[libnma/lr/nma-ws: 5/8] nma-ws: add
- From: Lubomir Rintel <lkundrak src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libnma/lr/nma-ws: 5/8] nma-ws: add
- Date: Thu, 31 Oct 2019 09:32:13 +0000 (UTC)
commit e53350d94a2eb2d8e519d3913cb5e03ab1d3cca4
Author: Lubomir Rintel <lkundrak v3 sk>
Date: Tue Oct 22 06:52:27 2019 +0200
nma-ws: add
This is a library based on src/wireless-security that aims to replace
it, providing a public API in libnma.
The wireless-security code is used by the wifi-dialog provided by libnma,
nm-applet, nm-connection-editor and gnome-control-center, that should all be
ported to this common library.
Makefile.am | 63 ++++-
NEWS | 7 +
meson.build | 1 +
po/POTFILES.in | 27 ++
src/libnma.ver | 21 ++
src/meson.build | 10 +-
src/nma-version.h.in | 9 +-
src/nma-ws/meson.build | 44 ++++
src/nma-ws/nma-eap-fast.c | 438 +++++++++++++++++++++++++++++++
src/nma-ws/nma-eap-fast.h | 20 ++
src/nma-ws/nma-eap-fast.ui | 166 ++++++++++++
src/nma-ws/nma-eap-leap.c | 257 ++++++++++++++++++
src/nma-ws/nma-eap-leap.h | 19 ++
src/nma-ws/nma-eap-leap.ui | 82 ++++++
src/nma-ws/nma-eap-peap.c | 486 ++++++++++++++++++++++++++++++++++
src/nma-ws/nma-eap-peap.h | 20 ++
src/nma-ws/nma-eap-peap.ui | 195 ++++++++++++++
src/nma-ws/nma-eap-simple.c | 485 ++++++++++++++++++++++++++++++++++
src/nma-ws/nma-eap-simple.h | 49 ++++
src/nma-ws/nma-eap-simple.ui | 141 ++++++++++
src/nma-ws/nma-eap-tls.c | 497 +++++++++++++++++++++++++++++++++++
src/nma-ws/nma-eap-tls.h | 20 ++
src/nma-ws/nma-eap-tls.ui | 89 +++++++
src/nma-ws/nma-eap-ttls.c | 521 ++++++++++++++++++++++++++++++++++++
src/nma-ws/nma-eap-ttls.h | 20 ++
src/nma-ws/nma-eap-ttls.ui | 148 +++++++++++
src/nma-ws/nma-eap.c | 424 ++++++++++++++++++++++++++++++
src/nma-ws/nma-eap.h | 106 ++++++++
src/nma-ws/nma-ws-802-1x-private.h | 37 +++
src/nma-ws/nma-ws-802-1x.c | 525 +++++++++++++++++++++++++++++++++++++
src/nma-ws/nma-ws-802-1x.h | 31 +++
src/nma-ws/nma-ws-802-1x.ui | 72 +++++
src/nma-ws/nma-ws-dynamic-wep.c | 68 +++++
src/nma-ws/nma-ws-dynamic-wep.h | 34 +++
src/nma-ws/nma-ws-helpers.c | 31 +++
src/nma-ws/nma-ws-helpers.h | 18 ++
src/nma-ws/nma-ws-leap.c | 293 +++++++++++++++++++++
src/nma-ws/nma-ws-leap.h | 32 +++
src/nma-ws/nma-ws-leap.ui | 86 ++++++
src/nma-ws/nma-ws-private.h | 27 ++
src/nma-ws/nma-ws-sae.c | 285 ++++++++++++++++++++
src/nma-ws/nma-ws-sae.h | 30 +++
src/nma-ws/nma-ws-sae.ui | 84 ++++++
src/nma-ws/nma-ws-wep-key.c | 457 ++++++++++++++++++++++++++++++++
src/nma-ws/nma-ws-wep-key.h | 35 +++
src/nma-ws/nma-ws-wep-key.ui | 161 ++++++++++++
src/nma-ws/nma-ws-wpa-eap.c | 70 +++++
src/nma-ws/nma-ws-wpa-eap.h | 35 +++
src/nma-ws/nma-ws-wpa-psk.c | 303 +++++++++++++++++++++
src/nma-ws/nma-ws-wpa-psk.h | 32 +++
src/nma-ws/nma-ws-wpa-psk.ui | 83 ++++++
src/nma-ws/nma-ws.c | 141 ++++++++++
src/nma-ws/nma-ws.h | 56 ++++
src/nma.gresource.xml | 11 +
src/wireless-security/ws-leap.ui | 2 +-
55 files changed, 7392 insertions(+), 12 deletions(-)
---
diff --git a/Makefile.am b/Makefile.am
index 2ff7dbc7..ab7df536 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -246,12 +246,12 @@ src/nma-resources.c: src/nma.gresource.xml $(shell $(GLIB_COMPILE_RESOURCES) --s
$(AM_V_GEN) $(GLIB_COMPILE_RESOURCES) $< --target=$@ --sourcedir=$(srcdir)/src --generate-source
--internal
src/libnma-gtk4/nma-resources.c: src/nma.gresource.xml $(shell $(GLIB_COMPILE_RESOURCES)
--generate-dependencies $(srcdir)/src/nma.gresource.xml |sed "s,^,$(builddir)/src/libnma-gtk4/,")
- @mkdir -p $(builddir)/src/libnma-gtk4
+ @mkdir -p $(builddir)/src/libnma-gtk4 $(builddir)/src/libnma-gtk4/nma-ws
$(AM_V_GEN) $(GLIB_COMPILE_RESOURCES) $< --target=$@ --sourcedir=$(builddir)/src/libnma-gtk4
--generate-source --internal
src/libnma-gtk4/%.ui: src/%.ui
- @mkdir -p $(builddir)/src/libnma-gtk4
+ @mkdir -p $(builddir)/src/libnma-gtk4 $(builddir)/src/libnma-gtk4/nma-ws
gtk4-builder-tool simplify --3to4 $< |awk '/^</ {xml=1} {if (xml) print; else print >"/dev/stderr"}'
$@
CLEANFILES += \
@@ -277,7 +277,16 @@ libnma_h_pub = \
src/nma-ui-utils.h \
src/nma-cert-chooser.h \
src/nma-bar-code-widget.h \
- src/nma-bar-code.h
+ src/nma-bar-code.h \
+ \
+ src/nma-ws/nma-ws-802-1x.h \
+ src/nma-ws/nma-ws-dynamic-wep.h \
+ src/nma-ws/nma-ws.h \
+ src/nma-ws/nma-ws-leap.h \
+ src/nma-ws/nma-ws-sae.h \
+ src/nma-ws/nma-ws-wep-key.h \
+ src/nma-ws/nma-ws-wpa-eap.h \
+ src/nma-ws/nma-ws-wpa-psk.h
libnma_c_real = \
src/nma-wifi-dialog.c \
@@ -289,7 +298,24 @@ libnma_c_real = \
src/nma-cert-chooser.c \
src/nma-file-cert-chooser.c \
src/nma-bar-code-widget.c \
- src/nma-bar-code.c
+ src/nma-bar-code.c \
+ \
+ src/nma-ws/nma-eap.c \
+ src/nma-ws/nma-eap-fast.c \
+ src/nma-ws/nma-eap-leap.c \
+ src/nma-ws/nma-eap-peap.c \
+ src/nma-ws/nma-eap-simple.c \
+ src/nma-ws/nma-eap-tls.c \
+ src/nma-ws/nma-eap-ttls.c \
+ src/nma-ws/nma-ws-802-1x.c \
+ src/nma-ws/nma-ws.c \
+ src/nma-ws/nma-ws-dynamic-wep.c \
+ src/nma-ws/nma-ws-helpers.c \
+ src/nma-ws/nma-ws-leap.c \
+ src/nma-ws/nma-ws-sae.c \
+ src/nma-ws/nma-ws-wep-key.c \
+ src/nma-ws/nma-ws-wpa-eap.c \
+ src/nma-ws/nma-ws-wpa-psk.c
EXTRA_DIST += \
src/qrcodegen.c \
@@ -297,7 +323,17 @@ EXTRA_DIST += \
libnma_h_priv_real = \
src/nma-cert-chooser-private.h \
- src/nma-private.h
+ src/nma-private.h \
+ src/nma-ws/nma-ws-private.h \
+ src/nma-ws/nma-ws-802-1x-private.h \
+ src/nma-ws/nma-eap.h \
+ src/nma-ws/nma-eap-tls.h \
+ src/nma-ws/nma-eap-leap.h \
+ src/nma-ws/nma-eap-fast.h \
+ src/nma-ws/nma-eap-ttls.h \
+ src/nma-ws/nma-eap-peap.h \
+ src/nma-ws/nma-eap-simple.h \
+ src/nma-ws/nma-ws-helpers.h
libnma_h_priv_gcr = \
src/nma-pkcs11-token-login-dialog.h \
@@ -531,6 +567,7 @@ src_libnma_gtk4_la_CFLAGS = \
"-I$(srcdir)/shared" \
"-I$(srcdir)/src/utils" \
"-I$(srcdir)/src/wireless-security" \
+ "-I$(srcdir)/src/nma-ws" \
"-I$(srcdir)/src" \
-Isrc \
$(GTK4_CFLAGS) \
@@ -724,7 +761,20 @@ EXTRA_DIST += \
src/nma-vpn-password-dialog.ui \
src/nma.gresource.xml \
src/meson.build \
- src/tests/meson.build
+ src/tests/meson.build \
+ \
+ src/nma-ws/nma-eap-fast.ui \
+ src/nma-ws/nma-eap-leap.ui \
+ src/nma-ws/nma-eap-peap.ui \
+ src/nma-ws/nma-eap-simple.ui \
+ src/nma-ws/nma-eap-tls.ui \
+ src/nma-ws/nma-eap-ttls.ui \
+ src/nma-ws/nma-ws-802-1x.ui \
+ src/nma-ws/nma-ws-leap.ui \
+ src/nma-ws/nma-ws-sae.ui \
+ src/nma-ws/nma-ws-wep-key.ui \
+ src/nma-ws/nma-ws-wpa-psk.ui \
+ src/nma-ws/meson.build
###############################################################################
@@ -769,6 +819,7 @@ IGNORE_HFILES = \
nma-pkcs11-token-login-dialog.h \
nma-pkcs11-cert-chooser-dialog.h \
nma-cert-chooser-button.h \
+ nma-eap.h \
eap-method.h \
wireless-security.h
diff --git a/NEWS b/NEWS
index 969f0e20..6bfc9876 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,10 @@
+=======================================================
+libnma-1.8.28
+Overview of changes since network-manager-applet-1.8.26
+=======================================================
+
+* Turned the wireless-security library to a public API
+
=======================================================
libnma-1.8.26
Overview of changes since network-manager-applet-1.8.24
diff --git a/meson.build b/meson.build
index 13e05a3b..a609489d 100644
--- a/meson.build
+++ b/meson.build
@@ -303,6 +303,7 @@ if enable_gtk_doc
'nma-resources.h',
'nma-private.h',
'nma-version.h',
+ 'nma-eap.h',
'eap-method.h',
'wireless-security.h',
]
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 67777098..87c2a3de 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -17,6 +17,33 @@ src/nma-ui-utils.c
src/nma-vpn-password-dialog.c
src/nma-vpn-password-dialog.ui
src/nma-wifi-dialog.c
+src/nma-ws/nma-eap.c
+src/nma-ws/nma-eap-fast.c
+src/nma-ws/nma-eap-fast.ui
+src/nma-ws/nma-eap-leap.c
+src/nma-ws/nma-eap-leap.ui
+src/nma-ws/nma-eap-peap.c
+src/nma-ws/nma-eap-peap.ui
+src/nma-ws/nma-eap-simple.c
+src/nma-ws/nma-eap-simple.ui
+src/nma-ws/nma-eap-tls.c
+src/nma-ws/nma-eap-tls.ui
+src/nma-ws/nma-eap-ttls.c
+src/nma-ws/nma-eap-ttls.ui
+src/nma-ws/nma-ws-802-1x.c
+src/nma-ws/nma-ws-802-1x.ui
+src/nma-ws/nma-ws.c
+src/nma-ws/nma-ws-dynamic-wep.c
+src/nma-ws/nma-ws-helpers.c
+src/nma-ws/nma-ws-leap.c
+src/nma-ws/nma-ws-leap.ui
+src/nma-ws/nma-ws-sae.c
+src/nma-ws/nma-ws-sae.ui
+src/nma-ws/nma-ws-wep-key.c
+src/nma-ws/nma-ws-wep-key.ui
+src/nma-ws/nma-ws-wpa-eap.c
+src/nma-ws/nma-ws-wpa-psk.c
+src/nma-ws/nma-ws-wpa-psk.ui
src/wifi.ui
src/utils/utils.c
src/wireless-security/eap-method.c
diff --git a/src/libnma.ver b/src/libnma.ver
index 9b263d9c..1f293ce3 100644
--- a/src/libnma.ver
+++ b/src/libnma.ver
@@ -112,3 +112,24 @@ libnma_1_8_22 {
nma_bar_code_widget_get_type;
nma_bar_code_widget_new;
} libnma_1_8_12;
+
+libnma_1_8_28 {
+ nma_ws_802_1x_get_type;
+ nma_ws_802_1x_new;
+ nma_ws_add_to_size_group;
+ nma_ws_dynamic_wep_get_type;
+ nma_ws_dynamic_wep_new;
+ nma_ws_fill_connection;
+ nma_ws_get_type;
+ nma_ws_leap_get_type;
+ nma_ws_leap_new;
+ nma_ws_sae_get_type;
+ nma_ws_sae_new;
+ nma_ws_validate;
+ nma_ws_wep_key_get_type;
+ nma_ws_wep_key_new;
+ nma_ws_wpa_eap_get_type;
+ nma_ws_wpa_eap_new;
+ nma_ws_wpa_psk_get_type;
+ nma_ws_wpa_psk_new;
+} libnma_1_8_22;
diff --git a/src/meson.build b/src/meson.build
index 280a3415..879bb66c 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -16,6 +16,7 @@ version_header = configure_file(
subdir('utils')
subdir('wireless-security')
+subdir('nma-ws')
cert_chooser_headers = files('nma-cert-chooser.h')
@@ -24,7 +25,7 @@ cert_chooser_sources = files(
'nma-file-cert-chooser.c'
)
-resource_data = files(
+resource_data = nma_ws_resource_data + files(
'nma-bar-code-widget.ui',
'nma-mobile-wizard.ui',
'nma-pkcs11-cert-chooser-dialog.ui',
@@ -39,7 +40,7 @@ built_sources = gnome.compile_resources(
dependencies: resource_data
)
-gir_headers = cert_chooser_headers + files(
+gir_headers = cert_chooser_headers + nma_ws_headers + files(
'nma-bar-code-widget.h',
'nma-bar-code.h',
'nma-mobile-providers.h',
@@ -54,7 +55,7 @@ install_headers(
subdir: 'libnma'
)
-gir_sources = [version_header] + cert_chooser_sources + files(
+gir_sources = [version_header] + cert_chooser_sources + nma_ws_sources + files(
'init.c',
'nma-bar-code-widget.c',
'nma-bar-code.c',
@@ -69,7 +70,8 @@ incs = [
top_inc,
shared_inc,
src_inc,
- wireless_security_inc
+ wireless_security_inc,
+ nma_ws_inc,
]
deps = [
diff --git a/src/nma-version.h.in b/src/nma-version.h.in
index 78e0f206..770791b3 100644
--- a/src/nma-version.h.in
+++ b/src/nma-version.h.in
@@ -59,9 +59,10 @@
#define NMA_VERSION_1_8_10 (NMA_ENCODE_VERSION (1, 8, 10))
#define NMA_VERSION_1_8_12 (NMA_ENCODE_VERSION (1, 8, 12))
#define NMA_VERSION_1_8_22 (NMA_ENCODE_VERSION (1, 8, 22))
+#define NMA_VERSION_1_8_28 (NMA_ENCODE_VERSION (1, 8, 28))
#define NMA_VERSION_CUR_STABLE NMA_VERSION_1_8_10
-#define NMA_VERSION_NEXT_STABLE NMA_VERSION_1_8_22
+#define NMA_VERSION_NEXT_STABLE NMA_VERSION_1_8_28
#define NMA_VERSION NMA_ENCODE_VERSION (NMA_MAJOR_VERSION, NMA_MINOR_VERSION, NMA_MICRO_VERSION)
@@ -116,4 +117,10 @@
# define NMA_AVAILABLE_IN_1_8_22
#endif
+#if NMA_VERSION_MAX_ALLOWED < NMA_VERSION_1_8_28
+# define NMA_AVAILABLE_IN_1_8_28 G_UNAVAILABLE(1.8,28)
+#else
+# define NMA_AVAILABLE_IN_1_8_28
+#endif
+
#endif /* NMA_VERSION_H */
diff --git a/src/nma-ws/meson.build b/src/nma-ws/meson.build
new file mode 100644
index 00000000..8088edab
--- /dev/null
+++ b/src/nma-ws/meson.build
@@ -0,0 +1,44 @@
+nma_ws_inc = include_directories('.')
+
+nma_ws_resource_data = files(
+ 'nma-ws-802-1x.ui',
+ 'nma-ws-leap.ui',
+ 'nma-ws-sae.ui',
+ 'nma-ws-wep-key.ui',
+ 'nma-ws-wpa-psk.ui',
+ 'nma-eap-fast.ui',
+ 'nma-eap-leap.ui',
+ 'nma-eap-peap.ui',
+ 'nma-eap-simple.ui',
+ 'nma-eap-tls.ui',
+ 'nma-eap-ttls.ui',
+)
+
+nma_ws_headers = files(
+ 'nma-ws-dynamic-wep.h',
+ 'nma-ws-leap.h',
+ 'nma-ws-sae.h',
+ 'nma-ws-wep-key.h',
+ 'nma-ws-wpa-eap.h',
+ 'nma-ws-wpa-psk.h',
+ 'nma-ws.h',
+)
+
+nma_ws_sources = files(
+ 'nma-eap.c',
+ 'nma-eap-fast.c',
+ 'nma-eap-leap.c',
+ 'nma-eap-peap.c',
+ 'nma-eap-simple.c',
+ 'nma-eap-tls.c',
+ 'nma-eap-ttls.c',
+ 'nma-ws-802-1x.c',
+ 'nma-ws.c',
+ 'nma-ws-dynamic-wep.c',
+ 'nma-ws-helpers.c',
+ 'nma-ws-leap.c',
+ 'nma-ws-sae.c',
+ 'nma-ws-wep-key.c',
+ 'nma-ws-wpa-eap.c',
+ 'nma-ws-wpa-psk.c',
+)
diff --git a/src/nma-ws/nma-eap-fast.c b/src/nma-ws/nma-eap-fast.c
new file mode 100644
index 00000000..c3b3e42a
--- /dev/null
+++ b/src/nma-ws/nma-eap-fast.c
@@ -0,0 +1,438 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * EAP-FAST authentication method (RFC4851)
+ *
+ * Copyright 2012 - 2019 Red Hat, Inc.
+ */
+
+#include "nm-default.h"
+#include "nma-private.h"
+
+#include <ctype.h>
+#include <string.h>
+
+#include "nma-eap.h"
+#include "nma-ws.h"
+#include "nma-ws-private.h"
+#include "utils.h"
+
+#define I_NAME_COLUMN 0
+#define I_METHOD_COLUMN 1
+
+struct _NMAEapFast {
+ NMAEap parent;
+
+ const char *password_flags_name;
+ GtkSizeGroup *size_group;
+ NMAWs8021x *ws_8021x;
+ gboolean is_editor;
+};
+
+static void
+destroy (NMAEap *parent)
+{
+ NMAEapFast *method = (NMAEapFast *) parent;
+
+ if (method->size_group)
+ g_object_unref (method->size_group);
+}
+
+static gboolean
+validate (NMAEap *parent, GError **error)
+{
+ GtkWidget *widget;
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+ NMAEap *eap = NULL;
+ const char *file;
+ gboolean provisioning;
+ gboolean valid = TRUE;
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_checkbutton"));
+ g_assert (widget);
+ provisioning = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget));
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_button"));
+ g_assert (widget);
+ file = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
+ if (!provisioning && !file) {
+ widget_set_error (widget);
+ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP-FAST PAC file"));
+ valid = FALSE;
+ } else
+ widget_unset_error (widget);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_combo"));
+ g_assert (widget);
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
+ gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
+ gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
+ g_assert (eap);
+ valid = nma_eap_validate (eap, valid ? error : NULL) && valid;
+ nma_eap_unref (eap);
+ return valid;
+}
+
+static void
+add_to_size_group (NMAEap *parent, GtkSizeGroup *group)
+{
+ NMAEapFast *method = (NMAEapFast *) parent;
+ GtkWidget *widget;
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+ NMAEap *eap;
+
+ if (method->size_group)
+ g_object_unref (method->size_group);
+ method->size_group = g_object_ref (group);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_anon_identity_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_checkbutton"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_combo"));
+ g_assert (widget);
+
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
+ gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
+ gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
+ g_assert (eap);
+ nma_eap_add_to_size_group (eap, group);
+ nma_eap_unref (eap);
+}
+
+static void
+fill_connection (NMAEap *parent, NMConnection *connection)
+{
+ NMSetting8021x *s_8021x;
+ GtkWidget *widget;
+ const char *text;
+ char *filename;
+ NMAEap *eap = NULL;
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+ gboolean enabled;
+ int pac_provisioning = 0;
+
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ g_assert (s_8021x);
+
+ nm_setting_802_1x_add_eap_method (s_8021x, "fast");
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_anon_identity_entry"));
+ g_assert (widget);
+ text = gtk_editable_get_text (GTK_EDITABLE (widget));
+ if (text && strlen (text))
+ g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_button"));
+ g_assert (widget);
+ filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
+ g_object_set (s_8021x, NM_SETTING_802_1X_PAC_FILE, filename, NULL);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_checkbutton"));
+ enabled = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget));
+
+ if (!enabled)
+ g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING, "0", NULL);
+ else {
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_fast_pac_provision_combo"));
+ pac_provisioning = gtk_combo_box_get_active (GTK_COMBO_BOX (widget));
+
+ switch (pac_provisioning) {
+ case 0: /* Anonymous */
+ g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING, "1",
NULL);
+ break;
+ case 1: /* Authenticated */
+ g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING, "2",
NULL);
+ break;
+ case 2: /* Both - anonymous and authenticated */
+ g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING, "3",
NULL);
+ break;
+ default: /* Should not happen */
+ g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING, "1",
NULL);
+ break;
+ }
+ }
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_combo"));
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
+ gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
+ gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
+ g_assert (eap);
+
+ nma_eap_fill_connection (eap, connection);
+ nma_eap_unref (eap);
+}
+
+static void
+inner_auth_combo_changed_cb (GtkWidget *combo, gpointer user_data)
+{
+ NMAEap *parent = (NMAEap *) user_data;
+ NMAEapFast *method = (NMAEapFast *) parent;
+ GtkWidget *vbox;
+ NMAEap *eap = NULL;
+ GList *elt, *children;
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+ GtkWidget *eap_widget;
+
+ vbox = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_vbox"));
+ g_assert (vbox);
+
+ /* Remove any previous wireless security widgets */
+ children = gtk_container_get_children (GTK_CONTAINER (vbox));
+ for (elt = children; elt; elt = g_list_next (elt))
+ gtk_container_remove (GTK_CONTAINER (vbox), GTK_WIDGET (elt->data));
+ g_list_free (children);
+
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo));
+ gtk_combo_box_get_active_iter (GTK_COMBO_BOX (combo), &iter);
+ gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
+ g_assert (eap);
+
+ eap_widget = nma_eap_get_widget (eap);
+ g_assert (eap_widget);
+ gtk_widget_unparent (eap_widget);
+
+ if (method->size_group)
+ nma_eap_add_to_size_group (eap, method->size_group);
+ gtk_container_add (GTK_CONTAINER (vbox), eap_widget);
+
+ nma_eap_unref (eap);
+
+ nma_ws_changed_cb (combo, method->ws_8021x);
+}
+
+static GtkWidget *
+inner_auth_combo_init (NMAEapFast *method,
+ NMConnection *connection,
+ NMSetting8021x *s_8021x,
+ gboolean secrets_only)
+{
+ NMAEap *parent = (NMAEap *) method;
+ GtkWidget *combo;
+ GtkListStore *auth_model;
+ GtkTreeIter iter;
+ NMAEapSimple *em_gtc;
+ NMAEapSimple *em_mschap_v2;
+ guint32 active = 0;
+ const char *phase2_auth = NULL;
+ NMAEapSimpleFlags simple_flags;
+
+ auth_model = gtk_list_store_new (2, G_TYPE_STRING, nma_eap_get_type ());
+
+ if (s_8021x) {
+ if (nm_setting_802_1x_get_phase2_auth (s_8021x))
+ phase2_auth = nm_setting_802_1x_get_phase2_auth (s_8021x);
+ else if (nm_setting_802_1x_get_phase2_autheap (s_8021x))
+ phase2_auth = nm_setting_802_1x_get_phase2_autheap (s_8021x);
+ }
+
+ simple_flags = NMA_EAP_SIMPLE_FLAG_PHASE2;
+ if (method->is_editor)
+ simple_flags |= NMA_EAP_SIMPLE_FLAG_IS_EDITOR;
+ if (secrets_only)
+ simple_flags |= NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY;
+
+ em_gtc = nma_eap_simple_new (method->ws_8021x,
+ connection,
+ NMA_EAP_SIMPLE_TYPE_GTC,
+ simple_flags,
+ NULL);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ I_NAME_COLUMN, _("GTC"),
+ I_METHOD_COLUMN, em_gtc,
+ -1);
+ nma_eap_unref (NMA_EAP (em_gtc));
+
+ /* Check for defaulting to GTC */
+ if (phase2_auth && !strcasecmp (phase2_auth, "gtc"))
+ active = 0;
+
+ em_mschap_v2 = nma_eap_simple_new (method->ws_8021x,
+ connection,
+ NMA_EAP_SIMPLE_TYPE_MSCHAP_V2,
+ simple_flags,
+ NULL);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ I_NAME_COLUMN, _("MSCHAPv2"),
+ I_METHOD_COLUMN, em_mschap_v2,
+ -1);
+ nma_eap_unref (NMA_EAP (em_mschap_v2));
+
+ /* Check for defaulting to MSCHAPv2 */
+ if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2"))
+ active = 1;
+
+ combo = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_combo"));
+ g_assert (combo);
+
+ gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (auth_model));
+ g_object_unref (G_OBJECT (auth_model));
+ gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active);
+
+ g_signal_connect (G_OBJECT (combo), "changed",
+ (GCallback) inner_auth_combo_changed_cb,
+ method);
+ return combo;
+}
+
+static void
+update_secrets (NMAEap *parent, NMConnection *connection)
+{
+ nma_eap_phase2_update_secrets_helper (parent,
+ connection,
+ "eap_fast_inner_auth_combo",
+ I_METHOD_COLUMN);
+}
+
+static void
+pac_toggled_cb (GtkWidget *widget, gpointer user_data)
+{
+ NMAEap *parent = (NMAEap *) user_data;
+ NMAEapFast *method = (NMAEapFast *) parent;
+ gboolean enabled = FALSE;
+ GtkWidget *provision_combo;
+
+ provision_combo = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_fast_pac_provision_combo"));
+ g_return_if_fail (provision_combo);
+
+ enabled = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget));
+
+ gtk_widget_set_sensitive (provision_combo, enabled);
+
+ nma_ws_changed_cb (widget, method->ws_8021x);
+}
+
+NMAEapFast *
+nma_eap_fast_new (NMAWs8021x *ws_8021x,
+ NMConnection *connection,
+ gboolean is_editor,
+ gboolean secrets_only)
+{
+ NMAEap *parent;
+ NMAEapFast *method;
+ GtkWidget *widget;
+ GtkFileFilter *filter;
+ NMSetting8021x *s_8021x = NULL;
+ const char *filename;
+ gboolean provisioning_enabled = TRUE;
+
+ parent = nma_eap_init (sizeof (NMAEapFast),
+ validate,
+ add_to_size_group,
+ fill_connection,
+ update_secrets,
+ destroy,
+ "/org/gnome/libnma/nma-eap-fast.ui",
+ "eap_fast_grid",
+ "eap_fast_anon_identity_entry",
+ FALSE);
+ if (!parent)
+ return NULL;
+
+ method = (NMAEapFast *) parent;
+ method->password_flags_name = NM_SETTING_802_1X_PASSWORD;
+ method->ws_8021x = ws_8021x;
+ method->is_editor = is_editor;
+
+ if (connection)
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_combo"));
+ g_assert (widget);
+ gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0);
+ if (s_8021x) {
+ const char *fast_prov;
+
+ fast_prov = nm_setting_802_1x_get_phase1_fast_provisioning (s_8021x);
+ if (fast_prov) {
+ if (!strcmp (fast_prov, "0"))
+ provisioning_enabled = FALSE;
+ else if (!strcmp (fast_prov, "1"))
+ gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0);
+ else if (!strcmp (fast_prov, "2"))
+ gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1);
+ else if (!strcmp (fast_prov, "3"))
+ gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 2);
+ }
+ }
+ gtk_widget_set_sensitive (widget, provisioning_enabled);
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_provision_checkbutton"));
+ gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), provisioning_enabled);
+ g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (pac_toggled_cb), parent);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_anon_identity_entry"));
+ if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x))
+ gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_anonymous_identity
(s_8021x));
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_button"));
+ g_assert (widget);
+ gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
+ gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
+ _("Choose a PAC file"));
+ g_signal_connect (G_OBJECT (widget), "selection-changed",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+
+ filter = gtk_file_filter_new ();
+ gtk_file_filter_add_pattern (filter, "*.pac");
+ gtk_file_filter_set_name (filter, _("PAC files (*.pac)"));
+ gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
+ filter = gtk_file_filter_new ();
+ gtk_file_filter_add_pattern (filter, "*");
+ gtk_file_filter_set_name (filter, _("All files"));
+ gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
+
+ if (connection && s_8021x) {
+ filename = nm_setting_802_1x_get_pac_file (s_8021x);
+ if (filename)
+ gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename);
+ }
+
+ widget = inner_auth_combo_init (method, connection, s_8021x, secrets_only);
+ inner_auth_combo_changed_cb (widget, (gpointer) method);
+
+ if (secrets_only) {
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_fast_anon_identity_label"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_fast_anon_identity_entry"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_fast_pac_provision_checkbutton"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_fast_pac_provision_combo"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_label"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_pac_file_button"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_label"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_fast_inner_auth_combo"));
+ gtk_widget_hide (widget);
+ }
+
+ return method;
+}
diff --git a/src/nma-ws/nma-eap-fast.h b/src/nma-ws/nma-eap-fast.h
new file mode 100644
index 00000000..a63d9707
--- /dev/null
+++ b/src/nma-ws/nma-eap-fast.h
@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * EAP-FAST authentication method (RFC4851)
+ *
+ * Copyright 2012 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_EAP_FAST_H
+#define NMA_EAP_FAST_H
+
+#include "nma-ws.h"
+
+typedef struct _NMAEapFast NMAEapFast;
+
+NMAEapFast *nma_eap_fast_new (NMAWs8021x *ws_8021x,
+ NMConnection *connection,
+ gboolean is_editor,
+ gboolean secrets_only);
+
+#endif /* NMA_EAP_FAST_H */
diff --git a/src/nma-ws/nma-eap-fast.ui b/src/nma-ws/nma-eap-fast.ui
new file mode 100644
index 00000000..ed33a819
--- /dev/null
+++ b/src/nma-ws/nma-eap-fast.ui
@@ -0,0 +1,166 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Generated with glade 3.22.1 -->
+<interface domain="nm-applet">
+ <requires lib="gtk+" version="3.10"/>
+ <object class="GtkListStore" id="model8">
+ <columns>
+ <!-- column-name gchararray -->
+ <column type="gchararray"/>
+ </columns>
+ <data>
+ <row>
+ <col id="0"> </col>
+ </row>
+ </data>
+ </object>
+ <object class="GtkListStore" id="model9">
+ <columns>
+ <!-- column-name gchararray -->
+ <column type="gchararray"/>
+ </columns>
+ <data>
+ <row>
+ <col id="0" translatable="yes">Anonymous</col>
+ </row>
+ <row>
+ <col id="0" translatable="yes">Authenticated</col>
+ </row>
+ <row>
+ <col id="0" translatable="yes">Both</col>
+ </row>
+ </data>
+ </object>
+ <object class="GtkGrid" id="eap_fast_grid">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="row_spacing">6</property>
+ <property name="column_spacing">6</property>
+ <child>
+ <object class="GtkLabel" id="eap_fast_anon_identity_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">Anony_mous identity</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_fast_anon_identity_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="eap_fast_anon_identity_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ <property name="activates_default">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="eap_fast_pac_file_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">PAC _file</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_fast_pac_file_button</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">2</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkFileChooserButton" id="eap_fast_pac_file_button">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">2</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkBox" id="eap_fast_inner_auth_vbox">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="orientation">vertical</property>
+ <child>
+ <placeholder/>
+ </child>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">4</property>
+ <property name="width">2</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="eap_fast_inner_auth_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">_Inner authentication</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_fast_inner_auth_combo</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">3</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkComboBox" id="eap_fast_inner_auth_combo">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="model">model8</property>
+ <child>
+ <object class="GtkCellRendererText" id="renderer8"/>
+ <attributes>
+ <attribute name="text">0</attribute>
+ </attributes>
+ </child>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">3</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkCheckButton" id="eap_fast_pac_provision_checkbutton">
+ <property name="label" translatable="yes">Allow automatic PAC pro_visioning</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="use_underline">True</property>
+ <property name="draw_indicator">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkComboBox" id="eap_fast_pac_provision_combo">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="model">model9</property>
+ <child>
+ <object class="GtkCellRendererText" id="renderer9"/>
+ <attributes>
+ <attribute name="text">0</attribute>
+ </attributes>
+ </child>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ </object>
+</interface>
diff --git a/src/nma-ws/nma-eap-leap.c b/src/nma-ws/nma-eap-leap.c
new file mode 100644
index 00000000..d0929efc
--- /dev/null
+++ b/src/nma-ws/nma-eap-leap.c
@@ -0,0 +1,257 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#include "nm-default.h"
+#include "nma-private.h"
+
+#include <ctype.h>
+#include <string.h>
+
+#include "nma-eap.h"
+#include "nma-ws.h"
+#include "nma-ws-private.h"
+#include "nma-ws-helpers.h"
+#include "nma-ws-802-1x.h"
+#include "nma-ws-802-1x-private.h"
+#include "nma-ui-utils.h"
+#include "utils.h"
+
+struct _NMAEapLeap {
+ NMAEap parent;
+
+ NMAWs8021x *ws_8021x;
+
+ gboolean editing_connection;
+
+ const char *password_flags_name;
+ GtkEntry *username_entry;
+ GtkEntry *password_entry;
+ GtkToggleButton *show_password;
+};
+
+static void
+show_toggled_cb (GtkToggleButton *button, NMAEapLeap *method)
+{
+ gboolean visible;
+
+ visible = gtk_toggle_button_get_active (button);
+ gtk_entry_set_visibility (method->password_entry, visible);
+}
+
+static gboolean
+validate (NMAEap *parent, GError **error)
+{
+ NMAEapLeap *method = (NMAEapLeap *)parent;
+ const char *text;
+ gboolean ret = TRUE;
+
+ text = gtk_editable_get_text (GTK_EDITABLE (method->username_entry));
+ if (!text || !strlen (text)) {
+ widget_set_error (GTK_WIDGET (method->username_entry));
+ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP-LEAP username"));
+ ret = FALSE;
+ } else
+ widget_unset_error (GTK_WIDGET (method->username_entry));
+
+ text = gtk_editable_get_text (GTK_EDITABLE (method->password_entry));
+ if (!text || !strlen (text)) {
+ widget_set_error (GTK_WIDGET (method->password_entry));
+ if (ret) {
+ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP-LEAP
password"));
+ ret = FALSE;
+ }
+ } else
+ widget_unset_error (GTK_WIDGET (method->password_entry));
+
+ return ret;
+}
+
+static void
+add_to_size_group (NMAEap *parent, GtkSizeGroup *group)
+{
+ GtkWidget *widget;
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_username_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_password_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+}
