[Sugar-devel] [PATCH v2][sucrose-0.94][RFC] Add capability to connect to WPA/WPA2-Enterprise networks

Anish Mangal anish at activitycentral.com
Fri Dec 9 06:31:56 EST 2011


Minor change over the previous version so that the XO is able to 
reconnect to the enterprise network after a suspend-resume cycle.

On Fri 09 Dec 2011 04:57:54 PM IST, Anish Mangal wrote:
> From: Ajay Garg <ajay at sugarlabs.org>
>
> As per user-workflow, there is no difference :-
> ---------------------------------------------------------------
>
> 1a. The (WPA/WPA2-Enterprise) network-icon is available on the
> neighbourhood-view.
> 1b. Upon clicking the network-icon, a popup dialog appears, asking for
>     parameters.
> 1c. Upon clicking ok, the connection is made (shown by the
>     'Network-Connected'-icon in the tray).
>
> 2. If the connection is made successfully, the network-profile is saved
>    in "connections.cfg". From next reboot onwards, the connection is made
>     automatically.
>
> Configurations :-
> ------------------------
>
> Following configurations have been tested to work :
> 1. Tunnelled TLS (TTLS)
> 2. Protected EAP (PEAP)
>
> Following configurations are still to be tested :
> 1. LEAP (seems that it requires support from the access-point).
> 2. TLS  (the testing couldn't be done, even with nm-applet. Would
>    like to hear if anyone gets it working with nm-applet, since the
>    sugar-parameters-UI is modelled on nm-applet-UI.)
>
> The patch contains the UI-frontend code for entering all 4
> configuration parameters (modelled on nm-applet's "Connect
> to Hidden Wireless Network" -> "WPA/WPA2 Enterprise".
>
> Signed-off-by: Ajay Garg <ajay at activitycentral.com>
> Tested-by: Anish Mangal <anish at activitycentral.com>
> Signed-off-by: Anish Mangal <anish at activitycentral.com>
> ---
>  src/jarabe/desktop/keydialog.py    |  174 +++++++++++++++++++++++++-
>  src/jarabe/desktop/networkviews.py |  248 +++++++++++++++++++++++++++++++++++-
>  src/jarabe/model/network.py        |   22 +++-
>  3 files changed, 437 insertions(+), 7 deletions(-)
>
> diff --git a/src/jarabe/desktop/keydialog.py b/src/jarabe/desktop/keydialog.py
> index c72f498..53745df 100644
> --- a/src/jarabe/desktop/keydialog.py
> +++ b/src/jarabe/desktop/keydialog.py
> @@ -32,6 +32,10 @@ WEP_PASSPHRASE = 1
>  WEP_HEX = 2
>  WEP_ASCII = 3
>  
> +SETTING_TYPE_STRING = 1
> +SETTING_TYPE_LIST = 2
> +
> +
>  
>  def string_is_hex(key):
>      is_hex = True
> @@ -120,6 +124,158 @@ class KeyDialog(gtk.Dialog):
>          return self._response
>  
>  
> +# Plain Old Python Object (POPO)
> +class NetworkParametersPOPO(gtk.HBox):
> +    def __init__(self, auth_param):
> +        gtk.HBox.__init__(self, homogeneous=True)
> +        self._key = auth_param._key_name
> +        self._label = gtk.Label(_(auth_param._key_label))
> +        self._key_type = auth_param._key_type
> +
> +        # Decide, if we need to show a 'entry',
> +        # or a 'list-store'
> +        if len(auth_param._options) == 0:
> +            self._show_entry = True
> +        else:
> +            self._show_entry = False
> +
> +        self.pack_start(self._label)
> +        self._label.show()
> +
> +        if self._show_entry:
> +            self._entry = gtk.Entry()
> +            self.pack_start(self._entry)
> +            self._entry.show()
> +        else:
> +            self._option_store = gtk.ListStore(str, str)
