[PATCH 1/3] security: add the subject entry to peap and ttls

Gary Ching-Pang Lin Mon, 21 Nov 2011 00:00:36 -0800

Since PEAP and TTLS use both the subject and CA certificate to
verify the RADIUS server, the subject entry was added to fill
the possible security hole.


https://bugzilla.gnome.org/show_bug.cgi?id=341323
---
 src/wireless-security/eap-method-peap.c  |   17 +++++++++
 src/wireless-security/eap-method-peap.ui |   59 ++++++++++++++++++++++--------
 src/wireless-security/eap-method-ttls.c  |   17 +++++++++
 src/wireless-security/eap-method-ttls.ui |   51 ++++++++++++++++++++------
 4 files changed, 118 insertions(+), 26 deletions(-)

diff --git a/src/wireless-security/eap-method-peap.c 
b/src/wireless-security/eap-method-peap.c
index c53eb71..e379e93 100644
--- a/src/wireless-security/eap-method-peap.c
+++ b/src/wireless-security/eap-method-peap.c
@@ -141,6 +141,12 @@ fill_connection (EAPMethod *parent, NMConnection 
*connection)
        if (text && strlen (text))
                g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, 
text, NULL);
 
+       widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_peap_subject_entry"));
+       g_assert (widget);
+       text = gtk_entry_get_text (GTK_ENTRY (widget));
+       if (text && strlen (text))
+               g_object_set (s_8021x, NM_SETTING_802_1X_SUBJECT_MATCH, text, 
NULL);
+
        widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_peap_ca_cert_button"));
        g_assert (widget);
        filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
@@ -383,6 +389,13 @@ eap_method_peap_new (WirelessSecurity *ws_parent,
                          (GCallback) wireless_security_changed_cb,
                          ws_parent);
 
