[network-manager-applet] security: don't save CA cert ignore if editing is canceled
- From: Thomas Haller <thaller src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-applet] security: don't save CA cert ignore if editing is canceled
- Date: Wed, 11 Sep 2013 14:17:49 +0000 (UTC)
commit 6aefda72e7a4a41985599ad909990ed58f5ae3e5
Author: Dan Williams <dcbw redhat com>
Date: Tue Sep 10 17:27:38 2013 -0500
security: don't save CA cert ignore if editing is canceled
Previously the code would update GSettings whenever a security
input field changed and the provided security information had
to be re-validated. This meant the value would be saved even
if the user canceled editing of the connection. Fix this.
Unfortunately, since only the upper-level code knows when the
editing has been canceled, the upper-level code has to handle
reading the initial values, and saving the new ones. But that's
easy to do.
Signed-off-by: Thomas Haller <thaller redhat com>
src/connection-editor/nm-connection-editor.c | 7 +
src/ethernet-dialog.c | 7 +
src/libnm-gtk/nm-wifi-dialog.c | 7 +
src/wireless-security/eap-method.c | 182 ++++++++++++++++++--------
src/wireless-security/eap-method.h | 4 +
5 files changed, 152 insertions(+), 55 deletions(-)
---
diff --git a/src/connection-editor/nm-connection-editor.c b/src/connection-editor/nm-connection-editor.c
index 377b376..c2f6c52 100644
--- a/src/connection-editor/nm-connection-editor.c
+++ b/src/connection-editor/nm-connection-editor.c
@@ -76,6 +76,7 @@
#include "page-vlan.h"
#include "ce-polkit-button.h"
#include "vpn-helpers.h"
+#include "eap-method.h"
G_DEFINE_TYPE (NMConnectionEditor, nm_connection_editor, G_TYPE_OBJECT)
@@ -773,6 +774,9 @@ nm_connection_editor_set_connection (NMConnectionEditor *editor,
editor->orig_connection = g_object_ref (orig_connection);
nm_connection_editor_update_title (editor);
+ /* Handle CA cert ignore stuff */
+ eap_method_ca_cert_ignore_load (editor->connection);
+
s_con = nm_connection_get_setting_connection (editor->connection);
g_assert (s_con);
@@ -980,6 +984,9 @@ ok_button_clicked_save_connection (NMConnectionEditor *self)
nm_connection_editor_set_busy (self, TRUE);
+ /* Save new CA cert ignore values to GSettings */
+ eap_method_ca_cert_ignore_save (self->connection);
+
if (self->is_new_connection) {
nm_remote_settings_add_connection (self->settings,
self->orig_connection,
diff --git a/src/ethernet-dialog.c b/src/ethernet-dialog.c
index 1779935..26d0053 100644
--- a/src/ethernet-dialog.c
+++ b/src/ethernet-dialog.c
@@ -33,6 +33,7 @@
#include "ethernet-dialog.h"
#include "wireless-security.h"
#include "applet-dialogs.h"
+#include "eap-method.h"
static void
stuff_changed_cb (WirelessSecurity *sec, gpointer user_data)
@@ -105,6 +106,9 @@ nma_ethernet_dialog_new (NMConnection *connection)
gtk_window_set_icon_name (GTK_WINDOW (dialog), "dialog-password");
dialog_set_network_name (connection, GTK_ENTRY (gtk_builder_get_object (builder,
"network_name_entry")));
+ /* Handle CA cert ignore stuff */
+ eap_method_ca_cert_ignore_load (connection);
+
security = dialog_set_security (connection, builder, GTK_BOX (gtk_builder_get_object (builder,
"security_vbox")));
wireless_security_set_changed_notify (security, stuff_changed_cb, GTK_WIDGET (gtk_builder_get_object
(builder, "ok_button")));
g_object_set_data_full (G_OBJECT (dialog),
