File nm-applet-probe-radius-server-cert.patch of Package NetworkManager-applet
From aba0bd71caf050baa10c1f354e4d519fa0d887d2 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <chingpang@gmail.com>
Date: Wed, 18 Jul 2012 14:52:29 +0800
Subject: [PATCH 1/5] security: new entry for the subject and support server
hash
---
src/wireless-security/eap-method-peap.c | 86 +++++++++++++++++++++++++++++++
src/wireless-security/eap-method-peap.ui | 74 ++++++++++++++++++++------
src/wireless-security/eap-method-tls.c | 73 ++++++++++++++++++++++++++
src/wireless-security/eap-method-tls.ui | 63 ++++++++++++++++------
src/wireless-security/eap-method-ttls.c | 86 +++++++++++++++++++++++++++++++
src/wireless-security/eap-method-ttls.ui | 66 +++++++++++++++++++-----
src/wireless-security/wireless-security.c | 22 ++++++++
src/wireless-security/wireless-security.h | 3 ++
8 files changed, 426 insertions(+), 47 deletions(-)
Index: network-manager-applet-1.0.8/src/wireless-security/eap-method-peap.c
===================================================================
--- network-manager-applet-1.0.8.orig/src/wireless-security/eap-method-peap.c
+++ network-manager-applet-1.0.8/src/wireless-security/eap-method-peap.c
@@ -36,6 +36,8 @@
#define I_NAME_COLUMN 0
#define I_METHOD_COLUMN 1
+#define SUBJECT_NOTE _("<will be filled automatically>")
+
struct _EAPMethodPEAP {
EAPMethod parent;
@@ -114,6 +116,10 @@ add_to_size_group (EAPMethod *parent, Gt
g_assert (widget);
gtk_size_group_add_widget (group, widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_subject_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_label"));
g_assert (widget);
gtk_size_group_add_widget (group, widget);
@@ -142,6 +148,7 @@ fill_connection (EAPMethod *parent, NMCo
{
NMSetting8021x *s_8021x;
NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ NMSetting8021xCKScheme cert_scheme;
GtkWidget *widget;
const char *text;
char *filename;
@@ -163,13 +170,21 @@ fill_connection (EAPMethod *parent, NMCo
if (text && strlen (text))
g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_subject_entry"));
+ g_assert (widget);
+ text = gtk_entry_get_text (GTK_ENTRY (widget));
+ if (text && strlen (text) && g_strcmp0 (text, SUBJECT_NOTE) != 0)
+ g_object_set (s_8021x, NM_SETTING_802_1X_SUBJECT_MATCH, text, NULL);
+
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_button"));
g_assert (widget);
filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
- if (!nm_setting_802_1x_set_ca_cert (s_8021x, filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
- g_warning ("Couldn't read CA certificate '%s': %s", filename, error ? error->message : "(unknown)");
- g_clear_error (&error);
- ca_cert_error = TRUE;
+ cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x);
+ if (filename || cert_scheme != NM_SETTING_802_1X_CK_SCHEME_HASH) {
+ if (!nm_setting_802_1x_set_ca_cert (s_8021x, filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
+ g_warning ("Couldn't read CA certificate '%s': %s", filename, error ? error->message : "(unknown)");
+ g_clear_error (&error);
+ }
}
eap_method_ca_cert_ignore_set (parent, connection, filename, ca_cert_error);
g_free (filename);
@@ -334,6 +349,37 @@ update_secrets (EAPMethod *parent, NMCon
I_METHOD_COLUMN);
}
+static gboolean
+subject_entry_focus_in_cb (GtkWidget *widget,
+ GdkEvent *event,
+ gpointer user_data)
+{
+ const char *text = gtk_entry_get_text (GTK_ENTRY (widget));
+ if (g_strcmp0 (text, SUBJECT_NOTE) == 0) {
+ gtk_entry_set_text (GTK_ENTRY (widget), "");
+ gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, NULL);
+ }
+ return FALSE;
+}
+
+static gboolean
+subject_entry_focus_out_cb (GtkWidget *widget,
+ GdkEvent *event,
+ gpointer user_data)
+{
+ const char *text = gtk_entry_get_text (GTK_ENTRY (widget));
+ GtkStyleContext *context;
+ GdkRGBA color;
+
+ if (!text || !strlen (text)) {
+ gtk_entry_set_text (GTK_ENTRY (widget), SUBJECT_NOTE);
+ context = gtk_widget_get_style_context (widget);
+ gtk_style_context_get_color (context, GTK_STATE_FLAG_INSENSITIVE, &color);
+ gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, &color);
+ }
+ return FALSE;
+}
+
EAPMethodPEAP *
eap_method_peap_new (WirelessSecurity *ws_parent,
NMConnection *connection,
@@ -421,6 +467,43 @@ eap_method_peap_new (WirelessSecurity *w
(GCallback) wireless_security_changed_cb,
ws_parent);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_subject_entry"));
+ if (s_8021x) {
+ const char *text = nm_setting_802_1x_get_subject_match (s_8021x);
+ if (!text) {
+ GtkStyleContext *context;
+ GdkRGBA color;
+ context = gtk_widget_get_style_context (widget);
+ gtk_style_context_get_color (context, GTK_STATE_FLAG_INSENSITIVE, &color);
+ gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, &color);
+ gtk_entry_set_text (GTK_ENTRY (widget), SUBJECT_NOTE);
+ } else {
+ gtk_entry_set_text (GTK_ENTRY (widget), text);
+ }
+ g_signal_connect (G_OBJECT (widget), "focus-in-event",
+ (GCallback) subject_entry_focus_in_cb,
+ NULL);
+ g_signal_connect (G_OBJECT (widget), "focus-out-event",
+ (GCallback) subject_entry_focus_out_cb,
+ NULL);
+ }
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) wireless_security_changed_cb,
+ ws_parent);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_note_label"));
