diff --git a/CMakeLists.txt b/CMakeLists.txt index fe5dffe9..8bab052c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,133 +1,133 @@ cmake_minimum_required(VERSION 3.0) project(plasma-networkmanagement) set(PROJECT_VERSION "5.17.80") set(PROJECT_VERSION_MAJOR 5) set(QT_MIN_VERSION "5.12.0") set(KF5_MIN_VERSION "5.62.0") ################# set KDE specific information ################# find_package(ECM ${KF5_MIN_VERSION} REQUIRED NO_MODULE) set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${ECM_MODULE_PATH} ${ECM_KDE_MODULE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/cmake) include(KDEInstallDirs) include(KDECMakeSettings) include(KDECompilerSettings NO_POLICY_SCOPE) include(KDEClangFormat) include(ECMQMLModules) include(FeatureSummary) find_package(Qt5 ${QT_MIN_VERSION} CONFIG REQUIRED COMPONENTS Core DBus Network Quick QuickWidgets Widgets ) find_package(KF5 ${KF5_MIN_VERSION} REQUIRED ConfigWidgets Completion CoreAddons Declarative DBusAddons KIO I18n IconThemes NetworkManagerQt Notifications Plasma Service Solid Wallet WidgetsAddons WindowSystem ) find_package(KF5ModemManagerQt ${KF5_MIN_VERSION}) set_package_properties(KF5ModemManagerQt PROPERTIES TYPE OPTIONAL) ecm_find_qmlmodule(org.kde.prison 1.0) if (BUILD_MOBILE) find_package(KF5Kirigami2 ${KF5_MIN_VERSION} CONFIG) set_package_properties(KF5Kirigami2 PROPERTIES DESCRIPTION "A QtQuick based components set" PURPOSE "Required at runtime by the mobile KCMs" TYPE RUNTIME ) endif() # Required only for getting information about NetworkManager version in CMake find_package(NetworkManager 1.4.0) set_package_properties(NetworkManager PROPERTIES TYPE REQUIRED) find_package(MobileBroadbandProviderInfo) set_package_properties(MobileBroadbandProviderInfo PROPERTIES DESCRIPTION "Database of mobile broadband service providers" - URL "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders" + URL "https://wiki.gnome.org/action/show/Projects/NetworkManager/MobileBroadband/ServiceProviders" TYPE OPTIONAL) find_package(Qca-qt5 2.1.0) set_package_properties(Qca-qt5 PROPERTIES DESCRIPTION "Support for encryption" - URL "http://download.kde.org/stable/qca-qt5/" + URL "https://download.kde.org/stable/qca-qt5/" TYPE REQUIRED) find_package(KF5Prison ${KF5_MIN_VERSION}) set_package_properties(KF5Prison PROPERTIES DESCRIPTION "Prison library" - URL "http://projects.kde.org/prison" + URL "https://commits.kde.org/prison" TYPE RUNTIME PURPOSE "Needed to create mobile barcodes for WiFi networks" ) if (DISABLE_MODEMMANAGER_SUPPORT) message(STATUS "Disabling ModemManager support") set(WITH_MODEMMANAGER_SUPPORT 0) else() if (KF5ModemManagerQt_FOUND) message(STATUS "Enabling ModemManager support") set(WITH_MODEMMANAGER_SUPPORT 1) else() message(STATUS "ModemManager or ModemManagerQt not found") set(WITH_MODEMMANAGER_SUPPORT 0) endif() endif() add_definitions(-DQT_DISABLE_DEPRECATED_BEFORE=0) add_definitions(-DQT_USE_FAST_OPERATOR_PLUS) add_definitions(-DQT_NO_URL_CAST_FROM_STRING) remove_definitions(-DQT_NO_CAST_FROM_ASCII -DQT_NO_CAST_FROM_BYTEARRAY) add_definitions(-DWITH_MODEMMANAGER_SUPPORT=${WITH_MODEMMANAGER_SUPPORT}) include_directories(${CMAKE_CURRENT_SOURCE_DIR}/libs ${CMAKE_CURRENT_SOURCE_DIR}/libs/editor/) add_subdirectory(applet) add_subdirectory(kded) add_subdirectory(kcm) add_subdirectory(libs) add_subdirectory(vpn) if (BUILD_MOBILE) add_subdirectory(mobile) endif() # Enable unit testing if (BUILD_TESTING) add_subdirectory(tests) endif() # add clang-format target for all our real source files file(GLOB_RECURSE ALL_CLANG_FORMAT_SOURCE_FILES *.cpp *.h) kde_clang_format(${ALL_CLANG_FORMAT_SOURCE_FILES}) feature_summary(WHAT ALL INCLUDE_QUIET_PACKAGES FATAL_ON_MISSING_REQUIRED_PACKAGES) diff --git a/libs/editor/settings/security802-1x.cpp b/libs/editor/settings/security802-1x.cpp index 7286fdb2..de5a6a64 100644 --- a/libs/editor/settings/security802-1x.cpp +++ b/libs/editor/settings/security802-1x.cpp @@ -1,638 +1,638 @@ /* Copyright (c) 2013 Lukas Tinkl This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) version 3, or any later version accepted by the membership of KDE e.V. (or its successor approved by the membership of KDE e.V.), which shall act as a proxy defined in Section 6 of version 3 of the license. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library. If not, see . */ #include "security802-1x.h" #include "ui_802-1x.h" #include "editlistdialog.h" #include "listvalidator.h" #include #include #include Security8021x::Security8021x(const NetworkManager::Setting::Ptr &setting, bool wifiMode, QWidget *parent, Qt::WindowFlags f) : SettingWidget(setting, parent, f) , m_ui(new Ui::Security8021x) { m_setting = setting.staticCast(); m_ui->setupUi(this); m_ui->fastPassword->setPasswordOptionsEnabled(true); m_ui->leapPassword->setPasswordOptionsEnabled(true); m_ui->md5Password->setPasswordOptionsEnabled(true); m_ui->peapPassword->setPasswordOptionsEnabled(true); m_ui->pwdPassword->setPasswordOptionsEnabled(true); m_ui->tlsPrivateKeyPassword->setPasswordOptionsEnabled(true); m_ui->ttlsPassword->setPasswordOptionsEnabled(true); if (wifiMode) { m_ui->auth->removeItem(0); // MD 5 m_ui->stackedWidget->removeWidget(m_ui->md5Page); m_ui->auth->setItemData(0, NetworkManager::Security8021xSetting::EapMethodTls); m_ui->auth->setItemData(1, NetworkManager::Security8021xSetting::EapMethodLeap); m_ui->auth->setItemData(2, NetworkManager::Security8021xSetting::EapMethodPwd); m_ui->auth->setItemData(3, NetworkManager::Security8021xSetting::EapMethodFast); m_ui->auth->setItemData(4, NetworkManager::Security8021xSetting::EapMethodTtls); m_ui->auth->setItemData(5, NetworkManager::Security8021xSetting::EapMethodPeap); } else { m_ui->auth->removeItem(2); // LEAP m_ui->stackedWidget->removeWidget(m_ui->leapPage); m_ui->auth->setItemData(0, NetworkManager::Security8021xSetting::EapMethodMd5); m_ui->auth->setItemData(1, NetworkManager::Security8021xSetting::EapMethodTls); m_ui->auth->setItemData(2, NetworkManager::Security8021xSetting::EapMethodPwd); m_ui->auth->setItemData(3, NetworkManager::Security8021xSetting::EapMethodFast); m_ui->auth->setItemData(4, NetworkManager::Security8021xSetting::EapMethodTtls); m_ui->auth->setItemData(5, NetworkManager::Security8021xSetting::EapMethodPeap); } // Set PEAP authentication as default m_ui->auth->setCurrentIndex(m_ui->auth->findData(NetworkManager::Security8021xSetting::EapMethodPeap)); connect(m_ui->btnTlsAltSubjectMatches, &QPushButton::clicked, this, &Security8021x::altSubjectMatchesButtonClicked); connect(m_ui->btnTlsConnectToServers, &QPushButton::clicked, this, &Security8021x::connectToServersButtonClicked); // Connect for setting check watchChangedSetting(); // Connect for validity check connect(m_ui->auth, QOverload::of(&KComboBox::currentIndexChanged), this, &Security8021x::slotWidgetChanged); connect(m_ui->md5UserName, &KLineEdit::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->md5Password, &PasswordField::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->md5Password, &PasswordField::passwordOptionChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->tlsIdentity, &KLineEdit::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->tlsCACert, &KUrlRequester::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->tlsUserCert, &KUrlRequester::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->tlsPrivateKey, &KUrlRequester::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->tlsPrivateKeyPassword, &PasswordField::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->tlsPrivateKeyPassword, &PasswordField::passwordOptionChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->leapUsername, &KLineEdit::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->leapPassword, &PasswordField::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->leapPassword, &PasswordField::passwordOptionChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->fastAllowPacProvisioning, &QCheckBox::stateChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->pacFile, &KUrlRequester::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->pwdUsername, &KLineEdit::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->pwdPassword, &PasswordField::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->fastUsername, &KLineEdit::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->fastPassword, &PasswordField::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->fastPassword, &PasswordField::passwordOptionChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->ttlsCACert, &KUrlRequester::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->ttlsUsername, &KLineEdit::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->ttlsPassword, &PasswordField::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->ttlsPassword, &PasswordField::passwordOptionChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->peapCACert, &KUrlRequester::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->peapUsername, &KLineEdit::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->peapPassword, &PasswordField::textChanged, this, &Security8021x::slotWidgetChanged); connect(m_ui->peapPassword, &PasswordField::passwordOptionChanged, this, &Security8021x::slotWidgetChanged); KAcceleratorManager::manage(this); connect(m_ui->stackedWidget, &QStackedWidget::currentChanged, this, &Security8021x::currentAuthChanged); altSubjectValidator = new QRegExpValidator(QRegExp(QLatin1String("^(DNS:[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_.