@@ -155,6 +159,9 @@ nma_ethernet_dialog_get_connection (GtkWidget *dialog)
s_8021x = nm_connection_get_setting (tmp_connection, NM_TYPE_SETTING_802_1X);
nm_connection_add_setting (connection, NM_SETTING (g_object_ref (s_8021x)));
+ /* Save new CA cert ignore values to GSettings */
+ eap_method_ca_cert_ignore_save (tmp_connection);
+
g_object_unref (tmp_connection);
return connection;
diff --git a/src/libnm-gtk/nm-wifi-dialog.c b/src/libnm-gtk/nm-wifi-dialog.c
index bcd5cb7..7d07549 100644
--- a/src/libnm-gtk/nm-wifi-dialog.c
+++ b/src/libnm-gtk/nm-wifi-dialog.c
@@ -38,6 +38,7 @@
#include "nm-wifi-dialog.h"
#include "wireless-security.h"
#include "nm-ui-utils.h"
+#include "eap-method.h"
G_DEFINE_TYPE (NMAWifiDialog, nma_wifi_dialog, GTK_TYPE_DIALOG)
@@ -1221,6 +1222,9 @@ nma_wifi_dialog_get_connection (NMAWifiDialog *self,
wireless_security_unref (sec);
}
+ /* Save new CA cert ignore values to GSettings */
+ eap_method_ca_cert_ignore_save (connection);
+
/* Fill device */
if (device) {
combo = GTK_WIDGET (gtk_builder_get_object (priv->builder, "device_combo"));
@@ -1270,6 +1274,9 @@ nma_wifi_dialog_new (NMClient *client,
priv->sec_combo = GTK_WIDGET (gtk_builder_get_object (priv->builder, "security_combo"));
priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL);
+ /* Handle CA cert ignore stuff */
+ eap_method_ca_cert_ignore_load (connection);
+
if (!internal_init (self, connection, device, secrets_only, FALSE)) {
g_warning ("Couldn't create Wi-Fi security dialog.");
gtk_widget_destroy (GTK_WIDGET (self));
diff --git a/src/wireless-security/eap-method.c b/src/wireless-security/eap-method.c
index 5184b46..23bedd7 100644
--- a/src/wireless-security/eap-method.c
+++ b/src/wireless-security/eap-method.c
@@ -98,51 +98,6 @@ eap_method_update_secrets (EAPMethod *method, NMConnection *connection)
method->update_secrets (method, connection);
}
-static GSettings *
-_get_ca_ignore_settings (const char *uuid)
-{
- GSettings *settings;
- char *path = NULL;
-
- path = g_strdup_printf ("/org/gnome/nm-applet/eap/%s", uuid);
- settings = g_settings_new_with_path ("org.gnome.nm-applet.eap", path);
- g_free (path);
-
- return settings;
-}
-
-static void
-_set_ignore_ca_cert (const char *uuid, gboolean phase2, gboolean ignore)
-{
- GSettings *settings;
- const char *key;
-
- g_return_if_fail (uuid != NULL);
-
- settings = _get_ca_ignore_settings (uuid);
- key = phase2 ? "ignore-phase2-ca-cert" : "ignore-ca-cert";
- g_settings_set_boolean (settings, key, ignore);
- g_object_unref (settings);
-}
-
-static gboolean
-_get_ignore_ca_cert (const char *uuid, gboolean phase2)
-{
- GSettings *settings;
- const char *key;
- gboolean ignore = FALSE;
-
- g_return_val_if_fail (uuid != NULL, FALSE);
-
- settings = _get_ca_ignore_settings (uuid);
-
- key = phase2 ? "ignore-phase2-ca-cert" : "ignore-ca-cert";
- ignore = g_settings_get_boolean (settings, key);
-
- g_object_unref (settings);
- return ignore;
-}
-
void
eap_method_phase2_update_secrets_helper (EAPMethod *method,
NMConnection *connection,
@@ -572,6 +527,26 @@ eap_method_ca_cert_not_required_toggled (GtkBuilder *builder, const char *id_ca_
g_object_set_data_full (G_OBJECT (widget), "filename-old", filename_old, g_free);
}
+/* Used as both GSettings keys and GObject data tags */
+#define IGNORE_CA_CERT_TAG "ignore-ca-cert"
+#define IGNORE_PHASE2_CA_CERT_TAG "ignore-phase2-ca-cert"
