[network-manager-applet/dcbw/ca-cert-ignore-save-load] security: don't save CA cert ignore if editing is canceled



commit 6f84e5644a10632d6067ef93cca019c4d11b902c
Author: Dan Williams <dcbw redhat com>
Date:   Tue Sep 10 17:27:38 2013 -0500

    security: don't save CA cert ignore if editing is canceled
    
    Previously the code would update GSettings whenever the button was
    toggled, which meant the value would be saved even if the user
    canceled editing of the connection.  Fix this.
    
    Unfortunately, since only the upper-level code knows when the
    editing has been canceled, the upper-level code has to handle
    reading the initial values, and saving the new ones.  But that's
    easy to do.

 src/connection-editor/nm-connection-editor.c |    7 +
 src/ethernet-dialog.c                        |    7 +
 src/libnm-gtk/nm-wifi-dialog.c               |    7 +
 src/wireless-security/eap-method.c           |  163 +++++++++++++++++---------
 src/wireless-security/eap-method.h           |    4 +
 5 files changed, 132 insertions(+), 56 deletions(-)
---
diff --git a/src/connection-editor/nm-connection-editor.c b/src/connection-editor/nm-connection-editor.c
index 377b376..c2f6c52 100644
--- a/src/connection-editor/nm-connection-editor.c
+++ b/src/connection-editor/nm-connection-editor.c
@@ -76,6 +76,7 @@
 #include "page-vlan.h"
 #include "ce-polkit-button.h"
 #include "vpn-helpers.h"
+#include "eap-method.h"
 
 G_DEFINE_TYPE (NMConnectionEditor, nm_connection_editor, G_TYPE_OBJECT)
 
@@ -773,6 +774,9 @@ nm_connection_editor_set_connection (NMConnectionEditor *editor,
        editor->orig_connection = g_object_ref (orig_connection);
        nm_connection_editor_update_title (editor);
 
+       /* Handle CA cert ignore stuff */
+       eap_method_ca_cert_ignore_load (editor->connection);
+
        s_con = nm_connection_get_setting_connection (editor->connection);
        g_assert (s_con);
 
@@ -980,6 +984,9 @@ ok_button_clicked_save_connection (NMConnectionEditor *self)
 
        nm_connection_editor_set_busy (self, TRUE);
 
+       /* Save new CA cert ignore values to GSettings */
+       eap_method_ca_cert_ignore_save (self->connection);
+
        if (self->is_new_connection) {
                nm_remote_settings_add_connection (self->settings,
                                                   self->orig_connection,
diff --git a/src/ethernet-dialog.c b/src/ethernet-dialog.c
index 1779935..26d0053 100644
--- a/src/ethernet-dialog.c
+++ b/src/ethernet-dialog.c
@@ -33,6 +33,7 @@
 #include "ethernet-dialog.h"
 #include "wireless-security.h"
 #include "applet-dialogs.h"
+#include "eap-method.h"
 
 static void
 stuff_changed_cb (WirelessSecurity *sec, gpointer user_data)
@@ -105,6 +106,9 @@ nma_ethernet_dialog_new (NMConnection *connection)
        gtk_window_set_icon_name (GTK_WINDOW (dialog), "dialog-password");
        dialog_set_network_name (connection, GTK_ENTRY (gtk_builder_get_object (builder, 
"network_name_entry")));
 
+       /* Handle CA cert ignore stuff */
+       eap_method_ca_cert_ignore_load (connection);
+
        security = dialog_set_security (connection, builder, GTK_BOX (gtk_builder_get_object (builder, 
"security_vbox")));
        wireless_security_set_changed_notify (security, stuff_changed_cb, GTK_WIDGET (gtk_builder_get_object 
(builder, "ok_button")));
        g_object_set_data_full (G_OBJECT (dialog),
@@ -155,6 +159,9 @@ nma_ethernet_dialog_get_connection (GtkWidget *dialog)
        s_8021x = nm_connection_get_setting (tmp_connection, NM_TYPE_SETTING_802_1X);
        nm_connection_add_setting (connection, NM_SETTING (g_object_ref (s_8021x)));
 