+
+static void
+fill_connection (NMAEap *parent, NMConnection *connection)
+{
+ NMAEapLeap *method = (NMAEapLeap *) parent;
+ NMSetting8021x *s_8021x;
+ NMSettingSecretFlags secret_flags;
+ GtkWidget *passwd_entry;
+
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ g_assert (s_8021x);
+
+ nm_setting_802_1x_add_eap_method (s_8021x, "leap");
+
+ g_object_set (s_8021x,
+ NM_SETTING_802_1X_IDENTITY, gtk_editable_get_text (GTK_EDITABLE
(method->username_entry)),
+ NM_SETTING_802_1X_PASSWORD, gtk_editable_get_text (GTK_EDITABLE
(method->password_entry)),
+ NULL);
+
+ passwd_entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_password_entry"));
+ g_assert (passwd_entry);
+
+ /* Save 802.1X password flags to the connection */
+ secret_flags = nma_utils_menu_to_secret_flags (passwd_entry);
+ nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->password_flags_name,
+ secret_flags, NULL);
+
+ /* Update secret flags and popup when editing the connection */
+ if (method->editing_connection)
+ nma_utils_update_password_storage (passwd_entry, secret_flags,
+ NM_SETTING (s_8021x), method->password_flags_name);
+}
+
+static void
+update_secrets (NMAEap *parent, NMConnection *connection)
+{
+ nma_ws_helper_fill_secret_entry (connection,
+ GTK_EDITABLE (gtk_builder_get_object (parent->builder,
"eap_leap_password_entry")),
+ NM_TYPE_SETTING_802_1X,
+ (HelperSecretFunc) nm_setting_802_1x_get_password);
+}
+
+/* Set the UI fields for user, password and show_password to the
+ * values as provided by method->ws_8021x. */
+static void
+set_userpass_ui (NMAEapLeap *method)
+{
+ if (method->ws_8021x->username) {
+ gtk_editable_set_text (GTK_EDITABLE (method->username_entry),
+ method->ws_8021x->username);
+ } else {
+ gtk_editable_set_text (GTK_EDITABLE (method->username_entry), "");
+ }
+
+ if (method->ws_8021x->password && !method->ws_8021x->always_ask) {
+ gtk_editable_set_text (GTK_EDITABLE (method->password_entry),
+ method->ws_8021x->password);
+ } else {
+ gtk_editable_set_text (GTK_EDITABLE (method->password_entry), "");
+ }
+
+ gtk_toggle_button_set_active (method->show_password, method->ws_8021x->show_password);
+}
+
+static void
+widgets_realized (GtkWidget *widget, NMAEapLeap *method)
+{
+ set_userpass_ui (method);
+}
+
+static void
+widgets_unrealized (GtkWidget *widget, NMAEapLeap *method)
+{
+ nma_ws_802_1x_set_userpass (method->ws_8021x,
+ gtk_editable_get_text (GTK_EDITABLE (method->username_entry)),
+ gtk_editable_get_text (GTK_EDITABLE (method->password_entry)),
+ (gboolean) -1,
+ gtk_toggle_button_get_active (method->show_password));
+}
+
+static void
+destroy (NMAEap *parent)
+{
+ NMAEapLeap *method = (NMAEapLeap *) parent;
+ GtkWidget *widget;
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_grid"));
+ g_assert (widget);
+ g_signal_handlers_disconnect_by_data (widget, method);
+
+ g_signal_handlers_disconnect_by_data (method->username_entry, method->ws_8021x);
+ g_signal_handlers_disconnect_by_data (method->password_entry, method->ws_8021x);
+ g_signal_handlers_disconnect_by_data (method->show_password, method);
+}
+
+NMAEapLeap *
+nma_eap_leap_new (NMAWs8021x *ws_8021x,
+ NMConnection *connection,
+ gboolean secrets_only)
+{
+ NMAEapLeap *method;
+ NMAEap *parent;
+ GtkWidget *widget;
+ NMSetting8021x *s_8021x = NULL;
+
+ parent = nma_eap_init (sizeof (NMAEapLeap),
+ validate,
+ add_to_size_group,
+ fill_connection,
+ update_secrets,
+ destroy,
+ "/org/gnome/libnma/nma-eap-leap.ui",
+ "eap_leap_grid",
+ "eap_leap_username_entry",
+ FALSE);
+ if (!parent)
+ return NULL;
+
+ method = (NMAEapLeap *) parent;
+ method->password_flags_name = NM_SETTING_802_1X_PASSWORD;
+ method->editing_connection = secrets_only ? FALSE : TRUE;
+ method->ws_8021x = ws_8021x;
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_grid"));
+ g_assert (widget);
+ g_signal_connect (G_OBJECT (widget), "realize",
+ (GCallback) widgets_realized,
+ method);
+ g_signal_connect (G_OBJECT (widget), "unrealize",
+ (GCallback) widgets_unrealized,
+ method);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_username_entry"));
+ g_assert (widget);
+ method->username_entry = GTK_ENTRY (widget);
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+
+ if (secrets_only)
+ gtk_widget_set_sensitive (widget, FALSE);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_leap_password_entry"));
+ g_assert (widget);
+ method->password_entry = GTK_ENTRY (widget);
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+
+ /* Create password-storage popup menu for password entry under entry's secondary icon */
+ if (connection)
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ nma_utils_setup_password_storage (widget, 0, (NMSetting *) s_8021x, method->password_flags_name,
+ FALSE, secrets_only);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_eapleap"));
+ g_assert (widget);
+ method->show_password = GTK_TOGGLE_BUTTON (widget);
+ g_signal_connect (G_OBJECT (widget), "toggled",
+ (GCallback) show_toggled_cb,
+ parent);
+
+ /* Initialize the UI fields with the security settings from method->ws_8021x.
+ * This will be done again when the widget gets realized. It must be done here as well,
+ * because the outer dialog will ask to 'validate' the connection before the security tab
+ * is shown/realized (to enable the 'Apply' button).
+ * As 'validate' accesses the contents of the UI fields, they must be initialized now, even
+ * if the widgets are not yet visible. */
+ set_userpass_ui (method);
+
+ return method;
+}
diff --git a/src/nma-ws/nma-eap-leap.h b/src/nma-ws/nma-eap-leap.h
new file mode 100644
index 00000000..c75aa56a
--- /dev/null
+++ b/src/nma-ws/nma-eap-leap.h
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_EAP_LEAP_H
+#define NMA_EAP_LEAP_H
+
+#include "nma-ws.h"
+
+typedef struct _NMAEapLeap NMAEapLeap;
+
+NMAEapLeap *nma_eap_leap_new (NMAWs8021x *ws_8021x,
+ NMConnection *connection,
+ gboolean secrets_only);
+
+#endif /* NMA_EAP_LEAP_H */
diff --git a/src/nma-ws/nma-eap-leap.ui b/src/nma-ws/nma-eap-leap.ui
new file mode 100644
index 00000000..a3cfae72
--- /dev/null
+++ b/src/nma-ws/nma-eap-leap.ui
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Generated with glade 3.22.1 -->
+<interface domain="nm-applet">
+ <requires lib="gtk+" version="3.10"/>
+ <object class="GtkGrid" id="eap_leap_grid">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="valign">start</property>
+ <property name="row_spacing">6</property>
+ <property name="column_spacing">6</property>
+ <child>
+ <object class="GtkLabel" id="eap_leap_username_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">_Username</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_leap_username_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="eap_leap_password_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">_Password</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_leap_password_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="eap_leap_password_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ <property name="visibility">False</property>
+ <property name="activates_default">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkCheckButton" id="show_checkbutton_eapleap">
+ <property name="label" translatable="yes">Sho_w password</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="hexpand">True</property>
+ <property name="use_underline">True</property>
+ <property name="draw_indicator">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">2</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="eap_leap_username_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ </object>
+</interface>
diff --git a/src/nma-ws/nma-eap-peap.c b/src/nma-ws/nma-eap-peap.c
new file mode 100644
index 00000000..3f96c46d
--- /dev/null
+++ b/src/nma-ws/nma-eap-peap.c
@@ -0,0 +1,486 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#include "nm-default.h"
+#include "nma-private.h"
+
+#include <ctype.h>
+#include <string.h>
+
+#include "nma-eap.h"
+#include "nma-ws.h"
+#include "nma-ws-private.h"
+#include "nma-cert-chooser.h"
+#include "utils.h"
+
+#define I_NAME_COLUMN 0
+#define I_METHOD_COLUMN 1
+
+struct _NMAEapPeap {
+ NMAEap parent;
+
+ const char *password_flags_name;
+ GtkSizeGroup *size_group;
+ NMAWs8021x *ws_8021x;
+ gboolean is_editor;
+ GtkWidget *ca_cert_chooser;
+};
+
+static void
+destroy (NMAEap *parent)
+{
+ NMAEapPeap *method = (NMAEapPeap *) parent;
+
+ if (method->size_group)
+ g_object_unref (method->size_group);
+}
+
+static gboolean
+validate (NMAEap *parent, GError **error)
+{
+ NMAEapPeap *method = (NMAEapPeap *) parent;
+ GtkWidget *widget;
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+ NMAEap *eap = NULL;
+ gboolean valid = FALSE;
+
+ if ( gtk_widget_get_sensitive (method->ca_cert_chooser)
+ && !nma_cert_chooser_validate (NMA_CERT_CHOOSER (method->ca_cert_chooser), error))
+ return FALSE;
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo"));
+ g_assert (widget);
+
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
+ gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
+ gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
+ g_assert (eap);
+ valid = nma_eap_validate (eap, error);
+ nma_eap_unref (eap);
+ return valid;
+}
+
+static void
+ca_cert_not_required_toggled (GtkWidget *button, gpointer user_data)
+{
+ NMAEapPeap *method = (NMAEapPeap *) user_data;
+
+ gtk_widget_set_sensitive (method->ca_cert_chooser,
+ !gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button)));
+}
+
+static void
+add_to_size_group (NMAEap *parent, GtkSizeGroup *group)
+{
+ NMAEapPeap *method = (NMAEapPeap *) parent;
+ GtkWidget *widget;
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+ NMAEap *eap;
+
+ if (method->size_group)
+ g_object_unref (method->size_group);
+ method->size_group = g_object_ref (group);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_domain_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
+ nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->ca_cert_chooser), group);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo"));
+ g_assert (widget);
+
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
+ gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
+ gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
+ g_assert (eap);
+ nma_eap_add_to_size_group (eap, group);
+ nma_eap_unref (eap);
+}
+
+static void
+fill_connection (NMAEap *parent, NMConnection *connection)
+{
+ NMAEapPeap *method = (NMAEapPeap *) parent;
+ NMSetting8021x *s_8021x;
+ NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ GtkWidget *widget;
+ const char *text;
+ char *value = NULL;
+ NMAEap *eap = NULL;
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+ int peapver_active = 0;
+ GError *error = NULL;
+ gboolean ca_cert_error = FALSE;
+ NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN;
+ NMSettingSecretFlags secret_flags;
+
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ g_assert (s_8021x);
+
+ nm_setting_802_1x_add_eap_method (s_8021x, "peap");
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_entry"));
+ g_assert (widget);
+ text = gtk_editable_get_text (GTK_EDITABLE (widget));
+ if (text && strlen (text))
+ g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_domain_entry"));
+ g_assert (widget);
+ text = gtk_editable_get_text (GTK_EDITABLE (widget));
+ if (text && strlen (text))
+ g_object_set (s_8021x, NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH, text, NULL);
+
+ /* Save CA certificate PIN and its flags to the connection */
+ secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser));
+ nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_CA_CERT_PASSWORD,
+ secret_flags, NULL);
+ if (method->is_editor) {
+ /* Update secret flags and popup when editing the connection */
+ nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
+ secret_flags, NM_SETTING (s_8021x),
+ NM_SETTING_802_1X_CA_CERT_PASSWORD);
+ g_object_set (s_8021x, NM_SETTING_802_1X_CA_CERT_PASSWORD,
+ nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->ca_cert_chooser)),
+ NULL);
+ }
+
+ /* TLS CA certificate */
+ if (gtk_widget_get_sensitive (method->ca_cert_chooser))
+ value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme);
+ format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ if (!nm_setting_802_1x_set_ca_cert (s_8021x, value, scheme, &format, &error)) {
+ g_warning ("Couldn't read CA certificate '%s': %s", value, error ? error->message :
"(unknown)");
+ g_clear_error (&error);
+ ca_cert_error = TRUE;
+ }
+ nma_eap_ca_cert_ignore_set (parent, connection, value, ca_cert_error);
+ g_free (value);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_combo"));
+ peapver_active = gtk_combo_box_get_active (GTK_COMBO_BOX (widget));
+ switch (peapver_active) {
+ case 1: /* PEAP v0 */
+ g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_PEAPVER, "0", NULL);
+ break;
+ case 2: /* PEAP v1 */
+ g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_PEAPVER, "1", NULL);
+ break;
+ default: /* Automatic */
+ g_object_set (G_OBJECT (s_8021x), NM_SETTING_802_1X_PHASE1_PEAPVER, NULL, NULL);
+ break;
+ }
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo"));
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
+ gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
+ gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
+ g_assert (eap);
+
+ nma_eap_fill_connection (eap, connection);
+ nma_eap_unref (eap);
+}
+static void
+inner_auth_combo_changed_cb (GtkWidget *combo, gpointer user_data)
+{
+ NMAEap *parent = (NMAEap *) user_data;
+ NMAEapPeap *method = (NMAEapPeap *) parent;
+ GtkWidget *vbox;
+ NMAEap *eap = NULL;
+ GList *elt, *children;
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+ GtkWidget *eap_widget;
+
+ vbox = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_vbox"));
+ g_assert (vbox);
+
+ /* Remove any previous wireless security widgets */
+ children = gtk_container_get_children (GTK_CONTAINER (vbox));
+ for (elt = children; elt; elt = g_list_next (elt))
+ gtk_container_remove (GTK_CONTAINER (vbox), GTK_WIDGET (elt->data));
+
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo));
+ gtk_combo_box_get_active_iter (GTK_COMBO_BOX (combo), &iter);
+ gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
+ g_assert (eap);
+
+ eap_widget = nma_eap_get_widget (eap);
+ g_assert (eap_widget);
+ gtk_widget_unparent (eap_widget);
+
+ if (method->size_group)
+ nma_eap_add_to_size_group (eap, method->size_group);
+ gtk_container_add (GTK_CONTAINER (vbox), eap_widget);
+
+ nma_eap_unref (eap);
+
+ nma_ws_changed_cb (combo, method->ws_8021x);
+}
+
+static GtkWidget *
+inner_auth_combo_init (NMAEapPeap *method,
+ NMConnection *connection,
+ NMSetting8021x *s_8021x,
+ gboolean secrets_only)
+{
+ NMAEap *parent = (NMAEap *) method;
+ GtkWidget *combo;
+ GtkListStore *auth_model;
+ GtkTreeIter iter;
+ NMAEapSimple *em_mschap_v2;
+ NMAEapSimple *em_md5;
+ NMAEapSimple *em_gtc;
+ guint32 active = 0;
+ const char *phase2_auth = NULL;
+ NMAEapSimpleFlags simple_flags;
+
+ auth_model = gtk_list_store_new (2, G_TYPE_STRING, nma_eap_get_type ());
+
+ if (s_8021x) {
+ if (nm_setting_802_1x_get_phase2_auth (s_8021x))
+ phase2_auth = nm_setting_802_1x_get_phase2_auth (s_8021x);
+ else if (nm_setting_802_1x_get_phase2_autheap (s_8021x))
+ phase2_auth = nm_setting_802_1x_get_phase2_autheap (s_8021x);
+ }
+
+ simple_flags = NMA_EAP_SIMPLE_FLAG_PHASE2;
+ if (method->is_editor)
+ simple_flags |= NMA_EAP_SIMPLE_FLAG_IS_EDITOR;
+ if (secrets_only)
+ simple_flags |= NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY;
+
+ em_mschap_v2 = nma_eap_simple_new (method->ws_8021x,
+ connection,
+ NMA_EAP_SIMPLE_TYPE_MSCHAP_V2,
+ simple_flags,
+ NULL);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ I_NAME_COLUMN, _("MSCHAPv2"),
+ I_METHOD_COLUMN, em_mschap_v2,
+ -1);
+ nma_eap_unref (NMA_EAP (em_mschap_v2));
+
+ /* Check for defaulting to MSCHAPv2 */
+ if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2"))
+ active = 0;
+
+ em_md5 = nma_eap_simple_new (method->ws_8021x,
+ connection,
+ NMA_EAP_SIMPLE_TYPE_MD5,
+ simple_flags,
+ NULL);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ I_NAME_COLUMN, _("MD5"),
+ I_METHOD_COLUMN, em_md5,
+ -1);
+ nma_eap_unref (NMA_EAP (em_md5));
+
+ /* Check for defaulting to MD5 */
+ if (phase2_auth && !strcasecmp (phase2_auth, "md5"))
+ active = 1;
+
+ em_gtc = nma_eap_simple_new (method->ws_8021x,
+ connection,
+ NMA_EAP_SIMPLE_TYPE_GTC,
+ simple_flags,
+ NULL);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ I_NAME_COLUMN, _("GTC"),
+ I_METHOD_COLUMN, em_gtc,
+ -1);
+ nma_eap_unref (NMA_EAP (em_gtc));
+
+ /* Check for defaulting to GTC */
+ if (phase2_auth && !strcasecmp (phase2_auth, "gtc"))
+ active = 2;
+
+ combo = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo"));
+ g_assert (combo);
+
+ gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (auth_model));
+ g_object_unref (G_OBJECT (auth_model));
+ gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active);
+
+ g_signal_connect (G_OBJECT (combo), "changed",
+ (GCallback) inner_auth_combo_changed_cb,
+ method);
+ return combo;
+}
+
+static void
+update_secrets (NMAEap *parent, NMConnection *connection)
+{
+ nma_eap_phase2_update_secrets_helper (parent,
+ connection,
+ "eap_peap_inner_auth_combo",
+ I_METHOD_COLUMN);
+}
+
+NMAEapPeap *
+nma_eap_peap_new (NMAWs8021x *ws_8021x,
+ NMConnection *connection,
+ gboolean is_editor,
+ gboolean secrets_only)
+{
+ NMAEap *parent;
+ NMAEapPeap *method;
+ GtkWidget *widget;
+ NMSetting8021x *s_8021x = NULL;
+ gboolean ca_not_required = FALSE;
+
+ parent = nma_eap_init (sizeof (NMAEapPeap),
+ validate,
+ add_to_size_group,
+ fill_connection,
+ update_secrets,
+ destroy,
+ "/org/gnome/libnma/nma-eap-peap.ui",
+ "eap_peap_grid",
+ "eap_peap_anon_identity_entry",
+ FALSE);
+ if (!parent)
+ return NULL;
+
+ method = (NMAEapPeap *) parent;
+ method->password_flags_name = NM_SETTING_802_1X_PASSWORD;
+ method->ws_8021x = ws_8021x;
+ method->is_editor = is_editor;
+
+ if (connection)
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_grid"));
+ g_assert (widget);
+
+ method->ca_cert_chooser = nma_cert_chooser_new ("CA",
+ NMA_CERT_CHOOSER_FLAG_CERT
+ | (secrets_only ? NMA_CERT_CHOOSER_FLAG_PASSWORDS :
0));
+ gtk_grid_attach (GTK_GRID (widget), method->ca_cert_chooser, 0, 2, 2, 1);
+ gtk_widget_show (method->ca_cert_chooser);
+
+ g_signal_connect (method->ca_cert_chooser,
+ "cert-validate",
+ G_CALLBACK (nma_eap_ca_cert_validate_cb),
+ NULL);
+ g_signal_connect (method->ca_cert_chooser,
+ "changed",
+ G_CALLBACK (nma_ws_changed_cb),
+ ws_8021x);
+
+ nma_eap_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x,
+ nm_setting_802_1x_get_ca_cert_scheme,
+ nm_setting_802_1x_get_ca_cert_path,
+ nm_setting_802_1x_get_ca_cert_uri,
+ nm_setting_802_1x_get_ca_cert_password,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+
+ if (connection && nma_eap_ca_cert_ignore_get (parent, connection)) {
+ gchar *ca_cert;
+ NMSetting8021xCKScheme scheme;
+
+ ca_cert = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme);
+ if (ca_cert)
+ g_free (ca_cert);
+ else
+ ca_not_required = TRUE;
+ }
+
+ if (secrets_only)
+ ca_not_required = TRUE;
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_peap_ca_cert_not_required_checkbox"));
+ g_assert (widget);
+ g_signal_connect (G_OBJECT (widget), "toggled",
+ (GCallback) ca_cert_not_required_toggled,
+ parent);
+ g_signal_connect (G_OBJECT (widget), "toggled",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+ gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), ca_not_required);
+
+ widget = inner_auth_combo_init (method, connection, s_8021x, secrets_only);
+ inner_auth_combo_changed_cb (widget, (gpointer) method);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_combo"));
+ g_assert (widget);
+ gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0);
+ if (s_8021x) {
+ const char *peapver;
+
+ peapver = nm_setting_802_1x_get_phase1_peapver (s_8021x);
+ if (peapver) {
+ /* Index 0 is "Automatic" */
+ if (!strcmp (peapver, "0"))
+ gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1);
+ else if (!strcmp (peapver, "1"))
+ gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 2);
+ }
+ }
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_anon_identity_entry"));
+ if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x))
+ gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_anonymous_identity
(s_8021x));
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_domain_entry"));
+ if (s_8021x && nm_setting_802_1x_get_domain_suffix_match (s_8021x))
+ gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_domain_suffix_match
(s_8021x));
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+
+ if (secrets_only) {
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_peap_anon_identity_label"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_peap_anon_identity_entry"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_domain_label"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_domain_entry"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_peap_ca_cert_not_required_checkbox"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_label"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_inner_auth_combo"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_label"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_peap_version_combo"));
+ gtk_widget_hide (widget);
+ }
+
+ return method;
+}
diff --git a/src/nma-ws/nma-eap-peap.h b/src/nma-ws/nma-eap-peap.h
new file mode 100644
index 00000000..9f6c4a1e
--- /dev/null
+++ b/src/nma-ws/nma-eap-peap.h
@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_EAP_PEAP_H
+#define NMA_EAP_PEAP_H
+
+#include "nma-ws.h"
+
+typedef struct _NMAEapPeap NMAEapPeap;
+
+NMAEapPeap *nma_eap_peap_new (NMAWs8021x *ws_8021x,
+ NMConnection *connection,
+ gboolean is_editor,
+ gboolean secrets_only);
+
+#endif /* NMA_EAP_PEAP_H */
diff --git a/src/nma-ws/nma-eap-peap.ui b/src/nma-ws/nma-eap-peap.ui
new file mode 100644
index 00000000..0bd417f7
--- /dev/null
+++ b/src/nma-ws/nma-eap-peap.ui
@@ -0,0 +1,195 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Generated with glade 3.22.1 -->
+<interface domain="nm-applet">
+ <requires lib="gtk+" version="3.10"/>
+ <object class="GtkListStore" id="model8">
+ <columns>
+ <!-- column-name gchararray -->
+ <column type="gchararray"/>
+ </columns>
+ <data>
+ <row>
+ <col id="0"> </col>
+ </row>
+ </data>
+ </object>
+ <object class="GtkListStore" id="model9">
+ <columns>
+ <!-- column-name gchararray -->
+ <column type="gchararray"/>
+ </columns>
+ <data>
+ <row>
+ <col id="0" translatable="yes">Automatic</col>
+ </row>
+ <row>
+ <col id="0" translatable="yes">Version 0</col>
+ </row>
+ <row>
+ <col id="0" translatable="yes">Version 1</col>
+ </row>
+ </data>
+ </object>
+ <object class="GtkGrid" id="eap_peap_grid">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="row_spacing">6</property>
+ <property name="column_spacing">6</property>
+ <child>
+ <object class="GtkLabel" id="eap_peap_anon_identity_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">Anony_mous identity</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_peap_anon_identity_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="eap_peap_anon_identity_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ <property name="activates_default">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkCheckButton" id="eap_peap_ca_cert_not_required_checkbox">
+ <property name="label" translatable="yes">No CA certificate is _required</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="hexpand">True</property>
+ <property name="use_underline">True</property>
+ <property name="draw_indicator">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">3</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="eap_peap_version_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">PEAP _version</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_peap_version_combo</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">4</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkComboBox" id="eap_peap_version_combo">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="hexpand">True</property>
+ <property name="model">model9</property>
+ <child>
+ <object class="GtkCellRendererText" id="renderer9"/>
+ <attributes>
+ <attribute name="text">0</attribute>
+ </attributes>
+ </child>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">4</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="eap_peap_inner_auth_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">_Inner authentication</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_peap_inner_auth_combo</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">5</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkComboBox" id="eap_peap_inner_auth_combo">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="hexpand">True</property>
+ <property name="model">model8</property>
+ <child>
+ <object class="GtkCellRendererText" id="renderer8"/>
+ <attributes>
+ <attribute name="text">0</attribute>
+ </attributes>
+ </child>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">5</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkBox" id="eap_peap_inner_auth_vbox">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="orientation">vertical</property>
+ <child>
+ <placeholder/>
+ </child>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">6</property>
+ <property name="width">2</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="eap_peap_domain_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="tooltip_text" translatable="yes">Suffix of the server certificate name.</property>
+ <property name="label" translatable="yes">_Domain</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_peap_domain_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="eap_peap_domain_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ <property name="activates_default">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ </object>
+</interface>
diff --git a/src/nma-ws/nma-eap-simple.c b/src/nma-ws/nma-eap-simple.c
new file mode 100644
index 00000000..a26f6bda
--- /dev/null
+++ b/src/nma-ws/nma-eap-simple.c
@@ -0,0 +1,485 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#include "nm-default.h"
+#include "nma-private.h"
+
+#include <ctype.h>
+#include <string.h>
+
+#include "nma-eap.h"
+#include "nma-ws.h"
+#include "nma-ws-private.h"
+#include "nma-ws-helpers.h"
+#include "nma-ws-802-1x.h"
+#include "nma-ws-802-1x-private.h"
+#include "nma-ui-utils.h"
+#include "utils.h"
+
+struct _NMAEapSimple {
+ NMAEap parent;
+
+ NMAWs8021x *ws_8021x;
+
+ const char *password_flags_name;
+ NMAEapSimpleType type;
+ NMAEapSimpleFlags flags;
+
+ gboolean username_requested;
+ gboolean password_requested;
+ gboolean pkey_passphrase_requested;
+ GtkEntry *username_entry;
+ GtkEntry *password_entry;
+ GtkToggleButton *show_password;
+ GtkEntry *pkey_passphrase_entry;
+ GtkToggleButton *show_pkey_passphrase;
+ guint idle_func_id;
+};
+
+static void
+show_password_toggled_cb (GtkToggleButton *button, NMAEapSimple *method)
+{
+ gboolean visible;
+
+ visible = gtk_toggle_button_get_active (button);
+ gtk_entry_set_visibility (method->password_entry, visible);
+}
+
+static void
+show_pkey_passphrase_toggled_cb (GtkToggleButton *button, NMAEapSimple *method)
+{
+ gboolean visible;
+
+ visible = gtk_toggle_button_get_active (button);
+ gtk_entry_set_visibility (method->pkey_passphrase_entry, visible);
+}
+
+static gboolean
+always_ask_selected (GtkEntry *passwd_entry)
+{
+ return !!( nma_utils_menu_to_secret_flags (GTK_WIDGET (passwd_entry))
+ & NM_SETTING_SECRET_FLAG_NOT_SAVED);
+}
+
+static gboolean
+validate (NMAEap *parent, GError **error)
+{
+ NMAEapSimple *method = (NMAEapSimple *)parent;
+ const char *text;
+ gboolean ret = TRUE;
+
+ if (method->username_requested) {
+ text = gtk_editable_get_text (GTK_EDITABLE (method->username_entry));
+ if (!text || !strlen (text)) {
+ widget_set_error (GTK_WIDGET (method->username_entry));
+ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP username"));
+ ret = FALSE;
+ } else
+ widget_unset_error (GTK_WIDGET (method->username_entry));
+ }
+
+ /* Check if the password should always be requested */
+ if (method->password_requested) {
+ if (always_ask_selected (method->password_entry))
+ widget_unset_error (GTK_WIDGET (method->password_entry));
+ else {
+ text = gtk_editable_get_text (GTK_EDITABLE (method->password_entry));
+ if (!text || !strlen (text)) {
+ widget_set_error (GTK_WIDGET (method->password_entry));
+ if (ret) {
+ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC,
+ _("missing EAP password"));
+ ret = FALSE;
+ }
+ } else
+ widget_unset_error (GTK_WIDGET (method->password_entry));
+ }
+ }
+
+ if (method->pkey_passphrase_requested) {
+ text = gtk_editable_get_text (GTK_EDITABLE (method->pkey_passphrase_entry));
+ if (!text || !strlen (text)) {
+ widget_set_error (GTK_WIDGET (method->pkey_passphrase_entry));
+ if (ret) {
+ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC,
+ _("missing EAP client Private Key passphrase"));
+ ret = FALSE;
+ }
+ } else
+ widget_unset_error (GTK_WIDGET (method->pkey_passphrase_entry));
+ }
+
+ return ret;
+}
+
+static void
+add_to_size_group (NMAEap *parent, GtkSizeGroup *group)
+{
+ NMAEapSimple *method = (NMAEapSimple *) parent;
+ GtkWidget *widget;
+
+ if (method->username_requested) {
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+ }
+
+ if (method->password_requested) {
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+ }
+
+ if (method->pkey_passphrase_requested) {
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_simple_pkey_passphrase_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+ }
+}
+
+typedef struct {
+ const char *name;
+ gboolean autheap_allowed;
+} EapType;
+
+/* Indexed by NMA_EAP_SIMPLE_TYPE_* */
+static const EapType eap_table[NMA_EAP_SIMPLE_TYPE_LAST] = {
+ [NMA_EAP_SIMPLE_TYPE_PAP] = { "pap", FALSE },
+ [NMA_EAP_SIMPLE_TYPE_MSCHAP] = { "mschap", FALSE },
+ [NMA_EAP_SIMPLE_TYPE_MSCHAP_V2] = { "mschapv2", TRUE },
+ [NMA_EAP_SIMPLE_TYPE_PLAIN_MSCHAP_V2] = { "mschapv2", FALSE },
+ [NMA_EAP_SIMPLE_TYPE_MD5] = { "md5", TRUE },
+ [NMA_EAP_SIMPLE_TYPE_PWD] = { "pwd", TRUE },
+ [NMA_EAP_SIMPLE_TYPE_CHAP] = { "chap", FALSE },
+ [NMA_EAP_SIMPLE_TYPE_GTC] = { "gtc", TRUE },
+ [NMA_EAP_SIMPLE_TYPE_UNKNOWN] = { "unknown", TRUE },
+};
+
+static void
+fill_connection (NMAEap *parent, NMConnection *connection)
+{
+ NMAEapSimple *method = (NMAEapSimple *) parent;
+ NMSetting8021x *s_8021x;
+ gboolean not_saved = FALSE;
+ NMSettingSecretFlags flags;
+ const EapType *eap_type;
+
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ g_assert (s_8021x);
+
+ if (!(method->flags & NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY)) {
+ /* If this is the main EAP method, clear any existing methods because the
+ * user-selected one will replace it.
