fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-06 20:10:17 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

2008-08-11 Dan Williams <dcbw@redhat.com>

Browse source 
Update to match NM svn3924 vpn setting changes; verify options better;
	return more informative errors on VPN launch failures; change some config
	options (tap-dev, proto-tcp, connection-type) to better reflect their
	usage.



git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3926 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
This commit is contained in:
Dan Williams 2008-08-11 17:16:52 +00:00
parent 3113ba4bcf
commit 944e9e5b6d
9 changed files with 507 additions and 566 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
vpn-daemons/openvpn/ChangeLog
View file

@ -1,3 +1,10 @@
2008-08-11 Dan Williams <dcbw@redhat.com>
Update to match NM svn3924 vpn setting changes; verify options better;
return more informative errors on VPN launch failures; change some config
options (tap-dev, proto-tcp, connection-type) to better reflect their
usage.
2008-08-08 Dan Williams <dcbw@redhat.com>
* src/nm-openvpn-service.c

71
vpn-daemons/openvpn/auth-dialog/main.c
View file

@ -32,6 +32,8 @@
#include <libgnomeui/libgnomeui.h>
#include <gconf/gconf-client.h>
#include <gnome-keyring.h>
#include <nm-setting-vpn.h>
#include <nm-setting-connection.h>
#include "../src/nm-openvpn-service.h"
#include "gnome-two-password-dialog.h"
@ -129,6 +131,7 @@ save_vpn_password (PasswordsInfo *info, const char *keyring)
}
}
#define PROC_TYPE_TAG "Proc-Type: 4,ENCRYPTED"
/** Checks if a key is encrypted
* The key file is read and it is checked if it contains a line reading
@ -140,27 +143,24 @@ save_vpn_password (PasswordsInfo *info, const char *keyring)
static gboolean
pem_is_encrypted (const char *filename)
{
GIOChannel *pem_chan;
char *str = NULL;
gboolean encrypted = FALSE;
pem_chan = g_io_channel_new_file (filename, "r", NULL);
if ( pem_chan == NULL ) {
// We don't know
if (!pem_chan)
return FALSE;
}
while ( ! encrypted && (g_io_channel_read_line (pem_chan, &str, NULL, NULL, NULL) != G_IO_STATUS_EOF) ) {
if ( strstr (str, "Proc-Type: 4,ENCRYPTED") == str ) {
// encrypted!
while (g_io_channel_read_line (pem_chan, &str, NULL, NULL, NULL) != G_IO_STATUS_EOF) {
if (strncmp (str, PROC_TYPE_TAG, strlen (PROC_TYPE_TAG)) == 0) {
encrypted = TRUE;
break;
}
g_free (str);
}
g_io_channel_shutdown (pem_chan, FALSE, NULL);
g_object_unref (pem_chan);
return encrypted;
}
@ -270,7 +270,12 @@ get_password_types (PasswordsInfo *info)
return FALSE;
for (iter = conf_list; iter; iter = iter->next) {
key = g_strconcat ((char *) iter->data, "/connection/type", NULL);
const char *path = (const char *) iter->data;
key = g_strdup_printf ("%s/%s/%s",
path,
NM_SETTING_CONNECTION_SETTING_NAME,
NM_SETTING_CONNECTION_TYPE);
str = gconf_client_get_string (gconf_client, key, NULL);
g_free (key);
@ -279,7 +284,10 @@ get_password_types (PasswordsInfo *info)
continue;
}
key = g_strconcat ((char *) iter->data, "/connection/id", NULL);
key = g_strdup_printf ("%s/%s/%s",
path,
NM_SETTING_CONNECTION_SETTING_NAME,
NM_SETTING_CONNECTION_ID);
str = gconf_client_get_string (gconf_client, key, NULL);
g_free (key);
@ -289,7 +297,7 @@ get_password_types (PasswordsInfo *info)
}
/* Woo, found the connection */
connection_path = g_strdup ((char *) iter->data);
connection_path = g_strdup (path);
break;
}
@ -297,37 +305,32 @@ get_password_types (PasswordsInfo *info)
g_slist_free (conf_list);
if (connection_path) {
int connection_type;
const char *connection_type;
key = g_strconcat (connection_path, "/vpn-properties/connection-type", NULL);
connection_type = gconf_client_get_int (gconf_client, key, NULL);
key = g_strdup_printf ("%s/%s/%s", connection_path, NM_SETTING_VPN_SETTING_NAME,
NM_OPENVPN_KEY_CONNECTION_TYPE);
connection_type = gconf_client_get_string (gconf_client, key, NULL);
g_free (key);
switch (connection_type) {
case NM_OPENVPN_CONTYPE_PASSWORD_TLS:
info->need_password = TRUE;
/* Fall through */
case NM_OPENVPN_CONTYPE_TLS:
if ( !strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS)
|| !strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
success = TRUE;
key = g_strconcat (connection_path, "/vpn-properties/", NM_OPENVPN_KEY_KEY, NULL);
if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS))
info->need_password = TRUE;
key = g_strdup_printf ("%s/%s/%s", connection_path, NM_SETTING_VPN_SETTING_NAME,
NM_OPENVPN_KEY_KEY);
str = gconf_client_get_string (gconf_client, key, NULL);
g_free (key);
if (str) {
if (str)
info->need_certpass = pem_is_encrypted (str);
g_free (str);
}
break;
case NM_OPENVPN_CONTYPE_STATIC_KEY:
g_free (str);
g_free (key);
} else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_STATIC_KEY)) {
success = TRUE;
break;
case NM_OPENVPN_CONTYPE_PASSWORD:
} else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD)) {
success = TRUE;
info->need_password = TRUE;
break;
default:
/* Invalid connection type */
break;
}
g_free (connection_path);