+       widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_peap_subject_entry"));
+       if (s_8021x && nm_setting_802_1x_get_subject_match (s_8021x))
+               gtk_entry_set_text (GTK_ENTRY (widget), 
nm_setting_802_1x_get_subject_match (s_8021x));
+       g_signal_connect (G_OBJECT (widget), "changed",
+                         (GCallback) wireless_security_changed_cb,
+                         ws_parent);
+
        widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_peap_anon_identity_entry"));
        if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x))
                gtk_entry_set_text (GTK_ENTRY (widget), 
nm_setting_802_1x_get_anonymous_identity (s_8021x));
@@ -395,6 +408,10 @@ eap_method_peap_new (WirelessSecurity *ws_parent,
                gtk_widget_hide (widget);
                widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_peap_anon_identity_entry"));
                gtk_widget_hide (widget);
+               widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_peap_subject_label"));
+               gtk_widget_hide (widget);
+               widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_peap_subject_entry"));
+               gtk_widget_hide (widget);
                widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_peap_ca_cert_label"));
                gtk_widget_hide (widget);
                widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_peap_ca_cert_button"));
diff --git a/src/wireless-security/eap-method-peap.ui 
b/src/wireless-security/eap-method-peap.ui
index 04d0a0a..f38fc83 100644
--- a/src/wireless-security/eap-method-peap.ui
+++ b/src/wireless-security/eap-method-peap.ui
@@ -35,7 +35,7 @@
         <child>
           <object class="GtkTable" id="table13">
             <property name="visible">True</property>
-            <property name="n_rows">5</property>
+            <property name="n_rows">6</property>
             <property name="n_columns">2</property>
             <property name="column_spacing">12</property>
             <property name="row_spacing">6</property>
@@ -65,6 +65,35 @@
               </packing>
             </child>
             <child>
+              <object class="GtkLabel" id="eap_peap_subject_label">
+                <property name="visible">True</property>
+                <property name="xalign">0</property>
+                <property name="label" translatable="yes">_Subject:</property>
+                <property name="use_underline">True</property>
+                <property 
name="mnemonic_widget">eap_peap_subject_entry</property>
+              </object>
+              <packing>
+                <property name="top_attach">1</property>
+                <property name="bottom_attach">2</property>
+                <property name="x_options">GTK_FILL</property>
+                <property name="y_options"></property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkEntry" id="eap_peap_subject_entry">
+                <property name="visible">True</property>
+                <property name="can_focus">True</property>
+                <property name="activates_default">True</property>
+              </object>
+              <packing>
+                <property name="left_attach">1</property>
+                <property name="right_attach">2</property>
+                <property name="top_attach">1</property>
+                <property name="bottom_attach">2</property>
+                <property name="y_options"></property>
+              </packing>
+            </child>
+            <child>
               <object class="GtkLabel" id="eap_peap_ca_cert_label">
                 <property name="visible">True</property>
                 <property name="xalign">0</property>
@@ -73,8 +102,8 @@
                 <property 
name="mnemonic_widget">eap_peap_ca_cert_button</property>
               </object>
               <packing>
-                <property name="top_attach">1</property>
-                <property name="bottom_attach">2</property>
+                <property name="top_attach">2</property>
+                <property name="bottom_attach">3</property>
                 <property name="x_options">GTK_FILL</property>
                 <property name="y_options"/>
               </packing>
@@ -86,8 +115,8 @@
               <packing>
                 <property name="left_attach">1</property>
                 <property name="right_attach">2</property>
-                <property name="top_attach">1</property>
-                <property name="bottom_attach">2</property>
+                <property name="top_attach">2</property>
+                <property name="bottom_attach">3</property>
                 <property name="x_options">GTK_FILL</property>
                 <property name="y_options">GTK_FILL</property>
               </packing>
@@ -102,8 +131,8 @@
               </object>
               <packing>
                 <property name="right_attach">2</property>
-                <property name="top_attach">4</property>
-                <property name="bottom_attach">5</property>
+                <property name="top_attach">5</property>
+                <property name="bottom_attach">6</property>
                 <property name="x_options">GTK_FILL</property>
               </packing>
             </child>
@@ -116,8 +145,8 @@
                 <property 
name="mnemonic_widget">eap_peap_inner_auth_combo</property>
               </object>
               <packing>
-                <property name="top_attach">3</property>
-                <property name="bottom_attach">4</property>
+                <property name="top_attach">4</property>
+                <property name="bottom_attach">5</property>
                 <property name="x_options">GTK_FILL</property>
                 <property name="y_options"/>
               </packing>
@@ -136,8 +165,8 @@
               <packing>
                 <property name="left_attach">1</property>
                 <property name="right_attach">2</property>
-                <property name="top_attach">3</property>
-                <property name="bottom_attach">4</property>
+                <property name="top_attach">4</property>
+                <property name="bottom_attach">5</property>
                 <property name="x_options">GTK_FILL</property>
                 <property name="y_options">GTK_FILL</property>
               </packing>
@@ -151,8 +180,8 @@
                 <property 
name="mnemonic_widget">eap_peap_version_combo</property>
               </object>
               <packing>
-                <property name="top_attach">2</property>
-                <property name="bottom_attach">3</property>
+                <property name="top_attach">3</property>
+                <property name="bottom_attach">4</property>
                 <property name="x_options">GTK_FILL</property>
                 <property name="y_options"/>
               </packing>
@@ -171,8 +200,8 @@
               <packing>
                 <property name="left_attach">1</property>
                 <property name="right_attach">2</property>
-                <property name="top_attach">2</property>
-                <property name="bottom_attach">3</property>
+                <property name="top_attach">3</property>
+                <property name="bottom_attach">4</property>
                 <property name="x_options">GTK_FILL</property>
                 <property name="y_options">GTK_FILL</property>
               </packing>
diff --git a/src/wireless-security/eap-method-ttls.c 
b/src/wireless-security/eap-method-ttls.c
index 1a4d6e8..bea8741 100644
--- a/src/wireless-security/eap-method-ttls.c
+++ b/src/wireless-security/eap-method-ttls.c
@@ -136,6 +136,12 @@ fill_connection (EAPMethod *parent, NMConnection 
*connection)
        if (text && strlen (text))
                g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, 
text, NULL);
 
+       widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_ttls_subject_entry"));
+       g_assert (widget);
+       text = gtk_entry_get_text (GTK_ENTRY (widget));
+       if (text && strlen (text))
+               g_object_set (s_8021x, NM_SETTING_802_1X_SUBJECT_MATCH, text, 
NULL);
+
        widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_ttls_ca_cert_button"));
        g_assert (widget);
        filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
@@ -361,6 +367,13 @@ eap_method_ttls_new (WirelessSecurity *ws_parent,
                }
        }
 
