[network-manager-applet/dcbw/ca-cert-ignore-save-load] security: don't save CA cert ignore if editing is canceled
- From: Dan Williams <dcbw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-applet/dcbw/ca-cert-ignore-save-load] security: don't save CA cert ignore if editing is canceled
- Date: Tue, 10 Sep 2013 22:25:37 +0000 (UTC)
commit 6f84e5644a10632d6067ef93cca019c4d11b902c
Author: Dan Williams <dcbw redhat com>
Date: Tue Sep 10 17:27:38 2013 -0500
security: don't save CA cert ignore if editing is canceled
Previously the code would update GSettings whenever the button was
toggled, which meant the value would be saved even if the user
canceled editing of the connection. Fix this.
Unfortunately, since only the upper-level code knows when the
editing has been canceled, the upper-level code has to handle
reading the initial values, and saving the new ones. But that's
easy to do.
src/connection-editor/nm-connection-editor.c | 7 +
src/ethernet-dialog.c | 7 +
src/libnm-gtk/nm-wifi-dialog.c | 7 +
src/wireless-security/eap-method.c | 163 +++++++++++++++++---------
src/wireless-security/eap-method.h | 4 +
5 files changed, 132 insertions(+), 56 deletions(-)
---
diff --git a/src/connection-editor/nm-connection-editor.c b/src/connection-editor/nm-connection-editor.c
index 377b376..c2f6c52 100644
--- a/src/connection-editor/nm-connection-editor.c
+++ b/src/connection-editor/nm-connection-editor.c
@@ -76,6 +76,7 @@
#include "page-vlan.h"
#include "ce-polkit-button.h"
#include "vpn-helpers.h"
+#include "eap-method.h"
G_DEFINE_TYPE (NMConnectionEditor, nm_connection_editor, G_TYPE_OBJECT)
@@ -773,6 +774,9 @@ nm_connection_editor_set_connection (NMConnectionEditor *editor,
editor->orig_connection = g_object_ref (orig_connection);
nm_connection_editor_update_title (editor);
+ /* Handle CA cert ignore stuff */
+ eap_method_ca_cert_ignore_load (editor->connection);
+
s_con = nm_connection_get_setting_connection (editor->connection);
g_assert (s_con);
@@ -980,6 +984,9 @@ ok_button_clicked_save_connection (NMConnectionEditor *self)
nm_connection_editor_set_busy (self, TRUE);
+ /* Save new CA cert ignore values to GSettings */
+ eap_method_ca_cert_ignore_save (self->connection);
+
if (self->is_new_connection) {
nm_remote_settings_add_connection (self->settings,
self->orig_connection,
diff --git a/src/ethernet-dialog.c b/src/ethernet-dialog.c
index 1779935..26d0053 100644
--- a/src/ethernet-dialog.c
+++ b/src/ethernet-dialog.c
@@ -33,6 +33,7 @@
#include "ethernet-dialog.h"
#include "wireless-security.h"
#include "applet-dialogs.h"
+#include "eap-method.h"
static void
stuff_changed_cb (WirelessSecurity *sec, gpointer user_data)
@@ -105,6 +106,9 @@ nma_ethernet_dialog_new (NMConnection *connection)
gtk_window_set_icon_name (GTK_WINDOW (dialog), "dialog-password");
dialog_set_network_name (connection, GTK_ENTRY (gtk_builder_get_object (builder,
"network_name_entry")));
+ /* Handle CA cert ignore stuff */
+ eap_method_ca_cert_ignore_load (connection);
+
security = dialog_set_security (connection, builder, GTK_BOX (gtk_builder_get_object (builder,
"security_vbox")));
wireless_security_set_changed_notify (security, stuff_changed_cb, GTK_WIDGET (gtk_builder_get_object
(builder, "ok_button")));
g_object_set_data_full (G_OBJECT (dialog),
@@ -155,6 +159,9 @@ nma_ethernet_dialog_get_connection (GtkWidget *dialog)
s_8021x = nm_connection_get_setting (tmp_connection, NM_TYPE_SETTING_802_1X);
nm_connection_add_setting (connection, NM_SETTING (g_object_ref (s_8021x)));
+ /* Save new CA cert ignore values to GSettings */
+ eap_method_ca_cert_ignore_save (tmp_connection);
+
g_object_unref (tmp_connection);
return connection;
diff --git a/src/libnm-gtk/nm-wifi-dialog.c b/src/libnm-gtk/nm-wifi-dialog.c
index bcd5cb7..7d07549 100644
--- a/src/libnm-gtk/nm-wifi-dialog.c
+++ b/src/libnm-gtk/nm-wifi-dialog.c
@@ -38,6 +38,7 @@
#include "nm-wifi-dialog.h"
#include "wireless-security.h"
#include "nm-ui-utils.h"
+#include "eap-method.h"
G_DEFINE_TYPE (NMAWifiDialog, nma_wifi_dialog, GTK_TYPE_DIALOG)
@@ -1221,6 +1222,9 @@ nma_wifi_dialog_get_connection (NMAWifiDialog *self,
wireless_security_unref (sec);
}
+ /* Save new CA cert ignore values to GSettings */
+ eap_method_ca_cert_ignore_save (connection);
+
/* Fill device */