+
+/**
+ * eap_method_ca_cert_ignore_set:
+ * @method: the #EAPMethod object
+ * @connection: the #NMConnection
+ * @filename: the certificate file, if any
+ * @ca_cert_error: %TRUE if an error was encountered loading the given CA
+ * certificate, %FALSE if not or if a CA certificate is not present
+ * @id_ca_cert_is_not_required_checkbox: the #GtkWidget object name of the
+ * "CA certificate not required" checkbox
+ *
+ * Updates the connection's CA cert ignore value to %TRUE if the "CA certificate
+ * not required" checkbox is checked. If @ca_cert_error is %TRUE, then the
+ * connection's CA cert ignore value will always be set to %FALSE, because it
+ * means that the user selected an invalid certificate (thus he does not want to
+ * ignore the CA cert)..
+ */
void
eap_method_ca_cert_ignore_set (EAPMethod *method,
NMConnection *connection,
@@ -580,29 +555,126 @@ eap_method_ca_cert_ignore_set (EAPMethod *method,
const char *id_ca_cert_is_not_required_checkbox)
{
GtkWidget *widget;
+ NMSetting8021x *s_8021x;
+ gboolean ignore;
/* We don't really need the checkbox value here. Just assert that it is set as expected. */
widget = GTK_WIDGET (gtk_builder_get_object (method->builder, id_ca_cert_is_not_required_checkbox));
g_assert (widget && (ca_cert_error || !filename == gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON
(widget))));
- _set_ignore_ca_cert (nm_connection_get_uuid (connection),
- method->phase2,
- !ca_cert_error && filename==NULL);
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ if (s_8021x) {
+ ignore = !ca_cert_error && filename == NULL;
+ g_object_set_data (G_OBJECT (s_8021x),
+ method->phase2 ? IGNORE_PHASE2_CA_CERT_TAG : IGNORE_CA_CERT_TAG,
+ GUINT_TO_POINTER (ignore));
+ }
}
+/**
+ * eap_method_ca_cert_ignore_get:
+ * @method: the #EAPMethod object
+ * @connection: the #NMConnection
+ *
+ * Returns: %TRUE if a missing CA certificate can be ignored, %FALSE if a CA
+ * certificate should be required for the connection to be valid.
+ */
gboolean
eap_method_ca_cert_ignore_get (EAPMethod *method, NMConnection *connection)
{
- NMSettingConnection *s_con;
+ NMSetting8021x *s_8021x;
+
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ if (s_8021x) {
+ return !!g_object_get_data (G_OBJECT (s_8021x),
+ method->phase2 ? IGNORE_PHASE2_CA_CERT_TAG : IGNORE_CA_CERT_TAG);
+ }
+ return FALSE;
+}
+
+static GSettings *
+_get_ca_ignore_settings (NMConnection *connection)
+{
+ GSettings *settings;
+ char *path = NULL;
const char *uuid;
- s_con = nm_connection_get_setting_connection (connection);
- g_assert (s_con);
- uuid = nm_setting_connection_get_uuid (s_con);
- g_assert (uuid);
+ g_return_val_if_fail (connection, NULL);
+
+ uuid = nm_connection_get_uuid (connection);
+ g_return_val_if_fail (uuid && *uuid, NULL);
- /* Figure out if the user wants to ignore missing CA cert */
- return _get_ignore_ca_cert (uuid, method->phase2);
+ path = g_strdup_printf ("/org/gnome/nm-applet/eap/%s", uuid);
+ settings = g_settings_new_with_path ("org.gnome.nm-applet.eap", path);
+ g_free (path);
+
+ return settings;
}
+/**
+ * eap_method_ca_cert_ignore_save:
+ * @connection: the connection for which to save CA cert ignore values to GSettings
+ *
+ * Reads the CA cert ignore tags from the 802.1x setting GObject data and saves
+ * then to GSettings if present, using the connection UUID as the index.