308
vpn-daemons/openvpn/properties/auth-helpers.c
View file

@ -30,6 +30,7 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <glib/gi18n-lib.h>
@ -40,14 +41,14 @@
void
tls_pw_init_auth_widget (GladeXML *xml,
GtkSizeGroup *group,
NMSettingVPNProperties *s_vpn_props,
gint contype,
NMSettingVPN *s_vpn,
const char *contype,
const char *prefix,
ChangedCallback changed_cb,
gpointer user_data)
{
GtkWidget *widget;
GValue *value;
const char *value;
char *tmp;
GtkFileFilter *filter;
@ -68,13 +69,13 @@ tls_pw_init_auth_widget (GladeXML *xml,
_("Choose a Certificate Authority certificate..."));
g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data);
if (s_vpn_props && s_vpn_props->data) {
value = g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_CA);
if (value && G_VALUE_HOLDS_STRING (value))
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), g_value_get_string (value));
if (s_vpn && s_vpn->data) {
value = g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_CA);
if (value && strlen (value))
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
}
if (contype == NM_OPENVPN_CONTYPE_TLS || contype == NM_OPENVPN_CONTYPE_PASSWORD_TLS) {
if (!strcmp (contype, NM_OPENVPN_CONTYPE_TLS) || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
tmp = g_strdup_printf ("%s_user_cert_chooser", prefix);
widget = glade_xml_get_widget (xml, tmp);
g_free (tmp);
@ -87,10 +88,10 @@ tls_pw_init_auth_widget (GladeXML *xml,
_("Choose your personal certificate..."));
g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data);
if (s_vpn_props && s_vpn_props->data) {
value = g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_CERT);
if (value && G_VALUE_HOLDS_STRING (value))
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), g_value_get_string (value));
if (s_vpn && s_vpn->data) {
value = g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_CERT);
if (value && strlen (value))
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
}
tmp = g_strdup_printf ("%s_private_key_chooser", prefix);
@ -105,23 +106,23 @@ tls_pw_init_auth_widget (GladeXML *xml,
_("Choose your private key..."));
g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data);
if (s_vpn_props && s_vpn_props->data) {
value = g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_KEY);
if (value && G_VALUE_HOLDS_STRING (value))
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), g_value_get_string (value));
if (s_vpn && s_vpn->data) {
value = g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_KEY);
if (value && strlen (value))
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
}
}
if (contype == NM_OPENVPN_CONTYPE_PASSWORD || contype == NM_OPENVPN_CONTYPE_PASSWORD_TLS) {
if (!strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD) || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
tmp = g_strdup_printf ("%s_username_entry", prefix);
widget = glade_xml_get_widget (xml, tmp);
g_free (tmp);
gtk_size_group_add_widget (group, widget);
if (s_vpn_props && s_vpn_props->data) {
value = g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_USERNAME);
if (value && G_VALUE_HOLDS_STRING (value))
gtk_entry_set_text (GTK_ENTRY (widget), g_value_get_string (value));
if (s_vpn && s_vpn->data) {
value = g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_USERNAME);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (changed_cb), user_data);
}
@ -133,12 +134,12 @@ tls_pw_init_auth_widget (GladeXML *xml,
void
sk_init_auth_widget (GladeXML *xml,
GtkSizeGroup *group,
NMSettingVPNProperties *s_vpn_props,
NMSettingVPN *s_vpn,
ChangedCallback changed_cb,
gpointer user_data)
{
GtkWidget *widget;
GValue *value = NULL;
const char *value = NULL;
GtkListStore *store;
GtkTreeIter iter;
gint active = -1;
@ -158,18 +159,24 @@ sk_init_auth_widget (GladeXML *xml,
_("Choose an OpenVPN static key..."));
g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data);
if (s_vpn_props && s_vpn_props->data) {
value = g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_SHARED_KEY);
if (value && G_VALUE_HOLDS_STRING (value))
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), g_value_get_string (value));
if (s_vpn && s_vpn->data) {
value = g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_SHARED_KEY);
if (value && strlen (value))
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
}
store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_INT);
if (s_vpn_props && s_vpn_props->data) {
value = g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_SHARED_KEY_DIRECTION);
if (value && G_VALUE_HOLDS_INT (value))
direction = g_value_get_int (value);
if (s_vpn && s_vpn->data) {
value = g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_SHARED_KEY_DIRECTION);
if (value && strlen (value)) {
long int tmp;
errno = 0;
tmp = strtol (value, NULL, 10);
if (errno == 0 && (tmp == 0 || tmp == 1))
direction = (guint32) tmp;
}
}
gtk_list_store_append (store, &iter);
@ -177,17 +184,13 @@ sk_init_auth_widget (GladeXML *xml,
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, SK_DIR_COL_NAME, "0", SK_DIR_COL_NUM, 0, -1);
if (value && G_VALUE_HOLDS_INT (value)) {
if (g_value_get_int (value) == 0)
active = 1;
}
if (direction == 0)
active = 1;
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, SK_DIR_COL_NAME, "1", SK_DIR_COL_NUM, 1, -1);
if (value && G_VALUE_HOLDS_INT (value)) {
if (g_value_get_int (value) == 1)
active = 2;
}
if (direction == 1)
active = 2;
widget = glade_xml_get_widget (xml, "sk_direction_combo");
gtk_size_group_add_widget (group, widget);
@ -256,21 +259,17 @@ validate_tls (GladeXML *xml, const char *prefix, GError **error)
}
gboolean
auth_widget_check_validity (GladeXML *xml, gint contype, GError **error)
auth_widget_check_validity (GladeXML *xml, const char *contype, GError **error)
{
GtkWidget *widget;
gboolean is_valid = TRUE;
const char *str;
switch (contype) {
case NM_OPENVPN_CONTYPE_TLS:
is_valid = validate_tls (xml, "tls", error);
break;
case NM_OPENVPN_CONTYPE_PASSWORD_TLS:
is_valid = validate_tls (xml, "pw_tls", error);
if (!is_valid)
break;
if (!strcmp (contype, NM_OPENVPN_CONTYPE_TLS)) {
if (!validate_tls (xml, "tls", error))
return FALSE;
} else if (!strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
if (!validate_tls (xml, "pw_tls", error))
return FALSE;
widget = glade_xml_get_widget (xml, "pw_tls_username_entry");
str = gtk_entry_get_text (GTK_ENTRY (widget));
@ -279,18 +278,15 @@ auth_widget_check_validity (GladeXML *xml, gint contype, GError **error)
OPENVPN_PLUGIN_UI_ERROR,
OPENVPN_PLUGIN_UI_ERROR_INVALID_PROPERTY,
NM_OPENVPN_KEY_USERNAME);
is_valid = FALSE;
return FALSE;
}
break;
case NM_OPENVPN_CONTYPE_PASSWORD:
} else if (!strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) {
if (!validate_file_chooser (xml, "pw_ca_cert_chooser")) {
g_set_error (error,
OPENVPN_PLUGIN_UI_ERROR,
OPENVPN_PLUGIN_UI_ERROR_INVALID_PROPERTY,
NM_OPENVPN_KEY_CA);
is_valid = FALSE;
break;
return FALSE;
}
widget = glade_xml_get_widget (xml, "pw_username_entry");
str = gtk_entry_get_text (GTK_ENTRY (widget));
@ -299,26 +295,20 @@ auth_widget_check_validity (GladeXML *xml, gint contype, GError **error)
OPENVPN_PLUGIN_UI_ERROR,
OPENVPN_PLUGIN_UI_ERROR_INVALID_PROPERTY,
NM_OPENVPN_KEY_USERNAME);
is_valid = FALSE;
return FALSE;
}
break;
case NM_OPENVPN_CONTYPE_STATIC_KEY:
} else if (!strcmp (contype, NM_OPENVPN_CONTYPE_STATIC_KEY)) {
if (!validate_file_chooser (xml, "sk_key_chooser")) {
g_set_error (error,
OPENVPN_PLUGIN_UI_ERROR,
OPENVPN_PLUGIN_UI_ERROR_INVALID_PROPERTY,
NM_OPENVPN_KEY_SHARED_KEY);
is_valid = FALSE;
break;
return FALSE;
}
break;
default:
} else
g_assert_not_reached ();
}
return is_valid;
return TRUE;
}
static void
@ -326,7 +316,7 @@ update_from_filechooser (GladeXML *xml,
const char *key,
const char *prefix,
const char *widget_name,
NMSettingVPNProperties *s_vpn_props)
NMSettingVPN *s_vpn)
{
GtkWidget *widget;
char *tmp, *filename;
@ -335,8 +325,8 @@ update_from_filechooser (GladeXML *xml,
g_return_if_fail (key != NULL);
g_return_if_fail (prefix != NULL);
g_return_if_fail (widget_name != NULL);
g_return_if_fail (s_vpn_props != NULL);
g_return_if_fail (s_vpn_props->data != NULL);
g_return_if_fail (s_vpn != NULL);
g_return_if_fail (s_vpn->data != NULL);
tmp = g_strdup_printf ("%s_%s", prefix, widget_name);
widget = glade_xml_get_widget (xml, tmp);
@ -347,21 +337,21 @@ update_from_filechooser (GladeXML *xml,
return;
if (strlen (filename))
g_hash_table_insert (s_vpn_props->data, g_strdup (key), str_to_gvalue (filename));
g_hash_table_insert (s_vpn->data, g_strdup (key), g_strdup (filename));
g_free (filename);
}
static void
update_tls (GladeXML *xml, const char *prefix, NMSettingVPNProperties *s_vpn_props)
update_tls (GladeXML *xml, const char *prefix, NMSettingVPN *s_vpn)
{
update_from_filechooser (xml, NM_OPENVPN_KEY_CA, prefix, "ca_cert_chooser", s_vpn_props);
update_from_filechooser (xml, NM_OPENVPN_KEY_CERT, prefix, "user_cert_chooser", s_vpn_props);
update_from_filechooser (xml, NM_OPENVPN_KEY_KEY, prefix, "private_key_chooser", s_vpn_props);
update_from_filechooser (xml, NM_OPENVPN_KEY_CA, prefix, "ca_cert_chooser", s_vpn);
update_from_filechooser (xml, NM_OPENVPN_KEY_CERT, prefix, "user_cert_chooser", s_vpn);
update_from_filechooser (xml, NM_OPENVPN_KEY_KEY, prefix, "private_key_chooser", s_vpn);
}
static void
update_username (GladeXML *xml, const char *prefix, NMSettingVPNProperties *s_vpn_props)
update_username (GladeXML *xml, const char *prefix, NMSettingVPN *s_vpn)
{
GtkWidget *widget;
char *tmp;
@ -369,8 +359,8 @@ update_username (GladeXML *xml, const char *prefix, NMSettingVPNProperties *s_vp
g_return_if_fail (xml != NULL);
g_return_if_fail (prefix != NULL);
g_return_if_fail (s_vpn_props != NULL);
g_return_if_fail (s_vpn_props->data != NULL);
g_return_if_fail (s_vpn != NULL);
g_return_if_fail (s_vpn->data != NULL);
tmp = g_strdup_printf ("%s_username_entry", prefix);
widget = glade_xml_get_widget (xml, tmp);
@ -378,38 +368,31 @@ update_username (GladeXML *xml, const char *prefix, NMSettingVPNProperties *s_vp
str = gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str)) {
g_hash_table_insert (s_vpn_props->data,
g_hash_table_insert (s_vpn->data,
g_strdup (NM_OPENVPN_KEY_USERNAME),
str_to_gvalue (str));
g_strdup (str));
}
}
gboolean
auth_widget_update_connection (GladeXML *xml,
gint contype,
NMSettingVPNProperties *s_vpn_props)
const char *contype,
NMSettingVPN *s_vpn)
{
GtkTreeModel *model;
GtkTreeIter iter;
GtkWidget *widget;
switch (contype) {
case NM_OPENVPN_CONTYPE_TLS:
update_tls (xml, "tls", s_vpn_props);
break;
case NM_OPENVPN_CONTYPE_PASSWORD:
update_from_filechooser (xml, NM_OPENVPN_KEY_CA, "pw", "ca_cert_chooser", s_vpn_props);
update_username (xml, "pw", s_vpn_props);