+       /* Save new CA cert ignore values to GSettings */
+       eap_method_ca_cert_ignore_save (tmp_connection);
+
        g_object_unref (tmp_connection);
 
        return connection;
diff --git a/src/libnm-gtk/nm-wifi-dialog.c b/src/libnm-gtk/nm-wifi-dialog.c
index bcd5cb7..7d07549 100644
--- a/src/libnm-gtk/nm-wifi-dialog.c
+++ b/src/libnm-gtk/nm-wifi-dialog.c
@@ -38,6 +38,7 @@
 #include "nm-wifi-dialog.h"
 #include "wireless-security.h"
 #include "nm-ui-utils.h"
+#include "eap-method.h"
 
 G_DEFINE_TYPE (NMAWifiDialog, nma_wifi_dialog, GTK_TYPE_DIALOG)
 
@@ -1221,6 +1222,9 @@ nma_wifi_dialog_get_connection (NMAWifiDialog *self,
                wireless_security_unref (sec);
        }
 
+       /* Save new CA cert ignore values to GSettings */
+       eap_method_ca_cert_ignore_save (connection);
+
        /* Fill device */
        if (device) {
                combo = GTK_WIDGET (gtk_builder_get_object (priv->builder, "device_combo"));
@@ -1270,6 +1274,9 @@ nma_wifi_dialog_new (NMClient *client,
                priv->sec_combo = GTK_WIDGET (gtk_builder_get_object (priv->builder, "security_combo"));
                priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL);
 
+               /* Handle CA cert ignore stuff */
+               eap_method_ca_cert_ignore_load (connection);
+
                if (!internal_init (self, connection, device, secrets_only, FALSE)) {
                        g_warning ("Couldn't create Wi-Fi security dialog.");
                        gtk_widget_destroy (GTK_WIDGET (self));
diff --git a/src/wireless-security/eap-method.c b/src/wireless-security/eap-method.c
index 5184b46..4354fd8 100644
--- a/src/wireless-security/eap-method.c
+++ b/src/wireless-security/eap-method.c
@@ -98,51 +98,6 @@ eap_method_update_secrets (EAPMethod *method, NMConnection *connection)
                method->update_secrets (method, connection);
 }
 
-static GSettings *
-_get_ca_ignore_settings (const char *uuid)
-{
-       GSettings *settings;
-       char *path = NULL;
-
-       path = g_strdup_printf ("/org/gnome/nm-applet/eap/%s", uuid);
-       settings = g_settings_new_with_path ("org.gnome.nm-applet.eap", path);
-       g_free (path);
-
-       return settings;
-}
-
-static void
-_set_ignore_ca_cert (const char *uuid, gboolean phase2, gboolean ignore)
-{
-       GSettings *settings;
-       const char *key;
-
-       g_return_if_fail (uuid != NULL);
-
-       settings = _get_ca_ignore_settings (uuid);
-       key = phase2 ? "ignore-phase2-ca-cert" : "ignore-ca-cert";
-       g_settings_set_boolean (settings, key, ignore);
-       g_object_unref (settings);
-}
-
-static gboolean
-_get_ignore_ca_cert (const char *uuid, gboolean phase2)
-{
-       GSettings *settings;
-       const char *key;
-       gboolean ignore = FALSE;
-
-       g_return_val_if_fail (uuid != NULL, FALSE);
-
-       settings = _get_ca_ignore_settings (uuid);
-
-       key = phase2 ? "ignore-phase2-ca-cert" : "ignore-ca-cert";
-       ignore = g_settings_get_boolean (settings, key);
-
-       g_object_unref (settings);
-       return ignore;
-}
-
 void
 eap_method_phase2_update_secrets_helper (EAPMethod *method,
                                          NMConnection *connection,
@@ -572,6 +527,24 @@ eap_method_ca_cert_not_required_toggled (GtkBuilder *builder, const char *id_ca_
        g_object_set_data_full (G_OBJECT (widget), "filename-old", filename_old, g_free);
 }
 
