443,22 @@ eap_method_tls_new (WirelessSecurity *ws_parent, g_signal_connect (method->ca_cert_chooser, "cert-validate", - G_CALLBACK (ca_cert_validate_cb), + G_CALLBACK (eap_method_ca_cert_validate_cb), NULL); g_signal_connect (method->ca_cert_chooser, "changed", G_CALLBACK (wireless_security_changed_cb), ws_parent); - setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x, - phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme : nm_setting_802_1x_get_ca_cert_scheme, - phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path : nm_setting_802_1x_get_ca_cert_path, - phase2 ? nm_setting_802_1x_get_phase2_ca_cert_uri : nm_setting_802_1x_get_ca_cert_uri, - phase2 ? nm_setting_802_1x_get_phase2_ca_cert_password : nm_setting_802_1x_get_ca_cert_password, - NULL, - NULL, - NULL, - NULL); + eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x, + phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme : nm_setting_802_1x_get_ca_cert_scheme, + phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path : nm_setting_802_1x_get_ca_cert_path, + phase2 ? nm_setting_802_1x_get_phase2_ca_cert_uri : nm_setting_802_1x_get_ca_cert_uri, + phase2 ? nm_setting_802_1x_get_phase2_ca_cert_password : nm_setting_802_1x_get_ca_cert_password, + NULL, + NULL, + NULL, + NULL); if (connection && eap_method_ca_cert_ignore_get (parent, connection)) { gchar *ca_cert; diff --git a/src/wireless-security/eap-method.c b/src/wireless-security/eap-method.c index a5088f8a..f11bd22e 100644 --- a/src/wireless-security/eap-method.c +++ b/src/wireless-security/eap-method.c @@ -604,3 +604,97 @@ eap_method_ca_cert_ignore_load (NMConnection *connection) g_object_unref (settings); } +GError * +eap_method_ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data) +{ + NMSetting8021xCKScheme scheme; + NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + gs_unref_object NMSetting8021x *setting = NULL; + gs_free char *value = NULL; + GError *local = NULL; + + setting = (NMSetting8021x *) nm_setting_802_1x_new (); + + value = nma_cert_chooser_get_cert (cert_chooser, &scheme); + if (!value) { + return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, + _("no CA certificate selected")); + } + if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) { + if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) { + return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, + _("selected CA certificate file does not exist")); + } + } + + if (!nm_setting_802_1x_set_ca_cert (setting, value, scheme, &format, &local)) + return local; + + return NULL; +} + +void +eap_method_setup_cert_chooser (NMACertChooser *cert_chooser, + NMSetting8021x *s_8021x, + NMSetting8021xCKScheme (*cert_scheme_func) (NMSetting8021x *setting), + const char *(*cert_path_func) (NMSetting8021x *setting), + const char *(*cert_uri_func) (NMSetting8021x *setting), + const char *(*cert_password_func) (NMSetting8021x *setting), + NMSetting8021xCKScheme (*key_scheme_func) (NMSetting8021x *setting), + const char *(*key_path_func) (NMSetting8021x *setting), + const char *(*key_uri_func) (NMSetting8021x *setting), + const char *(*key_password_func) (NMSetting8021x *setting)) +{ + NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN; + const char *value = NULL; + + + if (s_8021x && cert_path_func && cert_uri_func && cert_scheme_func) { + scheme = cert_scheme_func (s_8021x); + switch (scheme) { + case NM_SETTING_802_1X_CK_SCHEME_PATH: + value = cert_path_func (s_8021x); + break; +#if LIBNM_BUILD +/* Not available in libnm-glib */ + case NM_SETTING_802_1X_CK_SCHEME_PKCS11: + value = cert_uri_func (s_8021x); + if (cert_password_func) + nma_cert_chooser_set_cert_password (cert_chooser, cert_password_func (s_8021x)); + break; +#endif + case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN: + /* No CA set. */ + break; + default: + g_warning ("unhandled certificate scheme %d", scheme); + } + + } + nma_cert_chooser_set_cert (cert_chooser, value, scheme); + + if (s_8021x && key_path_func && key_uri_func && key_scheme_func) { + scheme = key_scheme_func (s_8021x); + switch (scheme) { + case NM_SETTING_802_1X_CK_SCHEME_PATH: + value = key_path_func (s_8021x); + break; +#if LIBNM_BUILD +/* Not available in libnm-glib */ + case NM_SETTING_802_1X_CK_SCHEME_PKCS11: + value = key_uri_func (s_8021x); + break; +#endif + case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN: + /* No certificate set. */ + break; + default: + g_warning ("unhandled key scheme %d", scheme); + } + + nma_cert_chooser_set_key (cert_chooser, value, scheme); + } + + if (s_8021x && key_password_func) + nma_cert_chooser_set_key_password (cert_chooser, key_password_func (s_8021x)); +} diff --git a/src/wireless-security/eap-method.h b/src/wireless-security/eap-method.h index 333fa148..665d2d89 100644 --- a/src/wireless-security/eap-method.h +++ b/src/wireless-security/eap-method.h @@ -72,6 +72,7 @@ GType eap_method_get_type (void); /* Below for internal use only */ +#include "nma-cert-chooser.h" #include "eap-method-tls.h" #include "eap-method-leap.h" #include "eap-method-fast.h" @@ -126,4 +127,31 @@ gboolean eap_method_ca_cert_ignore_get (EAPMethod *method, NMConnection *connect void eap_method_ca_cert_ignore_save (NMConnection *connection); void eap_method_ca_cert_ignore_load (NMConnection *connection); +GError *eap_method_ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data); + +#if !LIBNM_BUILD +/* For mere convenience. These are not available in libnm-glib. */ +#define nm_setting_802_1x_get_ca_cert_password NULL +#define nm_setting_802_1x_get_ca_cert_uri NULL +#define nm_setting_802_1x_get_client_cert_password NULL +#define nm_setting_802_1x_get_client_cert_uri NULL +#define nm_setting_802_1x_get_private_key_uri NULL +#define nm_setting_802_1x_get_phase2_ca_cert_password NULL +#define nm_setting_802_1x_get_phase2_ca_cert_uri NULL +#define nm_setting_802_1x_get_phase2_client_cert_password NULL +#define nm_setting_802_1x_get_phase2_client_cert_uri NULL +#define nm_setting_802_1x_get_phase2_private_key_uri NULL +#endif + +void eap_method_setup_cert_chooser (NMACertChooser *cert_chooser, + NMSetting8021x *s_8021x, + NMSetting8021xCKScheme (*cert_scheme_func) (NMSetting8021x *setting), + const char *(*cert_path_func) (NMSetting8021x *setting), + const char *(*cert_uri_func) (NMSetting8021x *setting), + const char *(*cert_password_func) (NMSetting8021x *setting), + NMSetting8021xCKScheme (*key_scheme_func) (NMSetting8021x *setting), + const char *(*key_path_func) (NMSetting8021x *setting), + const char *(*key_uri_func) (NMSetting8021x *setting), + const char *(*key_password_func) (NMSetting8021x *setting)); + #endif /* EAP_METHOD_H */ |