> +            for option in auth_param._options:
> +                self._option_store.append(option)
> +
> +            self._list_store_entry = auth_param._options[0][1]
> +            self._option_combo = gtk.ComboBox(self._option_store)
> +            cell = gtk.CellRendererText()
> +            self._option_combo.pack_start(cell, True)
> +            self._option_combo.add_attribute(cell, 'text', 0)
> +            self._option_combo.set_active(0)
> +            self._option_combo.connect('changed',
> +                    self._option_combo_changed_cb)
> +            self.pack_start(self._option_combo)
> +            self.show()
> +            self._option_combo.show()
> +
> +    def _option_combo_changed_cb(self, widget):
> +        it = self._option_combo.get_active_iter()
> +        (value, ) = self._option_store.get(it, 1)
> +        self._list_store_entry = value
> +
> +    def _get_key(self):
> +        return self._key
> +
> +    def _get_value(self):
> +        if self._show_entry:
> +            return self._entry.get_text()
> +        else:
> +            return self._list_store_entry
> +
> +
> +class KeyValuesDialog(gtk.Dialog):
> +    def __init__(self, auth_lists, final_callback, uuid, settings):
> +        gtk.Dialog.__init__(self, flags=gtk.DIALOG_MODAL)
> +        self.set_title(_('Wireless Parameters required'))
> +
> +        self._auth_lists = auth_lists
> +        self._final_callback = final_callback
> +        self._uuid = uuid
> +        self._settings = settings
> +
> +        label = gtk.Label(_("Please enter parameters\n"))
> +        self.vbox.pack_start(label)
> +
> +        self._auth_type_store = gtk.ListStore(str, str)
> +        for auth_list in self._auth_lists:
> +            self._auth_type_store.append([auth_list._auth_label,
> +                                          auth_list._auth_type])
> +
> +        self._auth_type_combo = gtk.ComboBox(self._auth_type_store)
> +        cell = gtk.CellRendererText()
> +        self._auth_type_combo.pack_start(cell, True)
> +        self._auth_type_combo.add_attribute(cell, 'text', 0)
> +        self._auth_type_combo.set_active(0)
> +        self._auth_type_combo.connect('changed',
> +                self._auth_type_combo_changed_cb)
> +        self._auth_type_box = gtk.HBox(homogeneous=True)
> +        self._auth_label = gtk.Label(_('Authentication'))
> +        self._auth_type_box.pack_start(self._auth_label, expand=False)
> +        self._auth_type_box.pack_start(self._auth_type_combo,
> +                                       expand=False)
> +        self.vbox.pack_start(self._auth_type_box)
> +        self._auth_label.show()
> +        self._auth_type_combo.show()
> +
> +        self.add_buttons(gtk.STOCK_OK, gtk.RESPONSE_OK)
> +        self.set_default_response(gtk.RESPONSE_OK)
> +        self.set_has_separator(True)
> +
> +        self.connect('response', self._fetch_values)
> +
> +        auth_type = self._auth_lists[0]._auth_type
> +        self._selected_auth_list = self._select_auth_list(auth_type)
> +        self._add_key_value('eap', auth_type)
> +        self._add_container_box()
> +
> +    def _auth_type_combo_changed_cb(self, widget):
> +        it = self._auth_type_combo.get_active_iter()
> +        (auth_type, ) = self._auth_type_store.get(it, 1)
> +        self._selected_auth_list = self._select_auth_list(auth_type)
