The passphrase is copied into the libdbus-owned outbound message buffer
and freed asynchronously by eldbus after the reply is sent — we cannot
wipe it ourselves. Callers already explicit_bzero their own copies; add
a comment so future readers don't mistake the missing wipe here for an
oversight.
Mirror the passphrase handling so the heap is consistent: explicit_bzero
the strdup'd SSID before free, and clear the SSID entry widget alongside
the passphrase entry. SSIDs aren't secret per se, but leaving identifiable
network names in freed memory after a hidden-network prompt is avoidable.
On _on_name_vanished the adapter hash is freed, so an in-flight
Set(Powered) reply that lands as a local error after disconnect would
deref a freed Iwd_Adapter. Mirror the pattern already used in
iwd_network.c / iwd_device.c: capture the manager pointer plus a
strdup'd path in a small reply context, free in the reply callback.
The confirmation popup captured Iwd_Network * raw, so if the network
disappeared from a scan refresh or iwd restart between opening the
dialog and clicking Forget, the click would UAF. Stash the object path
instead and re-resolve through the live network hash on click.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
A device can be removed (rfkill, hot-unplug, iwd restart) while a
Scan/Disconnect/ConnectHiddenNetwork/GetOrderedNetworks call is in
flight, after which the reply would dereference a freed Iwd_Device.
The manager outlives every sub-object and exposes the network hash
needed by GetOrderedNetworks, so pass it directly instead.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
If a Connect or Forget reply arrives after the Iwd_Network was freed
(network disappeared from a scan, iwd vanished mid-call), the callback
would dereference ctx->n->manager — use-after-free. The manager outlives
every sub-object, so capture it directly along with a strdup'd SSID;
the network back-ref isn't actually used for anything else.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The sources contain UTF-8 string literals (signal bars, ✕, ★, ✔, …).
Without an explicit charset, GCC honors LC_ALL/LANG at compile time,
so a build under a non-UTF-8 locale can mangle them. Probe the flags
with cc.get_supported_arguments so older/other compilers stay happy.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The button labels embed Unicode signal bars (▂▄▆█) and ★/✔ markers,
which screen readers announce as raw codepoints. Provide a spoken
label that conveys the same info as words.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The popup builds its network list inline in e_mod_popup.c and shows
status via labels there; these stubs were never wired up.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
evas_object_del would clean up the callback as a side effect, but
matching every add with an explicit del avoids relying on that ordering
and keeps the lifetime obvious to readers.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Both popup.c and gadget.c carried near-identical _state_label/_sec_label
helpers, with the gadget version using bare ints instead of the
Iwd_Security enum. Move to iwd/iwd_labels.{c,h} and use the enum
consistently.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
free() on memory returned by e_config_domain_load mixes allocators on
the stringshare member. Use eina_stringshare_replace to drop the
stringshared field and E_FREE for the struct.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
%.*s cuts at byte index, splitting multi-byte sequences and producing
broken glyphs followed by the ellipsis. Walk codepoints instead and
truncate at a codepoint boundary.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Static buffers in identity-like helpers are footguns: they're only safe
when consumed immediately and break when callers ever stash the pointer.
Take a caller-provided buffer instead.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Forget destroys the saved passphrase irreversibly. A stray click on
the ✕ next to a known network would wipe credentials with no recovery
and (until the previous commit) no error feedback either. Add an
elm_popup confirmation that names the SSID before invoking Forget.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Connect / Forget / Set(Powered) / Scan / Disconnect / RegisterAgent /
ConnectHidden previously discarded reply errors with NULL callbacks, so
"Connecting…" could hang forever after a refused call (rfkill, busy
adapter, another agent already registered, bad credentials on a known
network). The user had no way to see the failure.
Add iwd_manager_{report,last,clear}_error and wire reply callbacks in
adapter / device / network / agent. The popup status line now appends
the latest error to the state label, and user actions (rescan, toggle,
connect, disconnect) clear it.
Scan errors that mean "already in flight" are filtered out — they're
the normal race when two scan triggers fire close together.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Tell iwd to drop our registration during shutdown instead of relying
on NameOwnerChanged GC. Avoids spurious agent calls landing while the
service interface is being torn down. Fire-and-forget — the reply,
if any, is irrelevant.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
A static char[128] returned from _gc_id_new is overwritten on every
call, so multiple gadget instances would alias the same id once gadcon
compares or stores it. eina_stringshare_add gives each instance its
own stable id.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Wipe passphrase memory in the auth and hidden-network dialogs (explicit_bzero
on owned copies plus overwriting the elm_entry buffer before destruction) so
secrets don't linger on the heap. Bind the hidden-network passphrase stash to
its SSID with a 30s timeout, so a typo'd or out-of-range hidden connect can't
leak its passphrase to an unrelated network whose RequestPassphrase happens
to land first. Re-RegisterAgent on iwd NameOwnerChanged so PSK connects
survive systemctl restart iwd instead of silently hanging.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
In busy areas iwd emits hundreds of PropertiesChanged per second during
scans; each one synchronously rebuilt the popup list and froze the whole
compositor. Schedule a single job per main-loop tick instead.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces the Phase 0 placeholder with a full project README covering
features, architecture, build/install, runtime requirements, usage,
configuration, and known gaps.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When connected, picks the icon from the active network's signal tier
(network-wireless-signal-{none,weak,ok,good,excellent}) instead of
hardcoding the excellent tier. Tooltip shows SSID/security/signal when
connected, or the current state otherwise. Right-click opens the
settings dialog via e_iwd_config_dialog_show.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds the basic settings UI: auto-connect / show-hidden checkboxes,
signal refresh interval slider, preferred-adapter entry. Apply writes
into e_iwd_config and persists via e_iwd_config_save(). Hooked from
the gadget right-click menu in the next change.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds the long-missing user-visible affordances:
- Disconnect button (visible while connected)
- Per-row Forget (✕) button on known networks
- Hidden... button + wifi_hidden_prompt → Station.ConnectHiddenNetwork,
with one-shot passphrase pre-arming so the agent answers iwd
automatically without re-prompting.
