[network-manager-applet/lr/tls-domain-suffix-match-rh1457542: 3/12] wireless-security/eap: move cert picker setup and validation to common location
- From: Lubomir Rintel <lkundrak src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-applet/lr/tls-domain-suffix-match-rh1457542: 3/12] wireless-security/eap: move cert picker setup and validation to common location
- Date: Tue, 13 Jun 2017 13:14:26 +0000 (UTC)
commit 8fb89a6a7a37ad9ad6ce21651cde835fad496fc5
Author: Lubomir Rintel <lkundrak v3 sk>
Date: Fri Jun 9 18:58:19 2017 +0200
wireless-security/eap: move cert picker setup and validation to common location
It is now used by the TLS method, but makes sense for TTLS and PEAP too.
Makefile.am | 1 +
src/wireless-security/eap-method-tls.c | 172 ++++++--------------------------
src/wireless-security/eap-method.c | 94 +++++++++++++++++
src/wireless-security/eap-method.h | 28 +++++
4 files changed, 152 insertions(+), 143 deletions(-)
---
diff --git a/Makefile.am b/Makefile.am
index 5cf9eff..be5cc3f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -393,6 +393,7 @@ src_libnm_gtk_libnm_gtk_la_CFLAGS = \
"-I$(srcdir)/src/utils" \
"-I$(srcdir)/src/wireless-security" \
"-I$(srcdir)/src/libnm-gtk" \
+ "-I$(srcdir)/src/libnma" \
-Isrc/libnma \
$(GTK_CFLAGS) \
$(LIBNM_GLIB_CFLAGS) \
diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c
index 83c64f5..b22357d 100644
--- a/src/wireless-security/eap-method-tls.c
+++ b/src/wireless-security/eap-method-tls.c
@@ -298,35 +298,6 @@ client_key_password_validate_cb (NMACertChooser *cert_chooser, gpointer user_dat
return NULL;
}
-static GError *
-ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data)
-{
- NMSetting8021xCKScheme scheme;
- NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
- gs_unref_object NMSetting8021x *setting = NULL;
- gs_free char *value = NULL;
- GError *local = NULL;
-
- setting = (NMSetting8021x *) nm_setting_802_1x_new ();
-
- value = nma_cert_chooser_get_cert (cert_chooser, &scheme);
- if (!value) {
- return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
- _("no CA certificate selected"));
- }
- if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
- if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) {
- return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
- _("selected CA certificate file does not exist"));
- }
- }
-
- if (!nm_setting_802_1x_set_ca_cert (setting, value, scheme, &format, &local))
- return local;
-
- return NULL;
-}
-
static void
client_cert_fixup_pkcs12 (NMACertChooser *cert_chooser, gpointer user_data)
{
@@ -349,106 +320,21 @@ client_cert_fixup_pkcs12 (NMACertChooser *cert_chooser, gpointer user_data)
nma_cert_chooser_set_key (cert_chooser, cert_value, cert_scheme);
}
-typedef const char * (*PathFunc) (NMSetting8021x *setting);
-typedef const char * (*UriFunc) (NMSetting8021x *setting);
-typedef NMSetting8021xCKScheme (*SchemeFunc) (NMSetting8021x *setting);
-typedef const char * (*PasswordFunc) (NMSetting8021x *setting);
-
-static void
-setup_cert_chooser (NMACertChooser *cert_chooser,
- NMSetting8021x *s_8021x,
- SchemeFunc cert_scheme_func,
- PathFunc cert_path_func,
- UriFunc cert_uri_func,
- PasswordFunc cert_password_func,
- SchemeFunc key_scheme_func,
- PathFunc key_path_func,
- UriFunc key_uri_func,
- PasswordFunc key_password_func)
-{
- NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN;
- const char *value = NULL;
-
-
- if (s_8021x && cert_path_func && cert_uri_func && cert_scheme_func) {
- scheme = cert_scheme_func (s_8021x);
- switch (scheme) {
- case NM_SETTING_802_1X_CK_SCHEME_PATH:
- value = cert_path_func (s_8021x);
- break;
-#if LIBNM_BUILD
-/* Not available in libnm-glib */
- case NM_SETTING_802_1X_CK_SCHEME_PKCS11:
- value = cert_uri_func (s_8021x);
- if (cert_password_func)
- nma_cert_chooser_set_cert_password (cert_chooser, cert_password_func
(s_8021x));
- break;
-#endif
- case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN:
