diff --git a/ChangeLog b/ChangeLog index da75914d3..04dd1183a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,34 @@ +2006-03-22 Robert Love + + Implement "Dynamic WEP", which is basically WPA authentication and WEP + key exchange via WPA, ostensibly providing good security without + requiring hardware that supports full WPA. Also, add UI elements to + allow the user to select the pairwise & group cipher for WPA Enterprise + networks, too: + * gnome/applet/applet.glade: Update glade file. + * gnome/applet/nm-gconf-wso-wpa-eap.c: Serialize and deserialize the + key type, too, to and from gconf. + * gnome/applet/wireless-security-option.c: Add "wpa_eap" parameter to + wso_wpa_create_key_type_model(), noting whether we are handling PSK + or EAP configuration, and in the latter case add in "Dynamic WEP" if + the capabilities match. + * gnome/applet/wso-private.h: Update wso_wpa_create_key_type_model()'s + prototype. + * gnome/applet/wso-wpa-eap.c: Manage UI elements for the key type and + serialize from UI to DBUS. + * gnome/applet/wso-wpa-psk.c: Cannot fail and always returns at least + one element. + * libnm-util/dbus-helpers.c: Update nmu_security_serialize_wpa_eap(), + nmu_security_serialize_wpa_eap_with_cipher(), and + nmu_security_deserialize_wpa_eap() to take a "key_type" parameter and + serialize/deserialize the key type via DBUS as the new third DBUS + parameter. + * libnm-util/dbus-helpers.h: Update prototypes. + * src/nm-ap-security-wpa-eap.c: Deserialize the key type from DBUS, + too. If the key type is WEP104, do Dynamic WEP, which means + "IEEE8021X" for "key_mgmt". Also add support for user-specified + pairwise and group ciphers (fixes a FIXME). + 2006-03-21 Robert Love * src/NetworkManagerSystem.c, src/NetworkManagerSystem.h: Add diff --git a/gnome/applet/applet.glade b/gnome/applet/applet.glade index 3ffa8c1b8..7c1796f4b 100644 --- a/gnome/applet/applet.glade +++ b/gnome/applet/applet.glade @@ -2418,7 +2418,7 @@ Shared Key 8 True - 9 + 10 2 False 4 @@ -2445,8 +2445,8 @@ Shared Key 0 1 - 5 - 6 + 6 + 7 fill @@ -2473,8 +2473,8 @@ Shared Key 0 1 - 6 - 7 + 7 + 8 fill @@ -2493,8 +2493,8 @@ Shared Key 1 2 - 5 - 6 + 6 + 7 fill fill @@ -2513,8 +2513,8 @@ Shared Key 1 2 - 6 - 7 + 7 + 8 fill fill @@ -2541,8 +2541,8 @@ Shared Key 0 1 - 7 - 8 + 8 + 9 fill @@ -2563,8 +2563,8 @@ Shared Key 1 2 - 7 - 8 + 8 + 9 @@ -2590,8 +2590,8 @@ Shared Key 0 1 - 4 - 5 + 5 + 6 fill @@ -2610,8 +2610,8 @@ Shared Key 1 2 - 4 - 5 + 5 + 6 fill fill @@ -2638,8 +2638,8 @@ Shared Key 0 1 - 1 - 2 + 2 + 3 fill @@ -2666,8 +2666,8 @@ Shared Key 0 1 - 2 - 3 + 3 + 4 fill @@ -2694,8 +2694,8 @@ Shared Key 0 1 - 3 - 4 + 4 + 5 fill @@ -2716,8 +2716,8 @@ Shared Key 1 2 - 1 - 2 + 2 + 3 @@ -2737,8 +2737,8 @@ Shared Key 1 2 - 2 - 3 + 3 + 4 @@ -2758,8 +2758,8 @@ Shared Key 1 2 - 3 - 4 + 4 + 5 @@ -2829,8 +2829,8 @@ Shared Key 0 1 - 8 - 9 + 9 + 10 fill @@ -2851,12 +2851,56 @@ Shared Key 1 2 - 8 - 9 + 9 + 10 fill + + + + True + Key Type: + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 1 + 2 + fill + + + + + + + True + False + True + + + 1 + 2 + 1 + 2 + fill + fill + + False diff --git a/gnome/applet/nm-gconf-wso-wpa-eap.c b/gnome/applet/nm-gconf-wso-wpa-eap.c index 66c3ead0b..1df686124 100644 --- a/gnome/applet/nm-gconf-wso-wpa-eap.c +++ b/gnome/applet/nm-gconf-wso-wpa-eap.c @@ -39,6 +39,7 @@ struct _NMGConfWSOWPA_EAPPrivate { int eap_method; + int key_type; int wpa_version; int key_mgmt; const char * identity; @@ -64,11 +65,12 @@ nm_gconf_wso_wpa_eap_new_deserialize_dbus (DBusMessageIter *iter, int we_cipher) char * ca_cert_file = NULL; int wpa_version; int eap_method; + int key_type; g_return_val_if_fail (we_cipher == NM_AUTH_TYPE_WPA_EAP, NULL); g_return_val_if_fail (iter != NULL, NULL); - if (!nmu_security_deserialize_wpa_eap (iter, &eap_method, &identity, &passwd, &anon_identity, &private_key_passwd, + if (!nmu_security_deserialize_wpa_eap (iter, &eap_method, &key_type, &identity, &passwd, &anon_identity, &private_key_passwd, &private_key_file, &client_cert_file, &ca_cert_file, &wpa_version)) goto out; @@ -78,6 +80,7 @@ nm_gconf_wso_wpa_eap_new_deserialize_dbus (DBusMessageIter *iter, int we_cipher) nm_gconf_wso_set_key (NM_GCONF_WSO (security), "FIXME", 5); /* FIXME: What to do about Enterprise keys? */ security->priv->wpa_version = wpa_version; security->priv->eap_method = eap_method; + security->priv->key_type = key_type; security->priv->key_mgmt = IW_AUTH_KEY_MGMT_802_1X; security->priv->identity = g_strdup (identity); security->priv->passwd = g_strdup (passwd); @@ -105,6 +108,7 @@ nm_gconf_wso_wpa_eap_new_deserialize_gconf (GConfClient *client, const char *net char * ca_cert_file = NULL; int wpa_version; int eap_method; + int key_type; int key_mgmt; g_return_val_if_fail (client != NULL, NULL); @@ -118,6 +122,13 @@ nm_gconf_wso_wpa_eap_new_deserialize_gconf (GConfClient *client, const char *net &eap_method)) goto out; + if (!nm_gconf_get_int_helper (client, + GCONF_PATH_WIRELESS_NETWORKS, + WPA_EAP_PREFIX"key_type", + network, + &key_type)) + goto out; + if (!nm_gconf_get_int_helper (client, GCONF_PATH_WIRELESS_NETWORKS, WPA_EAP_PREFIX"wpa_version", @@ -185,6 +196,7 @@ nm_gconf_wso_wpa_eap_new_deserialize_gconf (GConfClient *client, const char *net nm_gconf_wso_set_we_cipher (NM_GCONF_WSO (security), we_cipher); security->priv->wpa_version = wpa_version; security->priv->eap_method = eap_method; + security->priv->key_type = key_type; security->priv->key_mgmt = IW_AUTH_KEY_MGMT_802_1X; security->priv->identity = g_strdup (identity); security->priv->passwd = g_strdup (passwd); @@ -214,6 +226,7 @@ real_serialize_dbus (NMGConfWSO *instance, DBusMessageIter *iter) if (!nmu_security_serialize_wpa_eap (iter, self->priv->eap_method, + self->priv->key_type, self->priv->identity ? : "", self->priv->passwd ? : "", self->priv->anon_identity ? : "", @@ -236,6 +249,10 @@ real_serialize_gconf (NMGConfWSO *instance, GConfClient *client, const char *net gconf_client_set_int (client, key, self->priv->eap_method, NULL); g_free (key); + key = g_strdup_printf ("%s/%s/%skey_type", GCONF_PATH_WIRELESS_NETWORKS, network, WPA_EAP_PREFIX); + gconf_client_set_int (client, key, self->priv->key_type, NULL); + g_free (key); + key = g_strdup_printf ("%s/%s/%swpa_version", GCONF_PATH_WIRELESS_NETWORKS, network, WPA_EAP_PREFIX); gconf_client_set_int (client, key, self->priv->wpa_version, NULL); g_free (key); diff --git a/gnome/applet/wireless-security-option.c b/gnome/applet/wireless-security-option.c index fed6381a3..086ffb6ec 100644 --- a/gnome/applet/wireless-security-option.c +++ b/gnome/applet/wireless-security-option.c @@ -194,8 +194,7 @@ void