[network-manager-applet/lr/tls-domain-suffix-match-rh1457542: 3/12] wireless-security/eap: move cert picker setup and validation to common location



commit 8fb89a6a7a37ad9ad6ce21651cde835fad496fc5
Author: Lubomir Rintel <lkundrak v3 sk>
Date:   Fri Jun 9 18:58:19 2017 +0200

    wireless-security/eap: move cert picker setup and validation to common location
    
    It is now used by the TLS method, but makes sense for TTLS and PEAP too.

 Makefile.am                            |    1 +
 src/wireless-security/eap-method-tls.c |  172 ++++++--------------------------
 src/wireless-security/eap-method.c     |   94 +++++++++++++++++
 src/wireless-security/eap-method.h     |   28 +++++
 4 files changed, 152 insertions(+), 143 deletions(-)
---
diff --git a/Makefile.am b/Makefile.am
index 5cf9eff..be5cc3f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -393,6 +393,7 @@ src_libnm_gtk_libnm_gtk_la_CFLAGS = \
        "-I$(srcdir)/src/utils" \
        "-I$(srcdir)/src/wireless-security" \
        "-I$(srcdir)/src/libnm-gtk" \
+       "-I$(srcdir)/src/libnma" \
        -Isrc/libnma \
        $(GTK_CFLAGS) \
        $(LIBNM_GLIB_CFLAGS) \
diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c
index 83c64f5..b22357d 100644
--- a/src/wireless-security/eap-method-tls.c
+++ b/src/wireless-security/eap-method-tls.c
@@ -298,35 +298,6 @@ client_key_password_validate_cb (NMACertChooser *cert_chooser, gpointer user_dat
        return NULL;
 }
 
-static GError *
-ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data)
-{
-       NMSetting8021xCKScheme scheme;
-        NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
-       gs_unref_object NMSetting8021x *setting = NULL;
-       gs_free char *value = NULL;
-       GError *local = NULL;
-
-       setting = (NMSetting8021x *) nm_setting_802_1x_new ();
-
-       value = nma_cert_chooser_get_cert (cert_chooser, &scheme);
-       if (!value) {
-               return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
-                                           _("no CA certificate selected"));
-       }
-       if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
-               if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) {
-                       return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
-                                                   _("selected CA certificate file does not exist"));
-               }
-       }
-
-       if (!nm_setting_802_1x_set_ca_cert (setting, value, scheme, &format, &local))
-               return local;
-
-       return NULL;
-}
-
 static void
 client_cert_fixup_pkcs12 (NMACertChooser *cert_chooser, gpointer user_data)
 {
@@ -349,106 +320,21 @@ client_cert_fixup_pkcs12 (NMACertChooser *cert_chooser, gpointer user_data)
                nma_cert_chooser_set_key (cert_chooser, cert_value, cert_scheme);
 }
 
