/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
/*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
*
* Copyright 2011-2013 Red Hat, Inc.
* Copyright 2011 Giovanni Campagna
*/
/**
* SECTION:nmt-secret-agent
* @short_description: A secret agent
*
* #NmtSecretAgent is the secret agent used by nmtui-connect.
*
* This is a stripped-down version of gnome-shell's ShellNetworkAgent,
* with bits of the corresponding JavaScript code squished down into
* it. It is intended to eventually be generic enough that it could
* replace ShellNetworkAgent.
*/
#include "config.h"
#include
#include
#include
#include
#include "nmt-secret-agent.h"
#include "nmt-newt.h"
G_DEFINE_TYPE (NmtSecretAgent, nmt_secret_agent, NM_TYPE_SECRET_AGENT)
#define NMT_SECRET_AGENT_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NMT_TYPE_SECRET_AGENT, NmtSecretAgentPrivate))
enum {
REQUEST_SECRETS,
LAST_SIGNAL
};
static guint signals[LAST_SIGNAL] = { 0 };
typedef struct {
NmtSecretAgent *self;
gchar *request_id;
NMConnection *connection;
gchar **hints;
NMSecretAgentGetSecretsFunc callback;
gpointer callback_data;
} NmtSecretAgentRequest;
typedef struct {
/* */
GHashTable *requests;
} NmtSecretAgentPrivate;
static void
nmt_secret_agent_request_free (gpointer data)
{
NmtSecretAgentRequest *request = data;
g_object_unref (request->self);
g_object_unref (request->connection);
g_strfreev (request->hints);
g_slice_free (NmtSecretAgentRequest, request);
}
static void
nmt_secret_agent_init (NmtSecretAgent *agent)
{
NmtSecretAgentPrivate *priv = NMT_SECRET_AGENT_GET_PRIVATE (agent);
priv->requests = g_hash_table_new_full (g_str_hash, g_str_equal,
g_free, nmt_secret_agent_request_free);
}
static void
nmt_secret_agent_finalize (GObject *object)
{
NmtSecretAgentPrivate *priv = NMT_SECRET_AGENT_GET_PRIVATE (object);
GError *error;
GHashTableIter iter;
gpointer key;
gpointer value;
error = g_error_new (NM_SECRET_AGENT_ERROR,
NM_SECRET_AGENT_ERROR_AGENT_CANCELED,
"The secret agent is going away");
g_hash_table_iter_init (&iter, priv->requests);
while (g_hash_table_iter_next (&iter, &key, &value)) {
NmtSecretAgentRequest *request = value;
request->callback (NM_SECRET_AGENT (object),
request->connection,
NULL, error,
request->callback_data);
}
g_hash_table_destroy (priv->requests);
g_error_free (error);
G_OBJECT_CLASS (nmt_secret_agent_parent_class)->finalize (object);
}
static gboolean
strv_has (gchar **haystack,
gchar *needle)
{
gchar *iter;
for (iter = *haystack; iter; iter++) {
if (g_strcmp0 (iter, needle) == 0)
return TRUE;
}
return FALSE;
}
/**
* NmtSecretAgentSecret:
* @name: the user-visible name of the secret. Eg, "WEP Passphrase".
* @value: the value of the secret
* @password: %TRUE if this secret represents a password, %FALSE
* if it represents non-secret data.
*
* A single "secret" being requested.