wso_wep_auth_combo_cleanup (WirelessSecurityOption *opt, GtkComboBox * comb GtkTreeModel * -wso_wpa_create_key_type_model (int capabilities, - int *num_added) +wso_wpa_create_key_type_model (int capabilities, gboolean wpa_eap, int *num_added) { GtkListStore * model; GtkTreeIter iter; @@ -211,14 +210,6 @@ wso_wpa_create_key_type_model (int capabilities, gtk_list_store_set (model, &iter, WPA_KEY_TYPE_NAME_COL, name, WPA_KEY_TYPE_CIPHER_COL, 0, -1); - if (capabilities & NM_802_11_CAP_CIPHER_TKIP) - { - name = _("TKIP"); - gtk_list_store_append (model, &iter); - gtk_list_store_set (model, &iter, WPA_KEY_TYPE_NAME_COL, name, - WPA_KEY_TYPE_CIPHER_COL, IW_AUTH_CIPHER_TKIP, -1); - num++; - } if (capabilities & NM_802_11_CAP_CIPHER_CCMP) { name = _("AES-CCMP"); @@ -227,6 +218,22 @@ wso_wpa_create_key_type_model (int capabilities, WPA_KEY_TYPE_CIPHER_COL, IW_AUTH_CIPHER_CCMP, -1); num++; } + if (capabilities & NM_802_11_CAP_CIPHER_TKIP) + { + name = _("TKIP"); + gtk_list_store_append (model, &iter); + gtk_list_store_set (model, &iter, WPA_KEY_TYPE_NAME_COL, name, + WPA_KEY_TYPE_CIPHER_COL, IW_AUTH_CIPHER_TKIP, -1); + num++; + } + if (wpa_eap && capabilities & NM_802_11_CAP_KEY_MGMT_802_1X) + { + name = _("Dynamic WEP"); + gtk_list_store_append (model, &iter); + gtk_list_store_set (model, &iter, WPA_KEY_TYPE_NAME_COL, name, + WPA_KEY_TYPE_CIPHER_COL, IW_AUTH_CIPHER_WEP104, -1); + num++; + } *num_added = num; return GTK_TREE_MODEL (model); diff --git a/gnome/applet/wso-private.h b/gnome/applet/wso-private.h index d3e248f7f..796d370e9 100644 --- a/gnome/applet/wso-private.h +++ b/gnome/applet/wso-private.h @@ -79,7 +79,7 @@ void wso_wep_auth_combo_cleanup (WirelessSecurityOption *opt, GtkComboBox * co #define WPA_KEY_TYPE_NAME_COL 0 #define WPA_KEY_TYPE_CIPHER_COL 1 -GtkTreeModel * wso_wpa_create_key_type_model (int capabilities, int *num_added); +GtkTreeModel * wso_wpa_create_key_type_model (int capabilities, gboolean wpa_eap, int *num_added); #endif /* WIRELESS_SECURITY_OPTION_PRIVATE_H */ diff --git a/gnome/applet/wso-wpa-eap.c b/gnome/applet/wso-wpa-eap.c index 44342d422..bcc52c269 100644 --- a/gnome/applet/wso-wpa-eap.c +++ b/gnome/applet/wso-wpa-eap.c @@ -40,6 +40,7 @@ struct OptData { int eap_method; + int key_type; const char * identity; const char * passwd; const char * anon_identity; @@ -170,6 +171,11 @@ append_dbus_params_func (WirelessSecurityOption *opt, gtk_combo_box_get_active_iter (GTK_COMBO_BOX (entry), &tree_iter); gtk_tree_model_get (model, &tree_iter, WPA_EAP_VALUE_COL, &opt->data->eap_method, -1); + entry = glade_xml_get_widget (opt->uixml, "wpa_eap_key_type_combo"); + model = gtk_combo_box_get_model (GTK_COMBO_BOX (entry)); + gtk_combo_box_get_active_iter (GTK_COMBO_BOX (entry), &tree_iter); + gtk_tree_model_get (model, &tree_iter, WPA_KEY_TYPE_CIPHER_COL, &opt->data->key_type, -1); + entry = glade_xml_get_widget (opt->uixml, "wpa_eap_identity_entry"); opt->data->identity = gtk_entry_get_text (GTK_ENTRY (entry)) ? : ""; @@ -195,6 +201,7 @@ append_dbus_params_func (WirelessSecurityOption *opt, nmu_security_serialize_wpa_eap_with_cipher (&dbus_iter, opt->data->eap_method, + opt->data->key_type, opt->data->identity, opt->data->passwd, opt->data->anon_identity, @@ -216,9 +223,12 @@ wso_wpa_eap_new (const char *glade_file, WirelessSecurityOption * opt = NULL; OptData * data = NULL; GtkWidget * eap_method_combo; + GtkWidget * key_type_combo; GtkListStore * model; + GtkTreeModel * tree_model; GtkTreeIter iter; GtkCellRenderer * renderer; + int num_added; struct { const char * name; @@ -261,12 +271,25 @@ wso_wpa_eap_new (const char *glade_file, gtk_combo_box_set_model (GTK_COMBO_BOX (eap_method_combo), GTK_TREE_MODEL (model)); gtk_tree_model_get_iter_first (GTK_TREE_MODEL (model), &iter); gtk_combo_box_set_active_iter (GTK_COMBO_BOX (eap_method_combo), &iter); - renderer = gtk_cell_renderer_text_new (); /* FIXME: Why do we need this here but not in the same place in wso-wpa-psk.c ? */ + renderer = gtk_cell_renderer_text_new (); gtk_cell_layout_pack_start (GTK_CELL_LAYOUT (eap_method_combo), renderer, TRUE); gtk_cell_layout_set_attributes (GTK_CELL_LAYOUT (eap_method_combo), renderer, "text", 0, NULL); + key_type_combo = glade_xml_get_widget (opt->uixml, "wpa_eap_key_type_combo"); + tree_model = wso_wpa_create_key_type_model (capabilities, TRUE, &num_added); + gtk_combo_box_set_model (GTK_COMBO_BOX (key_type_combo), tree_model); + gtk_tree_model_get_iter_first (tree_model, &iter); + gtk_combo_box_set_active_iter (GTK_COMBO_BOX (key_type_combo), &iter); + if (num_added == 1) + gtk_widget_set_sensitive (key_type_combo, FALSE); + + /* FIXME: Why do we need this here but not in the same place in wso-wpa-psk.c ? */ + renderer = gtk_cell_renderer_text_new (); + gtk_cell_layout_pack_start (GTK_CELL_LAYOUT (key_type_combo), renderer, TRUE); + gtk_cell_layout_set_attributes (GTK_CELL_LAYOUT (key_type_combo), renderer, "text", 0, NULL); + /* Option-specific data */ opt->data = data = g_malloc0 (sizeof (OptData)); data->wpa2 = wpa2; diff --git a/gnome/applet/wso-wpa-psk.c b/gnome/applet/wso-wpa-psk.c index e6fcbf5ee..3625a381c 100644 --- a/gnome/applet/wso-wpa-psk.c +++ b/gnome/applet/wso-wpa-psk.c @@ -207,12 +207,7 @@ wso_wpa_psk_new (const char *glade_file, key_type_combo = glade_xml_get_widget (opt->uixml, data->key_type_combo_name); g_signal_connect (G_OBJECT (key_type_combo), "changed", (GCallback) key_type_combo_changed_cb, opt); - model = wso_wpa_create_key_type_model (capabilities, &num_added); - if (!model || !num_added) - { - wso_free (opt); - return NULL; - } + model = wso_wpa_create_key_type_model (capabilities, FALSE, &num_added); gtk_combo_box_set_model (GTK_COMBO_BOX (key_type_combo), model); gtk_tree_model_get_iter_first (model, &iter); gtk_combo_box_set_active_iter (GTK_COMBO_BOX (key_type_combo), &iter); diff --git a/libnm-util/dbus-helpers.c b/libnm-util/dbus-helpers.c index 990c4ea83..072cc1e72 100644 --- a/libnm-util/dbus-helpers.c +++ b/libnm-util/dbus-helpers.c @@ -249,6 +249,7 @@ nmu_security_serialize_wpa_psk_with_cipher (DBusMessage *message, dbus_bool_t nmu_security_serialize_wpa_eap (DBusMessageIter *iter, int eap_method, + int key_type, const char *identity, const char *passwd, const char *anon_identity, @@ -267,32 +268,39 @@ nmu_security_serialize_wpa_eap (DBusMessageIter *iter, || (eap_method == NM_EAP_METHOD_PEAP) || (eap_method == NM_EAP_METHOD_TLS) || (eap_method == NM_EAP_METHOD_TTLS), FALSE); + g_return_val_if_fail ((key_type == 0) + || (key_type == IW_AUTH_CIPHER_CCMP) + || (key_type == IW_AUTH_CIPHER_TKIP) + || (key_type == IW_AUTH_CIPHER_WEP104), FALSE); /* Second