+ */
+ if (parent->phase2 == FALSE)
+ nm_setting_802_1x_clear_eap_methods (s_8021x);
+
+ eap_type = &eap_table[method->type];
+ if (parent->phase2) {
+ /* If the outer EAP method (TLS, TTLS, PEAP, etc) allows inner/phase2
+ * EAP methods (which only TTLS allows) *and* the inner/phase2 method
+ * supports being an inner EAP method, then set PHASE2_AUTHEAP.
+ * Otherwise the inner/phase2 method goes into PHASE2_AUTH.
+ */
+ if ((method->flags & NMA_EAP_SIMPLE_FLAG_AUTHEAP_ALLOWED) &&
eap_type->autheap_allowed) {
+ g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTHEAP, eap_type->name,
NULL);
+ g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, NULL, NULL);
+ } else {
+ g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, eap_type->name, NULL);
+ g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTHEAP, NULL, NULL);
+ }
+ } else
+ nm_setting_802_1x_add_eap_method (s_8021x, eap_type->name);
+ }
+
+ if (method->username_requested) {
+ g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY,
+ gtk_editable_get_text (GTK_EDITABLE (method->username_entry)),
+ NULL);
+ }
+
+ if (method->password_requested) {
+ /* Save the password always ask setting */
+ not_saved = always_ask_selected (method->password_entry);
+ flags = nma_utils_menu_to_secret_flags (GTK_WIDGET (method->password_entry));
+ nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->password_flags_name, flags, NULL);
+
+ /* Fill the connection's password if we're in the applet so that it'll get
+ * back to NM. From the editor though, since the connection isn't going
+ * back to NM in response to a GetSecrets() call, we don't save it if the
+ * user checked "Always Ask".
+ */
+ if (!(method->flags & NMA_EAP_SIMPLE_FLAG_IS_EDITOR) || not_saved == FALSE) {
+ g_object_set (s_8021x, NM_SETTING_802_1X_PASSWORD,
+ gtk_editable_get_text (GTK_EDITABLE (method->password_entry)),
+ NULL);
+ }
+
+ /* Update secret flags and popup when editing the connection */
+ if (!(method->flags & NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY)) {
+ GtkWidget *passwd_entry = GTK_WIDGET (gtk_builder_get_object (parent->builder,
+
"eap_simple_password_entry"));
+ g_assert (passwd_entry);
+
+ nma_utils_update_password_storage (passwd_entry, flags,
+ NM_SETTING (s_8021x), method->password_flags_name);
+ }
+ }
+
+ if (method->pkey_passphrase_requested) {
+ g_object_set (s_8021x, NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD,
+ gtk_editable_get_text (GTK_EDITABLE (method->pkey_passphrase_entry)),
+ NULL);
+ }
+}
+
+static void
+update_secrets (NMAEap *parent, NMConnection *connection)
+{
+ nma_ws_helper_fill_secret_entry (connection,
+ GTK_EDITABLE (gtk_builder_get_object (parent->builder,
"eap_simple_password_entry")),
+ NM_TYPE_SETTING_802_1X,
+ (HelperSecretFunc) nm_setting_802_1x_get_password);
+ nma_ws_helper_fill_secret_entry (connection,
+ GTK_EDITABLE (gtk_builder_get_object (parent->builder,
"eap_simple_pkey_passphrase_entry")),
+ NM_TYPE_SETTING_802_1X,
+ (HelperSecretFunc) nm_setting_802_1x_get_private_key_password);
+}
+
+static gboolean
+stuff_changed (NMAEapSimple *method)
+{
+ nma_ws_changed_cb (NULL, method->ws_8021x);
+ method->idle_func_id = 0;
+ return FALSE;
+}
+
+static void
+password_storage_changed (GObject *entry,
+ GParamSpec *pspec,
+ NMAEapSimple *method)
+{
+ gboolean always_ask;
+ gboolean secrets_only = method->flags & NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY;
+
+ always_ask = always_ask_selected (method->password_entry);
+
+ if (always_ask && !secrets_only) {
+ /* we always clear this button and do not restore it
+ * (because we want to hide the password). */
+ gtk_toggle_button_set_active (method->show_password, FALSE);
+ }
+
+ gtk_widget_set_sensitive (GTK_WIDGET (method->show_password),
+ !always_ask || secrets_only);
+
+ if (!method->idle_func_id)
+ method->idle_func_id = g_idle_add ((GSourceFunc) stuff_changed, method);
+}
+
+/* Set the UI fields for user, password, always_ask and show_password to the
+ * values as provided by method->ws_8021x. */
+static void
+set_userpass_ui (NMAEapSimple *method)
+{
+ if (method->ws_8021x->username) {
+ gtk_editable_set_text (GTK_EDITABLE (method->username_entry),
+ method->ws_8021x->username);
+ } else {
+ gtk_editable_set_text (GTK_EDITABLE (method->username_entry), "");
+ }
+
+ if (method->ws_8021x->password && !method->ws_8021x->always_ask) {
+ gtk_editable_set_text (GTK_EDITABLE (method->password_entry),
+ method->ws_8021x->password);
+ } else {
+ gtk_editable_set_text (GTK_EDITABLE (method->password_entry), "");
+ }
+
+ gtk_toggle_button_set_active (method->show_password, method->ws_8021x->show_password);
+
+ password_storage_changed (NULL, NULL, method);
+}
+
+static void
+widgets_realized (GtkWidget *widget, NMAEapSimple *method)
+{
+ set_userpass_ui (method);
+}
+
+static void
+widgets_unrealized (GtkWidget *widget, NMAEapSimple *method)
+{
+ nma_ws_802_1x_set_userpass (method->ws_8021x,
+ gtk_editable_get_text (GTK_EDITABLE (method->username_entry)),
+ gtk_editable_get_text (GTK_EDITABLE (method->password_entry)),
+ always_ask_selected (method->password_entry),
+ gtk_toggle_button_get_active (method->show_password));
+}
+
+static void
+destroy (NMAEap *parent)
+{
+ NMAEapSimple *method = (NMAEapSimple *) parent;
+ GtkWidget *widget;
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_grid"));
+ g_assert (widget);
+ g_signal_handlers_disconnect_by_data (widget, method);
+
+ g_signal_handlers_disconnect_by_data (method->username_entry, method->ws_8021x);
+ g_signal_handlers_disconnect_by_data (method->password_entry, method->ws_8021x);
+ g_signal_handlers_disconnect_by_data (method->password_entry, method);
+ g_signal_handlers_disconnect_by_data (method->show_password, method);
+ g_signal_handlers_disconnect_by_data (method->pkey_passphrase_entry, method->ws_8021x);
+ g_signal_handlers_disconnect_by_data (method->show_pkey_passphrase, method);
+
+ nm_clear_g_source (&method->idle_func_id);
+}
+
+static void
+hide_row (GtkWidget **widgets, size_t num)
+{
+ while (num--)
+ gtk_widget_hide (*widgets++);
+}
+
+NMAEapSimple *
+nma_eap_simple_new (NMAWs8021x *ws_8021x,
+ NMConnection *connection,
+ NMAEapSimpleType type,
+ NMAEapSimpleFlags flags,
+ const char *const*hints)
+{
+ NMAEap *parent;
+ NMAEapSimple *method;
+ GtkWidget *widget;
+ NMSetting8021x *s_8021x = NULL;
+ GtkWidget *widget_row[10];
+
+ parent = nma_eap_init (sizeof (NMAEapSimple),
+ validate,
+ add_to_size_group,
+ fill_connection,
+ update_secrets,
+ destroy,
+ "/org/gnome/libnma/nma-eap-simple.ui",
+ "eap_simple_grid",
+ "eap_simple_username_entry",
+ flags & NMA_EAP_SIMPLE_FLAG_PHASE2);
+ if (!parent)
+ return NULL;
+
+ method = (NMAEapSimple *) parent;
+ method->password_flags_name = NM_SETTING_802_1X_PASSWORD;
+ method->ws_8021x = ws_8021x;
+ method->flags = flags;
+ method->type = type;
+ g_assert (type < NMA_EAP_SIMPLE_TYPE_LAST);
+ g_assert ( type != NMA_EAP_SIMPLE_TYPE_UNKNOWN
+ || hints);
+
+ if (hints) {
+ for (; *hints; hints++) {
+ if (!strcmp (*hints, NM_SETTING_802_1X_IDENTITY))
+ method->username_requested = TRUE;
+ else if (!strcmp (*hints, NM_SETTING_802_1X_PASSWORD)) {
+ method->password_requested = TRUE;
+ method->password_flags_name = NM_SETTING_802_1X_PASSWORD;
+ } else if (!strcmp (*hints, NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD))
+ method->pkey_passphrase_requested = TRUE;
+ }
+ } else {
+ method->username_requested = TRUE;
+ method->password_requested = TRUE;
+ }
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_grid"));
+ g_assert (widget);
+ g_signal_connect (G_OBJECT (widget), "realize",
+ (GCallback) widgets_realized,
+ method);
+ g_signal_connect (G_OBJECT (widget), "unrealize",
+ (GCallback) widgets_unrealized,
+ method);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_entry"));
+ g_assert (widget);
+ method->username_entry = GTK_ENTRY (widget);
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+
+ if ( (method->flags & NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY)
+ && !method->username_requested)
+ gtk_widget_set_sensitive (widget, FALSE);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_entry"));
+ g_assert (widget);
+ method->password_entry = GTK_ENTRY (widget);
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+
+ /* Create password-storage popup menu for password entry under entry's secondary icon */
+ if (connection)
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ nma_utils_setup_password_storage (widget, 0, (NMSetting *) s_8021x, method->password_flags_name,
+ FALSE, flags & NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY);
+
+ g_signal_connect (method->password_entry, "notify::secondary-icon-name",
+ G_CALLBACK (password_storage_changed),
+ method);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_eapsimple"));
+ g_assert (widget);
+ method->show_password = GTK_TOGGLE_BUTTON (widget);
+ g_signal_connect (G_OBJECT (widget), "toggled",
+ (GCallback) show_password_toggled_cb,
+ method);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_pkey_passphrase_entry"));
+ g_assert (widget);
+ method->pkey_passphrase_entry = GTK_ENTRY (widget);
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_simple_show_pkey_passphrase_checkbutton"));
+ g_assert (widget);
+ method->show_pkey_passphrase = GTK_TOGGLE_BUTTON (widget);
+ g_signal_connect (G_OBJECT (widget), "toggled",
+ (GCallback) show_pkey_passphrase_toggled_cb,
+ method);
+
+ widget_row[0] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_label"));
+ widget_row[1] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_username_entry"));
+ if (!method->username_requested)
+ hide_row (widget_row, 2);
+
+ widget_row[0] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_label"));
+ widget_row[1] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_simple_password_entry"));
+ widget_row[2] = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_eapsimple"));
+ if (!method->password_requested)
+ hide_row (widget_row, 3);
+
+ widget_row[0] = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_simple_pkey_passphrase_label"));
+ widget_row[1] = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_simple_pkey_passphrase_entry"));
+ widget_row[2] = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_simple_show_pkey_passphrase_checkbutton"));
+ if (!method->pkey_passphrase_requested)
+ hide_row (widget_row, 3);
+
+ /* Initialize the UI fields with the security settings from method->ws_8021x.
+ * This will be done again when the widget gets realized. It must be done here as well,
+ * because the outer dialog will ask to 'validate' the connection before the security tab
+ * is shown/realized (to enable the 'Apply' button).
+ * As 'validate' accesses the contents of the UI fields, they must be initialized now, even
+ * if the widgets are not yet visible. */
+ set_userpass_ui (method);
+
+ return method;
+}
diff --git a/src/nma-ws/nma-eap-simple.h b/src/nma-ws/nma-eap-simple.h
new file mode 100644
index 00000000..82024dca
--- /dev/null
+++ b/src/nma-ws/nma-eap-simple.h
@@ -0,0 +1,49 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_EAP_SIMPLE_H
+#define NMA_EAP_SIMPLE_H
+
+#include "nma-ws.h"
+
+typedef enum {
+ /* NOTE: when updating this table, also update nma_eap_methods[] */
+ NMA_EAP_SIMPLE_TYPE_PAP = 0,
+ NMA_EAP_SIMPLE_TYPE_MSCHAP,
+ NMA_EAP_SIMPLE_TYPE_MSCHAP_V2,
+ NMA_EAP_SIMPLE_TYPE_PLAIN_MSCHAP_V2,
+ NMA_EAP_SIMPLE_TYPE_MD5,
+ NMA_EAP_SIMPLE_TYPE_PWD,
+ NMA_EAP_SIMPLE_TYPE_CHAP,
+ NMA_EAP_SIMPLE_TYPE_GTC,
+ NMA_EAP_SIMPLE_TYPE_UNKNOWN,
+
+ /* Boundary value, do not use */
+ NMA_EAP_SIMPLE_TYPE_LAST
+} NMAEapSimpleType;
+
+typedef enum {
+ NMA_EAP_SIMPLE_FLAG_NONE = 0x00,
+ /* Indicates the EAP method is an inner/phase2 method */
+ NMA_EAP_SIMPLE_FLAG_PHASE2 = 0x01,
+ /* Set by TTLS to indicate that inner/phase2 EAP is allowed */
+ NMA_EAP_SIMPLE_FLAG_AUTHEAP_ALLOWED = 0x02,
+ /* Set from nm-connection-editor or the GNOME network panel */
+ NMA_EAP_SIMPLE_FLAG_IS_EDITOR = 0x04,
+ /* Set to indicate that this request is only for secrets */
+ NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY = 0x08
+} NMAEapSimpleFlags;
+
+typedef struct _NMAEapSimple NMAEapSimple;
+
+NMAEapSimple *nma_eap_simple_new (NMAWs8021x *ws_8021x,
+ NMConnection *connection,
+ NMAEapSimpleType type,
+ NMAEapSimpleFlags flags,
+ const char *const*hints);
+
+#endif /* NMA_EAP_SIMPLE_H */
diff --git a/src/nma-ws/nma-eap-simple.ui b/src/nma-ws/nma-eap-simple.ui
new file mode 100644
index 00000000..cdbf65e9
--- /dev/null
+++ b/src/nma-ws/nma-eap-simple.ui
@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Generated with glade 3.22.1 -->
+<interface domain="nm-applet">
+ <requires lib="gtk+" version="3.10"/>
+ <object class="GtkGrid" id="eap_simple_grid">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="valign">start</property>
+ <property name="row_spacing">6</property>
+ <property name="column_spacing">6</property>
+ <child>
+ <object class="GtkLabel" id="eap_simple_username_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">_Username</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_simple_username_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="eap_simple_password_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">_Password</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_simple_password_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="eap_simple_password_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ <property name="visibility">False</property>
+ <property name="activates_default">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="eap_simple_username_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ <property name="activates_default">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkBox" id="vbox5">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="orientation">vertical</property>
+ <child>
+ <object class="GtkCheckButton" id="show_checkbutton_eapsimple">
+ <property name="label" translatable="yes">Sho_w password</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="use_underline">True</property>
+ <property name="draw_indicator">True</property>
+ </object>
+ <packing>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ <property name="position">0</property>
+ </packing>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">2</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="eap_simple_pkey_passphrase_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">P_rivate Key Passphrase</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_simple_pkey_passphrase_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">3</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="eap_simple_pkey_passphrase_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ <property name="visibility">False</property>
+ <property name="activates_default">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">3</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkCheckButton" id="eap_simple_show_pkey_passphrase_checkbutton">
+ <property name="label" translatable="yes">Sh_ow passphrase</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="use_underline">True</property>
+ <property name="draw_indicator">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">4</property>
+ </packing>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ </object>
+</interface>
diff --git a/src/nma-ws/nma-eap-tls.c b/src/nma-ws/nma-eap-tls.c
new file mode 100644
index 00000000..5f671fab
--- /dev/null
+++ b/src/nma-ws/nma-eap-tls.c
@@ -0,0 +1,497 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ * Lubomir Rintel <lkundrak v3 sk>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#include "nm-default.h"
+#include "nma-private.h"
+
+#include <ctype.h>
+#include <string.h>
+
+#include "nma-eap.h"
+#include "nma-ws.h"
+#include "nma-ws-private.h"
+#include "nma-ui-utils.h"
+#include "nma-cert-chooser.h"
+#include "utils.h"
+
+struct _NMAEapTls {
+ NMAEap parent;
+
+ const char *ca_cert_password_flags_name;
+ const char *client_cert_password_flags_name;
+ const char *client_key_password_flags_name;
+
+ gboolean editing_connection;
+ GtkWidget *ca_cert_chooser;
+ GtkWidget *client_cert_chooser;
+};
+
+
+static gboolean
+validate (NMAEap *parent, GError **error)
+{
+ NMAEapTls *method = (NMAEapTls *) parent;
+ GtkWidget *widget;
+ const char *identity;
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_entry"));
+ g_assert (widget);
+ identity = gtk_editable_get_text (GTK_EDITABLE (widget));
+ if (!identity || !strlen (identity)) {
+ widget_set_error (widget);
+ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP-TLS identity"));
+ return FALSE;
+ } else {
+ widget_unset_error (widget);
+ }
+
+ if ( gtk_widget_get_sensitive (method->ca_cert_chooser)
+ && !nma_cert_chooser_validate (NMA_CERT_CHOOSER (method->ca_cert_chooser), error))
+ return FALSE;
+
+ if (!nma_cert_chooser_validate (NMA_CERT_CHOOSER (method->client_cert_chooser), error))
+ return FALSE;
+
+ return TRUE;
+}
+
+static void
+ca_cert_not_required_toggled (GtkWidget *button, gpointer user_data)
+{
+ NMAEapTls *method = (NMAEapTls *) user_data;
+
+ gtk_widget_set_sensitive (method->ca_cert_chooser,
+ !gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button)));
+}
+
+static void
+add_to_size_group (NMAEap *parent, GtkSizeGroup *group)
+{
+ NMAEapTls *method = (NMAEapTls *) parent;
+ GtkWidget *widget;
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_domain_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
+ nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->client_cert_chooser), group);
+ nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->ca_cert_chooser), group);
+}
+
+static void
+fill_connection (NMAEap *parent, NMConnection *connection)
+{
+ NMAEapTls *method = (NMAEapTls *) parent;
+ NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ NMSetting8021x *s_8021x;
+ NMSettingSecretFlags secret_flags;
+ GtkWidget *widget;
+ char *value = NULL;
+ const char *password = NULL;
+ GError *error = NULL;
+ gboolean ca_cert_error = FALSE;
+ NMSetting8021xCKScheme scheme;
+
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ g_assert (s_8021x);
+
+ if (parent->phase2)
+ g_object_set (s_8021x, NM_SETTING_802_1X_PHASE2_AUTH, "tls", NULL);
+ else
+ nm_setting_802_1x_add_eap_method (s_8021x, "tls");
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_entry"));
+ g_assert (widget);
+ g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_editable_get_text (GTK_EDITABLE (widget)),
NULL);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_domain_entry"));
+ g_assert (widget);
+ g_object_set (s_8021x,
+ parent->phase2 ? NM_SETTING_802_1X_PHASE2_DOMAIN_SUFFIX_MATCH :
NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH,
+ gtk_editable_get_text (GTK_EDITABLE (widget)), NULL);
+
+ /* TLS private key */
+ password = nma_cert_chooser_get_key_password (NMA_CERT_CHOOSER (method->client_cert_chooser));
+ value = nma_cert_chooser_get_key (NMA_CERT_CHOOSER (method->client_cert_chooser), &scheme);
+
+ if (parent->phase2) {
+ if (!nm_setting_802_1x_set_phase2_private_key (s_8021x, value, password, scheme, &format,
&error)) {
+ g_warning ("Couldn't read phase2 private key '%s': %s", value, error ? error->message
: "(unknown)");
+ g_clear_error (&error);
+ }
+ } else {
+ if (!nm_setting_802_1x_set_private_key (s_8021x, value, password, scheme, &format, &error)) {
+ g_warning ("Couldn't read private key '%s': %s", value, error ? error->message :
"(unknown)");
+ g_clear_error (&error);
+ }
+ }
+ g_free (value);
+
+ /* Save CA certificate PIN and its flags to the connection */
+ secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser));
+ nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->ca_cert_password_flags_name,
+ secret_flags, NULL);
+ if (method->editing_connection) {
+ /* Update secret flags and popup when editing the connection */
+ nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
+ secret_flags, NM_SETTING (s_8021x),
+ method->ca_cert_password_flags_name);
+ g_object_set (s_8021x, method->ca_cert_password_flags_name,
+ nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->ca_cert_chooser)),
+ NULL);
+ }
+
+ /* Save user certificate PIN and its flags flags to the connection */
+ secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER
(method->client_cert_chooser));
+ nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->client_cert_password_flags_name,
+ secret_flags, NULL);
+ if (method->editing_connection) {
+ nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->client_cert_chooser),
+ secret_flags, NM_SETTING (s_8021x),
+ method->client_cert_password_flags_name);
+ g_object_set (s_8021x, method->client_cert_password_flags_name,
+ nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER
(method->client_cert_chooser)),
+ NULL);
+ }
+
+ /* Save user private key password flags to the connection */
+ secret_flags = nma_cert_chooser_get_key_password_flags (NMA_CERT_CHOOSER
(method->client_cert_chooser));
+ nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->client_key_password_flags_name,
+ secret_flags, NULL);
+ if (method->editing_connection) {
+ nma_cert_chooser_update_key_password_storage (NMA_CERT_CHOOSER (method->client_cert_chooser),
+ secret_flags, NM_SETTING (s_8021x),
+ method->client_key_password_flags_name);
+ }
+
+ /* TLS client certificate */
+ if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
+ /* If the key is pkcs#12 nm_setting_802_1x_set_private_key() already
+ * set the client certificate for us.