*/
typedef struct {
NmtSecretAgentSecret base;
NMSetting *setting;
char *property;
NmtNewtEntryValidator validator;
gpointer validator_data;
} NmtSecretAgentSecretReal;
static void
nmt_secret_agent_secret_free (NmtSecretAgentSecret *secret)
{
NmtSecretAgentSecretReal *real = (NmtSecretAgentSecretReal *)secret;
g_free (secret->name);
g_free (secret->value);
g_free (real->property);
g_clear_object (&real->setting);
g_slice_free (NmtSecretAgentSecretReal, real);
}
static NmtSecretAgentSecret *
nmt_secret_agent_secret_new (const char *name,
NMSetting *setting,
const char *property,
gboolean password)
{
NmtSecretAgentSecretReal *real;
real = g_slice_new0 (NmtSecretAgentSecretReal);
real->base.name = g_strdup (name);
real->base.password = password;
if (setting) {
real->setting = g_object_ref (setting);
real->property = g_strdup (property);
g_object_get (setting, property, &real->base.value, NULL);
}
return &real->base;
}
static gboolean
add_8021x_secrets (NmtSecretAgentRequest *request,
GPtrArray *secrets)
{
NMSetting8021x *s_8021x = nm_connection_get_setting_802_1x (request->connection);
const char *eap_method;
NmtSecretAgentSecret *secret;
eap_method = nm_setting_802_1x_get_eap_method (s_8021x, 0);
if (!eap_method)
return FALSE;
if ( !strcmp (eap_method, "md5")
|| !strcmp (eap_method, "leap")
|| !strcmp (eap_method, "ttls")
|| !strcmp (eap_method, "peap")) {
/* TTLS and PEAP are actually much more complicated, but this complication
* is not visible here since we only care about phase2 authentication
* (and don't even care of which one)
*/
secret = nmt_secret_agent_secret_new (_("Username"),
NM_SETTING (s_8021x),
NM_SETTING_802_1X_IDENTITY,
FALSE);
g_ptr_array_add (secrets, secret);
secret = nmt_secret_agent_secret_new (_("Password"),
NM_SETTING (s_8021x),
NM_SETTING_802_1X_PASSWORD,
TRUE);
g_ptr_array_add (secrets, secret);
return TRUE;
}
if (!strcmp (eap_method, "tls")) {
secret = nmt_secret_agent_secret_new (_("Identity"),
NM_SETTING (s_8021x),
NM_SETTING_802_1X_IDENTITY,
FALSE);
g_ptr_array_add (secrets, secret);
secret = nmt_secret_agent_secret_new (_("Private key password"),
NM_SETTING (s_8021x),
NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD,
TRUE);
g_ptr_array_add (secrets, secret);
return TRUE;
}
return FALSE;
}
static gboolean
add_wireless_secrets (NmtSecretAgentRequest *request,
GPtrArray *secrets)
{
NMSettingWirelessSecurity *s_wsec = nm_connection_get_setting_wireless_security (request->connection);
const char *key_mgmt = nm_setting_wireless_security_get_key_mgmt (s_wsec);
NmtSecretAgentSecret *secret;
if (!key_mgmt)
return FALSE;
if (!strcmp (key_mgmt, "wpa-none") || !strcmp (key_mgmt, "wpa-psk")) {
secret = nmt_secret_agent_secret_new (_("Password"),
NM_SETTING (s_wsec),
NM_SETTING_WIRELESS_SECURITY_PSK,
TRUE);
g_ptr_array_add (secrets, secret);
return TRUE;
}
if (!strcmp (key_mgmt, "none")) {
int index;
char *key;
index = nm_setting_wireless_security_get_wep_tx_keyidx (s_wsec);
key = g_strdup_printf ("wep-key%d", index);
secret = nmt_secret_agent_secret_new (_("Key"),
NM_SETTING (s_wsec),
key,
TRUE);
g_free (key);
#if 0
nmt_secret_agent_secret_set_validator (secret, static_wep_key_validate,
nm_setting_wireless_security_get_wep_key_type (s_wsec));
#endif
g_ptr_array_add (secrets, secret);
return TRUE;
}
if (!strcmp (key_mgmt, "iee8021x")) {
if (!g_strcmp0 (nm_setting_wireless_security_get_auth_alg (s_wsec), "leap")) {
secret = nmt_secret_agent_secret_new (_("Password"),