-]+|EMAIL:[a-zA-Z0-9._-]+@[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_.-]+|URI:[a-zA-Z0-9.+-]+:.+|)$")), this); serversValidator = new QRegExpValidator(QRegExp(QLatin1String("^[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_.-]+$")), this); ListValidator *altSubjectListValidator = new ListValidator(this); altSubjectListValidator->setInnerValidator(altSubjectValidator); m_ui->leTlsSubjectMatch->setValidator(altSubjectListValidator); ListValidator *serverListValidator = new ListValidator(this); serverListValidator->setInnerValidator(serversValidator); m_ui->leTlsConnectToServers->setValidator(serverListValidator); if (setting) { loadConfig(setting); } } Security8021x::~Security8021x() { delete m_ui; } void Security8021x::loadConfig(const NetworkManager::Setting::Ptr &setting) { NetworkManager::Security8021xSetting::Ptr securitySetting = setting.staticCast(); const QList eapMethods = securitySetting->eapMethods(); const NetworkManager::Security8021xSetting::AuthMethod phase2AuthMethod = securitySetting->phase2AuthMethod(); if (eapMethods.contains(NetworkManager::Security8021xSetting::EapMethodMd5)) { m_ui->auth->setCurrentIndex(m_ui->auth->findData(NetworkManager::Security8021xSetting::EapMethodMd5)); m_ui->md5UserName->setText(securitySetting->identity()); if (securitySetting->passwordFlags().testFlag(NetworkManager::Setting::None)) { m_ui->md5Password->setPasswordOption(PasswordField::StoreForAllUsers); } else if (securitySetting->passwordFlags().testFlag(NetworkManager::Setting::AgentOwned)) { m_ui->md5Password->setPasswordOption(PasswordField::StoreForUser); } else { m_ui->md5Password->setPasswordOption(PasswordField::AlwaysAsk); } } else if (eapMethods.contains(NetworkManager::Security8021xSetting::EapMethodTls)) { QStringList servers; m_ui->auth->setCurrentIndex(m_ui->auth->findData(NetworkManager::Security8021xSetting::EapMethodTls)); m_ui->tlsIdentity->setText(securitySetting->identity()); m_ui->tlsDomain->setText(securitySetting->domainSuffixMatch()); m_ui->tlsUserCert->setUrl(QUrl::fromLocalFile(securitySetting->clientCertificate())); m_ui->tlsCACert->setUrl(QUrl::fromLocalFile(securitySetting->caCertificate())); m_ui->leTlsSubjectMatch->setText(securitySetting->subjectMatch()); m_ui->leTlsAlternativeSubjectMatches->setText(securitySetting->altSubjectMatches().join(QLatin1String(", "))); for (const QString &match : securitySetting->altSubjectMatches()) { if (match.startsWith(QLatin1String("DNS:"))) { servers.append(match.right(match.length()-4)); } } m_ui->leTlsConnectToServers->setText(servers.join(QLatin1String(", "))); m_ui->tlsPrivateKey->setUrl(QUrl::fromLocalFile(securitySetting->privateKey())); if (securitySetting->passwordFlags().testFlag(NetworkManager::Setting::None)) { m_ui->tlsPrivateKeyPassword->setPasswordOption(PasswordField::StoreForAllUsers); } else if (securitySetting->passwordFlags().testFlag(NetworkManager::Setting::AgentOwned)) { m_ui->tlsPrivateKeyPassword->setPasswordOption(PasswordField::StoreForUser); } else { m_ui->tlsPrivateKeyPassword->setPasswordOption(PasswordField::AlwaysAsk); } } else if (eapMethods.contains(NetworkManager::Security8021xSetting::EapMethodLeap)) { m_ui->auth->setCurrentIndex(m_ui->auth->findData(NetworkManager::Security8021xSetting::EapMethodLeap)); m_ui->leapUsername->setText(securitySetting->identity()); if (securitySetting->passwordFlags().testFlag(NetworkManager::Setting::None)) { m_ui->leapPassword->setPasswordOption(PasswordField::StoreForAllUsers); } else if (securitySetting->passwordFlags().testFlag(NetworkManager::Setting::AgentOwned)) { m_ui->leapPassword->setPasswordOption(PasswordField::StoreForUser); } else { m_ui->leapPassword->setPasswordOption(PasswordField::AlwaysAsk); } } else if (eapMethods.contains(NetworkManager::Security8021xSetting::EapMethodPwd)) { m_ui->auth->setCurrentIndex(m_ui->auth->findData(NetworkManager::Security8021xSetting::EapMethodPwd)); m_ui->pwdUsername->setText(securitySetting->identity()); if (securitySetting->passwordFlags().testFlag(NetworkManager::Setting::None)) { m_ui->pwdPassword->setPasswordOption(PasswordField::StoreForAllUsers); } else if (securitySetting->passwordFlags().testFlag(NetworkManager::Setting::AgentOwned)) { m_ui->pwdPassword->setPasswordOption(PasswordField::StoreForUser); } else { m_ui->pwdPassword->setPasswordOption(PasswordField::AlwaysAsk); } } else if (eapMethods.contains(NetworkManager::Security8021xSetting::EapMethodFast)) { m_ui->auth->setCurrentIndex(m_ui->auth->findData(NetworkManager::Security8021xSetting::EapMethodFast)); m_ui->fastAnonIdentity->setText(securitySetting->anonymousIdentity()); m_ui->fastAllowPacProvisioning->setChecked((int)securitySetting->phase1FastProvisioning() > 0); m_ui->pacMethod->setCurrentIndex(securitySetting->phase1FastProvisioning() - 1); m_ui->pacFile->setUrl(QUrl::fromLocalFile(securitySetting->pacFile())); if (phase2AuthMethod == NetworkManager::Security8021xSetting::AuthMethodGtc) { m_ui->fastInnerAuth->setCurrentIndex(0); } else { m_ui->fastInnerAuth->setCurrentIndex(1); } m_ui->fastUsername->setText(securitySetting->identity()); if (securitySetting->passwordFlags().testFlag(NetworkManager::Setting::None)) { m_ui->fastPassword->setPasswordOption(PasswordField::StoreForAllUsers); } else if (securitySetting->passwordFlags().testFlag(NetworkManager::Setting::AgentOwned)) { m_ui->fastPassword->setPasswordOption(PasswordField::StoreForUser); } else { m_ui->fastPassword->setPasswordOption(PasswordField::AlwaysAsk); } } else if (eapMethods.contains(NetworkManager::Security8021xSetting::EapMethodTtls)) { m_ui->auth->setCurrentIndex(m_ui->auth->findData(NetworkManager::Security8021xSetting::EapMethodTtls)); m_ui->ttlsAnonIdentity->setText(securitySetting->anonymousIdentity()); m_ui->ttlsDomain->setText(securitySetting->domainSuffixMatch()); m_ui->ttlsCACert->setUrl(QUrl::fromLocalFile(securitySetting->caCertificate())); if (phase2AuthMethod == NetworkManager::Security8021xSetting::AuthMethodPap) { m_ui->ttlsInnerAuth->setCurrentIndex(0); } else if (phase2AuthMethod == NetworkManager::Security8021xSetting::AuthMethodMschap) { m_ui->ttlsInnerAuth->setCurrentIndex(1); } else if (phase2AuthMethod == NetworkManager::Security8021xSetting::AuthMethodMschapv2) { m_ui->ttlsInnerAuth->setCurrentIndex(2); } else if (phase2AuthMethod == NetworkManager::Security8021xSetting::AuthMethodChap) { m_ui->ttlsInnerAuth->setCurrentIndex(3); } m_ui->ttlsUsername->setText(securitySetting->identity()); if (securitySetting->passwordFlags().testFlag(NetworkManager::Setting::None)) { m_ui->ttlsPassword->setPasswordOption(PasswordField::StoreForAllUsers); } else if (securitySetting->passwordFlags().testFlag(NetworkManager::Setting::AgentOwned)) { m_ui->ttlsPassword->setPasswordOption(PasswordField::StoreForUser); } else { m_ui->ttlsPassword->setPasswordOption(PasswordField::AlwaysAsk); } } else if (eapMethods.contains(NetworkManager::Security8021xSetting::EapMethodPeap)) { m_ui->auth->setCurrentIndex(m_ui->auth->findData(NetworkManager::Security8021xSetting::EapMethodPeap)); m_ui->peapAnonIdentity->setText(securitySetting->anonymousIdentity()); m_ui->peapDomain->setText(securitySetting->domainSuffixMatch()); m_ui->peapCACert->setUrl(QUrl::fromLocalFile(securitySetting->caCertificate())); m_ui->peapVersion->setCurrentIndex(securitySetting->phase1PeapVersion() + 1); if (phase2AuthMethod == NetworkManager::Security8021xSetting::AuthMethodMschapv2) { m_ui->peapInnerAuth->setCurrentIndex(0); } else if (phase2AuthMethod == NetworkManager::Security8021xSetting::AuthMethodMd5) { m_ui->peapInnerAuth->setCurrentIndex(1); } else if (phase2AuthMethod == NetworkManager::Security8021xSetting::AuthMethodGtc) { m_ui->peapInnerAuth->setCurrentIndex(2); } m_ui->peapUsername->setText(securitySetting->identity()); if (securitySetting->passwordFlags().testFlag(NetworkManager::Setting::None)) { m_ui->peapPassword->setPasswordOption(PasswordField::StoreForAllUsers); } else if (securitySetting->passwordFlags().testFlag(NetworkManager::Setting::AgentOwned)) { m_ui->peapPassword->setPasswordOption(PasswordField::StoreForUser); } else { m_ui->peapPassword->setPasswordOption(PasswordField::AlwaysAsk); } } loadSecrets(setting); } void