Re: Network-Manager 0.7.2 TLS problem



On Wed, 2010-08-11 at 09:51 +0800, DAVID ZHOU wrote:
> Hi Dan,
>  
> I checked the source code of network-manager-applet 0.7.2 and 0.8.1,
> find there are differences in eap-method-tls.c:

Doing the path-based stuff in 0.8.x was a pretty big API change, and not
something I'd recommend porting back to 0.7.2.  But PKCS#12 should work
on 0.7.2 as well, just differently.

If you're able to play with the code, would you mind doing some
debugging for me?

First though, when the connection has been saved (ie, you hit Apply)
quit the editor and then look through GConf for the connection.  What
are they keys in the 802-1x directory for that conenction?  You can use
gconf-editor or gconftool-2 --dump /system/networking/connections to get
those.

If it's a system connection that you're trying to save & re-edit, then
the issue could be something completely different.  Is it?

Dan

> for the : setup_filepicker,
>  
> in 0.7.2:
>  
>  
> static void
> setup_filepicker (GladeXML *xml,
>                   const char *name,
>                   const char *title,
>                   WirelessSecurity *parent,
>                   EAPMethodTLS *method,
>                   NMConnection *connection,
>                   const char *tag)
> {
>  GtkWidget *widget;
>  GtkFileFilter *filter;
>  const char *filename = NULL;
>  gboolean privkey = FALSE, client_cert = FALSE;
>  if (!strcmp (tag, NMA_PATH_PHASE2_PRIVATE_KEY_TAG) || !strcmp (tag,
> NMA_PATH_PRIVATE_KEY_TAG))
>   privkey = TRUE;
>  if (!strcmp (tag, NMA_PATH_PHASE2_CLIENT_CERT_TAG) || !strcmp (tag,
> NMA_PATH_CLIENT_CERT_TAG))
>   client_cert = TRUE;
>  widget = glade_xml_get_widget (xml, name);
>  g_assert (widget);
>  gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
>  gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
> title);
>  if (connection && tag) {
>   filename = g_object_get_data (G_OBJECT (connection), tag);
>   if (filename)
>    gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget),
> filename);
>  }
>  /* Connect a special handler for private keys to intercept PKCS#12
> key types
>   * and desensitize the user cert button.
>   */
>  if (privkey) {
>   g_signal_connect (G_OBJECT (widget), "selection-changed",
>                     (GCallback) private_key_picker_file_set_cb,
>                     method);
>   if (filename)
>    private_key_picker_helper ((EAPMethod *) method, filename, FALSE);
>  }
>  g_signal_connect (G_OBJECT (widget), "selection-changed",
>                    (GCallback) wireless_security_changed_cb,
>                    parent);
>  filter = eap_method_default_file_chooser_filter_new (privkey);
>  gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
>  /* For some reason, GTK+ calls set_current_filter (..., NULL) from 
>   * gtkfilechooserdefault.c::show_and_select_files_finished_loading()
> on our
>   * dialog; so force-reset the filter to what we want it to be
> whenever
>   * it gets cleared.
>   */
>  if (client_cert)
>   g_signal_connect (G_OBJECT (widget), "notify::filter", (GCallback)
> reset_filter, filter);
> }
> 
>  
> and in 0.8.1: there is a path funtion in it:
>  
> static void
> setup_filepicker (GladeXML *xml,
>                   const char *name,
>                   const char *title,
>                   WirelessSecurity *parent,
>                   EAPMethodTLS *method,
>                   NMSetting8021x *s_8021x,
>                   SchemeFunc scheme_func,
>                   PathFunc path_func,
>                   gboolean privkey,
>                   gboolean client_cert)
> {
>  GtkWidget *widget;
>  GtkFileFilter *filter;
>  const char *filename = NULL;
>  widget = glade_xml_get_widget (xml, name);
>  g_assert (widget);
>  gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
>  gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
> title);
>  if (s_8021x && path_func && scheme_func) {
>   if (scheme_func (s_8021x) == NM_SETTING_802_1X_CK_SCHEME_PATH) {
>    filename = path_func (s_8021x);
>    if (filename)
>     gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget),
> filename);
>   }
>  }
>  /* Connect a special handler for private keys to intercept PKCS#12
> key types
>   * and desensitize the user cert button.
>   */
>  if (privkey) {
>   g_signal_connect (G_OBJECT (widget), "selection-changed",
>                     (GCallback) private_key_picker_file_set_cb,
>                     method);
>   if (filename)
>    private_key_picker_helper ((EAPMethod *) method, filename, FALSE);
>  }
>  g_signal_connect (G_OBJECT (widget), "selection-changed",
>                    (GCallback) wireless_security_changed_cb,
>                    parent);
>  filter = eap_method_default_file_chooser_filter_new (privkey);
>  gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
>  /* For some reason, GTK+ calls set_current_filter (..., NULL) from 
>   * gtkfilechooserdefault.c::show_and_select_files_finished_loading()
> on our
>   * dialog; so force-reset the filter to what we want it to be
> whenever
>   * it gets cleared.
>   */
>  if (client_cert)
>   g_signal_connect (G_OBJECT (widget), "notify::filter", (GCallback)
> reset_filter, filter);
> }
> 
> If I want to add the path function to the 0.7.2, could you please give
> me some support on how to do it ? Thanks!
> 
> 2010/8/11 DAVID ZHOU <zhouwei926 gmail com>
>         Hi Dan,
>          
>         It is a .p12 file for sercurity key and .crt file for CA.
>         
>         
>         2010/8/11 Dan Williams <dcbw redhat com> 
>         
>         
>                 On Tue, 2010-08-10 at 09:19 +0800, DAVID ZHOU wrote:
>                 > Hi Dan,
>                 >
>                 > Thanks very much ! Here is my debug output. My steps
>                 is :
>                 >
>                 > 1. launch nm-connection-editor through the terminor
>                 and add a
>                 > connection, input the fields I mentioned in the
>                 previous mail. Close
>                 > it.
>                 
>                 
>                 What are the top few lines of your private key?  Is it
