From db98fe813725c5ca7b81e4ad0c3db97df0ba0357 Mon Sep 17 00:00:00 2001 From: Robert Love Date: Wed, 22 Mar 2006 19:52:41 +0000 Subject: [PATCH] 2006-03-22 Robert Love Implement "Dynamic WEP", which is basically WPA authentication and WEP key exchange via WPA, ostensibly providing good security without requiring hardware that supports full WPA. Also, add UI elements to allow the user to select the pairwise & group cipher for WPA Enterprise networks, too: * gnome/applet/applet.glade: Update glade file. * gnome/applet/nm-gconf-wso-wpa-eap.c: Serialize and deserialize the key type, too, to and from gconf. * gnome/applet/wireless-security-option.c: Add "wpa_eap" parameter to wso_wpa_create_key_type_model(), noting whether we are handling PSK or EAP configuration, and in the latter case add in "Dynamic WEP" if the capabilities match. * gnome/applet/wso-private.h: Update wso_wpa_create_key_type_model()'s prototype. * gnome/applet/wso-wpa-eap.c: Manage UI elements for the key type and serialize from UI to DBUS. * gnome/applet/wso-wpa-psk.c: Cannot fail and always returns at least one element. * libnm-util/dbus-helpers.c: Update nmu_security_serialize_wpa_eap(), nmu_security_serialize_wpa_eap_with_cipher(), and nmu_security_deserialize_wpa_eap() to take a "key_type" parameter and serialize/deserialize the key type via DBUS as the new third DBUS parameter. * libnm-util/dbus-helpers.h: Update prototypes. * src/nm-ap-security-wpa-eap.c: Deserialize the key type from DBUS, too. If the key type is WEP104, do Dynamic WEP, which means "IEEE8021X" for "key_mgmt". Also add support for user-specified pairwise and group ciphers (fixes a FIXME). git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@1628 4912f4e0-d625-0410-9fb7-b9a5a253dbdc --- ChangeLog | 31 +++++++ gnome/applet/applet.glade | 110 +++++++++++++++++------- gnome/applet/nm-gconf-wso-wpa-eap.c | 19 +++- gnome/applet/wireless-security-option.c | 27 +++--- gnome/applet/wso-private.h | 2 +- gnome/applet/wso-wpa-eap.c | 25 +++++- gnome/applet/wso-wpa-psk.c | 7 +- libnm-util/dbus-helpers.c | 61 +++++++++---- libnm-util/dbus-helpers.h | 3 + src/nm-ap-security-wpa-eap.c | 67 +++++++++------ 10 files changed, 257 insertions(+), 95 deletions(-) diff --git a/ChangeLog b/ChangeLog index da75914d34..04dd1183a3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,34 @@ +2006-03-22 Robert Love + + Implement "Dynamic WEP", which is basically WPA authentication and WEP + key exchange via WPA, ostensibly providing good security without + requiring hardware that supports full WPA. Also, add UI elements to + allow the user to select the pairwise & group cipher for WPA Enterprise + networks, too: + * gnome/applet/applet.glade: Update glade file. + * gnome/applet/nm-gconf-wso-wpa-eap.c: Serialize and deserialize the + key type, too, to and from gconf. + * gnome/applet/wireless-security-option.c: Add "wpa_eap" parameter to + wso_wpa_create_key_type_model(), noting whether we are handling PSK + or EAP configuration, and in the latter case add in "Dynamic WEP" if + the capabilities match. + * gnome/applet/wso-private.h: Update wso_wpa_create_key_type_model()'s + prototype. + * gnome/applet/wso-wpa-eap.c: Manage UI elements for the key type and + serialize from UI to DBUS. + * gnome/applet/wso-wpa-psk.c: Cannot fail and always returns at least + one element. + * libnm-util/dbus-helpers.c: Update nmu_security_serialize_wpa_eap(), + nmu_security_serialize_wpa_eap_with_cipher(), and + nmu_security_deserialize_wpa_eap() to take a "key_type" parameter and + serialize/deserialize the key type via DBUS as the