+ */
+ value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->client_cert_chooser), &scheme);
+ format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ if (parent->phase2) {
+ if (!nm_setting_802_1x_set_phase2_client_cert (s_8021x, value, scheme, &format,
&error)) {
+ g_warning ("Couldn't read phase2 client certificate '%s': %s", value, error ?
error->message : "(unknown)");
+ g_clear_error (&error);
+ }
+ } else {
+ if (!nm_setting_802_1x_set_client_cert (s_8021x, value, scheme, &format, &error)) {
+ g_warning ("Couldn't read client certificate '%s': %s", value, error ?
error->message : "(unknown)");
+ g_clear_error (&error);
+ }
+ }
+ g_free (value);
+ }
+
+ /* TLS CA certificate */
+ if (gtk_widget_get_sensitive (method->ca_cert_chooser))
+ value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme);
+ else
+ value = NULL;
+ format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ if (parent->phase2) {
+ if (!nm_setting_802_1x_set_phase2_ca_cert (s_8021x, value, scheme, &format, &error)) {
+ g_warning ("Couldn't read phase2 CA certificate '%s': %s", value, error ?
error->message : "(unknown)");
+ g_clear_error (&error);
+ ca_cert_error = TRUE;
+ }
+ } else {
+ if (!nm_setting_802_1x_set_ca_cert (s_8021x, value, scheme, &format, &error)) {
+ g_warning ("Couldn't read CA certificate '%s': %s", value, error ? error->message :
"(unknown)");
+ g_clear_error (&error);
+ ca_cert_error = TRUE;
+ }
+ }
+ nma_eap_ca_cert_ignore_set (parent, connection, value, ca_cert_error);
+ g_free (value);
+}
+
+static GError *
+client_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data)
+{
+ NMSetting8021xCKScheme scheme;
+ NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ gs_unref_object NMSetting8021x *setting = NULL;
+ gs_free char *value = NULL;
+ GError *local = NULL;
+
+ setting = (NMSetting8021x *) nm_setting_802_1x_new ();
+
+ value = nma_cert_chooser_get_cert (cert_chooser, &scheme);
+ if (!value) {
+ return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
+ _("no user certificate selected"));
+ }
+ if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
+ if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) {
+ return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
+ _("selected user certificate file does not exist"));
+ }
+ }
+
+ if (!nm_setting_802_1x_set_client_cert (setting, value, scheme, &format, &local))
+ return local;
+
+ return NULL;
+}
+
+static GError *
+client_key_validate_cb (NMACertChooser *cert_chooser, gpointer user_data)
+{
+ NMSetting8021xCKScheme scheme;
+ gs_free char *value = NULL;
+
+
+ value = nma_cert_chooser_get_key (cert_chooser, &scheme);
+ if (!value) {
+ return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
+ _("no key selected"));
+ }
+ if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
+ if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) {
+ return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
+ _("selected key file does not exist"));
+ }
+ }
+
+ return NULL;
+}
+
+static GError *
+client_key_password_validate_cb (NMACertChooser *cert_chooser, gpointer user_data)
+{
+ NMSetting8021xCKScheme scheme;
+ NMSettingSecretFlags secret_flags;
+ gs_unref_object NMSetting8021x *setting = NULL;
+ gs_free char *value = NULL;
+ const char *password = NULL;
+ GError *local = NULL;
+
+ secret_flags = nma_cert_chooser_get_key_password_flags (cert_chooser);
+ if ( secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED
+ || secret_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)
+ return NULL;
+
+ setting = (NMSetting8021x *) nm_setting_802_1x_new ();
+
+ value = nma_cert_chooser_get_key (cert_chooser, &scheme);
+ password = nma_cert_chooser_get_key_password (cert_chooser);
+ if (!nm_setting_802_1x_set_private_key (setting, value, password, scheme, NULL, &local))
+ return local;
+
+ return NULL;
+}
+
+static void
+client_cert_fixup_pkcs12 (NMACertChooser *cert_chooser, gpointer user_data)
+{
+ NMSetting8021xCKScheme cert_scheme, key_scheme;
+ NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ gs_free char *cert_value = NULL;
+ gs_free char *key_value = NULL;
+ gs_unref_object NMSetting8021x *setting = NULL;
+
+ setting = (NMSetting8021x *) nm_setting_802_1x_new ();
+
+ cert_value = nma_cert_chooser_get_cert (cert_chooser, &cert_scheme);
+ key_value = nma_cert_chooser_get_key (cert_chooser, &key_scheme);
+
+ if ( !cert_value || key_value
+ || !nm_setting_802_1x_set_client_cert (setting, cert_value, cert_scheme, &format, NULL))
+ return;
+
+ if (format == NM_SETTING_802_1X_CK_FORMAT_PKCS12)
+ nma_cert_chooser_set_key (cert_chooser, cert_value, cert_scheme);
+}
+
+static void
+update_secrets (NMAEap *parent, NMConnection *connection)
+{
+ NMAEapTls *method = (NMAEapTls *) parent;
+
+ nma_eap_setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser),
+ nm_connection_get_setting_802_1x (connection),
+ NULL,
+ NULL,
+ NULL,
+ parent->phase2 ? nm_setting_802_1x_get_phase2_client_cert_password :
nm_setting_802_1x_get_client_cert_password,
+ parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme :
nm_setting_802_1x_get_private_key_scheme,
+ parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_path :
nm_setting_802_1x_get_private_key_path,
+ parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_uri :
nm_setting_802_1x_get_private_key_uri,
+ parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_password :
nm_setting_802_1x_get_private_key_password);
+}
+
+NMAEapTls *
+nma_eap_tls_new (NMAWs8021x *ws_8021x,
+ NMConnection *connection,
+ gboolean phase2,
+ gboolean secrets_only)
+{
+ NMAEapTls *method;
+ NMAEap *parent;
+ GtkWidget *widget;
+ NMSetting8021x *s_8021x = NULL;
+ gboolean ca_not_required = FALSE;
+
+ parent = nma_eap_init (sizeof (NMAEapTls),
+ validate,
+ add_to_size_group,
+ fill_connection,
+ update_secrets,
+ NULL,
+ "/org/gnome/libnma/nma-eap-tls.ui",
+ "eap_tls_grid",
+ "eap_tls_identity_entry",
+ phase2);
+ if (!parent)
+ return NULL;
+
+ method = (NMAEapTls *) parent;
+ method->ca_cert_password_flags_name = phase2
+ ? NM_SETTING_802_1X_PHASE2_CA_CERT_PASSWORD
+ : NM_SETTING_802_1X_CA_CERT_PASSWORD;
+ method->client_cert_password_flags_name = phase2
+ ? NM_SETTING_802_1X_PHASE2_CLIENT_CERT_PASSWORD
+ : NM_SETTING_802_1X_CLIENT_CERT_PASSWORD;
+ method->client_key_password_flags_name = phase2
+ ? NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD
+ : NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD;
+ method->editing_connection = secrets_only ? FALSE : TRUE;
+
+ if (connection)
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_tls_ca_cert_not_required_checkbox"));
+ g_assert (widget);
+ g_signal_connect (G_OBJECT (widget), "toggled",
+ (GCallback) ca_cert_not_required_toggled,
+ parent);
+ g_signal_connect (G_OBJECT (widget), "toggled",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_entry"));
+ g_assert (widget);
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+ if (s_8021x && nm_setting_802_1x_get_identity (s_8021x))
+ gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_identity (s_8021x));
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_domain_entry"));
+ g_assert (widget);
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+ if (phase2) {
+ if (s_8021x && nm_setting_802_1x_get_phase2_domain_suffix_match (s_8021x))
+ gtk_editable_set_text (GTK_EDITABLE (widget),
nm_setting_802_1x_get_phase2_domain_suffix_match (s_8021x));
+ } else {
+ if (s_8021x && nm_setting_802_1x_get_domain_suffix_match (s_8021x))
+ gtk_editable_set_text (GTK_EDITABLE (widget),
nm_setting_802_1x_get_domain_suffix_match (s_8021x));
+ }
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_grid"));
+ g_assert (widget);
+
+ method->ca_cert_chooser = nma_cert_chooser_new ("CA",
+ NMA_CERT_CHOOSER_FLAG_CERT
+ | (secrets_only ? NMA_CERT_CHOOSER_FLAG_PASSWORDS :
0));
+ gtk_grid_attach (GTK_GRID (widget), method->ca_cert_chooser, 0, 2, 2, 1);
+ gtk_widget_show (method->ca_cert_chooser);
+
+ g_signal_connect (method->ca_cert_chooser,
+ "cert-validate",
+ G_CALLBACK (nma_eap_ca_cert_validate_cb),
+ NULL);
+ g_signal_connect (method->ca_cert_chooser,
+ "changed",
+ G_CALLBACK (nma_ws_changed_cb),
+ ws_8021x);
+
+ nma_eap_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x,
+ phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme :
nm_setting_802_1x_get_ca_cert_scheme,
+ phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path :
nm_setting_802_1x_get_ca_cert_path,
+ phase2 ? nm_setting_802_1x_get_phase2_ca_cert_uri :
nm_setting_802_1x_get_ca_cert_uri,
+ phase2 ? nm_setting_802_1x_get_phase2_ca_cert_password :
nm_setting_802_1x_get_ca_cert_password,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+
+ if (connection && nma_eap_ca_cert_ignore_get (parent, connection)) {
+ gchar *ca_cert;
+ NMSetting8021xCKScheme scheme;
+
+ ca_cert = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme);
+ if (ca_cert)
+ g_free (ca_cert);
+ else
+ ca_not_required = TRUE;
+ }
+
+ if (secrets_only)
+ ca_not_required = TRUE;
+
+ method->client_cert_chooser = nma_cert_chooser_new ("User",
+ secrets_only ? NMA_CERT_CHOOSER_FLAG_PASSWORDS :
0);
+ gtk_grid_attach (GTK_GRID (widget), method->client_cert_chooser, 0, 4, 2, 1);
+ gtk_widget_show (method->client_cert_chooser);
+
+ g_signal_connect (method->client_cert_chooser, "cert-validate",
+ G_CALLBACK (client_cert_validate_cb),
+ NULL);
+ g_signal_connect (method->client_cert_chooser,
+ "key-validate",
+ G_CALLBACK (client_key_validate_cb),
+ NULL);
+ g_signal_connect (method->client_cert_chooser,
+ "key-password-validate",
+ G_CALLBACK (client_key_password_validate_cb),
+ NULL);
+ g_signal_connect (method->client_cert_chooser,
+ "changed",
+ G_CALLBACK (client_cert_fixup_pkcs12),
+ ws_8021x);
+ g_signal_connect (method->client_cert_chooser,
+ "changed",
+ G_CALLBACK (nma_ws_changed_cb),
+ ws_8021x);
+
+ nma_eap_setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser), s_8021x,
+ phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme :
nm_setting_802_1x_get_client_cert_scheme,
+ phase2 ? nm_setting_802_1x_get_phase2_client_cert_path :
nm_setting_802_1x_get_client_cert_path,
+ phase2 ? nm_setting_802_1x_get_phase2_client_cert_uri :
nm_setting_802_1x_get_client_cert_uri,
+ phase2 ? nm_setting_802_1x_get_phase2_client_cert_password :
nm_setting_802_1x_get_client_cert_password,
+ phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme :
nm_setting_802_1x_get_private_key_scheme,
+ phase2 ? nm_setting_802_1x_get_phase2_private_key_path :
nm_setting_802_1x_get_private_key_path,
+ phase2 ? nm_setting_802_1x_get_phase2_private_key_uri :
nm_setting_802_1x_get_private_key_uri,
+ phase2 ? nm_setting_802_1x_get_phase2_private_key_password :
nm_setting_802_1x_get_private_key_password);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_tls_ca_cert_not_required_checkbox"));
+ gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), ca_not_required);
+
+ /* Create password-storage popup menus for password entries under their secondary icon */
+ nma_cert_chooser_setup_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
+ 0, (NMSetting *) s_8021x,
method->ca_cert_password_flags_name,
+ FALSE, secrets_only);
+ nma_cert_chooser_setup_cert_password_storage (NMA_CERT_CHOOSER (method->client_cert_chooser),
+ 0, (NMSetting *) s_8021x,
method->client_cert_password_flags_name,
+ FALSE, secrets_only);
+ nma_cert_chooser_setup_key_password_storage (NMA_CERT_CHOOSER (method->client_cert_chooser),
+ 0, (NMSetting *) s_8021x,
method->client_key_password_flags_name,
+ FALSE, secrets_only);
+
+ return method;
+}
diff --git a/src/nma-ws/nma-eap-tls.h b/src/nma-ws/nma-eap-tls.h
new file mode 100644
index 00000000..5de30814
--- /dev/null
+++ b/src/nma-ws/nma-eap-tls.h
@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_EAP_TLS_H
+#define NMA_EAP_TLS_H
+
+#include "nma-ws-802-1x.h"
+
+typedef struct _NMAEapTls NMAEapTls;
+
+NMAEapTls *nma_eap_tls_new (NMAWs8021x *ws_8021x,
+ NMConnection *connection,
+ gboolean phase2,
+ gboolean secrets_only);
+
+#endif /* NMA_EAP_TLS_H */
diff --git a/src/nma-ws/nma-eap-tls.ui b/src/nma-ws/nma-eap-tls.ui
new file mode 100644
index 00000000..127f4aa2
--- /dev/null
+++ b/src/nma-ws/nma-eap-tls.ui
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Generated with glade 3.22.1 -->
+<interface domain="nm-applet">
+ <requires lib="gtk+" version="3.10"/>
+ <object class="GtkGrid" id="eap_tls_grid">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="row_spacing">6</property>
+ <property name="column_spacing">6</property>
+ <child>
+ <object class="GtkLabel" id="eap_tls_identity_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">I_dentity</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_tls_identity_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="eap_tls_identity_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ <property name="activates_default">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkCheckButton" id="eap_tls_ca_cert_not_required_checkbox">
+ <property name="label" translatable="yes">No CA certificate is _required</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="halign">start</property>
+ <property name="hexpand">True</property>
+ <property name="use_underline">True</property>
+ <property name="draw_indicator">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">3</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="eap_tls_domain_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="tooltip_text" translatable="yes">Suffix of the server certificate name.</property>
+ <property name="label" translatable="yes">_Domain</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_tls_domain_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="eap_tls_domain_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ <property name="activates_default">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ </object>
+</interface>
diff --git a/src/nma-ws/nma-eap-ttls.c b/src/nma-ws/nma-eap-ttls.c
new file mode 100644
index 00000000..fee809f8
--- /dev/null
+++ b/src/nma-ws/nma-eap-ttls.c
@@ -0,0 +1,521 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#include "nm-default.h"
+#include "nma-private.h"
+
+#include <ctype.h>
+#include <string.h>
+
+#include "nma-eap.h"
+#include "nma-ws.h"
+#include "nma-ws-private.h"
+#include "nma-cert-chooser.h"
+#include "utils.h"
+
+#define I_NAME_COLUMN 0
+#define I_METHOD_COLUMN 1
+
+struct _NMAEapTtls {
+ NMAEap parent;
+
+ const char *password_flags_name;
+ GtkSizeGroup *size_group;
+ NMAWs8021x *ws_8021x;
+ gboolean is_editor;
+
+ GtkWidget *ca_cert_chooser;
+};
+
+static void
+destroy (NMAEap *parent)
+{
+ NMAEapTtls *method = (NMAEapTtls *) parent;
+
+ if (method->size_group)
+ g_object_unref (method->size_group);
+}
+
+static gboolean
+validate (NMAEap *parent, GError **error)
+{
+ NMAEapTtls *method = (NMAEapTtls *) parent;
+ GtkWidget *widget;
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+ NMAEap *eap = NULL;
+ gboolean valid = FALSE;
+
+ if ( gtk_widget_get_sensitive (method->ca_cert_chooser)
+ && !nma_cert_chooser_validate (NMA_CERT_CHOOSER (method->ca_cert_chooser), error))
+ return FALSE;
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
+ g_assert (widget);
+
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
+ gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
+ gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
+ g_assert (eap);
+ valid = nma_eap_validate (eap, error);
+ nma_eap_unref (eap);
+ return valid;
+}
+
+static void
+ca_cert_not_required_toggled (GtkWidget *button, gpointer user_data)
+{
+ NMAEapTtls *method = (NMAEapTtls *) user_data;
+
+ gtk_widget_set_sensitive (method->ca_cert_chooser,
+ !gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button)));
+}
+
+static void
+add_to_size_group (NMAEap *parent, GtkSizeGroup *group)
+{
+ NMAEapTtls *method = (NMAEapTtls *) parent;
+ GtkWidget *widget;
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+ NMAEap *eap;
+
+ if (method->size_group)
+ g_object_unref (method->size_group);
+ method->size_group = g_object_ref (group);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
+ nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->ca_cert_chooser), group);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label"));
+ g_assert (widget);
+ gtk_size_group_add_widget (group, widget);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
+ g_assert (widget);
+
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
+ gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
+ gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
+ g_assert (eap);
+ nma_eap_add_to_size_group (eap, group);
+ nma_eap_unref (eap);
+}
+
+static void
+fill_connection (NMAEap *parent, NMConnection *connection)
+{
+ NMAEapTtls *method = (NMAEapTtls *) parent;
+ NMSetting8021x *s_8021x;
+ NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ NMSettingSecretFlags secret_flags;
+ GtkWidget *widget;
+ const char *text;
+ char *value = NULL;
+ NMAEap *eap = NULL;
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+ GError *error = NULL;
+ NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN;
+ gboolean ca_cert_error = FALSE;
+
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ g_assert (s_8021x);
+
+ nm_setting_802_1x_add_eap_method (s_8021x, "ttls");
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry"));
+ g_assert (widget);
+ text = gtk_editable_get_text (GTK_EDITABLE (widget));
+ if (text && strlen (text))
+ g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_entry"));
+ g_assert (widget);
+ text = gtk_editable_get_text (GTK_EDITABLE (widget));
+ if (text && strlen (text))
+ g_object_set (s_8021x, NM_SETTING_802_1X_DOMAIN_SUFFIX_MATCH, text, NULL);
+
+ /* Save CA certificate PIN and its flags to the connection */
+ secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser));
+ nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_CA_CERT_PASSWORD,
+ secret_flags, NULL);
+ if (method->is_editor) {
+ /* Update secret flags and popup when editing the connection */
+ nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
+ secret_flags, NM_SETTING (s_8021x),
+ NM_SETTING_802_1X_CA_CERT_PASSWORD);
+ g_object_set (s_8021x, NM_SETTING_802_1X_CA_CERT_PASSWORD,
+ nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->ca_cert_chooser)),
+ NULL);
+ }
+
+ /* TLS CA certificate */
+ if (gtk_widget_get_sensitive (method->ca_cert_chooser))
+ value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme);
+ format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ if (!nm_setting_802_1x_set_ca_cert (s_8021x, value, scheme, &format, &error)) {
+ g_warning ("Couldn't read CA certificate '%s': %s", value, error ? error->message :
"(unknown)");
+ g_clear_error (&error);
+ ca_cert_error = TRUE;
+ }
+ nma_eap_ca_cert_ignore_set (parent, connection, value, ca_cert_error);
+ g_free (value);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
+ gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter);
+ gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
+ g_assert (eap);
+
+ nma_eap_fill_connection (eap, connection);
+ nma_eap_unref (eap);
+}
+
+static void
+inner_auth_combo_changed_cb (GtkWidget *combo, gpointer user_data)
+{
+ NMAEap *parent = (NMAEap *) user_data;
+ NMAEapTtls *method = (NMAEapTtls *) parent;
+ GtkWidget *vbox;
+ NMAEap *eap = NULL;
+ GList *elt, *children;
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+ GtkWidget *eap_widget;
+
+ vbox = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_vbox"));
+ g_assert (vbox);
+
+ /* Remove any previous wireless security widgets */
+ children = gtk_container_get_children (GTK_CONTAINER (vbox));
+ for (elt = children; elt; elt = g_list_next (elt))
+ gtk_container_remove (GTK_CONTAINER (vbox), GTK_WIDGET (elt->data));
+ g_list_free (children);
+
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo));
+ gtk_combo_box_get_active_iter (GTK_COMBO_BOX (combo), &iter);
+ gtk_tree_model_get (model, &iter, I_METHOD_COLUMN, &eap, -1);
+ g_assert (eap);
+
+ eap_widget = nma_eap_get_widget (eap);
+ g_assert (eap_widget);
+ gtk_widget_unparent (eap_widget);
+
+ if (method->size_group)
+ nma_eap_add_to_size_group (eap, method->size_group);
+ gtk_container_add (GTK_CONTAINER (vbox), eap_widget);
+
+ nma_eap_unref (eap);
+
+ nma_ws_changed_cb (combo, method->ws_8021x);
+}
+
+static GtkWidget *
+inner_auth_combo_init (NMAEapTtls *method,
+ NMConnection *connection,
+ NMSetting8021x *s_8021x,
+ gboolean secrets_only)
+{
+ NMAEap *parent = (NMAEap *) method;
+ GtkWidget *combo;
+ GtkListStore *auth_model;
+ GtkTreeIter iter;
+ NMAEapSimple *em_pap;
+ NMAEapSimple *em_mschap;
+ NMAEapSimple *em_mschap_v2;
+ NMAEapSimple *em_plain_mschap_v2;
+ NMAEapSimple *em_chap;
+ NMAEapSimple *em_md5;
+ NMAEapSimple *em_gtc;
+ guint32 active = 0;
+ const char *phase2_auth = NULL;
+ NMAEapSimpleFlags simple_flags;
+
+ auth_model = gtk_list_store_new (2, G_TYPE_STRING, nma_eap_get_type ());
+
+ if (s_8021x) {
+ if (nm_setting_802_1x_get_phase2_auth (s_8021x))
+ phase2_auth = nm_setting_802_1x_get_phase2_auth (s_8021x);
+ else if (nm_setting_802_1x_get_phase2_autheap (s_8021x))
+ phase2_auth = nm_setting_802_1x_get_phase2_autheap (s_8021x);
+ }
+
+ simple_flags = NMA_EAP_SIMPLE_FLAG_PHASE2 | NMA_EAP_SIMPLE_FLAG_AUTHEAP_ALLOWED;
+ if (method->is_editor)
+ simple_flags |= NMA_EAP_SIMPLE_FLAG_IS_EDITOR;
+ if (secrets_only)
+ simple_flags |= NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY;
+
+ em_pap = nma_eap_simple_new (method->ws_8021x,
+ connection,
+ NMA_EAP_SIMPLE_TYPE_PAP,
+ simple_flags,
+ NULL);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ I_NAME_COLUMN, _("PAP"),
+ I_METHOD_COLUMN, em_pap,
+ -1);
+ nma_eap_unref (NMA_EAP (em_pap));
+
+ /* Check for defaulting to PAP */
+ if (phase2_auth && !strcasecmp (phase2_auth, "pap"))
+ active = 0;
+
+ em_mschap = nma_eap_simple_new (method->ws_8021x,
+ connection,
+ NMA_EAP_SIMPLE_TYPE_MSCHAP,
+ simple_flags,
+ NULL);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ I_NAME_COLUMN, _("MSCHAP"),
+ I_METHOD_COLUMN, em_mschap,
+ -1);
+ nma_eap_unref (NMA_EAP (em_mschap));
+
+ /* Check for defaulting to MSCHAP */
+ if (phase2_auth && !strcasecmp (phase2_auth, "mschap"))
+ active = 1;
+
+ em_mschap_v2 = nma_eap_simple_new (method->ws_8021x,
+ connection,
+ NMA_EAP_SIMPLE_TYPE_MSCHAP_V2,
+ simple_flags,
+ NULL);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ I_NAME_COLUMN, _("MSCHAPv2"),
+ I_METHOD_COLUMN, em_mschap_v2,
+ -1);
+ nma_eap_unref (NMA_EAP (em_mschap_v2));
+
+ /* Check for defaulting to MSCHAPv2 */
+ if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2") &&
+ nm_setting_802_1x_get_phase2_autheap (s_8021x) != NULL)
+ active = 2;
+
+ em_plain_mschap_v2 = nma_eap_simple_new (method->ws_8021x,
+ connection,
+ NMA_EAP_SIMPLE_TYPE_PLAIN_MSCHAP_V2,
+ simple_flags,
+ NULL);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ I_NAME_COLUMN, _("MSCHAPv2 (no EAP)"),
+ I_METHOD_COLUMN, em_plain_mschap_v2,
+ -1);
+ nma_eap_unref (NMA_EAP (em_plain_mschap_v2));
+
+ /* Check for defaulting to plain MSCHAPv2 */
+ if (phase2_auth && !strcasecmp (phase2_auth, "mschapv2") &&
+ nm_setting_802_1x_get_phase2_auth (s_8021x) != NULL)
+ active = 3;
+
+ em_chap = nma_eap_simple_new (method->ws_8021x,
+ connection,
+ NMA_EAP_SIMPLE_TYPE_CHAP,
+ simple_flags,
+ NULL);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ I_NAME_COLUMN, _("CHAP"),
+ I_METHOD_COLUMN, em_chap,
+ -1);
+ nma_eap_unref (NMA_EAP (em_chap));
+
+ /* Check for defaulting to CHAP */
+ if (phase2_auth && !strcasecmp (phase2_auth, "chap"))
+ active = 4;
+
+ em_md5 = nma_eap_simple_new (method->ws_8021x,
+ connection,
+ NMA_EAP_SIMPLE_TYPE_MD5,
+ simple_flags,
+ NULL);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ I_NAME_COLUMN, _("MD5"),
+ I_METHOD_COLUMN, em_md5,
+ -1);
+ nma_eap_unref (NMA_EAP (em_md5));
+
+ /* Check for defaulting to MD5 */
+ if (phase2_auth && !strcasecmp (phase2_auth, "md5"))
+ active = 5;
+
+ em_gtc = nma_eap_simple_new (method->ws_8021x,
+ connection,
+ NMA_EAP_SIMPLE_TYPE_GTC,
+ simple_flags,
+ NULL);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ I_NAME_COLUMN, _("GTC"),
+ I_METHOD_COLUMN, em_gtc,
+ -1);
+ nma_eap_unref (NMA_EAP (em_gtc));
+
+ /* Check for defaulting to GTC */
+ if (phase2_auth && !strcasecmp (phase2_auth, "gtc"))
+ active = 6;
+
+ combo = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
+ g_assert (combo);
+
+ gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (auth_model));
+ g_object_unref (G_OBJECT (auth_model));
+ gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active);
+
+ g_signal_connect (G_OBJECT (combo), "changed",
+ (GCallback) inner_auth_combo_changed_cb,
+ method);
+ return combo;
+}
+
+static void
+update_secrets (NMAEap *parent, NMConnection *connection)
+{
+ nma_eap_phase2_update_secrets_helper (parent,
+ connection,
+ "eap_ttls_inner_auth_combo",
+ I_METHOD_COLUMN);
+}
+
+NMAEapTtls *
+nma_eap_ttls_new (NMAWs8021x *ws_8021x,
+ NMConnection *connection,
+ gboolean is_editor,
+ gboolean secrets_only)
+{
+ NMAEap *parent;
+ NMAEapTtls *method;
+ GtkWidget *widget;
+ NMSetting8021x *s_8021x = NULL;
+ gboolean ca_not_required = FALSE;
+
+ parent = nma_eap_init (sizeof (NMAEapTtls),
+ validate,
+ add_to_size_group,
+ fill_connection,
+ update_secrets,
+ destroy,
+ "/org/gnome/libnma/nma-eap-ttls.ui",
+ "eap_ttls_grid",
+ "eap_ttls_anon_identity_entry",
+ FALSE);
+ if (!parent)
+ return NULL;
+
+ method = (NMAEapTtls *) parent;
+ method->password_flags_name = NM_SETTING_802_1X_PASSWORD;
+ method->ws_8021x = ws_8021x;
+ method->is_editor = is_editor;
+
+ if (connection)
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_grid"));
+ g_assert (widget);
+
+ method->ca_cert_chooser = nma_cert_chooser_new ("CA",
+ NMA_CERT_CHOOSER_FLAG_CERT
+ | (secrets_only ? NMA_CERT_CHOOSER_FLAG_PASSWORDS :
0));
+ gtk_grid_attach (GTK_GRID (widget), method->ca_cert_chooser, 0, 2, 2, 1);
+ gtk_widget_show (method->ca_cert_chooser);
+
+ g_signal_connect (method->ca_cert_chooser,
+ "cert-validate",
+ G_CALLBACK (nma_eap_ca_cert_validate_cb),
+ NULL);
+ g_signal_connect (method->ca_cert_chooser,
+ "changed",
+ G_CALLBACK (nma_ws_changed_cb),
+ ws_8021x);
+
+ nma_eap_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x,
+ nm_setting_802_1x_get_ca_cert_scheme,
+ nm_setting_802_1x_get_ca_cert_path,
+ nm_setting_802_1x_get_ca_cert_uri,
+ nm_setting_802_1x_get_ca_cert_password,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+
+ if (connection && nma_eap_ca_cert_ignore_get (parent, connection)) {
+ gchar *ca_cert;
+ NMSetting8021xCKScheme scheme;
+
+ ca_cert = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme);
+ if (ca_cert)
+ g_free (ca_cert);
+ else
+ ca_not_required = TRUE;
+ }
+
+ if (secrets_only)
+ ca_not_required = TRUE;
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_ttls_ca_cert_not_required_checkbox"));
+ g_assert (widget);
+ g_signal_connect (G_OBJECT (widget), "toggled",
+ (GCallback) ca_cert_not_required_toggled,
+ parent);
+ g_signal_connect (G_OBJECT (widget), "toggled",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+ gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), ca_not_required);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry"));
+ if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x))
+ gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_anonymous_identity
(s_8021x));
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_entry"));
+ if (s_8021x && nm_setting_802_1x_get_domain_suffix_match (s_8021x))
+ gtk_editable_set_text (GTK_EDITABLE (widget), nm_setting_802_1x_get_domain_suffix_match
(s_8021x));
+ g_signal_connect (G_OBJECT (widget), "changed",
+ (GCallback) nma_ws_changed_cb,
+ ws_8021x);
+
+ widget = inner_auth_combo_init (method, connection, s_8021x, secrets_only);
+ inner_auth_combo_changed_cb (widget, (gpointer) method);
+
+ if (secrets_only) {
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_ttls_anon_identity_label"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_ttls_anon_identity_entry"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_label"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_domain_entry"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_ttls_ca_cert_not_required_checkbox"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label"));
+ gtk_widget_hide (widget);
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
+ gtk_widget_hide (widget);
+ }
+
+ nma_cert_chooser_setup_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
+ 0, (NMSetting *) s_8021x,
NM_SETTING_802_1X_CA_CERT_PASSWORD,
+ FALSE, secrets_only);
+
+ return method;
+}
diff --git a/src/nma-ws/nma-eap-ttls.h b/src/nma-ws/nma-eap-ttls.h
new file mode 100644
index 00000000..1e072336
--- /dev/null
+++ b/src/nma-ws/nma-eap-ttls.h
@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_EAP_TTLS_H
+#define NMA_EAP_TTLS_H
+
+#include "nma-ws.h"
+
+typedef struct _NMAEapTtls NMAEapTtls;
+
+NMAEapTtls *nma_eap_ttls_new (NMAWs8021x *ws_8021x,
+ NMConnection *connection,
+ gboolean is_editor,
+ gboolean secrets_only);
+
+#endif /* NMA_EAP_TLS_H */
diff --git a/src/nma-ws/nma-eap-ttls.ui b/src/nma-ws/nma-eap-ttls.ui
new file mode 100644
index 00000000..b5acde15
--- /dev/null
+++ b/src/nma-ws/nma-eap-ttls.ui
@@ -0,0 +1,148 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Generated with glade 3.22.1 -->
+<interface domain="nm-applet">
+ <requires lib="gtk+" version="3.10"/>
+ <object class="GtkListStore" id="model6">
+ <columns>
+ <!-- column-name gchararray -->
+ <column type="gchararray"/>
+ </columns>
+ <data>
+ <row>
+ <col id="0"> </col>
+ </row>
+ </data>
+ </object>
+ <object class="GtkGrid" id="eap_ttls_grid">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="row_spacing">6</property>
+ <property name="column_spacing">6</property>
+ <child>
+ <object class="GtkEntry" id="eap_ttls_anon_identity_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ <property name="activates_default">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkBox" id="eap_ttls_inner_auth_vbox">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="orientation">vertical</property>
+ <property name="spacing">6</property>
+ <child>
+ <placeholder/>
+ </child>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">5</property>
+ <property name="width">2</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkComboBox" id="eap_ttls_inner_auth_combo">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="hexpand">True</property>
+ <property name="model">model6</property>
+ <child>
+ <object class="GtkCellRendererText" id="renderer6"/>
+ <attributes>
+ <attribute name="text">0</attribute>
+ </attributes>
+ </child>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">4</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="eap_ttls_inner_auth_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">_Inner authentication</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_ttls_inner_auth_combo</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">4</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkCheckButton" id="eap_ttls_ca_cert_not_required_checkbox">
+ <property name="label" translatable="yes">No CA certificate is _required</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="halign">start</property>
+ <property name="hexpand">True</property>
+ <property name="use_underline">True</property>
+ <property name="draw_indicator">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">3</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="eap_ttls_domain_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ <property name="activates_default">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="eap_ttls_anon_identity_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">Anony_mous identity</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_ttls_anon_identity_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="eap_ttls_domain_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="tooltip_text" translatable="yes">Suffix of the server certificate name.</property>
+ <property name="label" translatable="yes">_Domain</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_ttls_domain_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ </object>
+</interface>
diff --git a/src/nma-ws/nma-eap.c b/src/nma-ws/nma-eap.c
new file mode 100644
index 00000000..f666dab9
--- /dev/null
+++ b/src/nma-ws/nma-eap.c
@@ -0,0 +1,424 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#include "nm-default.h"
+
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include "nma-eap.h"
+#include "nm-utils.h"
+#include "utils.h"
+
+G_DEFINE_BOXED_TYPE (NMAEap, nma_eap, nma_eap_ref, nma_eap_unref)
+
+GtkWidget *
+nma_eap_get_widget (NMAEap *method)
+{
+ g_return_val_if_fail (method != NULL, NULL);
+
+ return method->ui_widget;
+}
+
+gboolean
+nma_eap_validate (NMAEap *method, GError **error)
+{
+ gboolean result;
+
+ g_return_val_if_fail (method != NULL, FALSE);
+
+ g_assert (method->validate);
+ result = (*(method->validate)) (method, error);
+ if (!result && error && !*error)
+ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("undefined error in 802.1X
security (wpa-eap)"));
+ return result;
+}
+
+void
+nma_eap_add_to_size_group (NMAEap *method, GtkSizeGroup *group)
+{
+ g_return_if_fail (method != NULL);
+ g_return_if_fail (group != NULL);
+
+ g_assert (method->add_to_size_group);
+ return (*(method->add_to_size_group)) (method, group);
+}
+
+void
+nma_eap_fill_connection (NMAEap *method,
+ NMConnection *connection)
+{
+ g_return_if_fail (method != NULL);
+ g_return_if_fail (connection != NULL);
+
+ g_assert (method->fill_connection);
+ return (*(method->fill_connection)) (method, connection);
+}
+
+void
+nma_eap_update_secrets (NMAEap *method, NMConnection *connection)
+{
+ g_return_if_fail (method != NULL);
+ g_return_if_fail (connection != NULL);
+
+ if (method->update_secrets)
+ method->update_secrets (method, connection);
+}
+
+void
+nma_eap_phase2_update_secrets_helper (NMAEap *method,
+ NMConnection *connection,
+ const char *combo_name,
+ guint32 column)
+{
+ GtkWidget *combo;
+ GtkTreeIter iter;
+ GtkTreeModel *model;
+
+ g_return_if_fail (method != NULL);
+ g_return_if_fail (connection != NULL);
+ g_return_if_fail (combo_name != NULL);
+
+ combo = GTK_WIDGET (gtk_builder_get_object (method->builder, combo_name));
+ g_assert (combo);
+
+ /* Let each EAP phase2 method try to update its secrets */
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo));
+ if (gtk_tree_model_get_iter_first (model, &iter)) {
+ do {
+ NMAEap *eap = NULL;
+
+ gtk_tree_model_get (model, &iter, column, &eap, -1);
+ if (eap) {
+ nma_eap_update_secrets (eap, connection);
+ nma_eap_unref (eap);
+ }
+ } while (gtk_tree_model_iter_next (model, &iter));
+ }
+}
+
+NMAEap *
+nma_eap_init (gsize obj_size,
+ NMAEapValidateFunc validate,
+ NMAEapAddToSizeGroupFunc add_to_size_group,
+ NMAEapFillConnectionFunc fill_connection,
+ NMAEapUpdateSecretsFunc update_secrets,
+ NMAEapDestroyFunc destroy,
+ const char *ui_resource,
+ const char *ui_widget_name,
+ const char *default_field,
+ gboolean phase2)
+{
+ NMAEap *method;
+ GError *error = NULL;
+
+ g_return_val_if_fail (obj_size > 0, NULL);
+ g_return_val_if_fail (ui_resource != NULL, NULL);
+ g_return_val_if_fail (ui_widget_name != NULL, NULL);
+
+ method = g_slice_alloc0 (obj_size);
+ g_assert (method);
+
+ method->refcount = 1;
+ method->obj_size = obj_size;
+ method->validate = validate;
+ method->add_to_size_group = add_to_size_group;
+ method->fill_connection = fill_connection;
+ method->update_secrets = update_secrets;
+ method->default_field = default_field;
+ method->phase2 = phase2;
+
+ method->builder = gtk_builder_new ();
+ if (!gtk_builder_add_from_resource (method->builder, ui_resource, &error)) {
+ g_warning ("Couldn't load UI builder resource %s: %s",
+ ui_resource, error->message);
+ nma_eap_unref (method);
+ return NULL;
+ }
+
+ method->ui_widget = GTK_WIDGET (gtk_builder_get_object (method->builder, ui_widget_name));
+ if (!method->ui_widget) {
+ g_warning ("Couldn't load UI widget '%s' from UI file %s",
+ ui_widget_name, ui_resource);
+ nma_eap_unref (method);
+ return NULL;
+ }
+ g_object_ref_sink (method->ui_widget);
+
+ method->destroy = destroy;
+
+ return method;
+}
+
+
+NMAEap *
+nma_eap_ref (NMAEap *method)
+{
+ g_return_val_if_fail (method != NULL, NULL);
+ g_return_val_if_fail (method->refcount > 0, NULL);
+
+ method->refcount++;
+ return method;
+}
+
+void
+nma_eap_unref (NMAEap *method)
+{
+ g_return_if_fail (method != NULL);
+ g_return_if_fail (method->refcount > 0);
+
+ method->refcount--;
+ if (method->refcount == 0) {
+ if (method->destroy)
+ method->destroy (method);
+
+ if (method->builder)
+ g_object_unref (method->builder);
+ if (method->ui_widget)
+ g_object_unref (method->ui_widget);
+
+ g_slice_free1 (method->obj_size, method);
+ }
+}
+
+/* Used as both GSettings keys and GObject data tags */
+#define IGNORE_CA_CERT_TAG "ignore-ca-cert"
+#define IGNORE_PHASE2_CA_CERT_TAG "ignore-phase2-ca-cert"
+
+/**
+ * nma_eap_ca_cert_ignore_set:
+ * @method: the #NMAEap object
+ * @connection: the #NMConnection
+ * @filename: the certificate file, if any
+ * @ca_cert_error: %TRUE if an error was encountered loading the given CA
+ * certificate, %FALSE if not or if a CA certificate is not present
+ *
+ * Updates the connection's CA cert ignore value to %TRUE if the "CA certificate
+ * not required" checkbox is checked. If @ca_cert_error is %TRUE, then the
+ * connection's CA cert ignore value will always be set to %FALSE, because it
+ * means that the user selected an invalid certificate (thus he does not want to
+ * ignore the CA cert)..
