From d540c8ff83eb135da11eccdd8755867bd8e7fcb5 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: May 10 2011 21:44:38 +0000 Subject: Fix initial connections to WPA Enterprise access points (#699014) --- diff --git a/0001-network-fix-handling-of-AP-flags-and-enhance-for-802.patch b/0001-network-fix-handling-of-AP-flags-and-enhance-for-802.patch new file mode 100644 index 0000000..2296d37 --- /dev/null +++ b/0001-network-fix-handling-of-AP-flags-and-enhance-for-802.patch @@ -0,0 +1,80 @@ +From 101a07a3d79223cc153a6c65f22acd76cbae4818 Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Tue, 3 May 2011 12:21:45 -0500 +Subject: [PATCH 1/3] network: fix handling of AP flags and enhance for 802.1x + +All WPA APs were getting set as WPA2 due to the check for privacy; +WPA/WPA2 APs *must* set the Privacy bit according to the standard, +so we'd never end up in the case for NMAccessPointSecurity.WPA. + +Fix that, and also add flags for WPA[2] Enterprise which we'll +use a bit later for the first-time connect case for 802.1x enabled +access points. +--- + js/ui/status/network.js | 38 +++++++++++++++++++++----------------- + 1 files changed, 21 insertions(+), 17 deletions(-) + +diff --git a/js/ui/status/network.js b/js/ui/status/network.js +index bf8e272..6f0cdac 100644 +--- a/js/ui/status/network.js ++++ b/js/ui/status/network.js +@@ -33,8 +33,10 @@ const NMAccessPointSecurity = { + UNKNOWN: 0, + NONE: 1, + WEP: 2, +- WPA: 3, +- WPA2: 4 ++ WPA_PSK: 3, ++ WPA2_PSK: 4, ++ WPA_ENT: 5, ++ WPA2_ENT: 6 + }; + + // small optimization, to avoid using [] all the time +@@ -1129,26 +1131,28 @@ NMDeviceWireless.prototype = { + _getApSecurityType: function(accessPoint) { + if (accessPoint._secType) + return accessPoint._secType; +- // XXX: have this checked by someone familiar with IEEE 802.1x + + let flags = accessPoint.flags; + let wpa_flags = accessPoint.wpa_flags; + let rsn_flags = accessPoint.rsn_flags; + let type; +- if ( !(flags & NM80211ApFlags.PRIVACY) +- && (wpa_flags == NM80211ApSecurityFlags.NONE) +- && (rsn_flags == NM80211ApSecurityFlags.NONE)) +- type = NMAccessPointSecurity.NONE; +- else if ( (flags & NM80211ApFlags.PRIVACY) +- && (wpa_flags == NM80211ApSecurityFlags.NONE) +- && (rsn_flags == NM80211ApSecurityFlags.NONE)) +- type = NMAccessPointSecurity.WEP; +- else if ( !(flags & NM80211ApFlags.PRIVACY) +- && (wpa_flags != NM80211ApSecurity.NONE) +- && (rsn_flags != NM80211ApSecurity.NONE)) +- type = NMAccessPointSecurity.WPA; +- else +- type = NMAccessPointSecurity.WPA2; ++ if (rsn_flags != NM80211ApSecurityFlags.NONE) { ++ /* RSN check first so that WPA+WPA2 APs are treated as RSN/WPA2 */ ++ if (rsn_flags & NM80211ApSecurityFlags.KEY_MGMT_802_1X) ++ type = NMAccessPointSecurity.WPA2_ENT; ++ else if (rsn_flags & NM80211ApSecurityFlags.KEY_MGMT_PSK) ++ type = NMAccessPointSecurity.WPA2_PSK; ++ } else if (wpa_flags != NM80211ApSecurityFlags.NONE) { ++ if (wpa_flags & NM80211ApSecurityFlags.KEY_MGMT_802_1X) ++ type = NMAccessPointSecurity.WPA_ENT; ++ else if (wpa_flags & NM80211ApSecurityFlags.KEY_MGMT_PSK) ++ type = NMAccessPointSecurity.WPA_PSK; ++ } else { ++ if (flags & NM80211ApFlags.PRIVACY) ++ type = NMAccessPointSecurity.WEP; ++ else ++ type = NMAccessPointSecurity.NONE; ++ } + + // cache the found value to avoid checking flags all the time + accessPoint._secType = type; +-- +1.7.5 + diff --git