+ gtk_widget_hide (widget);
+ if (s_8021x) {
+ NMSetting8021xCKScheme cert_scheme;
+ cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x);
+ if (cert_scheme == NM_SETTING_802_1X_CK_SCHEME_HASH) {
+ gtk_label_set_text (GTK_LABEL (widget),
+ _("<b>Note:</b> Server hash is used instead of CA certificate"));
+ gtk_label_set_use_markup (GTK_LABEL (widget), TRUE);
+ gtk_widget_show (widget);
+ }
+ }
+
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_entry"));
if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x))
gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x));
@@ -433,12 +516,18 @@ eap_method_peap_new (WirelessSecurity *w
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_entry"));
gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_subject_label"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_subject_entry"));
+ gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_label"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_button"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_ca_cert_not_required_checkbox"));
gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_note_label"));
+ gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_label"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo"));
Index: network-manager-applet-1.0.8/src/wireless-security/eap-method-peap.ui
===================================================================
--- network-manager-applet-1.0.8.orig/src/wireless-security/eap-method-peap.ui
+++ network-manager-applet-1.0.8/src/wireless-security/eap-method-peap.ui
@@ -38,7 +38,7 @@
<object class="GtkTable" id="table13">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="n_rows">5</property>
+ <property name="n_rows">8</property>
<property name="n_columns">2</property>
<property name="column_spacing">12</property>
<property name="row_spacing">6</property>
@@ -69,6 +69,35 @@
</packing>
</child>
<child>
+ <object class="GtkLabel" id="eap_peap_subject_label">
+ <property name="visible">True</property>
+ <property name="xalign">0</property>
+ <property name="label" translatable="yes">_Subject:</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_peap_subject_entry</property>
+ </object>
+ <packing>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="x_options">GTK_FILL</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="eap_peap_subject_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="activates_default">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+ <child>
<object class="GtkLabel" id="eap_peap_ca_cert_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
@@ -78,8 +107,8 @@
<property name="mnemonic_widget">eap_peap_ca_cert_button</property>
</object>
<packing>
- <property name="top_attach">1</property>
- <property name="bottom_attach">2</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options"/>
</packing>
@@ -92,8 +121,8 @@
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
- <property name="top_attach">1</property>
- <property name="bottom_attach">2</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options">GTK_FILL</property>
</packing>
@@ -111,13 +140,24 @@
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
- <property name="top_attach">2</property>
- <property name="bottom_attach">3</property>
+ <property name="top_attach">3</property>
+ <property name="bottom_attach">4</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options"/>
</packing>
</child>
<child>
+ <object class="GtkLabel" id="eap_peap_note_label">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Note</property>
+ </object>
+ <packing>
+ <property name="right_attach">2</property>
+ <property name="top_attach">4</property>
+ <property name="bottom_attach">5</property>
+ </packing>
+ </child>
+ <child>
<object class="GtkVBox" id="eap_peap_inner_auth_vbox">
<property name="visible">True</property>
<property name="can_focus">False</property>
@@ -127,8 +167,8 @@
</object>
<packing>
<property name="right_attach">2</property>
- <property name="top_attach">5</property>
- <property name="bottom_attach">6</property>
+ <property name="top_attach">7</property>
+ <property name="bottom_attach">8</property>
<property name="x_options">GTK_FILL</property>
</packing>
</child>
@@ -142,8 +182,8 @@
<property name="mnemonic_widget">eap_peap_inner_auth_combo</property>
</object>
<packing>
- <property name="top_attach">4</property>
- <property name="bottom_attach">5</property>
+ <property name="top_attach">6</property>
+ <property name="bottom_attach">7</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options"/>
</packing>
@@ -163,8 +203,8 @@
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
- <property name="top_attach">4</property>
- <property name="bottom_attach">5</property>
+ <property name="top_attach">6</property>
+ <property name="bottom_attach">7</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options">GTK_FILL</property>
</packing>
@@ -179,8 +219,8 @@
<property name="mnemonic_widget">eap_peap_version_combo</property>
</object>
<packing>
- <property name="top_attach">3</property>
- <property name="bottom_attach">4</property>
+ <property name="top_attach">5</property>
+ <property name="bottom_attach">6</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options"/>