if (device) {
combo = GTK_WIDGET (gtk_builder_get_object (priv->builder, "device_combo"));
@@ -1270,6 +1274,9 @@ nma_wifi_dialog_new (NMClient *client,
priv->sec_combo = GTK_WIDGET (gtk_builder_get_object (priv->builder, "security_combo"));
priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL);
+ /* Handle CA cert ignore stuff */
+ eap_method_ca_cert_ignore_load (connection);
+
if (!internal_init (self, connection, device, secrets_only, FALSE)) {
g_warning ("Couldn't create Wi-Fi security dialog.");
gtk_widget_destroy (GTK_WIDGET (self));
diff --git a/src/wireless-security/eap-method.c b/src/wireless-security/eap-method.c
index 5184b46..4354fd8 100644
--- a/src/wireless-security/eap-method.c
+++ b/src/wireless-security/eap-method.c
@@ -98,51 +98,6 @@ eap_method_update_secrets (EAPMethod *method, NMConnection *connection)
method->update_secrets (method, connection);
}
-static GSettings *
-_get_ca_ignore_settings (const char *uuid)
-{
- GSettings *settings;
- char *path = NULL;
-
- path = g_strdup_printf ("/org/gnome/nm-applet/eap/%s", uuid);
- settings = g_settings_new_with_path ("org.gnome.nm-applet.eap", path);
- g_free (path);
-
- return settings;
-}
-
-static void
-_set_ignore_ca_cert (const char *uuid, gboolean phase2, gboolean ignore)
-{
- GSettings *settings;
- const char *key;
-
- g_return_if_fail (uuid != NULL);
-
- settings = _get_ca_ignore_settings (uuid);
- key = phase2 ? "ignore-phase2-ca-cert" : "ignore-ca-cert";
- g_settings_set_boolean (settings, key, ignore);
- g_object_unref (settings);
-}
-
-static gboolean
-_get_ignore_ca_cert (const char *uuid, gboolean phase2)
-{
- GSettings *settings;
- const char *key;
- gboolean ignore = FALSE;
-
- g_return_val_if_fail (uuid != NULL, FALSE);
-
- settings = _get_ca_ignore_settings (uuid);
-
- key = phase2 ? "ignore-phase2-ca-cert" : "ignore-ca-cert";
- ignore = g_settings_get_boolean (settings, key);
-
- g_object_unref (settings);
- return ignore;
-}
-
void
eap_method_phase2_update_secrets_helper (EAPMethod *method,
NMConnection *connection,
@@ -572,6 +527,24 @@ eap_method_ca_cert_not_required_toggled (GtkBuilder *builder, const char *id_ca_
g_object_set_data_full (G_OBJECT (widget), "filename-old", filename_old, g_free);
}
+/* Used as both GSettings keys and GObject data tags */
+#define IGNORE_CA_CERT_TAG "ignore-ca-cert"
+#define IGNORE_PHASE2_CA_CERT_TAG "ignore-phase2-ca-cert"
+
+/**
+ * eap_method_ca_cert_ignore_set:
+ * @method: the #EAPMethod object
+ * @connection: the #NMConnection
+ * @filename: the certificate file, if any
+ * @ca_cert_error: %TRUE if an error was encountered loading the given CA
+ * certificate, %FALSE if not or if a CA certificate is not present
+ * @id_ca_cert_is_not_required_checkbox: the #GtkWidget object name of the
+ * "CA certificate not required" checkbox
+ *
+ * Updates the connection's CA cert ignore value to %TRUE if the "CA certificate
+ * not required" checkbox is checked. If @ca_cert_error is %TRUE, then the
+ * connection's CA cert ignore value will always be set to %TRUE.
+ */
void
eap_method_ca_cert_ignore_set (EAPMethod *method,
NMConnection *connection,
@@ -580,29 +553,107 @@ eap_method_ca_cert_ignore_set (EAPMethod *method,
const char *id_ca_cert_is_not_required_checkbox)
{
GtkWidget *widget;
+ NMSetting8021x *s_8021x;
+ gboolean ignore;
/* We don't really need the checkbox value here. Just assert that it is set as expected. */
widget = GTK_WIDGET (gtk_builder_get_object (method->builder, id_ca_cert_is_not_required_checkbox));
g_assert (widget && (ca_cert_error || !filename == gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON
(widget))));
- _set_ignore_ca_cert (nm_connection_get_uuid (connection),
- method->phase2,
- !ca_cert_error && filename==NULL);
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ if (s_8021x) {
+ ignore = !ca_cert_error && filename == NULL;
+ g_object_set_data (G_OBJECT (s_8021x),
+ method->phase2 ? IGNORE_PHASE2_CA_CERT_TAG : IGNORE_CA_CERT_TAG,
+ GUINT_TO_POINTER (ignore));
+ }
}
+/**
+ * eap_method_ca_cert_ignore_get:
+ * @method: the #EAPMethod object
+ * @connection: the #NMConnection
+ *
+ * Returns: %TRUE if a missing CA certificate can be ignored, %FALSE if a CA
+ * certificate should be required for the connection to be valid.