break;
case NM_OPENVPN_CONTYPE_PASSWORD_TLS:
update_tls (xml, "pw_tls", s_vpn_props);
update_username (xml, "pw_tls", s_vpn_props);
break;
case NM_OPENVPN_CONTYPE_STATIC_KEY:
update_from_filechooser (xml, NM_OPENVPN_KEY_SHARED_KEY, "sk", "key_chooser", s_vpn_props);
if (!strcmp (contype, NM_OPENVPN_CONTYPE_TLS)) {
update_tls (xml, "tls", s_vpn);
} else if (!strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) {
update_from_filechooser (xml, NM_OPENVPN_KEY_CA, "pw", "ca_cert_chooser", s_vpn);
update_username (xml, "pw", s_vpn);
} else if (!strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
update_tls (xml, "pw_tls", s_vpn);
update_username (xml, "pw_tls", s_vpn);
} else if (!strcmp (contype, NM_OPENVPN_CONTYPE_STATIC_KEY)) {
update_from_filechooser (xml, NM_OPENVPN_KEY_SHARED_KEY, "sk", "key_chooser", s_vpn);
widget = glade_xml_get_widget (xml, "sk_direction_combo");
g_assert (widget);
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
@ -418,16 +401,13 @@ auth_widget_update_connection (GladeXML *xml,
gtk_tree_model_get (model, &iter, SK_DIR_COL_NUM, &direction, -1);
if (direction > -1) {
g_hash_table_insert (s_vpn_props->data,
g_hash_table_insert (s_vpn->data,
g_strdup (NM_OPENVPN_KEY_SHARED_KEY_DIRECTION),
int_to_gvalue (direction));
g_strdup_printf ("%d", direction));
}
}
break;
default:
} else
g_assert_not_reached ();
}
return TRUE;
}
@ -580,15 +560,6 @@ sk_file_chooser_filter_new (void)
return filter;
}
static void
nm_gvalue_destroy (gpointer data)
{
GValue *value = (GValue *) data;
g_value_unset (value);
g_slice_free (GValue, value);
}
static const char *advanced_keys[] = {
NM_OPENVPN_KEY_PORT,
NM_OPENVPN_KEY_COMP_LZO,
@ -604,26 +575,14 @@ static void
copy_values (gpointer key, gpointer data, gpointer user_data)
{
GHashTable *hash = (GHashTable *) user_data;
GValue *value = (GValue *) data;
const char *value = (const char *) data;
const char **i;
for (i = &advanced_keys[0]; *i; i++) {
if (strcmp ((const char *) key, *i))
continue;
if (G_VALUE_HOLDS_STRING (value)) {
g_hash_table_insert (hash,
g_strdup ((const char *) key),
str_to_gvalue (g_value_get_string (value)));
} else if (G_VALUE_HOLDS_INT (value)) {
g_hash_table_insert (hash,
g_strdup ((const char *) key),
int_to_gvalue (g_value_get_int (value)));
} else if (G_VALUE_HOLDS_BOOLEAN (value)) {
g_hash_table_insert (hash,
g_strdup ((const char *) key),
bool_to_gvalue (g_value_get_boolean (value)));
}
g_hash_table_insert (hash, g_strdup ((const char *) key), g_strdup (value));
}
}
@ -632,13 +591,13 @@ advanced_dialog_new_hash_from_connection (NMConnection *connection,
GError **error)
{
GHashTable *hash;
NMSettingVPNProperties *s_vpn_props;
NMSettingVPN *s_vpn;
hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, nm_gvalue_destroy);
hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free);
s_vpn_props = (NMSettingVPNProperties *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN_PROPERTIES);
if (s_vpn_props && s_vpn_props->data)
g_hash_table_foreach (s_vpn_props->data, copy_values, hash);
s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
if (s_vpn && s_vpn->data)
g_hash_table_foreach (s_vpn->data, copy_values, hash);
return hash;
}
@ -781,13 +740,13 @@ tls_auth_toggled_cb (GtkWidget *widget, gpointer user_data)
#define TA_DIR_COL_NUM 1
GtkWidget *
advanced_dialog_new (GHashTable *hash, int contype)
advanced_dialog_new (GHashTable *hash, const char *contype)
{
GladeXML *xml;
GtkWidget *dialog = NULL;
char *glade_file = NULL;
GtkWidget *widget;
GValue *value;
const char *value;
g_return_val_if_fail (hash != NULL, NULL);
@ -811,12 +770,18 @@ advanced_dialog_new (GHashTable *hash, int contype)
g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (port_toggled_cb), xml);
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_PORT);
if (value && G_VALUE_HOLDS_INT (value)) {
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
if (value && strlen (value)) {
long int tmp;
widget = glade_xml_get_widget (xml, "port_spinbutton");
gtk_spin_button_set_value (GTK_SPIN_BUTTON (widget),
(gdouble) g_value_get_int (value));
errno = 0;
tmp = strtol (value, NULL, 10);
if (errno == 0 && tmp > 0 && tmp < 65536 && tmp != 1194) {
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
widget = glade_xml_get_widget (xml, "port_spinbutton");
gtk_spin_button_set_value (GTK_SPIN_BUTTON (widget),
(gdouble) tmp);
}
gtk_widget_set_sensitive (widget, TRUE);
} else {
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), FALSE);
@ -827,54 +792,46 @@ advanced_dialog_new (GHashTable *hash, int contype)
}
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_COMP_LZO);
if (value && G_VALUE_HOLDS_BOOLEAN (value)) {
if (value && !strcmp (value, "yes")) {
widget = glade_xml_get_widget (xml, "lzo_checkbutton");
if (g_value_get_boolean (value))
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
}
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_PROTO_TCP);
if (value && G_VALUE_HOLDS_BOOLEAN (value)) {
if (value && !strcmp (value, "yes")) {
widget = glade_xml_get_widget (xml, "tcp_checkbutton");
if (g_value_get_boolean (value))
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
}
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TAP_DEV);
if (value && G_VALUE_HOLDS_BOOLEAN (value)) {
if (value && !strcmp (value, "yes")) {
widget = glade_xml_get_widget (xml, "tap_checkbutton");
if (g_value_get_boolean (value))
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
}
if (contype != NM_OPENVPN_CONTYPE_TLS && contype != NM_OPENVPN_CONTYPE_PASSWORD_TLS) {
if (strcmp (contype, NM_OPENVPN_CONTYPE_TLS) && strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
widget = glade_xml_get_widget (xml, "options_notebook");
gtk_notebook_remove_page (GTK_NOTEBOOK (widget), 1);
} else {
char *user_cipher = NULL;
GtkListStore *store;
GtkTreeIter iter;
int direction = -1, active = -1;
widget = glade_xml_get_widget (xml, "cipher_combo");
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_CIPHER);
if (value && G_VALUE_HOLDS_STRING (value))
user_cipher = (char *) g_value_get_string (value);
populate_cipher_combo (GTK_COMBO_BOX (widget), user_cipher);
populate_cipher_combo (GTK_COMBO_BOX (widget), value);
widget = glade_xml_get_widget (xml, "tls_auth_checkbutton");
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA);
if (value && G_VALUE_HOLDS_STRING (value)) {
if (strlen (g_value_get_string (value)))
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
}
if (value && strlen (value))
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (tls_auth_toggled_cb), xml);
tls_auth_toggled_cb (widget, xml);
widget = glade_xml_get_widget (xml, "direction_combo");
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA_DIR);
if (value && G_VALUE_HOLDS_STRING (value)) {
direction = (int) strtol (g_value_get_string (value), NULL, 10);
if (value && strlen (value)) {
direction = (int) strtol (value, NULL, 10);
/* If direction is not 0 or 1, use no direction */
if (direction != 0 && direction != 1)
direction = -1;
@ -900,9 +857,9 @@ advanced_dialog_new (GHashTable *hash, int contype)
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active);
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA);
if (value && G_VALUE_HOLDS_STRING (value)) {
if (value && strlen (value)) {
widget = glade_xml_get_widget (xml, "tls_auth_chooser");
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), g_value_get_string (value));
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
}
}
@ -917,7 +874,7 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
GHashTable *hash;
GtkWidget *widget;
GladeXML *xml;
int contype = NM_OPENVPN_CONTYPE_INVALID;
const char *contype = NULL;
g_return_val_if_fail (dialog != NULL, NULL);
if (error)
@ -926,7 +883,7 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
xml = g_object_get_data (G_OBJECT (dialog), "glade-xml");
g_return_val_if_fail (xml != NULL, NULL);
hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, nm_gvalue_destroy);
hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free);
widget = glade_xml_get_widget (xml, "port_checkbutton");
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
@ -934,23 +891,23 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
widget = glade_xml_get_widget (xml, "port_spinbutton");
port = gtk_spin_button_get_value_as_int (GTK_SPIN_BUTTON (widget));
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_PORT), int_to_gvalue (port));
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_PORT), g_strdup_printf ("%d", port));
}
widget = glade_xml_get_widget (xml, "lzo_checkbutton");
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_COMP_LZO), bool_to_gvalue (TRUE));
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_COMP_LZO), g_strdup ("yes"));
widget = glade_xml_get_widget (xml, "tcp_checkbutton");
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_PROTO_TCP), bool_to_gvalue (TRUE));
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_PROTO_TCP), g_strdup ("yes"));
widget = glade_xml_get_widget (xml, "tap_checkbutton");
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_TAP_DEV), bool_to_gvalue (TRUE));
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_TAP_DEV), g_strdup ("yes"));
contype = GPOINTER_TO_INT (g_object_get_data (G_OBJECT (dialog), "connection-type"));
if (contype == NM_OPENVPN_CONTYPE_TLS || contype == NM_OPENVPN_CONTYPE_PASSWORD_TLS) {
contype = g_object_get_data (G_OBJECT (dialog), "connection-type");
if (!strcmp (contype, NM_OPENVPN_CONTYPE_TLS) || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
GtkTreeModel *model;
GtkTreeIter iter;
@ -964,8 +921,7 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
TLS_CIPHER_COL_NAME, &cipher,
TLS_CIPHER_COL_DEFAULT, &is_default, -1);
if (!is_default && cipher) {
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_CIPHER),
str_to_gvalue (cipher));
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_CIPHER), g_strdup (cipher));
}
}
@ -976,8 +932,7 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
widget = glade_xml_get_widget (xml, "tls_auth_chooser");
filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
if (filename && strlen (filename)) {
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_TA),
str_to_gvalue (filename));
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_TA), g_strdup (filename));
}
g_free (filename);
@ -988,11 +943,8 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
gtk_tree_model_get (model, &iter, TA_DIR_COL_NUM, &direction, -1);
if (direction >= 0) {
char str_dir[2] = { '0', '\0' };
str_dir[0] = (direction == 0) ? '0' : '1';
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_TA_DIR),
str_to_gvalue (str_dir));
g_strdup_printf ("%d", direction));
}
}
}