Security8021x::loadSecrets(const NetworkManager::Setting::Ptr &setting) { NetworkManager::Security8021xSetting::Ptr securitySetting = setting.staticCast(); const QString password = securitySetting->password(); const QList eapMethods = securitySetting->eapMethods(); if (!password.isEmpty()) { if (eapMethods.contains(NetworkManager::Security8021xSetting::EapMethodMd5)) { m_ui->md5Password->setText(securitySetting->password()); } else if (eapMethods.contains(NetworkManager::Security8021xSetting::EapMethodLeap)) { m_ui->leapPassword->setText(securitySetting->password()); } else if (eapMethods.contains(NetworkManager::Security8021xSetting::EapMethodFast)) { m_ui->fastPassword->setText(securitySetting->password()); } else if (eapMethods.contains(NetworkManager::Security8021xSetting::EapMethodPwd)) { m_ui->pwdPassword->setText(securitySetting->password()); } else if (eapMethods.contains(NetworkManager::Security8021xSetting::EapMethodTtls)) { m_ui->ttlsPassword->setText(securitySetting->password()); } else if (eapMethods.contains(NetworkManager::Security8021xSetting::EapMethodPeap)) { m_ui->peapPassword->setText(securitySetting->password()); } } if (eapMethods.contains(NetworkManager::Security8021xSetting::EapMethodTls)) { const QString privateKeyPassword = securitySetting->privateKeyPassword(); if (!privateKeyPassword.isEmpty()) { m_ui->tlsPrivateKeyPassword->setText(securitySetting->privateKeyPassword()); } } } QVariantMap Security8021x::setting() const { NetworkManager::Security8021xSetting setting; NetworkManager::Security8021xSetting::EapMethod method = static_cast(m_ui->auth->itemData(m_ui->auth->currentIndex()).toInt()); setting.setEapMethods(QList() << method); if (method == NetworkManager::Security8021xSetting::EapMethodMd5) { if (!m_ui->md5UserName->text().isEmpty()) { setting.setIdentity(m_ui->md5UserName->text()); } if (m_ui->md5Password->passwordOption() == PasswordField::StoreForAllUsers) { setting.setPasswordFlags(NetworkManager::Setting::None); } else if (m_ui->md5Password->passwordOption() == PasswordField::StoreForUser) { setting.setPasswordFlags(NetworkManager::Setting::AgentOwned); } else { setting.setPasswordFlags(NetworkManager::Setting::NotSaved); } if (!m_ui->md5Password->text().isEmpty()) { setting.setPassword(m_ui->md5Password->text()); } } else if (method == NetworkManager::Security8021xSetting::EapMethodTls) { if (!m_ui->tlsIdentity->text().isEmpty()) { setting.setIdentity(m_ui->tlsIdentity->text()); } if (!m_ui->tlsDomain->text().isEmpty()) { setting.setDomainSuffixMatch(m_ui->tlsDomain->text()); } if (m_ui->tlsUserCert->url().isValid()) { setting.setClientCertificate(m_ui->tlsUserCert->url().toString().toUtf8().append('\0')); } if (m_ui->tlsCACert->url().isValid()) { setting.setCaCertificate(m_ui->tlsCACert->url().toString().toUtf8().append('\0')); } QStringList altsubjectmatches = m_ui->leTlsAlternativeSubjectMatches->text().remove(QLatin1Char(' ')).split(QLatin1Char(','), QString::SkipEmptyParts); for (const QString &match : m_ui->leTlsConnectToServers->text().remove(QLatin1Char(' ')).split(QLatin1Char(','), QString::SkipEmptyParts)) { const QString tempstr = QLatin1String("DNS:") + match; if (!altsubjectmatches.contains(tempstr)) { altsubjectmatches.append(tempstr); } } setting.setSubjectMatch(m_ui->leTlsSubjectMatch->text()); setting.setAltSubjectMatches(altsubjectmatches); if (m_ui->tlsPrivateKey->url().isValid()) { setting.setPrivateKey(m_ui->tlsPrivateKey->url().toString().toUtf8().append('\0')); } if (!m_ui->tlsPrivateKeyPassword->text().isEmpty()) { setting.setPrivateKeyPassword(m_ui->tlsPrivateKeyPassword->text()); } QCA::Initializer init; QCA::ConvertResult convRes; // Try if the private key is in pkcs12 format bundled with client certificate if (QCA::isSupported("pkcs12")) { QCA::KeyBundle keyBundle = QCA::KeyBundle::fromFile(m_ui->tlsPrivateKey->url().path(), m_ui->tlsPrivateKeyPassword->text().toUtf8(), &convRes); // Set client certificate to the same path as private key if (convRes == QCA::ConvertGood && keyBundle.privateKey().canDecrypt()) { setting.setClientCertificate(m_ui->tlsPrivateKey->url().toString().toUtf8().append('\0')); } } if (m_ui->tlsPrivateKeyPassword->passwordOption() == PasswordField::StoreForAllUsers) { setting.setPrivateKeyPasswordFlags(NetworkManager::Setting::None); } else if (m_ui->tlsPrivateKeyPassword->passwordOption() == PasswordField::StoreForUser) { setting.setPrivateKeyPasswordFlags(NetworkManager::Setting::AgentOwned); } else { setting.setPrivateKeyPasswordFlags(NetworkManager::Setting::NotSaved); } } else if (method == NetworkManager::Security8021xSetting::EapMethodLeap) { if (!m_ui->leapUsername->text().isEmpty()) { setting.setIdentity(m_ui->leapUsername->text()); } if (!m_ui->leapPassword->text().isEmpty()) { setting.setPassword(m_ui->leapPassword->text()); } if (m_ui->leapPassword->passwordOption() == PasswordField::StoreForAllUsers) { setting.setPasswordFlags(NetworkManager::Setting::None); } else if (m_ui->leapPassword->passwordOption() == PasswordField::StoreForUser) { setting.setPasswordFlags(NetworkManager::Setting::AgentOwned); } else { setting.setPasswordFlags(NetworkManager::Setting::NotSaved); } } else if (method == NetworkManager::Security8021xSetting::EapMethodPwd) { if (!m_ui->pwdUsername->text().isEmpty()) { setting.setIdentity(m_ui->pwdUsername->text()); } if (m_ui->pwdPassword->passwordOption() == PasswordField::StoreForAllUsers) { setting.setPasswordFlags(NetworkManager::Setting::None); } else if (m_ui->pwdPassword->passwordOption() == PasswordField::StoreForUser) { setting.setPasswordFlags(NetworkManager::Setting::AgentOwned); } else { setting.setPasswordFlags(NetworkManager::Setting::NotSaved); } if (!m_ui->pwdPassword->text().isEmpty()) { setting.setPassword(m_ui->pwdPassword->text()); } } else if (method == NetworkManager::Security8021xSetting::EapMethodFast) { if (!m_ui->fastAnonIdentity->text().isEmpty()) { setting.setAnonymousIdentity(m_ui->fastAnonIdentity->text()); } if (!m_ui->fastAllowPacProvisioning->isChecked()) { setting.setPhase1FastProvisioning(NetworkManager::Security8021xSetting::FastProvisioningDisabled); } else { setting.setPhase1FastProvisioning(static_cast(m_ui->pacMethod->currentIndex() + 1)); } if (m_ui->pacFile->url().isValid()) { setting.setPacFile(QFile::encodeName(m_ui->pacFile->url().toLocalFile())); } if (m_ui->fastInnerAuth->currentIndex() == 0) { setting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodGtc); } else { setting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodMschapv2); } if (!m_ui->fastUsername->text().isEmpty()) { setting.setIdentity(m_ui->fastUsername->text()); } if (!m_ui->fastPassword->text().isEmpty()) { setting.setPassword(m_ui->fastPassword->text()); } if (m_ui->fastPassword->passwordOption() == PasswordField::StoreForAllUsers) { setting.setPasswordFlags(NetworkManager::Setting::None); } else if (m_ui->fastPassword->passwordOption() == PasswordField::StoreForUser) { setting.setPasswordFlags(NetworkManager::Setting::AgentOwned); } else { setting.setPasswordFlags(NetworkManager::Setting::NotSaved); } } else if (method == NetworkManager::Security8021xSetting::EapMethodTtls) { if (!m_ui->ttlsAnonIdentity->text().isEmpty()) { setting.setAnonymousIdentity(m_ui->ttlsAnonIdentity->text()); } if (!m_ui->ttlsDomain->text().isEmpty()) { setting.setDomainSuffixMatch(m_ui->ttlsDomain->text()); } if (m_ui->ttlsCACert->url().isValid()) { setting.setCaCertificate(m_ui->ttlsCACert->url().toString().toUtf8().append('\0')); } const int innerAuth = m_ui->ttlsInnerAuth->currentIndex(); if (innerAuth == 0) { setting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodPap); } else if (innerAuth == 1) { setting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodMschap); } else if (innerAuth == 2) { setting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodMschapv2); } else if (innerAuth == 3) { setting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodChap); } if (!m_ui->ttlsUsername->text().isEmpty()) { setting.setIdentity(m_ui->ttlsUsername->text()); } if (!m_ui->ttlsPassword->text().isEmpty()) { setting.setPassword(m_ui->ttlsPassword->text()); } if (m_ui->ttlsPassword->passwordOption() == PasswordField::StoreForAllUsers) { setting.setPasswordFlags(NetworkManager::Setting::None); } else if (m_ui->ttlsPassword->passwordOption() == PasswordField::StoreForUser) { setting.setPasswordFlags(NetworkManager::Setting::AgentOwned); } else { setting.setPasswordFlags(NetworkManager::Setting::NotSaved); } } else if (method == NetworkManager::Security8021xSetting::EapMethodPeap) { if (!m_ui->peapAnonIdentity->text().isEmpty()) { setting.setAnonymousIdentity(m_ui->peapAnonIdentity->text()); } if (!m_ui->peapDomain->text().isEmpty()) { setting.setDomainSuffixMatch(m_ui->peapDomain->text()); } if (m_ui->peapCACert->url().isValid()) { setting.setCaCertificate(m_ui->peapCACert->url().toString().toUtf8().append('\0')); } setting.setPhase1PeapVersion(static_cast(m_ui->peapVersion->currentIndex() - 1)); const int innerAuth = m_ui->peapInnerAuth->currentIndex(); if (innerAuth == 0) { setting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodMschapv2); } else if (innerAuth == 1) { setting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodMd5); } else if (innerAuth == 2) { setting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodGtc); } if (!m_ui->peapUsername->text().isEmpty()) { setting.setIdentity(m_ui->peapUsername->text()); } if (!m_ui->peapPassword->text().isEmpty()) { setting.setPassword(m_ui->peapPassword->text()); } if (m_ui->peapPassword->passwordOption() == PasswordField::StoreForAllUsers) { setting.setPasswordFlags(NetworkManager::Setting::None); } else if (m_ui->peapPassword->passwordOption() == PasswordField::StoreForUser) { setting.setPasswordFlags(NetworkManager::Setting::AgentOwned); } else { setting.setPasswordFlags(NetworkManager::Setting::NotSaved); } } return setting.toMap(); } void Security8021x::altSubjectMatchesButtonClicked() { QPointer editor = new EditListDialog(this); editor->setItems(m_ui->leTlsSubjectMatch->text().remove(QLatin1Char(' ')).split(QLatin1Char(','), QString::SkipEmptyParts)); editor->setWindowTitle(i18n("Alternative Subject Matches")); - editor->setToolTip(i18n("This entry must be one of:
  • DNS: <name or ip address>
  • EMAIL: <email>
  • URI: <uri, e.g. http://www.kde.org>
")); + editor->setToolTip(i18n("This entry must be one of:
  • DNS: <name or ip address>
  • EMAIL: <email>
  • URI: <uri, e.g. https://www.kde.org>
")); editor->setValidator(altSubjectValidator); connect(editor.data(), &QDialog::accepted, [editor, this] () { m_ui->leTlsSubjectMatch->setText(editor->items().join(QLatin1String(", "))); }); connect(editor.data(), &QDialog::finished, [editor] () { if (editor) { editor->deleteLater(); } }); editor->setModal(true); editor->show(); } void Security8021x::connectToServersButtonClicked() { QPointer editor = new EditListDialog(this); editor->setItems(m_ui->leTlsConnectToServers->text().remove(QLatin1Char(' ')).split(QLatin1Char(','), QString::SkipEmptyParts)); editor->setWindowTitle(i18n("Connect to these servers only")); editor->setValidator(serversValidator); connect(editor.data(), &QDialog::accepted, [editor, this] () { m_ui->leTlsConnectToServers->setText(editor->items().join(QLatin1String(", "))); }); connect(editor.data(), &QDialog::finished, [editor] () { if (editor) { editor->deleteLater(); } }); editor->setModal(true); editor->show(); } bool Security8021x::isValid() const { NetworkManager::Security8021xSetting::EapMethod method = static_cast(m_ui->auth->itemData(m_ui->auth->currentIndex()).toInt()); if (method == NetworkManager::Security8021xSetting::EapMethodMd5) { return !m_ui->md5UserName->text().isEmpty() && (!m_ui->md5Password->text().isEmpty() || m_ui->md5Password->passwordOption() == PasswordField::AlwaysAsk); } else if (method == NetworkManager::Security8021xSetting::EapMethodTls) { if (m_ui->tlsIdentity->text().isEmpty()) { return false; } if (!m_ui->tlsPrivateKey->url().isValid()) { return false; } if (m_ui->tlsPrivateKeyPassword->passwordOption() == PasswordField::AlwaysAsk) { return true; } if (m_ui->tlsPrivateKeyPassword->text().isEmpty()) { return false; } QCA::Initializer init; QCA::ConvertResult convRes; // Try if the private key is in pkcs12 format bundled with client certificate if (QCA::isSupported("pkcs12")) { QCA::KeyBundle keyBundle = QCA::KeyBundle::fromFile(m_ui->tlsPrivateKey->url().path(), m_ui->tlsPrivateKeyPassword->text().toUtf8(), &convRes); // We can return the result of decryption when we managed to import the private key if (convRes == QCA::ConvertGood) { return keyBundle.privateKey().canDecrypt(); } } // If the private key is not in pkcs12 format, we need client certificate to be set if (!m_ui->tlsUserCert->url().isValid()) { return false; } // Try if the private key is in PEM format and return the result of decryption if we managed to open it QCA::PrivateKey key = QCA::PrivateKey::fromPEMFile(m_ui->tlsPrivateKey->url().path(), m_ui->tlsPrivateKeyPassword->text().toUtf8(), &convRes); if (convRes == QCA::ConvertGood) { return key.canDecrypt(); } // TODO Try other formats (DER - mainly used in Windows) // TODO Validate other certificates?? } else if (method == NetworkManager::Security8021xSetting::EapMethodLeap) { return !m_ui->leapUsername->text().isEmpty() && (!m_ui->leapPassword->text().isEmpty() || m_ui->leapPassword->passwordOption() == PasswordField::AlwaysAsk); } else if (method == NetworkManager::Security8021xSetting::EapMethodPwd) { return !m_ui->pwdUsername->text().isEmpty() && (!m_ui->pwdPassword->text().isEmpty() || m_ui->pwdPassword->passwordOption() == PasswordField::AlwaysAsk); } else if (method == NetworkManager::Security8021xSetting::EapMethodFast) { if (!m_ui->fastAllowPacProvisioning->isChecked() && !m_ui->pacFile->url().isValid()) { return false; } return !m_ui->fastUsername->text().isEmpty() && (!m_ui->fastPassword->text().isEmpty() || m_ui->fastPassword->passwordOption() == PasswordField::AlwaysAsk); } else if (method == NetworkManager::Security8021xSetting::EapMethodTtls) { return !m_ui->ttlsUsername->text().isEmpty() && (!m_ui->ttlsPassword->text().isEmpty() || m_ui->ttlsPassword->passwordOption() == PasswordField::AlwaysAsk); } else if (method == NetworkManager::Security8021xSetting::EapMethodPeap) { return !m_ui->peapUsername->text().isEmpty() && (!m_ui->peapPassword->text().isEmpty() || m_ui->peapPassword->passwordOption() == PasswordField::AlwaysAsk); } return true; } void Security8021x::currentAuthChanged(int index) { Q_UNUSED(index); KAcceleratorManager::manage(m_ui->stackedWidget->currentWidget()); } diff --git a/vpn/openconnect/CMakeLists.txt b/vpn/openconnect/CMakeLists.txt index 81dc6876..aa2da052 100644 --- a/vpn/openconnect/CMakeLists.txt +++ b/vpn/openconnect/CMakeLists.txt @@ -1,72 +1,72 @@ add_definitions(-DTRANSLATION_DOMAIN=\"plasmanetworkmanagement_openconnectui\") set (MINIMUM_OPENCONNECT_VERSION_REQUIRED "3.99") set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_MODULE_PATH}) find_package(OpenConnect ${MINIMUM_OPENCONNECT_VERSION_REQUIRED} MODULE) if (OPENCONNECT_FOUND) find_package(Qt5Xml ${QT_MIN_VERSION} CONFIG REQUIRED) if (${OPENCONNECT_VERSION} VERSION_LESS "3.99") # macro_optional_find_package(OpenSSL) -# macro_log_feature(OpenSSL_FOUND "OpenSSL headers" "Encryption suite" "http://www.openssl.org" FALSE "" "Needed for OpenConnect support in Network Management") +# macro_log_feature(OpenSSL_FOUND "OpenSSL headers" "Encryption suite" "https://www.openssl.org" FALSE "" "Needed for OpenConnect support in Network Management") find_package(OpenSSL) set_package_properties(OpenSSL PROPERTIES DESCRIPTION "Encryption suite" - URL "http://www.openssl.org" + URL "https://www.openssl.org" TYPE OPTIONAL ) if (OpenSSL_FOUND) set (MINIMUM_OPENCONNECT_VERSION_REQUIRED "3.03") set (maybe_OPENSSL_LIBRARIES ${OpenSSL_LIBRARIES}) endif() endif() if (${OPENCONNECT_VERSION} VERSION_GREATER ${MINIMUM_OPENCONNECT_VERSION_REQUIRED} OR ${OPENCONNECT_VERSION} VERSION_EQUAL ${MINIMUM_OPENCONNECT_VERSION_REQUIRED}) include_directories(${OPENCONNECT_INCLUDE_DIRS}) set(openconnect_SRCS ../../libs/debug.cpp openconnectui.cpp openconnectwidget.cpp openconnectauth.cpp openconnectauthworkerthread.cpp ) ki18n_wrap_ui(openconnect_SRCS openconnectprop.ui openconnectauth.ui openconnecttoken.ui) add_library(plasmanetworkmanagement_openconnectui ${openconnect_SRCS}) target_link_libraries(plasmanetworkmanagement_openconnectui plasmanm_internal plasmanm_editor ${NETWORKMANAGERQT5_LDFLAGS} KF5::CoreAddons KF5::I18n KF5::IconThemes KF5::KIOWidgets KF5::WidgetsAddons Qt5::Xml ${OPENCONNECT_LIBRARIES} ${maybe_OPENSSL_LIBRARIES} ) install(TARGETS plasmanetworkmanagement_openconnectui DESTINATION ${KDE_INSTALL_PLUGINDIR}) install(FILES plasmanetworkmanagement_openconnectui.desktop DESTINATION ${KDE_INSTALL_KSERVICES5DIR}) install(FILES plasmanetworkmanagement_openconnect_juniperui.desktop DESTINATION ${KDE_INSTALL_KSERVICES5DIR}) install(FILES plasmanetworkmanagement_openconnect_globalprotectui.desktop DESTINATION ${KDE_INSTALL_KSERVICES5DIR}) else() message("ERROR: OpenConnection version '${OPENCONNECT_VERSION}' does not match minimum required (${MINIMUM_OPENCONNECT_VERSION_REQUIRED})") message("OpenConnect plugin will not be built") set(OPENCONNECT_FOUND False) endif() else (OPENCONNECT_FOUND) message("OpenConnect plugin will not be built") endif (OPENCONNECT_FOUND) #macro_log_feature(OPENCONNECT_FOUND "OpenConnect headers and library" "Cisco AnyConnect compatible VPN client" "http://www.infradead.org/openconnect.html" FALSE ${MINIMUM_OPENCONNECT_VERSION_REQUIRED} "Needed for OpenConnect support in Plasma NM")