> +        self._add_key_value('eap', auth_type)
> +        self._reset()
> +
> +    def _select_auth_list(self, auth_type):
> +        for auth_list in self._auth_lists:
> +            if auth_list._params_list[0]._options[0][1] == auth_type:
> +                return auth_list
> +
> +    def _populate_auth_params(self, auth_list):
> +        for auth_param in auth_list._params_list[1:]:
> +            obj = NetworkParametersPOPO(auth_param)
> +            self._key_values_box.pack_start(obj)
> +            obj.show()
> +
> +    def _reset(self):
> +        self.vbox.remove(self._key_values_box)
> +        self._add_container_box()
> +
> +    def _add_container_box(self):
> +        self._key_values_box = gtk.VBox()
> +        self.vbox.pack_start(self._key_values_box)
> +        self._key_values_box.show()
> +        self._populate_auth_params(self._selected_auth_list)
> +
> +    def _remove_all_params(self):
> +        self._key_values_box.remove_all()
> +
> +    def _fetch_values(self, key_dialog, response_id):
> +        if response_id == gtk.RESPONSE_OK:
> +            for child in self._key_values_box.get_children():
> +                key = child._get_key()
> +                value = child._get_value()
> +                self._add_key_value(key, value)
> +
> +            key_dialog.destroy()
> +            self._final_callback(self._uuid, self._settings,
> +                                 self._selected_auth_list)
> +
> +    def _add_key_value(self, key, value):
> +        for auth_param in self._selected_auth_list._params_list:
> +            if auth_param._key_name == key:
> +                if auth_param._key_type == SETTING_TYPE_STRING:
> +                    auth_param._value = value
> +                elif auth_param._key_type == SETTING_TYPE_LIST:
> +                    values = []
> +                    values.append(value)
> +                    auth_param._value = values
> +
> +
>  class WEPKeyDialog(KeyDialog):
>      def __init__(self, ssid, flags, wpa_flags, rsn_flags, dev_caps, settings,
>                   response):
> @@ -218,7 +374,7 @@ class WEPKeyDialog(KeyDialog):
>          self.set_response_sensitive(gtk.RESPONSE_OK, valid)
>  
>  
> -class WPAKeyDialog(KeyDialog):
> +class WPAPersonalKeyDialog(KeyDialog):
>      def __init__(self, ssid, flags, wpa_flags, rsn_flags, dev_caps, settings,
>                   response):
>          KeyDialog.__init__(self, ssid, flags, wpa_flags, rsn_flags,
> @@ -296,14 +452,26 @@ def create(ssid, flags, wpa_flags, rsn_flags, dev_caps, settings, response):
>              rsn_flags == network.NM_802_11_AP_SEC_NONE:
>          key_dialog = WEPKeyDialog(ssid, flags, wpa_flags, rsn_flags,
>                                    dev_caps, settings, response)
> -    else:
> -        key_dialog = WPAKeyDialog(ssid, flags, wpa_flags, rsn_flags,
> +    elif (wpa_flags & network.NM_802_11_AP_SEC_KEY_MGMT_PSK) or \
> +            (rsn_flags & network.NM_802_11_AP_SEC_KEY_MGMT_PSK):
> +        key_dialog = WPAPersonalKeyDialog(ssid, flags, wpa_flags, rsn_flags,
>                                    dev_caps, settings, response)
> +    elif (wpa_flags & network.NM_802_11_AP_SEC_KEY_MGMT_802_1X) or \
> +            (rsn_flags & network.NM_802_11_AP_SEC_KEY_MGMT_802_1X):
> +        # nothing. All details are asked for WPA/WPA2-Enterprise
> +        # networks, before the conneection-activation is done.
