Bugzilla – Attachment 142438 Details for
Bug 216063
Add phase2 auth support to [k]networkmanager
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
[patch]
Add phase2 support to NM (core)
nm-wpa_phase2.patch (text/plain), 9.29 KB, created by
Stefan Brüns
on 2007-05-27 13:49:00 UTC
(
hide
)
Description:
Add phase2 support to NM (core)
Filename:
MIME Type:
Creator:
Stefan Brüns
Created:
2007-05-27 13:49:00 UTC
Size:
9.29 KB
patch
obsolete
>--- branches/NETWORKMANAGER_0_6_0_RELEASE/include/NetworkManager.h 2006/10/21 03:41:19 2072 >+++ branches/NETWORKMANAGER_0_6_0_RELEASE/include/NetworkManager.h 2007/02/03 19:24:38 2277 >@@ -122,6 +122,17 @@ > #define NM_AUTH_TYPE_WPA_EAP 0x00000020 > #define NM_AUTH_TYPE_LEAP 0x00000040 > >+ >+/* >+ * EAP Method in libnm-util is a bitfield of (EAP Method) | (Phase2 Method) >+ */ >+ >+#define NM_EAP_METHOD_MASK 0x0000ffff >+#define NM_PHASE2_METHOD_MASK 0xffff0000 >+ >+#define NM_EAP_TO_EAP_METHOD(eap) (eap & NM_EAP_METHOD_MASK) >+#define NM_EAP_TO_PHASE2_METHOD(eap) (eap & NM_PHASE2_METHOD_MASK) >+ > /* > * EAP Methods > */ >@@ -134,6 +145,16 @@ > #define NM_EAP_METHOD_TTLS 0x00000040 /* EAP-TTLS */ > > /* >+ * Phase2 Methods >+ */ >+#define NM_PHASE2_AUTH_NONE 0x00000000 >+#define NM_PHASE2_AUTH_PAP 0x00010000 >+#define NM_PHASE2_AUTH_MSCHAP 0x00020000 >+#define NM_PHASE2_AUTH_MSCHAPV2 0x00030000 >+#define NM_PHASE2_AUTH_GTC 0x00040000 >+ >+ >+/* > * Wireless network update types > */ > typedef enum >--- branches/NETWORKMANAGER_0_6_0_RELEASE/libnm-util/dbus-helpers.c 2006/10/21 03:41:19 2072 >+++ branches/NETWORKMANAGER_0_6_0_RELEASE/libnm-util/dbus-helpers.c 2007/02/03 19:24:38 2277 >@@ -259,15 +259,25 @@ > const char *ca_cert_file, > int wpa_version) > { >+ dbus_int32_t eap; >+ dbus_int32_t phase2; >+ > g_return_val_if_fail (iter != NULL, FALSE); > g_return_val_if_fail ((wpa_version == IW_AUTH_WPA_VERSION_WPA) || (wpa_version == IW_AUTH_WPA_VERSION_WPA2), FALSE); >- g_return_val_if_fail ((eap_method == NM_EAP_METHOD_MD5) >- || (eap_method == NM_EAP_METHOD_MSCHAP) >- || (eap_method == NM_EAP_METHOD_OTP) >- || (eap_method == NM_EAP_METHOD_GTC) >- || (eap_method == NM_EAP_METHOD_PEAP) >- || (eap_method == NM_EAP_METHOD_TLS) >- || (eap_method == NM_EAP_METHOD_TTLS), FALSE); >+ eap = NM_EAP_TO_EAP_METHOD(eap_method); >+ g_return_val_if_fail ((eap == NM_EAP_METHOD_MD5) >+ || (eap == NM_EAP_METHOD_MSCHAP) >+ || (eap == NM_EAP_METHOD_OTP) >+ || (eap == NM_EAP_METHOD_GTC) >+ || (eap == NM_EAP_METHOD_PEAP) >+ || (eap == NM_EAP_METHOD_TLS) >+ || (eap == NM_EAP_METHOD_TTLS), FALSE); >+ phase2 = NM_EAP_TO_PHASE2_METHOD(eap_method); >+ g_return_val_if_fail ((phase2 == NM_PHASE2_AUTH_NONE) >+ || (phase2 == NM_PHASE2_AUTH_PAP) >+ || (phase2 == NM_PHASE2_AUTH_MSCHAP) >+ || (phase2 == NM_PHASE2_AUTH_MSCHAPV2) >+ || (phase2 == NM_PHASE2_AUTH_GTC), FALSE); > g_return_val_if_fail ((key_type == NM_AUTH_TYPE_WPA_PSK_AUTO) > || (key_type == IW_AUTH_CIPHER_CCMP) > || (key_type == IW_AUTH_CIPHER_TKIP) >@@ -323,24 +333,13 @@ > dbus_bool_t result; > > g_return_val_if_fail (iter != NULL, FALSE); >- g_return_val_if_fail ((wpa_version == IW_AUTH_WPA_VERSION_WPA) || (wpa_version == IW_AUTH_WPA_VERSION_WPA2), FALSE); >- g_return_val_if_fail ((eap_method == NM_EAP_METHOD_MD5) >- || (eap_method == NM_EAP_METHOD_MSCHAP) >- || (eap_method == NM_EAP_METHOD_OTP) >- || (eap_method == NM_EAP_METHOD_GTC) >- || (eap_method == NM_EAP_METHOD_PEAP) >- || (eap_method == NM_EAP_METHOD_TLS) >- || (eap_method == NM_EAP_METHOD_TTLS), FALSE); >- g_return_val_if_fail ((key_type == NM_AUTH_TYPE_WPA_PSK_AUTO) >- || (key_type == IW_AUTH_CIPHER_CCMP) >- || (key_type == IW_AUTH_CIPHER_TKIP) >- || (key_type == IW_AUTH_CIPHER_WEP104), FALSE); >+ /* validity of remaining arguments is checked in nmu_security_serialize_wpa_eap() which we call below */ > > /* First arg: WE Cipher (INT32) */ > we_cipher_append_helper (iter, NM_AUTH_TYPE_WPA_EAP); > >- result = nmu_security_serialize_wpa_eap (iter, eap_method, key_type, identity, passwd, anon_identity, private_key_passwd, >- private_key_file, client_cert_file, ca_cert_file, wpa_version); >+ result = nmu_security_serialize_wpa_eap (iter, eap_method, key_type, identity, passwd, anon_identity, >+ private_key_passwd, private_key_file, client_cert_file, ca_cert_file, wpa_version); > > return result; > } >@@ -370,6 +369,8 @@ > char * dbus_ca_cert_file; > dbus_int32_t dbus_wpa_version; > dbus_int32_t dbus_eap_method; >+ dbus_int32_t dbus_eap; >+ dbus_int32_t dbus_phase2; > dbus_int32_t dbus_key_type; > > g_return_val_if_fail (iter != NULL, FALSE); >@@ -392,15 +393,23 @@ > g_return_val_if_fail (wpa_version != NULL, FALSE); > > /* Second arg: EAP method (INT32) */ >+ /* Hack: this is really a bitfield of EAP method and phase2 method */ > g_return_val_if_fail (dbus_message_iter_get_arg_type (iter) == DBUS_TYPE_INT32, FALSE); > dbus_message_iter_get_basic (iter, &dbus_eap_method); >- g_return_val_if_fail ((dbus_eap_method == NM_EAP_METHOD_MD5) >- || (dbus_eap_method == NM_EAP_METHOD_MSCHAP) >- || (dbus_eap_method == NM_EAP_METHOD_OTP) >- || (dbus_eap_method == NM_EAP_METHOD_GTC) >- || (dbus_eap_method == NM_EAP_METHOD_PEAP) >- || (dbus_eap_method == NM_EAP_METHOD_TLS) >- || (dbus_eap_method == NM_EAP_METHOD_TTLS), FALSE); >+ dbus_eap = NM_EAP_TO_EAP_METHOD(dbus_eap_method); >+ g_return_val_if_fail ((dbus_eap == NM_EAP_METHOD_MD5) >+ || (dbus_eap == NM_EAP_METHOD_MSCHAP) >+ || (dbus_eap == NM_EAP_METHOD_OTP) >+ || (dbus_eap == NM_EAP_METHOD_GTC) >+ || (dbus_eap == NM_EAP_METHOD_PEAP) >+ || (dbus_eap == NM_EAP_METHOD_TLS) >+ || (dbus_eap == NM_EAP_METHOD_TTLS), FALSE); >+ dbus_phase2 = NM_EAP_TO_PHASE2_METHOD(dbus_eap_method); >+ g_return_val_if_fail ((dbus_phase2 == NM_PHASE2_AUTH_NONE) >+ || (dbus_phase2 == NM_PHASE2_AUTH_PAP) >+ || (dbus_phase2 == NM_PHASE2_AUTH_MSCHAP) >+ || (dbus_phase2 == NM_PHASE2_AUTH_MSCHAPV2) >+ || (dbus_phase2 == NM_PHASE2_AUTH_GTC), FALSE); > > /* Third arg: Key type (INT32) */ > g_return_val_if_fail (dbus_message_iter_next (iter), FALSE); >--- branches/NETWORKMANAGER_0_6_0_RELEASE/src/nm-ap-security-wpa-eap.c 2006/08/14 03:26:07 1955 >+++ branches/NETWORKMANAGER_0_6_0_RELEASE/src/nm-ap-security-wpa-eap.c 2007/02/03 19:24:38 2277 >@@ -38,6 +38,7 @@ > { > int eap_method; > int key_type; >+ int phase2_type; > int wpa_version; > int key_mgmt; > char * identity; >@@ -56,6 +57,7 @@ > NMAPSecurityWPA_EAP * security = NULL; > int eap_method; > int key_type; >+ int phase2_type; > int wpa_version; > char * identity = NULL; > char * passwd = NULL; >@@ -77,8 +79,9 @@ > nm_ap_security_set_we_cipher (NM_AP_SECURITY (security), NM_AUTH_TYPE_WPA_EAP); > if ((private_key_passwd && strlen (private_key_passwd) > 0) || (passwd && strlen (passwd) > 0)) > nm_ap_security_set_key (NM_AP_SECURITY (security), "FIXME", 5); >- security->priv->eap_method = eap_method; > security->priv->key_type = key_type; >+ security->priv->eap_method = NM_EAP_TO_EAP_METHOD (eap_method); >+ security->priv->phase2_type = NM_EAP_TO_PHASE2_METHOD (eap_method); > security->priv->wpa_version = wpa_version; > security->priv->key_mgmt = IW_AUTH_KEY_MGMT_802_1X; > security->priv->identity = g_strdup (identity); >@@ -132,7 +135,7 @@ > NMAPSecurityWPA_EAP * self = NM_AP_SECURITY_WPA_EAP (instance); > > if (!nmu_security_serialize_wpa_eap (iter, >- self->priv->eap_method, >+ self->priv->eap_method | self->priv->phase2_type, > self->priv->key_type, > self->priv->identity ? : "", > self->priv->passwd ? : "", >@@ -185,6 +188,7 @@ > int key_mgmt = self->priv->key_mgmt; > int eap_method = self->priv->eap_method; > int key_type = self->priv->key_type; >+ int phase2_type = self->priv->phase2_type; > > g_return_val_if_fail (nm_ap_security_get_we_cipher (instance) == NM_AUTH_TYPE_WPA_EAP, FALSE); > g_return_val_if_fail (key_mgmt == IW_AUTH_KEY_MGMT_802_1X, FALSE); >@@ -201,6 +205,11 @@ > || (key_type == IW_AUTH_CIPHER_CCMP) > || (key_type == IW_AUTH_CIPHER_TKIP) > || (key_type == IW_AUTH_CIPHER_WEP104), FALSE); >+ g_return_val_if_fail ((phase2_type == NM_PHASE2_AUTH_NONE) >+ || (phase2_type == NM_PHASE2_AUTH_PAP) >+ || (phase2_type == NM_PHASE2_AUTH_MSCHAP) >+ || (phase2_type == NM_PHASE2_AUTH_MSCHAPV2) >+ || (phase2_type == NM_PHASE2_AUTH_GTC), FALSE); > > /* WPA-EAP network setup */ > >@@ -227,6 +236,29 @@ > goto out; > } > >+ /* phase2 options can be used with Dynamic WEP, WPA-EAP-TTLS, WPA-EAP-PEAP */ >+ /* do nothing if phase2 == NM_PHASE2_AUTH_NONE */ >+ if (phase2_type == NM_PHASE2_AUTH_PAP) >+ { >+ if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, "SET_NETWORK %i phase2 \"auth=PAP\"", nwid)) >+ goto out; >+ } >+ if (phase2_type == NM_PHASE2_AUTH_MSCHAP) >+ { >+ if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, "SET_NETWORK %i phase2 \"auth=MSCHAP\"", nwid)) >+ goto out; >+ } >+ if (phase2_type == NM_PHASE2_AUTH_MSCHAPV2) >+ { >+ if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, "SET_NETWORK %i phase2 \"auth=MSCHAPV2\"", nwid)) >+ goto out; >+ } >+ if (phase2_type == NM_PHASE2_AUTH_GTC) >+ { >+ if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, "SET_NETWORK %i phase2 \"auth=GTC\"", nwid)) >+ goto out; >+ } >+ > if (!nm_utils_supplicant_request_with_check (ctrl, "OK", __func__, NULL, "SET_NETWORK %i eap %s", nwid, get_eap_method (eap_method))) > goto out; > >@@ -336,6 +368,7 @@ > > dst->priv->eap_method = self->priv->eap_method; > dst->priv->key_type = self->priv->key_type; >+ dst->priv->phase2_type = self->priv->phase2_type; > dst->priv->wpa_version = self->priv->wpa_version; > dst->priv->key_mgmt = self->priv->key_mgmt; > dst->priv->identity = g_strdup (self->priv->identity);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=142438">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 216063
: 142438 |
142439
|
142440
|
142539