+/* Used as both GSettings keys and GObject data tags */
+#define IGNORE_CA_CERT_TAG "ignore-ca-cert"
+#define IGNORE_PHASE2_CA_CERT_TAG "ignore-phase2-ca-cert"
+
+/**
+ * eap_method_ca_cert_ignore_set:
+ * @method: the #EAPMethod object
+ * @connection: the #NMConnection
+ * @filename: the certificate file, if any
+ * @ca_cert_error: %TRUE if an error was encountered loading the given CA
+ * certificate, %FALSE if not or if a CA certificate is not present
+ * @id_ca_cert_is_not_required_checkbox: the #GtkWidget object name of the
+ * "CA certificate not required" checkbox
+ *
+ * Updates the connection's CA cert ignore value to %TRUE if the "CA certificate
+ * not required" checkbox is checked.  If @ca_cert_error is %TRUE, then the
+ * connection's CA cert ignore value will always be set to %TRUE.
+ */
 void
 eap_method_ca_cert_ignore_set (EAPMethod *method,
                                NMConnection *connection,
@@ -580,29 +553,107 @@ eap_method_ca_cert_ignore_set (EAPMethod *method,
                                const char *id_ca_cert_is_not_required_checkbox)
 {
        GtkWidget *widget;
+       NMSetting8021x *s_8021x;
+       gboolean ignore;
 
        /* We don't really need the checkbox value here. Just assert that it is set as expected. */
        widget = GTK_WIDGET (gtk_builder_get_object (method->builder, id_ca_cert_is_not_required_checkbox));
        g_assert (widget && (ca_cert_error || !filename == gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON 
(widget))));
 
-       _set_ignore_ca_cert (nm_connection_get_uuid (connection),
-                            method->phase2,
-                            !ca_cert_error && filename==NULL);
+       s_8021x = nm_connection_get_setting_802_1x (connection);
+       if (s_8021x) {
+               ignore = !ca_cert_error && filename == NULL;
+               g_object_set_data (G_OBJECT (s_8021x),
+                                  method->phase2 ? IGNORE_PHASE2_CA_CERT_TAG : IGNORE_CA_CERT_TAG,
+                                  GUINT_TO_POINTER (ignore));
+       }
 }
 
+/**
+ * eap_method_ca_cert_ignore_get:
+ * @method: the #EAPMethod object
+ * @connection: the #NMConnection
+ *
+ * Returns: %TRUE if a missing CA certificate can be ignored, %FALSE if a CA
+ * certificate should be required for the connection to be valid.
+ */
 gboolean
 eap_method_ca_cert_ignore_get (EAPMethod *method, NMConnection *connection)
 {
-       NMSettingConnection *s_con;
-       const char *uuid;
+       NMSetting8021x *s_8021x;
 
-       s_con = nm_connection_get_setting_connection (connection);
-       g_assert (s_con);
-       uuid = nm_setting_connection_get_uuid (s_con);
-       g_assert (uuid);
+       s_8021x = nm_connection_get_setting_802_1x (connection);
+       if (s_8021x) {
+               return !!g_object_get_data (G_OBJECT (s_8021x),
+                                           method->phase2 ? IGNORE_PHASE2_CA_CERT_TAG : IGNORE_CA_CERT_TAG);
+       }
+       return FALSE;
+}
 
-       /* Figure out if the user wants to ignore missing CA cert */
-       return _get_ignore_ca_cert (uuid, method->phase2);
+static GSettings *
+_get_ca_ignore_settings (NMConnection *connection)
+{
+       GSettings *settings;
+       char *path = NULL;
+
+       path = g_strdup_printf ("/org/gnome/nm-applet/eap/%s", nm_connection_get_uuid (connection));
+       settings = g_settings_new_with_path ("org.gnome.nm-applet.eap", path);
+       g_free (path);
+
+       return settings;
 }
 
