rpms/gnome-shell
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix initial connections to WPA Enterprise access points (#699014)

Browse Source
This commit is contained in:
Dan Williams 2011-05-10 16:44:38 -05:00
parent d2811fa31e
commit d540c8ff83
5 changed files with 473 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
0001-network-fix-handling-of-AP-flags-and-enhance-for-802.patch Normal file
View File

@ -0,0 +1,80 @@
From 101a07a3d79223cc153a6c65f22acd76cbae4818 Mon Sep 17 00:00:00 2001
From: Dan Williams <dcbw@redhat.com>
Date: Tue, 3 May 2011 12:21:45 -0500
Subject: [PATCH 1/3] network: fix handling of AP flags and enhance for 802.1x
All WPA APs were getting set as WPA2 due to the check for privacy;
WPA/WPA2 APs *must* set the Privacy bit according to the standard,
so we'd never end up in the case for NMAccessPointSecurity.WPA.
Fix that, and also add flags for WPA[2] Enterprise which we'll
use a bit later for the first-time connect case for 802.1x enabled
access points.
---
js/ui/status/network.js | 38 +++++++++++++++++++++-----------------
1 files changed, 21 insertions(+), 17 deletions(-)
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
index bf8e272..6f0cdac 100644
--- a/js/ui/status/network.js
+++ b/js/ui/status/network.js
@@ -33,8 +33,10 @@ const NMAccessPointSecurity = {
UNKNOWN: 0,
NONE: 1,
WEP: 2,
- WPA: 3,
- WPA2: 4
+ WPA_PSK: 3,
+ WPA2_PSK: 4,
+ WPA_ENT: 5,
+ WPA2_ENT: 6
};
// small optimization, to avoid using [] all the time
@@ -1129,26 +1131,28 @@ NMDeviceWireless.prototype = {
_getApSecurityType: function(accessPoint) {
if (accessPoint._secType)
return accessPoint._secType;
- // XXX: have this checked by someone familiar with IEEE 802.1x
let flags = accessPoint.flags;
let wpa_flags = accessPoint.wpa_flags;
let rsn_flags = accessPoint.rsn_flags;
let type;
- if ( !(flags & NM80211ApFlags.PRIVACY)
- && (wpa_flags == NM80211ApSecurityFlags.NONE)
- && (rsn_flags == NM80211ApSecurityFlags.NONE))
- type = NMAccessPointSecurity.NONE;
- else if ( (flags & NM80211ApFlags.PRIVACY)
- && (wpa_flags == NM80211ApSecurityFlags.NONE)
- && (rsn_flags == NM80211ApSecurityFlags.NONE))
- type = NMAccessPointSecurity.WEP;
- else if ( !(flags & NM80211ApFlags.PRIVACY)
- && (wpa_flags != NM80211ApSecurity.NONE)
- && (rsn_flags != NM80211ApSecurity.NONE))
- type = NMAccessPointSecurity.WPA;
- else
- type = NMAccessPointSecurity.WPA2;
+ if (rsn_flags != NM80211ApSecurityFlags.NONE) {
+ /* RSN check first so that WPA+WPA2 APs are treated as RSN/WPA2 */
+ if (rsn_flags & NM80211ApSecurityFlags.KEY_MGMT_802_1X)
+ type = NMAccessPointSecurity.WPA2_ENT;
+ else if (rsn_flags & NM80211ApSecurityFlags.KEY_MGMT_PSK)
+ type = NMAccessPointSecurity.WPA2_PSK;
+ } else if (wpa_flags != NM80211ApSecurityFlags.NONE) {
+ if (wpa_flags & NM80211ApSecurityFlags.KEY_MGMT_802_1X)
+ type = NMAccessPointSecurity.WPA_ENT;
+ else if (wpa_flags & NM80211ApSecurityFlags.KEY_MGMT_PSK)
+ type = NMAccessPointSecurity.WPA_PSK;
+ } else {
+ if (flags & NM80211ApFlags.PRIVACY)
+ type = NMAccessPointSecurity.WEP;
+ else
+ type = NMAccessPointSecurity.NONE;
+ }
// cache the found value to avoid checking flags all the time
accessPoint._secType = type;
--
1.7.5

217
0001-network-simplify-connection-sorting-by-using-libnm-g.patch Normal file
View File

@ -0,0 +1,217 @@
From c31109800b3267df433841bff08c9383a5d669cb Mon Sep 17 00:00:00 2001
From: Dan Williams <dcbw@redhat.com>
Date: Mon, 25 Apr 2011 17:13:12 -0500
Subject: [PATCH] network: simplify connection sorting by using libnm-glib
functions
Instead of rolling our own code, use new libnm-glib functions to do
the same thing. Requires libnm-glib as of
779215c742bbe29a2c66202ec7e2e6d43edeb8ff (which will be part of 0.9).