+ */
+void
+nma_eap_ca_cert_ignore_set (NMAEap *method,
+ NMConnection *connection,
+ const char *filename,
+ gboolean ca_cert_error)
+{
+ NMSetting8021x *s_8021x;
+ gboolean ignore;
+
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ if (s_8021x) {
+ ignore = !ca_cert_error && filename == NULL;
+ g_object_set_data (G_OBJECT (s_8021x),
+ method->phase2 ? IGNORE_PHASE2_CA_CERT_TAG : IGNORE_CA_CERT_TAG,
+ GUINT_TO_POINTER (ignore));
+ }
+}
+
+/**
+ * nma_eap_ca_cert_ignore_get:
+ * @method: the #NMAEap object
+ * @connection: the #NMConnection
+ *
+ * Returns: %TRUE if a missing CA certificate can be ignored, %FALSE if a CA
+ * certificate should be required for the connection to be valid.
+ */
+gboolean
+nma_eap_ca_cert_ignore_get (NMAEap *method, NMConnection *connection)
+{
+ NMSetting8021x *s_8021x;
+
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ if (s_8021x) {
+ return !!g_object_get_data (G_OBJECT (s_8021x),
+ method->phase2 ? IGNORE_PHASE2_CA_CERT_TAG : IGNORE_CA_CERT_TAG);
+ }
+ return FALSE;
+}
+
+static GSettings *
+_get_ca_ignore_settings (NMConnection *connection)
+{
+ GSettings *settings;
+ char *path = NULL;
+ const char *uuid;
+
+ g_return_val_if_fail (connection, NULL);
+
+ uuid = nm_connection_get_uuid (connection);
+ g_return_val_if_fail (uuid && *uuid, NULL);
+
+ path = g_strdup_printf ("/org/gnome/nm-applet/eap/%s/", uuid);
+ settings = g_settings_new_with_path ("org.gnome.nm-applet.eap", path);
+ g_free (path);
+
+ return settings;
+}
+
+/**
+ * nma_eap_ca_cert_ignore_save:
+ * @connection: the connection for which to save CA cert ignore values to GSettings
+ *
+ * Reads the CA cert ignore tags from the 802.1x setting GObject data and saves
+ * then to GSettings if present, using the connection UUID as the index.
+ */
+void
+nma_eap_ca_cert_ignore_save (NMConnection *connection)
+{
+ NMSetting8021x *s_8021x;
+ GSettings *settings;
+ gboolean ignore = FALSE, phase2_ignore = FALSE;
+
+ g_return_if_fail (connection);
+
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ if (s_8021x) {
+ ignore = !!g_object_get_data (G_OBJECT (s_8021x), IGNORE_CA_CERT_TAG);
+ phase2_ignore = !!g_object_get_data (G_OBJECT (s_8021x), IGNORE_PHASE2_CA_CERT_TAG);
+ }
+
+ settings = _get_ca_ignore_settings (connection);
+ if (!settings)
+ return;
+
+ g_settings_set_boolean (settings, IGNORE_CA_CERT_TAG, ignore);
+ g_settings_set_boolean (settings, IGNORE_PHASE2_CA_CERT_TAG, phase2_ignore);
+ g_object_unref (settings);
+}
+
+/**
+ * nma_eap_ca_cert_ignore_load:
+ * @connection: the connection for which to load CA cert ignore values to GSettings
+ *
+ * Reads the CA cert ignore tags from the 802.1x setting GObject data and saves
+ * then to GSettings if present, using the connection UUID as the index.
+ */
+void
+nma_eap_ca_cert_ignore_load (NMConnection *connection)
+{
+ GSettings *settings;
+ NMSetting8021x *s_8021x;
+ gboolean ignore, phase2_ignore;
+
+ g_return_if_fail (connection);
+
+ s_8021x = nm_connection_get_setting_802_1x (connection);
+ if (!s_8021x)
+ return;
+
+ settings = _get_ca_ignore_settings (connection);
+ if (!settings)
+ return;
+
+ ignore = g_settings_get_boolean (settings, IGNORE_CA_CERT_TAG);
+ phase2_ignore = g_settings_get_boolean (settings, IGNORE_PHASE2_CA_CERT_TAG);
+
+ g_object_set_data (G_OBJECT (s_8021x),
+ IGNORE_CA_CERT_TAG,
+ GUINT_TO_POINTER (ignore));
+ g_object_set_data (G_OBJECT (s_8021x),
+ IGNORE_PHASE2_CA_CERT_TAG,
+ GUINT_TO_POINTER (phase2_ignore));
+ g_object_unref (settings);
+}
+
+GError *
+nma_eap_ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data)
+{
+ NMSetting8021xCKScheme scheme;
+ NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ gs_unref_object NMSetting8021x *setting = NULL;
+ gs_free char *value = NULL;
+ GError *local = NULL;
+
+ setting = (NMSetting8021x *) nm_setting_802_1x_new ();
+
+ value = nma_cert_chooser_get_cert (cert_chooser, &scheme);
+ if (!value) {
+ return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
+ _("no CA certificate selected"));
+ }
+ if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
+ if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) {
+ return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
+ _("selected CA certificate file does not exist"));
+ }
+ }
+
+ if (!nm_setting_802_1x_set_ca_cert (setting, value, scheme, &format, &local))
+ return local;
+
+ return NULL;
+}
+
+void
+nma_eap_setup_cert_chooser (NMACertChooser *cert_chooser,
+ NMSetting8021x *s_8021x,
+ NMSetting8021xCKScheme (*cert_scheme_func) (NMSetting8021x *setting),
+ const char *(*cert_path_func) (NMSetting8021x *setting),
+ const char *(*cert_uri_func) (NMSetting8021x *setting),
+ const char *(*cert_password_func) (NMSetting8021x *setting),
+ NMSetting8021xCKScheme (*key_scheme_func) (NMSetting8021x *setting),
+ const char *(*key_path_func) (NMSetting8021x *setting),
+ const char *(*key_uri_func) (NMSetting8021x *setting),
+ const char *(*key_password_func) (NMSetting8021x *setting))
+{
+ NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN;
+ const char *value = NULL;
+ const char *password = NULL;
+
+
+ if (s_8021x && cert_path_func && cert_uri_func && cert_scheme_func) {
+ scheme = cert_scheme_func (s_8021x);
+ switch (scheme) {
+ case NM_SETTING_802_1X_CK_SCHEME_PATH:
+ value = cert_path_func (s_8021x);
+ break;
+ case NM_SETTING_802_1X_CK_SCHEME_PKCS11:
+ value = cert_uri_func (s_8021x);
+ password = cert_password_func ? cert_password_func (s_8021x) : NULL;
+ if (password)
+ nma_cert_chooser_set_cert_password (cert_chooser, password);
+ break;
+ case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN:
+ /* No CA set. */
+ break;
+ default:
+ g_warning ("unhandled certificate scheme %d", scheme);
+ }
+
+ }
+ nma_cert_chooser_set_cert (cert_chooser, value, scheme);
+
+ if (s_8021x && key_path_func && key_uri_func && key_scheme_func) {
+ scheme = key_scheme_func (s_8021x);
+ switch (scheme) {
+ case NM_SETTING_802_1X_CK_SCHEME_PATH:
+ value = key_path_func (s_8021x);
+ break;
+ case NM_SETTING_802_1X_CK_SCHEME_PKCS11:
+ value = key_uri_func (s_8021x);
+ break;
+ case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN:
+ /* No certificate set. */
+ break;
+ default:
+ g_warning ("unhandled key scheme %d", scheme);
+ }
+
+ nma_cert_chooser_set_key (cert_chooser, value, scheme);
+ }
+
+ password = s_8021x && key_password_func ? key_password_func (s_8021x) : NULL;
+ if (password)
+ nma_cert_chooser_set_key_password (cert_chooser, key_password_func (s_8021x));
+}
diff --git a/src/nma-ws/nma-eap.h b/src/nma-ws/nma-eap.h
new file mode 100644
index 00000000..db5c84a0
--- /dev/null
+++ b/src/nma-ws/nma-eap.h
@@ -0,0 +1,106 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_EAP_H
+#define NMA_EAP_H
+
+typedef struct _NMAEap NMAEap;
+
+typedef void (*NMAEapAddToSizeGroupFunc) (NMAEap *method, GtkSizeGroup *group);
+typedef void (*NMAEapFillConnectionFunc) (NMAEap *method, NMConnection *connection);
+typedef void (*NMAEapUpdateSecretsFunc) (NMAEap *method, NMConnection *connection);
+typedef void (*NMAEapDestroyFunc) (NMAEap *method);
+typedef gboolean (*NMAEapValidateFunc) (NMAEap *method, GError **error);
+
+struct _NMAEap {
+ guint32 refcount;
+ gsize obj_size;
+
+ GtkBuilder *builder;
+ GtkWidget *ui_widget;
+
+ const char *default_field;
+
+ gboolean phase2;
+ gboolean secrets_only;
+
+ NMAEapAddToSizeGroupFunc add_to_size_group;
+ NMAEapFillConnectionFunc fill_connection;
+ NMAEapUpdateSecretsFunc update_secrets;
+ NMAEapValidateFunc validate;
+ NMAEapDestroyFunc destroy;
+};
+
+#define NMA_EAP(x) ((NMAEap *) x)
+
+
+GtkWidget *nma_eap_get_widget (NMAEap *method);
+
+gboolean nma_eap_validate (NMAEap *method, GError **error);
+
+void nma_eap_add_to_size_group (NMAEap *method, GtkSizeGroup *group);
+
+void nma_eap_fill_connection (NMAEap *method,
+ NMConnection *connection);
+
+void nma_eap_update_secrets (NMAEap *method, NMConnection *connection);
+
+NMAEap *nma_eap_ref (NMAEap *method);
+
+void nma_eap_unref (NMAEap *method);
+
+GType nma_eap_get_type (void);
+
+/* Below for internal use only */
+
+#include "nma-cert-chooser.h"
+#include "nma-eap-tls.h"
+#include "nma-eap-leap.h"
+#include "nma-eap-fast.h"
+#include "nma-eap-ttls.h"
+#include "nma-eap-peap.h"
+#include "nma-eap-simple.h"
+
+NMAEap *nma_eap_init (gsize obj_size,
+ NMAEapValidateFunc validate,
+ NMAEapAddToSizeGroupFunc add_to_size_group,
+ NMAEapFillConnectionFunc fill_connection,
+ NMAEapUpdateSecretsFunc update_secrets,
+ NMAEapDestroyFunc destroy,
+ const char *ui_resource,
+ const char *ui_widget_name,
+ const char *default_field,
+ gboolean phase2);
+
+void nma_eap_phase2_update_secrets_helper (NMAEap *method,
+ NMConnection *connection,
+ const char *combo_name,
+ guint32 column);
+
+void nma_eap_ca_cert_ignore_set (NMAEap *method,
+ NMConnection *connection,
+ const char *filename,
+ gboolean ca_cert_error);
+gboolean nma_eap_ca_cert_ignore_get (NMAEap *method, NMConnection *connection);
+
+void nma_eap_ca_cert_ignore_save (NMConnection *connection);
+void nma_eap_ca_cert_ignore_load (NMConnection *connection);
+
+GError *nma_eap_ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data);
+
+void nma_eap_setup_cert_chooser (NMACertChooser *cert_chooser,
+ NMSetting8021x *s_8021x,
+ NMSetting8021xCKScheme (*cert_scheme_func) (NMSetting8021x *setting),
+ const char *(*cert_path_func) (NMSetting8021x *setting),
+ const char *(*cert_uri_func) (NMSetting8021x *setting),
+ const char *(*cert_password_func) (NMSetting8021x *setting),
+ NMSetting8021xCKScheme (*key_scheme_func) (NMSetting8021x *setting),
+ const char *(*key_path_func) (NMSetting8021x *setting),
+ const char *(*key_uri_func) (NMSetting8021x *setting),
+ const char *(*key_password_func) (NMSetting8021x *setting));
+
+#endif /* NMA_EAP_H */
diff --git a/src/nma-ws/nma-ws-802-1x-private.h b/src/nma-ws/nma-ws-802-1x-private.h
new file mode 100644
index 00000000..23743eee
--- /dev/null
+++ b/src/nma-ws/nma-ws-802-1x-private.h
@@ -0,0 +1,37 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_WS_802_1X_PRIVATE_H
+#define NMA_WS_802_1X_PRIVATE_H
+
+struct _NMAWs8021xClass {
+ GtkGridClass parent;
+};
+
+struct _NMAWs8021x {
+ GtkGrid parent;
+
+ GtkWidget *eap_auth_combo;
+ GtkWidget *eap_auth_label;
+ GtkWidget *eap_vbox;
+
+ NMConnection *connection;
+ gboolean secrets_only;
+ gboolean is_editor;
+ char **secrets_hints;
+
+ char *username, *password;
+ gboolean always_ask, show_password;
+};
+
+void nma_ws_802_1x_fill_connection (NMAWs *ws, NMConnection *connection);
+
+void nma_ws_802_1x_set_userpass (NMAWs8021x *self,
+ const char *user,
+ const char *password,
+ gboolean always_ask,
+ gboolean show_password);
+
+#endif /* NMA_WS_802_1X_PRIVATE_H */
diff --git a/src/nma-ws/nma-ws-802-1x.c b/src/nma-ws/nma-ws-802-1x.c
new file mode 100644
index 00000000..ad0c13a5
--- /dev/null
+++ b/src/nma-ws/nma-ws-802-1x.c
@@ -0,0 +1,525 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#include "nm-default.h"
+#include "nma-private.h"
+
+#include <ctype.h>
+#include <string.h>
+
+#include "nma-ws.h"
+#include "nma-ws-private.h"
+#include "nma-ws-802-1x.h"
+#include "nma-ws-802-1x-private.h"
+#include "nma-ws-helpers.h"
+#include "nma-ui-utils.h"
+
+#include "nma-eap-tls.h"
+#include "nma-eap-leap.h"
+#include "nma-eap-fast.h"
+#include "nma-eap-ttls.h"
+#include "nma-eap-peap.h"
+#include "nma-eap-simple.h"
+#include "nma-eap.h"
+
+#include "utils.h"
+
+#define AUTH_NAME_COLUMN 0
+#define AUTH_METHOD_COLUMN 1
+
+static void nma_ws_interface_init (NMAWsInterface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (NMAWs8021x, nma_ws_802_1x, GTK_TYPE_GRID,
+ G_IMPLEMENT_INTERFACE (NMA_TYPE_WS, nma_ws_interface_init))
+
+enum {
+ PROP_0,
+ PROP_CONNECTION,
+ PROP_SECRETS_ONLY,
+ PROP_IS_EDITOR,
+ PROP_SECRETS_HINTS,
+ PROP_LAST
+};
+
+void
+nma_ws_802_1x_set_userpass (NMAWs8021x *self,
+ const char *user,
+ const char *password,
+ gboolean always_ask,
+ gboolean show_password)
+{
+ g_free (self->username);
+ self->username = g_strdup (user);
+
+ if (self->password) {
+ memset (self->password, 0, strlen (self->password));
+ g_free (self->password);
+ }
+ self->password = g_strdup (password);
+
+ if (always_ask != (gboolean) -1)
+ self->always_ask = always_ask;
+ self->show_password = show_password;
+}
+
+static void
+init_userpass (NMAWs8021x *self, NMConnection *connection)
+{
+ const char *user = NULL, *password = NULL;
+ gboolean always_ask = FALSE, show_password = FALSE;
+ NMSetting8021x *setting;
+ NMSettingSecretFlags flags;
+
+ if (!connection)
+ goto set;
+
+ setting = nm_connection_get_setting_802_1x (connection);
+ if (!setting)
+ goto set;
+
+ user = nm_setting_802_1x_get_identity (setting);
+ password = nm_setting_802_1x_get_password (setting);
+
+ if (nm_setting_get_secret_flags (NM_SETTING (setting), NM_SETTING_802_1X_PASSWORD, &flags, NULL))
+ always_ask = !!(flags & NM_SETTING_SECRET_FLAG_NOT_SAVED);
+
+set:
+ nma_ws_802_1x_set_userpass (self, user, password, always_ask, show_password);
+}
+
+static gboolean
+validate (NMAWs *ws, GError **error)
+{
+ NMAWs8021x *self = NMA_WS_802_1X (ws);
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+ NMAEap *eap = NULL;
+ gboolean valid = FALSE;
+
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (self->eap_auth_combo));
+ gtk_combo_box_get_active_iter (GTK_COMBO_BOX (self->eap_auth_combo), &iter);
+ gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1);
+ g_return_val_if_fail (eap, FALSE);
+ valid = nma_eap_validate (eap, error);
+ nma_eap_unref (eap);
+ return valid;
+}
+
+static void
+auth_combo_changed_cb (GtkWidget *combo, gpointer user_data)
+{
+ NMAWs8021x *self = NMA_WS_802_1X (user_data);
+
+ NMAEap *eap = NULL;
+ GList *elt, *children;
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+ GtkWidget *eap_widget;
+ GtkWidget *eap_default_widget = NULL;
+
+ /* Remove any previous wireless security widgets */
+ children = gtk_container_get_children (GTK_CONTAINER (self->eap_vbox));
+ for (elt = children; elt; elt = g_list_next (elt))
+ gtk_container_remove (GTK_CONTAINER (self->eap_vbox), GTK_WIDGET (elt->data));
+
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo));
+ gtk_combo_box_get_active_iter (GTK_COMBO_BOX (combo), &iter);
+ gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1);
+ g_return_if_fail (eap);
+
+ eap_widget = nma_eap_get_widget (eap);
+ g_return_if_fail (eap_widget);
+ gtk_widget_unparent (eap_widget);
+
+ gtk_container_add (GTK_CONTAINER (self->eap_vbox), eap_widget);
+
+ /* Refocus the EAP method's default widget */
+ if (eap->default_field) {
+ eap_default_widget = GTK_WIDGET (gtk_builder_get_object (eap->builder, eap->default_field));
+ if (eap_default_widget)
+ gtk_widget_grab_focus (eap_default_widget);
+ }
+
+ nma_eap_unref (eap);
+
+ nma_ws_changed_cb (combo, NMA_WS (self));
+}
+
+static void
+add_to_size_group (NMAWs *ws, GtkSizeGroup *group)
+{
+ NMAWs8021x *self = NMA_WS_802_1X (ws);
+ NMAEap *eap = NULL;
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (self->eap_auth_combo));
+
+ /* Let each EAP method try to update its secrets */
+ if (gtk_tree_model_get_iter_first (model, &iter)) {
+ do {
+ gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1);
+ if (eap) {
+ nma_eap_add_to_size_group (eap, group);
+ nma_eap_unref (eap);
+ }
+ } while (gtk_tree_model_iter_next (model, &iter));
+ }
+
+ gtk_size_group_add_widget (group, self->eap_auth_label);
+}
+
+void
+nma_ws_802_1x_fill_connection (NMAWs *ws, NMConnection *connection)
+{
+ NMAWs8021x *self = NMA_WS_802_1X (ws);
+ NMSettingWirelessSecurity *s_wireless_sec;
+ NMSetting8021x *s_8021x;
+ NMAEap *eap = NULL;
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+
+ /* Get the NMAEap object */
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (self->eap_auth_combo));
+ gtk_combo_box_get_active_iter (GTK_COMBO_BOX (self->eap_auth_combo), &iter);
+ gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1);
+ g_return_if_fail (eap);
+
+ /* Blow away the old wireless security setting by adding a clear one */
+ s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new ();
+ nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec);
+
+ /* Blow away the old 802.1x setting by adding a clear one */
+ s_8021x = (NMSetting8021x *) nm_setting_802_1x_new ();
+ nm_connection_add_setting (connection, (NMSetting *) s_8021x);
+
+ nma_eap_fill_connection (eap, connection);
+ nma_eap_unref (eap);
+}
+
+static void
+update_secrets (NMAWs *ws, NMConnection *connection)
+{
+ NMAWs8021x *self = NMA_WS_802_1X (ws);
+ NMAEap *eap = NULL;
+ GtkTreeModel *model;
+ GtkTreeIter iter;
+
+ g_return_if_fail (connection != NULL);
+
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (self->eap_auth_combo));
+
+ /* Let each EAP method try to update its secrets */
+ if (gtk_tree_model_get_iter_first (model, &iter)) {
+ do {
+ gtk_tree_model_get (model, &iter, AUTH_METHOD_COLUMN, &eap, -1);
+ if (eap) {
+ nma_eap_update_secrets (eap, connection);
+ nma_eap_unref (eap);
+ }
+ } while (gtk_tree_model_iter_next (model, &iter));
+ }
+}
+
+static void
+get_property (GObject *object,
+ guint prop_id,
+ GValue *value,
+ GParamSpec *pspec)
+{
+ NMAWs8021x *self = NMA_WS_802_1X (object);
+
+ switch (prop_id) {
+ case PROP_CONNECTION:
+ g_value_set_object (value, self->connection);
+ break;
+ case PROP_SECRETS_ONLY:
+ g_value_set_boolean (value, self->secrets_only);
+ break;
+ case PROP_IS_EDITOR:
+ g_value_set_boolean (value, self->is_editor);
+ break;
+ case PROP_SECRETS_HINTS:
+ g_value_set_boxed (value, self->secrets_hints);
+ break;
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ break;
+ }
+}
+
+static void
+set_property (GObject *object,
+ guint prop_id,
+ const GValue *value,
+ GParamSpec *pspec)
+{
+ NMAWs8021x *self = NMA_WS_802_1X (object);
+
+ switch (prop_id) {
+ case PROP_CONNECTION:
+ self->connection = g_value_dup_object (value);
+ break;
+ case PROP_SECRETS_ONLY:
+ self->secrets_only = g_value_get_boolean (value);
+ break;
+ case PROP_IS_EDITOR:
+ self->is_editor = g_value_get_boolean (value);
+ break;
+ case PROP_SECRETS_HINTS:
+ self->secrets_hints = g_value_dup_boxed (value);
+ break;
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ break;
+ }
+}
+
+static void
+nma_ws_802_1x_init (NMAWs8021x *self)
+{
+ gtk_widget_init_template (GTK_WIDGET (self));
+}
+
+static void
+nma_ws_interface_init (NMAWsInterface *iface)
+{
+ iface->validate = validate;
+ iface->add_to_size_group = add_to_size_group;
+ iface->fill_connection = nma_ws_802_1x_fill_connection;
+ iface->update_secrets = update_secrets;
+ iface->adhoc_compatible = FALSE;
+ iface->hotspot_compatible = FALSE;
+}
+
+static void
+constructed (GObject *object)
+{
+ NMAWs8021x *self = NMA_WS_802_1X (object);
+ GtkListStore *auth_model;
+ GtkTreeIter iter;
+ NMAEapSimple *em_md5;
+ NMAEapTls *em_tls;
+ NMAEapLeap *em_leap;
+ NMAEapSimple *em_pwd;
+ NMAEapFast *em_fast;
+ NMAEapTtls *em_ttls;
+ NMAEapPeap *em_peap;
+ const char *default_method = NULL, *ctype = NULL;
+ int active = -1, item = 0;
+ gboolean wired = FALSE;
+ NMAEapSimpleFlags simple_flags = NMA_EAP_SIMPLE_FLAG_NONE;
+
+ /* Grab the default EAP method out of the security object */
+ if (self->connection) {
+ NMSettingConnection *s_con;
+ NMSetting8021x *s_8021x;
+
+ s_con = nm_connection_get_setting_connection (self->connection);
+ if (s_con)
+ ctype = nm_setting_connection_get_connection_type (s_con);
+ if ( (g_strcmp0 (ctype, NM_SETTING_WIRED_SETTING_NAME) == 0)
+ || nm_connection_get_setting_wired (self->connection))
+ wired = TRUE;
+
+ s_8021x = nm_connection_get_setting_802_1x (self->connection);
+ if (s_8021x && nm_setting_802_1x_get_num_eap_methods (s_8021x))
+ default_method = nm_setting_802_1x_get_eap_method (s_8021x, 0);
+ }
+
+ /* initialize NMAWs userpass from connection (clear if no connection) */
+ init_userpass (self, self->connection);
+
+ auth_model = gtk_list_store_new (2, G_TYPE_STRING, nma_eap_get_type ());
+
+ if (self->is_editor)
+ simple_flags |= NMA_EAP_SIMPLE_FLAG_IS_EDITOR;
+ if (self->secrets_only)
+ simple_flags |= NMA_EAP_SIMPLE_FLAG_SECRETS_ONLY;
+
+ if (wired) {
+ em_md5 = nma_eap_simple_new (self, self->connection, NMA_EAP_SIMPLE_TYPE_MD5, simple_flags,
NULL);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ AUTH_NAME_COLUMN, _("MD5"),
+ AUTH_METHOD_COLUMN, em_md5,
+ -1);
+ nma_eap_unref (NMA_EAP (em_md5));
+ if (default_method && (active < 0) && !strcmp (default_method, "md5"))
+ active = item;
+ item++;
+ }
+
+ em_tls = nma_eap_tls_new (self, self->connection, FALSE, self->secrets_only);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ AUTH_NAME_COLUMN, _("TLS"),
+ AUTH_METHOD_COLUMN, em_tls,
+ -1);
+ nma_eap_unref (NMA_EAP (em_tls));
+ if (default_method && (active < 0) && !strcmp (default_method, "tls"))
+ active = item;
+ item++;
+
+ if (!wired) {
+ em_leap = nma_eap_leap_new (self, self->connection, self->secrets_only);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ AUTH_NAME_COLUMN, _("LEAP"),
+ AUTH_METHOD_COLUMN, em_leap,
+ -1);
+ nma_eap_unref (NMA_EAP (em_leap));
+ if (default_method && (active < 0) && !strcmp (default_method, "leap"))
+ active = item;
+ item++;
+ }
+
+ em_pwd = nma_eap_simple_new (self, self->connection, NMA_EAP_SIMPLE_TYPE_PWD, simple_flags, NULL);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ AUTH_NAME_COLUMN, _("PWD"),
+ AUTH_METHOD_COLUMN, em_pwd,
+ -1);
+ nma_eap_unref (NMA_EAP (em_pwd));
+ if (default_method && (active < 0) && !strcmp (default_method, "pwd"))
+ active = item;
+ item++;
+
+ em_fast = nma_eap_fast_new (self, self->connection, self->is_editor, self->secrets_only);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ AUTH_NAME_COLUMN, _("FAST"),
+ AUTH_METHOD_COLUMN, em_fast,
+ -1);
+ nma_eap_unref (NMA_EAP (em_fast));
+ if (default_method && (active < 0) && !strcmp (default_method, "fast"))
+ active = item;
+ item++;
+
+ em_ttls = nma_eap_ttls_new (self, self->connection, self->is_editor, self->secrets_only);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ AUTH_NAME_COLUMN, _("Tunneled TLS"),
+ AUTH_METHOD_COLUMN, em_ttls,
+ -1);
+ nma_eap_unref (NMA_EAP (em_ttls));
+ if (default_method && (active < 0) && !strcmp (default_method, "ttls"))
+ active = item;
+ item++;
+
+ em_peap = nma_eap_peap_new (self, self->connection, self->is_editor, self->secrets_only);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ AUTH_NAME_COLUMN, _("Protected EAP (PEAP)"),
+ AUTH_METHOD_COLUMN, em_peap,
+ -1);
+ nma_eap_unref (NMA_EAP (em_peap));
+ if (default_method && (active < 0) && !strcmp (default_method, "peap"))
+ active = item;
+ item++;
+
+ if (self->secrets_hints && self->secrets_hints[0]) {
+ NMAEapSimple *em_hints;
+
+ em_hints = nma_eap_simple_new (self, self->connection, NMA_EAP_SIMPLE_TYPE_UNKNOWN,
+ simple_flags, (const char **)self->secrets_hints);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ AUTH_NAME_COLUMN, _("Unknown"),
+ AUTH_METHOD_COLUMN, em_hints,
+ -1);
+ nma_eap_unref (NMA_EAP (em_hints));
+ active = item;
+ item++;
+ } else if (default_method && !strcmp (default_method, "external")) {
+ NMAEapSimple *em_extern;
+ const char *empty_hints[] = { NULL };
+
+ em_extern = nma_eap_simple_new (self, self->connection, NMA_EAP_SIMPLE_TYPE_UNKNOWN,
+ simple_flags, empty_hints);
+ gtk_list_store_append (auth_model, &iter);
+ gtk_list_store_set (auth_model, &iter,
+ AUTH_NAME_COLUMN, _("Externally configured"),
+ AUTH_METHOD_COLUMN, em_extern,
+ -1);
+ nma_eap_unref (NMA_EAP (em_extern));
+ active = item;
+ item++;
+ }
+
+ gtk_combo_box_set_model (GTK_COMBO_BOX (self->eap_auth_combo), GTK_TREE_MODEL (auth_model));
+ g_object_unref (G_OBJECT (auth_model));
+ gtk_combo_box_set_active (GTK_COMBO_BOX (self->eap_auth_combo), active < 0 ? 0 : (guint32) active);
+
+ if (self->secrets_only) {
+ gtk_widget_hide (self->eap_auth_combo);
+ gtk_widget_hide (self->eap_auth_label);
+ }
+
+ G_OBJECT_CLASS (nma_ws_802_1x_parent_class)->constructed (object);
+}
+
+NMAWs8021x *
+nma_ws_802_1x_new (NMConnection *connection, gboolean secrets_only)
+{
+ return g_object_new (NMA_TYPE_WS_802_1X,
+ "connection", connection,
+ "secrets-only", secrets_only,
+ NULL);
+}
+
+static void
+dispose (GObject *object)
+{
+ NMAWs8021x *self = NMA_WS_802_1X (object);
+
+ g_clear_object (&self->connection);
+ g_clear_pointer (&self->secrets_hints, g_strfreev);
+ g_clear_pointer (&self->username, g_free);
+ g_clear_pointer (&self->password, g_free);
+}
+
+static void
+nma_ws_802_1x_class_init (NMAWs8021xClass *klass)
+{
+ GObjectClass *object_class = G_OBJECT_CLASS (klass);
+ GtkWidgetClass *widget_class = GTK_WIDGET_CLASS (klass);
+
+ object_class->get_property = get_property;
+ object_class->set_property = set_property;
+ object_class->constructed = constructed;
+ object_class->dispose = dispose;