a/0001-network-simplify-connection-sorting-by-using-libnm-g.patch b/0001-network-simplify-connection-sorting-by-using-libnm-g.patch new file mode 100644 index 0000000..7fce0e9 --- /dev/null +++ b/0001-network-simplify-connection-sorting-by-using-libnm-g.patch @@ -0,0 +1,217 @@ +From c31109800b3267df433841bff08c9383a5d669cb Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Mon, 25 Apr 2011 17:13:12 -0500 +Subject: [PATCH] network: simplify connection sorting by using libnm-glib + functions + +Instead of rolling our own code, use new libnm-glib functions to do +the same thing. Requires libnm-glib as of +779215c742bbe29a2c66202ec7e2e6d43edeb8ff (which will be part of 0.9). + +Fixes https://bugzilla.gnome.org/show_bug.cgi?id=648648 +--- + configure.ac | 2 +- + js/ui/status/network.js | 104 +++-------------------------------------------- + 2 files changed, 7 insertions(+), 99 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 8449f07..abd4c25 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -100,7 +100,7 @@ AC_SUBST([GJS_VERSION], ["$GJS_VERSION"]) + GOBJECT_INTROSPECTION_CHECK([$GOBJECT_INTROSPECTION_MIN_VERSION]) + JHBUILD_TYPELIBDIR="$INTROSPECTION_TYPELIBDIR" + # NM is the only typelib we use that we don't jhbuild +-PKG_CHECK_EXISTS([libnm-glib >= 0.8.995], ++PKG_CHECK_EXISTS([libnm-glib >= 0.8.999], + [NM_TYPELIBDIR=`$PKG_CONFIG --variable=libdir libnm-glib`/girepository-1.0 + if test "$INTROSPECTION_TYPELIBDIR" != "$NM_TYPELIBDIR"; then + JHBUILD_TYPELIBDIR="$JHBUILD_TYPELIBDIR:$NM_TYPELIBDIR" +diff --git a/js/ui/status/network.js b/js/ui/status/network.js +index d56c0b1..bf8e272 100644 +--- a/js/ui/status/network.js ++++ b/js/ui/status/network.js +@@ -505,7 +505,7 @@ NMDevice.prototype = { + }, + + connectionValid: function(connection) { +- throw new TypeError('Invoking pure virtual function NMDevice.connectionValid'); ++ return this.device.connection_valid(connection); + }, + + setEnabled: function(enabled) { +@@ -723,17 +723,6 @@ NMDeviceWired.prototype = { + NMDevice.prototype._init.call(this, client, device, connections); + }, + +- connectionValid: function(connection) { +- if (connection._type != NetworkManager.SETTING_WIRED_SETTING_NAME) +- return false; +- +- let ethernetSettings = connection.get_setting_by_name(NetworkManager.SETTING_WIRED_SETTING_NAME); +- let fixedMac = ethernetSettings.get_mac_address(); +- if (fixedMac) +- return macCompare(fixedMac, macToArray(this.device.perm_hw_address)); +- return true; +- }, +- + _createSection: function() { + NMDevice.prototype._createSection.call(this); + +@@ -876,10 +865,6 @@ NMDeviceModem.prototype = { + NMDevice.prototype._clearSection.call(this); + }, + +- connectionValid: function(connection) { +- return connection._type == this._connectionType; +- }, +- + _createAutomaticConnection: function() { + // FIXME: we need to summon the mobile wizard here + // or NM will not have the necessary parameters to complete the connection +@@ -913,18 +898,6 @@ NMDeviceBluetooth.prototype = { + NMDevice.prototype._init.call(this, client, device, connections); + }, + +- connectionValid: function(connection) { +- if (connection._type != NetworkManager.SETTING_BLUETOOTH_SETTING_NAME) +- return false; +- +- let bluetoothSettings = connection.get_setting_by_name(NetworkManager.SETTING_BLUETOOTH_SETTING_NAME); +- let fixedBdaddr = bluetoothSettings.get_bdaddr(); +- if (fixedBdaddr) +- return macCompare(fixedBdaddr, macToArray(this.device.hw_address)); +- +- return true; +- }, +- + _createAutomaticConnection: function() { + let connection = new NetworkManager.Connection; + connection._uuid = NetworkManager.utils_uuid_generate(); +@@ -1047,7 +1020,7 @@ NMDeviceWireless.prototype = { + // Check if some connection is valid for this AP + for (let j = 0; j < validConnections.length; j++) { + let connection = validConnections[j]; +- if (this._connectionValidForAP(connection, ap) && ++ if (ap.connection_valid(connection) && + obj.connections.indexOf(connection) == -1) { + obj.connections.push(connection); + } +@@ -1121,7 +1094,7 @@ NMDeviceWireless.prototype = { + if (best) { + for (let i = 0; i < bestApObj.accessPoints.length; i++) { + let ap = bestApObj.accessPoints[i]; +- if (this._connectionValidForAP(best, ap)) { ++ if (ap.connection_valid(best)) { + this._client.activate_connection(best, this.device, ap.dbus_path, null); + break; + } +@@ -1257,7 +1230,7 @@ NMDeviceWireless.prototype = { + // check if this enables new connections for this group + for (let i = 0; i < this._connections.length; i++) { + let connection = this._connections[i].connection; +- if (this._connectionValidForAP(connection, accessPoint) && ++ if (accessPoint.connection_valid(connection) && + apObj.connections.indexOf(connection) == -1) { + apObj.connections.push(connection); + } +@@ -1337,7 +1310,7 @@ NMDeviceWireless.prototype = { + item.connect('activate', Lang.bind(this, function() { + let accessPoints = sortAccessPoints(accessPointObj.accessPoints); + for (let i = 0; i < accessPoints.length; i++) { +- if (this._connectionValidForAP(connection, accessPoints[i])) { ++ if (accessPoints[i].connection_valid(connection)) { + this._client.activate_connection(connection, this.device, accessPoints[i].dbus_path, null); + break; + } +@@ -1346,40 +1319,6 @@ NMDeviceWireless.prototype = { + return item; + }, + +- connectionValid: function(connection) { +- if (connection._type != NetworkManager.SETTING_WIRELESS_SETTING_NAME) +- return false; +- +- let wirelessSettings = connection.get_setting_by_name(NetworkManager.SETTING_WIRELESS_SETTING_NAME); +- let wirelessSecuritySettings = connection.get_setting_by_name(NetworkManager.SETTING_WIRELESS_SECURITY_SETTING_NAME); +- +- let fixedMac = wirelessSettings.get_mac_address(); +- if (fixedMac && !macCompare(fixedMac, macToArray(this.device.perm_hw_address))) +- return false; +- +- if (wirelessSecuritySettings && +- wirelessSecuritySettings.key_mgmt != 'none' && +- wirelessSecuritySettings.key_mgmt != 'ieee8021x') { +- let capabilities = this.device.wireless_capabilities; +- if (!(capabilities & NetworkManager.DeviceWifiCapabilities.WPA) || +- !(capabilities & NetworkManager.DeviceWifiCapabilities.CIPHER_TKIP)) +- return false; +- if (wirelessSecuritySettings.get_num_protos() == 1 && +- wirelessSecuritySettings.get_proto(0) == 'rsn' && +- !(capabilities & NetworkManager.DeviceWifiCapabilities.RSN)) +- return false; +- if (wirelessSecuritySettings.get_num_pairwise() == 1 && +- wirelessSecuritySettings.get_pairwise(0) == 'ccmp' && +- !(capabilities & NetworkManager.DeviceWifiCapabilities.CIPHER_CCMP)) +- return false; +- if (wirelessSecuritySettings.get_num_groups() == 1 && +- wirelessSecuritySettings.get_group(0) == 'ccmp' && +- !