diff options
author | Lubomir Rintel <lkundrak@v3.sk> | 2017-06-09 18:39:23 +0200 |
---|---|---|
committer | Lubomir Rintel <lkundrak@v3.sk> | 2017-06-13 15:02:26 +0200 |
commit | 6c2af17fd6067223d642587e0f9794d2c20739a2 (patch) | |
tree | 1a22a0726ce85fa441955dece743a9a5f0190d4c /src/wireless-security | |
parent | 9f6e1b68d8bce3d1efa4bc9b3412f657119874a1 (diff) | |
download | network-manager-applet-6c2af17fd6067223d642587e0f9794d2c20739a2.tar.gz |
wireless-security/ttls: use the certificate chooser widget
Reduces code duplication.
Diffstat (limited to 'src/wireless-security')
-rw-r--r-- | src/wireless-security/eap-method-ttls.c | 140 | ||||
-rw-r--r-- | src/wireless-security/eap-method-ttls.ui | 41 |
2 files changed, 99 insertions, 82 deletions
diff --git a/src/wireless-security/eap-method-ttls.c b/src/wireless-security/eap-method-ttls.c index 2598cb4f..17cfe350 100644 --- a/src/wireless-security/eap-method-ttls.c +++ b/src/wireless-security/eap-method-ttls.c @@ -17,7 +17,7 @@ * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * - * Copyright 2007 - 2014 Red Hat, Inc. + * Copyright 2007 - 2017 Red Hat, Inc. */ #include "nm-default.h" @@ -27,6 +27,7 @@ #include "eap-method.h" #include "wireless-security.h" +#include "nma-cert-chooser.h" #include "utils.h" #define I_NAME_COLUMN 0 @@ -39,6 +40,8 @@ struct _EAPMethodTTLS { GtkSizeGroup *size_group; WirelessSecurity *sec_parent; gboolean is_editor; + + GtkWidget *ca_cert_chooser; }; static void @@ -53,22 +56,16 @@ destroy (EAPMethod *parent) static gboolean validate (EAPMethod *parent, GError **error) { + EAPMethodTTLS *method = (EAPMethodTTLS *) parent; GtkWidget *widget; GtkTreeModel *model; GtkTreeIter iter; EAPMethod *eap = NULL; gboolean valid = FALSE; - GError *local = NULL; - if (!eap_method_validate_filepicker (parent->builder, "eap_ttls_ca_cert_button", TYPE_CA_CERT, NULL, NULL, &local)) { - g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid EAP-TTLS CA certificate: %s"), local->message); - g_clear_error (&local); - return FALSE; - } - if (eap_method_ca_cert_required (parent->builder, "eap_ttls_ca_cert_not_required_checkbox", "eap_ttls_ca_cert_button")) { - g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid EAP-TTLS CA certificate: no certificate specified")); + if ( gtk_widget_get_sensitive (method->ca_cert_chooser) + && !nma_cert_chooser_validate (NMA_CERT_CHOOSER (method->ca_cert_chooser), error)) return FALSE; - } widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo")); g_assert (widget); @@ -85,9 +82,10 @@ validate (EAPMethod *parent, GError **error) static void ca_cert_not_required_toggled (GtkWidget *ignored, gpointer user_data) { - EAPMethod *parent = user_data; + EAPMethodTTLS *method = (EAPMethodTTLS *) user_data; - eap_method_ca_cert_not_required_toggled (parent->builder, "eap_ttls_ca_cert_not_required_checkbox", "eap_ttls_ca_cert_button"); + gtk_widget_set_sensitive (method->ca_cert_chooser, + !gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (ignored))); } static void @@ -111,9 +109,7 @@ add_to_size_group (EAPMethod *parent, GtkSizeGroup *group) g_assert (widget); gtk_size_group_add_widget (group, widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_label")); - g_assert (widget); - gtk_size_group_add_widget (group, widget); + nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->ca_cert_chooser), group); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label")); g_assert (widget); @@ -133,15 +129,20 @@ add_to_size_group (EAPMethod *parent, GtkSizeGroup *group) static void fill_connection (EAPMethod *parent, NMConnection *connection) { + EAPMethodTTLS *method = (EAPMethodTTLS *) parent; NMSetting8021x *s_8021x; NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; +#if LIBNM_BUILD + NMSettingSecretFlags secret_flags; +#endif GtkWidget *widget; const char *text; - char *filename; + char *value = NULL; EAPMethod *eap = NULL; GtkTreeModel *model; GtkTreeIter iter; GError *error = NULL; + NMSetting8021xCKScheme scheme; gboolean ca_cert_error = FALSE; s_8021x = nm_connection_get_setting_802_1x (connection); @@ -155,16 +156,31 @@ fill_connection (EAPMethod *parent, NMConnection *connection) if (text && strlen (text)) g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button")); - g_assert (widget); - filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); - if (!nm_setting_802_1x_set_ca_cert (s_8021x, filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) { - g_warning ("Couldn't read CA certificate '%s': %s", filename, error ? error->message : "(unknown)"); +#if LIBNM_BUILD +/* libnm-glib doesn't support this. */ + /* Save CA certificate PIN password flags to the connection */ + secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser)); + nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_CA_CERT_PASSWORD, + secret_flags, NULL); + if (method->is_editor) { + /* Update secret flags and popup when editing the connection */ + nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser), + secret_flags, NM_SETTING (s_8021x), + NM_SETTING_802_1X_CA_CERT_PASSWORD); + } +#endif + + /* TLS CA certificate */ + if (gtk_widget_get_sensitive (method->ca_cert_chooser)) + value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme); + format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN; + if (!nm_setting_802_1x_set_ca_cert (s_8021x, value, scheme, &format, &error)) { + g_warning ("Couldn't read CA certificate '%s': %s", value, error ? error->message : "(unknown)"); g_clear_error (&error); ca_cert_error = TRUE; } - eap_method_ca_cert_ignore_set (parent, connection, filename, ca_cert_error); - g_free (filename); + eap_method_ca_cert_ignore_set (parent, connection, value, ca_cert_error); + g_free (value); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo")); model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); @@ -388,10 +404,9 @@ eap_method_ttls_new (WirelessSecurity *ws_parent, { EAPMethod *parent; EAPMethodTTLS *method; - GtkWidget *widget, *widget_ca_not_required_checkbox; - GtkFileFilter *filter; + GtkWidget *widget; NMSetting8021x *s_8021x = NULL; - const char *filename; + gboolean ca_not_required = FALSE; parent = eap_method_init (sizeof (EAPMethodTTLS), validate, @@ -414,6 +429,46 @@ eap_method_ttls_new (WirelessSecurity *ws_parent, if (connection) s_8021x = nm_connection_get_setting_802_1x (connection); + + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_grid")); + g_assert (widget); + + method->ca_cert_chooser = nma_cert_chooser_new ("CA", + NMA_CERT_CHOOSER_FLAG_CERT + | (secrets_only ? NMA_CERT_CHOOSER_FLAG_PASSWORDS : 0)); + gtk_grid_attach (GTK_GRID (widget), method->ca_cert_chooser, 0, 1, 2, 1); + gtk_widget_show (method->ca_cert_chooser); + + g_signal_connect (method->ca_cert_chooser, + "cert-validate", + G_CALLBACK (eap_method_ca_cert_validate_cb), + NULL); + g_signal_connect (method->ca_cert_chooser, + "changed", + G_CALLBACK (wireless_security_changed_cb), + ws_parent); + + eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x, + nm_setting_802_1x_get_ca_cert_scheme, + nm_setting_802_1x_get_ca_cert_path, + nm_setting_802_1x_get_ca_cert_uri, + nm_setting_802_1x_get_ca_cert_password, + NULL, + NULL, + NULL, + NULL); + + if (connection && eap_method_ca_cert_ignore_get (parent, connection)) { + gchar *ca_cert; + NMSetting8021xCKScheme scheme; + + ca_cert = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme); + if (ca_cert) + g_free (ca_cert); + else + ca_not_required = TRUE; + } + widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_not_required_checkbox")); g_assert (widget); g_signal_connect (G_OBJECT (widget), "toggled", @@ -422,28 +477,7 @@ eap_method_ttls_new (WirelessSecurity *ws_parent, g_signal_connect (G_OBJECT (widget), "toggled", (GCallback) wireless_security_changed_cb, ws_parent); - widget_ca_not_required_checkbox = widget; - - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button")); - g_assert (widget); - gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE); - gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget), - _("Choose a Certificate Authority certificate")); - g_signal_connect (G_OBJECT (widget), "selection-changed", - (GCallback) wireless_security_changed_cb, - ws_parent); - filter = eap_method_default_file_chooser_filter_new (FALSE); - gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter); - if (connection && s_8021x) { - filename = NULL; - if (nm_setting_802_1x_get_ca_cert_scheme (s_8021x) == NM_SETTING_802_1X_CK_SCHEME_PATH) { - filename = nm_setting_802_1x_get_ca_cert_path (s_8021x); - if (filename) - gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename); - } - gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget_ca_not_required_checkbox), - !filename && eap_method_ca_cert_ignore_get (parent, connection)); - } + gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), ca_not_required); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry")); if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x)) @@ -460,10 +494,6 @@ eap_method_ttls_new (WirelessSecurity *ws_parent, gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry")); gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_label")); - gtk_widget_hide (widget); - widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button")); - gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_not_required_checkbox")); gtk_widget_hide (widget); widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label")); @@ -472,6 +502,12 @@ eap_method_ttls_new (WirelessSecurity *ws_parent, gtk_widget_hide (widget); } +#if LIBNM_BUILD + nma_cert_chooser_setup_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser), + 0, (NMSetting *) s_8021x, NM_SETTING_802_1X_CA_CERT_PASSWORD, + FALSE, secrets_only); +#endif + return method; } diff --git a/src/wireless-security/eap-method-ttls.ui b/src/wireless-security/eap-method-ttls.ui index b8566908..2b156517 100644 --- a/src/wireless-security/eap-method-ttls.ui +++ b/src/wireless-security/eap-method-ttls.ui @@ -51,28 +51,18 @@ </packing> </child> <child> - <object class="GtkLabel" id="eap_ttls_ca_cert_label"> + <object class="GtkVBox" id="eap_ttls_inner_auth_vbox"> <property name="visible">True</property> <property name="can_focus">False</property> - <property name="label" translatable="yes">C_A certificate:</property> - <property name="use_underline">True</property> - <property name="mnemonic_widget">eap_ttls_ca_cert_button</property> - <property name="xalign">0</property> + <property name="spacing">6</property> + <child> + <placeholder/> + </child> </object> <packing> <property name="left_attach">0</property> - <property name="top_attach">1</property> - </packing> - </child> - <child> - <object class="GtkFileChooserButton" id="eap_ttls_ca_cert_button"> - <property name="visible">True</property> - <property name="can_focus">False</property> - <property name="hexpand">True</property> - </object> - <packing> - <property name="left_attach">1</property> - <property name="top_attach">1</property> + <property name="top_attach">4</property> + <property name="width">2</property> </packing> </child> <child> @@ -124,19 +114,10 @@ </packing> </child> <child> - <object class="GtkVBox" id="eap_ttls_inner_auth_vbox"> - <property name="visible">True</property> - <property name="can_focus">False</property> - <property name="spacing">6</property> - <child> - <placeholder/> - </child> - </object> - <packing> - <property name="left_attach">0</property> - <property name="top_attach">4</property> - <property name="width">2</property> - </packing> + <placeholder/> + </child> + <child> + <placeholder/> </child> <child> <placeholder/> |