- /* No CA set. */
- break;
- default:
- g_warning ("unhandled certificate scheme %d", scheme);
- }
-
- }
- nma_cert_chooser_set_cert (cert_chooser, value, scheme);
-
- if (s_8021x && key_path_func && key_uri_func && key_scheme_func) {
- scheme = key_scheme_func (s_8021x);
- switch (scheme) {
- case NM_SETTING_802_1X_CK_SCHEME_PATH:
- value = key_path_func (s_8021x);
- break;
-#if LIBNM_BUILD
-/* Not available in libnm-glib */
- case NM_SETTING_802_1X_CK_SCHEME_PKCS11:
- value = key_uri_func (s_8021x);
- break;
-#endif
- case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN:
- /* No certificate set. */
- break;
- default:
- g_warning ("unhandled key scheme %d", scheme);
- }
-
- nma_cert_chooser_set_key (cert_chooser, value, scheme);
- }
-
- if (s_8021x && key_password_func)
- nma_cert_chooser_set_key_password (cert_chooser, key_password_func (s_8021x));
-}
-
-#if !LIBNM_BUILD
-/* Not available in libnm-glib */
-#define nm_setting_802_1x_get_ca_cert_password NULL
-#define nm_setting_802_1x_get_ca_cert_uri NULL
-#define nm_setting_802_1x_get_client_cert_password NULL
-#define nm_setting_802_1x_get_client_cert_uri NULL
-#define nm_setting_802_1x_get_private_key_uri NULL
-#define nm_setting_802_1x_get_phase2_ca_cert_password NULL
-#define nm_setting_802_1x_get_phase2_ca_cert_uri NULL
-#define nm_setting_802_1x_get_phase2_client_cert_password NULL
-#define nm_setting_802_1x_get_phase2_client_cert_uri NULL
-#define nm_setting_802_1x_get_phase2_private_key_uri NULL
-#endif
-
static void
update_secrets (EAPMethod *parent, NMConnection *connection)
{
EAPMethodTLS *method = (EAPMethodTLS *) parent;
- setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser),
- nm_connection_get_setting_802_1x (connection),
- NULL,
- NULL,
- NULL,
- parent->phase2 ? nm_setting_802_1x_get_phase2_client_cert_password :
nm_setting_802_1x_get_client_cert_password,
- parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme :
nm_setting_802_1x_get_private_key_scheme,
- parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_path :
nm_setting_802_1x_get_private_key_path,
- parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_uri :
nm_setting_802_1x_get_private_key_uri,
- parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_password :
nm_setting_802_1x_get_private_key_password);
+ eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser),
+ nm_connection_get_setting_802_1x (connection),
+ NULL,
+ NULL,
+ NULL,
+ parent->phase2 ? nm_setting_802_1x_get_phase2_client_cert_password :
nm_setting_802_1x_get_client_cert_password,
+ parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme :
nm_setting_802_1x_get_private_key_scheme,
+ parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_path :
nm_setting_802_1x_get_private_key_path,
+ parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_uri :
nm_setting_802_1x_get_private_key_uri,
+ parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_password :
nm_setting_802_1x_get_private_key_password);
}
EAPMethodTLS *
@@ -539,15 +425,15 @@ eap_method_tls_new (WirelessSecurity *ws_parent,
G_CALLBACK (wireless_security_changed_cb),
ws_parent);
- setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser), s_8021x,
- phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme :
nm_setting_802_1x_get_client_cert_scheme,
- phase2 ? nm_setting_802_1x_get_phase2_client_cert_path :
nm_setting_802_1x_get_client_cert_path,
- phase2 ? nm_setting_802_1x_get_phase2_client_cert_uri :
nm_setting_802_1x_get_client_cert_uri,
- phase2 ? nm_setting_802_1x_get_phase2_client_cert_password :
nm_setting_802_1x_get_client_cert_password,
- phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme :
nm_setting_802_1x_get_private_key_scheme,
- phase2 ? nm_setting_802_1x_get_phase2_private_key_path :
nm_setting_802_1x_get_private_key_path,
- phase2 ? nm_setting_802_1x_get_phase2_private_key_uri :