Fixes https://bugzilla.gnome.org/show_bug.cgi?id=648648
---
configure.ac | 2 +-
js/ui/status/network.js | 104 +++--------------------------------------------
2 files changed, 7 insertions(+), 99 deletions(-)
diff --git a/configure.ac b/configure.ac
index 8449f07..abd4c25 100644
--- a/configure.ac
+++ b/configure.ac
@@ -100,7 +100,7 @@ AC_SUBST([GJS_VERSION], ["$GJS_VERSION"])
GOBJECT_INTROSPECTION_CHECK([$GOBJECT_INTROSPECTION_MIN_VERSION])
JHBUILD_TYPELIBDIR="$INTROSPECTION_TYPELIBDIR"
# NM is the only typelib we use that we don't jhbuild
-PKG_CHECK_EXISTS([libnm-glib >= 0.8.995],
+PKG_CHECK_EXISTS([libnm-glib >= 0.8.999],
[NM_TYPELIBDIR=`$PKG_CONFIG --variable=libdir libnm-glib`/girepository-1.0
if test "$INTROSPECTION_TYPELIBDIR" != "$NM_TYPELIBDIR"; then
JHBUILD_TYPELIBDIR="$JHBUILD_TYPELIBDIR:$NM_TYPELIBDIR"
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
index d56c0b1..bf8e272 100644
--- a/js/ui/status/network.js
+++ b/js/ui/status/network.js
@@ -505,7 +505,7 @@ NMDevice.prototype = {
},
connectionValid: function(connection) {
- throw new TypeError('Invoking pure virtual function NMDevice.connectionValid');
+ return this.device.connection_valid(connection);
},
setEnabled: function(enabled) {
@@ -723,17 +723,6 @@ NMDeviceWired.prototype = {
NMDevice.prototype._init.call(this, client, device, connections);
},
- connectionValid: function(connection) {
- if (connection._type != NetworkManager.SETTING_WIRED_SETTING_NAME)
- return false;
-
- let ethernetSettings = connection.get_setting_by_name(NetworkManager.SETTING_WIRED_SETTING_NAME);
- let fixedMac = ethernetSettings.get_mac_address();
- if (fixedMac)
- return macCompare(fixedMac, macToArray(this.device.perm_hw_address));
- return true;
- },
-
_createSection: function() {
NMDevice.prototype._createSection.call(this);
@@ -876,10 +865,6 @@ NMDeviceModem.prototype = {
NMDevice.prototype._clearSection.call(this);
},
- connectionValid: function(connection) {
- return connection._type == this._connectionType;
- },
-
_createAutomaticConnection: function() {
// FIXME: we need to summon the mobile wizard here
// or NM will not have the necessary parameters to complete the connection
@@ -913,18 +898,6 @@ NMDeviceBluetooth.prototype = {
NMDevice.prototype._init.call(this, client, device, connections);
},
- connectionValid: function(connection) {
- if (connection._type != NetworkManager.SETTING_BLUETOOTH_SETTING_NAME)
- return false;
-
- let bluetoothSettings = connection.get_setting_by_name(NetworkManager.SETTING_BLUETOOTH_SETTING_NAME);
- let fixedBdaddr = bluetoothSettings.get_bdaddr();
- if (fixedBdaddr)
- return macCompare(fixedBdaddr, macToArray(this.device.hw_address));
-
- return true;