16
vpn-daemons/openvpn/properties/auth-helpers.h
View file

@ -28,35 +28,35 @@
#include <glade/glade.h>
#include <nm-connection.h>
#include <nm-setting-vpn-properties.h>
#include <nm-setting-vpn.h>
typedef void (*ChangedCallback) (GtkWidget *widget, gpointer user_data);
void tls_pw_init_auth_widget (GladeXML *xml,
GtkSizeGroup *group,
NMSettingVPNProperties *s_vpn_props,
gint contype,
NMSettingVPN *s_vpn,
const char *contype,
const char *prefix,
ChangedCallback changed_cb,
gpointer user_data);
void sk_init_auth_widget (GladeXML *xml,
GtkSizeGroup *group,
NMSettingVPNProperties *s_vpn_props,
NMSettingVPN *s_vpn,
ChangedCallback changed_cb,
gpointer user_data);
gboolean auth_widget_check_validity (GladeXML *xml, gint contype, GError **error);
gboolean auth_widget_check_validity (GladeXML *xml, const char *contype, GError **error);
gboolean auth_widget_update_connection (GladeXML *xml,
gint contype,
NMSettingVPNProperties *s_vpn_props);
const char *contype,
NMSettingVPN *s_vpn);
GtkFileFilter *tls_file_chooser_filter_new (void);
GtkFileFilter *sk_file_chooser_filter_new (void);
GtkWidget *advanced_dialog_new (GHashTable *hash, int contype);
GtkWidget *advanced_dialog_new (GHashTable *hash, const char *contype);
GHashTable *advanced_dialog_new_hash_from_connection (NMConnection *connection, GError **error);

83
vpn-daemons/openvpn/properties/import-export.c
View file

@ -35,7 +35,6 @@
#include <glib/gi18n-lib.h>
#include <nm-setting-vpn.h>
#include <nm-setting-vpn-properties.h>
#include <nm-setting-connection.h>
#include <nm-setting-ip4-config.h>
@ -104,7 +103,7 @@ handle_path_item (const char *line,
if (leftover && *file)
*leftover = file + 1;
g_hash_table_insert (hash, g_strdup (key), str_to_gvalue (unquoted));
g_hash_table_insert (hash, g_strdup (key), g_strdup (unquoted));
g_free (unquoted);
out:
@ -143,9 +142,12 @@ handle_direction (const char *tag, const char *key, char *leftover, GHashTable *
errno = 0;
direction = strtol (leftover, NULL, 10);
if ((errno == 0) && ((direction == 0) || (direction == 1)))
g_hash_table_insert (hash, g_strdup (key), int_to_gvalue (direction));
else
if (errno == 0) {
if (direction == 0)
g_hash_table_insert (hash, g_strdup (key), g_strdup ("0"));
else if (direction == 1)
g_hash_table_insert (hash, g_strdup (key), g_strdup ("1"));
} else
g_warning ("%s: unknown %s direction '%s'", __func__, tag, leftover);
}
@ -155,12 +157,11 @@ do_import (const char *path, char **lines, GError **error)
NMConnection *connection = NULL;
NMSettingConnection *s_con;
NMSettingVPN *s_vpn;
NMSettingVPNProperties *s_vpn_props;
char *last_dot;
char **line;
gboolean have_client = FALSE, have_remote = FALSE;
gboolean have_pass = FALSE, have_sk = FALSE;
int ctype = NM_OPENVPN_CONTYPE_INVALID;
const char *ctype = NULL;
connection = nm_connection_new ();
s_con = NM_SETTING_CONNECTION (nm_setting_connection_new ());
@ -168,10 +169,6 @@ do_import (const char *path, char **lines, GError **error)
s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
s_vpn->service_type = g_strdup (NM_DBUS_SERVICE_OPENVPN);
nm_connection_add_setting (connection, NM_SETTING (s_vpn));
s_vpn_props = NM_SETTING_VPN_PROPERTIES (nm_setting_vpn_properties_new ());
nm_connection_add_setting (connection, NM_SETTING (s_vpn_props));
s_con->id = g_path_get_basename (path);
last_dot = strrchr (s_con->id, '.');
@ -195,9 +192,9 @@ do_import (const char *path, char **lines, GError **error)
if (strstr (*line, "tun")) {
/* ignore; default is tun */
} else if (strstr (*line, "tap")) {
g_hash_table_insert (s_vpn_props->data,
g_hash_table_insert (s_vpn->data,
g_strdup (NM_OPENVPN_KEY_TAP_DEV),
bool_to_gvalue (TRUE));
g_strdup ("yes"));
} else
g_warning ("%s: unknown dev option '%s'", __func__, *line);
@ -208,9 +205,9 @@ do_import (const char *path, char **lines, GError **error)
if (strstr (*line, "udp")) {
/* ignore; udp is default */
} else if (strstr (*line, "tcp")) {
g_hash_table_insert (s_vpn_props->data,
g_hash_table_insert (s_vpn->data,
g_strdup (NM_OPENVPN_KEY_PROTO_TCP),
bool_to_gvalue (TRUE));
g_strdup ("yes"));
} else
g_warning ("%s: unknown proto option '%s'", __func__, *line);
@ -218,9 +215,9 @@ do_import (const char *path, char **lines, GError **error)
}
if (!strncmp (*line, COMP_TAG, strlen (COMP_TAG))) {
g_hash_table_insert (s_vpn_props->data,
g_hash_table_insert (s_vpn->data,
g_strdup (NM_OPENVPN_KEY_COMP_LZO),
bool_to_gvalue (TRUE));
g_strdup ("yes"));
continue;
}
@ -230,9 +227,9 @@ do_import (const char *path, char **lines, GError **error)
continue;
if (g_strv_length (items) >= 1) {
g_hash_table_insert (s_vpn_props->data,
g_hash_table_insert (s_vpn->data,
g_strdup (NM_OPENVPN_KEY_REMOTE),
str_to_gvalue (items[0]));
g_strdup (items[0]));
have_remote = TRUE;
if (g_strv_length (items) >= 2) {
@ -241,44 +238,44 @@ do_import (const char *path, char **lines, GError **error)
errno = 0;
port = strtol (items[1], NULL, 10);
if ((errno == 0) && (port > 0) && (port < 65536)) {
g_hash_table_insert (s_vpn_props->data,
g_hash_table_insert (s_vpn->data,
g_strdup (NM_OPENVPN_KEY_PORT),
int_to_gvalue (port));
g_strdup_printf ("%d", (guint32) port));
} else
g_warning ("%s: invalid remote port in option '%s'", __func__, *line);
}
}
g_strfreev (items);
if (!g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_REMOTE))
if (!g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_REMOTE))
g_warning ("%s: unknown remote option '%s'", __func__, *line);
continue;
}
if (handle_path_item (*line, CA_TAG, NM_OPENVPN_KEY_CA, s_vpn_props->data, NULL))
if (handle_path_item (*line, CA_TAG, NM_OPENVPN_KEY_CA, s_vpn->data, NULL))
continue;
if (handle_path_item (*line, CERT_TAG, NM_OPENVPN_KEY_CERT, s_vpn_props->data, NULL))
if (handle_path_item (*line, CERT_TAG, NM_OPENVPN_KEY_CERT, s_vpn->data, NULL))
continue;
if (handle_path_item (*line, KEY_TAG, NM_OPENVPN_KEY_KEY, s_vpn_props->data, NULL))
if (handle_path_item (*line, KEY_TAG, NM_OPENVPN_KEY_KEY, s_vpn->data, NULL))
continue;
if (handle_path_item (*line, SECRET_TAG, NM_OPENVPN_KEY_SHARED_KEY,
s_vpn_props->data, &leftover)) {
s_vpn->data, &leftover)) {
handle_direction ("secret",
NM_OPENVPN_KEY_SHARED_KEY_DIRECTION,
leftover,
s_vpn_props->data);
s_vpn->data);
continue;
}
if (handle_path_item (*line, TLS_AUTH_TAG, NM_OPENVPN_KEY_TA,
s_vpn_props->data, &leftover)) {
s_vpn->data, &leftover)) {
handle_direction ("tls-auth",
NM_OPENVPN_KEY_TA_DIR,
leftover,
s_vpn_props->data);
s_vpn->data);
continue;
}
@ -288,9 +285,9 @@ do_import (const char *path, char **lines, GError **error)
continue;
if (g_strv_length (items)) {
g_hash_table_insert (s_vpn_props->data,
g_hash_table_insert (s_vpn->data,
g_strdup (NM_OPENVPN_KEY_CIPHER),
str_to_gvalue (items[0]));
g_strdup (items[0]));
}
g_strfreev (items);
continue;
@ -302,12 +299,12 @@ do_import (const char *path, char **lines, GError **error)
continue;
if (g_strv_length (items) == 2) {
g_hash_table_insert (s_vpn_props->data,
g_hash_table_insert (s_vpn->data,
g_strdup (NM_OPENVPN_KEY_LOCAL_IP),
str_to_gvalue (items[0]));
g_hash_table_insert (s_vpn_props->data,
g_strdup (items[0]));
g_hash_table_insert (s_vpn->data,
g_strdup (NM_OPENVPN_KEY_REMOTE_IP),
str_to_gvalue (items[1]));
g_strdup (items[1]));
} else
g_warning ("%s: unknown ifconfig option '%s'", __func__, *line);
g_strfreev (items);
@ -318,7 +315,7 @@ do_import (const char *path, char **lines, GError **error)
have_pass = TRUE;
}
if (g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_SHARED_KEY))
if (g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_SHARED_KEY))
have_sk = TRUE;
if (!have_client && !have_sk) {
@ -338,12 +335,12 @@ do_import (const char *path, char **lines, GError **error)
} else {
gboolean have_certs = FALSE, have_ca = FALSE;
if (g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_CA))
if (g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_CA))
have_ca = TRUE;
if ( have_ca
&& g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_CERT)
&& g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_KEY))
&& g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_CERT)
&& g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_KEY))
have_certs = TRUE;
/* Determine connection type */
@ -357,14 +354,15 @@ do_import (const char *path, char **lines, GError **error)
} else if (have_sk)
ctype = NM_OPENVPN_CONTYPE_STATIC_KEY;
if (ctype == NM_OPENVPN_CONTYPE_INVALID)
if (!ctype)
ctype = NM_OPENVPN_CONTYPE_TLS;
g_hash_table_insert (s_vpn_props->data,
g_hash_table_insert (s_vpn->data,
g_strdup (NM_OPENVPN_KEY_CONNECTION_TYPE),
int_to_gvalue (ctype));
g_strdup (ctype));
}
nm_connection_add_setting (connection, NM_SETTING (s_vpn));
return connection;
}
@ -375,4 +373,3 @@ do_export (const char *path, NMConnection *connection, GError **error)
}