NM_SETTING (s_wsec),
NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD,
TRUE);
g_ptr_array_add (secrets, secret);
return TRUE;
} else
return add_8021x_secrets (request, secrets);
}
if (!strcmp (key_mgmt, "wpa-eap"))
return add_8021x_secrets (request, secrets);
return FALSE;
}
static gboolean
add_pppoe_secrets (NmtSecretAgentRequest *request,
GPtrArray *secrets)
{
NMSettingPPPOE *s_pppoe = nm_connection_get_setting_pppoe (request->connection);
NmtSecretAgentSecret *secret;
secret = nmt_secret_agent_secret_new (_("Username"),
NM_SETTING (s_pppoe),
NM_SETTING_PPPOE_USERNAME,
FALSE);
g_ptr_array_add (secrets, secret);
secret = nmt_secret_agent_secret_new (_("Service"),
NM_SETTING (s_pppoe),
NM_SETTING_PPPOE_SERVICE,
FALSE);
g_ptr_array_add (secrets, secret);
secret = nmt_secret_agent_secret_new (_("Password"),
NM_SETTING (s_pppoe),
NM_SETTING_PPPOE_PASSWORD,
TRUE);
g_ptr_array_add (secrets, secret);
return TRUE;
}
static void
request_secrets_from_ui (NmtSecretAgentRequest *request)
{
GPtrArray *secrets;
NmtSecretAgentSecret *secret;
const char *title;
char *msg;
gboolean ok = TRUE;
secrets = g_ptr_array_new_with_free_func ((GDestroyNotify) nmt_secret_agent_secret_free);
if (nm_connection_is_type (request->connection, NM_SETTING_WIRELESS_SETTING_NAME)) {
NMSettingWireless *s_wireless;
char *ssid;
s_wireless = nm_connection_get_setting_wireless (request->connection);
ssid = nm_utils_ssid_to_utf8 (nm_setting_wireless_get_ssid (s_wireless));
title = _("Authentication required by wireless network");
msg = g_strdup_printf (_("Passwords or encryption keys are required to access the wireless network '%s'."), ssid);
ok = add_wireless_secrets (request, secrets);
} else if (nm_connection_is_type (request->connection, NM_SETTING_WIRED_SETTING_NAME)) {
NMSettingConnection *s_con;
s_con = nm_connection_get_setting_connection (request->connection);
title = _("Wired 802.1X authentication");
msg = NULL;
secret = nmt_secret_agent_secret_new (_("Network name"),
NM_SETTING (s_con),
NM_SETTING_CONNECTION_ID,
FALSE);
g_ptr_array_add (secrets, secret);
ok = add_8021x_secrets (request, secrets);
} else if (nm_connection_is_type (request->connection, NM_SETTING_PPPOE_SETTING_NAME)) {
title = _("DSL authentication");
msg = NULL;
ok = add_pppoe_secrets (request, secrets);
} else if (nm_connection_is_type (request->connection, NM_SETTING_GSM_SETTING_NAME)) {
NMSettingGsm *s_gsm = nm_connection_get_setting_gsm (request->connection);
if (strv_has (request->hints, "pin")) {
title = _("PIN code required");
msg = g_strdup (_("PIN code is needed for the mobile broadband device"));
secret = nmt_secret_agent_secret_new (_("PIN"),
NM_SETTING (s_gsm),
NM_SETTING_GSM_PIN,
FALSE);
g_ptr_array_add (secrets, secret);
} else {
title = _("Mobile broadband network password");
msg = g_strdup_printf (_("A password is required to connect to '%s'."),
nm_connection_get_id (request->connection));
secret = nmt_secret_agent_secret_new (_("Password"),
NM_SETTING (s_gsm),
NM_SETTING_GSM_PASSWORD,
TRUE);
g_ptr_array_add (secrets, secret);
}
} else if (nm_connection_is_type (request->connection, NM_SETTING_CDMA_SETTING_NAME)) {
NMSettingCdma *s_cdma = nm_connection_get_setting_cdma (request->connection);
title = _("Mobile broadband network password");
msg = g_strdup_printf (_("A password is required to connect to '%s'."),
nm_connection_get_id (request->connection));
secret = nmt_secret_agent_secret_new (_("Password"),