- },
-
_createAutomaticConnection: function() {
let connection = new NetworkManager.Connection;
connection._uuid = NetworkManager.utils_uuid_generate();
@@ -1047,7 +1020,7 @@ NMDeviceWireless.prototype = {
// Check if some connection is valid for this AP
for (let j = 0; j < validConnections.length; j++) {
let connection = validConnections[j];
- if (this._connectionValidForAP(connection, ap) &&
+ if (ap.connection_valid(connection) &&
obj.connections.indexOf(connection) == -1) {
obj.connections.push(connection);
}
@@ -1121,7 +1094,7 @@ NMDeviceWireless.prototype = {
if (best) {
for (let i = 0; i < bestApObj.accessPoints.length; i++) {
let ap = bestApObj.accessPoints[i];
- if (this._connectionValidForAP(best, ap)) {
+ if (ap.connection_valid(best)) {
this._client.activate_connection(best, this.device, ap.dbus_path, null);
break;
}
@@ -1257,7 +1230,7 @@ NMDeviceWireless.prototype = {
// check if this enables new connections for this group
for (let i = 0; i < this._connections.length; i++) {
let connection = this._connections[i].connection;
- if (this._connectionValidForAP(connection, accessPoint) &&
+ if (accessPoint.connection_valid(connection) &&
apObj.connections.indexOf(connection) == -1) {
apObj.connections.push(connection);
}
@@ -1337,7 +1310,7 @@ NMDeviceWireless.prototype = {
item.connect('activate', Lang.bind(this, function() {
let accessPoints = sortAccessPoints(accessPointObj.accessPoints);
for (let i = 0; i < accessPoints.length; i++) {
- if (this._connectionValidForAP(connection, accessPoints[i])) {
+ if (accessPoints[i].connection_valid(connection)) {
this._client.activate_connection(connection, this.device, accessPoints[i].dbus_path, null);
break;
}
@@ -1346,40 +1319,6 @@ NMDeviceWireless.prototype = {
return item;
},
- connectionValid: function(connection) {
- if (connection._type != NetworkManager.SETTING_WIRELESS_SETTING_NAME)
- return false;
-
- let wirelessSettings = connection.get_setting_by_name(NetworkManager.SETTING_WIRELESS_SETTING_NAME);
- let wirelessSecuritySettings = connection.get_setting_by_name(NetworkManager.SETTING_WIRELESS_SECURITY_SETTING_NAME);
-
- let fixedMac = wirelessSettings.get_mac_address();
- if (fixedMac && !macCompare(fixedMac, macToArray(this.device.perm_hw_address)))
- return false;
-
- if (wirelessSecuritySettings &&
- wirelessSecuritySettings.key_mgmt != 'none' &&
- wirelessSecuritySettings.key_mgmt != 'ieee8021x') {
- let capabilities = this.device.wireless_capabilities;
- if (!(capabilities & NetworkManager.DeviceWifiCapabilities.WPA) ||
- !(capabilities & NetworkManager.DeviceWifiCapabilities.CIPHER_TKIP))
- return false;
- if (wirelessSecuritySettings.get_num_protos() == 1 &&