(capabilities & NetworkManager.DeviceWifiCapabilities.CIPHER_CCMP)) +- return false; +- } +- return true; +- }, +- + _clearSection: function() { + NMDevice.prototype._clearSection.call(this); + +@@ -1463,7 +1402,7 @@ NMDeviceWireless.prototype = { + let any = false; + for (let k = 0; k < apObj.accessPoints.length; k++) { + let ap = apObj.accessPoints[k]; +- if (this._connectionValidForAP(connection, ap)) { ++ if (ap.connection_valid(connection)) { + apObj.connections.push(connection); + any = true; + break; +@@ -1479,37 +1418,6 @@ NMDeviceWireless.prototype = { + } + }, + +- _connectionValidForAP: function(connection, ap) { +- // copied and adapted from nm-applet +- let wirelessSettings = connection.get_setting_by_name(NetworkManager.SETTING_WIRELESS_SETTING_NAME); +- if (!ssidCompare(wirelessSettings.get_ssid(), ap.get_ssid())) +- return false; +- +- let wirelessSecuritySettings = connection.get_setting_by_name(NetworkManager.SETTING_WIRELESS_SECURITY_SETTING_NAME); +- +- let fixedBssid = wirelessSettings.get_bssid(); +- if (fixedBssid && !macCompare(fixedBssid, macToArray(ap.hw_address))) +- return false; +- +- let fixedBand = wirelessSettings.band; +- if (fixedBand) { +- let freq = ap.frequency; +- if (fixedBand == 'a' && (freq < 4915 || freq > 5825)) +- return false; +- if (fixedBand == 'bg' && (freq < 2412 || freq > 2484)) +- return false; +- } +- +- let fixedChannel = wirelessSettings.channel; +- if (fixedChannel && fixedChannel != NetworkManager.utils_wifi_freq_to_channel(ap.frequency)) +- return false; +- +- if (!wirelessSecuritySettings) +- return true; +- +- return wirelessSettings.ap_security_compatible(wirelessSecuritySettings, ap.flags, ap.wpa_flags, ap.rsn_flags, ap.mode); +- }, +- + _createActiveConnectionItem: function() { + let activeAp = this.device.active_access_point; + let icon, title; +-- +1.7.5 + diff --git a/0002-network-fix-initial-connections-to-WPA-2-Enterprise-.patch b/0002-network-fix-initial-connections-to-WPA-2-Enterprise-.patch new file mode 100644 index 0000000..a3c9322 --- /dev/null +++ b/0002-network-fix-initial-connections-to-WPA-2-Enterprise-.patch @@ -0,0 +1,73 @@ +From ae0652d13fc2d7caa3d64f2b87d174253cae5901 Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Tue, 3 May 2011 13:31:45 -0500 +Subject: [PATCH 2/3] network: fix initial connections to WPA[2] Enterprise + APs + +Call out to nm-applet to do the dirty work since the dialog of +doom is pretty complicated and we don't have a JS equivalent +of it for now. + +Fixes https://bugzilla.gnome.org/show_bug.cgi?id=648171 +--- + js/ui/status/network.js | 29 +++++++++++++++++++++++++++-- + 1 files changed, 27 insertions(+), 2 deletions(-) + +diff --git a/js/ui/status/network.js b/js/ui/status/network.js +index 6f0cdac..ca4facf 100644 +--- a/js/ui/status/network.js ++++ b/js/ui/status/network.js +@@ -48,6 +48,16 @@ const NM80211ApSecurityFlags = NetworkManager['80211ApSecurityFlags']; + const NM80211ApFlags = NetworkManager['80211ApFlags']; + const NM80211ApSecurityFlags = NetworkManager['80211ApSecurityFlags']; + ++const NMAppletHelperInterface = { ++ name: 'org.gnome.network_manager_applet', ++ methods: [ ++ { name: 'ConnectToHiddenNetwork', inSignature: '', outSignature: '' }, ++ { name: 'CreateWifiNetwork', inSignature: '', outSignature: '' }, ++ { name: 'ConnectTo8021xNetwork', inSignature: 'oo', outSignature: '' } ++ ], ++}; ++const NMAppletProxy = DBus.makeProxyClass(NMAppletHelperInterface); ++ + function macToArray(string) { + return string.split(':').map(function(el) { + return parseInt(el, 16); +@@ -991,6 +1001,10 @@ NMDeviceWireless.prototype = { + this._overflowItem = null; + this._networks = [ ]; + ++ this._applet_proxy = new NMAppletProxy(DBus.session, ++ 'org.gnome.network_manager_applet', ++ '/org/gnome/network_manager_applet'); ++ + // breaking the layers with this, but cannot call + // this.connectionValid until I have a device + this.device = device; +@@ -1483,9 +1497,20 @@ NMDeviceWireless.prototype = { + apObj.item = new NMNetworkMenuItem(apObj.accessPoints); + apObj.item._apObj = apObj; + apObj.item.connect('activate', Lang.bind(this, function() { +- let connection = this._createAutomaticConnection(apObj); + let accessPoints = sortAccessPoints(apObj.accessPoints); +- this._client.add_and_activate_connection(connection, this.device, accessPoints[0].dbus_path, null) ++ if ( (accessPoints[0]._secType == NMAccessPointSecurity.WPA2_ENT) ++ || (accessPoints[0]._secType == NMAccessPointSecurity.WPA_ENT)) { ++ // 802.1x-enabled APs get handled by nm-applet for now... ++ this._applet_proxy.ConnectTo8021xNetworkRemote(this.device.get_path(), ++ accessPoints[0].dbus_path, ++ Lang.bind(this, function(results, err) { ++ if (err) ++ log(err); ++ })); ++ } else { ++ let connection = this._createAutomaticConnection(apObj); ++ this._client.add_and_activate_connection(connection, this.device, accessPoints[0].dbus_path, null) ++ } + })); + } + +-- +1.7.5 + diff --git a/0003-network-request-that-nm-applet-show-the-mobile-broad.patch b/0003-network-request-that-nm-applet-show-the-mobile-broad.patch new file mode 100644 index 0000000..8e05624 --- /dev/null +++ b/0003-network-request-that-nm-applet-show-the-mobile-broad.patch @@ -0,0 +1,89 @@ +From 5090a4ccce87643081138272fb8a2fe687f1ed0a Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Tue, 3 May 2011 14:48:10 -0500 +Subject: [PATCH 3/3] network: request that nm-applet show the mobile + broadband wizard + +Use nm-applet 0.8.999 API to call the mobile broadband wizard and +activate the new connection. + +Fixes https://bugzilla.gnome.org/show_bug.cgi?id=649318 +--- + js/ui/status/network.js | 33 +++++++++++++++++---------------- + 1 files changed, 17 insertions(+), 16 deletions(-) + +diff --git a/js/ui/status/network.js b/js/ui/status/network.js +index ca4facf..756b27f 100644 +--- a/js/ui/status/network.js ++++ b/js/ui/status/network.js +@@ -53,7 +53,8 @@ const NMAppletHelperInterface = { + methods: [ + { name: 'ConnectToHiddenNetwork', inSignature: '', outSignature: '' }, + { name: 'CreateWifiNetwork', inSignature: '', outSignature: '' }, +- { name: 'ConnectTo8021xNetwork', inSignature: 'oo', outSignature: '' } ++ { name: 'ConnectTo8021xNetwork', inSignature: 'oo', outSignature: '' }, ++ { name: 'ConnectTo3gNetwork', inSignature: 'o', outSignature: '' } + ], + }; + const NMAppletProxy = DBus.makeProxyClass(NMAppletHelperInterface); +@@ -440,7 +441,8 @@ NMDevice.prototype = { + this._client.activate_connection(this._connections[0].connection, this.device, null, null); + } else if (this._autoConnectionName) { + let connection = this._createAutomaticConnection(); +- this._client.add_and_activate_connection(connection, this.device, null, null); ++ if (connection) ++ this._client.add_and_activate_connection(connection, this.device, null, null); + } + }, + +@@ -620,7 +622,8 @@ NMDevice.prototype = { + this._autoConnectionItem = new PopupMenu.PopupMenuItem(this._autoConnectionName); + this._autoConnectionItem.connect('activate', Lang.bind(this, function() { + let connection = this._createAutomaticConnection(); +- this._client.add_and_activate_connection(connection, this.device, null, null); ++ if (connection) ++ this._client.add_and_activate_connection(connection, this.device, null, null); + })); + this.section.addMenuItem(this._autoConnectionItem); + } +@@ -777,6 +780,10 @@ NMDeviceModem.prototype = { + this.mobileDevice = null; + this._connectionType = 'ppp'; + ++ this._applet_proxy = new NMAppletProxy(DBus.session, ++ 'org.gnome.network_manager_applet', ++ '/org/gnome/network_manager_applet'); ++ + this._capabilities = device.current_capabilities; + if (this._capabilities & NetworkManager.DeviceModemCapabilities.GSM_UMTS) { + is_wwan = true; +@@ -878,19 +885,13 @@ NMDeviceModem.prototype = { + }, + + _createAutomaticConnection: function() { +- // FIXME: we need to summon the mobile wizard here +- // or NM will not have the necessary parameters to complete the connection +- // pending a DBus method on nm-applet +- +- let connection = new NetworkManager.Connection; +- connection._uuid = NetworkManager.utils_uuid_generate(); +- connection.add_setting(new NetworkManager.SettingConnection({ +- uuid: connection._uuid, +- id: this._autoConnectionName, +- type: this._connectionType, +- autoconnect: false +- })); +- return connection; ++ // Mobile wizard is handled by nm-applet for now... ++ this._applet_proxy.ConnectTo3gNetworkRemote(this.device.get_path(), ++ Lang.bind(this, function(results, err) { ++ if (err) ++ log(err); ++ })); ++ return null; + } + }; + +-- +1.7.5 + diff --git a/gnome-shell.spec b/gnome-shell.spec index f2eaf93..ebb99da 100644 --- a/gnome-shell.spec +++ b/gnome-shell.spec @@ -1,6 +1,6 @@ Name: gnome-shell Version: 3.0.1 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Window management and application launching for GNOME Group: User Interface/Desktops @@ -13,6 +13,11 @@ Patch0: gnome-shell-avoid-redhat-menus.patch # https://bugzilla.gnome.org/show_bug.cgi?id=648739 Patch1: appDisplay-Fix-off-by-one-when-incrementally-adding-.patch +Patch2: 0001-network-simplify-connection-sorting-by-using-libnm-g.patch +Patch3: 0001-network-fix-handling-of-AP-flags-and-enhance-for-802.patch +Patch4: 0002-network-fix-initial-connections-to-WPA-2-Enterprise-.patch +Patch5: 0003-network-request-that-nm-applet-show-the-mobile-broad.patch + %define clutter_version 1.4.0 %define gobject_introspection_version 0.10.1 %define mutter_version 3.0.0 @@ -83,6 +88,10 @@ easy to use experience. %setup -q %patch0 -p1 -b .avoid-redhat-menus %patch1 -p1 -b .duplicate-apps +%patch2 -p1 -b .connection-sorting +%patch3 -p1 -b .apflags +%patch4 -p1 -b .wpa-enterprise +%patch5 -p1 -b .mobile-broadband %build (if ! test -x configure; then NOCONFIGURE=1 ./autogen.sh; fi; @@ -142,6 +151,10 @@ gconftool-2 --makefile-install-rule \ glib-compile-schemas --allow-any-name %{_datadir}/glib-2.0/schemas ||: %changelog +* Tue May 10 2011 Dan Williams - 3.0.1-4 +- Fix initial connections to WPA Enterprise access points (#699014) +- Fix initial connections to mobile broadband networks + * Thu Apr 28 2011 Dan HorĂ¡k - 3.0.1-3 - no bluetooth on s390(x)