new third DBUS + parameter. + * libnm-util/dbus-helpers.h: Update prototypes. + * src/nm-ap-security-wpa-eap.c: Deserialize the key type from DBUS, + too. If the key type is WEP104, do Dynamic WEP, which means + "IEEE8021X" for "key_mgmt". Also add support for user-specified + pairwise and group ciphers (fixes a FIXME). + 2006-03-21 Robert Love * src/NetworkManagerSystem.c, src/NetworkManagerSystem.h: Add diff --git a/gnome/applet/applet.glade b/gnome/applet/applet.glade index 3ffa8c1b8a..7c1796f4bf 100644 --- a/gnome/applet/applet.glade +++ b/gnome/applet/applet.glade @@ -2418,7 +2418,7 @@ Shared Key 8 True - 9 + 10 2 False 4 @@ -2445,8 +2445,8 @@ Shared Key 0 1 - 5 - 6 + 6 + 7 fill @@ -2473,8 +2473,8 @@ Shared Key 0 1 - 6 - 7 + 7 + 8 fill @@ -2493,8 +2493,8 @@ Shared Key 1 2 - 5 - 6 + 6 + 7 fill fill @@ -2513,8 +2513,8 @@ Shared Key 1 2 - 6 - 7 + 7 + 8 fill fill @@ -2541,8 +2541,8 @@ Shared Key 0 1 - 7 - 8 + 8 + 9 fill @@ -2563,8 +2563,8 @@ Shared Key 1 2 - 7 - 8 + 8 + 9 @@ -2590,8 +2590,8 @@ Shared Key 0 1 - 4 - 5 + 5 + 6 fill @@ -2610,8 +2610,8 @@ Shared Key 1 2 - 4 - 5 + 5 + 6 fill fill @@ -2638,8 +2638,8 @@ Shared Key 0 1 - 1 - 2 + 2 + 3 fill @@ -2666,8 +2666,8 @@ Shared Key 0 1 - 2 - 3 + 3 + 4 fill @@ -2694,8 +2694,8 @@ Shared Key 0 1 - 3 - 4 + 4 + 5 fill @@ -2716,8 +2716,8 @@ Shared Key 1 2 - 1 - 2 + 2 + 3 @@ -2737,8 +2737,8 @@ Shared Key 1 2 - 2 - 3 + 3 + 4 @@ -2758,8 +2758,8 @@ Shared Key 1 2 - 3 - 4 + 4 + 5 @@ -2829,8 +2829,8 @@ Shared Key 0 1 - 8 - 9 + 9 + 10 fill @@ -2851,12 +2851,56 @@ Shared Key 1 2 - 8 - 9 + 9 + 10 fill + + + + True + Key Type: + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 1 + 2 + fill + + + + + + + True + False + True + + + 1 + 2 + 1 + 2 + fill + fill + + False diff --git a/gnome/applet/nm-gconf-wso-wpa-eap.c b/gnome/applet/nm-gconf-wso-wpa-eap.c index 66c3ead0b0..1df6861248 100644 --- a/gnome/applet/nm-gconf-wso-wpa-eap.c +++ b/gnome/applet/nm-gconf-wso-wpa-eap.c @@ -39,6 +39,7 @@ struct _NMGConfWSOWPA_EAPPrivate { int eap_method; + int key_type; int wpa_version; int key_mgmt; const char * identity; @@ -64,11 +65,12 @@ nm_gconf_wso_wpa_eap_new_deserialize_dbus (DBusMessageIter *iter, int we_cipher) char * ca_cert_file = NULL; int wpa_version; int eap_method; + int key_type; g_return_val_if_fail (we_cipher == NM_AUTH_TYPE_WPA_EAP, NULL); g_return_val_if_fail (iter != NULL, NULL); - if (!nmu_security_deserialize_wpa_eap (iter, &eap_method, &identity, &passwd, &anon_identity, &private_key_passwd, + if (!nmu_security_deserialize_wpa_eap (iter, &eap_method, &key_type, &identity, &passwd, &anon_identity, &private_key_passwd, &private_key_file, &client_cert_file, &ca_cert_file, &wpa_version)) goto out; @@ -78,6 +80,7 @@ nm_gconf_wso_wpa_eap_new_deserialize_dbus (DBusMessageIter *iter, int we_cipher) nm_gconf_wso_set_key (NM_GCONF_WSO (security), "FIXME", 5); /* FIXME: What to do about Enterprise keys? */ security->priv->wpa_version = wpa_version; security->priv->eap_method = eap_method; + security->priv->key_type = key_type; security->priv->key_mgmt = IW_AUTH_KEY_MGMT_802_1X; security->priv->identity = g_strdup (identity); security->priv->passwd = g_strdup (passwd); @@ -105,6 +108,7 @@ nm_gconf_wso_wpa_eap_new_deserialize_gconf (GConfClient *client, const char *net char * ca_cert_file = NULL; int wpa_version; int eap_method; + int key_type; int key_mgmt; g_return_val_if_fail (client != NULL, NULL); @@ -118,6 +122,13 @@ nm_gconf_wso_wpa_eap_new_deserialize_gconf (GConfClient *client, const char *net &eap_method)) goto out; + if (!nm_gconf_get_int_helper (client, + GCONF_PATH_WIRELESS_NETWORKS, + WPA_EAP_PREFIX"key_type", + network, + &key_type)) + goto out; + if (!nm_gconf_get_int_helper (client, GCONF_PATH_WIRELESS_NETWORKS, WPA_EAP_PREFIX"wpa_version", @@ -185,6 +196,7 @@ nm_gconf_wso_wpa_eap_new_deserialize_gconf (GConfClient *client, const char *net nm_gconf_wso_set_we_cipher (NM_GCONF_WSO (security), we_cipher); security->priv->wpa_version = wpa_version; security->priv->eap_method = eap_method; + security->priv->key_type = key_type; security->priv->key_mgmt = IW_AUTH_KEY_MGMT_802_1X; security->priv->identity = g_strdup (identity); security->priv->passwd = g_strdup (passwd); @@ -214,6 +226,7 @@ real_serialize_dbus (NMGConfWSO *instance, DBusMessageIter *iter) if (!nmu_security_serialize_wpa_eap (iter, self->priv->eap_method, + self->priv->key_type, self->priv->identity ? : "", self->priv->passwd ? : "", self->priv->anon_identity ? : "", @@ -236,6 +249,10 @@ real_serialize_gconf (NMGConfWSO *instance, GConfClient *client, const char *net gconf_client_set_int (client, key, self->priv->eap_method, NULL); g_free (key); + key = g_strdup_printf ("%s/%s/%skey_type", GCONF_PATH_WIRELESS_NETWORKS, network, WPA_EAP_PREFIX); + gconf_client_set_int (client, key, self->priv->key_type, NULL); + g_free (key); + key = g_strdup_printf ("%s/%s/%swpa_version", GCONF_PATH_WIRELESS_NETWORKS, network, WPA_EAP_PREFIX); gconf_client_set_int (client, key, self->priv->wpa_version, NULL); g_free (key); diff --git a/gnome/applet/wireless-security-option.c b/gnome/applet/wireless-security-option.c index fed6381a3f..086ffb6ec4 100644 --- a/gnome/applet/wireless-security-option.c +++ b/gnome/applet/wireless-security-option.c @@ -194,8 +194,7 @@ void wso_wep_auth_combo_cleanup (WirelessSecurityOption *opt, GtkComboBox * comb GtkTreeModel * -wso_wpa_create_key_type_model (int capabilities, - int *num_added) +wso_wpa_create_key_type_model (int capabilities, gboolean wpa_eap, int *num_added) { GtkListStore * model; GtkTreeIter iter; @@ -211,14 +210,6 @@ wso_wpa_create_key_type_model (int capabilities, gtk_list_store_set (model, &iter, WPA_KEY_TYPE_NAME_COL, name, WPA_KEY_TYPE_CIPHER_COL, 0, -1); - if (capabilities & NM_802_11_CAP_CIPHER_TKIP) - { - name = _("TKIP"); - gtk_list_store_append (model, &iter); - gtk_list_store_set (model, &iter, WPA_KEY_TYPE_NAME_COL, name, - WPA_KEY_TYPE_CIPHER_COL, IW_AUTH_CIPHER_TKIP, -1); - num++; - } if (capabilities & NM_802_11_CAP_CIPHER_CCMP) { name = _("AES-CCMP"); @@ -227,6 +218,22 @@ wso_wpa_create_key_type_model (int capabilities, WPA_KEY_TYPE_CIPHER_COL, IW_AUTH_CIPHER_CCMP, -1); num++; } + if (capabilities & NM_802_11_CAP_CIPHER_TKIP) + { + name = _("TKIP"); + gtk_list_store_append (model, &iter); + gtk_list_store_set (model, &iter, WPA_KEY_TYPE_NAME_COL, name, + WPA_KEY_TYPE_CIPHER_COL, IW_AUTH_CIPHER_TKIP, -1); + num++; + } + if (wpa_eap && capabilities & NM_802_11_CAP_KEY_MGMT_802_1X) + { + name = _("Dynamic WEP"); + gtk_list_store_append (model, &iter); + gtk_list_store_set (model, &iter, WPA_KEY_TYPE_NAME_COL, name, + WPA_KEY_TYPE_CIPHER_COL, IW_AUTH_CIPHER_WEP104, -1); + num++; + } *num_added = num; return GTK_TREE_MODEL (model); diff --git a/gnome/applet/wso-private.h b/gnome/applet/wso-private.h index d3e248f7fb..796d370e99 100644 --- a/gnome/applet/wso-private.h +++ b/gnome/applet/wso-private.h @@ -79,7 +79,7 @@ void wso_wep_auth_combo_cleanup (WirelessSecurityOption *opt, GtkComboBox * co #define WPA_KEY_TYPE_NAME_COL 0 #define WPA_KEY_TYPE_CIPHER_COL 1 -GtkTreeModel * wso_wpa_create_key_type_model (int capabilities, int *num_added); +GtkTreeModel * wso_wpa_create_key_type_model (int