NM_SETTING (s_cdma),
NM_SETTING_CDMA_PASSWORD,
TRUE);
g_ptr_array_add (secrets, secret);
} else if (nm_connection_is_type (request->connection, NM_SETTING_BLUETOOTH_SETTING_NAME)) {
NMSetting *setting;
setting = nm_connection_get_setting_by_name (request->connection, NM_SETTING_GSM_SETTING_NAME);
if (!setting)
setting = nm_connection_get_setting_by_name (request->connection, NM_SETTING_CDMA_SETTING_NAME);
title = _("Mobile broadband network password");
msg = g_strdup_printf (_("A password is required to connect to '%s'."),
nm_connection_get_id (request->connection));
secret = nmt_secret_agent_secret_new (_("Password"),
setting,
"password",
TRUE);
g_ptr_array_add (secrets, secret);
} else
ok = FALSE;
if (!ok) {
g_ptr_array_unref (secrets);
return;
}
g_signal_emit (request->self, signals[REQUEST_SECRETS], 0,
request->request_id, title, msg, secrets);
}
static void
nmt_secret_agent_get_secrets (NMSecretAgent *agent,
NMConnection *connection,
const gchar *connection_path,
const gchar *setting_name,
const gchar **hints,
NMSecretAgentGetSecretsFlags flags,
NMSecretAgentGetSecretsFunc callback,
gpointer callback_data)
{
NmtSecretAgent *self = NMT_SECRET_AGENT (agent);
NmtSecretAgentPrivate *priv = NMT_SECRET_AGENT_GET_PRIVATE (self);
NmtSecretAgentRequest *request;
NMSettingConnection *s_con;
const char *connection_type;
char *request_id;
GError *error;
request_id = g_strdup_printf ("%s/%s", connection_path, setting_name);
if (g_hash_table_lookup (priv->requests, request_id) != NULL) {
/* We already have a request pending for this (connection, setting) */
error = g_error_new (NM_SECRET_AGENT_ERROR, NM_SECRET_AGENT_ERROR_INTERNAL_ERROR,
"Request for %s secrets already pending", request_id);
nope:
callback (agent, connection, NULL, error, callback_data);
g_error_free (error);
g_free (request_id);
return;
}
s_con = nm_connection_get_setting_connection (connection);
connection_type = nm_setting_connection_get_connection_type (s_con);
if (!strcmp (connection_type, NM_SETTING_VPN_SETTING_NAME)) {
/* We don't support VPN secrets yet */
error = g_error_new (NM_SECRET_AGENT_ERROR, NM_SECRET_AGENT_ERROR_NO_SECRETS,
"VPN secrets not supported");
goto nope;
}
if (!(flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION)) {
/* We don't do stored passwords */
error = g_error_new (NM_SECRET_AGENT_ERROR, NM_SECRET_AGENT_ERROR_NO_SECRETS,
"Stored passwords not supported");
goto nope;
}
request = g_slice_new (NmtSecretAgentRequest);
request->self = g_object_ref (self);
request->connection = g_object_ref (connection);
request->hints = g_strdupv ((gchar **)hints);
request->callback = callback;
request->callback_data = callback_data;
request->request_id = request_id;
g_hash_table_replace (priv->requests, request->request_id, request);
request_secrets_from_ui (request);
}
static void
gvalue_destroy_notify (gpointer data)
{
GValue *value = data;
g_value_unset (value);
g_slice_free (GValue, value);
}
/**
* nmt_secret_agent_response:
* @self: the #NmtSecretAgent
* @request_id: the request ID being responded to
* @secrets: (allow-none): the array of secrets, or %NULL
*
* Response to a #NmtSecretAgent::get-secrets signal.
*
* If the user provided secrets, the caller should set the
* corresponding value fields in the
* #NmtSecretAgentSecrets (freeing any initial values they had), and
* pass the array to nmt_secret_agent_response(). If the user
* cancelled the request, @secrets should be NULL.