138
vpn-daemons/openvpn/properties/nm-openvpn.c
View file

@ -41,7 +41,6 @@
#include <nm-vpn-plugin-ui-interface.h>
#include <nm-setting-vpn.h>
#include <nm-setting-vpn-properties.h>
#include <nm-setting-connection.h>
#include <nm-setting-ip4-config.h>
@ -133,7 +132,7 @@ check_validity (OpenvpnPluginUiWidget *self, GError **error)
const char *str;
GtkTreeModel *model;
GtkTreeIter iter;
gint contype = NM_OPENVPN_CONTYPE_INVALID;
const char *contype = NULL;
widget = glade_xml_get_widget (priv->xml, "gateway_entry");
str = gtk_entry_get_text (GTK_ENTRY (widget));
@ -226,7 +225,7 @@ advanced_button_clicked_cb (GtkWidget *button, gpointer user_data)
GtkWidget *dialog, *toplevel, *widget;
GtkTreeModel *model;
GtkTreeIter iter;
int contype = NM_OPENVPN_CONTYPE_INVALID;
const char *contype = NULL;
toplevel = gtk_widget_get_toplevel (priv->widget);
g_return_if_fail (GTK_WIDGET_TOPLEVEL (toplevel));
@ -259,15 +258,15 @@ static gboolean
init_plugin_ui (OpenvpnPluginUiWidget *self, NMConnection *connection, GError **error)
{
OpenvpnPluginUiWidgetPrivate *priv = OPENVPN_PLUGIN_UI_WIDGET_GET_PRIVATE (self);
NMSettingVPNProperties *s_vpn_props;
NMSettingVPN *s_vpn;
GtkWidget *widget;
GtkListStore *store;
GtkTreeIter iter;
int active = -1;
GValue *value;
gint contype = NM_OPENVPN_CONTYPE_TLS;
const char *value;
const char *contype = NM_OPENVPN_CONTYPE_TLS;
s_vpn_props = (NMSettingVPNProperties *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN_PROPERTIES);
s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL);
@ -275,10 +274,10 @@ init_plugin_ui (OpenvpnPluginUiWidget *self, NMConnection *connection, GError **
if (!widget)
return FALSE;
gtk_size_group_add_widget (priv->group, widget);
if (s_vpn_props) {
value = g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_REMOTE);
if (value && G_VALUE_HOLDS_STRING (value))
gtk_entry_set_text (GTK_ENTRY (widget), g_value_get_string (value));
if (s_vpn) {
value = g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_REMOTE);
if (value)
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
@ -287,19 +286,22 @@ init_plugin_ui (OpenvpnPluginUiWidget *self, NMConnection *connection, GError **
return FALSE;
gtk_size_group_add_widget (priv->group, widget);
store = gtk_list_store_new (3, G_TYPE_STRING, G_TYPE_INT, G_TYPE_INT);
store = gtk_list_store_new (3, G_TYPE_STRING, G_TYPE_INT, G_TYPE_STRING);
if (s_vpn_props && s_vpn_props->data) {
value = g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_CONNECTION_TYPE);
if (value && G_VALUE_HOLDS_INT (value)) {
contype = g_value_get_int (value);
if ((contype < NM_OPENVPN_CONTYPE_TLS) || (contype > NM_OPENVPN_CONTYPE_PASSWORD_TLS))
if (s_vpn && s_vpn->data) {
contype = g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_CONNECTION_TYPE);
if (contype) {
if ( strcmp (contype, NM_OPENVPN_CONTYPE_TLS)
&& strcmp (contype, NM_OPENVPN_CONTYPE_STATIC_KEY)
&& strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)
&& strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS))
contype = NM_OPENVPN_CONTYPE_TLS;
}
} else
contype = NM_OPENVPN_CONTYPE_TLS;
}
/* TLS auth widget */
tls_pw_init_auth_widget (priv->xml, priv->group, s_vpn_props,
tls_pw_init_auth_widget (priv->xml, priv->group, s_vpn,
NM_OPENVPN_CONTYPE_TLS, "tls",
stuff_changed_cb, self);
@ -311,7 +313,7 @@ init_plugin_ui (OpenvpnPluginUiWidget *self, NMConnection *connection, GError **
-1);
/* Password auth widget */
tls_pw_init_auth_widget (priv->xml, priv->group, s_vpn_props,
tls_pw_init_auth_widget (priv->xml, priv->group, s_vpn,
NM_OPENVPN_CONTYPE_PASSWORD, "pw",
stuff_changed_cb, self);
@ -321,11 +323,11 @@ init_plugin_ui (OpenvpnPluginUiWidget *self, NMConnection *connection, GError **
COL_AUTH_PAGE, 1,
COL_AUTH_TYPE, NM_OPENVPN_CONTYPE_PASSWORD,
-1);
if ((active < 0) && (contype == NM_OPENVPN_CONTYPE_PASSWORD))
if ((active < 0) && !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD))
active = 1;
/* Password+TLS auth widget */
tls_pw_init_auth_widget (priv->xml, priv->group, s_vpn_props,
tls_pw_init_auth_widget (priv->xml, priv->group, s_vpn,
NM_OPENVPN_CONTYPE_PASSWORD_TLS, "pw_tls",
stuff_changed_cb, self);
@ -335,11 +337,11 @@ init_plugin_ui (OpenvpnPluginUiWidget *self, NMConnection *connection, GError **
COL_AUTH_PAGE, 2,
COL_AUTH_TYPE, NM_OPENVPN_CONTYPE_PASSWORD_TLS,
-1);
if ((active < 0) && (contype == NM_OPENVPN_CONTYPE_PASSWORD_TLS))
if ((active < 0) && !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS))
active = 2;
/* Static key auth widget */
sk_init_auth_widget (priv->xml, priv->group, s_vpn_props, stuff_changed_cb, self);
sk_init_auth_widget (priv->xml, priv->group, s_vpn, stuff_changed_cb, self);
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter,
@ -347,7 +349,7 @@ init_plugin_ui (OpenvpnPluginUiWidget *self, NMConnection *connection, GError **
COL_AUTH_PAGE, 3,
COL_AUTH_TYPE, NM_OPENVPN_CONTYPE_STATIC_KEY,
-1);
if ((active < 0) && (contype == NM_OPENVPN_CONTYPE_STATIC_KEY))
if ((active < 0) && !strcmp (contype, NM_OPENVPN_CONTYPE_STATIC_KEY))
active = 3;
gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store));
@ -370,64 +372,13 @@ get_widget (NMVpnPluginUiWidgetInterface *iface)
return G_OBJECT (priv->widget);
}
GValue *
str_to_gvalue (const char *str)
{
GValue *value;
value = g_slice_new0 (GValue);
g_value_init (value, G_TYPE_STRING);
g_value_set_string (value, str);
return value;
}
GValue *
bool_to_gvalue (gboolean b)
{
GValue *value;
value = g_slice_new0 (GValue);
g_value_init (value, G_TYPE_BOOLEAN);
g_value_set_boolean (value, b);
return value;
}
GValue *
int_to_gvalue (gint i)
{
GValue *value;
value = g_slice_new0 (GValue);
g_value_init (value, G_TYPE_INT);
g_value_set_int (value, i);
return value;
}
static void
hash_copy_advanced (gpointer key, gpointer data, gpointer user_data)
{
GHashTable *hash = (GHashTable *) user_data;
GValue *value = (GValue *) data;
const char *value = (const char *) data;
if (G_VALUE_HOLDS_STRING (value)) {
g_hash_table_insert (hash,
g_strdup ((const char *) key),
str_to_gvalue (g_value_get_string (value)));
} else if (G_VALUE_HOLDS_INT (value)) {
g_hash_table_insert (hash,
g_strdup ((const char *) key),
int_to_gvalue (g_value_get_int (value)));
} else if (G_VALUE_HOLDS_BOOLEAN (value)) {
g_hash_table_insert (hash,
g_strdup ((const char *) key),
bool_to_gvalue (g_value_get_boolean (value)));
} else {
g_warning ("%s: unhandled key '%s' of type '%s'",
__func__, (const char *) key, G_VALUE_TYPE_NAME (value));
}
g_hash_table_insert (hash, g_strdup ((const char *) key), g_strdup (value));
}
static gboolean
@ -438,55 +389,42 @@ update_connection (NMVpnPluginUiWidgetInterface *iface,
OpenvpnPluginUiWidget *self = OPENVPN_PLUGIN_UI_WIDGET (iface);
OpenvpnPluginUiWidgetPrivate *priv = OPENVPN_PLUGIN_UI_WIDGET_GET_PRIVATE (self);
NMSettingVPN *s_vpn;
NMSettingVPNProperties *s_vpn_props;
GtkWidget *widget;
char *str;
GtkTreeModel *model;
GtkTreeIter iter;
gboolean valid = FALSE;
int auth_type = NM_OPENVPN_CONTYPE_INVALID;
const char *auth_type = NULL;
if (!check_validity (self, error))
return FALSE;
s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
s_vpn->service_type = g_strdup (NM_DBUS_SERVICE_OPENVPN);
nm_connection_add_setting (connection, NM_SETTING (s_vpn));
s_vpn_props = NM_SETTING_VPN_PROPERTIES (nm_setting_vpn_properties_new ());
/* Gateway */
widget = glade_xml_get_widget (priv->xml, "gateway_entry");
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str)) {
g_hash_table_insert (s_vpn_props->data,
g_hash_table_insert (s_vpn->data,
g_strdup (NM_OPENVPN_KEY_REMOTE),
str_to_gvalue (str));
g_strdup (str));
}
widget = glade_xml_get_widget (priv->xml, "auth_combo");
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) {
gtk_tree_model_get (model, &iter, COL_AUTH_TYPE, &auth_type, -1);
if ( (auth_type > NM_OPENVPN_CONTYPE_INVALID)
&& (auth_type <= NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
g_hash_table_insert (s_vpn_props->data,
g_strdup (NM_OPENVPN_KEY_CONNECTION_TYPE),
int_to_gvalue (auth_type));
auth_widget_update_connection (priv->xml, auth_type, s_vpn_props);
} else {
g_set_error (error,
OPENVPN_PLUGIN_UI_ERROR,
OPENVPN_PLUGIN_UI_ERROR_INVALID_PROPERTY,
NM_OPENVPN_KEY_CONNECTION_TYPE);
goto done;
}
g_hash_table_insert (s_vpn->data,
g_strdup (NM_OPENVPN_KEY_CONNECTION_TYPE),
g_strdup (auth_type));
auth_widget_update_connection (priv->xml, auth_type, s_vpn);
}
if (priv->advanced)
g_hash_table_foreach (priv->advanced, hash_copy_advanced, s_vpn_props->data);
g_hash_table_foreach (priv->advanced, hash_copy_advanced, s_vpn->data);
nm_connection_add_setting (connection, NM_SETTING (s_vpn_props));
nm_connection_add_setting (connection, NM_SETTING (s_vpn));
valid = TRUE;
done:

6
vpn-daemons/openvpn/properties/nm-openvpn.h
View file

@ -82,11 +82,5 @@ struct _OpenvpnPluginUiWidgetClass {
GType openvpn_plugin_ui_widget_get_type (void);
GValue *int_to_gvalue (gint i);
GValue *bool_to_gvalue (gboolean b);
GValue *str_to_gvalue (const char *str);
#endif /* _NM_OPENVPN_H_ */

426
vpn-daemons/openvpn/src/nm-openvpn-service.c
View file

@ -1,8 +1,8 @@
/* -*- Mode: C; tab-width: 5; indent-tabs-mode: t; c-basic-offset: 5 -*- */
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
/* nm-openvpn-service - openvpn integration with NetworkManager
*
* Tim Niemueller <tim@niemueller.de>
* Based on work by Dan Williams <dcbw@redhat.com>
* Dan Williams <dcbw@redhat.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -44,11 +44,11 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <ctype.h>
#include <errno.h>
#include <NetworkManager.h>
#include <NetworkManagerVPN.h>
#include <nm-setting-vpn.h>
#include <nm-setting-vpn-properties.h>
#include "nm-openvpn-service.h"
#include "nm-utils.h"
@ -63,9 +63,6 @@ typedef struct {
char *username;
char *password;
char *certpass;
gint child_stdin_fd;
gint child_stdout_fd;
gint child_stderr_fd;
GIOChannel *socket_channel;
guint socket_channel_eventid;
} NMOpenvpnPluginIOData;
@ -80,39 +77,41 @@ typedef struct {
typedef struct {
const char *name;
GType type;
gint int_min;
gint int_max;
} ValidProperty;
static ValidProperty valid_properties[] = {
{ NM_OPENVPN_KEY_CA, G_TYPE_STRING },
{ NM_OPENVPN_KEY_CERT, G_TYPE_STRING },
{ NM_OPENVPN_KEY_CIPHER, G_TYPE_STRING },
{ NM_OPENVPN_KEY_COMP_LZO, G_TYPE_BOOLEAN },
{ NM_OPENVPN_KEY_CONNECTION_TYPE, G_TYPE_INT },
{ NM_OPENVPN_KEY_TAP_DEV, G_TYPE_BOOLEAN },
{ NM_OPENVPN_KEY_KEY, G_TYPE_STRING },
{ NM_OPENVPN_KEY_LOCAL_IP, G_TYPE_STRING },
{ NM_OPENVPN_KEY_PROTO_TCP, G_TYPE_BOOLEAN },
{ NM_OPENVPN_KEY_PORT, G_TYPE_INT },
{ NM_OPENVPN_KEY_REMOTE, G_TYPE_STRING },
{ NM_OPENVPN_KEY_REMOTE_IP, G_TYPE_STRING },
{ NM_OPENVPN_KEY_SHARED_KEY, G_TYPE_STRING },
{ NM_OPENVPN_KEY_SHARED_KEY_DIRECTION, G_TYPE_INT },
{ NM_OPENVPN_KEY_TA, G_TYPE_STRING },
{ NM_OPENVPN_KEY_TA_DIR, G_TYPE_STRING },
{ NM_OPENVPN_KEY_USERNAME, G_TYPE_STRING },
{ NM_OPENVPN_KEY_PASSWORD, G_TYPE_STRING },
{ NM_OPENVPN_KEY_CERTPASS, G_TYPE_STRING },
{ NM_OPENVPN_KEY_NOSECRET, G_TYPE_STRING },
{ NM_OPENVPN_KEY_CA, G_TYPE_STRING, 0, 0 },
{ NM_OPENVPN_KEY_CERT, G_TYPE_STRING, 0, 0 },
{ NM_OPENVPN_KEY_CIPHER, G_TYPE_STRING, 0, 0 },
{ NM_OPENVPN_KEY_COMP_LZO, G_TYPE_BOOLEAN, 0, 0 },
{ NM_OPENVPN_KEY_CONNECTION_TYPE, G_TYPE_STRING, 0, 0 },
{ NM_OPENVPN_KEY_TAP_DEV, G_TYPE_BOOLEAN, 0, 0},
{ NM_OPENVPN_KEY_KEY, G_TYPE_STRING, 0, 0 },
{ NM_OPENVPN_KEY_LOCAL_IP, G_TYPE_STRING, 0, 0 },
{ NM_OPENVPN_KEY_PROTO_TCP, G_TYPE_BOOLEAN, 0, 0 },
{ NM_OPENVPN_KEY_PORT, G_TYPE_INT, 1, 65535 },
{ NM_OPENVPN_KEY_REMOTE, G_TYPE_STRING, 0, 0 },
{ NM_OPENVPN_KEY_REMOTE_IP, G_TYPE_STRING, 0, 0 },
{ NM_OPENVPN_KEY_SHARED_KEY, G_TYPE_STRING, 0, 0 },
{ NM_OPENVPN_KEY_SHARED_KEY_DIRECTION, G_TYPE_INT, 0, 1 },
{ NM_OPENVPN_KEY_TA, G_TYPE_STRING, 0, 0 },
{ NM_OPENVPN_KEY_TA_DIR, G_TYPE_INT, 0, 1 },
{ NM_OPENVPN_KEY_USERNAME, G_TYPE_STRING, 0, 0 },
{ NM_OPENVPN_KEY_PASSWORD, G_TYPE_STRING, 0, 0 },
{ NM_OPENVPN_KEY_CERTPASS, G_TYPE_STRING, 0, 0 },
{ NM_OPENVPN_KEY_NOSECRET, G_TYPE_STRING, 0, 0 },
{ NULL, G_TYPE_NONE }
};
static void
validate_one_property (gpointer key, gpointer val, gpointer user_data)
validate_one_property (gpointer key, gpointer value, gpointer user_data)
{
gboolean *failed = (gboolean *) user_data;
GError **error = (GError **) user_data;
int i;
if (*failed)
if (*error)
return;
/* 'name' is the setting name; always allowed but unused */
@ -121,27 +120,71 @@ validate_one_property (gpointer key, gpointer val, gpointer user_data)
for (i = 0; valid_properties[i].name; i++) {
ValidProperty prop = valid_properties[i];
long int tmp;
if (!strcmp (prop.name, (char *) key) && prop.type == G_VALUE_TYPE ((GValue *) val))
/* Property is ok */
return;
if (strcmp (prop.name, (char *) key))
continue;
switch (prop.type) {
case G_TYPE_STRING:
return; /* valid */
case G_TYPE_INT:
errno = 0;
tmp = strtol ((char *) value, NULL, 10);
if (errno == 0 && tmp >= prop.int_min && tmp <= prop.int_max)
return; /* valid */
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"invalid integer property '%s' or out of range [%d -> %d]",
(const char *) key, prop.int_min, prop.int_max);
break;
case G_TYPE_BOOLEAN:
if (!strcmp ((char *) value, "yes") || !strcmp ((char *) value, "no"))
return; /* valid */
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"invalid boolean property '%s' (not yes or no)",
(const char *) key);
break;
default:
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"unhandled property '%s' type %d",
(const char *) key, prop.type);
break;
}
}
/* Did not find the property from valid_properties or the type did not match */
*failed = TRUE;
if (!valid_properties[i].name) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"property '%s' invalid or not supported",
(const char *) key);
}
}
static gboolean
nm_openvpn_properties_validate (GHashTable *properties)
nm_openvpn_properties_validate (GHashTable *properties, GError **error)
{
gboolean failed = FALSE;
if (g_hash_table_size (properties) < 1) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"%s",
"No VPN configuration options.");
return FALSE;
}
if (g_hash_table_size (properties) < 1)
return failed;
g_hash_table_foreach (properties, validate_one_property, error);
g_hash_table_foreach (properties, validate_one_property, &failed);
return !failed;
return error ? FALSE : TRUE;
}
static void
@ -296,8 +339,8 @@ nm_openvpn_connect_timer_cb (gpointer data)
return FALSE;
}
} else {
GIOChannel *openvpn_socket_channel;
guint openvpn_socket_channel_eventid;
GIOChannel *openvpn_socket_channel;
guint openvpn_socket_channel_eventid;
openvpn_socket_channel = g_io_channel_unix_new (socket_fd);
openvpn_socket_channel_eventid = g_io_add_watch (openvpn_socket_channel,
@ -363,20 +406,21 @@ openvpn_watch_cb (GPid pid, gint status, gpointer user_data)
nm_vpn_plugin_set_state (plugin, NM_VPN_SERVICE_STATE_STOPPED);
}
static int
static const char *
get_connection_type (GHashTable *properties)
{
int connection_type = NM_OPENVPN_CONTYPE_INVALID;
gpointer tmp;
const char *ctype;
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CONNECTION_TYPE);
if (tmp)
connection_type = g_value_get_int ((GValue *) tmp);
ctype = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CONNECTION_TYPE);
if (ctype) {
if ( !strcmp (ctype, NM_OPENVPN_CONTYPE_TLS)
|| !strcmp (ctype, NM_OPENVPN_CONTYPE_STATIC_KEY)
|| !strcmp (ctype, NM_OPENVPN_CONTYPE_PASSWORD)
|| !strcmp (ctype, NM_OPENVPN_CONTYPE_PASSWORD_TLS))
return ctype;
}
if (connection_type < NM_OPENVPN_CONTYPE_INVALID || connection_type > NM_OPENVPN_CONTYPE_PASSWORD_TLS)
connection_type = NM_OPENVPN_CONTYPE_INVALID;
return connection_type;
return NULL;
}
static const char *
@ -398,43 +442,56 @@ nm_find_openvpn (void)
return *openvpn_binary;
}
static gint
nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, GHashTable *properties)
static void
free_openvpn_args (GPtrArray *args)
{
g_ptr_array_foreach (args, (GFunc) g_free, NULL);
g_ptr_array_free (args, TRUE);
}
static gboolean
nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
GHashTable *properties,
GError **error)
{
NMOpenvpnPluginPrivate *priv = NM_OPENVPN_PLUGIN_GET_PRIVATE (plugin);
GPid pid;
const char *openvpn_binary;
const char *openvpn_binary, *connection_type, *tmp;
GPtrArray *openvpn_argv;
GSource *openvpn_watch;
gpointer tmp;
gint stdin_fd;
gint stdout_fd;
gint stderr_fd;
int connection_type;
GError *err = NULL;
GPid pid;
/* Find openvpn */
openvpn_binary = nm_find_openvpn ();
if (!openvpn_binary) {
nm_info ("Could not find openvpn binary.");
return -1;
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"%s",
"Could not find the openvpn binary.");
return FALSE;
}
connection_type = get_connection_type (properties);
if (connection_type == NM_OPENVPN_CONTYPE_INVALID)
return -1;
if (!connection_type) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"%s",
"Invalid connection type.");
return FALSE;
}
openvpn_argv = g_ptr_array_new ();
g_ptr_array_add (openvpn_argv, (gpointer) (openvpn_binary));
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_REMOTE);
if (tmp) {
if (tmp && strlen (tmp)) {
g_ptr_array_add (openvpn_argv, (gpointer) "--remote");
g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp));
g_ptr_array_add (openvpn_argv, (gpointer) tmp);
}
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_COMP_LZO);
if (tmp && g_value_get_boolean ((GValue *) tmp))
if (tmp && !strcmp (tmp, "yes"))
g_ptr_array_add (openvpn_argv, (gpointer) "--comp-lzo");
g_ptr_array_add (openvpn_argv, (gpointer) "--nobind");
@ -442,7 +499,7 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, GHashTable *properties
/* Device, either tun or tap */
g_ptr_array_add (openvpn_argv, (gpointer) "--dev");
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_TAP_DEV);
if (tmp && g_value_get_boolean ((GValue *) tmp))
if (tmp && !strcmp (tmp, "yes"))
g_ptr_array_add (openvpn_argv, (gpointer) "tap");
else
g_ptr_array_add (openvpn_argv, (gpointer) "tun");
@ -450,7 +507,7 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, GHashTable *properties
/* Protocol, either tcp or udp */
g_ptr_array_add (openvpn_argv, (gpointer) "--proto");
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_PROTO_TCP);
if (tmp && g_value_get_boolean ((GValue *) tmp))
if (tmp && !strcmp (tmp, "yes"))
g_ptr_array_add (openvpn_argv, (gpointer) "tcp-client");
else
g_ptr_array_add (openvpn_argv, (gpointer) "udp");
@ -458,29 +515,46 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, GHashTable *properties
/* Port */
g_ptr_array_add (openvpn_argv, (gpointer) "--port");
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_PORT);
if (tmp)
/* The string here is leaked, big deal. */
g_ptr_array_add (openvpn_argv, g_strdup_printf ("%u", g_value_get_int ((GValue *) tmp)));
else
if (tmp && strlen (tmp)) {
long int tmp_int;
/* Convert -> int and back to string for security's sake since
* strtol() ignores some leading and trailing characters.
*/
errno = 0;
tmp_int = strtol (tmp, NULL, 10);
if (errno == 0)
g_ptr_array_add (openvpn_argv, (gpointer) g_strdup_printf ("%ld", tmp_int));
else {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"Invalid port number '%s'.",
tmp);
free_openvpn_args (openvpn_argv);
return FALSE;
}
} else {
/* Default to IANA assigned port 1194 */
g_ptr_array_add (openvpn_argv, (GValue *) "1194");
}
/* Cipher */
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CIPHER);
if (tmp) {
if (tmp && strlen (tmp)) {
g_ptr_array_add (openvpn_argv, (gpointer) "--cipher");
