Bug#752794: network-manager: Add support for EAP-PWD

[Florent Daigniere]

Package: network-manager
Version: 0.9.8.10-3
Severity: wishlist
Tags: patch

The patches attached work for me and apply cleanly against
network-manager and network-manager-applet respectively.

They implement EAP-PWD support (patch has been submitted and merged
upstream already).

I'd be great if they could be part of the next sid package upload.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages network-manager depends on:
ii  adduser                3.113+nmu3
ii  dbus                   1.8.4-1
ii  init-system-helpers    1.19
ii  isc-dhcp-client        4.3.0+dfsg-1
ii  libc6                  2.19-4
ii  libdbus-1-3            1.8.4-1
ii  libdbus-glib-1-2       0.102-1
ii  libgcrypt11            1.5.3-4
ii  libglib2.0-0           2.40.0-3
ii  libgnutls26            2.12.23-16
ii  libgudev-1.0-0         204-12
ii  libmm-glib0            1.0.0-5+b1
ii  libnl-3-200            3.2.24-2
ii  libnl-genl-3-200       3.2.24-2
ii  libnl-route-3-200      3.2.24-2
ii  libnm-glib4            0.9.8.10-3
ii  libnm-util2            0.9.8.10-3
ii  libpam-systemd         204-12
ii  libpolkit-gobject-1-0  0.105-6
ii  libsoup2.4-1           2.46.0-2
ii  libsystemd-daemon0     204-12
ii  libsystemd-login0      204-12
ii  libuuid1               2.20.1-5.8
ii  lsb-base               4.1+Debian13
ii  policykit-1            0.105-6
ii  udev                   204-12
ii  wpasupplicant          1.1-1

Versions of packages network-manager recommends:
ii  crda          1.1.2-1
ii  dnsmasq-base  2.71-1
ii  iptables      1.4.21-2
ii  modemmanager  1.0.0-5+b1
ii  ppp           2.4.6-2

Versions of packages network-manager suggests:
ii  avahi-autoipd  0.6.31-4

--- a/src/wireless-security/eap-method-simple.c	2014-06-25 17:29:52.062485040 +0200
+++ b/src/wireless-security/eap-method-simple.c	2014-06-25 17:30:05.246639770 +0200
@@ -129,6 +129,9 @@
 		case EAP_METHOD_SIMPLE_TYPE_GTC:
 			eap = "gtc";
 			break;
+		case EAP_METHOD_SIMPLE_TYPE_PWD:
+			eap = "pwd";
+			break;
 		default:
 			g_assert_not_reached ();
 			break;
--- a/src/wireless-security/eap-method-simple.h	2014-06-25 17:29:52.062485040 +0200
+++ b/src/wireless-security/eap-method-simple.h	2014-06-25 17:30:05.246639770 +0200
@@ -30,6 +30,7 @@
 	EAP_METHOD_SIMPLE_TYPE_MSCHAP,
 	EAP_METHOD_SIMPLE_TYPE_MSCHAP_V2,
 	EAP_METHOD_SIMPLE_TYPE_MD5,
+	EAP_METHOD_SIMPLE_TYPE_PWD,
 	EAP_METHOD_SIMPLE_TYPE_CHAP,
 	EAP_METHOD_SIMPLE_TYPE_GTC
 } EAPMethodSimpleType;
--- a/src/wireless-security/wireless-security.c	2014-06-25 17:29:52.062485040 +0200
+++ b/src/wireless-security/wireless-security.c	2014-06-25 17:30:05.250639817 +0200
@@ -344,6 +344,7 @@
 	EAPMethodSimple *em_md5;
 	EAPMethodTLS *em_tls;
 	EAPMethodLEAP *em_leap;
+	EAPMethodSimple *em_pwd;
 	EAPMethodFAST *em_fast;
 	EAPMethodTTLS *em_ttls;
 	EAPMethodPEAP *em_peap;
@@ -410,7 +411,19 @@
 		if (default_method && (active < 0) && !strcmp (default_method, "leap"))
 			active = item;
 		item++;
-	}
+    }
+
+    em_pwd = eap_method_simple_new (sec, connection, EAP_METHOD_SIMPLE_TYPE_PWD,
+            FALSE, is_editor, secrets_only);
+    gtk_list_store_append (auth_model, &iter);
+    gtk_list_store_set (auth_model, &iter,
+            AUTH_NAME_COLUMN, _("PWD"),
+            AUTH_METHOD_COLUMN, em_pwd,
+            -1);
+    eap_method_unref (EAP_METHOD (em_pwd));
+    if (default_method && (active < 0) && !strcmp (default_method, "pwd"))
+        active = item;
+    item++;
 
 	em_fast = eap_method_fast_new (sec, connection, is_editor, secrets_only);
 	gtk_list_store_append (auth_model, &iter);