> +        return
>  
>      key_dialog.connect('response', _key_dialog_response_cb)
>      key_dialog.show_all()
>  
>  
> +def get_key_values(key_list, final_callback, uuid, settings):
> +    key_dialog = KeyValuesDialog(key_list, final_callback,
> +                                 uuid, settings)
> +    key_dialog.show_all()
> +
> +
>  def _key_dialog_response_cb(key_dialog, response_id):
>      response = key_dialog.get_response_object()
>      secrets = None
> diff --git a/src/jarabe/desktop/networkviews.py b/src/jarabe/desktop/networkviews.py
> index 2fb8593..738a142 100644
> --- a/src/jarabe/desktop/networkviews.py
> +++ b/src/jarabe/desktop/networkviews.py
> @@ -22,6 +22,7 @@ import hashlib
>  
>  import dbus
>  import glib
> +import string
>  
>  from sugar.graphics.icon import Icon
>  from sugar.graphics.xocolor import XoColor
> @@ -56,6 +57,189 @@ _OLPC_MESH_ICON_NAME = 'network-mesh'
>  
>  _FILTERED_ALPHA = 0.33
>  
> +SETTING_TYPE_STRING = 1
> +SETTING_TYPE_LIST = 2
> +
> +
> +class AuthenticationType:
> +    def __init__(self, auth_label, auth_type, params_list):
> +        self._auth_label = auth_label
> +        self._auth_type = auth_type
> +        self._params_list = params_list
> +
> +
> +class AuthenticationParameter:
> +    def __init__(self, key_name, key_label, key_type,
> +                       options):
> +        self._key_name = key_name
> +        self._key_label = key_label
> +        self._key_type = key_type
> +        self._options = options
> +        self._value = None
> +
> +AUTHENTICATION_LIST = \
> +        [
> +                AuthenticationType('TLS',
> +                                   'tls',
> +                                          [
> +                                                AuthenticationParameter(
> +                                                  'eap',
> +                                                  'Authentication',
> +                                                  SETTING_TYPE_LIST,
> +                                                  [['TLS', 'tls']]
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'identity',
> +                                                  'Identity',
> +                                                  SETTING_TYPE_STRING,
> +                                                  []
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'client_cert',
> +                                                  'User certificate',
> +                                                  SETTING_TYPE_STRING,
> +                                                  []
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'ca_cert',
> +                                                  'CA certificate',
> +                                                  SETTING_TYPE_STRING,
> +                                                  []
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'private_key',
> +                                                  'Private key',
> +                                                  SETTING_TYPE_STRING,
> +                                                  []
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'private_key_password',
> +                                                  'Private Key password',
> +                                                  SETTING_TYPE_STRING,
> +                                                  []
> +                                                  )
> +                                           ]
> +                                 ),
> +                AuthenticationType('LEAP',
> +                                   'leap',
> +                                          [
> +                                                AuthenticationParameter(
> +                                                  'eap',
> +                                                  'Authentication',
> +                                                  SETTING_TYPE_LIST,
> +                                                  [['LEAP', 'leap']]
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'identity',
> +                                                  'Username',
> +                                                  SETTING_TYPE_STRING,
> +                                                  []
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'password',
> +                                                  'Password',
> +                                                  SETTING_TYPE_STRING,
> +                                                  []
> +                                                  )
> +                                           ]
> +                                 ),
> +                AuthenticationType('Tunnelled TLS',
> +                                   'ttls',
> +                                          [
> +                                                AuthenticationParameter(
> +                                                  'eap',
> +                                                  'Authentication',
> +                                                  SETTING_TYPE_LIST,
> +                                                  [['Tunnelled TLS', 'ttls']]
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'anonymous_identity',
> +                                                  'Anonymous identity',
> +                                                  SETTING_TYPE_STRING,
> +                                                  []
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'ca_cert',
> +                                                  'CA certificate',
> +                                                  SETTING_TYPE_STRING,