+/**
+ * eap_method_ca_cert_ignore_save:
+ * @connection: the connection for which to save CA cert ignore values to GSettings
+ *
+ * Reads the CA cert ignore tags from the 802.1x setting GObject data and saves
+ * then to GSettings if present, using the connection UUID as the index.
+ */
+void
+eap_method_ca_cert_ignore_save (NMConnection *connection)
+{
+       NMSetting8021x *s_8021x = nm_connection_get_setting_802_1x (connection);
+       GSettings *settings;
+       gboolean ignore = FALSE, phase2_ignore = FALSE;
+
+       if (s_8021x) {
+               ignore = !!g_object_get_data (G_OBJECT (s_8021x), IGNORE_CA_CERT_TAG);
+               phase2_ignore = !!g_object_get_data (G_OBJECT (s_8021x), IGNORE_PHASE2_CA_CERT_TAG);
+       }
+
+       settings = _get_ca_ignore_settings (connection);
+       g_settings_set_boolean (settings, IGNORE_CA_CERT_TAG, ignore);
+       g_settings_set_boolean (settings, IGNORE_PHASE2_CA_CERT_TAG, phase2_ignore);
+       g_object_unref (settings);
+}
+
+/**
+ * eap_method_ca_cert_ignore_save:
+ * @connection: the connection for which to save CA cert ignore values to GSettings
+ *
+ * Reads the CA cert ignore tags from the 802.1x setting GObject data and saves
+ * then to GSettings if present, using the connection UUID as the index.
+ */
+void
+eap_method_ca_cert_ignore_load (NMConnection *connection)
+{
+       NMSetting8021x *s_8021x = nm_connection_get_setting_802_1x (connection);
+       GSettings *settings;
+
+       if (s_8021x) {
+               settings = _get_ca_ignore_settings (connection);
+               if (g_settings_get_boolean (settings, IGNORE_CA_CERT_TAG)) {
+                       g_object_set_data (G_OBJECT (s_8021x),
+                                          IGNORE_CA_CERT_TAG,
+                                          GUINT_TO_POINTER (TRUE));
+               }
+               if (g_settings_get_boolean (settings, IGNORE_PHASE2_CA_CERT_TAG)) {
+                       g_object_set_data (G_OBJECT (s_8021x),
+                                          IGNORE_PHASE2_CA_CERT_TAG,
+                                          GUINT_TO_POINTER (TRUE));
+               }
+               g_object_unref (settings);
+       }
+}
 
diff --git a/src/wireless-security/eap-method.h b/src/wireless-security/eap-method.h
index 626a3d7..b45e9d0 100644
--- a/src/wireless-security/eap-method.h
+++ b/src/wireless-security/eap-method.h
@@ -120,6 +120,7 @@ gboolean eap_method_ca_cert_required (GtkBuilder *builder,
 void eap_method_ca_cert_not_required_toggled (GtkBuilder *builder,
                                               const char *id_ca_cert_is_not_required_checkbox,
                                               const char *id_ca_cert_chooser);
+
 void eap_method_ca_cert_ignore_set (EAPMethod *method,
                                     NMConnection *connection,
                                     const char *filename,
@@ -127,5 +128,8 @@ void eap_method_ca_cert_ignore_set (EAPMethod *method,
                                     const char *id_ca_cert_is_not_required_checkbox);
 gboolean eap_method_ca_cert_ignore_get (EAPMethod *method, NMConnection *connection);
 
+void eap_method_ca_cert_ignore_save (NMConnection *connection);
+void eap_method_ca_cert_ignore_load (NMConnection *connection);
+
 #endif /* EAP_METHOD_H */
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]