-typedef const char * (*PathFunc) (NMSetting8021x *setting);
-typedef const char * (*UriFunc) (NMSetting8021x *setting);
-typedef NMSetting8021xCKScheme (*SchemeFunc)  (NMSetting8021x *setting);
-typedef const char * (*PasswordFunc) (NMSetting8021x *setting);
-
-static void
-setup_cert_chooser (NMACertChooser *cert_chooser,
-                    NMSetting8021x *s_8021x,
-                    SchemeFunc cert_scheme_func,
-                    PathFunc cert_path_func,
-                    UriFunc cert_uri_func,
-                    PasswordFunc cert_password_func,
-                    SchemeFunc key_scheme_func,
-                    PathFunc key_path_func,
-                    UriFunc key_uri_func,
-                    PasswordFunc key_password_func)
-{
-       NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN;
-       const char *value = NULL;
-
-
-       if (s_8021x && cert_path_func && cert_uri_func && cert_scheme_func) {
-               scheme = cert_scheme_func (s_8021x);
-               switch (scheme) {
-               case NM_SETTING_802_1X_CK_SCHEME_PATH:
-                       value = cert_path_func (s_8021x);
-                       break;
-#if LIBNM_BUILD
-/* Not available in libnm-glib */
-               case NM_SETTING_802_1X_CK_SCHEME_PKCS11:
-                       value = cert_uri_func (s_8021x);
-                       if (cert_password_func)
-                               nma_cert_chooser_set_cert_password (cert_chooser, cert_password_func 
(s_8021x));
-                       break;
-#endif
-               case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN:
-                       /* No CA set. */
-                       break;
-               default:
-                       g_warning ("unhandled certificate scheme %d", scheme);
-               }
-
-       }
-       nma_cert_chooser_set_cert (cert_chooser, value, scheme);
-
-       if (s_8021x && key_path_func && key_uri_func && key_scheme_func) {
-               scheme = key_scheme_func (s_8021x);
-               switch (scheme) {
-               case NM_SETTING_802_1X_CK_SCHEME_PATH:
-                       value = key_path_func (s_8021x);
-                       break;
-#if LIBNM_BUILD
-/* Not available in libnm-glib */
-               case NM_SETTING_802_1X_CK_SCHEME_PKCS11:
-                       value = key_uri_func (s_8021x);
-                       break;
-#endif
-               case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN:
-                       /* No certificate set. */
-                       break;
-               default:
-                       g_warning ("unhandled key scheme %d", scheme);
-               }
-
-               nma_cert_chooser_set_key (cert_chooser, value, scheme);
-       }
-
-       if (s_8021x && key_password_func)
-               nma_cert_chooser_set_key_password (cert_chooser, key_password_func (s_8021x));
-}
-
-#if !LIBNM_BUILD
-/* Not available in libnm-glib */
-#define nm_setting_802_1x_get_ca_cert_password             NULL
-#define nm_setting_802_1x_get_ca_cert_uri                  NULL
-#define nm_setting_802_1x_get_client_cert_password         NULL
-#define nm_setting_802_1x_get_client_cert_uri              NULL
-#define nm_setting_802_1x_get_private_key_uri              NULL
-#define nm_setting_802_1x_get_phase2_ca_cert_password      NULL
-#define nm_setting_802_1x_get_phase2_ca_cert_uri           NULL
-#define nm_setting_802_1x_get_phase2_client_cert_password  NULL
-#define nm_setting_802_1x_get_phase2_client_cert_uri       NULL
-#define nm_setting_802_1x_get_phase2_private_key_uri       NULL
-#endif
-
 static void
 update_secrets (EAPMethod *parent, NMConnection *connection)
 {
        EAPMethodTLS *method = (EAPMethodTLS *) parent;
 
-       setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser),
-                           nm_connection_get_setting_802_1x (connection),
-                           NULL,
-                           NULL,
-                           NULL,
-                           parent->phase2 ? nm_setting_802_1x_get_phase2_client_cert_password : 
nm_setting_802_1x_get_client_cert_password,
-                           parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : 
nm_setting_802_1x_get_private_key_scheme,
-                           parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_path : 
nm_setting_802_1x_get_private_key_path,
-                           parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_uri : 
nm_setting_802_1x_get_private_key_uri,
-                           parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_password : 
nm_setting_802_1x_get_private_key_password);
+       eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser),
+                                      nm_connection_get_setting_802_1x (connection),
+                                      NULL,
+                                      NULL,
+                                      NULL,
+                                      parent->phase2 ? nm_setting_802_1x_get_phase2_client_cert_password : 
nm_setting_802_1x_get_client_cert_password,
+                                      parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : 
nm_setting_802_1x_get_private_key_scheme,
+                                      parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_path : 
nm_setting_802_1x_get_private_key_path,
+                                      parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_uri : 
nm_setting_802_1x_get_private_key_uri,
+                                      parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_password : 
nm_setting_802_1x_get_private_key_password);
 }
 
 EAPMethodTLS *
@@ -539,15 +425,15 @@ eap_method_tls_new (WirelessSecurity *ws_parent,
                          G_CALLBACK (wireless_security_changed_cb),
                          ws_parent);
 
-       setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser), s_8021x,
-                           phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme : 
nm_setting_802_1x_get_client_cert_scheme,
-                           phase2 ? nm_setting_802_1x_get_phase2_client_cert_path : 
nm_setting_802_1x_get_client_cert_path,
-                           phase2 ? nm_setting_802_1x_get_phase2_client_cert_uri : 
nm_setting_802_1x_get_client_cert_uri,
-                           phase2 ? nm_setting_802_1x_get_phase2_client_cert_password : 
nm_setting_802_1x_get_client_cert_password,
-                           phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : 
nm_setting_802_1x_get_private_key_scheme,
-                           phase2 ? nm_setting_802_1x_get_phase2_private_key_path : 
nm_setting_802_1x_get_private_key_path,
-                           phase2 ? nm_setting_802_1x_get_phase2_private_key_uri : 
nm_setting_802_1x_get_private_key_uri,
-                           phase2 ? nm_setting_802_1x_get_phase2_private_key_password : 
nm_setting_802_1x_get_private_key_password);
+       eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser), s_8021x,
+                                      phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme : 
nm_setting_802_1x_get_client_cert_scheme,
+                                      phase2 ? nm_setting_802_1x_get_phase2_client_cert_path : 
nm_setting_802_1x_get_client_cert_path,
+                                      phase2 ? nm_setting_802_1x_get_phase2_client_cert_uri : 
nm_setting_802_1x_get_client_cert_uri,
+                                      phase2 ? nm_setting_802_1x_get_phase2_client_cert_password : 
nm_setting_802_1x_get_client_cert_password,
+                                      phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : 
nm_setting_802_1x_get_private_key_scheme,
+                                      phase2 ? nm_setting_802_1x_get_phase2_private_key_path : 
nm_setting_802_1x_get_private_key_path,
+                                      phase2 ? nm_setting_802_1x_get_phase2_private_key_uri : 
nm_setting_802_1x_get_private_key_uri,
+                                      phase2 ? nm_setting_802_1x_get_phase2_private_key_password : 
nm_setting_802_1x_get_private_key_password);
 