</packing>
@@ -200,8 +240,8 @@
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
- <property name="top_attach">3</property>
- <property name="bottom_attach">4</property>
+ <property name="top_attach">5</property>
+ <property name="bottom_attach">6</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options">GTK_FILL</property>
</packing>
Index: network-manager-applet-1.0.8/src/wireless-security/eap-method-tls.c
===================================================================
--- network-manager-applet-1.0.8.orig/src/wireless-security/eap-method-tls.c
+++ network-manager-applet-1.0.8/src/wireless-security/eap-method-tls.c
@@ -35,6 +35,8 @@
#include "nm-ui-utils.h"
#include "utils.h"
+#define SUBJECT_NOTE _("<will be filled automatically>")
+
struct _EAPMethodTLS {
EAPMethod parent;
@@ -140,6 +142,10 @@ add_to_size_group (EAPMethod *parent, Gt
g_assert (widget);
gtk_size_group_add_widget (group, widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_subject_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_label"));
g_assert (widget);
gtk_size_group_add_widget (group, widget);
@@ -154,10 +160,12 @@ fill_connection (EAPMethod *parent, NMCo
{
EAPMethodTLS *method = (EAPMethodTLS *) parent;
NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ NMSetting8021xCKScheme cert_scheme;
NMSetting8021x *s_8021x;
NMSettingSecretFlags secret_flags;
GtkWidget *widget, *passwd_entry;
char *ca_filename, *pk_filename, *cc_filename;
+ const char *subject;
const char *password = NULL;
GError *error = NULL;
gboolean ca_cert_error = FALSE;
@@ -248,14 +256,22 @@ fill_connection (EAPMethod *parent, NMCo
ca_cert_error = TRUE;
}
} else {
- if (!nm_setting_802_1x_set_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
- g_warning ("Couldn't read CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)");
- g_clear_error (&error);
- ca_cert_error = TRUE;
+ cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x);
+ if (ca_filename || cert_scheme != NM_SETTING_802_1X_CK_SCHEME_HASH) {
+ if (!nm_setting_802_1x_set_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
+ g_warning ("Couldn't read CA certificate '%s': %s", ca_filename, error ? error->message : "(unknown)");
+ g_clear_error (&error);
+ }
}
}
eap_method_ca_cert_ignore_set (parent, connection, ca_filename, ca_cert_error);
g_free (ca_filename);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_subject_entry"));
+ g_assert (widget);
+ subject = gtk_entry_get_text (GTK_ENTRY (widget));
+ if (subject && strlen (subject) && g_strcmp0 (subject, SUBJECT_NOTE) != 0)
+ g_object_set (s_8021x, NM_SETTING_802_1X_SUBJECT_MATCH, subject, NULL);
}
static void
@@ -424,6 +440,37 @@ update_secrets (EAPMethod *parent, NMCon
}
}
+static gboolean
+subject_entry_focus_in_cb (GtkWidget *widget,
+ GdkEvent *event,
+ gpointer user_data)
+{
+ const char *text = gtk_entry_get_text (GTK_ENTRY (widget));
+ if (g_strcmp0 (text, SUBJECT_NOTE) == 0) {
+ gtk_entry_set_text (GTK_ENTRY (widget), "");
+ gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, NULL);
+ }
+ return FALSE;
+}
+
+static gboolean
+subject_entry_focus_out_cb (GtkWidget *widget,
+ GdkEvent *event,
+ gpointer user_data)
+{
+ const char *text = gtk_entry_get_text (GTK_ENTRY (widget));
+ GtkStyleContext *context;
+ GdkRGBA color;
+
+ if (!text || !strlen (text)) {
+ gtk_entry_set_text (GTK_ENTRY (widget), SUBJECT_NOTE);
+ context = gtk_widget_get_style_context (widget);
+ gtk_style_context_get_color (context, GTK_STATE_FLAG_INSENSITIVE, &color);
+ gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, &color);
+ }
+ return FALSE;
+}
+
EAPMethodTLS *
eap_method_tls_new (WirelessSecurity *ws_parent,
NMConnection *connection,
@@ -487,6 +534,31 @@ eap_method_tls_new (WirelessSecurity *ws
phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme : nm_setting_802_1x_get_ca_cert_scheme,
phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path : nm_setting_802_1x_get_ca_cert_path,
FALSE, FALSE);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_subject_entry"));
+ if (s_8021x) {
+ const char *text = nm_setting_802_1x_get_subject_match (s_8021x);
+ if (!text) {
+ GtkStyleContext *context;
+ GdkRGBA color;
+ context = gtk_widget_get_style_context (widget);
+ gtk_style_context_get_color (context, GTK_STATE_FLAG_INSENSITIVE, &color);
+ gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, &color);
+ gtk_entry_set_text (GTK_ENTRY (widget), SUBJECT_NOTE);
+ } else {
+ gtk_entry_set_text (GTK_ENTRY (widget), text);
+ }
+ g_signal_connect (G_OBJECT (widget), "focus-in-event",
+ (GCallback) subject_entry_focus_in_cb,
+ NULL);
+ g_signal_connect (G_OBJECT (widget), "focus-out-event",
+ (GCallback) subject_entry_focus_out_cb,
+ NULL);
+ }
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) wireless_security_changed_cb,
+ ws_parent);
+
setup_filepicker (parent->builder, "eap_tls_private_key_button",
_("Choose your private key..."),
ws_parent, parent, s_8021x,
@@ -538,6 +610,10 @@ eap_method_tls_new (WirelessSecurity *ws
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_ca_cert_not_required_checkbox"));
gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_subject_label"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_subject_entry"));