g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp));
g_ptr_array_add (openvpn_argv, (gpointer) tmp);
}
/* TA */
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_TA);
if (tmp) {
if (tmp && strlen (tmp)) {
g_ptr_array_add (openvpn_argv, (gpointer) "--tls-auth");
g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp));
g_ptr_array_add (openvpn_argv, (gpointer) tmp);
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_TA_DIR);
if (tmp && strlen (g_value_get_string (tmp)))
g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp));
if (tmp && strlen (tmp))
g_ptr_array_add (openvpn_argv, (gpointer) tmp);
}
/* Syslog */
@ -508,34 +582,31 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, GHashTable *properties
g_ptr_array_add (openvpn_argv, (gpointer) "--route-noexec");
/* Now append configuration options which are dependent on the configuration type */
switch (connection_type) {
case NM_OPENVPN_CONTYPE_TLS:
if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS)) {
g_ptr_array_add (openvpn_argv, (gpointer) "--client");
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CA);
if (tmp) {
if (tmp && strlen (tmp)) {
g_ptr_array_add (openvpn_argv, (gpointer) "--ca");
g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp));
g_ptr_array_add (openvpn_argv, (gpointer) tmp);
}
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CERT);
if (tmp) {
if (tmp && strlen (tmp)) {
g_ptr_array_add (openvpn_argv, (gpointer) "--cert");
g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp));
g_ptr_array_add (openvpn_argv, (gpointer) tmp);
}
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_KEY);
if (tmp) {
if (tmp && strlen (tmp)) {
g_ptr_array_add (openvpn_argv, (gpointer) "--key");
g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp));
g_ptr_array_add (openvpn_argv, (gpointer) tmp);
}
break;
case NM_OPENVPN_CONTYPE_STATIC_KEY:
} else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_STATIC_KEY)) {
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_SHARED_KEY);
if (tmp) {
if (tmp && strlen (tmp)) {
g_ptr_array_add (openvpn_argv, (gpointer) "--secret");
g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp));
g_ptr_array_add (openvpn_argv, (gpointer) tmp);
}
g_ptr_array_add (openvpn_argv, (gpointer) "--ifconfig");
@ -543,70 +614,80 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, GHashTable *properties
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_LOCAL_IP);
if (!tmp) {
/* Insufficient data (FIXME: this should really be detected when validating the properties */
g_ptr_array_free (openvpn_argv, TRUE);
return -1;
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"%s",
"Missing required local IP address for static key mode.");
free_openvpn_args (openvpn_argv);
return FALSE;
}
g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp));
g_ptr_array_add (openvpn_argv, (gpointer) tmp);
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_REMOTE_IP);
if (!tmp) {
/* Insufficient data (FIXME: this should really be detected when validating the properties */
g_ptr_array_free (openvpn_argv, TRUE);
return -1;
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"%s",
"Missing required remote IP address for static key mode.");
free_openvpn_args (openvpn_argv);
return FALSE;
}
g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp));
break;
case NM_OPENVPN_CONTYPE_PASSWORD:
g_ptr_array_add (openvpn_argv, (gpointer) tmp);
} else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD)) {
/* Client mode */
g_ptr_array_add (openvpn_argv, (gpointer) "--client");
/* Use user/path authentication */
g_ptr_array_add (openvpn_argv, (gpointer) "--auth-user-pass");
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CA);
if (tmp) {
if (tmp && strlen (tmp)) {
g_ptr_array_add (openvpn_argv, (gpointer) "--ca");
g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp));
g_ptr_array_add (openvpn_argv, (gpointer) tmp);
}
break;
case NM_OPENVPN_CONTYPE_PASSWORD_TLS:
} else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
g_ptr_array_add (openvpn_argv, (gpointer) "--client");
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CA);
if (tmp) {
if (tmp && strlen (tmp)) {
g_ptr_array_add (openvpn_argv, (gpointer) "--ca");
g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp));
g_ptr_array_add (openvpn_argv, (gpointer) tmp);
}
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CERT);
if (tmp) {
if (tmp && strlen (tmp)) {
g_ptr_array_add (openvpn_argv, (gpointer) "--cert");
g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp));
g_ptr_array_add (openvpn_argv, (gpointer) tmp);
}
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_KEY);
if (tmp) {
if (tmp && strlen (tmp)) {
g_ptr_array_add (openvpn_argv, (gpointer) "--key");
g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp));
g_ptr_array_add (openvpn_argv, (gpointer) tmp);
}
/* Use user/path authentication */
g_ptr_array_add (openvpn_argv, (gpointer) "--auth-user-pass");
break;
} else {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"Unknown connection type '%s'.",
connection_type);
free_openvpn_args (openvpn_argv);
return FALSE;
}
g_ptr_array_add (openvpn_argv, NULL);
if (!g_spawn_async_with_pipes (NULL, (char **) openvpn_argv->pdata, NULL,
G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, &stdin_fd,
&stdout_fd, &stderr_fd, &err)) {
g_ptr_array_free (openvpn_argv, TRUE);
nm_warning ("openvpn failed to start. error: '%s'", err->message);
g_error_free (err);
return -1;
if (!g_spawn_async (NULL, (char **) openvpn_argv->pdata, NULL,
G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, error)) {
free_openvpn_args (openvpn_argv);
return FALSE;
}
g_ptr_array_free (openvpn_argv, TRUE);
free_openvpn_args (openvpn_argv);
nm_info ("openvpn started with pid %d", pid);
@ -621,72 +702,47 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, GHashTable *properties
X509USERPASS: Will require username and password and maybe certificate password
X509: May require certificate password
*/
if (connection_type == NM_OPENVPN_CONTYPE_PASSWORD ||
connection_type == NM_OPENVPN_CONTYPE_PASSWORD_TLS ||
connection_type == NM_OPENVPN_CONTYPE_TLS) {
if ( !strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS)
|| !strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD)
|| !strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
NMOpenvpnPluginIOData *io_data;
NMOpenvpnPluginIOData *io_data;
io_data = g_new0 (NMOpenvpnPluginIOData, 1);
io_data->child_stdin_fd = stdin_fd;
io_data->child_stdout_fd = stdout_fd;
io_data->child_stderr_fd = stderr_fd;
io_data = g_new0 (NMOpenvpnPluginIOData, 1);
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_USERNAME);
if (tmp)
io_data->username = g_strdup ((char *) g_value_get_string ((GValue *) tmp));
io_data->username = tmp ? g_strdup (tmp) : NULL;
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_PASSWORD);
if (tmp)
io_data->password = g_strdup ((char *) g_value_get_string ((GValue *) tmp));
io_data->password = tmp ? g_strdup (tmp) : NULL;
tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CERTPASS);
if (tmp)
io_data->certpass = g_strdup ((char *) g_value_get_string ((GValue *) tmp));
io_data->certpass = tmp ? g_strdup (tmp) : NULL;
priv->io_data = io_data;
nm_openvpn_schedule_connect_timer (plugin);
}
return stdin_fd;
return TRUE;
}
static gboolean
real_connect (NMVPNPlugin *plugin,
NMConnection *connection,
GError **err)
NMConnection *connection,
GError **error)
{
NMSettingVPNProperties *properties;
gint fd;
gboolean success = FALSE;
NMSettingVPN *s_vpn;
properties = NM_SETTING_VPN_PROPERTIES (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN_PROPERTIES));
if (!properties || !nm_openvpn_properties_validate (properties->data)) {
g_set_error (err,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"%s",
"Invalid arguments.");
goto out;
}
s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN));
g_assert (s_vpn);
if ((fd = nm_openvpn_start_openvpn_binary (NM_OPENVPN_PLUGIN (plugin), properties->data)) < 0) {
g_set_error (err,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"%s",
"Could not start openvpn binary.");
goto out;
}
if (!nm_openvpn_properties_validate (s_vpn->data, error));
return FALSE;
success = TRUE;
if (!nm_openvpn_start_openvpn_binary (NM_OPENVPN_PLUGIN (plugin), s_vpn->data, error))
return FALSE;
out:
/* FIXME: It never did that but I guess it should? */
/* close (fd); */
return success;
return TRUE;
}
static gboolean
@ -695,15 +751,15 @@ real_need_secrets (NMVPNPlugin *plugin,
char **setting_name,
GError **error)
{
NMSettingVPNProperties *s_vpn_props;
int connection_type;
NMSettingVPN *s_vpn;
const char *connection_type;
gboolean need_secrets = FALSE;
g_return_val_if_fail (NM_IS_VPN_PLUGIN (plugin), FALSE);
g_return_val_if_fail (NM_IS_CONNECTION (connection), FALSE);
s_vpn_props = NM_SETTING_VPN_PROPERTIES (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN_PROPERTIES));
if (!s_vpn_props) {
s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN));
if (!s_vpn) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID,
@ -712,30 +768,28 @@ real_need_secrets (NMVPNPlugin *plugin,
return FALSE;
}
connection_type = get_connection_type (s_vpn_props->data);
switch (connection_type) {
case NM_OPENVPN_CONTYPE_PASSWORD_TLS:
connection_type = get_connection_type (s_vpn->data);
if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
/* Will require username and password and maybe certificate password */
if (!g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_CERTPASS))
if (!g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_CERTPASS))
need_secrets = TRUE;
/* Fall through */
case NM_OPENVPN_CONTYPE_PASSWORD:
if (!g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_USERNAME) ||
!g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_PASSWORD))
need_secrets = TRUE;
} else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD)) {
/* Will require username and password */
if (!g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_USERNAME) ||
!g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_PASSWORD))
if (!g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_USERNAME) ||
!g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_PASSWORD))
need_secrets = TRUE;
break;
case NM_OPENVPN_CONTYPE_TLS:
} else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS)) {
/* May require certificate password */
if (!g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_CERTPASS))
if (!g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_CERTPASS))
need_secrets = TRUE;
break;
default:
break;
}
if (need_secrets)
*setting_name = NM_SETTING_VPN_PROPERTIES_SETTING_NAME;
*setting_name = NM_SETTING_VPN_SETTING_NAME;
return need_secrets;
}