> +                                                  []
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'phase2_auth',
> +                                                  'Inner Authentication',
> +                                                  SETTING_TYPE_STRING,
> +                                                  [['PAP', 'pap'],
> +                                                   ['MSCHAP', 'mschap'],
> +                                                   ['MSCHAPv2', 'mschapv2'],
> +                                                   ['CHAP', 'chap']]
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'identity',
> +                                                  'Username',
> +                                                  SETTING_TYPE_STRING,
> +                                                  []
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'password',
> +                                                  'Password',
> +                                                  SETTING_TYPE_STRING,
> +                                                  []
> +                                                  )
> +                                           ]
> +                                 ),
> +                AuthenticationType('Protected EAP (PEAP)',
> +                                   'peap',
> +                                          [
> +                                                AuthenticationParameter(
> +                                                  'eap',
> +                                                  'Authentication',
> +                                                  SETTING_TYPE_LIST,
> +                                                  [['Protected EAP (PEAP)', 'peap']]
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'anonymous_identity',
> +                                                  'Anonymous identity',
> +                                                  SETTING_TYPE_STRING,
> +                                                  []
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'ca_cert',
> +                                                  'CA certificate',
> +                                                  SETTING_TYPE_STRING,
> +                                                  []
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'peap_version',
> +                                                  'PEAP version',
> +                                                  SETTING_TYPE_STRING,
> +                                                  [['Automatic', ''],
> +                                                   ['Version 0', '0'],
> +                                                   ['Version 1', '1']]
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'phase2_auth',
> +                                                  'Inner Authentication',
> +                                                  SETTING_TYPE_STRING,
> +                                                  [['MSCHAPv2', 'mschapv2'],
> +                                                   ['MD5', 'md5'],
> +                                                   ['GTC', 'gtc']]
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'identity',
> +                                                  'Username',
> +                                                  SETTING_TYPE_STRING,
> +                                                  []
> +                                                  ),
> +                                                AuthenticationParameter(
> +                                                  'password',
> +                                                  'Password',
> +                                                  SETTING_TYPE_STRING,
> +                                                  []
> +                                                  )
> +                                           ]
> +                                 )
> +        ]
> +
>  
>  class WirelessNetworkView(CanvasPulsingIcon):
>      def __init__(self, initial_ap):
> @@ -340,6 +524,62 @@ class WirelessNetworkView(CanvasPulsingIcon):
>              wireless_security.group = group
>              return wireless_security
>  
> +        if (self._rsn_flags & network.NM_802_11_AP_SEC_KEY_MGMT_802_1X) and \
> +                (self._device_caps & network.NM_802_11_DEVICE_CAP_RSN):
> +            # WPA2 Enterprise
> +            pairwise = self._add_ciphers_from_flags(self._rsn_flags, True)
> +            group = self._add_ciphers_from_flags(self._rsn_flags, False)
> +            wireless_security = WirelessSecurity()
> +            wireless_security.key_mgmt = 'wpa-eap'
> +            wireless_security.proto = 'rsn'
> +            wireless_security.pairwise = pairwise
> +            wireless_security.group = group
> +            return wireless_security
> +
> +        if (self._wpa_flags & network.NM_802_11_AP_SEC_KEY_MGMT_802_1X) and \
> +                (self._device_caps & network.NM_802_11_DEVICE_CAP_WPA):
> +            # WPA Enterprise
> +            pairwise = self._add_ciphers_from_flags(self._wpa_flags, True)
> +            group = self._add_ciphers_from_flags(self._wpa_flags, False)
> +            wireless_security = WirelessSecurity()
> +            wireless_security.key_mgmt = 'wpa-eap'
> +            wireless_security.proto = 'wpa'
> +            wireless_security.pairwise = pairwise
> +            wireless_security.group = group
> +            return wireless_security
> +
> +    def _enter_additional_settings_and_secrets_and_then_activate(self,
> +            uuid, settings, wireless_security):
> +        # this is valid, only for "ieee8021x" or "wpa-eap" key
> +        # management.