+ */
gboolean
eap_method_ca_cert_ignore_get (EAPMethod *method, NMConnection *connection)
{
- NMSettingConnection *s_con;
- const char *uuid;
+ NMSetting8021x *s_8021x;
- s_con = nm_connection_get_setting_connection (connection);
- g_assert (s_con);
- uuid = nm_setting_connection_get_uuid (s_con);
- g_assert (uuid);
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ if (s_8021x) {
+ return !!g_object_get_data (G_OBJECT (s_8021x),
+ method->phase2 ? IGNORE_PHASE2_CA_CERT_TAG : IGNORE_CA_CERT_TAG);
+ }
+ return FALSE;
+}
- /* Figure out if the user wants to ignore missing CA cert */
- return _get_ignore_ca_cert (uuid, method->phase2);
+static GSettings *
+_get_ca_ignore_settings (NMConnection *connection)
+{
+ GSettings *settings;
+ char *path = NULL;
+
+ path = g_strdup_printf ("/org/gnome/nm-applet/eap/%s", nm_connection_get_uuid (connection));
+ settings = g_settings_new_with_path ("org.gnome.nm-applet.eap", path);
+ g_free (path);
+
+ return settings;
}
+/**
+ * eap_method_ca_cert_ignore_save:
+ * @connection: the connection for which to save CA cert ignore values to GSettings
+ *
+ * Reads the CA cert ignore tags from the 802.1x setting GObject data and saves
+ * then to GSettings if present, using the connection UUID as the index.
+ */
+void
+eap_method_ca_cert_ignore_save (NMConnection *connection)
+{
+ NMSetting8021x *s_8021x = nm_connection_get_setting_802_1x (connection);
+ GSettings *settings;
+ gboolean ignore = FALSE, phase2_ignore = FALSE;
+
+ if (s_8021x) {
+ ignore = !!g_object_get_data (G_OBJECT (s_8021x), IGNORE_CA_CERT_TAG);
+ phase2_ignore = !!g_object_get_data (G_OBJECT (s_8021x), IGNORE_PHASE2_CA_CERT_TAG);
+ }
+
+ settings = _get_ca_ignore_settings (connection);
+ g_settings_set_boolean (settings, IGNORE_CA_CERT_TAG, ignore);
+ g_settings_set_boolean (settings, IGNORE_PHASE2_CA_CERT_TAG, phase2_ignore);
+ g_object_unref (settings);
+}
+
+/**
+ * eap_method_ca_cert_ignore_save:
+ * @connection: the connection for which to save CA cert ignore values to GSettings
+ *
+ * Reads the CA cert ignore tags from the 802.1x setting GObject data and saves
+ * then to GSettings if present, using the connection UUID as the index.
+ */
+void
+eap_method_ca_cert_ignore_load (NMConnection *connection)
+{
+ NMSetting8021x *s_8021x = nm_connection_get_setting_802_1x (connection);
+ GSettings *settings;
+
+ if (s_8021x) {
+ settings = _get_ca_ignore_settings (connection);
+ if (g_settings_get_boolean (settings, IGNORE_CA_CERT_TAG)) {
+ g_object_set_data (G_OBJECT (s_8021x),
+ IGNORE_CA_CERT_TAG,
+ GUINT_TO_POINTER (TRUE));
+ }
+ if (g_settings_get_boolean (settings, IGNORE_PHASE2_CA_CERT_TAG)) {
+ g_object_set_data (G_OBJECT (s_8021x),
+ IGNORE_PHASE2_CA_CERT_TAG,
+ GUINT_TO_POINTER (TRUE));
+ }
+ g_object_unref (settings);
+ }
+}
diff --git a/src/wireless-security/eap-method.h b/src/wireless-security/eap-method.h
index 626a3d7..b45e9d0 100644
--- a/src/wireless-security/eap-method.h
+++ b/src/wireless-security/eap-method.h
@@ -120,6 +120,7 @@ gboolean eap_method_ca_cert_required (GtkBuilder *builder,
void eap_method_ca_cert_not_required_toggled (GtkBuilder *builder,
const char *id_ca_cert_is_not_required_checkbox,
const char *id_ca_cert_chooser);
+
void eap_method_ca_cert_ignore_set (EAPMethod *method,
NMConnection *connection,
const char *filename,
@@ -127,5 +128,8 @@ void eap_method_ca_cert_ignore_set (EAPMethod *method,
const char *id_ca_cert_is_not_required_checkbox);
gboolean eap_method_ca_cert_ignore_get (EAPMethod *method, NMConnection *connection);
+void eap_method_ca_cert_ignore_save (NMConnection *connection);
+void eap_method_ca_cert_ignore_load (NMConnection *connection);
+
#endif /* EAP_METHOD_H */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]