+
+ g_object_class_override_property (object_class,
+ PROP_CONNECTION, "connection");
+
+ g_object_class_override_property (object_class,
+ PROP_SECRETS_ONLY, "secrets-only");
+
+ g_object_class_install_property
+ (object_class, PROP_IS_EDITOR,
+ g_param_spec_boolean ("is-editor", "", "",
+ FALSE,
+ G_PARAM_READWRITE
+ | G_PARAM_CONSTRUCT
+ | G_PARAM_STATIC_STRINGS));
+
+ g_object_class_install_property
+ (object_class, PROP_SECRETS_HINTS,
+ g_param_spec_boxed ("secrets-hints", "", "",
+ G_TYPE_STRV,
+ G_PARAM_READWRITE
+ | G_PARAM_CONSTRUCT
+ | G_PARAM_STATIC_STRINGS));
+
+ gtk_widget_class_set_template_from_resource (widget_class,
+ "/org/gnome/libnma/nma-ws-802-1x.ui");
+
+ gtk_widget_class_bind_template_child (widget_class, NMAWs8021x, eap_auth_combo);
+ gtk_widget_class_bind_template_child (widget_class, NMAWs8021x, eap_auth_label);
+ gtk_widget_class_bind_template_child (widget_class, NMAWs8021x, eap_vbox);
+
+ gtk_widget_class_bind_template_callback (widget_class, auth_combo_changed_cb);
+}
diff --git a/src/nma-ws/nma-ws-802-1x.h b/src/nma-ws/nma-ws-802-1x.h
new file mode 100644
index 00000000..ed330778
--- /dev/null
+++ b/src/nma-ws/nma-ws-802-1x.h
@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_WS_802_1X_H
+#define NMA_WS_802_1X_H
+
+#include "nma-version.h"
+
+G_BEGIN_DECLS
+
+typedef struct _NMAWs8021xClass NMAWs8021xClass;
+typedef struct _NMAWs8021x NMAWs8021x;
+
+#define NMA_TYPE_WS_802_1X (nma_ws_802_1x_get_type ())
+#define NMA_WS_802_1X(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NMA_TYPE_WS_802_1X, NMAWs8021x))
+#define NMA_WS_802_1X_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NMA_TYPE_WS_802_1X,
NMAWs8021xClass))
+#define NMA_IS_WS_802_1X(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NMA_TYPE_WS_802_1X))
+#define NMA_IS_WS_802_1X_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NMA_TYPE_WS_802_1X))
+#define NMA_WS_802_1X_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NMA_TYPE_WS_802_1X,
NMAWs8021xClass))
+
+NMA_AVAILABLE_IN_1_8_28
+GType nma_ws_802_1x_get_type (void);
+
+NMA_AVAILABLE_IN_1_8_28
+NMAWs8021x *nma_ws_802_1x_new (NMConnection *connection, gboolean secrets_only);
+
+G_END_DECLS
+
+#endif /* NMA_WS_802_1X_H */
diff --git a/src/nma-ws/nma-ws-802-1x.ui b/src/nma-ws/nma-ws-802-1x.ui
new file mode 100644
index 00000000..74233203
--- /dev/null
+++ b/src/nma-ws/nma-ws-802-1x.ui
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Generated with glade 3.22.1 -->
+<interface domain="nm-applet">
+ <requires lib="gtk+" version="3.10"/>
+ <object class="GtkListStore" id="model5">
+ <columns>
+ <!-- column-name gchararray -->
+ <column type="gchararray"/>
+ </columns>
+ <data>
+ <row>
+ <col id="0"> </col>
+ </row>
+ </data>
+ </object>
+ <template class="NMAWs8021x" parent="GtkGrid">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="row_spacing">6</property>
+ <property name="column_spacing">6</property>
+ <child>
+ <object class="GtkLabel" id="eap_auth_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">Au_thentication</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">eap_auth_combo</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkComboBox" id="eap_auth_combo">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="hexpand">True</property>
+ <property name="model">model5</property>
+ <child>
+ <object class="GtkCellRendererText" id="renderer5"/>
+ <attributes>
+ <attribute name="text">0</attribute>
+ </attributes>
+ </child>
+ <signal name="changed" handler="auth_combo_changed_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkBox" id="eap_vbox">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="hexpand">True</property>
+ <property name="orientation">vertical</property>
+ <property name="spacing">6</property>
+ <child>
+ <placeholder/>
+ </child>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">1</property>
+ <property name="width">2</property>
+ </packing>
+ </child>
+ </template>
+</interface>
diff --git a/src/nma-ws/nma-ws-dynamic-wep.c b/src/nma-ws/nma-ws-dynamic-wep.c
new file mode 100644
index 00000000..911d7db6
--- /dev/null
+++ b/src/nma-ws/nma-ws-dynamic-wep.c
@@ -0,0 +1,68 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+#include "nm-default.h"
+#include "nma-private.h"
+
+#include "nma-ws.h"
+#include "nma-ws-private.h"
+#include "nma-ws-802-1x.h"
+#include "nma-ws-802-1x-private.h"
+#include "nma-ws-dynamic-wep.h"
+
+typedef struct {
+ NMAWs8021xClass parent;
+} NMAWsDynamicWepClass;
+
+struct _NMAWsDynamicWep {
+ NMAWs8021x parent;
+};
+
+static void nma_ws_interface_init (NMAWsInterface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (NMAWsDynamicWep, nma_ws_dynamic_wep, NMA_TYPE_WS_802_1X,
+ G_IMPLEMENT_INTERFACE (NMA_TYPE_WS, nma_ws_interface_init))
+
+static void
+fill_connection (NMAWs *ws, NMConnection *connection)
+{
+ NMSettingWirelessSecurity *s_wireless_sec;
+
+ nma_ws_802_1x_fill_connection (ws, connection);
+
+ s_wireless_sec = nm_connection_get_setting_wireless_security (connection);
+ g_return_if_fail (s_wireless_sec);
+
+ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "ieee8021x", NULL);
+}
+
+static void
+nma_ws_dynamic_wep_init (NMAWsDynamicWep *self)
+{
+}
+
+static void
+nma_ws_interface_init (NMAWsInterface *iface)
+{
+ iface->fill_connection = fill_connection;
+}
+
+NMAWsDynamicWep *
+nma_ws_dynamic_wep_new (NMConnection *connection,
+ gboolean is_editor,
+ gboolean secrets_only)
+{
+ return g_object_new (NMA_TYPE_WS_DYNAMIC_WEP,
+ "connection", connection,
+ "secrets-only", secrets_only,
+ "is-editor", is_editor,
+ NULL);
+}
+
+static void
+nma_ws_dynamic_wep_class_init (NMAWsDynamicWepClass *klass)
+{
+}
diff --git a/src/nma-ws/nma-ws-dynamic-wep.h b/src/nma-ws/nma-ws-dynamic-wep.h
new file mode 100644
index 00000000..9057c52c
--- /dev/null
+++ b/src/nma-ws/nma-ws-dynamic-wep.h
@@ -0,0 +1,34 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_WS_DYNAMIC_WEP_H
+#define NMA_WS_DYNAMIC_WEP_H
+
+#include "nma-version.h"
+
+G_BEGIN_DECLS
+
+typedef struct _NMAWsDynamicWep NMAWsDynamicWep;
+
+#define NMA_TYPE_WS_DYNAMIC_WEP (nma_ws_dynamic_wep_get_type ())
+#define NMA_WS_DYNAMIC_WEP(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NMA_TYPE_WS_SAE,
NMAWsDynamicWep))
+#define NMA_WS_DYNAMIC_WEP_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NMA_TYPE_WS_SAE,
NMAWsDynamicWepClass))
+#define NMA_IS_WS_DYNAMIC_WEP(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NMA_TYPE_WS_SAE))
+#define NMA_IS_WS_DYNAMIC_WEP_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NMA_TYPE_WS_SAE))
+#define NMA_WS_DYNAMIC_WEP_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NMA_TYPE_WS_SAE,
NMAWsDynamicWepClass))
+
+NMA_AVAILABLE_IN_1_8_28
+GType nma_ws_dynamic_wep_get_type (void);
+
+NMA_AVAILABLE_IN_1_8_28
+NMAWsDynamicWep *nma_ws_dynamic_wep_new (NMConnection *connection,
+ gboolean is_editor,
+ gboolean secrets_only);
+
+G_END_DECLS
+
+#endif /* NMA_WS_DYNAMIC_WEP_H */
diff --git a/src/nma-ws/nma-ws-helpers.c b/src/nma-ws/nma-ws-helpers.c
new file mode 100644
index 00000000..d517ae38
--- /dev/null
+++ b/src/nma-ws/nma-ws-helpers.c
@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2009 - 2019 Red Hat, Inc.
+ */
+
+#include "nm-default.h"
+#include "nma-private.h"
+#include "nma-ws-helpers.h"
+
+void
+nma_ws_helper_fill_secret_entry (NMConnection *connection,
+ GtkEditable *entry,
+ GType setting_type,
+ HelperSecretFunc func)
+{
+ NMSetting *setting;
+ const char *tmp;
+
+ g_return_if_fail (connection != NULL);
+ g_return_if_fail (entry != NULL);
+ g_return_if_fail (func != NULL);
+
+ setting = nm_connection_get_setting (connection, setting_type);
+ if (setting) {
+ tmp = (*func) (setting);
+ if (tmp)
+ gtk_editable_set_text (entry, tmp);
+ }
+}
diff --git a/src/nma-ws/nma-ws-helpers.h b/src/nma-ws/nma-ws-helpers.h
new file mode 100644
index 00000000..3f842646
--- /dev/null
+++ b/src/nma-ws/nma-ws-helpers.h
@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2009 - 2019 Red Hat, Inc.
+ */
+
+#ifndef _NMA_WS_HELPERS_H_
+#define _NMA_WS_HELPERS_H_
+
+typedef const char * (*HelperSecretFunc)(NMSetting *);
+
+void nma_ws_helper_fill_secret_entry (NMConnection *connection,
+ GtkEditable *entry,
+ GType setting_type,
+ HelperSecretFunc func);
+
+#endif /* _NMA_WS_HELPERS_H_ */
diff --git a/src/nma-ws/nma-ws-leap.c b/src/nma-ws/nma-ws-leap.c
new file mode 100644
index 00000000..ef2cf8bf
--- /dev/null
+++ b/src/nma-ws/nma-ws-leap.c
@@ -0,0 +1,293 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#include "nm-default.h"
+#include "nma-private.h"
+
+#include <ctype.h>
+#include <string.h>
+
+#include "nma-ws.h"
+#include "nma-ws-private.h"
+#include "nma-ws-leap.h"
+#include "nma-ws-helpers.h"
+#include "nma-ui-utils.h"
+#include "utils.h"
+
+typedef struct {
+ GtkGridClass parent;
+} NMAWsLeapClass;
+
+struct _NMAWsLeap {
+ GtkGrid parent;
+
+ GtkWidget *leap_username_entry;
+ GtkWidget *leap_password_entry;
+ GtkWidget *leap_username_label;
+ GtkWidget *leap_password_label;
+ GtkWidget *show_checkbutton_leap;
+
+ NMConnection *connection;
+ gboolean secrets_only;
+};
+
+static void nma_ws_interface_init (NMAWsInterface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (NMAWsLeap, nma_ws_leap, GTK_TYPE_GRID,
+ G_IMPLEMENT_INTERFACE (NMA_TYPE_WS, nma_ws_interface_init))
+
+enum {
+ PROP_0,
+ PROP_CONNECTION,
+ PROP_SECRETS_ONLY,
+ PROP_LAST
+};
+
+static void
+show_toggled_cb (GtkCheckButton *button, gpointer user_data)
+{
+ NMAWsLeap *self = NMA_WS_LEAP (user_data);
+ gboolean visible;
+
+ visible = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button));
+ gtk_entry_set_visibility (GTK_ENTRY (self->leap_password_entry), visible);
+}
+
+static gboolean
+validate (NMAWs *ws, GError **error)
+{
+ NMAWsLeap *self = NMA_WS_LEAP (ws);
+ NMSettingSecretFlags secret_flags;
+ const char *text;
+ gboolean ret = TRUE;
+
+ text = gtk_editable_get_text (GTK_EDITABLE (self->leap_username_entry));
+ if (!text || !strlen (text)) {
+ widget_set_error (self->leap_username_entry);
+ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing leap-username"));
+ ret = FALSE;
+ } else {
+ widget_unset_error (self->leap_username_entry);
+ }
+
+ secret_flags = nma_utils_menu_to_secret_flags (self->leap_password_entry);
+ text = gtk_editable_get_text (GTK_EDITABLE (self->leap_password_entry));
+
+ if ( secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED
+ || secret_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED
+ || (text && strlen (text))) {
+ widget_unset_error (self->leap_password_entry);
+ } else {
+ widget_set_error (self->leap_password_entry);
+ if (ret) {
+ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing leap-password"));
+ ret = FALSE;
+ }
+ }
+
+ return ret;
+}
+
+static void
+add_to_size_group (NMAWs *ws, GtkSizeGroup *group)
+{
+ NMAWsLeap *self = NMA_WS_LEAP (ws);
+
+ gtk_size_group_add_widget (group, self->leap_username_label);
+ gtk_size_group_add_widget (group, self->leap_password_label);
+}
+
+static void
+fill_connection (NMAWs *ws, NMConnection *connection)
+{
+ NMAWsLeap *self = NMA_WS_LEAP (ws);
+ NMSettingWirelessSecurity *s_wireless_sec;
+ NMSettingSecretFlags secret_flags;
+ const char *leap_password = NULL, *leap_username = NULL;
+
+ /* Blow away the old security setting by adding a clear one */
+ s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new ();
+ nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec);
+
+ leap_username = gtk_editable_get_text (GTK_EDITABLE (self->leap_username_entry));
+ leap_password = gtk_editable_get_text (GTK_EDITABLE (self->leap_password_entry));
+
+ g_object_set (s_wireless_sec,
+ NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "ieee8021x",
+ NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "leap",
+ NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME, leap_username,
+ NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD, leap_password,
+ NULL);
+
+ /* Save LEAP_PASSWORD_FLAGS to the connection */
+ secret_flags = nma_utils_menu_to_secret_flags (self->leap_password_entry);
+ nm_setting_set_secret_flags (NM_SETTING (s_wireless_sec), NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD,
+ secret_flags, NULL);
+
+ /* Update secret flags and popup when editing the connection */
+ if (!self->secrets_only) {
+ nma_utils_update_password_storage (self->leap_password_entry, secret_flags,
+ NM_SETTING (s_wireless_sec),
+ NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD);
+ }
+}
+
+static void
+update_secrets (NMAWs *ws, NMConnection *connection)
+{
+ NMAWsLeap *self = NMA_WS_LEAP (ws);
+
+ nma_ws_helper_fill_secret_entry (connection,
+ GTK_EDITABLE (self->leap_password_entry),
+ NM_TYPE_SETTING_WIRELESS_SECURITY,
+ (HelperSecretFunc) nm_setting_wireless_security_get_leap_password);
+}
+
+static void
+get_property (GObject *object,
+ guint prop_id,
+ GValue *value,
+ GParamSpec *pspec)
+{
+ NMAWsLeap *self = NMA_WS_LEAP (object);
+
+ switch (prop_id) {
+ case PROP_CONNECTION:
+ g_value_set_object (value, self->connection);
+ break;
+ case PROP_SECRETS_ONLY:
+ g_value_set_boolean (value, self->secrets_only);
+ break;
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ break;
+ }
+}
+
+static void
+set_property (GObject *object,
+ guint prop_id,
+ const GValue *value,
+ GParamSpec *pspec)
+{
+ NMAWsLeap *self = NMA_WS_LEAP (object);
+
+ switch (prop_id) {
+ case PROP_CONNECTION:
+ self->connection = g_value_dup_object (value);
+ break;
+ case PROP_SECRETS_ONLY:
+ self->secrets_only = g_value_get_boolean (value);
+ break;
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ break;
+ }
+}
+
+static void
+nma_ws_leap_init (NMAWsLeap *self)
+{
+ gtk_widget_init_template (GTK_WIDGET (self));
+}
+
+static void
+nma_ws_interface_init (NMAWsInterface *iface)
+{
+ iface->validate = validate;
+ iface->add_to_size_group = add_to_size_group;
+ iface->fill_connection = fill_connection;
+ iface->update_secrets = update_secrets;
+ iface->adhoc_compatible = FALSE;
+ iface->hotspot_compatible = FALSE;
+}
+
+static void
+constructed (GObject *object)
+{
+ NMAWsLeap *self = NMA_WS_LEAP (object);
+ NMSettingWirelessSecurity *wsec = NULL;
+
+ if (self->connection) {
+ wsec = nm_connection_get_setting_wireless_security (self->connection);
+ if (wsec) {
+ const char *auth_alg;
+
+ /* Ignore if wireless security doesn't specify LEAP */
+ auth_alg = nm_setting_wireless_security_get_auth_alg (wsec);
+ if (!auth_alg || strcmp (auth_alg, "leap"))
+ wsec = NULL;
+ }
+ }
+
+ /* Create password-storage popup menu for password entry under entry's secondary icon */
+ nma_utils_setup_password_storage (self->leap_password_entry, 0, (NMSetting *) wsec,
+ NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD,
+ FALSE, self->secrets_only);
+
+ if (wsec) {
+ update_secrets (NMA_WS (self), self->connection);
+ gtk_editable_set_text (GTK_EDITABLE (self->leap_username_entry),
+ nm_setting_wireless_security_get_leap_username (wsec));
+ }
+
+ if (self->secrets_only) {
+ gtk_widget_hide (self->leap_username_label);
+ gtk_widget_hide (self->leap_username_entry);
+ }
+
+ gtk_widget_grab_focus (self->leap_password_entry);
+
+ G_OBJECT_CLASS (nma_ws_leap_parent_class)->constructed (object);
+}
+
+NMAWsLeap *
+nma_ws_leap_new (NMConnection *connection, gboolean secrets_only)
+{
+ return g_object_new (NMA_TYPE_WS_LEAP,
+ "connection", connection,
+ "secrets-only", secrets_only,
+ NULL);
+}
+
+static void
+dispose (GObject *object)
+{
+ NMAWsLeap *self = NMA_WS_LEAP (object);
+
+ g_clear_object (&self->connection);
+}
+
+static void
+nma_ws_leap_class_init (NMAWsLeapClass *klass)
+{
+ GObjectClass *object_class = G_OBJECT_CLASS (klass);
+ GtkWidgetClass *widget_class = GTK_WIDGET_CLASS (klass);
+
+ object_class->get_property = get_property;
+ object_class->set_property = set_property;
+ object_class->constructed = constructed;
+ object_class->dispose = dispose;
+
+ g_object_class_override_property (object_class,
+ PROP_CONNECTION, "connection");
+
+ g_object_class_override_property (object_class,
+ PROP_SECRETS_ONLY, "secrets-only");
+
+ gtk_widget_class_set_template_from_resource (widget_class,
+ "/org/gnome/libnma/nma-ws-leap.ui");
+
+ gtk_widget_class_bind_template_child (widget_class, NMAWsLeap, leap_username_entry);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsLeap, leap_password_entry);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsLeap, leap_username_label);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsLeap, leap_password_label);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsLeap, show_checkbutton_leap);
+
+ gtk_widget_class_bind_template_callback (widget_class, nma_ws_changed_cb);
+ gtk_widget_class_bind_template_callback (widget_class, show_toggled_cb);
+}
diff --git a/src/nma-ws/nma-ws-leap.h b/src/nma-ws/nma-ws-leap.h
new file mode 100644
index 00000000..0f99bc12
--- /dev/null
+++ b/src/nma-ws/nma-ws-leap.h
@@ -0,0 +1,32 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_WS_LEAP_H
+#define NMA_WS_LEAP_H
+
+#include "nma-version.h"
+
+G_BEGIN_DECLS
+
+typedef struct _NMAWsLeap NMAWsLeap;
+
+#define NMA_TYPE_WS_LEAP (nma_ws_leap_get_type ())
+#define NMA_WS_LEAP(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NMA_TYPE_WS_LEAP, NMAWsLeap))
+#define NMA_WS_LEAP_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NMA_TYPE_WS_LEAP, NMAWsLeapClass))
+#define NMA_IS_WS_LEAP(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NMA_TYPE_WS_LEAP))
+#define NMA_IS_WS_LEAP_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NMA_TYPE_WS_LEAP))
+#define NMA_WS_LEAP_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NMA_TYPE_WS_LEAP, NMAWsLeapClass))
+
+NMA_AVAILABLE_IN_1_8_28
+GType nma_ws_leap_get_type (void);
+
+NMA_AVAILABLE_IN_1_8_28
+NMAWsLeap *nma_ws_leap_new (NMConnection *connection, gboolean secrets_only);
+
+G_END_DECLS
+
+#endif /* NMA_WS_LEAP_H */
diff --git a/src/nma-ws/nma-ws-leap.ui b/src/nma-ws/nma-ws-leap.ui
new file mode 100644
index 00000000..da44a23b
--- /dev/null
+++ b/src/nma-ws/nma-ws-leap.ui
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Generated with glade 3.22.1 -->
+<interface domain="nm-applet">
+ <requires lib="gtk+" version="3.10"/>
+ <template class="NMAWsLeap" parent="GtkGrid">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="valign">start</property>
+ <property name="row_spacing">6</property>
+ <property name="column_spacing">6</property>
+ <child>
+ <object class="GtkLabel" id="leap_username_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">_Username</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">leap_username_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="leap_password_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">_Password</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">leap_password_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="leap_password_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ <property name="visibility">False</property>
+ <property name="activates_default">True</property>
+ <signal name="changed" handler="nma_ws_changed_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkCheckButton" id="show_checkbutton_leap">
+ <property name="label" translatable="yes">Sho_w password</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="hexpand">True</property>
+ <property name="use_underline">True</property>
+ <property name="draw_indicator">True</property>
+ <signal name="toggled" handler="show_toggled_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">2</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="leap_username_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ <property name="activates_default">True</property>
+ <signal name="changed" handler="nma_ws_changed_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ </template>
+</interface>
diff --git a/src/nma-ws/nma-ws-private.h b/src/nma-ws/nma-ws-private.h
new file mode 100644
index 00000000..63bb97f2
--- /dev/null
+++ b/src/nma-ws/nma-ws-private.h
@@ -0,0 +1,27 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_WS_PRIVATE_H
+#define NMA_WS_PRIVATE_H
+
+typedef struct {
+ GTypeInterface parent;
+
+ void (*add_to_size_group) (NMAWs *self, GtkSizeGroup *group);
+ void (*fill_connection) (NMAWs *self, NMConnection *connection);
+ void (*update_secrets) (NMAWs *self, NMConnection *connection);
+ gboolean (*validate) (NMAWs *self, GError **error);
+
+ gboolean adhoc_compatible;
+ gboolean hotspot_compatible;
+} NMAWsInterface;
+
+void nma_ws_changed_cb (GtkWidget *entry, gpointer user_data);
+
+void nma_ws_clear_ciphers (NMConnection *connection);
+
+#endif /* NMA_WS_PRIVATE_H */
diff --git a/src/nma-ws/nma-ws-sae.c b/src/nma-ws/nma-ws-sae.c
new file mode 100644
index 00000000..a697b7c0
--- /dev/null
+++ b/src/nma-ws/nma-ws-sae.c
@@ -0,0 +1,285 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#include "nm-default.h"
+#include "nma-private.h"
+
+#include <ctype.h>
+#include <string.h>
+
+#include "nma-ws.h"
+#include "nma-ws-private.h"
+#include "nma-ws-sae.h"
+#include "nma-ws-helpers.h"
+#include "nma-ui-utils.h"
+#include "utils.h"
+
+typedef struct {
+ GtkGridClass parent;
+} NMAWsSaeClass;
+
+struct _NMAWsSae {
+ GtkGrid parent;
+
+ GtkWidget *psk_entry;
+ GtkWidget *sae_label;
+ GtkWidget *sae_type_combo;
+ GtkWidget *sae_type_label;
+ GtkWidget *show_checkbutton_sae;
+
+ NMConnection *connection;
+ gboolean secrets_only;
+};
+
+static void nma_ws_interface_init (NMAWsInterface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (NMAWsSae, nma_ws_sae, GTK_TYPE_GRID,
+ G_IMPLEMENT_INTERFACE (NMA_TYPE_WS, nma_ws_interface_init))
+
+enum {
+ PROP_0,
+ PROP_CONNECTION,
+ PROP_SECRETS_ONLY,
+ PROP_LAST
+};
+
+static void
+show_toggled_cb (GtkCheckButton *button, gpointer user_data)
+{
+ NMAWsSae *self = NMA_WS_SAE (user_data);
+ gboolean visible;
+
+ visible = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button));
+ gtk_entry_set_visibility (GTK_ENTRY (self->psk_entry), visible);
+}
+
+static gboolean
+validate (NMAWs *ws, GError **error)
+{
+ NMAWsSae *self = NMA_WS_SAE (ws);
+ NMSettingSecretFlags secret_flags;
+ const char *key;
+
+ secret_flags = nma_utils_menu_to_secret_flags (self->psk_entry);
+ key = gtk_editable_get_text (GTK_EDITABLE (self->psk_entry));
+
+ if ( secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED
+ || secret_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) {
+ /* All good. */
+ } else if (key == NULL || key[0] == '\0') {
+ widget_set_error (self->psk_entry);
+ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing password"));
+ return FALSE;
+ }
+ widget_unset_error (self->psk_entry);
+
+ return TRUE;
+}
+
+static void
+add_to_size_group (NMAWs *ws, GtkSizeGroup *group)
+{
+ NMAWsSae *self = NMA_WS_SAE (ws);
+
+ gtk_size_group_add_widget (group, self->sae_type_label);
+ gtk_size_group_add_widget (group, self->sae_label);
+}
+
+static void
+fill_connection (NMAWs *ws, NMConnection *connection)
+{
+ NMAWsSae *self = NMA_WS_SAE (ws);
+ const char *key;
+ NMSettingWireless *s_wireless;
+ NMSettingWirelessSecurity *s_wireless_sec;
+ NMSettingSecretFlags secret_flags;
+ const char *mode;
+ gboolean is_adhoc = FALSE;
+
+ s_wireless = nm_connection_get_setting_wireless (connection);
+ g_return_if_fail (s_wireless);
+
+ mode = nm_setting_wireless_get_mode (s_wireless);
+ if (mode && !strcmp (mode, "adhoc"))
+ is_adhoc = TRUE;
+
+ /* Blow away the old security setting by adding a clear one */
+ s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new ();
+ nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec);
+
+ key = gtk_editable_get_text (GTK_EDITABLE (self->psk_entry));
+ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_PSK, key, NULL);
+
+ /* Save PSK_FLAGS to the connection */
+ secret_flags = nma_utils_menu_to_secret_flags (self->psk_entry);
+ nm_setting_set_secret_flags (NM_SETTING (s_wireless_sec), NM_SETTING_WIRELESS_SECURITY_PSK,
+ secret_flags, NULL);
+
+ /* Update secret flags and popup when editing the connection */
+ if (!self->secrets_only) {
+ nma_utils_update_password_storage (self->psk_entry, secret_flags,
+ NM_SETTING (s_wireless_sec),
+ NM_SETTING_WIRELESS_SECURITY_PSK);
+ }
+
+ nma_ws_clear_ciphers (connection);
+ if (is_adhoc) {
+ /* Ad-Hoc settings as specified by the supplicant */
+ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "sae", NULL);
+ nm_setting_wireless_security_add_proto (s_wireless_sec, "rsn");
+ nm_setting_wireless_security_add_pairwise (s_wireless_sec, "ccmp");
+ nm_setting_wireless_security_add_group (s_wireless_sec, "ccmp");
+ } else {
+ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "sae", NULL);
+
+ /* Just leave ciphers and protocol empty, the supplicant will
+ * figure that out magically based on the AP IEs and card capabilities.