- wirelessSecuritySettings.get_proto(0) == 'rsn' &&
- !(capabilities & NetworkManager.DeviceWifiCapabilities.RSN))
- return false;
- if (wirelessSecuritySettings.get_num_pairwise() == 1 &&
- wirelessSecuritySettings.get_pairwise(0) == 'ccmp' &&
- !(capabilities & NetworkManager.DeviceWifiCapabilities.CIPHER_CCMP))
- return false;
- if (wirelessSecuritySettings.get_num_groups() == 1 &&
- wirelessSecuritySettings.get_group(0) == 'ccmp' &&
- !(capabilities & NetworkManager.DeviceWifiCapabilities.CIPHER_CCMP))
- return false;
- }
- return true;
- },
-
_clearSection: function() {
NMDevice.prototype._clearSection.call(this);
@@ -1463,7 +1402,7 @@ NMDeviceWireless.prototype = {
let any = false;
for (let k = 0; k < apObj.accessPoints.length; k++) {
let ap = apObj.accessPoints[k];
- if (this._connectionValidForAP(connection, ap)) {
+ if (ap.connection_valid(connection)) {
apObj.connections.push(connection);
any = true;
break;
@@ -1479,37 +1418,6 @@ NMDeviceWireless.prototype = {
}
},
- _connectionValidForAP: function(connection, ap) {
- // copied and adapted from nm-applet
- let wirelessSettings = connection.get_setting_by_name(NetworkManager.SETTING_WIRELESS_SETTING_NAME);
- if (!ssidCompare(wirelessSettings.get_ssid(), ap.get_ssid()))
- return false;
-
- let wirelessSecuritySettings = connection.get_setting_by_name(NetworkManager.SETTING_WIRELESS_SECURITY_SETTING_NAME);
-
- let fixedBssid = wirelessSettings.get_bssid();
- if (fixedBssid && !macCompare(fixedBssid, macToArray(ap.hw_address)))
- return false;
-
- let fixedBand = wirelessSettings.band;
- if (fixedBand) {
- let freq = ap.frequency;
- if (fixedBand == 'a' && (freq < 4915 || freq > 5825))
- return false;
- if (fixedBand == 'bg' && (freq < 2412 || freq > 2484))
- return false;
- }
-
- let fixedChannel = wirelessSettings.channel;
- if (fixedChannel && fixedChannel != NetworkManager.utils_wifi_freq_to_channel(ap.frequency))
- return false;
-
- if (!wirelessSecuritySettings)
- return true;
-
- return wirelessSettings.ap_security_compatible(wirelessSecuritySettings, ap.flags, ap.wpa_flags, ap.rsn_flags, ap.mode);
- },
-
_createActiveConnectionItem: function() {
let activeAp = this.device.active_access_point;
let icon, title;
--
1.7.5

73
0002-network-fix-initial-connections-to-WPA-2-Enterprise-.patch Normal file
View File

@ -0,0 +1,73 @@
From ae0652d13fc2d7caa3d64f2b87d174253cae5901 Mon Sep 17 00:00:00 2001
From: Dan Williams <dcbw@redhat.com>
Date: Tue, 3 May 2011 13:31:45 -0500
Subject: [PATCH 2/3] network: fix initial connections to WPA[2] Enterprise
APs
Call out to nm-applet to do the dirty work since the dialog of
doom is pretty complicated and we don't have a JS equivalent
of it for now.