nm_setting_802_1x_get_private_key_uri,
- phase2 ? nm_setting_802_1x_get_phase2_private_key_password :
nm_setting_802_1x_get_private_key_password);
+ eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser), s_8021x,
+ phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme :
nm_setting_802_1x_get_client_cert_scheme,
+ phase2 ? nm_setting_802_1x_get_phase2_client_cert_path :
nm_setting_802_1x_get_client_cert_path,
+ phase2 ? nm_setting_802_1x_get_phase2_client_cert_uri :
nm_setting_802_1x_get_client_cert_uri,
+ phase2 ? nm_setting_802_1x_get_phase2_client_cert_password :
nm_setting_802_1x_get_client_cert_password,
+ phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme :
nm_setting_802_1x_get_private_key_scheme,
+ phase2 ? nm_setting_802_1x_get_phase2_private_key_path :
nm_setting_802_1x_get_private_key_path,
+ phase2 ? nm_setting_802_1x_get_phase2_private_key_uri :
nm_setting_802_1x_get_private_key_uri,
+ phase2 ? nm_setting_802_1x_get_phase2_private_key_password :
nm_setting_802_1x_get_private_key_password);
method->ca_cert_chooser = nma_cert_chooser_new ("CA",
NMA_CERT_CHOOSER_FLAG_CERT
@@ -557,22 +443,22 @@ eap_method_tls_new (WirelessSecurity *ws_parent,
g_signal_connect (method->ca_cert_chooser,
"cert-validate",
- G_CALLBACK (ca_cert_validate_cb),
+ G_CALLBACK (eap_method_ca_cert_validate_cb),
NULL);
g_signal_connect (method->ca_cert_chooser,
"changed",
G_CALLBACK (wireless_security_changed_cb),
ws_parent);
- setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x,
- phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme :
nm_setting_802_1x_get_ca_cert_scheme,
- phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path :
nm_setting_802_1x_get_ca_cert_path,
- phase2 ? nm_setting_802_1x_get_phase2_ca_cert_uri :
nm_setting_802_1x_get_ca_cert_uri,
- phase2 ? nm_setting_802_1x_get_phase2_ca_cert_password :
nm_setting_802_1x_get_ca_cert_password,
- NULL,
- NULL,
- NULL,
- NULL);
+ eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x,
+ phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme :
nm_setting_802_1x_get_ca_cert_scheme,
+ phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path :
nm_setting_802_1x_get_ca_cert_path,
+ phase2 ? nm_setting_802_1x_get_phase2_ca_cert_uri :
nm_setting_802_1x_get_ca_cert_uri,
+ phase2 ? nm_setting_802_1x_get_phase2_ca_cert_password :
nm_setting_802_1x_get_ca_cert_password,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
if (connection && eap_method_ca_cert_ignore_get (parent, connection)) {
gchar *ca_cert;
diff --git a/src/wireless-security/eap-method.c b/src/wireless-security/eap-method.c
index a5088f8..f11bd22 100644
--- a/src/wireless-security/eap-method.c
+++ b/src/wireless-security/eap-method.c
@@ -604,3 +604,97 @@ eap_method_ca_cert_ignore_load (NMConnection *connection)
g_object_unref (settings);
}
+GError *
+eap_method_ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data)
+{
+ NMSetting8021xCKScheme scheme;
+ NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ gs_unref_object NMSetting8021x *setting = NULL;
+ gs_free char *value = NULL;
+ GError *local = NULL;
+
+ setting = (NMSetting8021x *) nm_setting_802_1x_new ();
+
+ value = nma_cert_chooser_get_cert (cert_chooser, &scheme);
+ if (!value) {
+ return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
+ _("no CA certificate selected"));
+ }
+ if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
+ if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) {
+ return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
+ _("selected CA certificate file does not exist"));
+ }
+ }
+
+ if (!nm_setting_802_1x_set_ca_cert (setting, value, scheme, &format, &local))
+ return local;
+
+ return NULL;
+}
+
+void
+eap_method_setup_cert_chooser (NMACertChooser *cert_chooser,
+ NMSetting8021x *s_8021x,
+ NMSetting8021xCKScheme (*cert_scheme_func) (NMSetting8021x *setting),
+ const char *(*cert_path_func) (NMSetting8021x *setting),