+ */
+ }
+}
+
+static void
+update_secrets (NMAWs *ws, NMConnection *connection)
+{
+ NMAWsSae *self = NMA_WS_SAE (ws);
+
+ nma_ws_helper_fill_secret_entry (connection,
+ GTK_EDITABLE (self->psk_entry),
+ NM_TYPE_SETTING_WIRELESS_SECURITY,
+ (HelperSecretFunc) nm_setting_wireless_security_get_psk);
+}
+
+static void
+get_property (GObject *object,
+ guint prop_id,
+ GValue *value,
+ GParamSpec *pspec)
+{
+ NMAWsSae *self = NMA_WS_SAE (object);
+
+ switch (prop_id) {
+ case PROP_CONNECTION:
+ g_value_set_object (value, self->connection);
+ break;
+ case PROP_SECRETS_ONLY:
+ g_value_set_boolean (value, self->secrets_only);
+ break;
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ break;
+ }
+}
+
+static void
+set_property (GObject *object,
+ guint prop_id,
+ const GValue *value,
+ GParamSpec *pspec)
+{
+ NMAWsSae *self = NMA_WS_SAE (object);
+
+ switch (prop_id) {
+ case PROP_CONNECTION:
+ self->connection = g_value_dup_object (value);
+ break;
+ case PROP_SECRETS_ONLY:
+ self->secrets_only = g_value_get_boolean (value);
+ break;
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ break;
+ }
+}
+
+static void
+nma_ws_sae_init (NMAWsSae *self)
+{
+ gtk_widget_init_template (GTK_WIDGET (self));
+}
+
+static void
+nma_ws_interface_init (NMAWsInterface *iface)
+{
+ iface->validate = validate;
+ iface->add_to_size_group = add_to_size_group;
+ iface->fill_connection = fill_connection;
+ iface->update_secrets = update_secrets;
+ iface->adhoc_compatible = TRUE;
+ iface->hotspot_compatible = TRUE;
+}
+
+static void
+constructed (GObject *object)
+{
+ NMAWsSae *self = NMA_WS_SAE (object);
+ NMSetting *setting = NULL;
+
+ /* Create password-storage popup menu for password entry under entry's secondary icon */
+ if (self->connection)
+ setting = (NMSetting *) nm_connection_get_setting_wireless_security (self->connection);
+ nma_utils_setup_password_storage (self->psk_entry, 0, setting, NM_SETTING_WIRELESS_SECURITY_PSK,
+ FALSE, self->secrets_only);
+
+ /* Fill secrets, if any */
+ if (self->connection)
+ update_secrets (NMA_WS (self), self->connection);
+
+ gtk_widget_grab_focus (self->psk_entry);
+
+ /* Hide WPA/RSN for now since this can be autodetected by NM and the
+ * supplicant when connecting to the AP.
+ */
+ gtk_widget_hide (self->sae_type_combo);
+ gtk_widget_hide (self->sae_type_label);
+
+ G_OBJECT_CLASS (nma_ws_sae_parent_class)->constructed (object);
+}
+
+NMAWsSae *
+nma_ws_sae_new (NMConnection *connection, gboolean secrets_only)
+{
+ return g_object_new (NMA_TYPE_WS_SAE,
+ "connection", connection,
+ "secrets-only", secrets_only,
+ NULL);
+}
+
+static void
+dispose (GObject *object)
+{
+ NMAWsSae *self = NMA_WS_SAE (object);
+
+ g_clear_object (&self->connection);
+}
+
+static void
+nma_ws_sae_class_init (NMAWsSaeClass *klass)
+{
+ GObjectClass *object_class = G_OBJECT_CLASS (klass);
+ GtkWidgetClass *widget_class = GTK_WIDGET_CLASS (klass);
+
+ object_class->get_property = get_property;
+ object_class->set_property = set_property;
+ object_class->constructed = constructed;
+ object_class->dispose = dispose;
+
+ g_object_class_override_property (object_class,
+ PROP_CONNECTION, "connection");
+
+ g_object_class_override_property (object_class,
+ PROP_SECRETS_ONLY, "secrets-only");
+
+ gtk_widget_class_set_template_from_resource (widget_class,
+ "/org/gnome/libnma/nma-ws-sae.ui");
+
+ gtk_widget_class_bind_template_child (widget_class, NMAWsSae, psk_entry);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsSae, sae_label);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsSae, sae_type_combo);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsSae, sae_type_label);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsSae, show_checkbutton_sae);
+
+ gtk_widget_class_bind_template_callback (widget_class, nma_ws_changed_cb);
+ gtk_widget_class_bind_template_callback (widget_class, show_toggled_cb);
+}
diff --git a/src/nma-ws/nma-ws-sae.h b/src/nma-ws/nma-ws-sae.h
new file mode 100644
index 00000000..14baad4b
--- /dev/null
+++ b/src/nma-ws/nma-ws-sae.h
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_WS_SAE_H
+#define NMA_WS_SAE_H
+
+#include "nma-version.h"
+
+G_BEGIN_DECLS
+
+typedef struct _NMAWsSae NMAWsSae;
+
+#define NMA_TYPE_WS_SAE (nma_ws_sae_get_type ())
+#define NMA_WS_SAE(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NMA_TYPE_WS_SAE, NMAWsSae))
+#define NMA_WS_SAE_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NMA_TYPE_WS_SAE, NMAWsSaeClass))
+#define NMA_IS_WS_SAE(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NMA_TYPE_WS_SAE))
+#define NMA_IS_WS_SAE_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NMA_TYPE_WS_SAE))
+#define NMA_WS_SAE_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NMA_TYPE_WS_SAE, NMAWsSaeClass))
+
+NMA_AVAILABLE_IN_1_8_28
+GType nma_ws_sae_get_type (void);
+
+NMA_AVAILABLE_IN_1_8_28
+NMAWsSae *nma_ws_sae_new (NMConnection *connection, gboolean secrets_only);
+
+G_END_DECLS
+
+#endif /* NMA_WS_SAE_H */
diff --git a/src/nma-ws/nma-ws-sae.ui b/src/nma-ws/nma-ws-sae.ui
new file mode 100644
index 00000000..89094a18
--- /dev/null
+++ b/src/nma-ws/nma-ws-sae.ui
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Generated with glade 3.22.1 -->
+<interface domain="nm-applet">
+ <requires lib="gtk+" version="3.10"/>
+ <template class="NMAWsSae" parent="GtkGrid">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="row_spacing">6</property>
+ <property name="column_spacing">6</property>
+ <child>
+ <object class="GtkLabel" id="sae_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">_Password</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">psk_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="psk_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ <property name="max_length">64</property>
+ <property name="visibility">False</property>
+ <property name="activates_default">True</property>
+ <property name="width_chars">28</property>
+ <signal name="changed" handler="nma_ws_changed_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="sae_type_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">_Type</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">sae_type_combo</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">2</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkCheckButton" id="show_checkbutton_sae">
+ <property name="label" translatable="yes">Sho_w password</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="hexpand">True</property>
+ <property name="use_underline">True</property>
+ <property name="draw_indicator">True</property>
+ <signal name="toggled" handler="show_toggled_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkComboBox" id="sae_type_combo">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">2</property>
+ </packing>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ </template>
+</interface>
diff --git a/src/nma-ws/nma-ws-wep-key.c b/src/nma-ws/nma-ws-wep-key.c
new file mode 100644
index 00000000..6150d282
--- /dev/null
+++ b/src/nma-ws/nma-ws-wep-key.c
@@ -0,0 +1,457 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#include "nm-default.h"
+#include "nma-private.h"
+
+#include <ctype.h>
+#include <string.h>
+
+#include "nma-ws.h"
+#include "nma-ws-private.h"
+#include "nma-ws-wep-key.h"
+#include "nma-ws-helpers.h"
+#include "nma-ui-utils.h"
+#include "utils.h"
+
+typedef struct {
+ GtkGridClass parent;
+} NMAWsWepKeyClass;
+
+struct _NMAWsWepKey {
+ GtkGrid parent;
+
+ GtkWidget *auth_method_combo;
+ GtkWidget *auth_method_label;
+ GtkWidget *key_index_combo;
+ GtkWidget *key_index_label;
+ GtkWidget *show_checkbutton_wep;
+ GtkWidget *wep_key_entry;
+ GtkWidget *wep_key_label;
+
+ NMConnection *connection;
+ gboolean secrets_only;
+ NMWepKeyType adhoc_create;
+ NMWepKeyType key_type;
+
+ char keys[4][65];
+ guint8 cur_index;
+};
+
+static void nma_ws_interface_init (NMAWsInterface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (NMAWsWepKey, nma_ws_wep_key, GTK_TYPE_GRID,
+ G_IMPLEMENT_INTERFACE (NMA_TYPE_WS, nma_ws_interface_init))
+
+enum {
+ PROP_0,
+ PROP_CONNECTION,
+ PROP_SECRETS_ONLY,
+ PROP_KEY_TYPE,
+ PROP_ADHOC_CREATE,
+ PROP_LAST
+};
+
+static void
+show_toggled_cb (GtkCheckButton *button, gpointer user_data)
+{
+ NMAWsWepKey *self = NMA_WS_WEP_KEY (user_data);
+ gboolean visible;
+
+ visible = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button));
+ gtk_entry_set_visibility (GTK_ENTRY (self->wep_key_entry), visible);
+}
+
+static void
+key_index_combo_changed_cb (GtkWidget *combo, NMAWs *ws)
+{
+ NMAWsWepKey *self = NMA_WS_WEP_KEY (ws);
+ GtkWidget *entry;
+ const char *key;
+ int key_index;
+
+ /* Save WEP key for old key index */
+ entry = GTK_WIDGET (self->wep_key_entry);
+ key = gtk_editable_get_text (GTK_EDITABLE (entry));
+ if (key)
+ g_strlcpy (self->keys[self->cur_index], key, sizeof (self->keys[self->cur_index]));
+ else
+ memset (self->keys[self->cur_index], 0, sizeof (self->keys[self->cur_index]));
+
+ key_index = gtk_combo_box_get_active (GTK_COMBO_BOX (combo));
+ g_return_if_fail (key_index <= 3);
+ g_return_if_fail (key_index >= 0);
+
+ /* Populate entry with key from new index */
+ gtk_editable_set_text (GTK_EDITABLE (entry), self->keys[key_index]);
+ self->cur_index = key_index;
+
+ nma_ws_changed_cb (combo, ws);
+}
+
+static gboolean
+validate (NMAWs *ws, GError **error)
+{
+ NMAWsWepKey *self = NMA_WS_WEP_KEY (ws);
+ NMSettingSecretFlags secret_flags;
+ const char *key;
+ int i;
+
+ secret_flags = nma_utils_menu_to_secret_flags (self->wep_key_entry);
+ key = gtk_editable_get_text (GTK_EDITABLE (self->wep_key_entry));
+
+ if ( secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED
+ || secret_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) {
+ /* All good. */
+ } else if (!key) {
+ widget_set_error (self->wep_key_entry);
+ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing wep-key"));
+ return FALSE;
+ } else if (self->key_type == NM_WEP_KEY_TYPE_KEY) {
+ if ((strlen (key) == 10) || (strlen (key) == 26)) {
+ for (i = 0; i < strlen (key); i++) {
+ if (!g_ascii_isxdigit (key[i])) {
+ widget_set_error (self->wep_key_entry);
+ g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wep-key:
key with a length of %zu must contain only hex-digits"), strlen (key));
+ return FALSE;
+ }
+ }
+ } else if ((strlen (key) == 5) || (strlen (key) == 13)) {
+ for (i = 0; i < strlen (key); i++) {
+ if (!utils_char_is_ascii_print (key[i])) {
+ widget_set_error (self->wep_key_entry);
+ g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wep-key:
key with a length of %zu must contain only ascii characters"), strlen (key));
+ return FALSE;
+ }
+ }
+ } else {
+ widget_set_error (self->wep_key_entry);
+ g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wep-key: wrong key
length %zu. A key must be either of length 5/13 (ascii) or 10/26 (hex)"), strlen (key));
+ return FALSE;
+ }
+ } else if (self->key_type == NM_WEP_KEY_TYPE_PASSPHRASE) {
+ if (!*key || (strlen (key) > 64)) {
+ widget_set_error (self->wep_key_entry);
+ if (!*key)
+ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wep-key:
passphrase must be non-empty"));
+ else
+ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wep-key:
passphrase must be shorter than 64 characters"));
+ return FALSE;
+ }
+ }
+ widget_unset_error (self->wep_key_entry);
+
+ return TRUE;
+}
+
+static void
+add_to_size_group (NMAWs *ws, GtkSizeGroup *group)
+{
+ NMAWsWepKey *self = NMA_WS_WEP_KEY (ws);
+
+ gtk_size_group_add_widget (group, self->auth_method_label);
+ gtk_size_group_add_widget (group, self->wep_key_label);
+ gtk_size_group_add_widget (group, self->key_index_label);
+}
+
+static void
+fill_connection (NMAWs *ws, NMConnection *connection)
+{
+ NMAWsWepKey *self = NMA_WS_WEP_KEY (ws);
+ NMSettingWirelessSecurity *s_wsec;
+ NMSettingSecretFlags secret_flags;
+ int auth_alg;
+ const char *key;
+ int i;
+
+ auth_alg = gtk_combo_box_get_active (GTK_COMBO_BOX (self->auth_method_combo));
+ key = gtk_editable_get_text (GTK_EDITABLE (self->wep_key_entry));
+ g_strlcpy (self->keys[self->cur_index], key, sizeof (self->keys[self->cur_index]));
+
+ /* Blow away the old security setting by adding a clear one */
+ s_wsec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new ();
+ nm_connection_add_setting (connection, (NMSetting *) s_wsec);
+
+ g_object_set (s_wsec,
+ NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "none",
+ NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX, self->cur_index,
+ NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, (auth_alg == 1) ? "shared" : "open",
+ NM_SETTING_WIRELESS_SECURITY_WEP_KEY_TYPE, self->key_type,
+ NULL);
+
+ for (i = 0; i < 4; i++) {
+ if (strlen (self->keys[i]))
+ nm_setting_wireless_security_set_wep_key (s_wsec, i, self->keys[i]);
+ }
+
+ /* Save WEP_KEY_FLAGS to the connection */
+ secret_flags = nma_utils_menu_to_secret_flags (self->wep_key_entry);
+ g_object_set (s_wsec, NM_SETTING_WIRELESS_SECURITY_WEP_KEY_FLAGS, secret_flags, NULL);
+
+ /* Update secret flags and popup when editing the connection */
+ if (!self->secrets_only) {
+ nma_utils_update_password_storage (self->wep_key_entry, secret_flags,
+ NM_SETTING (s_wsec),
+ NM_SETTING_WIRELESS_SECURITY_WEP_KEY0);
+ }
+}
+
+static void
+wep_entry_filter_cb (GtkEditable *editable,
+ char *text,
+ int length,
+ int *position,
+ gpointer data)
+{
+ NMAWsWepKey *self = NMA_WS_WEP_KEY (data);
+
+ if (self->key_type == NM_WEP_KEY_TYPE_KEY) {
+ utils_filter_editable_on_insert_text (editable,
+ text, length, position, data,
+ utils_char_is_ascii_print,
+ wep_entry_filter_cb);
+ }
+}
+
+
+static void
+update_secrets (NMAWs *ws, NMConnection *connection)
+{
+ NMAWsWepKey *self = NMA_WS_WEP_KEY (ws);
+ NMSettingWirelessSecurity *s_wsec;
+ const char *tmp;
+ int i;
+
+ s_wsec = nm_connection_get_setting_wireless_security (connection);
+ for (i = 0; s_wsec && i < 4; i++) {
+ tmp = nm_setting_wireless_security_get_wep_key (s_wsec, i);
+ if (tmp)
+ g_strlcpy (self->keys[i], tmp, sizeof (self->keys[i]));
+ }
+
+ if (strlen (self->keys[self->cur_index])) {
+ gtk_editable_set_text (GTK_EDITABLE (self->wep_key_entry),
+ self->keys[self->cur_index]);
+ }
+}
+
+
+static void
+get_property (GObject *object,
+ guint prop_id,
+ GValue *value,
+ GParamSpec *pspec)
+{
+ NMAWsWepKey *self = NMA_WS_WEP_KEY (object);
+
+ switch (prop_id) {
+ case PROP_CONNECTION:
+ g_value_set_object (value, self->connection);
+ break;
+ case PROP_SECRETS_ONLY:
+ g_value_set_boolean (value, self->secrets_only);
+ break;
+ case PROP_KEY_TYPE:
+ g_value_set_uint (value, self->key_type);
+ break;
+ case PROP_ADHOC_CREATE:
+ g_value_set_boolean (value, self->adhoc_create);
+ break;
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ break;
+ }
+}
+
+static void
+set_property (GObject *object,
+ guint prop_id,
+ const GValue *value,
+ GParamSpec *pspec)
+{
+ NMAWsWepKey *self = NMA_WS_WEP_KEY (object);
+
+ switch (prop_id) {
+ case PROP_CONNECTION:
+ self->connection = g_value_dup_object (value);
+ break;
+ case PROP_SECRETS_ONLY:
+ self->secrets_only = g_value_get_boolean (value);
+ break;
+ case PROP_KEY_TYPE:
+ self->key_type = g_value_get_uint (value);
+ break;
+ case PROP_ADHOC_CREATE:
+ self->adhoc_create = g_value_get_boolean (value);
+ break;
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ break;
+ }
+}
+
+static void
+nma_ws_wep_key_init (NMAWsWepKey *self)
+{
+ gtk_widget_init_template (GTK_WIDGET (self));
+}
+
+static void
+nma_ws_interface_init (NMAWsInterface *iface)
+{
+ iface->validate = validate;
+ iface->add_to_size_group = add_to_size_group;
+ iface->fill_connection = fill_connection;
+ iface->update_secrets = update_secrets;
+ iface->adhoc_compatible = TRUE;
+ iface->hotspot_compatible = TRUE;
+}
+
+static void
+constructed (GObject *object)
+{
+ NMAWsWepKey *self = NMA_WS_WEP_KEY (object);
+ NMSettingWirelessSecurity *s_wsec = NULL;
+ NMSetting *setting = NULL;
+ guint8 default_key_idx = 0;
+ gboolean is_adhoc = self->adhoc_create;
+ gboolean is_shared_key = FALSE;
+
+
+ /* Create password-storage popup menu for password entry under entry's secondary icon */
+ if (self->connection)
+ setting = (NMSetting *) nm_connection_get_setting_wireless_security (self->connection);
+ nma_utils_setup_password_storage (self->wep_key_entry, 0, setting,
+ NM_SETTING_WIRELESS_SECURITY_WEP_KEY0,
+ FALSE, self->secrets_only);
+
+ if (self->connection) {
+ NMSettingWireless *s_wireless;
+ const char *mode, *auth_alg;
+
+ s_wireless = nm_connection_get_setting_wireless (self->connection);
+ mode = s_wireless ? nm_setting_wireless_get_mode (s_wireless) : NULL;
+ if (mode && !strcmp (mode, "adhoc"))
+ is_adhoc = TRUE;
+
+ s_wsec = nm_connection_get_setting_wireless_security (self->connection);
+ if (s_wsec) {
+ auth_alg = nm_setting_wireless_security_get_auth_alg (s_wsec);
+ if (auth_alg && !strcmp (auth_alg, "shared"))
+ is_shared_key = TRUE;
+ }
+ }
+
+ if (self->key_type == NM_WEP_KEY_TYPE_KEY)
+ gtk_entry_set_max_length (GTK_ENTRY (self->wep_key_entry), 26);
+ else if (self->key_type == NM_WEP_KEY_TYPE_PASSPHRASE)
+ gtk_entry_set_max_length (GTK_ENTRY (self->wep_key_entry), 64);
+
+ if (self->connection && s_wsec)
+ default_key_idx = nm_setting_wireless_security_get_wep_tx_keyidx (s_wsec);
+
+ gtk_combo_box_set_active (GTK_COMBO_BOX (self->key_index_combo), default_key_idx);
+ self->cur_index = default_key_idx;
+
+ /* Key index is useless with adhoc networks */
+ if (is_adhoc || self->secrets_only) {
+ gtk_widget_hide (self->key_index_combo);
+ gtk_widget_hide (self->key_index_label);
+ }
+
+ /* Fill the key entry with the key for that index */
+ if (self->connection)
+ update_secrets (NMA_WS (self), self->connection);
+
+ gtk_combo_box_set_active (GTK_COMBO_BOX (self->auth_method_combo),
+ is_shared_key ? 1 : 0);
+
+ /* Don't show auth method for adhoc (which always uses open-system) or
+ * when in "simple" mode.