capabilities, gboolean wpa_eap, int *num_added); #endif /* WIRELESS_SECURITY_OPTION_PRIVATE_H */ diff --git a/gnome/applet/wso-wpa-eap.c b/gnome/applet/wso-wpa-eap.c index 44342d422b..bcc52c269d 100644 --- a/gnome/applet/wso-wpa-eap.c +++ b/gnome/applet/wso-wpa-eap.c @@ -40,6 +40,7 @@ struct OptData { int eap_method; + int key_type; const char * identity; const char * passwd; const char * anon_identity; @@ -170,6 +171,11 @@ append_dbus_params_func (WirelessSecurityOption *opt, gtk_combo_box_get_active_iter (GTK_COMBO_BOX (entry), &tree_iter); gtk_tree_model_get (model, &tree_iter, WPA_EAP_VALUE_COL, &opt->data->eap_method, -1); + entry = glade_xml_get_widget (opt->uixml, "wpa_eap_key_type_combo"); + model = gtk_combo_box_get_model (GTK_COMBO_BOX (entry)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (entry), &tree_iter); + gtk_tree_model_get (model, &tree_iter, WPA_KEY_TYPE_CIPHER_COL, &opt->data->key_type, -1); + entry = glade_xml_get_widget (opt->uixml, "wpa_eap_identity_entry"); opt->data->identity = gtk_entry_get_text (GTK_ENTRY (entry)) ? : ""; @@ -195,6 +201,7 @@ append_dbus_params_func (WirelessSecurityOption *opt, nmu_security_serialize_wpa_eap_with_cipher (&dbus_iter, opt->data->eap_method, + opt->data->key_type, opt->data->identity, opt->data->passwd, opt->data->anon_identity, @@ -216,9 +223,12 @@ wso_wpa_eap_new (const char *glade_file, WirelessSecurityOption * opt = NULL; OptData * data = NULL; GtkWidget * eap_method_combo; + GtkWidget * key_type_combo; GtkListStore * model; + GtkTreeModel * tree_model; GtkTreeIter iter; GtkCellRenderer * renderer; + int num_added; struct { const char * name; @@ -261,12 +271,25 @@ wso_wpa_eap_new (const char *glade_file, gtk_combo_box_set_model (GTK_COMBO_BOX (eap_method_combo), GTK_TREE_MODEL (model)); gtk_tree_model_get_iter_first (GTK_TREE_MODEL (model), &iter); gtk_combo_box_set_active_iter (GTK_COMBO_BOX (eap_method_combo), &iter); - renderer = gtk_cell_renderer_text_new (); /* FIXME: Why do we need this here but not in the same place in wso-wpa-psk.c ? */ + renderer = gtk_cell_renderer_text_new (); gtk_cell_layout_pack_start (GTK_CELL_LAYOUT (eap_method_combo), renderer, TRUE); gtk_cell_layout_set_attributes (GTK_CELL_LAYOUT (eap_method_combo), renderer, "text", 0, NULL); + key_type_combo = glade_xml_get_widget (opt->uixml, "wpa_eap_key_type_combo"); + tree_model = wso_wpa_create_key_type_model (capabilities, TRUE, &num_added); + gtk_combo_box_set_model (GTK_COMBO_BOX (key_type_combo), tree_model); + gtk_tree_model_get_iter_first (tree_model, &iter); + gtk_combo_box_set_active_iter (GTK_COMBO_BOX (key_type_combo), &iter); + if (num_added == 1) + gtk_widget_set_sensitive (key_type_combo, FALSE); + + /* FIXME: Why do we need this here but not in the same place in wso-wpa-psk.c ? */ + renderer = gtk_cell_renderer_text_new (); + gtk_cell_layout_pack_start (GTK_CELL_LAYOUT (key_type_combo), renderer, TRUE); + gtk_cell_layout_set_attributes (GTK_CELL_LAYOUT (key_type_combo), renderer, "text", 0, NULL); + /* Option-specific data */ opt->data = data = g_malloc0 (sizeof (OptData)); data->wpa2 = wpa2; diff --git a/gnome/applet/wso-wpa-psk.c b/gnome/applet/wso-wpa-psk.c index e6fcbf5ee3..3625a381ce 100644 --- a/gnome/applet/wso-wpa-psk.c +++ b/gnome/applet/wso-wpa-psk.c @@ -207,12 +207,7 @@ wso_wpa_psk_new (const char *glade_file, key_type_combo = glade_xml_get_widget (opt->uixml, data->key_type_combo_name); g_signal_connect (G_OBJECT (key_type_combo), "changed", (GCallback) key_type_combo_changed_cb, opt); - model = wso_wpa_create_key_type_model (capabilities, &num_added); - if (!model || !num_added) - { - wso_free (opt); - return NULL; - } + model = wso_wpa_create_key_type_model (capabilities, FALSE, &num_added); gtk_combo_box_set_model (GTK_COMBO_BOX (key_type_combo), model); gtk_tree_model_get_iter_first (model, &iter); gtk_combo_box_set_active_iter (GTK_COMBO_BOX (key_type_combo), &iter); diff --git a/libnm-util/dbus-helpers.c b/libnm-util/dbus-helpers.c index 990c4ea83a..072cc1e727 100644 --- a/libnm-util/dbus-helpers.c +++ b/libnm-util/dbus-helpers.c @@ -249,6 +249,7 @@ nmu_security_serialize_wpa_psk_with_cipher (DBusMessage *message, dbus_bool_t nmu_security_serialize_wpa_eap (DBusMessageIter *iter, int eap_method, + int key_type, const char *identity, const char *passwd, const char *anon_identity, @@ -267,32 +268,39 @@ nmu_security_serialize_wpa_eap (DBusMessageIter *iter, || (eap_method == NM_EAP_METHOD_PEAP) || (eap_method == NM_EAP_METHOD_TLS) || (eap_method == NM_EAP_METHOD_TTLS), FALSE); + g_return_val_if_fail ((key_type == 0) + || (key_type == IW_AUTH_CIPHER_CCMP) + || (key_type == IW_AUTH_CIPHER_TKIP) + || (key_type == IW_AUTH_CIPHER_WEP104), FALSE); /* Second arg: EAP method (INT32) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_INT32, &eap_method); - /* Third arg: Identity (STRING) */ + /* Third arg: Key type (INT32) */ + dbus_message_iter_append_basic (iter, DBUS_TYPE_INT32, &key_type); + + /* Fourth arg: Identity (STRING) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_STRING, &identity); - /* Fourth arg: Password (STRING) */ + /* Fifth arg: Password (STRING) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_STRING, &passwd); - /* Fifth arg: Anonymous Identity (STRING) */ + /* Sixth arg: Anonymous Identity (STRING) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_STRING, &anon_identity); - /* Sixth arg: Private key password (STRING) */ + /* Seventh arg: Private key password (STRING) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_STRING, &private_key_passwd); - /* Seventh arg: Private key file (STRING) */ + /* Eighth arg: Private key file (STRING) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_STRING, &private_key_file); - /* Eighth arg: Client certificate file (STRING) */ + /* Ninth arg: Client certificate file (STRING) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_STRING, &client_cert_file); - /* Ninth arg: CA certificate file (STRING) */ + /* Tenth arg: CA certificate file (STRING) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_STRING, &ca_cert_file); - /* Tenth and final arg: WPA version (INT32) */ + /* Eleventh and final arg: WPA version (INT32) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_INT32, &wpa_version); return TRUE; @@ -302,6 +310,7 @@ nmu_security_serialize_wpa_eap (DBusMessageIter *iter, dbus_bool_t nmu_security_serialize_wpa_eap_with_cipher (DBusMessageIter *iter, int eap_method, + int key_type, const char *identity, const char *passwd, const char *anon_identity, @@ -322,11 +331,15 @@ nmu_security_serialize_wpa_eap_with_cipher (DBusMessageIter *iter, || (eap_method == NM_EAP_METHOD_PEAP) || (eap_method == NM_EAP_METHOD_TLS) || (eap_method == NM_EAP_METHOD_TTLS), FALSE); + g_return_val_if_fail ((key_type == 0) + || (key_type == IW_AUTH_CIPHER_CCMP) + || (key_type == IW_AUTH_CIPHER_TKIP) + || (key_type == IW_AUTH_CIPHER_WEP104), FALSE); /* First arg: WE Cipher (INT32) */ we_cipher_append_helper (iter, NM_AUTH_TYPE_WPA_EAP); - result = nmu_security_serialize_wpa_eap (iter, eap_method, identity, passwd, anon_identity, private_key_passwd, + result = nmu_security_serialize_wpa_eap (iter, eap_method, key_type, identity, passwd, anon_identity, private_key_passwd, private_key_file, client_cert_file, ca_cert_file, wpa_version); return result; @@ -338,6 +351,7 @@ nmu_security_serialize_wpa_eap_with_cipher (DBusMessageIter *iter, dbus_bool_t nmu_security_deserialize_wpa_eap (DBusMessageIter *iter, int *eap_method, + int *key_type, char **identity, char **passwd, char **anon_identity, @@ -356,8 +370,11 @@ nmu_security_deserialize_wpa_eap (DBusMessageIter *iter, char * dbus_ca_cert_file; dbus_int32_t dbus_wpa_version; dbus_int32_t dbus_eap_method; + dbus_int32_t dbus_key_type; g_return_val_if_fail (iter != NULL, FALSE); + g_return_val_if_fail (eap_method != NULL, FALSE); + g_return_val_if_fail (key_type != NULL, FALSE); g_return_val_if_fail (identity != NULL, FALSE); g_return_val_if_fail (*identity == NULL, FALSE); g_return_val_if_fail (passwd != NULL, FALSE); @@ -385,49 +402,58 @@ nmu_security_deserialize_wpa_eap (DBusMessageIter *iter, || (dbus_eap_method == NM_EAP_METHOD_TLS) || (dbus_eap_method == NM_EAP_METHOD_TTLS), FALSE); - /* Third arg: Identity (STRING) */ + /* Third arg: Key type (INT32) */ + g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); + g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_INT32, FALSE); + dbus_message_iter_get_basic (iter, &dbus_key_type); + g_return_val_if_fail ((dbus_key_type == 0) + || (dbus_key_type == IW_AUTH_CIPHER_CCMP) + || (dbus_key_type == IW_AUTH_CIPHER_TKIP) + || (dbus_key_type == IW_AUTH_CIPHER_WEP104), FALSE); + + /* Fourth arg: Identity (STRING) */ g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_STRING, FALSE); dbus_message_iter_get_basic (iter, &dbus_identity); g_return_val_if_fail (dbus_identity != NULL, FALSE); - /* Fourth arg: Password (STRING) */ + /* Fifth arg: Password (STRING) */ g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_STRING, FALSE); dbus_message_iter_get_basic (iter, &dbus_password); g_return_val_if_fail (dbus_password != NULL, FALSE); - /* Fifth arg: Anonymous Identity (STRING) */ + /* Sixth arg: Anonymous Identity (STRING) */ g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_STRING, FALSE); dbus_message_iter_get_basic (iter, &dbus_anon_identity); g_return_val_if_fail (dbus_anon_identity != NULL, FALSE); - /* Sixth arg: Private key password (STRING) */ + /* Seventh arg: Private key password (STRING) */ g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_STRING, FALSE); dbus_message_iter_get_basic (iter, &dbus_private_key_passwd); g_return_val_if_fail (dbus_private_key_passwd != NULL, FALSE); - /* Seventh arg: Private key file (STRING) */ + /* Eighth arg: Private key file (STRING) */ g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_STRING, FALSE); dbus_message_iter_get_basic (iter, &dbus_private_key_file); g_return_val_if_fail (dbus_private_key_file != NULL, FALSE); - /* Eighth arg: Client certificate file (STRING) */ + /* Ninth arg: Client certificate file (STRING) */ g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_STRING, FALSE); dbus_message_iter_get_basic (iter, &dbus_client_cert_file); g_return_val_if_fail (dbus_client_cert_file != NULL, FALSE); - /* Ninth arg: CA certificate file (STRING) */ + /* Tenth arg: CA certificate file (STRING) */ g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_STRING, FALSE); dbus_message_iter_get_basic (iter, &dbus_ca_cert_file); g_return_val_if_fail (dbus_ca_cert_file != NULL, FALSE); - /* Tenth and final arg: WPA version (INT32) */ + /* Eleventh and final arg: WPA version (INT32) */ g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_INT32, FALSE); dbus_message_iter_get_basic (iter, &dbus_wpa_version); @@ -435,6 +461,7 @@ nmu_security_deserialize_wpa_eap (DBusMessageIter *iter, || (dbus_wpa_version == IW_AUTH_WPA_VERSION_WPA2), FALSE); *eap_method = dbus_eap_method; + *key_type = dbus_key_type; *identity = strlen (dbus_identity) > 0 ? dbus_identity : NULL; *passwd = strlen (dbus_password) > 0 ? dbus_password : NULL; *anon_identity = strlen (dbus_anon_identity) > 0 ? dbus_anon_identity : NULL; diff --git a/libnm-util/dbus-helpers.h b/libnm-util/dbus-helpers.h index 713f425eb0..8bc56c6b17 100644 --- a/libnm-util/dbus-helpers.h +++ b/libnm-util/dbus-helpers.h @@ -67,6 +67,7 @@ dbus_bool_t nmu_security_serialize_wpa_psk_with_cipher (DBusMessage *message, dbus_bool_t nmu_security_serialize_wpa_eap (DBusMessageIter *iter, int eap_method, + int key_type, const char *identity, const char *passwd, const char *anon_identity, @@ -78,6 +79,7 @@ dbus_bool_t nmu_security_serialize_wpa_eap (DBusMessageIter *iter, dbus_bool_t nmu_security_serialize_wpa_eap_with_cipher (DBusMessageIter *iter, int eap_method, + int key_type, const char *identity, const char *passwd, const char *anon_identity, @@ -89,6 +91,7 @@ dbus_bool_t nmu_security_serialize_wpa_eap_with_cipher (DBusMessageIter *iter, dbus_bool_t nmu_security_deserialize_wpa_eap (DBusMessageIter *iter, int *eap_method, + int *key_type, char **identity, char **passwd, char **anon_identity, diff --git a/src/nm-ap-security-wpa-eap.c b/src/nm-ap-security-wpa-eap.c index 0cd107da34..c60623124c 100644 --- a/src/nm-ap-security-wpa-eap.c +++ b/src/nm-ap-security-wpa-eap.c @@ -37,6 +37,7 @@ struct _NMAPSecurityWPA_EAPPrivate { int eap_method; + int key_type; int wpa_version; int key_mgmt; char * identity; @@ -54,6 +55,7 @@ nm_ap_security_wpa_eap_new_deserialize (DBusMessageIter *iter) { NMAPSecurityWPA_EAP * security = NULL; int eap_method; + int key_type; int wpa_version; char * identity = NULL; char * passwd = NULL; @@ -65,9 +67,9 @@ nm_ap_security_wpa_eap_new_deserialize (DBusMessageIter *iter) g_return_val_if_fail (iter != NULL, NULL); - if (!nmu_security_deserialize_wpa_eap (iter, &eap_method, &identity, &passwd, &anon_identity, - &private_key_passwd, &private_key_file, &client_cert_file, - &ca_cert_file, &wpa_version)) + if (!nmu_security_deserialize_wpa_eap (iter, &eap_method, &key_type, &identity, &passwd, + &anon_identity, &private_key_passwd, &private_key_file, + &client_cert_file, &ca_cert_file, &wpa_version)) goto out; /* Success, build up our security object */ @@ -75,6 +77,7 @@ nm_ap_security_wpa_eap_new_deserialize (DBusMessageIter *iter) nm_ap_security_set_we_cipher (NM_AP_SECURITY (security), NM_AUTH_TYPE_WPA_EAP); nm_ap_security_set_key (NM_AP_SECURITY (security), "FIXME", 5); /* FIXME: what do we do for Enterprise? */ security->priv->eap_method = eap_method; + security->priv->key_type = key_type; security->priv->wpa_version = wpa_version; security->priv->key_mgmt = IW_AUTH_KEY_MGMT_802_1X; security->priv->identity = g_strdup (identity); @@ -129,6 +132,7 @@ real_serialize (NMAPSecurity *instance, DBusMessageIter *iter) if (!nmu_security_serialize_wpa_eap (iter, self->priv->eap_method, + self->priv->key_type, self->priv->identity ? : "", self->priv->passwd ? : "", self->priv->anon_identity ? : "", @@ -177,11 +181,11 @@ real_write_supplicant_config (NMAPSecurity *instance, const char * ca_cert_file = self->priv->ca_cert_file; const char * client_cert_file = self->priv->client_cert_file; int wpa_version = self->priv->wpa_version; - int cipher = nm_ap_security_get_we_cipher (instance); int key_mgmt = self->priv->key_mgmt; int eap_method = self->priv->eap_method; + int