> +        if (wireless_security.key_mgmt == 'ieee8021x') or \
> +                (wireless_security.key_mgmt == 'wpa-eap'):
> +            keydialog.get_key_values(AUTHENTICATION_LIST,
> +                                     self.__add_and_activate_connection,
> +                                     uuid, settings)
> +        else:
> +            self.__add_and_activate_connection(uuid, settings)
> +
> +    def __add_and_activate_connection(self, uuid, settings,
> +                                      additional_settings=None):
> +
> +        if additional_settings is not None:
> +            key_value_dict = {}
> +            auth_params_list = additional_settings._params_list
> +
> +            for auth_param in auth_params_list:
> +                key = auth_param._key_name
> +                value = auth_param._value
> +                print 'key == ' + key
> +                print 'value == '
> +                print value
> +                key_value_dict[key] = value
> +
> +            settings.wpa_eap_setting = key_value_dict
> +
> +        connection = network.add_connection(uuid, settings)
> +        self._activate_connection(connection)
> +
>      def __connect_activate_cb(self, icon):
>          self._connect()
>  
> @@ -350,8 +590,10 @@ class WirelessNetworkView(CanvasPulsingIcon):
>          connection = network.find_connection_by_ssid(self._name)
>          if connection is None:
>              settings = Settings()
> +            self._settings = settings
>              settings.connection.id = 'Auto ' + self._name
>              uuid = settings.connection.uuid = unique_id()
> +            self._uuid = uuid
>              settings.connection.type = '802-11-wireless'
>              settings.wireless.ssid = self._name
>  
> @@ -370,8 +612,12 @@ class WirelessNetworkView(CanvasPulsingIcon):
>              if wireless_security is not None:
>                  settings.wireless.security = '802-11-wireless-security'
>  
> -            connection = network.add_connection(uuid, settings)
> +            self._enter_additional_settings_and_secrets_and_then_activate(uuid,
> +                    settings, wireless_security)
> +        else:
> +            self._activate_connection(connection)
>  
> +    def _activate_connection(self, connection):
>          obj = self._bus.get_object(_NM_SERVICE, _NM_PATH)
>          netmgr = dbus.Interface(obj, _NM_IFACE)
>  
> diff --git a/src/jarabe/model/network.py b/src/jarabe/model/network.py
> index f265ae4..2f8295e 100644
> --- a/src/jarabe/model/network.py
> +++ b/src/jarabe/model/network.py
> @@ -418,6 +418,7 @@ class Settings(object):
>          self.connection = Connection()
>          self.ip4_config = None
>          self.wireless_security = None
> +        self.wpa_eap_setting = None
>  
>          if wireless_cfg is not None:
>              self.wireless = wireless_cfg
> @@ -433,6 +434,10 @@ class Settings(object):
>                  self.wireless_security.get_dict()
>          if self.ip4_config is not None:
>              settings['ipv4'] = self.ip4_config.get_dict()
> +        if self.wpa_eap_setting is not None:
> +            settings['802-1x'] = self.wpa_eap_setting
> +
> +
>          return settings
>  
>  
> @@ -653,6 +658,9 @@ class NMSettingsConnection(dbus.service.Object):
>                  if self._settings.wireless.security is not None:
>                      config.set(identifier, 'security',
>                                 self._settings.wireless.security)
> +                if self._settings.wpa_eap_setting is not None:
> +                    config.set(identifier, 'wpa_eap_setting',
> +                               self._settings.wpa_eap_setting)
>              if self._secrets is not None:
>                  if self._settings.wireless_security.key_mgmt == 'none':
>                      config.set(identifier, 'key', self._secrets.wep_key)
> @@ -895,13 +903,21 @@ def load_wifi_connections():
>                  settings.wireless_security.key_mgmt = mgmt
>                  security = config.get(section, 'security')
>                  settings.wireless.security = security
> -                key = config.get(section, 'key')
>                  if mgmt == 'none':
> +                    key = config.get(section, 'key')
>                      secrets.wep_key = key
>                      auth_alg = config.get(section, 'auth-alg')
>                      secrets.auth_alg = auth_alg
> -                elif mgmt == 'wpa-psk':
> -                    secrets.psk = key
> +                elif (mgmt == 'wpa-psk') or (mgmt == 'wpa-eap'):
> +                    if mgmt == 'wpa-psk':
> +                        key = config.get(section, 'key')
> +                        secrets.psk = key
> +                    elif mgmt == 'wpa-eap':
> +                        if config.has_option(section,
> +                                             'wpa_eap_setting'):
> +                            value = eval(config.get(section,
> +                                               'wpa_eap_setting'))
> +                            settings.wpa_eap_setting = value
>                      if config.has_option(section, 'proto'):
>                          value = config.get(section, 'proto')
>                          settings.wireless_security.proto = value



-- 
Anish Mangal
Dextrose Project Manager
Activity Central


More information about the Sugar-devel mailing list