+ gtk_widget_hide (widget);
}
return method;
Index: network-manager-applet-1.0.8/src/wireless-security/eap-method-tls.ui
===================================================================
--- network-manager-applet-1.0.8.orig/src/wireless-security/eap-method-tls.ui
+++ network-manager-applet-1.0.8/src/wireless-security/eap-method-tls.ui
@@ -11,7 +11,7 @@
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="valign">start</property>
- <property name="n_rows">6</property>
+ <property name="n_rows">7</property>
<property name="n_columns">2</property>
<property name="column_spacing">12</property>
<property name="row_spacing">6</property>
@@ -61,6 +61,35 @@
</packing>
</child>
<child>
+ <object class="GtkLabel" id="eap_tls_subject_label">
+ <property name="visible">True</property>
+ <property name="xalign">0</property>
+ <property name="label" translatable="yes">CA _subject:</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_tls_subject_entry</property>
+ </object>
+ <packing>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
+ <property name="x_options">GTK_FILL</property>
+ <property name="y_options"/>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="eap_tls_subject_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="activates_default">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
+ <property name="y_options"/>
+ </packing>
+ </child>
+ <child>
<object class="GtkLabel" id="eap_tls_ca_cert_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
@@ -70,8 +99,8 @@
<property name="mnemonic_widget">eap_tls_ca_cert_button</property>
</object>
<packing>
- <property name="top_attach">2</property>
- <property name="bottom_attach">3</property>
+ <property name="top_attach">3</property>
+ <property name="bottom_attach">4</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options"/>
</packing>
@@ -84,8 +113,8 @@
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
- <property name="top_attach">2</property>
- <property name="bottom_attach">3</property>
+ <property name="top_attach">3</property>
+ <property name="bottom_attach">4</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options">GTK_FILL</property>
</packing>
@@ -103,8 +132,8 @@
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
- <property name="top_attach">3</property>
- <property name="bottom_attach">4</property>
+ <property name="top_attach">4</property>
+ <property name="bottom_attach">5</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options"/>
</packing>
@@ -119,8 +148,8 @@
<property name="mnemonic_widget">eap_tls_private_key_button</property>
</object>
<packing>
- <property name="top_attach">4</property>
- <property name="bottom_attach">5</property>
+ <property name="top_attach">5</property>
+ <property name="bottom_attach">6</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options"/>
</packing>
@@ -133,8 +162,8 @@
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
- <property name="top_attach">4</property>
- <property name="bottom_attach">5</property>
+ <property name="top_attach">5</property>
+ <property name="bottom_attach">6</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options">GTK_FILL</property>
</packing>
@@ -149,8 +178,8 @@
<property name="mnemonic_widget">eap_tls_private_key_password_entry</property>
</object>
<packing>
- <property name="top_attach">5</property>
- <property name="bottom_attach">6</property>
+ <property name="top_attach">6</property>
+ <property name="bottom_attach">7</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options"/>
</packing>
@@ -165,8 +194,8 @@
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
- <property name="top_attach">5</property>
- <property name="bottom_attach">6</property>
+ <property name="top_attach">6</property>
+ <property name="bottom_attach">7</property>
<property name="y_options"/>
</packing>
</child>
@@ -183,8 +212,8 @@
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
- <property name="top_attach">6</property>
- <property name="bottom_attach">7</property>
+ <property name="top_attach">7</property>
+ <property name="bottom_attach">8</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options"/>
</packing>
Index: network-manager-applet-1.0.8/src/wireless-security/eap-method-ttls.c
===================================================================
--- network-manager-applet-1.0.8.orig/src/wireless-security/eap-method-ttls.c
+++ network-manager-applet-1.0.8/src/wireless-security/eap-method-ttls.c
@@ -36,6 +36,8 @@
#define I_NAME_COLUMN 0
#define I_METHOD_COLUMN 1
+#define SUBJECT_NOTE _("<will be filled automatically>")
+
struct _EAPMethodTTLS {
EAPMethod parent;
@@ -114,6 +116,10 @@ add_to_size_group (EAPMethod *parent, Gt
g_assert (widget);
gtk_size_group_add_widget (group, widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_subject_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_label"));
g_assert (widget);
gtk_size_group_add_widget (group, widget);
@@ -138,6 +144,7 @@ fill_connection (EAPMethod *parent, NMCo
{
NMSetting8021x *s_8021x;
NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ NMSetting8021xCKScheme cert_scheme;
GtkWidget *widget;
const char *text;
char *filename;
@@ -158,13 +165,21 @@ fill_connection (EAPMethod *parent, NMCo
