diff options
| author | Lubomir Rintel <lkundrak@v3.sk> | 2017-06-09 19:32:02 +0200 |
|---|---|---|
| committer | Lubomir Rintel <lkundrak@v3.sk> | 2017-06-13 15:02:26 +0200 |
| commit | e767ef259da96c0616e5b258c2e19a1da434a5d7 (patch) | |
| tree | 7006300a05e5398e39953215c1157d3161d93a84 | |
| parent | a40a4bee670cdb5dc5471ec9163723830a6fa2f5 (diff) | |
| download | network-manager-applet-e767ef259da96c0616e5b258c2e19a1da434a5d7.tar.gz | |
wireless-security/eap: drop dead code
Now that all TLS, TTLS and PEAP use the certificate chooser widget, we can
drop the obsolete helpers. Yay!
| -rw-r--r-- | src/wireless-security/eap-method.c | 256 | ||||
| -rw-r--r-- | src/wireless-security/eap-method.h | 22 |
2 files changed, 0 insertions, 278 deletions
diff --git a/src/wireless-security/eap-method.c b/src/wireless-security/eap-method.c index f11bd22e..0b11443d 100644 --- a/src/wireless-security/eap-method.c +++ b/src/wireless-security/eap-method.c @@ -205,262 +205,6 @@ eap_method_unref (EAPMethod *method) } } -gboolean -eap_method_validate_filepicker (GtkBuilder *builder, - const char *name, - guint32 item_type, - const char *password, - NMSetting8021xCKFormat *out_format, - GError **error) -{ - GtkWidget *widget; - gs_free char *filename = NULL; - NMSetting8021x *setting; - gboolean success; - - widget = GTK_WIDGET (gtk_builder_get_object (builder, name)); - g_assert (widget); - filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); - if (!filename) { - if (item_type != TYPE_CA_CERT) { - success = FALSE; - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("no file selected")); - } else - success = TRUE; - goto out; - } - - if (!g_file_test (filename, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) { - success = FALSE; - g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("file ā%sā does not exist"), filename); - goto out; - } - - setting = (NMSetting8021x *) nm_setting_802_1x_new (); - - success = FALSE; - if (item_type == TYPE_PRIVATE_KEY) { - if (nm_setting_802_1x_set_private_key (setting, filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH, out_format, error)) - success = TRUE; - } else if (item_type == TYPE_CLIENT_CERT) { - if (nm_setting_802_1x_set_client_cert (setting, filename, NM_SETTING_802_1X_CK_SCHEME_PATH, out_format, error)) - success = TRUE; - } else if (item_type == TYPE_CA_CERT) { - if (nm_setting_802_1x_set_ca_cert (setting, filename, NM_SETTING_802_1X_CK_SCHEME_PATH, out_format, error)) - success = TRUE; - } else - g_warning ("%s: invalid item type %d.", __func__, item_type); - - g_object_unref (setting); - -out: - if (!success && error && !*error) - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("unspecified error validating eap-method file")); - - if (success) - widget_unset_error (widget); - else - widget_set_error (widget); - return success; -} - -#if !LIBNM_BUILD -static const char * -find_tag (const char *tag, const char *buf, gsize len) -{ - gsize i, taglen; - - taglen = strlen (tag); - if (len < taglen) - return NULL; - - for (i = 0; i < len - taglen + 1; i++) { - if (memcmp (buf + i, tag, taglen) == 0) - return buf + i; - } - return NULL; -} - -static const char *pem_rsa_key_begin = "-----BEGIN RSA PRIVATE KEY-----"; -static const char *pem_dsa_key_begin = "-----BEGIN DSA PRIVATE KEY-----"; -static const char *pem_pkcs8_enc_key_begin = "-----BEGIN ENCRYPTED PRIVATE KEY-----"; -static const char *pem_pkcs8_dec_key_begin = "-----BEGIN PRIVATE KEY-----"; -static const char *pem_cert_begin = "-----BEGIN CERTIFICATE-----"; -static const char *proc_type_tag = "Proc-Type: 4,ENCRYPTED"; -static const char *dek_info_tag = "DEK-Info:"; - -static gboolean -pem_file_is_encrypted (const char *buffer, gsize bytes_read) -{ - /* Check if the private key is encrypted or not by looking for the - * old OpenSSL-style proc-type and dec-info tags. - */ - if (find_tag (proc_type_tag, (const char *) buffer, bytes_read)) { - if (find_tag (dek_info_tag, (const char *) buffer, bytes_read)) - return TRUE; - } - return FALSE; -} - -static gboolean -file_is_der_or_pem (const char *filename, - gboolean privkey, - gboolean *out_privkey_encrypted) -{ - int fd; - unsigned char buffer[8192]; - ssize_t bytes_read; - gboolean success = FALSE; - - fd = open (filename, O_RDONLY); - if (fd < 0) - return FALSE; - - bytes_read = read (fd, buffer, sizeof (buffer) - 1); - if (bytes_read < 400) /* needs to be lower? */ - goto out; - buffer[bytes_read] = '\0'; - - /* Check for DER signature */ - if (bytes_read > 2 && buffer[0] == 0x30 && buffer[1] == 0x82) { - success = TRUE; - goto out; - } - - /* Check for PEM signatures */ - if (privkey) { - if (find_tag (pem_rsa_key_begin, (const char *) buffer, bytes_read)) { - success = TRUE; - if (out_privkey_encrypted) - *out_privkey_encrypted = pem_file_is_encrypted ((const char *) buffer, bytes_read); - goto out; - } - - if (find_tag (pem_dsa_key_begin, (const char *) buffer, bytes_read)) { - success = TRUE; - if (out_privkey_encrypted) - *out_privkey_encrypted = pem_file_is_encrypted ((const char *) buffer, bytes_read); - goto out; - } - - if (find_tag (pem_pkcs8_enc_key_begin, (const char *) buffer, bytes_read)) { - success = TRUE; - if (out_privkey_encrypted) - *out_privkey_encrypted = TRUE; - goto out; - } - - if (find_tag (pem_pkcs8_dec_key_begin, (const char *) buffer, bytes_read)) { - success = TRUE; - if (out_privkey_encrypted) - *out_privkey_encrypted = FALSE; - goto out; - } - } else { - if (find_tag (pem_cert_begin, (const char *) buffer, bytes_read)) { - success = TRUE; - goto out; - } - } - -out: - close (fd); - return success; -} -#endif - -GtkFileFilter * -eap_method_default_file_chooser_filter_new (gboolean privkey) -{ - if (privkey) - return utils_key_filter (); - else - return utils_cert_filter (); -} - -gboolean -eap_method_is_encrypted_private_key (const char *path) -{ - gboolean is_encrypted; - -#if LIBNM_BUILD - is_encrypted = FALSE; - if (!nm_utils_file_is_private_key (path, &is_encrypted)) - return FALSE; -#else - is_encrypted = TRUE; - if ( !file_is_der_or_pem (path, TRUE, &is_encrypted) - && !nm_utils_file_is_pkcs12 (path)) - return FALSE; -#endif - return is_encrypted; -} - -/* Some methods (PEAP, TLS, TTLS) require a CA certificate. The user can choose - * not to provide such a certificate. This method whether the checkbox - * id_ca_cert_not_required_checkbutton is checked or id_ca_cert_chooser has a certificate - * selected. - */ -gboolean -eap_method_ca_cert_required (GtkBuilder *builder, const char *id_ca_cert_not_required_checkbutton, const char *id_ca_cert_chooser) -{ - char *filename; - GtkWidget *widget; - - g_assert (builder && id_ca_cert_not_required_checkbutton && id_ca_cert_chooser); - - widget = GTK_WIDGET (gtk_builder_get_object (builder, id_ca_cert_not_required_checkbutton)); - g_assert (widget && GTK_IS_TOGGLE_BUTTON (widget)); - - if (!gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { - widget = GTK_WIDGET (gtk_builder_get_object (builder, id_ca_cert_chooser)); - g_assert (widget && GTK_IS_FILE_CHOOSER (widget)); - - filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); - if (!filename) - return TRUE; - g_free (filename); - } - return FALSE; -} - - -void -eap_method_ca_cert_not_required_toggled (GtkBuilder *builder, const char *id_ca_cert_not_required_checkbutton, const char *id_ca_cert_chooser) -{ - char *filename, *filename_old; - gboolean is_not_required; - GtkWidget *widget; - - g_assert (builder && id_ca_cert_not_required_checkbutton && id_ca_cert_chooser); - - widget = GTK_WIDGET (gtk_builder_get_object (builder, id_ca_cert_not_required_checkbutton)); - g_assert (widget && GTK_IS_TOGGLE_BUTTON (widget)); - is_not_required = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)); - - widget = GTK_WIDGET (gtk_builder_get_object (builder, id_ca_cert_chooser)); - g_assert (widget && GTK_IS_FILE_CHOOSER (widget)); - - filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); - filename_old = g_object_steal_data (G_OBJECT (widget), "filename-old"); - if (is_not_required) { - g_free (filename_old); - filename_old = filename; - filename = NULL; - } else { - g_free (filename); - filename = filename_old; - filename_old = NULL; - } - gtk_widget_set_sensitive (widget, !is_not_required); - if (filename) - gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename); - else - gtk_file_chooser_unselect_all (GTK_FILE_CHOOSER (widget)); - g_free (filename); - g_object_set_data_full (G_OBJECT (widget), "filename-old", filename_old, g_free); -} - /* Used as both GSettings keys and GObject data tags */ #define IGNORE_CA_CERT_TAG "ignore-ca-cert" #define IGNORE_PHASE2_CA_CERT_TAG "ignore-phase2-ca-cert" diff --git a/src/wireless-security/eap-method.h b/src/wireless-security/eap-method.h index 665d2d89..39cee40f 100644 --- a/src/wireless-security/eap-method.h +++ b/src/wireless-security/eap-method.h @@ -91,33 +91,11 @@ EAPMethod *eap_method_init (gsize obj_size, const char *default_field, gboolean phase2); -GtkFileFilter * eap_method_default_file_chooser_filter_new (gboolean privkey); - -gboolean eap_method_is_encrypted_private_key (const char *path); - -#define TYPE_CLIENT_CERT 0 -#define TYPE_CA_CERT 1 -#define TYPE_PRIVATE_KEY 2 - -gboolean eap_method_validate_filepicker (GtkBuilder *builder, - const char *name, - guint32 item_type, - const char *password, - NMSetting8021xCKFormat *out_format, - GError **error); - void eap_method_phase2_update_secrets_helper (EAPMethod *method, NMConnection *connection, const char *combo_name, guint32 column); -gboolean eap_method_ca_cert_required (GtkBuilder *builder, - const char *id_ca_cert_is_not_required_checkbox, - const char *id_ca_cert_chooser); -void eap_method_ca_cert_not_required_toggled (GtkBuilder *builder, - const char *id_ca_cert_is_not_required_checkbox, - const char *id_ca_cert_chooser); - void eap_method_ca_cert_ignore_set (EAPMethod *method, NMConnection *connection, const char *filename, |