Fixes https://bugzilla.gnome.org/show_bug.cgi?id=648171
---
js/ui/status/network.js | 29 +++++++++++++++++++++++++++--
1 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
index 6f0cdac..ca4facf 100644
--- a/js/ui/status/network.js
+++ b/js/ui/status/network.js
@@ -48,6 +48,16 @@ const NM80211ApSecurityFlags = NetworkManager['80211ApSecurityFlags'];
const NM80211ApFlags = NetworkManager['80211ApFlags'];
const NM80211ApSecurityFlags = NetworkManager['80211ApSecurityFlags'];
+const NMAppletHelperInterface = {
+ name: 'org.gnome.network_manager_applet',
+ methods: [
+ { name: 'ConnectToHiddenNetwork', inSignature: '', outSignature: '' },
+ { name: 'CreateWifiNetwork', inSignature: '', outSignature: '' },
+ { name: 'ConnectTo8021xNetwork', inSignature: 'oo', outSignature: '' }
+ ],
+};
+const NMAppletProxy = DBus.makeProxyClass(NMAppletHelperInterface);
+
function macToArray(string) {
return string.split(':').map(function(el) {
return parseInt(el, 16);
@@ -991,6 +1001,10 @@ NMDeviceWireless.prototype = {
this._overflowItem = null;
this._networks = [ ];
+ this._applet_proxy = new NMAppletProxy(DBus.session,
+ 'org.gnome.network_manager_applet',
+ '/org/gnome/network_manager_applet');
+
// breaking the layers with this, but cannot call
// this.connectionValid until I have a device
this.device = device;
@@ -1483,9 +1497,20 @@ NMDeviceWireless.prototype = {
apObj.item = new NMNetworkMenuItem(apObj.accessPoints);
apObj.item._apObj = apObj;
apObj.item.connect('activate', Lang.bind(this, function() {
- let connection = this._createAutomaticConnection(apObj);
let accessPoints = sortAccessPoints(apObj.accessPoints);
- this._client.add_and_activate_connection(connection, this.device, accessPoints[0].dbus_path, null)
+ if ( (accessPoints[0]._secType == NMAccessPointSecurity.WPA2_ENT)
+ || (accessPoints[0]._secType == NMAccessPointSecurity.WPA_ENT)) {
+ // 802.1x-enabled APs get handled by nm-applet for now...
+ this._applet_proxy.ConnectTo8021xNetworkRemote(this.device.get_path(),
+ accessPoints[0].dbus_path,
+ Lang.bind(this, function(results, err) {
+ if (err)
+ log(err);
+ }));
+ } else {
+ let connection = this._createAutomaticConnection(apObj);
+ this._client.add_and_activate_connection(connection, this.device, accessPoints[0].dbus_path, null)
+ }
}));
}
--
1.7.5

89
0003-network-request-that-nm-applet-show-the-mobile-broad.patch Normal file
View File

@ -0,0 +1,89 @@
From 5090a4ccce87643081138272fb8a2fe687f1ed0a Mon Sep 17 00:00:00 2001
From: Dan Williams <dcbw@redhat.com>
Date: Tue, 3 May 2011 14:48:10 -0500
Subject: [PATCH 3/3] network: request that nm-applet show the mobile
broadband wizard
Use nm-applet 0.8.999 API to call the mobile broadband wizard and
activate the new connection.
Fixes https://bugzilla.gnome.org/show_bug.cgi?id=649318
---
js/ui/status/network.js | 33 +++++++++++++++++----------------
1 files changed, 17 insertions(+), 16 deletions(-)
diff --git a/js/ui/status/network.js b/js/ui/status/network.js
index ca4facf..756b27f 100644
--- a/js/ui/status/network.js
+++ b/js/ui/status/network.js
@@ -53,7 +53,8 @@ const NMAppletHelperInterface = {
methods: [
{ name: 'ConnectToHiddenNetwork', inSignature: '', outSignature: '' },
{ name: 'CreateWifiNetwork', inSignature: '', outSignature: '' },
- { name: 'ConnectTo8021xNetwork', inSignature: 'oo', outSignature: '' }
+ { name: 'ConnectTo8021xNetwork', inSignature: 'oo', outSignature: '' },
+ { name: 'ConnectTo3gNetwork', inSignature: 'o', outSignature: '' }
],
};
const NMAppletProxy = DBus.makeProxyClass(NMAppletHelperInterface);