+       widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_ttls_subject_entry"));
+       if (s_8021x && nm_setting_802_1x_get_subject_match (s_8021x))
+               gtk_entry_set_text (GTK_ENTRY (widget), 
nm_setting_802_1x_get_subject_match (s_8021x));
+       g_signal_connect (G_OBJECT (widget), "changed",
+                         (GCallback) wireless_security_changed_cb,
+                         ws_parent);
+
        widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_ttls_anon_identity_entry"));
        if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x))
                gtk_entry_set_text (GTK_ENTRY (widget), 
nm_setting_802_1x_get_anonymous_identity (s_8021x));
@@ -376,6 +389,10 @@ eap_method_ttls_new (WirelessSecurity *ws_parent,
                gtk_widget_hide (widget);
                widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_ttls_anon_identity_entry"));
                gtk_widget_hide (widget);
+               widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_ttls_subject_label"));
+               gtk_widget_hide (widget);
+               widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_ttls_subject_entry"));
+               gtk_widget_hide (widget);
                widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_ttls_ca_cert_label"));
                gtk_widget_hide (widget);
                widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, 
"eap_ttls_ca_cert_button"));
diff --git a/src/wireless-security/eap-method-ttls.ui 
b/src/wireless-security/eap-method-ttls.ui
index d77fcb4..4a82630 100644
--- a/src/wireless-security/eap-method-ttls.ui
+++ b/src/wireless-security/eap-method-ttls.ui
@@ -19,7 +19,7 @@
         <child>
           <object class="GtkTable" id="table10">
             <property name="visible">True</property>
-            <property name="n_rows">4</property>
+            <property name="n_rows">5</property>
             <property name="n_columns">2</property>
             <property name="column_spacing">12</property>
             <property name="row_spacing">6</property>
@@ -49,6 +49,35 @@
               </packing>
             </child>
             <child>
+              <object class="GtkLabel" id="eap_ttls_subject_label">
+                <property name="visible">True</property>
+                <property name="xalign">0</property>
+                <property name="label" translatable="yes">_Subject:</property>
+                <property name="use_underline">True</property>
+                <property 
name="mnemonic_widget">eap_ttls_subject_entry</property>
+              </object>
+              <packing>
+                <property name="top_attach">1</property>
+                <property name="bottom_attach">2</property>
+                <property name="x_options">GTK_FILL</property>
+                <property name="y_options"></property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkEntry" id="eap_ttls_subject_entry">
+                <property name="visible">True</property>
+                <property name="can_focus">True</property>
+                <property name="activates_default">True</property>
+              </object>
+              <packing>
+                <property name="left_attach">1</property>
+                <property name="right_attach">2</property>
+                <property name="top_attach">1</property>
+                <property name="bottom_attach">2</property>
+                <property name="y_options"></property>
+              </packing>
+            </child>
+            <child>
               <object class="GtkLabel" id="eap_ttls_ca_cert_label">
                 <property name="visible">True</property>
                 <property name="xalign">0</property>
@@ -57,8 +86,8 @@
                 <property 
name="mnemonic_widget">eap_ttls_ca_cert_button</property>
               </object>
               <packing>
-                <property name="top_attach">1</property>
-                <property name="bottom_attach">2</property>
+                <property name="top_attach">2</property>
+                <property name="bottom_attach">3</property>
                 <property name="x_options">GTK_FILL</property>
                 <property name="y_options"/>
               </packing>
@@ -70,8 +99,8 @@
               <packing>
                 <property name="left_attach">1</property>
                 <property name="right_attach">2</property>
-                <property name="top_attach">1</property>
-                <property name="bottom_attach">2</property>
+                <property name="top_attach">2</property>
+                <property name="bottom_attach">3</property>
                 <property name="x_options">GTK_FILL</property>
                 <property name="y_options">GTK_FILL</property>
               </packing>
@@ -85,8 +114,8 @@
                 <property 
name="mnemonic_widget">eap_ttls_inner_auth_combo</property>
               </object>
               <packing>
-                <property name="top_attach">2</property>
-                <property name="bottom_attach">3</property>
+                <property name="top_attach">3</property>
+                <property name="bottom_attach">4</property>
                 <property name="x_options">GTK_FILL</property>
                 <property name="y_options"/>
               </packing>
@@ -105,8 +134,8 @@
               <packing>
                 <property name="left_attach">1</property>
                 <property name="right_attach">2</property>
-                <property name="top_attach">2</property>
-                <property name="bottom_attach">3</property>
+                <property name="top_attach">3</property>
+                <property name="bottom_attach">4</property>
                 <property name="x_options">GTK_FILL</property>
                 <property name="y_options">GTK_FILL</property>
               </packing>
@@ -122,8 +151,8 @@
               </object>
               <packing>
                 <property name="right_attach">2</property>
-                <property name="top_attach">3</property>
-                <property name="bottom_attach">4</property>
+                <property name="top_attach">4</property>
+                <property name="bottom_attach">5</property>
                 <property name="x_options">GTK_FILL</property>
               </packing>
             </child>
-- 
1.7.3.4

_______________________________________________
networkmanager-list mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/networkmanager-list

[PATCH 1/3] security: add the subject entry to peap and ttls

Reply via email to