key_type = self->priv->key_type; - g_return_val_if_fail (cipher == NM_AUTH_TYPE_WPA_EAP, FALSE); + g_return_val_if_fail (nm_ap_security_get_we_cipher (instance) == NM_AUTH_TYPE_WPA_EAP, FALSE); g_return_val_if_fail (key_mgmt == IW_AUTH_KEY_MGMT_802_1X, FALSE); g_return_val_if_fail (wpa_version == IW_AUTH_WPA_VERSION_WPA || wpa_version == IW_AUTH_WPA_VERSION_WPA2, FALSE); @@ -192,6 +196,10 @@ real_write_supplicant_config (NMAPSecurity *instance, || eap_method == NM_EAP_METHOD_PEAP || eap_method == NM_EAP_METHOD_TLS || eap_method == NM_EAP_METHOD_TTLS, FALSE); + g_return_val_if_fail ((key_type == 0) + || (key_type == IW_AUTH_CIPHER_CCMP) + || (key_type == IW_AUTH_CIPHER_TKIP) + || (key_type == IW_AUTH_CIPHER_WEP104), FALSE); /* WPA-EAP network setup */ @@ -206,8 +214,17 @@ real_write_supplicant_config (NMAPSecurity *instance, goto out; } - if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, "SET_NETWORK %i key_mgmt WPA-EAP", nwid)) - goto out; + if (key_type != IW_AUTH_CIPHER_WEP104) + { + if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, "SET_NETWORK %i key_mgmt WPA-EAP", nwid)) + goto out; + } + else + { + /* So-called Dynamic WEP */ + if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, "SET_NETWORK %i key_mgmt IEEE8021X", nwid)) + goto out; + } if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, "SET_NETWORK %i eap %s", nwid, get_eap_method (eap_method))) goto out; @@ -253,34 +270,31 @@ real_write_supplicant_config (NMAPSecurity *instance, if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, "SET_NETWORK %i ca_cert \"%s\"", nwid, ca_cert_file)) goto out; -#if 0 /* Right now we always let wpa_supplicant sort out the pairwise and group cipher */ /* - * FIXME: Technically, the pairwise cipher does not need to be the same as - * the group cipher. Fixing this requires changes in the UI. + * Set the pairwise and group cipher, if the user provided one. If user selected "Automatic", we + * let wpa_supplicant sort it out. Likewise, if the user selected "Dynamic WEP", we do nothing. */ - if (cipher == IW_AUTH_CIPHER_TKIP) - pairwise_cipher = group_cipher = "TKIP"; - else if (cipher == IW_AUTH_CIPHER_CCMP) - pairwise_cipher = group_cipher = "CCMP"; - else if (cipher == IW_AUTH_CIPHER_NONE) - pairwise_cipher = group_cipher = "NONE"; - - /* Ad-Hoc requires pairwise cipher of NONE */ - if (user_created) - pairwise_cipher = "NONE"; - - /* If user selected "Automatic", we let wpa_supplicant sort it out */ - if (cipher != NM_AUTH_TYPE_WPA_PSK_AUTO) + if (key_type != NM_AUTH_TYPE_WPA_PSK_AUTO && key_type != IW_AUTH_CIPHER_WEP104) { + const char *cipher; + + /* + * FIXME: Technically, the pairwise cipher does not need to be the same as + * the group cipher. Fixing this requires changes in the UI. + */ + if (key_type == IW_AUTH_CIPHER_TKIP) + cipher = "TKIP"; + else /* IW_AUTH_CIPHER_CCMP */ + cipher = "CCMP"; + if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, - "SET_NETWORK %i pairwise %s", nwid, pairwise_cipher)) + "SET_NETWORK %i pairwise %s", nwid, cipher)) goto out; if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, - "SET_NETWORK %i group %s", nwid, group_cipher)) + "SET_NETWORK %i group %s", nwid, cipher)) goto out; } -#endif success = TRUE; @@ -312,6 +326,7 @@ real_copy_constructor (NMAPSecurity *instance) NMAPSecurityWPA_EAP * self = NM_AP_SECURITY_WPA_EAP (instance); dst->priv->eap_method = self->priv->eap_method; + dst->priv->key_type = self->priv->key_type; dst->priv->wpa_version = self->priv->wpa_version; dst->priv->key_mgmt = self->priv->key_mgmt; dst->priv->identity = self->priv->identity;