>                 a .PEM file,
>                 a .pk12 file, or a .der file?  It appears that
>                 nm-connection-editor is
>                 not able to determine the private key type, which is
>                 used to verify that
>                 the password you enter will actually unlock the
>                 private key you've
>                 specified.
>                 
>                 For example, an old-style openssl RSA private key
>                 starts like this:
>                 
>                 -----BEGIN RSA PRIVATE KEY-----
>                 Proc-Type: 4,ENCRYPTED
>                 DEK-Info: DES-EDE3-CBC,5FA2D6D6242C26D0
>                 
>                 
>                 PKCS#12 and DER files are actually binary and won't
>                 have this header,
>                 but it would be useful to know what kind of key yours
>                 is so we can make
>                 sure that it's supported.
>                 
>                 Dan
>                 
>                 
>                 > 2. Re-launch the nm-connection editor again and
>                 check the connection.
>                 >
>                 > 3. the debug output
>                 > davidzhou debianzhouwei:~$ nm-connection-editor
>                 > (nm-connection-editor:19238): GLib-CRITICAL **:
>                 g_hash_table_foreach:
>                 > assertion `hash_table != NULL' failed
>                 > ** (nm-connection-editor:19238): WARNING **:
>                 nm_connection_list_new:
>                 > failed to load VPN plugins: Couldn't read VPN .name
>                 files
>                 > directory /etc/NetworkManager/VPN.
>                 > (nm-connection-editor:19238): libglade-WARNING **:
>                 unknown property
>                 > `orientation' for class `GtkVBox'
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless:
>                 > ssid
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless:
>                 > ssid
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Error:
>                 couldn't verify
>                 > private key: 3 Unable to determine private key type.
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Error:
>                 couldn't verify
>                 > private key: 3 Unable to determine private key type.
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Error:
>                 couldn't verify
>                 > private key: 3 Unable to determine private key type.
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Error:
>                 couldn't verify
>                 > private key: 3 Unable to determine private key type.
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Error:
>                 couldn't verify
>                 > private key: 3 Unable to determine private key type.
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): WARNING **: Error:
>                 couldn't verify
>                 > private key: 3 Unable to determine private key type.
>                 > ** (nm-connection-editor:19238): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 > ** (nm-connection-editor:19238): CRITICAL **:
>                 > crypto_get_private_key_data: assertion `password !=
>                 NULL' failed
>                 > davidzhou debianzhouwei:~$ nm-connection-editor
>                 > (nm-connection-editor:19302): GLib-CRITICAL **:
>                 g_hash_table_foreach:
>                 > assertion `hash_table != NULL' failed
>                 > ** (nm-connection-editor:19302): WARNING **:
>                 nm_connection_list_new:
>                 > failed to load VPN plugins: Couldn't read VPN .name
>                 files
>                 > directory /etc/NetworkManager/VPN.
>                 > (nm-connection-editor:19302): libglade-WARNING **:
>                 unknown property
>                 > `orientation' for class `GtkVBox'
>                 > ** (nm-connection-editor:19302): WARNING **: Invalid
>                 setting Wireless
>                 > Security: Invalid wireless security
>                 >
>                 >
>                 >
>                 >
>                 > 2010/8/10 Dan Williams <dcbw redhat com>
>                 >         On Mon, 2010-08-09 at 14:20 +0800, DAVID
>                 ZHOU wrote:
>                 >         > Hi,
>                 >         > I am using Debian Lenny with
>                 Network-Manager 0.7.2
>                 >         > Here is the problem I am currently meet:
>                 >         >
>                 >         > Use  System--->Preference--->Network
>                 Connections to add a
>                 >         wireless
>                 >         > connection, and I use WPA/WPA2
>                 Enterprices, TLS, after I
>                 >         input
>                 >         > identities,
>                 >         > select the right CA file and Private Key
>                 file, password.
>                 >         After that I
>                 >         > close the Network Connections Dialogue.
>                 Then reopen the
>                 >         Dialogue, only
>                 >         > find that the CA file path and Private Key
>                 file path is
>                 >         missing. As
>                 >         > the followed picture shown.
>                 >
>                 >
>                 >         Can you run 'nm-connection-editor' in a
>                 terminal, reproduce
>                 >         the problem
>                 >         in the editor, and then reply with the debug
>                 output from that
>                 >         terminal?
>                 >         That might give us a better idea of what's
>                 going on.
>                 >
>                 >         Dan
>                 >
>                 >
>                 
>                 
>                 
>         
> 




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]