18
vpn-daemons/openvpn/src/nm-openvpn-service.h
View file

@ -38,24 +38,15 @@
#define NM_DBUS_INTERFACE_OPENVPN "org.freedesktop.NetworkManager.openvpn"
#define NM_DBUS_PATH_OPENVPN "/org/freedesktop/NetworkManager/openvpn"
/* Do not change numbers, only add if needed!
See properties/nm-openvpn.c:connection_type_changed() for details
*/
#define NM_OPENVPN_CONTYPE_INVALID -1
#define NM_OPENVPN_CONTYPE_TLS 0
#define NM_OPENVPN_CONTYPE_STATIC_KEY 1
#define NM_OPENVPN_CONTYPE_PASSWORD 2
#define NM_OPENVPN_CONTYPE_PASSWORD_TLS 3
#define NM_OPENVPN_KEY_CA "ca"
#define NM_OPENVPN_KEY_CERT "cert"
#define NM_OPENVPN_KEY_CIPHER "cipher"
#define NM_OPENVPN_KEY_COMP_LZO "comp-lzo"
#define NM_OPENVPN_KEY_CONNECTION_TYPE "connection-type"
#define NM_OPENVPN_KEY_TAP_DEV "dev"
#define NM_OPENVPN_KEY_TAP_DEV "tap-dev"
#define NM_OPENVPN_KEY_KEY "key"
#define NM_OPENVPN_KEY_LOCAL_IP "local-ip"
#define NM_OPENVPN_KEY_PROTO_TCP "proto"
#define NM_OPENVPN_KEY_PROTO_TCP "proto-tcp"
#define NM_OPENVPN_KEY_PORT "port"
#define NM_OPENVPN_KEY_REMOTE "remote"
#define NM_OPENVPN_KEY_REMOTE_IP "remote-ip"
@ -69,6 +60,11 @@
#define NM_OPENVPN_KEY_CERTPASS "cert-pass"
#define NM_OPENVPN_KEY_NOSECRET "no-secret"
#define NM_OPENVPN_CONTYPE_TLS "tls"
#define NM_OPENVPN_CONTYPE_STATIC_KEY "static-key"
#define NM_OPENVPN_CONTYPE_PASSWORD "password"
#define NM_OPENVPN_CONTYPE_PASSWORD_TLS "password-tls"
typedef struct {
NMVPNPlugin parent;
} NMOpenvpnPlugin;