arg: EAP method (INT32) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_INT32, &eap_method); - /* Third arg: Identity (STRING) */ + /* Third arg: Key type (INT32) */ + dbus_message_iter_append_basic (iter, DBUS_TYPE_INT32, &key_type); + + /* Fourth arg: Identity (STRING) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_STRING, &identity); - /* Fourth arg: Password (STRING) */ + /* Fifth arg: Password (STRING) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_STRING, &passwd); - /* Fifth arg: Anonymous Identity (STRING) */ + /* Sixth arg: Anonymous Identity (STRING) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_STRING, &anon_identity); - /* Sixth arg: Private key password (STRING) */ + /* Seventh arg: Private key password (STRING) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_STRING, &private_key_passwd); - /* Seventh arg: Private key file (STRING) */ + /* Eighth arg: Private key file (STRING) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_STRING, &private_key_file); - /* Eighth arg: Client certificate file (STRING) */ + /* Ninth arg: Client certificate file (STRING) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_STRING, &client_cert_file); - /* Ninth arg: CA certificate file (STRING) */ + /* Tenth arg: CA certificate file (STRING) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_STRING, &ca_cert_file); - /* Tenth and final arg: WPA version (INT32) */ + /* Eleventh and final arg: WPA version (INT32) */ dbus_message_iter_append_basic (iter, DBUS_TYPE_INT32, &wpa_version); return TRUE; @@ -302,6 +310,7 @@ nmu_security_serialize_wpa_eap (DBusMessageIter *iter, dbus_bool_t nmu_security_serialize_wpa_eap_with_cipher (DBusMessageIter *iter, int eap_method, + int key_type, const char *identity, const char *passwd, const char *anon_identity, @@ -322,11 +331,15 @@ nmu_security_serialize_wpa_eap_with_cipher (DBusMessageIter *iter, || (eap_method == NM_EAP_METHOD_PEAP) || (eap_method == NM_EAP_METHOD_TLS) || (eap_method == NM_EAP_METHOD_TTLS), FALSE); + g_return_val_if_fail ((key_type == 0) + || (key_type == IW_AUTH_CIPHER_CCMP) + || (key_type == IW_AUTH_CIPHER_TKIP) + || (key_type == IW_AUTH_CIPHER_WEP104), FALSE); /* First arg: WE Cipher (INT32) */ we_cipher_append_helper (iter, NM_AUTH_TYPE_WPA_EAP); - result = nmu_security_serialize_wpa_eap (iter, eap_method, identity, passwd, anon_identity, private_key_passwd, + result = nmu_security_serialize_wpa_eap (iter, eap_method, key_type, identity, passwd, anon_identity, private_key_passwd, private_key_file, client_cert_file, ca_cert_file, wpa_version); return result; @@ -338,6 +351,7 @@ nmu_security_serialize_wpa_eap_with_cipher (DBusMessageIter *iter, dbus_bool_t nmu_security_deserialize_wpa_eap (DBusMessageIter *iter, int *eap_method, + int *key_type, char **identity, char **passwd, char **anon_identity, @@ -356,8 +370,11 @@ nmu_security_deserialize_wpa_eap (DBusMessageIter *iter, char * dbus_ca_cert_file; dbus_int32_t dbus_wpa_version; dbus_int32_t dbus_eap_method; + dbus_int32_t dbus_key_type; g_return_val_if_fail (iter != NULL, FALSE); + g_return_val_if_fail (eap_method != NULL, FALSE); + g_return_val_if_fail (key_type != NULL, FALSE); g_return_val_if_fail (identity != NULL, FALSE); g_return_val_if_fail (*identity == NULL, FALSE); g_return_val_if_fail (passwd != NULL, FALSE); @@ -385,49 +402,58 @@ nmu_security_deserialize_wpa_eap (DBusMessageIter *iter, || (dbus_eap_method == NM_EAP_METHOD_TLS) || (dbus_eap_method == NM_EAP_METHOD_TTLS), FALSE); - /* Third arg: Identity (STRING) */ + /* Third arg: Key type (INT32) */ + g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); + g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_INT32, FALSE); + dbus_message_iter_get_basic (iter, &dbus_key_type); + g_return_val_if_fail ((dbus_key_type == 0) + || (dbus_key_type == IW_AUTH_CIPHER_CCMP) + || (dbus_key_type == IW_AUTH_CIPHER_TKIP) + || (dbus_key_type == IW_AUTH_CIPHER_WEP104), FALSE); + + /* Fourth arg: Identity (STRING) */ g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_STRING, FALSE); dbus_message_iter_get_basic (iter, &dbus_identity); g_return_val_if_fail (dbus_identity != NULL, FALSE); - /* Fourth arg: Password (STRING) */ + /* Fifth arg: Password (STRING) */ g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_STRING, FALSE); dbus_message_iter_get_basic (iter, &dbus_password); g_return_val_if_fail (dbus_password != NULL, FALSE); - /* Fifth arg: Anonymous Identity (STRING) */ + /* Sixth arg: Anonymous Identity (STRING) */ g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_STRING, FALSE); dbus_message_iter_get_basic (iter, &dbus_anon_identity); g_return_val_if_fail (dbus_anon_identity != NULL, FALSE); - /* Sixth arg: Private key password (STRING) */ + /* Seventh arg: Private key password (STRING) */ g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_STRING, FALSE); dbus_message_iter_get_basic (iter, &dbus_private_key_passwd); g_return_val_if_fail (dbus_private_key_passwd != NULL, FALSE); - /* Seventh arg: Private key file (STRING) */ + /* Eighth arg: Private key file (STRING) */ g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_STRING, FALSE); dbus_message_iter_get_basic (iter, &dbus_private_key_file); g_return_val_if_fail (dbus_private_key_file != NULL, FALSE); - /* Eighth arg: Client certificate file (STRING) */ + /* Ninth arg: Client certificate file (STRING) */ g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_STRING, FALSE); dbus_message_iter_get_basic (iter, &dbus_client_cert_file); g_return_val_if_fail (dbus_client_cert_file != NULL, FALSE); - /* Ninth arg: CA certificate file (STRING) */ + /* Tenth arg: CA certificate file (STRING) */ g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_STRING, FALSE); dbus_message_iter_get_basic (iter, &dbus_ca_cert_file); g_return_val_if_fail (dbus_ca_cert_file != NULL, FALSE); - /* Tenth and final arg: WPA version (INT32) */ + /* Eleventh and final arg: WPA version (INT32) */ g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_INT32, FALSE); dbus_message_iter_get_basic (iter, &dbus_wpa_version); @@ -435,6 +461,7 @@ nmu_security_deserialize_wpa_eap (DBusMessageIter *iter, || (dbus_wpa_version == IW_AUTH_WPA_VERSION_WPA2), FALSE); *eap_method = dbus_eap_method; + *key_type = dbus_key_type; *identity = strlen (dbus_identity) > 0 ? dbus_identity : NULL; *passwd = strlen (dbus_password) > 0 ? dbus_password : NULL; *anon_identity = strlen (dbus_anon_identity) > 0 ? dbus_anon_identity : NULL; diff --git a/libnm-util/dbus-helpers.h b/libnm-util/dbus-helpers.h index 713f425eb..8bc56c6b1 100644 --- a/libnm-util/dbus-helpers.h +++ b/libnm-util/dbus-helpers.h @@ -67,6 +67,7 @@ dbus_bool_t nmu_security_serialize_wpa_psk_with_cipher (DBusMessage *message, dbus_bool_t nmu_security_serialize_wpa_eap (DBusMessageIter *iter, int eap_method, + int key_type, const char *identity, const char *passwd, const char *anon_identity, @@ -78,6 +79,7 @@ dbus_bool_t nmu_security_serialize_wpa_eap (DBusMessageIter *iter, dbus_bool_t nmu_security_serialize_wpa_eap_with_cipher (DBusMessageIter *iter, int eap_method, + int key_type, const char *identity, const char *passwd, const char *anon_identity, @@ -89,6 +91,7 @@ dbus_bool_t nmu_security_serialize_wpa_eap_with_cipher (DBusMessageIter *iter, dbus_bool_t nmu_security_deserialize_wpa_eap (DBusMessageIter *iter, int *eap_method, + int *key_type, char **identity, char **passwd, char **anon_identity, diff --git a/src/nm-ap-security-wpa-eap.c b/src/nm-ap-security-wpa-eap.c index 0cd107da3..c60623124 100644 --- a/src/nm-ap-security-wpa-eap.c +++ b/src/nm-ap-security-wpa-eap.c @@ -37,6 +37,7 @@ struct _NMAPSecurityWPA_EAPPrivate { int eap_method; + int key_type; int wpa_version; int key_mgmt; char * identity; @@ -54,6 +55,7 @@ nm_ap_security_wpa_eap_new_deserialize (DBusMessageIter *iter) { NMAPSecurityWPA_EAP * security = NULL; int eap_method; + int key_type; int wpa_version; char * identity = NULL; char * passwd = NULL; @@ -65,9 +67,9 @@ nm_ap_security_wpa_eap_new_deserialize (DBusMessageIter *iter) g_return_val_if_fail (iter != NULL, NULL); - if (!nmu_security_deserialize_wpa_eap (iter, &eap_method, &identity, &passwd, &anon_identity, - &private_key_passwd, &private_key_file, &client_cert_file, - &ca_cert_file, &wpa_version)) + if (!nmu_security_deserialize_wpa_eap (iter, &eap_method, &key_type, &identity, &passwd, + &anon_identity, &private_key_passwd, &private_key_file, + &client_cert_file, &ca_cert_file, &wpa_version)) goto out; /* Success, build up our security object */ @@ -75,6 +77,7 @@ nm_ap_security_wpa_eap_new_deserialize (DBusMessageIter *iter) nm_ap_security_set_we_cipher (NM_AP_SECURITY (security), NM_AUTH_TYPE_WPA_EAP); nm_ap_security_set_key (NM_AP_SECURITY (security), "FIXME", 5); /* FIXME: what do we do for Enterprise? */ security->priv->eap_method = eap_method; + security->priv->key_type = key_type; security->priv->wpa_version = wpa_version; security->priv->key_mgmt = IW_AUTH_KEY_MGMT_802_1X; security->priv->identity = g_strdup (identity); @@ -129,6 +132,7 @@ real_serialize (NMAPSecurity *instance, DBusMessageIter *iter) if (!nmu_security_serialize_wpa_eap (iter, self->priv->eap_method, + self->priv->key_type, self->priv->identity ? : "", self->priv->passwd ? : "", self->priv->anon_identity ? : "", @@ -177,11 +181,11 @@ real_write_supplicant_config (NMAPSecurity *instance, const char * ca_cert_file = self->priv->ca_cert_file; const char * client_cert_file = self->priv->client_cert_file; int wpa_version = self->priv->wpa_version; - int cipher = nm_ap_security_get_we_cipher (instance); int key_mgmt = self->priv->key_mgmt; int eap_method = self->priv->eap_method; + int key_type = self->priv->key_type; - g_return_val_if_fail (cipher == NM_AUTH_TYPE_WPA_EAP, FALSE); + g_return_val_if_fail (nm_ap_security_get_we_cipher (instance) == NM_AUTH_TYPE_WPA_EAP, FALSE); g_return_val_if_fail (key_mgmt == IW_AUTH_KEY_MGMT_802_1X, FALSE); g_return_val_if_fail (wpa_version == IW_AUTH_WPA_VERSION_WPA || wpa_version == IW_AUTH_WPA_VERSION_WPA2, FALSE); @@ -192,6 +196,10 @@ real_write_supplicant_config (NMAPSecurity *instance, || eap_method == NM_EAP_METHOD_PEAP || eap_method == NM_EAP_METHOD_TLS || eap_method == NM_EAP_METHOD_TTLS, FALSE); + g_return_val_if_fail ((key_type == 0) + || (key_type == IW_AUTH_CIPHER_CCMP) + || (key_type == IW_AUTH_CIPHER_TKIP) + || (key_type == IW_AUTH_CIPHER_WEP104), FALSE); /* WPA-EAP network setup */ @@ -206,8 +214,17 @@ real_write_supplicant_config (NMAPSecurity *instance, goto out; } - if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, "SET_NETWORK %i key_mgmt WPA-EAP", nwid)) - goto out; + if (key_type != IW_AUTH_CIPHER_WEP104) + { + if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, "SET_NETWORK %i key_mgmt WPA-EAP", nwid)) + goto out; + } + else + { + /* So-called Dynamic WEP */ + if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, "SET_NETWORK %i key_mgmt IEEE8021X", nwid)) + goto out; + } if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, "SET_NETWORK %i eap %s", nwid, get_eap_method (eap_method))) goto out; @@ -253,34 +270,31 @@ real_write_supplicant_config (NMAPSecurity *instance, if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, "SET_NETWORK %i ca_cert \"%s\"", nwid, ca_cert_file)) goto out; -#if 0 /* Right now we always let wpa_supplicant sort out the pairwise and group cipher */ /* - * FIXME: Technically, the pairwise cipher does not need to be the same as - * the group cipher. Fixing this requires changes in the UI. + * Set the pairwise and group cipher, if the user provided one. If user selected "Automatic", we + * let wpa_supplicant sort it out. Likewise, if the user selected "Dynamic WEP", we do nothing. */ - if (cipher == IW_AUTH_CIPHER_TKIP) - pairwise_cipher = group_cipher = "TKIP"; - else if (cipher == IW_AUTH_CIPHER_CCMP) - pairwise_cipher = group_cipher = "CCMP"; - else if (cipher == IW_AUTH_CIPHER_NONE) - pairwise_cipher = group_cipher = "NONE"; - - /* Ad-Hoc requires pairwise cipher of NONE */ - if (user_created) - pairwise_cipher = "NONE"; - - /* If user selected "Automatic", we let wpa_supplicant sort it out */ - if (cipher != NM_AUTH_TYPE_WPA_PSK_AUTO) + if (key_type != NM_AUTH_TYPE_WPA_PSK_AUTO && key_type != IW_AUTH_CIPHER_WEP104) { + const char *cipher; + + /* + * FIXME: Technically, the pairwise cipher does not need to be the same as + * the group cipher. Fixing this requires changes in the UI. + */ + if (key_type == IW_AUTH_CIPHER_TKIP) + cipher = "TKIP"; + else /* IW_AUTH_CIPHER_CCMP */ + cipher = "CCMP"; + if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, - "SET_NETWORK %i pairwise %s", nwid, pairwise_cipher)) + "SET_NETWORK %i pairwise %s", nwid, cipher)) goto out; if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, - "SET_NETWORK %i group %s", nwid, group_cipher)) + "SET_NETWORK %i group %s", nwid, cipher)) goto out; } -#endif success = TRUE; @@ -312,6 +326,7 @@ real_copy_constructor (NMAPSecurity *instance) NMAPSecurityWPA_EAP * self = NM_AP_SECURITY_WPA_EAP (instance); dst->priv->eap_method = self->priv->eap_method; + dst->priv->key_type = self->priv->key_type; dst->priv->wpa_version = self->priv->wpa_version; dst->priv->key_mgmt = self->priv->key_mgmt; dst->priv->identity = self->priv->identity;