*/
void
nmt_secret_agent_response (NmtSecretAgent *self,
const char *request_id,
GPtrArray *secrets)
{
NmtSecretAgentPrivate *priv;
NmtSecretAgentRequest *request;
GHashTable *hash = NULL, *setting_hash;
GValue *value;
GError *error = NULL;
int i;
g_return_if_fail (NMT_IS_SECRET_AGENT (self));
priv = NMT_SECRET_AGENT_GET_PRIVATE (self);
request = g_hash_table_lookup (priv->requests, request_id);
g_return_if_fail (request != NULL);
if (secrets) {
hash = g_hash_table_new_full (g_str_hash, g_str_equal, NULL, (GDestroyNotify) g_hash_table_unref);
for (i = 0; i < secrets->len; i++) {
NmtSecretAgentSecretReal *secret = secrets->pdata[i];
setting_hash = g_hash_table_lookup (hash, nm_setting_get_name (secret->setting));
if (!setting_hash) {
setting_hash = g_hash_table_new_full (g_str_hash, g_str_equal,
g_free, gvalue_destroy_notify);
g_hash_table_insert (hash, (char *)nm_setting_get_name (secret->setting),
setting_hash);
}
value = g_slice_new0 (GValue);
g_value_init (value, G_TYPE_STRING);
g_value_set_string (value, secret->base.value);
g_hash_table_insert (setting_hash, g_strdup (secret->property), value);
}
} else {
error = g_error_new (NM_SECRET_AGENT_ERROR, NM_SECRET_AGENT_ERROR_USER_CANCELED,
"User cancelled");
}
request->callback (NM_SECRET_AGENT (self), request->connection, hash, error, request->callback_data);
g_clear_pointer (&hash, g_hash_table_unref);
g_clear_error (&error);
g_hash_table_remove (priv->requests, request_id);
}
static void
nmt_secret_agent_cancel_get_secrets (NMSecretAgent *agent,
const gchar *connection_path,
const gchar *setting_name)
{
/* We don't support cancellation. Sorry! */
}
static void
nmt_secret_agent_save_secrets (NMSecretAgent *agent,
NMConnection *connection,
const gchar *connection_path,
NMSecretAgentSaveSecretsFunc callback,
gpointer callback_data)
{
/* We don't support secret storage */
callback (agent, connection, NULL, callback_data);}
static void
nmt_secret_agent_delete_secrets (NMSecretAgent *agent,
NMConnection *connection,
const gchar *connection_path,
NMSecretAgentDeleteSecretsFunc callback,
gpointer callback_data)
{
/* We don't support secret storage, so there's nothing to delete. */
callback (agent, connection, NULL, callback_data);
}
void
nmt_secret_agent_class_init (NmtSecretAgentClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
NMSecretAgentClass *agent_class = NM_SECRET_AGENT_CLASS (klass);
g_type_class_add_private (klass, sizeof (NmtSecretAgentPrivate));
gobject_class->finalize = nmt_secret_agent_finalize;
agent_class->get_secrets = nmt_secret_agent_get_secrets;
agent_class->cancel_get_secrets = nmt_secret_agent_cancel_get_secrets;
agent_class->save_secrets = nmt_secret_agent_save_secrets;
agent_class->delete_secrets = nmt_secret_agent_delete_secrets;
/**
* NmtSecretAgent::request-secrets:
* @agent: the #NmtSecretAgent
* @request_id: request ID, to eventually pass to
* nmt_secret_agent_response().
* @title: a title for the password dialog
* @prompt: a prompt message for the password dialog
* @secrets: (element-type #NmtSecretAgentSecret): array of secrets
* being requested.
*
* Emitted when the agent requires secrets from the user.
*
* The application should create a password dialog (eg,
* #NmtPasswordDialog) with the given title and prompt, and an
* entry for each element of @secrets. If any of the secrets
* already have a value filled in, the
* corresponding entry should be initialized to that value.
*
* When the dialog is complete, the app must call
* nmt_secret_agent_response() with the results.
*/
signals[REQUEST_SECRETS] = g_signal_new ("request-secrets",
G_TYPE_FROM_CLASS (klass),
0, 0, NULL, NULL, NULL,
G_TYPE_NONE,
4,
G_TYPE_STRING, /* request_id */
G_TYPE_STRING, /* title */
G_TYPE_STRING, /* prompt */
G_TYPE_PTR_ARRAY);
}
/**
* nmt_secret_agent_new:
*
* Creates a new #NmtSecretAgent.
*
* Returns: a new #NmtSecretAgent
*/
NMSecretAgent *
nmt_secret_agent_new (void)
{
return g_object_new (NMT_TYPE_SECRET_AGENT,
NM_SECRET_AGENT_IDENTIFIER, "nmtui",
NM_SECRET_AGENT_AUTO_REGISTER, FALSE,
NULL);
}