--- a/libnm-util/nm-setting-8021x.c	2014-04-24 17:18:15.000000000 +0200
+++ b/libnm-util/nm-setting-8021x.c	2014-06-25 17:19:43.331340827 +0200
@@ -2321,6 +2321,7 @@
 
 static EAPMethodsTable eap_methods_table[] = {
 	{ "leap", need_secrets_password, verify_identity },
+	{ "pwd", need_secrets_password, verify_identity },
 	{ "md5", need_secrets_password, verify_identity },
 	{ "pap", need_secrets_password, verify_identity },
 	{ "chap", need_secrets_password, verify_identity },
@@ -2445,7 +2446,7 @@
 {
 	NMSetting8021x *self = NM_SETTING_802_1X (setting);
 	NMSetting8021xPrivate *priv = NM_SETTING_802_1X_GET_PRIVATE (self);
-	const char *valid_eap[] = { "leap", "md5", "tls", "peap", "ttls", "sim", "fast", NULL };
+	const char *valid_eap[] = { "leap", "md5", "tls", "peap", "ttls", "sim", "fast", "pwd", NULL };
 	const char *valid_phase1_peapver[] = { "0", "1", NULL };
 	const char *valid_phase1_peaplabel[] = { "0", "1", NULL };
 	const char *valid_phase1_fast_pac[] = { "0", "1", "2", "3", NULL };
@@ -2937,7 +2938,7 @@
 	 * NMSetting8021x:eap:
 	 *
 	 * The allowed EAP method to be used when authenticating to the network with
-	 * 802.1x.  Valid methods are: "leap", "md5", "tls", "peap", "ttls", and
+	 * 802.1x.  Valid methods are: "leap", "md5", "tls", "peap", "ttls", "pwd" and
 	 * "fast".  Each method requires different configuration using the
 	 * properties of this object; refer to wpa_supplicant documentation for the
 	 * allowed combinations.
@@ -2949,7 +2950,7 @@
 							   "The allowed EAP method to be used when "
 							   "authenticating to the network with 802.1x. "
 							   "Valid methods are: 'leap', 'md5', 'tls', 'peap', "
-							   "'ttls', and 'fast'. Each method requires "
+							   "'ttls', 'pwd', and 'fast'. Each method requires "
 							   "different configuration using the properties of "
 							   "this setting; refer to wpa_supplicant "
 							   "documentation for the allowed combinations.",
--- a/src/settings/plugins/ifcfg-rh/reader.c	2014-04-24 17:18:15.000000000 +0200
+++ b/src/settings/plugins/ifcfg-rh/reader.c	2014-06-25 17:19:43.331340827 +0200
@@ -2664,6 +2664,7 @@
 	{ "mschap", eap_simple_reader, TRUE },
 	{ "mschapv2", eap_simple_reader, TRUE },
 	{ "leap", eap_simple_reader, FALSE },
+	{ "pwd", eap_simple_reader, FALSE },
 	{ "tls", eap_tls_reader, FALSE },
 	{ "peap", eap_peap_reader, FALSE },
 	{ "ttls", eap_ttls_reader, FALSE },
--- a/src/settings/plugins/ifnet/connection_parser.c	2014-04-24 17:18:15.000000000 +0200
+++ b/src/settings/plugins/ifnet/connection_parser.c	2014-06-25 17:19:43.331340827 +0200
@@ -112,6 +112,7 @@
 
 static EAPReader eap_readers[] = {
 	{"md5", eap_simple_reader, TRUE},
+	{"pwd", eap_simple_reader, TRUE},
 	{"pap", eap_simple_reader, TRUE},
 	{"chap", eap_simple_reader, TRUE},
 	{"mschap", eap_simple_reader, TRUE},
--- a/src/supplicant-manager/nm-supplicant-settings-verify.c	2014-04-24 17:18:15.000000000 +0200
+++ b/src/supplicant-manager/nm-supplicant-settings-verify.c	2014-06-25 17:19:43.331340827 +0200
@@ -74,7 +74,7 @@
                                     "NONE", NULL };
 const char * auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL };
 const char * eap_allowed[] =      { "LEAP", "MD5", "TLS", "PEAP", "TTLS", "SIM",
-                                    "PSK", "FAST", NULL };
+                                    "PSK", "FAST", "PWD", NULL };
 
 const char * phase1_allowed[] =   {"peapver=0", "peapver=1", "peaplabel=1",
                                     "peap_outer_success=0", "include_tls_length=1",

signature.asc
Description: This is a digitally signed message part