+ */
+ if (is_adhoc || self->secrets_only) {
+ /* Ad-Hoc connections can't use Shared Key auth */
+ if (is_adhoc)
+ gtk_combo_box_set_active (GTK_COMBO_BOX (self->auth_method_combo), 0);
+ gtk_widget_hide (self->auth_method_combo);
+ gtk_widget_hide (self->auth_method_label);
+ }
+
+ gtk_widget_grab_focus (self->wep_key_entry);
+
+ G_OBJECT_CLASS (nma_ws_wep_key_parent_class)->constructed (object);
+}
+
+NMAWsWepKey *
+nma_ws_wep_key_new (NMConnection *connection,
+ NMWepKeyType key_type,
+ gboolean adhoc_create,
+ gboolean secrets_only)
+{
+ return g_object_new (NMA_TYPE_WS_WEP_KEY,
+ "connection", connection,
+ "key-type", key_type,
+ "adhoc-create", adhoc_create,
+ "secrets-only", secrets_only,
+ NULL);
+}
+
+static void
+dispose (GObject *object)
+{
+ NMAWsWepKey *self = NMA_WS_WEP_KEY (object);
+
+ g_clear_object (&self->connection);
+}
+
+static void
+nma_ws_wep_key_class_init (NMAWsWepKeyClass *klass)
+{
+ GObjectClass *object_class = G_OBJECT_CLASS (klass);
+ GtkWidgetClass *widget_class = GTK_WIDGET_CLASS (klass);
+
+ object_class->get_property = get_property;
+ object_class->set_property = set_property;
+ object_class->constructed = constructed;
+ object_class->dispose = dispose;
+
+ g_object_class_override_property (object_class,
+ PROP_CONNECTION, "connection");
+
+ g_object_class_override_property (object_class,
+ PROP_SECRETS_ONLY, "secrets-only");
+
+ g_object_class_install_property
+ (object_class, PROP_KEY_TYPE,
+ g_param_spec_uint ("key-type", "", "",
+ 0, G_MAXUINT, 0,
+ G_PARAM_READWRITE
+ | G_PARAM_CONSTRUCT
+ | G_PARAM_STATIC_STRINGS));
+
+ g_object_class_install_property
+ (object_class, PROP_ADHOC_CREATE,
+ g_param_spec_boolean ("adhoc-create", "", "",
+ FALSE,
+ G_PARAM_READWRITE
+ | G_PARAM_CONSTRUCT
+ | G_PARAM_STATIC_STRINGS));
+
+ gtk_widget_class_set_template_from_resource (widget_class,
+ "/org/gnome/libnma/nma-ws-wep-key.ui");
+
+ gtk_widget_class_bind_template_child (widget_class, NMAWsWepKey, auth_method_combo);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsWepKey, auth_method_label);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsWepKey, key_index_combo);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsWepKey, key_index_label);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsWepKey, show_checkbutton_wep);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsWepKey, wep_key_entry);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsWepKey, wep_key_label);
+
+ gtk_widget_class_bind_template_callback (widget_class, key_index_combo_changed_cb);
+ gtk_widget_class_bind_template_callback (widget_class, nma_ws_changed_cb);
+ gtk_widget_class_bind_template_callback (widget_class, show_toggled_cb);
+ gtk_widget_class_bind_template_callback (widget_class, wep_entry_filter_cb);
+}
diff --git a/src/nma-ws/nma-ws-wep-key.h b/src/nma-ws/nma-ws-wep-key.h
new file mode 100644
index 00000000..308f975c
--- /dev/null
+++ b/src/nma-ws/nma-ws-wep-key.h
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_WS_WEP_KEY_H
+#define NMA_WS_WEP_KEY_H
+
+#include "nma-version.h"
+
+G_BEGIN_DECLS
+
+typedef struct _NMAWsWepKey NMAWsWepKey;
+
+#define NMA_TYPE_WS_WEP_KEY (nma_ws_wep_key_get_type ())
+#define NMA_WS_WEP_KEY(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NMA_TYPE_WS_WEP_KEY, NMAWsWepKey))
+#define NMA_WS_WEP_KEY_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NMA_TYPE_WS_WEP_KEY,
NMAWsWepKeyClass))
+#define NMA_IS_WS_WEP_KEY(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NMA_TYPE_WS_WEP_KEY))
+#define NMA_IS_WS_WEP_KEY_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NMA_TYPE_WS_WEP_KEY))
+#define NMA_WS_WEP_KEY_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NMA_TYPE_WS_WEP_KEY,
NMAWsWepKeyClass))
+
+NMA_AVAILABLE_IN_1_8_28
+GType nma_ws_wep_key_get_type (void);
+
+NMA_AVAILABLE_IN_1_8_28
+NMAWsWepKey *nma_ws_wep_key_new (NMConnection *connection,
+ NMWepKeyType type,
+ gboolean adhoc_create,
+ gboolean secrets_only);
+
+G_END_DECLS
+
+#endif /* NMA_WS_WEP_KEY_H */
diff --git a/src/nma-ws/nma-ws-wep-key.ui b/src/nma-ws/nma-ws-wep-key.ui
new file mode 100644
index 00000000..f3e627d1
--- /dev/null
+++ b/src/nma-ws/nma-ws-wep-key.ui
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Generated with glade 3.22.1 -->
+<interface domain="nm-applet">
+ <requires lib="gtk+" version="3.10"/>
+ <object class="GtkListStore" id="model3">
+ <columns>
+ <!-- column-name gchararray -->
+ <column type="gchararray"/>
+ </columns>
+ <data>
+ <row>
+ <col id="0" translatable="yes">Open System</col>
+ </row>
+ <row>
+ <col id="0" translatable="yes">Shared Key</col>
+ </row>
+ </data>
+ </object>
+ <object class="GtkListStore" id="model4">
+ <columns>
+ <!-- column-name gchararray -->
+ <column type="gchararray"/>
+ </columns>
+ <data>
+ <row>
+ <col id="0" translatable="yes">1 (Default)</col>
+ </row>
+ <row>
+ <col id="0">2</col>
+ </row>
+ <row>
+ <col id="0">3</col>
+ </row>
+ <row>
+ <col id="0">4</col>
+ </row>
+ </data>
+ </object>
+ <template class="NMAWsWepKey" parent="GtkGrid">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="row_spacing">6</property>
+ <property name="column_spacing">6</property>
+ <child>
+ <object class="GtkLabel" id="wep_key_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">_Key</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">wep_key_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="wep_key_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ <property name="max_length">64</property>
+ <property name="visibility">False</property>
+ <property name="activates_default">True</property>
+ <property name="width_chars">28</property>
+ <signal name="changed" handler="nma_ws_changed_cb" swapped="no"/>
+ <signal name="insert-text" handler="wep_entry_filter_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkCheckButton" id="show_checkbutton_wep">
+ <property name="label" translatable="yes">Sho_w key</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="hexpand">True</property>
+ <property name="use_underline">True</property>
+ <property name="draw_indicator">True</property>
+ <signal name="toggled" handler="show_toggled_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="auth_method_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">Au_thentication</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">auth_method_combo</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">3</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkComboBox" id="auth_method_combo">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="hexpand">True</property>
+ <property name="model">model3</property>
+ <child>
+ <object class="GtkCellRendererText" id="renderer3"/>
+ <attributes>
+ <attribute name="text">0</attribute>
+ </attributes>
+ </child>
+ <signal name="changed" handler="nma_ws_changed_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">3</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="key_index_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">WEP inde_x</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">key_index_combo</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">2</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkComboBox" id="key_index_combo">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="hexpand">True</property>
+ <property name="model">model4</property>
+ <child>
+ <object class="GtkCellRendererText" id="renderer4"/>
+ <attributes>
+ <attribute name="text">0</attribute>
+ </attributes>
+ </child>
+ <signal name="changed" handler="key_index_combo_changed_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">2</property>
+ </packing>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ </template>
+</interface>
diff --git a/src/nma-ws/nma-ws-wpa-eap.c b/src/nma-ws/nma-ws-wpa-eap.c
new file mode 100644
index 00000000..f8c8daf0
--- /dev/null
+++ b/src/nma-ws/nma-ws-wpa-eap.c
@@ -0,0 +1,70 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+#include "nm-default.h"
+#include "nma-private.h"
+
+#include "nma-ws.h"
+#include "nma-ws-private.h"
+#include "nma-ws-802-1x.h"
+#include "nma-ws-802-1x-private.h"
+#include "nma-ws-wpa-eap.h"
+
+typedef struct {
+ NMAWs8021xClass parent;
+} NMAWsWpaEapClass;
+
+struct _NMAWsWpaEap {
+ NMAWs8021x parent;
+};
+
+static void nma_ws_interface_init (NMAWsInterface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (NMAWsWpaEap, nma_ws_wpa_eap, NMA_TYPE_WS_802_1X,
+ G_IMPLEMENT_INTERFACE (NMA_TYPE_WS, nma_ws_interface_init))
+
+static void
+fill_connection (NMAWs *ws, NMConnection *connection)
+{
+ NMSettingWirelessSecurity *s_wireless_sec;
+
+ nma_ws_802_1x_fill_connection (ws, connection);
+
+ s_wireless_sec = nm_connection_get_setting_wireless_security (connection);
+ g_return_if_fail (s_wireless_sec);
+
+ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap", NULL);
+}
+
+static void
+nma_ws_wpa_eap_init (NMAWsWpaEap *self)
+{
+}
+
+static void
+nma_ws_interface_init (NMAWsInterface *iface)
+{
+ iface->fill_connection = fill_connection;
+}
+
+NMAWsWpaEap *
+nma_ws_wpa_eap_new (NMConnection *connection,
+ gboolean is_editor,
+ gboolean secrets_only,
+ const char *const*secrets_hints)
+{
+ return g_object_new (NMA_TYPE_WS_WPA_EAP,
+ "connection", connection,
+ "secrets-only", secrets_only,
+ "is-editor", is_editor,
+ "secrets-hints", secrets_hints,
+ NULL);
+}
+
+static void
+nma_ws_wpa_eap_class_init (NMAWsWpaEapClass *klass)
+{
+}
diff --git a/src/nma-ws/nma-ws-wpa-eap.h b/src/nma-ws/nma-ws-wpa-eap.h
new file mode 100644
index 00000000..e53df74b
--- /dev/null
+++ b/src/nma-ws/nma-ws-wpa-eap.h
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_WS_WPA_EAP_H
+#define NMA_WS_WPA_EAP_H
+
+#include "nma-version.h"
+
+G_BEGIN_DECLS
+
+typedef struct _NMAWsWpaEap NMAWsWpaEap;
+
+#define NMA_TYPE_WS_WPA_EAP (nma_ws_wpa_eap_get_type ())
+#define NMA_WS_WPA_EAP(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NMA_TYPE_WS_SAE, NMAWsWpaEap))
+#define NMA_WS_WPA_EAP_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NMA_TYPE_WS_SAE, NMAWsWpaEapClass))
+#define NMA_IS_WS_WPA_EAP(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NMA_TYPE_WS_SAE))
+#define NMA_IS_WS_WPA_EAP_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NMA_TYPE_WS_SAE))
+#define NMA_WS_WPA_EAP_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NMA_TYPE_WS_SAE, NMAWsWpaEapClass))
+
+NMA_AVAILABLE_IN_1_8_28
+GType nma_ws_wpa_eap_get_type (void);
+
+NMA_AVAILABLE_IN_1_8_28
+NMAWsWpaEap *nma_ws_wpa_eap_new (NMConnection *connection,
+ gboolean is_editor,
+ gboolean secrets_only,
+ const char *const*secrets_hints);
+
+G_END_DECLS
+
+#endif /* NMA_WS_WPA_EAP_H */
diff --git a/src/nma-ws/nma-ws-wpa-psk.c b/src/nma-ws/nma-ws-wpa-psk.c
new file mode 100644
index 00000000..a161243f
--- /dev/null
+++ b/src/nma-ws/nma-ws-wpa-psk.c
@@ -0,0 +1,303 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#include "nm-default.h"
+#include "nma-private.h"
+
+#include <ctype.h>
+#include <string.h>
+
+#include "nma-ws.h"
+#include "nma-ws-private.h"
+#include "nma-ws-wpa-psk.h"
+#include "nma-ws-helpers.h"
+#include "nma-ui-utils.h"
+#include "utils.h"
+
+#define WPA_PMK_LEN 32
+
+typedef struct {
+ GtkGridClass parent;
+} NMAWsWpaPskClass;
+
+struct _NMAWsWpaPsk {
+ GtkGrid parent;
+
+ GtkWidget *wpa_psk_entry;
+ GtkWidget *wpa_psk_label;
+ GtkWidget *wpa_psk_type_combo;
+ GtkWidget *wpa_psk_type_label;
+ GtkWidget *show_checkbutton_wpa;
+
+ NMConnection *connection;
+ gboolean secrets_only;
+};
+
+static void nma_ws_interface_init (NMAWsInterface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (NMAWsWpaPsk, nma_ws_wpa_psk, GTK_TYPE_GRID,
+ G_IMPLEMENT_INTERFACE (NMA_TYPE_WS, nma_ws_interface_init))
+
+enum {
+ PROP_0,
+ PROP_CONNECTION,
+ PROP_SECRETS_ONLY,
+ PROP_LAST
+};
+
+static void
+show_toggled_cb (GtkCheckButton *button, gpointer user_data)
+{
+ NMAWsWpaPsk *self = NMA_WS_WPA_PSK (user_data);
+ gboolean visible;
+
+ visible = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button));
+ gtk_entry_set_visibility (GTK_ENTRY (self->wpa_psk_entry), visible);
+}
+
+static gboolean
+validate (NMAWs *ws, GError **error)
+{
+ NMAWsWpaPsk *self = NMA_WS_WPA_PSK (ws);
+ NMSettingSecretFlags secret_flags;
+ const char *key;
+ gsize len;
+ int i;
+
+ secret_flags = nma_utils_menu_to_secret_flags (self->wpa_psk_entry);
+ key = gtk_editable_get_text (GTK_EDITABLE (self->wpa_psk_entry));
+ len = key ? strlen (key) : 0;
+
+ if ( secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED
+ || secret_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) {
+ /* All good. */
+ } else if ((len < 8) || (len > 64)) {
+ widget_set_error (self->wpa_psk_entry);
+ g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wpa-psk: invalid key-length %zu.
Must be [8,63] bytes or 64 hex digits"), len);
+ return FALSE;
+ } else if (len == 64) {
+ /* Hex PSK */
+ for (i = 0; i < len; i++) {
+ if (!isxdigit (key[i])) {
+ widget_set_error (self->wpa_psk_entry);
+ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid wpa-psk:
cannot interpret key with 64 bytes as hex"));
+ return FALSE;
+ }
+ }
+ }
+ widget_unset_error (self->wpa_psk_entry);
+
+ /* passphrase can be between 8 and 63 characters inclusive */
+
+ return TRUE;
+}
+
+static void
+add_to_size_group (NMAWs *ws, GtkSizeGroup *group)
+{
+ NMAWsWpaPsk *self = NMA_WS_WPA_PSK (ws);
+
+ gtk_size_group_add_widget (group, self->wpa_psk_type_label);
+ gtk_size_group_add_widget (group, self->wpa_psk_label);
+}
+
+static void
+fill_connection (NMAWs *ws, NMConnection *connection)
+{
+ NMAWsWpaPsk *self = NMA_WS_WPA_PSK (ws);
+ const char *key;
+ NMSettingWireless *s_wireless;
+ NMSettingWirelessSecurity *s_wireless_sec;
+ NMSettingSecretFlags secret_flags;
+ const char *mode;
+ gboolean is_adhoc = FALSE;
+
+ s_wireless = nm_connection_get_setting_wireless (connection);
+ g_return_if_fail (s_wireless);
+
+ mode = nm_setting_wireless_get_mode (s_wireless);
+ if (mode && !strcmp (mode, "adhoc"))
+ is_adhoc = TRUE;
+
+ /* Blow away the old security setting by adding a clear one */
+ s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new ();
+ nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec);
+
+ key = gtk_editable_get_text (GTK_EDITABLE (self->wpa_psk_entry));
+ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_PSK, key, NULL);
+
+ /* Save PSK_FLAGS to the connection */
+ secret_flags = nma_utils_menu_to_secret_flags (self->wpa_psk_entry);
+ nm_setting_set_secret_flags (NM_SETTING (s_wireless_sec), NM_SETTING_WIRELESS_SECURITY_PSK,
+ secret_flags, NULL);
+
+ /* Update secret flags and popup when editing the connection */
+ if (!self->secrets_only) {
+ nma_utils_update_password_storage (self->wpa_psk_entry, secret_flags,
+ NM_SETTING (s_wireless_sec),
+ NM_SETTING_WIRELESS_SECURITY_PSK);
+ }
+
+ nma_ws_clear_ciphers (connection);
+ if (is_adhoc) {
+ /* Ad-Hoc settings as specified by the supplicant */
+ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL);
+ nm_setting_wireless_security_add_proto (s_wireless_sec, "rsn");
+ nm_setting_wireless_security_add_pairwise (s_wireless_sec, "ccmp");
+ nm_setting_wireless_security_add_group (s_wireless_sec, "ccmp");
+ } else {
+ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk", NULL);
+
+ /* Just leave ciphers and protocol empty, the supplicant will
+ * figure that out magically based on the AP IEs and card capabilities.
+ */
+ }
+}
+
+static void
+update_secrets (NMAWs *ws, NMConnection *connection)
+{
+ NMAWsWpaPsk *self = NMA_WS_WPA_PSK (ws);
+
+ nma_ws_helper_fill_secret_entry (connection,
+ GTK_EDITABLE (self->wpa_psk_entry),
+ NM_TYPE_SETTING_WIRELESS_SECURITY,
+ (HelperSecretFunc) nm_setting_wireless_security_get_psk);
+}
+
+static void
+get_property (GObject *object,
+ guint prop_id,
+ GValue *value,
+ GParamSpec *pspec)
+{
+ NMAWsWpaPsk *self = NMA_WS_WPA_PSK (object);
+
+ switch (prop_id) {
+ case PROP_CONNECTION:
+ g_value_set_object (value, self->connection);
+ break;
+ case PROP_SECRETS_ONLY:
+ g_value_set_boolean (value, self->secrets_only);
+ break;
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ break;
+ }
+}
+
+static void
+set_property (GObject *object,
+ guint prop_id,
+ const GValue *value,
+ GParamSpec *pspec)
+{
+ NMAWsWpaPsk *self = NMA_WS_WPA_PSK (object);
+
+ switch (prop_id) {
+ case PROP_CONNECTION:
+ self->connection = g_value_dup_object (value);
+ break;
+ case PROP_SECRETS_ONLY:
+ self->secrets_only = g_value_get_boolean (value);
+ break;
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ break;
+ }
+}
+
+static void
+nma_ws_wpa_psk_init (NMAWsWpaPsk *self)
+{
+ gtk_widget_init_template (GTK_WIDGET (self));
+}
+
+static void
+nma_ws_interface_init (NMAWsInterface *iface)
+{
+ iface->validate = validate;
+ iface->add_to_size_group = add_to_size_group;
+ iface->fill_connection = fill_connection;
+ iface->update_secrets = update_secrets;
+ iface->adhoc_compatible = TRUE;
+ iface->hotspot_compatible = TRUE;
+}
+
+static void
+constructed (GObject *object)
+{
+ NMAWsWpaPsk *self = NMA_WS_WPA_PSK (object);
+ NMSetting *setting = NULL;
+
+ /* Create password-storage popup menu for password entry under entry's secondary icon */
+ if (self->connection)
+ setting = (NMSetting *) nm_connection_get_setting_wireless_security (self->connection);
+ nma_utils_setup_password_storage (self->wpa_psk_entry, 0, setting, NM_SETTING_WIRELESS_SECURITY_PSK,
+ FALSE, self->secrets_only);
+
+ /* Fill secrets, if any */
+ if (self->connection)
+ update_secrets (NMA_WS (self), self->connection);
+
+ gtk_widget_grab_focus (self->wpa_psk_entry);
+
+ /* Hide WPA/RSN for now since this can be autodetected by NM and the
+ * supplicant when connecting to the AP.
+ */
+ gtk_widget_hide (self->wpa_psk_type_combo);
+ gtk_widget_hide (self->wpa_psk_type_label);
+
+ G_OBJECT_CLASS (nma_ws_wpa_psk_parent_class)->constructed (object);
+}
+
+NMAWsWpaPsk *
+nma_ws_wpa_psk_new (NMConnection *connection, gboolean secrets_only)
+{
+ return g_object_new (NMA_TYPE_WS_WPA_PSK,
+ "connection", connection,
+ "secrets-only", secrets_only,
+ NULL);
+}
+
+static void
+dispose (GObject *object)
+{
+ NMAWsWpaPsk *self = NMA_WS_WPA_PSK (object);
+
+ g_clear_object (&self->connection);
+}
+
+static void
+nma_ws_wpa_psk_class_init (NMAWsWpaPskClass *klass)
+{
+ GObjectClass *object_class = G_OBJECT_CLASS (klass);
+ GtkWidgetClass *widget_class = GTK_WIDGET_CLASS (klass);
+
+ object_class->get_property = get_property;
+ object_class->set_property = set_property;
+ object_class->constructed = constructed;
+ object_class->dispose = dispose;
+
+ g_object_class_override_property (object_class,
+ PROP_CONNECTION, "connection");
+
+ g_object_class_override_property (object_class,
+ PROP_SECRETS_ONLY, "secrets-only");
+
+ gtk_widget_class_set_template_from_resource (widget_class,
+ "/org/gnome/libnma/nma-ws-wpa-psk.ui");
+
+ gtk_widget_class_bind_template_child (widget_class, NMAWsWpaPsk, wpa_psk_entry);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsWpaPsk, wpa_psk_label);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsWpaPsk, wpa_psk_type_combo);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsWpaPsk, wpa_psk_type_label);
+ gtk_widget_class_bind_template_child (widget_class, NMAWsWpaPsk, show_checkbutton_wpa);
+
+ gtk_widget_class_bind_template_callback (widget_class, nma_ws_changed_cb);
+ gtk_widget_class_bind_template_callback (widget_class, show_toggled_cb);
+}
diff --git a/src/nma-ws/nma-ws-wpa-psk.h b/src/nma-ws/nma-ws-wpa-psk.h
new file mode 100644
index 00000000..93e0b1ac
--- /dev/null
+++ b/src/nma-ws/nma-ws-wpa-psk.h
@@ -0,0 +1,32 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_WS_WPA_PSK_H
+#define NMA_WS_WPA_PSK_H
+
+#include "nma-version.h"
+
+G_BEGIN_DECLS
+
+typedef struct _NMAWsWpaPsk NMAWsWpaPsk;
+
+#define NMA_TYPE_WS_WPA_PSK (nma_ws_wpa_psk_get_type ())
+#define NMA_WS_WPA_PSK(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NMA_TYPE_WS_WPA_PSK, NMAWsWpaPsk))
+#define NMA_WS_WPA_PSK_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NMA_TYPE_WS_WPA_PSK,
NMAWsWpaPskClass))
+#define NMA_IS_WS_WPA_PSK(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NMA_TYPE_WS_WPA_PSK))
+#define NMA_IS_WS_WPA_PSK_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NMA_TYPE_WS_WPA_PSK))
+#define NMA_WS_WPA_PSK_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NMA_TYPE_WS_WPA_PSK,
NMAWsWpaPskClass))
+
+NMA_AVAILABLE_IN_1_8_28
+GType nma_ws_wpa_psk_get_type (void);
+
+NMA_AVAILABLE_IN_1_8_28
+NMAWsWpaPsk *nma_ws_wpa_psk_new (NMConnection *connection, gboolean secrets_only);
+
+G_END_DECLS
+
+#endif /* NMA_WS_WPA_PSK_H */
diff --git a/src/nma-ws/nma-ws-wpa-psk.ui b/src/nma-ws/nma-ws-wpa-psk.ui
new file mode 100644
index 00000000..17732468
--- /dev/null
+++ b/src/nma-ws/nma-ws-wpa-psk.ui
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Generated with glade 3.22.1 -->
+<interface domain="nm-applet">
+ <requires lib="gtk+" version="3.10"/>
+ <template class="NMAWsWpaPsk" parent="GtkGrid">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="row_spacing">6</property>
+ <property name="column_spacing">6</property>
+ <child>
+ <object class="GtkLabel" id="wpa_psk_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">_Password</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">wpa_psk_entry</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="wpa_psk_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hexpand">True</property>
+ <property name="max_length">64</property>
+ <property name="visibility">False</property>
+ <property name="activates_default">True</property>
+ <signal name="changed" handler="nma_ws_changed_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="wpa_psk_type_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">_Type</property>
+ <property name="use_underline">True</property>
+ <property name="mnemonic_widget">wpa_psk_type_combo</property>
+ <property name="xalign">1</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">2</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkCheckButton" id="show_checkbutton_wpa">
+ <property name="label" translatable="yes">Sho_w password</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="hexpand">True</property>
+ <property name="use_underline">True</property>
+ <property name="draw_indicator">True</property>
+ <signal name="toggled" handler="show_toggled_cb" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkComboBox" id="wpa_psk_type_combo">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">2</property>
+ </packing>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ </template>
+</interface>
diff --git a/src/nma-ws/nma-ws.c b/src/nma-ws/nma-ws.c
new file mode 100644
index 00000000..1861f822
--- /dev/null
+++ b/src/nma-ws/nma-ws.c
@@ -0,0 +1,141 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#include "nm-default.h"
+
+#include <string.h>
+
+#include "nma-ws.h"
+#include "nma-ws-private.h"
+#include "nma-eap.h"
+#include "utils.h"
+
+G_DEFINE_INTERFACE (NMAWs, nma_ws, G_TYPE_OBJECT)
+
+void
+nma_ws_changed_cb (GtkWidget *ignored, gpointer user_data)
+{
+ g_signal_emit_by_name (user_data, "ws-changed");
+}
+
+gboolean
+nma_ws_validate (NMAWs *self, GError **error)
+{
+ NMAWsInterface *iface;
+ gboolean result;
+
+ g_return_val_if_fail (self != NULL, FALSE);
+ g_return_val_if_fail (!error || !*error, FALSE);
+
+ iface = NMA_WS_GET_INTERFACE (self);
+ g_return_val_if_fail (iface->validate, FALSE);
+ result = (*(iface->validate)) (self, error);
+ if (!result && error && !*error)
+ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("Unknown error validating 802.1X
security"));
+ return result;
+}
+
+void
+nma_ws_add_to_size_group (NMAWs *self, GtkSizeGroup *group)
+{
+ NMAWsInterface *iface;
+
+ g_return_if_fail (self != NULL);
+ g_return_if_fail (group != NULL);
+
+ iface = NMA_WS_GET_INTERFACE (self);
+ g_return_if_fail (iface->add_to_size_group);
+ return (*(iface->add_to_size_group)) (self, group);
+}
+
+void
+nma_ws_fill_connection (NMAWs *self,
+ NMConnection *connection)
+{
+ NMAWsInterface *iface;
+
+ g_return_if_fail (self != NULL);
+ g_return_if_fail (connection != NULL);
+
+ iface = NMA_WS_GET_INTERFACE (self);
+ g_return_if_fail (iface->fill_connection);
+ return (*(iface->fill_connection)) (self, connection);
+}
+
+void
+nma_ws_update_secrets (NMAWs *self, NMConnection *connection)
+{
+ NMAWsInterface *iface;
+
+ g_return_if_fail (self != NULL);
+ g_return_if_fail (connection != NULL);
+
+ iface = NMA_WS_GET_INTERFACE (self);
+ if (iface->update_secrets)
+ iface->update_secrets (self, connection);
+}
+
+void
+nma_ws_default_init (NMAWsInterface *iface)
+{
+ GType iface_type = G_TYPE_FROM_INTERFACE (iface);
+
+ g_signal_new ("ws-changed",
+ iface_type,
+ G_SIGNAL_RUN_FIRST,
+ 0, NULL, NULL,
+ g_cclosure_marshal_VOID__VOID,
+ G_TYPE_NONE, 0);
+
+ iface->adhoc_compatible = TRUE;
+ iface->hotspot_compatible = TRUE;
+
+ g_object_interface_install_property (iface,
+ g_param_spec_object ("connection", "", "",
+ NM_TYPE_CONNECTION,
+ G_PARAM_READWRITE
+ | G_PARAM_CONSTRUCT
+ | G_PARAM_STATIC_STRINGS));
+
+ g_object_interface_install_property (iface,
+ g_param_spec_boolean ("secrets-only", "", "",
+ FALSE,
+ G_PARAM_READWRITE
+ | G_PARAM_CONSTRUCT
+ | G_PARAM_STATIC_STRINGS));
+}
+
+gboolean
+nma_ws_adhoc_compatible (NMAWs *self)
+{
+ g_return_val_if_fail (self != NULL, FALSE);
+
+ return NMA_WS_GET_INTERFACE (self)->adhoc_compatible;
+}
+
+gboolean
+nma_ws_hotspot_compatible (NMAWs *self)
+{
+ g_return_val_if_fail (self != NULL, FALSE);
+
+ return NMA_WS_GET_INTERFACE (self)->hotspot_compatible;
+}
+
+void
+nma_ws_clear_ciphers (NMConnection *connection)
+{
+ NMSettingWirelessSecurity *s_wireless_sec;
+
+ g_return_if_fail (connection != NULL);
+
+ s_wireless_sec = nm_connection_get_setting_wireless_security (connection);
+ g_return_if_fail (s_wireless_sec);
+
+ nm_setting_wireless_security_clear_protos (s_wireless_sec);
+ nm_setting_wireless_security_clear_pairwise (s_wireless_sec);
+ nm_setting_wireless_security_clear_groups (s_wireless_sec);
+}
diff --git a/src/nma-ws/nma-ws.h b/src/nma-ws/nma-ws.h
new file mode 100644
index 00000000..bbea4ded
--- /dev/null
+++ b/src/nma-ws/nma-ws.h
@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Dan Williams <dcbw redhat com>
+ *
+ * Copyright 2007 - 2019 Red Hat, Inc.
+ */
+
+#ifndef NMA_WS_H
+#define NMA_WS_H
+
+#include "nma-version.h"
+
+G_BEGIN_DECLS
+
+typedef struct _NMAWs NMAWs;
+
+#define NMA_TYPE_WS (nma_ws_get_type ())
+#define NMA_WS(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NMA_TYPE_WS, NMAWs))
+#define NMA_IS_WS(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NMA_TYPE_WS))
+#define NMA_WS_GET_INTERFACE(obj) (G_TYPE_INSTANCE_GET_INTERFACE ((obj), NMA_TYPE_WS, NMAWsInterface))
+
+NMA_AVAILABLE_IN_1_8_28
+GType nma_ws_get_type (void);
+
+NMA_AVAILABLE_IN_1_8_28
+gboolean nma_ws_validate (NMAWs *self, GError **error);
+
+NMA_AVAILABLE_IN_1_8_28
+void nma_ws_add_to_size_group (NMAWs *self,
+ GtkSizeGroup *group);
+
+NMA_AVAILABLE_IN_1_8_28
+void nma_ws_fill_connection (NMAWs *self,
+ NMConnection *connection);
+
+NMA_AVAILABLE_IN_1_8_28
+void nma_ws_update_secrets (NMAWs *self,
+ NMConnection *connection);
+
+NMA_AVAILABLE_IN_1_8_28
+gboolean nma_ws_adhoc_compatible (NMAWs *self);
+
+NMA_AVAILABLE_IN_1_8_28
+gboolean nma_ws_hotspot_compatible (NMAWs *self);
+
+G_END_DECLS
+
+#include "nma-ws-802-1x.h"
+#include "nma-ws-dynamic-wep.h"
+#include "nma-ws-leap.h"
+#include "nma-ws-sae.h"
+#include "nma-ws-wep-key.h"
+#include "nma-ws-wpa-eap.h"
+#include "nma-ws-wpa-psk.h"
+
+#endif /* NMA_WS_H */
diff --git a/src/nma.gresource.xml b/src/nma.gresource.xml
index cfe41a7f..5c75f112 100644
--- a/src/nma.gresource.xml
+++ b/src/nma.gresource.xml
@@ -7,5 +7,16 @@
<file preprocess="xml-stripblanks">nma-mobile-wizard.ui</file>
<file preprocess="xml-stripblanks">nma-vpn-password-dialog.ui</file>
<file preprocess="xml-stripblanks">nma-bar-code-widget.ui</file>
+ <file preprocess="xml-stripblanks" alias="nma-ws-802-1x.ui">nma-ws/nma-ws-802-1x.ui</file>
+ <file preprocess="xml-stripblanks" alias="nma-ws-leap.ui">nma-ws/nma-ws-leap.ui</file>
+ <file preprocess="xml-stripblanks" alias="nma-ws-sae.ui">nma-ws/nma-ws-sae.ui</file>
+ <file preprocess="xml-stripblanks" alias="nma-ws-wep-key.ui">nma-ws/nma-ws-wep-key.ui</file>
+ <file preprocess="xml-stripblanks" alias="nma-ws-wpa-psk.ui">nma-ws/nma-ws-wpa-psk.ui</file>
+ <file preprocess="xml-stripblanks" alias="nma-eap-fast.ui">nma-ws/nma-eap-fast.ui</file>
+ <file preprocess="xml-stripblanks" alias="nma-eap-leap.ui">nma-ws/nma-eap-leap.ui</file>
+ <file preprocess="xml-stripblanks" alias="nma-eap-peap.ui">nma-ws/nma-eap-peap.ui</file>
+ <file preprocess="xml-stripblanks" alias="nma-eap-simple.ui">nma-ws/nma-eap-simple.ui</file>
+ <file preprocess="xml-stripblanks" alias="nma-eap-tls.ui">nma-ws/nma-eap-tls.ui</file>
+ <file preprocess="xml-stripblanks" alias="nma-eap-ttls.ui">nma-ws/nma-eap-ttls.ui</file>
</gresource>
</gresources>
diff --git a/src/wireless-security/ws-leap.ui b/src/wireless-security/ws-leap.ui
index a93121d6..e772c5a2 100644
--- a/src/wireless-security/ws-leap.ui
+++ b/src/wireless-security/ws-leap.ui
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!-- Generated with glade 3.20.0 -->
+<!-- Generated with glade 3.22.1 -->
<interface domain="nm-applet">
<requires lib="gtk+" version="3.10"/>
<object class="GtkNotebook" id="leap_notebook">
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]