if (text && strlen (text))
g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_subject_entry"));
+ g_assert (widget);
+ text = gtk_entry_get_text (GTK_ENTRY (widget));
+ if (text && strlen (text) && g_strcmp0 (text, SUBJECT_NOTE) != 0)
+ g_object_set (s_8021x, NM_SETTING_802_1X_SUBJECT_MATCH, text, NULL);
+
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button"));
g_assert (widget);
filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
- if (!nm_setting_802_1x_set_ca_cert (s_8021x, filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
- g_warning ("Couldn't read CA certificate '%s': %s", filename, error ? error->message : "(unknown)");
- g_clear_error (&error);
- ca_cert_error = TRUE;
+ cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x);
+ if (filename || cert_scheme != NM_SETTING_802_1X_CK_SCHEME_HASH) {
+ if (!nm_setting_802_1x_set_ca_cert (s_8021x, filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
+ g_warning ("Couldn't read CA certificate '%s': %s", filename, error ? error->message : "(unknown)");
+ g_clear_error (&error);
+ }
}
eap_method_ca_cert_ignore_set (parent, connection, filename, ca_cert_error);
g_free (filename);
@@ -365,6 +380,37 @@ update_secrets (EAPMethod *parent, NMCon
I_METHOD_COLUMN);
}
+static gboolean
+subject_entry_focus_in_cb (GtkWidget *widget,
+ GdkEvent *event,
+ gpointer user_data)
+{
+ const char *text = gtk_entry_get_text (GTK_ENTRY (widget));
+ if (g_strcmp0 (text, SUBJECT_NOTE) == 0) {
+ gtk_entry_set_text (GTK_ENTRY (widget), "");
+ gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, NULL);
+ }
+ return FALSE;
+}
+
+static gboolean
+subject_entry_focus_out_cb (GtkWidget *widget,
+ GdkEvent *event,
+ gpointer user_data)
+{
+ const char *text = gtk_entry_get_text (GTK_ENTRY (widget));
+ GtkStyleContext *context;
+ GdkRGBA color;
+
+ if (!text || !strlen (text)) {
+ gtk_entry_set_text (GTK_ENTRY (widget), SUBJECT_NOTE);
+ context = gtk_widget_get_style_context (widget);
+ gtk_style_context_get_color (context, GTK_STATE_FLAG_INSENSITIVE, &color);
+ gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, &color);
+ }
+ return FALSE;
+}
+
EAPMethodTTLS *
eap_method_ttls_new (WirelessSecurity *ws_parent,
NMConnection *connection,
@@ -430,6 +476,43 @@ eap_method_ttls_new (WirelessSecurity *w
!filename && eap_method_ca_cert_ignore_get (parent, connection));
}
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_subject_entry"));
+ if (s_8021x) {
+ const char *text = nm_setting_802_1x_get_subject_match (s_8021x);
+ if (!text) {
+ GtkStyleContext *context;
+ GdkRGBA color;
+ context = gtk_widget_get_style_context (widget);
+ gtk_style_context_get_color (context, GTK_STATE_FLAG_INSENSITIVE, &color);
+ gtk_widget_override_color (widget, GTK_STATE_FLAG_NORMAL, &color);
+ gtk_entry_set_text (GTK_ENTRY (widget), SUBJECT_NOTE);
+ } else {
+ gtk_entry_set_text (GTK_ENTRY (widget), text);
+ }
+ g_signal_connect (G_OBJECT (widget), "focus-in-event",
+ (GCallback) subject_entry_focus_in_cb,
+ NULL);
+ g_signal_connect (G_OBJECT (widget), "focus-out-event",
+ (GCallback) subject_entry_focus_out_cb,
+ NULL);
+ }
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) wireless_security_changed_cb,
+ ws_parent);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_note_label"));
+ gtk_widget_hide (widget);
+ if (s_8021x) {
+ NMSetting8021xCKScheme cert_scheme;
+ cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x);
+ if (cert_scheme == NM_SETTING_802_1X_CK_SCHEME_HASH) {
+ gtk_label_set_text (GTK_LABEL (widget),
+ _("<b>Note:</b> Server hash is used instead of CA certificate"));
+ gtk_label_set_use_markup (GTK_LABEL (widget), TRUE);
+ gtk_widget_show (widget);
+ }
+ }
+
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry"));
if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x))
gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_anonymous_identity (s_8021x));
@@ -445,12 +528,18 @@ eap_method_ttls_new (WirelessSecurity *w
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry"));
gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_subject_label"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_subject_entry"));
+ gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_label"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_not_required_checkbox"));
gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_note_label"));
+ gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
Index: network-manager-applet-1.0.8/src/wireless-security/eap-method-ttls.ui
===================================================================
--- network-manager-applet-1.0.8.orig/src/wireless-security/eap-method-ttls.ui
+++ network-manager-applet-1.0.8/src/wireless-security/eap-method-ttls.ui
@@ -21,7 +21,7 @@
<object class="GtkTable" id="table10">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="n_rows">4</property>
+ <property name="n_rows">7</property>
<property name="n_columns">2</property>
<property name="column_spacing">12</property>
<property name="row_spacing">6</property>
@@ -52,6 +52,35 @@
</packing>
</child>
<child>
+ <object class="GtkLabel" id="eap_ttls_subject_label">
+ <property name="visible">True</property>
+ <property name="xalign">0</property>