+ */
+void
+eap_method_ca_cert_ignore_save (NMConnection *connection)
+{
+ NMSetting8021x *s_8021x;
+ GSettings *settings;
+ gboolean ignore = FALSE, phase2_ignore = FALSE;
+
+ g_return_if_fail (connection);
+
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ if (s_8021x) {
+ ignore = !!g_object_get_data (G_OBJECT (s_8021x), IGNORE_CA_CERT_TAG);
+ phase2_ignore = !!g_object_get_data (G_OBJECT (s_8021x), IGNORE_PHASE2_CA_CERT_TAG);
+ }
+
+ settings = _get_ca_ignore_settings (connection);
+ if (!settings)
+ return;
+
+ g_settings_set_boolean (settings, IGNORE_CA_CERT_TAG, ignore);
+ g_settings_set_boolean (settings, IGNORE_PHASE2_CA_CERT_TAG, phase2_ignore);
+ g_object_unref (settings);
+}
+
+/**
+ * eap_method_ca_cert_ignore_load:
+ * @connection: the connection for which to load CA cert ignore values to GSettings
+ *
+ * Reads the CA cert ignore tags from the 802.1x setting GObject data and saves
+ * then to GSettings if present, using the connection UUID as the index.
+ */
+void
+eap_method_ca_cert_ignore_load (NMConnection *connection)
+{
+ GSettings *settings;
+ NMSetting8021x *s_8021x;
+ gboolean ignore, phase2_ignore;
+
+ g_return_if_fail (connection);
+
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ if (!s_8021x)
+ return;
+
+ settings = _get_ca_ignore_settings (connection);
+ if (!settings)
+ return;
+
+ ignore = g_settings_get_boolean (settings, IGNORE_CA_CERT_TAG);
+ phase2_ignore = g_settings_get_boolean (settings, IGNORE_PHASE2_CA_CERT_TAG);
+
+ g_object_set_data (G_OBJECT (s_8021x),
+ IGNORE_CA_CERT_TAG,
+ GUINT_TO_POINTER (ignore));
+ g_object_set_data (G_OBJECT (s_8021x),
+ IGNORE_PHASE2_CA_CERT_TAG,
+ GUINT_TO_POINTER (phase2_ignore));
+ g_object_unref (settings);
+}
diff --git a/src/wireless-security/eap-method.h b/src/wireless-security/eap-method.h
index 626a3d7..b45e9d0 100644
--- a/src/wireless-security/eap-method.h
+++ b/src/wireless-security/eap-method.h
@@ -120,6 +120,7 @@ gboolean eap_method_ca_cert_required (GtkBuilder *builder,
void eap_method_ca_cert_not_required_toggled (GtkBuilder *builder,
const char *id_ca_cert_is_not_required_checkbox,
const char *id_ca_cert_chooser);
+
void eap_method_ca_cert_ignore_set (EAPMethod *method,
NMConnection *connection,
const char *filename,
@@ -127,5 +128,8 @@ void eap_method_ca_cert_ignore_set (EAPMethod *method,
const char *id_ca_cert_is_not_required_checkbox);
gboolean eap_method_ca_cert_ignore_get (EAPMethod *method, NMConnection *connection);
+void eap_method_ca_cert_ignore_save (NMConnection *connection);
+void eap_method_ca_cert_ignore_load (NMConnection *connection);
+
#endif /* EAP_METHOD_H */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]