        method->ca_cert_chooser = nma_cert_chooser_new ("CA",
                                                          NMA_CERT_CHOOSER_FLAG_CERT
@@ -557,22 +443,22 @@ eap_method_tls_new (WirelessSecurity *ws_parent,
 
        g_signal_connect (method->ca_cert_chooser,
                          "cert-validate",
-                         G_CALLBACK (ca_cert_validate_cb),
+                         G_CALLBACK (eap_method_ca_cert_validate_cb),
                          NULL);
        g_signal_connect (method->ca_cert_chooser,
                          "changed",
                          G_CALLBACK (wireless_security_changed_cb),
                          ws_parent);
 
-       setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x,
-                           phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme : 
nm_setting_802_1x_get_ca_cert_scheme,
-                           phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path : 
nm_setting_802_1x_get_ca_cert_path,
-                           phase2 ? nm_setting_802_1x_get_phase2_ca_cert_uri : 
nm_setting_802_1x_get_ca_cert_uri,
-                           phase2 ? nm_setting_802_1x_get_phase2_ca_cert_password : 
nm_setting_802_1x_get_ca_cert_password,
-                           NULL,
-                           NULL,
-                           NULL,
-                           NULL);
+       eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x,
+                                      phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme : 
nm_setting_802_1x_get_ca_cert_scheme,
+                                      phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path : 
nm_setting_802_1x_get_ca_cert_path,
+                                      phase2 ? nm_setting_802_1x_get_phase2_ca_cert_uri : 
nm_setting_802_1x_get_ca_cert_uri,
+                                      phase2 ? nm_setting_802_1x_get_phase2_ca_cert_password : 
nm_setting_802_1x_get_ca_cert_password,
+                                      NULL,
+                                      NULL,
+                                      NULL,
+                                      NULL);
 
        if (connection && eap_method_ca_cert_ignore_get (parent, connection)) {
                gchar *ca_cert;
diff --git a/src/wireless-security/eap-method.c b/src/wireless-security/eap-method.c
index a5088f8..f11bd22 100644
--- a/src/wireless-security/eap-method.c
+++ b/src/wireless-security/eap-method.c
@@ -604,3 +604,97 @@ eap_method_ca_cert_ignore_load (NMConnection *connection)
        g_object_unref (settings);
 }
 