+ <property name="label" translatable="yes">_Subject:</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_ttls_subject_entry</property>
+ </object>
+ <packing>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="x_options">GTK_FILL</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="eap_ttls_subject_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="activates_default">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+ <child>
<object class="GtkLabel" id="eap_ttls_ca_cert_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
@@ -61,8 +90,8 @@
<property name="mnemonic_widget">eap_ttls_ca_cert_button</property>
</object>
<packing>
- <property name="top_attach">1</property>
- <property name="bottom_attach">2</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options"/>
</packing>
@@ -75,8 +104,8 @@
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
- <property name="top_attach">1</property>
- <property name="bottom_attach">2</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options">GTK_FILL</property>
</packing>
@@ -94,13 +123,24 @@
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
- <property name="top_attach">2</property>
- <property name="bottom_attach">3</property>
+ <property name="top_attach">3</property>
+ <property name="bottom_attach">4</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options"/>
</packing>
</child>
<child>
+ <object class="GtkLabel" id="eap_ttls_note_label">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Note</property>
+ </object>
+ <packing>
+ <property name="right_attach">2</property>
+ <property name="top_attach">4</property>
+ <property name="bottom_attach">5</property>
+ </packing>
+ </child>
+ <child>
<object class="GtkLabel" id="eap_ttls_inner_auth_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
@@ -110,8 +150,8 @@
<property name="mnemonic_widget">eap_ttls_inner_auth_combo</property>
</object>
<packing>
- <property name="top_attach">3</property>
- <property name="bottom_attach">4</property>
+ <property name="top_attach">5</property>
+ <property name="bottom_attach">6</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options"/>
</packing>
@@ -131,8 +171,8 @@
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
- <property name="top_attach">3</property>
- <property name="bottom_attach">4</property>
+ <property name="top_attach">5</property>
+ <property name="bottom_attach">6</property>
<property name="x_options">GTK_FILL</property>
<property name="y_options">GTK_FILL</property>
</packing>
@@ -148,8 +188,8 @@
</object>
<packing>
<property name="right_attach">2</property>
- <property name="top_attach">4</property>
- <property name="bottom_attach">5</property>
+ <property name="top_attach">6</property>
+ <property name="bottom_attach">7</property>
<property name="x_options">GTK_FILL</property>
</packing>
</child>
Index: network-manager-applet-1.0.8/src/wireless-security/wireless-security.c
===================================================================
--- network-manager-applet-1.0.8.orig/src/wireless-security/wireless-security.c
+++ network-manager-applet-1.0.8/src/wireless-security/wireless-security.c
@@ -533,11 +533,14 @@ ws_802_1x_fill_connection (WirelessSecur
{
GtkWidget *widget;
NMSettingWirelessSecurity *s_wireless_sec;
- NMSetting8021x *s_8021x;
+ NMSetting8021x *s_8021x, *old_s_8021x;
NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE;
+ NMSetting8021xCKScheme cert_scheme;
EAPMethod *eap = NULL;
GtkTreeModel *model;
GtkTreeIter iter;
+ char *subject, *cert_hash;
+ char *old_hash = NULL;
/* Get the EAPMethod object */
widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, combo_name));
@@ -553,6 +556,12 @@ ws_802_1x_fill_connection (WirelessSecur
else
secret_flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED;
+ old_s_8021x = nm_connection_get_setting_802_1x (connection);
+ if (old_s_8021x &&
+ nm_setting_802_1x_get_ca_cert_scheme (old_s_8021x) == NM_SETTING_802_1X_CK_SCHEME_HASH) {
+ old_hash = g_strdup (nm_setting_802_1x_get_ca_cert_hash (old_s_8021x));
+ }
+
/* Blow away the old wireless security setting by adding a clear one */
s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new ();
nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec);
@@ -561,8 +570,43 @@ ws_802_1x_fill_connection (WirelessSecur
s_8021x = (NMSetting8021x *) nm_setting_802_1x_new ();
nm_connection_add_setting (connection, (NMSetting *) s_8021x);
+ if (old_hash) {
+ NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ GError *error = NULL;
+ if (!nm_setting_802_1x_set_ca_cert (s_8021x,
+ old_hash,
+ NM_SETTING_802_1X_CK_SCHEME_HASH,
+ &format,
+ &error)) {
+ g_warning ("Couldn't set CA certificate '%s': %s", old_hash,
+ error ? error->message : "(unknown)");
+ g_error_free (error);
+ }
+ g_free (old_hash);
+ }
+
eap_method_fill_connection (eap, connection, secret_flags);
eap_method_unref (eap);
+
+ /* Fetch subject and cert_hash from connection */
+ subject = (char *)g_object_get_data (G_OBJECT (connection), NMA_SERVER_SUBJECT);
+ if (subject && !nm_setting_802_1x_get_subject_match (s_8021x))
+ g_object_set (s_8021x, NM_SETTING_802_1X_SUBJECT_MATCH, subject, NULL);
+
+ cert_hash = (char *)g_object_get_data (G_OBJECT (connection), NMA_SERVER_CERT_HASH);
+ cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x);
+ if (cert_hash && cert_scheme == NM_SETTING_802_1X_CK_SCHEME_UNKNOWN) {
+ NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ GError *error = NULL;
+ if (!nm_setting_802_1x_set_ca_cert (s_8021x,
+ cert_hash,
+ NM_SETTING_802_1X_CK_SCHEME_HASH,
+ &format,
+ &error)) {
+ g_warning ("Couldn't set CA certificate '%s': %s", cert_hash, error ? error->message : "(unknown)");
+ g_error_free (error);
+ }
+ }
}
void
Index: network-manager-applet-1.0.8/src/wireless-security/wireless-security.h
===================================================================
--- network-manager-applet-1.0.8.orig/src/wireless-security/wireless-security.h
+++ network-manager-applet-1.0.8/src/wireless-security/wireless-security.h
@@ -28,6 +28,9 @@
#include <nm-connection.h>
+#define NMA_SERVER_SUBJECT "nma-server-subject"
+#define NMA_SERVER_CERT_HASH "mna-server-cert-hash"
+
typedef struct _WirelessSecurity WirelessSecurity;
typedef void (*WSChangedFunc) (WirelessSecurity *sec, gpointer user_data);
Index: network-manager-applet-1.0.8/src/libnm-gtk/nm-wifi-dialog.c
===================================================================
--- network-manager-applet-1.0.8.orig/src/libnm-gtk/nm-wifi-dialog.c
+++ network-manager-applet-1.0.8/src/libnm-gtk/nm-wifi-dialog.c
@@ -78,6 +78,10 @@ typedef struct {
GetSecretsInfo *secrets_info;
gboolean disposed;
+
+ /* For Server certificate probe */
+ guint cert_id;
+ guint timeout_id;
} NMAWifiDialogPrivate;
enum {
@@ -111,6 +115,234 @@ nma_wifi_dialog_get_nag_ignored (NMAWifi
return TRUE;
}
+gboolean
+nma_wifi_dialog_need_cert_probe (NMAWifiDialog *self)
+{
+ NMAWifiDialogPrivate *priv;
+ NMSetting8021x *s_8021x;
+ NMSetting8021xCKScheme cert_scheme;
+ int i, num_eap;
+ char *subject, *cert_hash;
+ gboolean need_ca = FALSE;
+
+ g_return_val_if_fail (self != NULL, FALSE);
+
+ priv = NMA_WIFI_DIALOG_GET_PRIVATE (self);
+
+ s_8021x = nm_connection_get_setting_802_1x (priv->connection);
+ if (!s_8021x)
+ return FALSE;
+
+ num_eap = nm_setting_802_1x_get_num_eap_methods (s_8021x);
+ for (i = 0; i < num_eap; i++) {
+ const char *eap;
+ eap = nm_setting_802_1x_get_eap_method (s_8021x, i);
+ if ( g_strcmp0 (eap, "ttls") == 0
+ || g_strcmp0 (eap, "peap") == 0
+ || g_strcmp0 (eap, "tls") == 0) {
+ need_ca = TRUE;
+ break;
+ }
+ }
+
+ if (!need_ca)
+ return FALSE;
+
+ subject = (char *)g_object_get_data (G_OBJECT (priv->connection), NMA_SERVER_SUBJECT);
+ cert_hash = (char *)g_object_get_data (G_OBJECT (priv->connection), NMA_SERVER_CERT_HASH);
+ cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x);
+
+ if ( (!subject && !nm_setting_802_1x_get_subject_match (s_8021x))
+ || (!cert_hash && (cert_scheme == NM_SETTING_802_1X_CK_SCHEME_UNKNOWN)))
+ return TRUE;
+
+ return FALSE;
+}
+
+static gboolean
+show_probe_result_dialog (GtkWindow *parent,
+ NMConnection *connection,
+ NMSetting8021x *s_8021x,
+ const char *subject,
+ const char *cert_hash)
+{
+ NMSettingWireless *s_wireless;
+ GtkWidget *notify_dialog, *content;
+ GtkWidget *grid;
+ GtkWidget *context, *label, *entry;
+ char *ssid, *string;
+ int response_id;
+
+ s_wireless = nm_connection_get_setting_wireless (connection);
+ ssid = nm_utils_ssid_to_utf8 (nm_setting_wireless_get_ssid (s_wireless));
+
+ notify_dialog = gtk_dialog_new_with_buttons (ssid, parent,
+ GTK_DIALOG_MODAL,
+ GTK_STOCK_NO, GTK_RESPONSE_NO,
+ GTK_STOCK_YES, GTK_RESPONSE_YES,
+ NULL);
+ gtk_window_set_resizable (GTK_WINDOW (notify_dialog), FALSE);
+ content = gtk_dialog_get_content_area (GTK_DIALOG (notify_dialog));
+
+ grid = gtk_grid_new ();
+ gtk_grid_set_row_spacing (GTK_GRID (grid), 12);
+ gtk_container_set_border_width (GTK_CONTAINER (grid), 5);
+ gtk_container_add (GTK_CONTAINER (content), grid);
+
+ entry = gtk_entry_new ();
+ gtk_editable_set_editable (GTK_EDITABLE (entry), FALSE);
+ if (!cert_hash) {
+ string = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s %s</span>\n\n%s\n%s",
+ _("Server Certificate Probed:"),
+ ssid,
+ _("The subject is going to be filled with the probe result."),
+ _("Do you agree?"));
+ label = gtk_label_new (_("Subject:"));
+ gtk_entry_set_text (GTK_ENTRY (entry), subject);
+ } else {
+ string = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s %s</span>\n\n%s\n%s",
+ _("Server Certificate Probed:"),
+ ssid,
+ _("The CA certificate is going to be filled with the probed server hash."),
+ _("Do you agree?"));
+ label = gtk_label_new (_("CA Certificate:"));
+ gtk_entry_set_text (GTK_ENTRY (entry), cert_hash);
+ }
+ context = gtk_label_new (string);
+ g_free (string);
+ g_free (ssid);
+ gtk_label_set_line_wrap (GTK_LABEL (context), TRUE);
+ gtk_label_set_use_markup (GTK_LABEL (context), TRUE);
+ gtk_grid_attach (GTK_GRID (grid), context, 0, 0, 10, 1);
+ gtk_grid_attach (GTK_GRID (grid), label, 0, 1, 1, 1);
+ gtk_grid_attach (GTK_GRID (grid), entry, 1, 1, 9, 1);
+
+ gtk_widget_show_all (notify_dialog);
+
+ response_id = gtk_dialog_run (GTK_DIALOG (notify_dialog));
+
+ gtk_widget_destroy (notify_dialog);
+
+ if (response_id == GTK_RESPONSE_YES)
+ return TRUE;
+
+ return FALSE;
+}
+
+static void
+wifi_got_cert_cb (NMDeviceWifi *wifi,
+ GHashTable *cert,
+ gpointer user_data)
+{