+ const char *(*cert_uri_func) (NMSetting8021x *setting),
+ const char *(*cert_password_func) (NMSetting8021x *setting),
+ NMSetting8021xCKScheme (*key_scheme_func) (NMSetting8021x *setting),
+ const char *(*key_path_func) (NMSetting8021x *setting),
+ const char *(*key_uri_func) (NMSetting8021x *setting),
+ const char *(*key_password_func) (NMSetting8021x *setting))
+{
+ NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN;
+ const char *value = NULL;
+
+
+ if (s_8021x && cert_path_func && cert_uri_func && cert_scheme_func) {
+ scheme = cert_scheme_func (s_8021x);
+ switch (scheme) {
+ case NM_SETTING_802_1X_CK_SCHEME_PATH:
+ value = cert_path_func (s_8021x);
+ break;
+#if LIBNM_BUILD
+/* Not available in libnm-glib */
+ case NM_SETTING_802_1X_CK_SCHEME_PKCS11:
+ value = cert_uri_func (s_8021x);
+ if (cert_password_func)
+ nma_cert_chooser_set_cert_password (cert_chooser, cert_password_func
(s_8021x));
+ break;
+#endif
+ case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN:
+ /* No CA set. */
+ break;
+ default:
+ g_warning ("unhandled certificate scheme %d", scheme);
+ }
+
+ }
+ nma_cert_chooser_set_cert (cert_chooser, value, scheme);
+
+ if (s_8021x && key_path_func && key_uri_func && key_scheme_func) {
+ scheme = key_scheme_func (s_8021x);
+ switch (scheme) {
+ case NM_SETTING_802_1X_CK_SCHEME_PATH:
+ value = key_path_func (s_8021x);
+ break;
+#if LIBNM_BUILD
+/* Not available in libnm-glib */
+ case NM_SETTING_802_1X_CK_SCHEME_PKCS11:
+ value = key_uri_func (s_8021x);
+ break;
+#endif
+ case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN:
+ /* No certificate set. */
+ break;
+ default:
+ g_warning ("unhandled key scheme %d", scheme);
+ }
+
+ nma_cert_chooser_set_key (cert_chooser, value, scheme);
+ }
+
+ if (s_8021x && key_password_func)
+ nma_cert_chooser_set_key_password (cert_chooser, key_password_func (s_8021x));
+}
diff --git a/src/wireless-security/eap-method.h b/src/wireless-security/eap-method.h
index 333fa14..665d2d8 100644
--- a/src/wireless-security/eap-method.h
+++ b/src/wireless-security/eap-method.h
@@ -72,6 +72,7 @@ GType eap_method_get_type (void);
/* Below for internal use only */
+#include "nma-cert-chooser.h"
#include "eap-method-tls.h"
#include "eap-method-leap.h"
#include "eap-method-fast.h"
@@ -126,4 +127,31 @@ gboolean eap_method_ca_cert_ignore_get (EAPMethod *method, NMConnection *connect
void eap_method_ca_cert_ignore_save (NMConnection *connection);
void eap_method_ca_cert_ignore_load (NMConnection *connection);
+GError *eap_method_ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data);
+
+#if !LIBNM_BUILD
+/* For mere convenience. These are not available in libnm-glib. */
+#define nm_setting_802_1x_get_ca_cert_password NULL
+#define nm_setting_802_1x_get_ca_cert_uri NULL
+#define nm_setting_802_1x_get_client_cert_password NULL
+#define nm_setting_802_1x_get_client_cert_uri NULL
+#define nm_setting_802_1x_get_private_key_uri NULL
+#define nm_setting_802_1x_get_phase2_ca_cert_password NULL
+#define nm_setting_802_1x_get_phase2_ca_cert_uri NULL
+#define nm_setting_802_1x_get_phase2_client_cert_password NULL
+#define nm_setting_802_1x_get_phase2_client_cert_uri NULL
+#define nm_setting_802_1x_get_phase2_private_key_uri NULL
+#endif
+
+void eap_method_setup_cert_chooser (NMACertChooser *cert_chooser,
+ NMSetting8021x *s_8021x,
+ NMSetting8021xCKScheme (*cert_scheme_func) (NMSetting8021x *setting),
+ const char *(*cert_path_func) (NMSetting8021x *setting),
+ const char *(*cert_uri_func) (NMSetting8021x *setting),
+ const char *(*cert_password_func) (NMSetting8021x *setting),
+ NMSetting8021xCKScheme (*key_scheme_func) (NMSetting8021x *setting),
+ const char *(*key_path_func) (NMSetting8021x *setting),
+ const char *(*key_uri_func) (NMSetting8021x *setting),
+ const char *(*key_password_func) (NMSetting8021x *setting));
+
#endif /* EAP_METHOD_H */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]