- Signal-tier bars in network rows; sort prefers stronger signals
within the same known/unknown class.
- iwd Agent.Cancel now tears down any open auth dialog (cancel
handler installed at module init via the new manager hook).
wifi_auth_prompt now returns the popup widget so the cancel path can
dismiss it externally.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
wifi_auth_prompt now takes an optional human-readable security string
("WPA", "WEP", ...) shown above the entry, so the user knows what kind
of credential is being asked for. Popup passes the network's security
type when issuing the prompt.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Modal SSID + optional passphrase prompt with the same callback shape as
wifi_auth_prompt. Used by the upcoming popup "Hidden..." button.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
iwd's Cancel(reason) now invokes a UI callback (registered via
iwd_manager_set_cancel_handler) so the popup can tear down an open
auth dialog. Stubbed RequestPrivateKeyPassphrase /
RequestUserNameAndPassword / RequestUserPassword to return Canceled
instead of leaving them unimplemented (which would unregister us).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Async D-Bus call with error logged on failure. Backend support for the
upcoming Hidden Network UI affordance.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds Iwd_Network.signal_dbm/have_signal and a signal_tier helper, and
calls Station.GetOrderedNetworks on station attach and on scan
completion to populate them. Enables signal-aware UI affordances.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Drop the diagnostic logs added during adapter/scan/connect
debugging — the wire flow is now well-understood, so the noise
isn't worth keeping. Also delete iwd_device_set_powered (and the
adapter_obj/adapter_proxy fields it relied on); manager.set_powered
goes through Iwd_Adapter directly, so the device-side fallback is
unreachable.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Network.Connect now uses an async reply callback so polkit /
authentication / iwd-side errors land on stderr instead of being
swallowed. Add a minimal RPM spec for packaging.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Promote Adapter to a first-class manager object (Iwd_Adapter with
PropertiesChanged subscription). iwd_manager_set_powered now drives
the adapter directly, so Enable still works after Disable has torn
down the device hash. State recomputation also looks at any
powered adapter, and the popup hides the network list while
state == IWD_STATE_OFF.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Versioned descriptor for E_Iwd_Config with auto_connect, show_hidden,
refresh_interval and preferred_adapter; load/save against the
"module.iwd" domain. Stale or missing config falls back to defaults.
The settings dialog UI is still a stub.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
e_gadcon_popup hosts a status label, a scrollable list of networks
(snapshotted from iwd_manager and sorted: connected → known → alpha),
and Rescan/Enable/Disable action buttons. Clicking a network calls
Network.Connect; iwd then asks our Agent for a passphrase, which is
routed to a modal elm_popup via iwd_manager_set_passphrase_handler.
The passphrase handler is installed at module init so iwd-initiated
auth works even when the popup is closed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Register an "iwd" gadcon client; each instance carries an elm_icon
that swaps freedesktop standard names based on Iwd_State.
Click toggles the (still stubbed) popup. Listener on iwd_manager
refreshes every active instance on state changes.
E 0.27 only ships the legacy gadcon API (no e_gadget header), so
this targets gadcon for compatibility.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Export net.connman.iwd.Agent at /net/eiwd/agent and register it via
AgentManager. RequestPassphrase replies are deferred so the UI can
prompt asynchronously; the manager exposes
iwd_manager_set_passphrase_handler for the UI layer to plug in.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
iwd_dbus watches net.connman.iwd name ownership, calls
GetManagedObjects, and dispatches InterfacesAdded/Removed to a
callback consumer. iwd_manager owns hashes of Iwd_Device and
Iwd_Network keyed by object path; sub-objects subscribe to their
PropertiesChanged signals via Eldbus and ping the manager so
listeners can refresh. Aggregated state (off/idle/scanning/
connecting/connected) is recomputed from the active station.
iwd_device exposes Powered toggle plus Station Scan/Disconnect.
iwd_network calls Network.Connect() (the iwd Agent will be wired
in next) and Forget via the referenced KnownNetwork object.
Builds against EFL 1.28 / Enlightenment 0.27.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Meson build, module entry points, and stub layout for the iwd backend
(D-Bus client, gadget, popup, config, UI widgets). Bodies are TODOs;
this compiles against EFL/E headers but performs no D-Bus work yet.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