+GError *
+eap_method_ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data)
+{
+       NMSetting8021xCKScheme scheme;
+        NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+       gs_unref_object NMSetting8021x *setting = NULL;
+       gs_free char *value = NULL;
+       GError *local = NULL;
+
+       setting = (NMSetting8021x *) nm_setting_802_1x_new ();
+
+       value = nma_cert_chooser_get_cert (cert_chooser, &scheme);
+       if (!value) {
+               return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
+                                           _("no CA certificate selected"));
+       }
+       if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
+               if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) {
+                       return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
+                                                   _("selected CA certificate file does not exist"));
+               }
+       }
+
+       if (!nm_setting_802_1x_set_ca_cert (setting, value, scheme, &format, &local))
+               return local;
+
+       return NULL;
+}
+
+void
+eap_method_setup_cert_chooser (NMACertChooser *cert_chooser,
+                               NMSetting8021x *s_8021x,
+                               NMSetting8021xCKScheme (*cert_scheme_func) (NMSetting8021x *setting),
+                               const char *(*cert_path_func) (NMSetting8021x *setting),
+                               const char *(*cert_uri_func) (NMSetting8021x *setting),
+                               const char *(*cert_password_func) (NMSetting8021x *setting),
+                               NMSetting8021xCKScheme (*key_scheme_func) (NMSetting8021x *setting),
+                               const char *(*key_path_func) (NMSetting8021x *setting),
+                               const char *(*key_uri_func) (NMSetting8021x *setting),
+                               const char *(*key_password_func) (NMSetting8021x *setting))
+{
+       NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN;
+       const char *value = NULL;
+
+
+       if (s_8021x && cert_path_func && cert_uri_func && cert_scheme_func) {
+               scheme = cert_scheme_func (s_8021x);
+               switch (scheme) {
+               case NM_SETTING_802_1X_CK_SCHEME_PATH:
+                       value = cert_path_func (s_8021x);
+                       break;
+#if LIBNM_BUILD
+/* Not available in libnm-glib */
+               case NM_SETTING_802_1X_CK_SCHEME_PKCS11:
+                       value = cert_uri_func (s_8021x);
+                       if (cert_password_func)
+                               nma_cert_chooser_set_cert_password (cert_chooser, cert_password_func 
(s_8021x));
+                       break;
+#endif
+               case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN:
+                       /* No CA set. */
+                       break;
+               default:
+                       g_warning ("unhandled certificate scheme %d", scheme);
+               }
+
+       }
+       nma_cert_chooser_set_cert (cert_chooser, value, scheme);
+
+       if (s_8021x && key_path_func && key_uri_func && key_scheme_func) {
+               scheme = key_scheme_func (s_8021x);
+               switch (scheme) {
+               case NM_SETTING_802_1X_CK_SCHEME_PATH:
+                       value = key_path_func (s_8021x);
+                       break;
+#if LIBNM_BUILD
+/* Not available in libnm-glib */
+               case NM_SETTING_802_1X_CK_SCHEME_PKCS11:
+                       value = key_uri_func (s_8021x);
+                       break;
+#endif
+               case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN:
+                       /* No certificate set. */
+                       break;
+               default:
+                       g_warning ("unhandled key scheme %d", scheme);
+               }
+
+               nma_cert_chooser_set_key (cert_chooser, value, scheme);
+       }
+
+       if (s_8021x && key_password_func)
+               nma_cert_chooser_set_key_password (cert_chooser, key_password_func (s_8021x));
+}
diff --git a/src/wireless-security/eap-method.h b/src/wireless-security/eap-method.h
index 333fa14..665d2d8 100644
--- a/src/wireless-security/eap-method.h
+++ b/src/wireless-security/eap-method.h
@@ -72,6 +72,7 @@ GType eap_method_get_type (void);
 
 /* Below for internal use only */
 
+#include "nma-cert-chooser.h"
 #include "eap-method-tls.h"
 #include "eap-method-leap.h"
 #include "eap-method-fast.h"
@@ -126,4 +127,31 @@ gboolean eap_method_ca_cert_ignore_get (EAPMethod *method, NMConnection *connect
 void eap_method_ca_cert_ignore_save (NMConnection *connection);
 void eap_method_ca_cert_ignore_load (NMConnection *connection);
 
+GError *eap_method_ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data);
+
+#if !LIBNM_BUILD
+/* For mere convenience. These are not available in libnm-glib. */
+#define nm_setting_802_1x_get_ca_cert_password             NULL
+#define nm_setting_802_1x_get_ca_cert_uri                  NULL
+#define nm_setting_802_1x_get_client_cert_password         NULL
+#define nm_setting_802_1x_get_client_cert_uri              NULL
+#define nm_setting_802_1x_get_private_key_uri              NULL
+#define nm_setting_802_1x_get_phase2_ca_cert_password      NULL
+#define nm_setting_802_1x_get_phase2_ca_cert_uri           NULL
+#define nm_setting_802_1x_get_phase2_client_cert_password  NULL
+#define nm_setting_802_1x_get_phase2_client_cert_uri       NULL
+#define nm_setting_802_1x_get_phase2_private_key_uri       NULL
+#endif
+
+void eap_method_setup_cert_chooser (NMACertChooser *cert_chooser,
+                                    NMSetting8021x *s_8021x,
+                                    NMSetting8021xCKScheme (*cert_scheme_func) (NMSetting8021x *setting),
+                                    const char *(*cert_path_func) (NMSetting8021x *setting),
+                                    const char *(*cert_uri_func) (NMSetting8021x *setting),
+                                    const char *(*cert_password_func) (NMSetting8021x *setting),
+                                    NMSetting8021xCKScheme (*key_scheme_func) (NMSetting8021x *setting),
+                                    const char *(*key_path_func) (NMSetting8021x *setting),
+                                    const char *(*key_uri_func) (NMSetting8021x *setting),
+                                    const char *(*key_password_func) (NMSetting8021x *setting));
+
 #endif /* EAP_METHOD_H */


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]