+ NMAWifiDialog *self = NMA_WIFI_DIALOG (user_data);
+ NMAWifiDialogPrivate *priv;
+ NMSetting8021x *s_8021x;
+ const char *subject = NULL, *hash = NULL;
+ GValue *value;
+ gboolean response = FALSE;
+
+ priv = NMA_WIFI_DIALOG_GET_PRIVATE (self);
+
+ g_signal_handler_disconnect (NM_DEVICE_WIFI (priv->device), priv->cert_id);
+ if (priv->timeout_id) {
+ g_source_remove (priv->timeout_id);
+ priv->timeout_id = 0;
+ }
+
+ value = g_hash_table_lookup (cert, "subject");
+ if (value && G_VALUE_HOLDS_STRING (value))
+ subject = g_value_get_string (value);
+
+ value = g_hash_table_lookup (cert, "cert_hash");
+ if (value && G_VALUE_HOLDS_STRING (value))
+ hash = g_value_get_string (value);
+
+ if (!subject || !hash)
+ goto out;
+
+ s_8021x = nm_connection_get_setting_802_1x (priv->connection);
+ if (s_8021x) {
+ NMSetting8021xCKScheme cert_scheme;
+ char *hash_path = NULL;
+ gboolean ret;
+
+ cert_scheme = nm_setting_802_1x_get_ca_cert_scheme (s_8021x);
+ if (cert_scheme == NM_SETTING_802_1X_CK_SCHEME_UNKNOWN)
+ hash_path = g_strconcat ("hash://server/sha256/", hash, NULL);
+ ret = show_probe_result_dialog (gtk_window_get_transient_for (GTK_WINDOW (self)),
+ priv->connection,
+ s_8021x,
+ subject,
+ hash_path);
+ if (!ret) {
+ g_free (hash_path);
+ goto out;
+ }
+
+ g_object_set_data_full (G_OBJECT (priv->connection),
+ NMA_SERVER_SUBJECT, g_strdup (subject),
+ (GDestroyNotify) g_free);
+ g_object_set_data_full (G_OBJECT (priv->connection),
+ NMA_SERVER_CERT_HASH, hash_path,
+ (GDestroyNotify) g_free);
+ response = TRUE;
+ }
+out:
+ if (response)
+ gtk_dialog_response (GTK_DIALOG (self), GTK_RESPONSE_OK);
+ else
+ gtk_widget_show (GTK_WIDGET (self));
+}
+
+static gboolean
+wifi_cert_timeout_cb (gpointer user_data)
+{
+ NMAWifiDialog *self = (NMAWifiDialog *)user_data;
+ NMAWifiDialogPrivate *priv;
+
+ priv = NMA_WIFI_DIALOG_GET_PRIVATE (self);
+
+ priv->timeout_id = 0;
+
+ g_signal_handler_disconnect (NM_DEVICE_WIFI (priv->device), priv->cert_id);
+
+ gtk_widget_show (GTK_WIDGET (self));
+
+ return FALSE;
+}
+
+gboolean
+nma_wifi_dialog_probe_cert (NMAWifiDialog *self)
+{
+ NMAWifiDialogPrivate *priv;
+ NMDeviceWifi *wifi;
+ guint id;
+
+ g_return_val_if_fail (self != NULL, FALSE);
+
+ priv = NMA_WIFI_DIALOG_GET_PRIVATE (self);
+ wifi = NM_DEVICE_WIFI (priv->device);
+
+ if (!nm_device_wifi_probe_cert (wifi, priv->connection))
+ return FALSE;
+
+ id = g_timeout_add_seconds (30,
+ (GSourceFunc)wifi_cert_timeout_cb,
+ (gpointer)self);
+ if (id <= 0) {
+ g_warning ("Failed to add timeout for server certificate probe");
+ return FALSE;
+ }
+ priv->timeout_id = id;
+
+ id = g_signal_connect (wifi, "cert-received", G_CALLBACK (wifi_got_cert_cb), self);
+ priv->cert_id = id;
+
+ gtk_widget_hide (GTK_WIDGET (self));
+
+ return TRUE;
+}
+
static void
size_group_clear (GtkSizeGroup *group)
{
@@ -1191,6 +1423,9 @@ internal_init (NMAWifiDialog *self,
*/
priv->revalidate_id = g_idle_add (revalidate, self);
+ priv->cert_id = 0;
+ priv->timeout_id = 0;
+
return TRUE;
}
@@ -1252,6 +1487,8 @@ nma_wifi_dialog_get_connection (NMAWifiD
g_assert_not_reached ();
nm_connection_add_setting (connection, (NMSetting *) s_wireless);
+
+ priv->connection = g_object_ref (connection);
} else
connection = g_object_ref (priv->connection);
Index: network-manager-applet-1.0.8/src/libnm-gtk/nm-wifi-dialog.h
===================================================================
--- network-manager-applet-1.0.8.orig/src/libnm-gtk/nm-wifi-dialog.h
+++ network-manager-applet-1.0.8/src/libnm-gtk/nm-wifi-dialog.h
@@ -83,6 +83,9 @@ gboolean nma_wifi_dialog_get_nag_ignored
GLIB_DEPRECATED_FOR(nma_wifi_dialog_new_for_hidden)
GtkWidget *nma_wifi_dialog_new_for_other (NMClient *client,
NMRemoteSettings *settings);
+gboolean nma_wifi_dialog_need_cert_probe (NMAWifiDialog *dialog);
+
+gboolean nma_wifi_dialog_probe_cert (NMAWifiDialog *dialog);
#endif /* NMA_WIFI_DIALOG_H */
Index: network-manager-applet-1.0.8/src/libnm-gtk/nm-wireless-dialog.c
===================================================================
--- network-manager-applet-1.0.8.orig/src/libnm-gtk/nm-wireless-dialog.c
+++ network-manager-applet-1.0.8/src/libnm-gtk/nm-wireless-dialog.c
@@ -64,3 +64,14 @@ nma_wireless_dialog_new_for_create (NMCl
return nma_wifi_dialog_new_for_create (client, settings);
}
+gboolean
+nma_wireless_dialog_need_cert_probe (NMAWirelessDialog *self)
+{
+ return nma_wifi_dialog_need_cert_probe ((NMAWifiDialog *)self);
+}
+
+gboolean
+nma_wireless_dialog_probe_cert (NMAWirelessDialog *self)
+{
+ return nma_wifi_dialog_probe_cert ((NMAWifiDialog *)self);
+}
Index: network-manager-applet-1.0.8/src/libnm-gtk/nm-wireless-dialog.h
===================================================================
--- network-manager-applet-1.0.8.orig/src/libnm-gtk/nm-wireless-dialog.h
+++ network-manager-applet-1.0.8/src/libnm-gtk/nm-wireless-dialog.h
@@ -76,5 +76,11 @@ NMConnection * nma_wireless_dialog_get_c
NMDevice **device,
NMAccessPoint **ap);
+GLIB_DEPRECATED_FOR(nma_wifi_dialog_need_cert_probe)
+gboolean nma_wireless_dialog_need_cert_probe (NMAWirelessDialog *dialog);
+
+GLIB_DEPRECATED_FOR(nma_wifi_dialog_probe_cert)
+gboolean nma_wireless_dialog_probe_cert (NMAWirelessDialog *dialog);
+
#endif /* NMA_WIRELESS_DIALOG_H */