@@ -440,7 +441,8 @@ NMDevice.prototype = {
this._client.activate_connection(this._connections[0].connection, this.device, null, null);
} else if (this._autoConnectionName) {
let connection = this._createAutomaticConnection();
- this._client.add_and_activate_connection(connection, this.device, null, null);
+ if (connection)
+ this._client.add_and_activate_connection(connection, this.device, null, null);
}
},
@@ -620,7 +622,8 @@ NMDevice.prototype = {
this._autoConnectionItem = new PopupMenu.PopupMenuItem(this._autoConnectionName);
this._autoConnectionItem.connect('activate', Lang.bind(this, function() {
let connection = this._createAutomaticConnection();
- this._client.add_and_activate_connection(connection, this.device, null, null);
+ if (connection)
+ this._client.add_and_activate_connection(connection, this.device, null, null);
}));
this.section.addMenuItem(this._autoConnectionItem);
}
@@ -777,6 +780,10 @@ NMDeviceModem.prototype = {
this.mobileDevice = null;
this._connectionType = 'ppp';
+ this._applet_proxy = new NMAppletProxy(DBus.session,
+ 'org.gnome.network_manager_applet',
+ '/org/gnome/network_manager_applet');
+
this._capabilities = device.current_capabilities;
if (this._capabilities & NetworkManager.DeviceModemCapabilities.GSM_UMTS) {
is_wwan = true;
@@ -878,19 +885,13 @@ NMDeviceModem.prototype = {
},
_createAutomaticConnection: function() {
- // FIXME: we need to summon the mobile wizard here
- // or NM will not have the necessary parameters to complete the connection
- // pending a DBus method on nm-applet
-
- let connection = new NetworkManager.Connection;
- connection._uuid = NetworkManager.utils_uuid_generate();
- connection.add_setting(new NetworkManager.SettingConnection({
- uuid: connection._uuid,
- id: this._autoConnectionName,
- type: this._connectionType,
- autoconnect: false
- }));
- return connection;
+ // Mobile wizard is handled by nm-applet for now...
+ this._applet_proxy.ConnectTo3gNetworkRemote(this.device.get_path(),
+ Lang.bind(this, function(results, err) {
+ if (err)
+ log(err);
+ }));
+ return null;
}
};
--
1.7.5

15
gnome-shell.spec
View File

@ -1,6 +1,6 @@
Name: gnome-shell
Version: 3.0.1
Release: 3%{?dist}
Release: 4%{?dist}
Summary: Window management and application launching for GNOME
Group: User Interface/Desktops
@ -13,6 +13,11 @@ Patch0: gnome-shell-avoid-redhat-menus.patch
# https://bugzilla.gnome.org/show_bug.cgi?id=648739
Patch1: appDisplay-Fix-off-by-one-when-incrementally-adding-.patch
Patch2: 0001-network-simplify-connection-sorting-by-using-libnm-g.patch
Patch3: 0001-network-fix-handling-of-AP-flags-and-enhance-for-802.patch
Patch4: 0002-network-fix-initial-connections-to-WPA-2-Enterprise-.patch
Patch5: 0003-network-request-that-nm-applet-show-the-mobile-broad.patch
%define clutter_version 1.4.0
%define gobject_introspection_version 0.10.1
%define mutter_version 3.0.0
@ -83,6 +88,10 @@ easy to use experience.
%setup -q
%patch0 -p1 -b .avoid-redhat-menus
%patch1 -p1 -b .duplicate-apps
%patch2 -p1 -b .connection-sorting
%patch3 -p1 -b .apflags
%patch4 -p1 -b .wpa-enterprise
%patch5 -p1 -b .mobile-broadband
%build
(if ! test -x configure; then NOCONFIGURE=1 ./autogen.sh; fi;
@ -142,6 +151,10 @@ gconftool-2 --makefile-install-rule \
glib-compile-schemas --allow-any-name %{_datadir}/glib-2.0/schemas ||:
%changelog
* Tue May 10 2011 Dan Williams <dcbw@redhat.com> - 3.0.1-4
- Fix initial connections to WPA Enterprise access points (#699014)
- Fix initial connections to mobile broadband networks
* Thu Apr 28 2011 Dan Horák <dan[at]danny.cz> - 3.0.1-3
- no bluetooth on s390(x)