diff --git a/vpn-daemons/openvpn/ChangeLog b/vpn-daemons/openvpn/ChangeLog index d3bbfd4150..7155c791fa 100644 --- a/vpn-daemons/openvpn/ChangeLog +++ b/vpn-daemons/openvpn/ChangeLog @@ -1,3 +1,10 @@ +2008-08-11 Dan Williams + + Update to match NM svn3924 vpn setting changes; verify options better; + return more informative errors on VPN launch failures; change some config + options (tap-dev, proto-tcp, connection-type) to better reflect their + usage. + 2008-08-08 Dan Williams * src/nm-openvpn-service.c diff --git a/vpn-daemons/openvpn/auth-dialog/main.c b/vpn-daemons/openvpn/auth-dialog/main.c index ebfa10d1c8..5de7ff123e 100644 --- a/vpn-daemons/openvpn/auth-dialog/main.c +++ b/vpn-daemons/openvpn/auth-dialog/main.c @@ -32,6 +32,8 @@ #include #include #include +#include +#include #include "../src/nm-openvpn-service.h" #include "gnome-two-password-dialog.h" @@ -129,6 +131,7 @@ save_vpn_password (PasswordsInfo *info, const char *keyring) } } +#define PROC_TYPE_TAG "Proc-Type: 4,ENCRYPTED" /** Checks if a key is encrypted * The key file is read and it is checked if it contains a line reading @@ -140,27 +143,24 @@ save_vpn_password (PasswordsInfo *info, const char *keyring) static gboolean pem_is_encrypted (const char *filename) { - GIOChannel *pem_chan; char *str = NULL; gboolean encrypted = FALSE; pem_chan = g_io_channel_new_file (filename, "r", NULL); - - if ( pem_chan == NULL ) { - // We don't know + if (!pem_chan) return FALSE; - } - while ( ! encrypted && (g_io_channel_read_line (pem_chan, &str, NULL, NULL, NULL) != G_IO_STATUS_EOF) ) { - if ( strstr (str, "Proc-Type: 4,ENCRYPTED") == str ) { - // encrypted! + while (g_io_channel_read_line (pem_chan, &str, NULL, NULL, NULL) != G_IO_STATUS_EOF) { + if (strncmp (str, PROC_TYPE_TAG, strlen (PROC_TYPE_TAG)) == 0) { encrypted = TRUE; + break; } - g_free (str); } + g_io_channel_shutdown (pem_chan, FALSE, NULL); + g_object_unref (pem_chan); return encrypted; } @@ -270,7 +270,12 @@ get_password_types (PasswordsInfo *info) return FALSE; for (iter = conf_list; iter; iter = iter->next) { - key = g_strconcat ((char *) iter->data, "/connection/type", NULL); + const char *path = (const char *) iter->data; + + key = g_strdup_printf ("%s/%s/%s", + path, + NM_SETTING_CONNECTION_SETTING_NAME, + NM_SETTING_CONNECTION_TYPE); str = gconf_client_get_string (gconf_client, key, NULL); g_free (key); @@ -279,7 +284,10 @@ get_password_types (PasswordsInfo *info) continue; } - key = g_strconcat ((char *) iter->data, "/connection/id", NULL); + key = g_strdup_printf ("%s/%s/%s", + path, + NM_SETTING_CONNECTION_SETTING_NAME, + NM_SETTING_CONNECTION_ID); str = gconf_client_get_string (gconf_client, key, NULL); g_free (key); @@ -289,7 +297,7 @@ get_password_types (PasswordsInfo *info) } /* Woo, found the connection */ - connection_path = g_strdup ((char *) iter->data); + connection_path = g_strdup (path); break; } @@ -297,37 +305,32 @@ get_password_types (PasswordsInfo *info) g_slist_free (conf_list); if (connection_path) { - int connection_type; + const char *connection_type; - key = g_strconcat (connection_path, "/vpn-properties/connection-type", NULL); - connection_type = gconf_client_get_int (gconf_client, key, NULL); + key = g_strdup_printf ("%s/%s/%s", connection_path, NM_SETTING_VPN_SETTING_NAME, + NM_OPENVPN_KEY_CONNECTION_TYPE); + connection_type = gconf_client_get_string (gconf_client, key, NULL); g_free (key); - - switch (connection_type) { - case NM_OPENVPN_CONTYPE_PASSWORD_TLS: - info->need_password = TRUE; - /* Fall through */ - case NM_OPENVPN_CONTYPE_TLS: + + if ( !strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS) + || !strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) { success = TRUE; - key = g_strconcat (connection_path, "/vpn-properties/", NM_OPENVPN_KEY_KEY, NULL); + if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) + info->need_password = TRUE; + + key = g_strdup_printf ("%s/%s/%s", connection_path, NM_SETTING_VPN_SETTING_NAME, + NM_OPENVPN_KEY_KEY); str = gconf_client_get_string (gconf_client, key, NULL); - g_free (key); - if (str) { + if (str) info->need_certpass = pem_is_encrypted (str); - g_free (str); - } - break; - case NM_OPENVPN_CONTYPE_STATIC_KEY: + g_free (str); + g_free (key); + } else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_STATIC_KEY)) { success = TRUE; - break; - case NM_OPENVPN_CONTYPE_PASSWORD: + } else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD)) { success = TRUE; info->need_password = TRUE; - break; - default: - /* Invalid connection type */ - break; } g_free (connection_path); diff --git a/vpn-daemons/openvpn/properties/auth-helpers.c b/vpn-daemons/openvpn/properties/auth-helpers.c index 19f7572f2c..1141f844c0 100644 --- a/vpn-daemons/openvpn/properties/auth-helpers.c +++ b/vpn-daemons/openvpn/properties/auth-helpers.c @@ -30,6 +30,7 @@ #include #include #include +#include #include @@ -40,14 +41,14 @@ void tls_pw_init_auth_widget (GladeXML *xml, GtkSizeGroup *group, - NMSettingVPNProperties *s_vpn_props, - gint contype, + NMSettingVPN *s_vpn, + const char *contype, const char *prefix, ChangedCallback changed_cb, gpointer user_data) { GtkWidget *widget; - GValue *value; + const char *value; char *tmp; GtkFileFilter *filter; @@ -68,13 +69,13 @@ tls_pw_init_auth_widget (GladeXML *xml, _("Choose a Certificate Authority certificate...")); g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data); - if (s_vpn_props && s_vpn_props->data) { - value = g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_CA); - if (value && G_VALUE_HOLDS_STRING (value)) - gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), g_value_get_string (value)); + if (s_vpn && s_vpn->data) { + value = g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_CA); + if (value && strlen (value)) + gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); } - if (contype == NM_OPENVPN_CONTYPE_TLS || contype == NM_OPENVPN_CONTYPE_PASSWORD_TLS) { + if (!strcmp (contype, NM_OPENVPN_CONTYPE_TLS) || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) { tmp = g_strdup_printf ("%s_user_cert_chooser", prefix); widget = glade_xml_get_widget (xml, tmp); g_free (tmp); @@ -87,10 +88,10 @@ tls_pw_init_auth_widget (GladeXML *xml, _("Choose your personal certificate...")); g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data); - if (s_vpn_props && s_vpn_props->data) { - value = g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_CERT); - if (value && G_VALUE_HOLDS_STRING (value)) - gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), g_value_get_string (value)); + if (s_vpn && s_vpn->data) { + value = g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_CERT); + if (value && strlen (value)) + gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); } tmp = g_strdup_printf ("%s_private_key_chooser", prefix); @@ -105,23 +106,23 @@ tls_pw_init_auth_widget (GladeXML *xml, _("Choose your private key...")); g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data); - if (s_vpn_props && s_vpn_props->data) { - value = g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_KEY); - if (value && G_VALUE_HOLDS_STRING (value)) - gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), g_value_get_string (value)); + if (s_vpn && s_vpn->data) { + value = g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_KEY); + if (value && strlen (value)) + gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); } } - if (contype == NM_OPENVPN_CONTYPE_PASSWORD || contype == NM_OPENVPN_CONTYPE_PASSWORD_TLS) { + if (!strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD) || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) { tmp = g_strdup_printf ("%s_username_entry", prefix); widget = glade_xml_get_widget (xml, tmp); g_free (tmp); gtk_size_group_add_widget (group, widget); - if (s_vpn_props && s_vpn_props->data) { - value = g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_USERNAME); - if (value && G_VALUE_HOLDS_STRING (value)) - gtk_entry_set_text (GTK_ENTRY (widget), g_value_get_string (value)); + if (s_vpn && s_vpn->data) { + value = g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_USERNAME); + if (value && strlen (value)) + gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (changed_cb), user_data); } @@ -133,12 +134,12 @@ tls_pw_init_auth_widget (GladeXML *xml, void sk_init_auth_widget (GladeXML *xml, GtkSizeGroup *group, - NMSettingVPNProperties *s_vpn_props, + NMSettingVPN *s_vpn, ChangedCallback changed_cb, gpointer user_data) { GtkWidget *widget; - GValue *value = NULL; + const char *value = NULL; GtkListStore *store; GtkTreeIter iter; gint active = -1; @@ -158,18 +159,24 @@ sk_init_auth_widget (GladeXML *xml, _("Choose an OpenVPN static key...")); g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data); - if (s_vpn_props && s_vpn_props->data) { - value = g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_SHARED_KEY); - if (value && G_VALUE_HOLDS_STRING (value)) - gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), g_value_get_string (value)); + if (s_vpn && s_vpn->data) { + value = g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_SHARED_KEY); + if (value && strlen (value)) + gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); } store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_INT); - if (s_vpn_props && s_vpn_props->data) { - value = g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_SHARED_KEY_DIRECTION); - if (value && G_VALUE_HOLDS_INT (value)) - direction = g_value_get_int (value); + if (s_vpn && s_vpn->data) { + value = g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_SHARED_KEY_DIRECTION); + if (value && strlen (value)) { + long int tmp; + + errno = 0; + tmp = strtol (value, NULL, 10); + if (errno == 0 && (tmp == 0 || tmp == 1)) + direction = (guint32) tmp; + } } gtk_list_store_append (store, &iter); @@ -177,17 +184,13 @@ sk_init_auth_widget (GladeXML *xml, gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, SK_DIR_COL_NAME, "0", SK_DIR_COL_NUM, 0, -1); - if (value && G_VALUE_HOLDS_INT (value)) { - if (g_value_get_int (value) == 0) - active = 1; - } + if (direction == 0) + active = 1; gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, SK_DIR_COL_NAME, "1", SK_DIR_COL_NUM, 1, -1); - if (value && G_VALUE_HOLDS_INT (value)) { - if (g_value_get_int (value) == 1) - active = 2; - } + if (direction == 1) + active = 2; widget = glade_xml_get_widget (xml, "sk_direction_combo"); gtk_size_group_add_widget (group, widget); @@ -256,21 +259,17 @@ validate_tls (GladeXML *xml, const char *prefix, GError **error) } gboolean -auth_widget_check_validity (GladeXML *xml, gint contype, GError **error) +auth_widget_check_validity (GladeXML *xml, const char *contype, GError **error) { GtkWidget *widget; - gboolean is_valid = TRUE; const char *str; - switch (contype) { - case NM_OPENVPN_CONTYPE_TLS: - is_valid = validate_tls (xml, "tls", error); - break; - - case NM_OPENVPN_CONTYPE_PASSWORD_TLS: - is_valid = validate_tls (xml, "pw_tls", error); - if (!is_valid) - break; + if (!strcmp (contype, NM_OPENVPN_CONTYPE_TLS)) { + if (!validate_tls (xml, "tls", error)) + return FALSE; + } else if (!strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) { + if (!validate_tls (xml, "pw_tls", error)) + return FALSE; widget = glade_xml_get_widget (xml, "pw_tls_username_entry"); str = gtk_entry_get_text (GTK_ENTRY (widget)); @@ -279,18 +278,15 @@ auth_widget_check_validity (GladeXML *xml, gint contype, GError **error) OPENVPN_PLUGIN_UI_ERROR, OPENVPN_PLUGIN_UI_ERROR_INVALID_PROPERTY, NM_OPENVPN_KEY_USERNAME); - is_valid = FALSE; + return FALSE; } - break; - - case NM_OPENVPN_CONTYPE_PASSWORD: + } else if (!strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) { if (!validate_file_chooser (xml, "pw_ca_cert_chooser")) { g_set_error (error, OPENVPN_PLUGIN_UI_ERROR, OPENVPN_PLUGIN_UI_ERROR_INVALID_PROPERTY, NM_OPENVPN_KEY_CA); - is_valid = FALSE; - break; + return FALSE; } widget = glade_xml_get_widget (xml, "pw_username_entry"); str = gtk_entry_get_text (GTK_ENTRY (widget)); @@ -299,26 +295,20 @@ auth_widget_check_validity (GladeXML *xml, gint contype, GError **error) OPENVPN_PLUGIN_UI_ERROR, OPENVPN_PLUGIN_UI_ERROR_INVALID_PROPERTY, NM_OPENVPN_KEY_USERNAME); - is_valid = FALSE; + return FALSE; } - break; - - case NM_OPENVPN_CONTYPE_STATIC_KEY: + } else if (!strcmp (contype, NM_OPENVPN_CONTYPE_STATIC_KEY)) { if (!validate_file_chooser (xml, "sk_key_chooser")) { g_set_error (error, OPENVPN_PLUGIN_UI_ERROR, OPENVPN_PLUGIN_UI_ERROR_INVALID_PROPERTY, NM_OPENVPN_KEY_SHARED_KEY); - is_valid = FALSE; - break; + return FALSE; } - break; - - default: + } else g_assert_not_reached (); - } - return is_valid; + return TRUE; } static void @@ -326,7 +316,7 @@ update_from_filechooser (GladeXML *xml, const char *key, const char *prefix, const char *widget_name, - NMSettingVPNProperties *s_vpn_props) + NMSettingVPN *s_vpn) { GtkWidget *widget; char *tmp, *filename; @@ -335,8 +325,8 @@ update_from_filechooser (GladeXML *xml, g_return_if_fail (key != NULL); g_return_if_fail (prefix != NULL); g_return_if_fail (widget_name != NULL); - g_return_if_fail (s_vpn_props != NULL); - g_return_if_fail (s_vpn_props->data != NULL); + g_return_if_fail (s_vpn != NULL); + g_return_if_fail (s_vpn->data != NULL); tmp = g_strdup_printf ("%s_%s", prefix, widget_name); widget = glade_xml_get_widget (xml, tmp); @@ -347,21 +337,21 @@ update_from_filechooser (GladeXML *xml, return; if (strlen (filename)) - g_hash_table_insert (s_vpn_props->data, g_strdup (key), str_to_gvalue (filename)); + g_hash_table_insert (s_vpn->data, g_strdup (key), g_strdup (filename)); g_free (filename); } static void -update_tls (GladeXML *xml, const char *prefix, NMSettingVPNProperties *s_vpn_props) +update_tls (GladeXML *xml, const char *prefix, NMSettingVPN *s_vpn) { - update_from_filechooser (xml, NM_OPENVPN_KEY_CA, prefix, "ca_cert_chooser", s_vpn_props); - update_from_filechooser (xml, NM_OPENVPN_KEY_CERT, prefix, "user_cert_chooser", s_vpn_props); - update_from_filechooser (xml, NM_OPENVPN_KEY_KEY, prefix, "private_key_chooser", s_vpn_props); + update_from_filechooser (xml, NM_OPENVPN_KEY_CA, prefix, "ca_cert_chooser", s_vpn); + update_from_filechooser (xml, NM_OPENVPN_KEY_CERT, prefix, "user_cert_chooser", s_vpn); + update_from_filechooser (xml, NM_OPENVPN_KEY_KEY, prefix, "private_key_chooser", s_vpn); } static void -update_username (GladeXML *xml, const char *prefix, NMSettingVPNProperties *s_vpn_props) +update_username (GladeXML *xml, const char *prefix, NMSettingVPN *s_vpn) { GtkWidget *widget; char *tmp; @@ -369,8 +359,8 @@ update_username (GladeXML *xml, const char *prefix, NMSettingVPNProperties *s_vp g_return_if_fail (xml != NULL); g_return_if_fail (prefix != NULL); - g_return_if_fail (s_vpn_props != NULL); - g_return_if_fail (s_vpn_props->data != NULL); + g_return_if_fail (s_vpn != NULL); + g_return_if_fail (s_vpn->data != NULL); tmp = g_strdup_printf ("%s_username_entry", prefix); widget = glade_xml_get_widget (xml, tmp); @@ -378,38 +368,31 @@ update_username (GladeXML *xml, const char *prefix, NMSettingVPNProperties *s_vp str = gtk_entry_get_text (GTK_ENTRY (widget)); if (str && strlen (str)) { - g_hash_table_insert (s_vpn_props->data, + g_hash_table_insert (s_vpn->data, g_strdup (NM_OPENVPN_KEY_USERNAME), - str_to_gvalue (str)); + g_strdup (str)); } } gboolean auth_widget_update_connection (GladeXML *xml, - gint contype, - NMSettingVPNProperties *s_vpn_props) + const char *contype, + NMSettingVPN *s_vpn) { GtkTreeModel *model; GtkTreeIter iter; GtkWidget *widget; - switch (contype) { - case NM_OPENVPN_CONTYPE_TLS: - update_tls (xml, "tls", s_vpn_props); - break; - - case NM_OPENVPN_CONTYPE_PASSWORD: - update_from_filechooser (xml, NM_OPENVPN_KEY_CA, "pw", "ca_cert_chooser", s_vpn_props); - update_username (xml, "pw", s_vpn_props); - break; - - case NM_OPENVPN_CONTYPE_PASSWORD_TLS: - update_tls (xml, "pw_tls", s_vpn_props); - update_username (xml, "pw_tls", s_vpn_props); - break; - - case NM_OPENVPN_CONTYPE_STATIC_KEY: - update_from_filechooser (xml, NM_OPENVPN_KEY_SHARED_KEY, "sk", "key_chooser", s_vpn_props); + if (!strcmp (contype, NM_OPENVPN_CONTYPE_TLS)) { + update_tls (xml, "tls", s_vpn); + } else if (!strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) { + update_from_filechooser (xml, NM_OPENVPN_KEY_CA, "pw", "ca_cert_chooser", s_vpn); + update_username (xml, "pw", s_vpn); + } else if (!strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) { + update_tls (xml, "pw_tls", s_vpn); + update_username (xml, "pw_tls", s_vpn); + } else if (!strcmp (contype, NM_OPENVPN_CONTYPE_STATIC_KEY)) { + update_from_filechooser (xml, NM_OPENVPN_KEY_SHARED_KEY, "sk", "key_chooser", s_vpn); widget = glade_xml_get_widget (xml, "sk_direction_combo"); g_assert (widget); model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); @@ -418,16 +401,13 @@ auth_widget_update_connection (GladeXML *xml, gtk_tree_model_get (model, &iter, SK_DIR_COL_NUM, &direction, -1); if (direction > -1) { - g_hash_table_insert (s_vpn_props->data, + g_hash_table_insert (s_vpn->data, g_strdup (NM_OPENVPN_KEY_SHARED_KEY_DIRECTION), - int_to_gvalue (direction)); + g_strdup_printf ("%d", direction)); } } - break; - - default: + } else g_assert_not_reached (); - } return TRUE; } @@ -580,15 +560,6 @@ sk_file_chooser_filter_new (void) return filter; } -static void -nm_gvalue_destroy (gpointer data) -{ - GValue *value = (GValue *) data; - - g_value_unset (value); - g_slice_free (GValue, value); -} - static const char *advanced_keys[] = { NM_OPENVPN_KEY_PORT, NM_OPENVPN_KEY_COMP_LZO, @@ -604,26 +575,14 @@ static void copy_values (gpointer key, gpointer data, gpointer user_data) { GHashTable *hash = (GHashTable *) user_data; - GValue *value = (GValue *) data; + const char *value = (const char *) data; const char **i; for (i = &advanced_keys[0]; *i; i++) { if (strcmp ((const char *) key, *i)) continue; - if (G_VALUE_HOLDS_STRING (value)) { - g_hash_table_insert (hash, - g_strdup ((const char *) key), - str_to_gvalue (g_value_get_string (value))); - } else if (G_VALUE_HOLDS_INT (value)) { - g_hash_table_insert (hash, - g_strdup ((const char *) key), - int_to_gvalue (g_value_get_int (value))); - } else if (G_VALUE_HOLDS_BOOLEAN (value)) { - g_hash_table_insert (hash, - g_strdup ((const char *) key), - bool_to_gvalue (g_value_get_boolean (value))); - } + g_hash_table_insert (hash, g_strdup ((const char *) key), g_strdup (value)); } } @@ -632,13 +591,13 @@ advanced_dialog_new_hash_from_connection (NMConnection *connection, GError **error) { GHashTable *hash; - NMSettingVPNProperties *s_vpn_props; + NMSettingVPN *s_vpn; - hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, nm_gvalue_destroy); + hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free); - s_vpn_props = (NMSettingVPNProperties *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN_PROPERTIES); - if (s_vpn_props && s_vpn_props->data) - g_hash_table_foreach (s_vpn_props->data, copy_values, hash); + s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN); + if (s_vpn && s_vpn->data) + g_hash_table_foreach (s_vpn->data, copy_values, hash); return hash; } @@ -781,13 +740,13 @@ tls_auth_toggled_cb (GtkWidget *widget, gpointer user_data) #define TA_DIR_COL_NUM 1 GtkWidget * -advanced_dialog_new (GHashTable *hash, int contype) +advanced_dialog_new (GHashTable *hash, const char *contype) { GladeXML *xml; GtkWidget *dialog = NULL; char *glade_file = NULL; GtkWidget *widget; - GValue *value; + const char *value; g_return_val_if_fail (hash != NULL, NULL); @@ -811,12 +770,18 @@ advanced_dialog_new (GHashTable *hash, int contype) g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (port_toggled_cb), xml); value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_PORT); - if (value && G_VALUE_HOLDS_INT (value)) { - gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); + if (value && strlen (value)) { + long int tmp; - widget = glade_xml_get_widget (xml, "port_spinbutton"); - gtk_spin_button_set_value (GTK_SPIN_BUTTON (widget), - (gdouble) g_value_get_int (value)); + errno = 0; + tmp = strtol (value, NULL, 10); + if (errno == 0 && tmp > 0 && tmp < 65536 && tmp != 1194) { + gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); + + widget = glade_xml_get_widget (xml, "port_spinbutton"); + gtk_spin_button_set_value (GTK_SPIN_BUTTON (widget), + (gdouble) tmp); + } gtk_widget_set_sensitive (widget, TRUE); } else { gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), FALSE); @@ -827,54 +792,46 @@ advanced_dialog_new (GHashTable *hash, int contype) } value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_COMP_LZO); - if (value && G_VALUE_HOLDS_BOOLEAN (value)) { + if (value && !strcmp (value, "yes")) { widget = glade_xml_get_widget (xml, "lzo_checkbutton"); - if (g_value_get_boolean (value)) - gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); + gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); } value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_PROTO_TCP); - if (value && G_VALUE_HOLDS_BOOLEAN (value)) { + if (value && !strcmp (value, "yes")) { widget = glade_xml_get_widget (xml, "tcp_checkbutton"); - if (g_value_get_boolean (value)) - gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); + gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); } value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TAP_DEV); - if (value && G_VALUE_HOLDS_BOOLEAN (value)) { + if (value && !strcmp (value, "yes")) { widget = glade_xml_get_widget (xml, "tap_checkbutton"); - if (g_value_get_boolean (value)) - gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); + gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); } - if (contype != NM_OPENVPN_CONTYPE_TLS && contype != NM_OPENVPN_CONTYPE_PASSWORD_TLS) { + if (strcmp (contype, NM_OPENVPN_CONTYPE_TLS) && strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) { widget = glade_xml_get_widget (xml, "options_notebook"); gtk_notebook_remove_page (GTK_NOTEBOOK (widget), 1); } else { - char *user_cipher = NULL; GtkListStore *store; GtkTreeIter iter; int direction = -1, active = -1; widget = glade_xml_get_widget (xml, "cipher_combo"); value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_CIPHER); - if (value && G_VALUE_HOLDS_STRING (value)) - user_cipher = (char *) g_value_get_string (value); - populate_cipher_combo (GTK_COMBO_BOX (widget), user_cipher); + populate_cipher_combo (GTK_COMBO_BOX (widget), value); widget = glade_xml_get_widget (xml, "tls_auth_checkbutton"); value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA); - if (value && G_VALUE_HOLDS_STRING (value)) { - if (strlen (g_value_get_string (value))) - gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); - } + if (value && strlen (value)) + gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (tls_auth_toggled_cb), xml); tls_auth_toggled_cb (widget, xml); widget = glade_xml_get_widget (xml, "direction_combo"); value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA_DIR); - if (value && G_VALUE_HOLDS_STRING (value)) { - direction = (int) strtol (g_value_get_string (value), NULL, 10); + if (value && strlen (value)) { + direction = (int) strtol (value, NULL, 10); /* If direction is not 0 or 1, use no direction */ if (direction != 0 && direction != 1) direction = -1; @@ -900,9 +857,9 @@ advanced_dialog_new (GHashTable *hash, int contype) gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active); value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA); - if (value && G_VALUE_HOLDS_STRING (value)) { + if (value && strlen (value)) { widget = glade_xml_get_widget (xml, "tls_auth_chooser"); - gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), g_value_get_string (value)); + gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); } } @@ -917,7 +874,7 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error) GHashTable *hash; GtkWidget *widget; GladeXML *xml; - int contype = NM_OPENVPN_CONTYPE_INVALID; + const char *contype = NULL; g_return_val_if_fail (dialog != NULL, NULL); if (error) @@ -926,7 +883,7 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error) xml = g_object_get_data (G_OBJECT (dialog), "glade-xml"); g_return_val_if_fail (xml != NULL, NULL); - hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, nm_gvalue_destroy); + hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free); widget = glade_xml_get_widget (xml, "port_checkbutton"); if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { @@ -934,23 +891,23 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error) widget = glade_xml_get_widget (xml, "port_spinbutton"); port = gtk_spin_button_get_value_as_int (GTK_SPIN_BUTTON (widget)); - g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_PORT), int_to_gvalue (port)); + g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_PORT), g_strdup_printf ("%d", port)); } widget = glade_xml_get_widget (xml, "lzo_checkbutton"); if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) - g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_COMP_LZO), bool_to_gvalue (TRUE)); + g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_COMP_LZO), g_strdup ("yes")); widget = glade_xml_get_widget (xml, "tcp_checkbutton"); if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) - g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_PROTO_TCP), bool_to_gvalue (TRUE)); + g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_PROTO_TCP), g_strdup ("yes")); widget = glade_xml_get_widget (xml, "tap_checkbutton"); if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) - g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_TAP_DEV), bool_to_gvalue (TRUE)); + g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_TAP_DEV), g_strdup ("yes")); - contype = GPOINTER_TO_INT (g_object_get_data (G_OBJECT (dialog), "connection-type")); - if (contype == NM_OPENVPN_CONTYPE_TLS || contype == NM_OPENVPN_CONTYPE_PASSWORD_TLS) { + contype = g_object_get_data (G_OBJECT (dialog), "connection-type"); + if (!strcmp (contype, NM_OPENVPN_CONTYPE_TLS) || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) { GtkTreeModel *model; GtkTreeIter iter; @@ -964,8 +921,7 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error) TLS_CIPHER_COL_NAME, &cipher, TLS_CIPHER_COL_DEFAULT, &is_default, -1); if (!is_default && cipher) { - g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_CIPHER), - str_to_gvalue (cipher)); + g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_CIPHER), g_strdup (cipher)); } } @@ -976,8 +932,7 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error) widget = glade_xml_get_widget (xml, "tls_auth_chooser"); filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); if (filename && strlen (filename)) { - g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_TA), - str_to_gvalue (filename)); + g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_TA), g_strdup (filename)); } g_free (filename); @@ -988,11 +943,8 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error) gtk_tree_model_get (model, &iter, TA_DIR_COL_NUM, &direction, -1); if (direction >= 0) { - char str_dir[2] = { '0', '\0' }; - - str_dir[0] = (direction == 0) ? '0' : '1'; g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_TA_DIR), - str_to_gvalue (str_dir)); + g_strdup_printf ("%d", direction)); } } } diff --git a/vpn-daemons/openvpn/properties/auth-helpers.h b/vpn-daemons/openvpn/properties/auth-helpers.h index 80c3955d3e..7168221627 100644 --- a/vpn-daemons/openvpn/properties/auth-helpers.h +++ b/vpn-daemons/openvpn/properties/auth-helpers.h @@ -28,35 +28,35 @@ #include #include -#include +#include typedef void (*ChangedCallback) (GtkWidget *widget, gpointer user_data); void tls_pw_init_auth_widget (GladeXML *xml, GtkSizeGroup *group, - NMSettingVPNProperties *s_vpn_props, - gint contype, + NMSettingVPN *s_vpn, + const char *contype, const char *prefix, ChangedCallback changed_cb, gpointer user_data); void sk_init_auth_widget (GladeXML *xml, GtkSizeGroup *group, - NMSettingVPNProperties *s_vpn_props, + NMSettingVPN *s_vpn, ChangedCallback changed_cb, gpointer user_data); -gboolean auth_widget_check_validity (GladeXML *xml, gint contype, GError **error); +gboolean auth_widget_check_validity (GladeXML *xml, const char *contype, GError **error); gboolean auth_widget_update_connection (GladeXML *xml, - gint contype, - NMSettingVPNProperties *s_vpn_props); + const char *contype, + NMSettingVPN *s_vpn); GtkFileFilter *tls_file_chooser_filter_new (void); GtkFileFilter *sk_file_chooser_filter_new (void); -GtkWidget *advanced_dialog_new (GHashTable *hash, int contype); +GtkWidget *advanced_dialog_new (GHashTable *hash, const char *contype); GHashTable *advanced_dialog_new_hash_from_connection (NMConnection *connection, GError **error); diff --git a/vpn-daemons/openvpn/properties/import-export.c b/vpn-daemons/openvpn/properties/import-export.c index fa9251a25d..61de2c3a54 100644 --- a/vpn-daemons/openvpn/properties/import-export.c +++ b/vpn-daemons/openvpn/properties/import-export.c @@ -35,7 +35,6 @@ #include #include -#include #include #include @@ -104,7 +103,7 @@ handle_path_item (const char *line, if (leftover && *file) *leftover = file + 1; - g_hash_table_insert (hash, g_strdup (key), str_to_gvalue (unquoted)); + g_hash_table_insert (hash, g_strdup (key), g_strdup (unquoted)); g_free (unquoted); out: @@ -143,9 +142,12 @@ handle_direction (const char *tag, const char *key, char *leftover, GHashTable * errno = 0; direction = strtol (leftover, NULL, 10); - if ((errno == 0) && ((direction == 0) || (direction == 1))) - g_hash_table_insert (hash, g_strdup (key), int_to_gvalue (direction)); - else + if (errno == 0) { + if (direction == 0) + g_hash_table_insert (hash, g_strdup (key), g_strdup ("0")); + else if (direction == 1) + g_hash_table_insert (hash, g_strdup (key), g_strdup ("1")); + } else g_warning ("%s: unknown %s direction '%s'", __func__, tag, leftover); } @@ -155,12 +157,11 @@ do_import (const char *path, char **lines, GError **error) NMConnection *connection = NULL; NMSettingConnection *s_con; NMSettingVPN *s_vpn; - NMSettingVPNProperties *s_vpn_props; char *last_dot; char **line; gboolean have_client = FALSE, have_remote = FALSE; gboolean have_pass = FALSE, have_sk = FALSE; - int ctype = NM_OPENVPN_CONTYPE_INVALID; + const char *ctype = NULL; connection = nm_connection_new (); s_con = NM_SETTING_CONNECTION (nm_setting_connection_new ()); @@ -168,10 +169,6 @@ do_import (const char *path, char **lines, GError **error) s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ()); s_vpn->service_type = g_strdup (NM_DBUS_SERVICE_OPENVPN); - nm_connection_add_setting (connection, NM_SETTING (s_vpn)); - - s_vpn_props = NM_SETTING_VPN_PROPERTIES (nm_setting_vpn_properties_new ()); - nm_connection_add_setting (connection, NM_SETTING (s_vpn_props)); s_con->id = g_path_get_basename (path); last_dot = strrchr (s_con->id, '.'); @@ -195,9 +192,9 @@ do_import (const char *path, char **lines, GError **error) if (strstr (*line, "tun")) { /* ignore; default is tun */ } else if (strstr (*line, "tap")) { - g_hash_table_insert (s_vpn_props->data, + g_hash_table_insert (s_vpn->data, g_strdup (NM_OPENVPN_KEY_TAP_DEV), - bool_to_gvalue (TRUE)); + g_strdup ("yes")); } else g_warning ("%s: unknown dev option '%s'", __func__, *line); @@ -208,9 +205,9 @@ do_import (const char *path, char **lines, GError **error) if (strstr (*line, "udp")) { /* ignore; udp is default */ } else if (strstr (*line, "tcp")) { - g_hash_table_insert (s_vpn_props->data, + g_hash_table_insert (s_vpn->data, g_strdup (NM_OPENVPN_KEY_PROTO_TCP), - bool_to_gvalue (TRUE)); + g_strdup ("yes")); } else g_warning ("%s: unknown proto option '%s'", __func__, *line); @@ -218,9 +215,9 @@ do_import (const char *path, char **lines, GError **error) } if (!strncmp (*line, COMP_TAG, strlen (COMP_TAG))) { - g_hash_table_insert (s_vpn_props->data, + g_hash_table_insert (s_vpn->data, g_strdup (NM_OPENVPN_KEY_COMP_LZO), - bool_to_gvalue (TRUE)); + g_strdup ("yes")); continue; } @@ -230,9 +227,9 @@ do_import (const char *path, char **lines, GError **error) continue; if (g_strv_length (items) >= 1) { - g_hash_table_insert (s_vpn_props->data, + g_hash_table_insert (s_vpn->data, g_strdup (NM_OPENVPN_KEY_REMOTE), - str_to_gvalue (items[0])); + g_strdup (items[0])); have_remote = TRUE; if (g_strv_length (items) >= 2) { @@ -241,44 +238,44 @@ do_import (const char *path, char **lines, GError **error) errno = 0; port = strtol (items[1], NULL, 10); if ((errno == 0) && (port > 0) && (port < 65536)) { - g_hash_table_insert (s_vpn_props->data, + g_hash_table_insert (s_vpn->data, g_strdup (NM_OPENVPN_KEY_PORT), - int_to_gvalue (port)); + g_strdup_printf ("%d", (guint32) port)); } else g_warning ("%s: invalid remote port in option '%s'", __func__, *line); } } g_strfreev (items); - if (!g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_REMOTE)) + if (!g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_REMOTE)) g_warning ("%s: unknown remote option '%s'", __func__, *line); continue; } - if (handle_path_item (*line, CA_TAG, NM_OPENVPN_KEY_CA, s_vpn_props->data, NULL)) + if (handle_path_item (*line, CA_TAG, NM_OPENVPN_KEY_CA, s_vpn->data, NULL)) continue; - if (handle_path_item (*line, CERT_TAG, NM_OPENVPN_KEY_CERT, s_vpn_props->data, NULL)) + if (handle_path_item (*line, CERT_TAG, NM_OPENVPN_KEY_CERT, s_vpn->data, NULL)) continue; - if (handle_path_item (*line, KEY_TAG, NM_OPENVPN_KEY_KEY, s_vpn_props->data, NULL)) + if (handle_path_item (*line, KEY_TAG, NM_OPENVPN_KEY_KEY, s_vpn->data, NULL)) continue; if (handle_path_item (*line, SECRET_TAG, NM_OPENVPN_KEY_SHARED_KEY, - s_vpn_props->data, &leftover)) { + s_vpn->data, &leftover)) { handle_direction ("secret", NM_OPENVPN_KEY_SHARED_KEY_DIRECTION, leftover, - s_vpn_props->data); + s_vpn->data); continue; } if (handle_path_item (*line, TLS_AUTH_TAG, NM_OPENVPN_KEY_TA, - s_vpn_props->data, &leftover)) { + s_vpn->data, &leftover)) { handle_direction ("tls-auth", NM_OPENVPN_KEY_TA_DIR, leftover, - s_vpn_props->data); + s_vpn->data); continue; } @@ -288,9 +285,9 @@ do_import (const char *path, char **lines, GError **error) continue; if (g_strv_length (items)) { - g_hash_table_insert (s_vpn_props->data, + g_hash_table_insert (s_vpn->data, g_strdup (NM_OPENVPN_KEY_CIPHER), - str_to_gvalue (items[0])); + g_strdup (items[0])); } g_strfreev (items); continue; @@ -302,12 +299,12 @@ do_import (const char *path, char **lines, GError **error) continue; if (g_strv_length (items) == 2) { - g_hash_table_insert (s_vpn_props->data, + g_hash_table_insert (s_vpn->data, g_strdup (NM_OPENVPN_KEY_LOCAL_IP), - str_to_gvalue (items[0])); - g_hash_table_insert (s_vpn_props->data, + g_strdup (items[0])); + g_hash_table_insert (s_vpn->data, g_strdup (NM_OPENVPN_KEY_REMOTE_IP), - str_to_gvalue (items[1])); + g_strdup (items[1])); } else g_warning ("%s: unknown ifconfig option '%s'", __func__, *line); g_strfreev (items); @@ -318,7 +315,7 @@ do_import (const char *path, char **lines, GError **error) have_pass = TRUE; } - if (g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_SHARED_KEY)) + if (g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_SHARED_KEY)) have_sk = TRUE; if (!have_client && !have_sk) { @@ -338,12 +335,12 @@ do_import (const char *path, char **lines, GError **error) } else { gboolean have_certs = FALSE, have_ca = FALSE; - if (g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_CA)) + if (g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_CA)) have_ca = TRUE; if ( have_ca - && g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_CERT) - && g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_KEY)) + && g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_CERT) + && g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_KEY)) have_certs = TRUE; /* Determine connection type */ @@ -357,14 +354,15 @@ do_import (const char *path, char **lines, GError **error) } else if (have_sk) ctype = NM_OPENVPN_CONTYPE_STATIC_KEY; - if (ctype == NM_OPENVPN_CONTYPE_INVALID) + if (!ctype) ctype = NM_OPENVPN_CONTYPE_TLS; - g_hash_table_insert (s_vpn_props->data, + g_hash_table_insert (s_vpn->data, g_strdup (NM_OPENVPN_KEY_CONNECTION_TYPE), - int_to_gvalue (ctype)); + g_strdup (ctype)); } + nm_connection_add_setting (connection, NM_SETTING (s_vpn)); return connection; } @@ -375,4 +373,3 @@ do_export (const char *path, NMConnection *connection, GError **error) } - diff --git a/vpn-daemons/openvpn/properties/nm-openvpn.c b/vpn-daemons/openvpn/properties/nm-openvpn.c index ad3f023943..c1a95759b3 100644 --- a/vpn-daemons/openvpn/properties/nm-openvpn.c +++ b/vpn-daemons/openvpn/properties/nm-openvpn.c @@ -41,7 +41,6 @@ #include #include -#include #include #include @@ -133,7 +132,7 @@ check_validity (OpenvpnPluginUiWidget *self, GError **error) const char *str; GtkTreeModel *model; GtkTreeIter iter; - gint contype = NM_OPENVPN_CONTYPE_INVALID; + const char *contype = NULL; widget = glade_xml_get_widget (priv->xml, "gateway_entry"); str = gtk_entry_get_text (GTK_ENTRY (widget)); @@ -226,7 +225,7 @@ advanced_button_clicked_cb (GtkWidget *button, gpointer user_data) GtkWidget *dialog, *toplevel, *widget; GtkTreeModel *model; GtkTreeIter iter; - int contype = NM_OPENVPN_CONTYPE_INVALID; + const char *contype = NULL; toplevel = gtk_widget_get_toplevel (priv->widget); g_return_if_fail (GTK_WIDGET_TOPLEVEL (toplevel)); @@ -259,15 +258,15 @@ static gboolean init_plugin_ui (OpenvpnPluginUiWidget *self, NMConnection *connection, GError **error) { OpenvpnPluginUiWidgetPrivate *priv = OPENVPN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); - NMSettingVPNProperties *s_vpn_props; + NMSettingVPN *s_vpn; GtkWidget *widget; GtkListStore *store; GtkTreeIter iter; int active = -1; - GValue *value; - gint contype = NM_OPENVPN_CONTYPE_TLS; + const char *value; + const char *contype = NM_OPENVPN_CONTYPE_TLS; - s_vpn_props = (NMSettingVPNProperties *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN_PROPERTIES); + s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN); priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL); @@ -275,10 +274,10 @@ init_plugin_ui (OpenvpnPluginUiWidget *self, NMConnection *connection, GError ** if (!widget) return FALSE; gtk_size_group_add_widget (priv->group, widget); - if (s_vpn_props) { - value = g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_REMOTE); - if (value && G_VALUE_HOLDS_STRING (value)) - gtk_entry_set_text (GTK_ENTRY (widget), g_value_get_string (value)); + if (s_vpn) { + value = g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_REMOTE); + if (value) + gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); @@ -287,19 +286,22 @@ init_plugin_ui (OpenvpnPluginUiWidget *self, NMConnection *connection, GError ** return FALSE; gtk_size_group_add_widget (priv->group, widget); - store = gtk_list_store_new (3, G_TYPE_STRING, G_TYPE_INT, G_TYPE_INT); + store = gtk_list_store_new (3, G_TYPE_STRING, G_TYPE_INT, G_TYPE_STRING); - if (s_vpn_props && s_vpn_props->data) { - value = g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_CONNECTION_TYPE); - if (value && G_VALUE_HOLDS_INT (value)) { - contype = g_value_get_int (value); - if ((contype < NM_OPENVPN_CONTYPE_TLS) || (contype > NM_OPENVPN_CONTYPE_PASSWORD_TLS)) + if (s_vpn && s_vpn->data) { + contype = g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_CONNECTION_TYPE); + if (contype) { + if ( strcmp (contype, NM_OPENVPN_CONTYPE_TLS) + && strcmp (contype, NM_OPENVPN_CONTYPE_STATIC_KEY) + && strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD) + && strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) contype = NM_OPENVPN_CONTYPE_TLS; - } + } else + contype = NM_OPENVPN_CONTYPE_TLS; } /* TLS auth widget */ - tls_pw_init_auth_widget (priv->xml, priv->group, s_vpn_props, + tls_pw_init_auth_widget (priv->xml, priv->group, s_vpn, NM_OPENVPN_CONTYPE_TLS, "tls", stuff_changed_cb, self); @@ -311,7 +313,7 @@ init_plugin_ui (OpenvpnPluginUiWidget *self, NMConnection *connection, GError ** -1); /* Password auth widget */ - tls_pw_init_auth_widget (priv->xml, priv->group, s_vpn_props, + tls_pw_init_auth_widget (priv->xml, priv->group, s_vpn, NM_OPENVPN_CONTYPE_PASSWORD, "pw", stuff_changed_cb, self); @@ -321,11 +323,11 @@ init_plugin_ui (OpenvpnPluginUiWidget *self, NMConnection *connection, GError ** COL_AUTH_PAGE, 1, COL_AUTH_TYPE, NM_OPENVPN_CONTYPE_PASSWORD, -1); - if ((active < 0) && (contype == NM_OPENVPN_CONTYPE_PASSWORD)) + if ((active < 0) && !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) active = 1; /* Password+TLS auth widget */ - tls_pw_init_auth_widget (priv->xml, priv->group, s_vpn_props, + tls_pw_init_auth_widget (priv->xml, priv->group, s_vpn, NM_OPENVPN_CONTYPE_PASSWORD_TLS, "pw_tls", stuff_changed_cb, self); @@ -335,11 +337,11 @@ init_plugin_ui (OpenvpnPluginUiWidget *self, NMConnection *connection, GError ** COL_AUTH_PAGE, 2, COL_AUTH_TYPE, NM_OPENVPN_CONTYPE_PASSWORD_TLS, -1); - if ((active < 0) && (contype == NM_OPENVPN_CONTYPE_PASSWORD_TLS)) + if ((active < 0) && !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) active = 2; /* Static key auth widget */ - sk_init_auth_widget (priv->xml, priv->group, s_vpn_props, stuff_changed_cb, self); + sk_init_auth_widget (priv->xml, priv->group, s_vpn, stuff_changed_cb, self); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, @@ -347,7 +349,7 @@ init_plugin_ui (OpenvpnPluginUiWidget *self, NMConnection *connection, GError ** COL_AUTH_PAGE, 3, COL_AUTH_TYPE, NM_OPENVPN_CONTYPE_STATIC_KEY, -1); - if ((active < 0) && (contype == NM_OPENVPN_CONTYPE_STATIC_KEY)) + if ((active < 0) && !strcmp (contype, NM_OPENVPN_CONTYPE_STATIC_KEY)) active = 3; gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); @@ -370,64 +372,13 @@ get_widget (NMVpnPluginUiWidgetInterface *iface) return G_OBJECT (priv->widget); } -GValue * -str_to_gvalue (const char *str) -{ - GValue *value; - - value = g_slice_new0 (GValue); - g_value_init (value, G_TYPE_STRING); - g_value_set_string (value, str); - - return value; -} - -GValue * -bool_to_gvalue (gboolean b) -{ - GValue *value; - - value = g_slice_new0 (GValue); - g_value_init (value, G_TYPE_BOOLEAN); - g_value_set_boolean (value, b); - - return value; -} - -GValue * -int_to_gvalue (gint i) -{ - GValue *value; - - value = g_slice_new0 (GValue); - g_value_init (value, G_TYPE_INT); - g_value_set_int (value, i); - - return value; -} - static void hash_copy_advanced (gpointer key, gpointer data, gpointer user_data) { GHashTable *hash = (GHashTable *) user_data; - GValue *value = (GValue *) data; + const char *value = (const char *) data; - if (G_VALUE_HOLDS_STRING (value)) { - g_hash_table_insert (hash, - g_strdup ((const char *) key), - str_to_gvalue (g_value_get_string (value))); - } else if (G_VALUE_HOLDS_INT (value)) { - g_hash_table_insert (hash, - g_strdup ((const char *) key), - int_to_gvalue (g_value_get_int (value))); - } else if (G_VALUE_HOLDS_BOOLEAN (value)) { - g_hash_table_insert (hash, - g_strdup ((const char *) key), - bool_to_gvalue (g_value_get_boolean (value))); - } else { - g_warning ("%s: unhandled key '%s' of type '%s'", - __func__, (const char *) key, G_VALUE_TYPE_NAME (value)); - } + g_hash_table_insert (hash, g_strdup ((const char *) key), g_strdup (value)); } static gboolean @@ -438,55 +389,42 @@ update_connection (NMVpnPluginUiWidgetInterface *iface, OpenvpnPluginUiWidget *self = OPENVPN_PLUGIN_UI_WIDGET (iface); OpenvpnPluginUiWidgetPrivate *priv = OPENVPN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); NMSettingVPN *s_vpn; - NMSettingVPNProperties *s_vpn_props; GtkWidget *widget; char *str; GtkTreeModel *model; GtkTreeIter iter; gboolean valid = FALSE; - int auth_type = NM_OPENVPN_CONTYPE_INVALID; + const char *auth_type = NULL; if (!check_validity (self, error)) return FALSE; s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ()); s_vpn->service_type = g_strdup (NM_DBUS_SERVICE_OPENVPN); - nm_connection_add_setting (connection, NM_SETTING (s_vpn)); - - s_vpn_props = NM_SETTING_VPN_PROPERTIES (nm_setting_vpn_properties_new ()); /* Gateway */ widget = glade_xml_get_widget (priv->xml, "gateway_entry"); str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); if (str && strlen (str)) { - g_hash_table_insert (s_vpn_props->data, + g_hash_table_insert (s_vpn->data, g_strdup (NM_OPENVPN_KEY_REMOTE), - str_to_gvalue (str)); + g_strdup (str)); } widget = glade_xml_get_widget (priv->xml, "auth_combo"); model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) { gtk_tree_model_get (model, &iter, COL_AUTH_TYPE, &auth_type, -1); - if ( (auth_type > NM_OPENVPN_CONTYPE_INVALID) - && (auth_type <= NM_OPENVPN_CONTYPE_PASSWORD_TLS)) { - g_hash_table_insert (s_vpn_props->data, - g_strdup (NM_OPENVPN_KEY_CONNECTION_TYPE), - int_to_gvalue (auth_type)); - auth_widget_update_connection (priv->xml, auth_type, s_vpn_props); - } else { - g_set_error (error, - OPENVPN_PLUGIN_UI_ERROR, - OPENVPN_PLUGIN_UI_ERROR_INVALID_PROPERTY, - NM_OPENVPN_KEY_CONNECTION_TYPE); - goto done; - } + g_hash_table_insert (s_vpn->data, + g_strdup (NM_OPENVPN_KEY_CONNECTION_TYPE), + g_strdup (auth_type)); + auth_widget_update_connection (priv->xml, auth_type, s_vpn); } if (priv->advanced) - g_hash_table_foreach (priv->advanced, hash_copy_advanced, s_vpn_props->data); + g_hash_table_foreach (priv->advanced, hash_copy_advanced, s_vpn->data); - nm_connection_add_setting (connection, NM_SETTING (s_vpn_props)); + nm_connection_add_setting (connection, NM_SETTING (s_vpn)); valid = TRUE; done: diff --git a/vpn-daemons/openvpn/properties/nm-openvpn.h b/vpn-daemons/openvpn/properties/nm-openvpn.h index 5d6c1739d6..b5ab3538a4 100644 --- a/vpn-daemons/openvpn/properties/nm-openvpn.h +++ b/vpn-daemons/openvpn/properties/nm-openvpn.h @@ -82,11 +82,5 @@ struct _OpenvpnPluginUiWidgetClass { GType openvpn_plugin_ui_widget_get_type (void); -GValue *int_to_gvalue (gint i); - -GValue *bool_to_gvalue (gboolean b); - -GValue *str_to_gvalue (const char *str); - #endif /* _NM_OPENVPN_H_ */ diff --git a/vpn-daemons/openvpn/src/nm-openvpn-service.c b/vpn-daemons/openvpn/src/nm-openvpn-service.c index 91fbe63197..0916e93810 100644 --- a/vpn-daemons/openvpn/src/nm-openvpn-service.c +++ b/vpn-daemons/openvpn/src/nm-openvpn-service.c @@ -1,8 +1,8 @@ -/* -*- Mode: C; tab-width: 5; indent-tabs-mode: t; c-basic-offset: 5 -*- */ +/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ /* nm-openvpn-service - openvpn integration with NetworkManager * * Tim Niemueller - * Based on work by Dan Williams + * Dan Williams * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -44,11 +44,11 @@ #include #include #include +#include #include #include #include -#include #include "nm-openvpn-service.h" #include "nm-utils.h" @@ -63,9 +63,6 @@ typedef struct { char *username; char *password; char *certpass; - gint child_stdin_fd; - gint child_stdout_fd; - gint child_stderr_fd; GIOChannel *socket_channel; guint socket_channel_eventid; } NMOpenvpnPluginIOData; @@ -80,39 +77,41 @@ typedef struct { typedef struct { const char *name; GType type; + gint int_min; + gint int_max; } ValidProperty; static ValidProperty valid_properties[] = { - { NM_OPENVPN_KEY_CA, G_TYPE_STRING }, - { NM_OPENVPN_KEY_CERT, G_TYPE_STRING }, - { NM_OPENVPN_KEY_CIPHER, G_TYPE_STRING }, - { NM_OPENVPN_KEY_COMP_LZO, G_TYPE_BOOLEAN }, - { NM_OPENVPN_KEY_CONNECTION_TYPE, G_TYPE_INT }, - { NM_OPENVPN_KEY_TAP_DEV, G_TYPE_BOOLEAN }, - { NM_OPENVPN_KEY_KEY, G_TYPE_STRING }, - { NM_OPENVPN_KEY_LOCAL_IP, G_TYPE_STRING }, - { NM_OPENVPN_KEY_PROTO_TCP, G_TYPE_BOOLEAN }, - { NM_OPENVPN_KEY_PORT, G_TYPE_INT }, - { NM_OPENVPN_KEY_REMOTE, G_TYPE_STRING }, - { NM_OPENVPN_KEY_REMOTE_IP, G_TYPE_STRING }, - { NM_OPENVPN_KEY_SHARED_KEY, G_TYPE_STRING }, - { NM_OPENVPN_KEY_SHARED_KEY_DIRECTION, G_TYPE_INT }, - { NM_OPENVPN_KEY_TA, G_TYPE_STRING }, - { NM_OPENVPN_KEY_TA_DIR, G_TYPE_STRING }, - { NM_OPENVPN_KEY_USERNAME, G_TYPE_STRING }, - { NM_OPENVPN_KEY_PASSWORD, G_TYPE_STRING }, - { NM_OPENVPN_KEY_CERTPASS, G_TYPE_STRING }, - { NM_OPENVPN_KEY_NOSECRET, G_TYPE_STRING }, + { NM_OPENVPN_KEY_CA, G_TYPE_STRING, 0, 0 }, + { NM_OPENVPN_KEY_CERT, G_TYPE_STRING, 0, 0 }, + { NM_OPENVPN_KEY_CIPHER, G_TYPE_STRING, 0, 0 }, + { NM_OPENVPN_KEY_COMP_LZO, G_TYPE_BOOLEAN, 0, 0 }, + { NM_OPENVPN_KEY_CONNECTION_TYPE, G_TYPE_STRING, 0, 0 }, + { NM_OPENVPN_KEY_TAP_DEV, G_TYPE_BOOLEAN, 0, 0}, + { NM_OPENVPN_KEY_KEY, G_TYPE_STRING, 0, 0 }, + { NM_OPENVPN_KEY_LOCAL_IP, G_TYPE_STRING, 0, 0 }, + { NM_OPENVPN_KEY_PROTO_TCP, G_TYPE_BOOLEAN, 0, 0 }, + { NM_OPENVPN_KEY_PORT, G_TYPE_INT, 1, 65535 }, + { NM_OPENVPN_KEY_REMOTE, G_TYPE_STRING, 0, 0 }, + { NM_OPENVPN_KEY_REMOTE_IP, G_TYPE_STRING, 0, 0 }, + { NM_OPENVPN_KEY_SHARED_KEY, G_TYPE_STRING, 0, 0 }, + { NM_OPENVPN_KEY_SHARED_KEY_DIRECTION, G_TYPE_INT, 0, 1 }, + { NM_OPENVPN_KEY_TA, G_TYPE_STRING, 0, 0 }, + { NM_OPENVPN_KEY_TA_DIR, G_TYPE_INT, 0, 1 }, + { NM_OPENVPN_KEY_USERNAME, G_TYPE_STRING, 0, 0 }, + { NM_OPENVPN_KEY_PASSWORD, G_TYPE_STRING, 0, 0 }, + { NM_OPENVPN_KEY_CERTPASS, G_TYPE_STRING, 0, 0 }, + { NM_OPENVPN_KEY_NOSECRET, G_TYPE_STRING, 0, 0 }, { NULL, G_TYPE_NONE } }; static void -validate_one_property (gpointer key, gpointer val, gpointer user_data) +validate_one_property (gpointer key, gpointer value, gpointer user_data) { - gboolean *failed = (gboolean *) user_data; + GError **error = (GError **) user_data; int i; - if (*failed) + if (*error) return; /* 'name' is the setting name; always allowed but unused */ @@ -121,27 +120,71 @@ validate_one_property (gpointer key, gpointer val, gpointer user_data) for (i = 0; valid_properties[i].name; i++) { ValidProperty prop = valid_properties[i]; + long int tmp; - if (!strcmp (prop.name, (char *) key) && prop.type == G_VALUE_TYPE ((GValue *) val)) - /* Property is ok */ - return; + if (strcmp (prop.name, (char *) key)) + continue; + + switch (prop.type) { + case G_TYPE_STRING: + return; /* valid */ + case G_TYPE_INT: + errno = 0; + tmp = strtol ((char *) value, NULL, 10); + if (errno == 0 && tmp >= prop.int_min && tmp <= prop.int_max) + return; /* valid */ + + g_set_error (error, + NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "invalid integer property '%s' or out of range [%d -> %d]", + (const char *) key, prop.int_min, prop.int_max); + break; + case G_TYPE_BOOLEAN: + if (!strcmp ((char *) value, "yes") || !strcmp ((char *) value, "no")) + return; /* valid */ + + g_set_error (error, + NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "invalid boolean property '%s' (not yes or no)", + (const char *) key); + break; + default: + g_set_error (error, + NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "unhandled property '%s' type %d", + (const char *) key, prop.type); + break; + } } /* Did not find the property from valid_properties or the type did not match */ - *failed = TRUE; + if (!valid_properties[i].name) { + g_set_error (error, + NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "property '%s' invalid or not supported", + (const char *) key); + } } static gboolean -nm_openvpn_properties_validate (GHashTable *properties) +nm_openvpn_properties_validate (GHashTable *properties, GError **error) { - gboolean failed = FALSE; + if (g_hash_table_size (properties) < 1) { + g_set_error (error, + NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "%s", + "No VPN configuration options."); + return FALSE; + } - if (g_hash_table_size (properties) < 1) - return failed; + g_hash_table_foreach (properties, validate_one_property, error); - g_hash_table_foreach (properties, validate_one_property, &failed); - - return !failed; + return error ? FALSE : TRUE; } static void @@ -296,8 +339,8 @@ nm_openvpn_connect_timer_cb (gpointer data) return FALSE; } } else { - GIOChannel *openvpn_socket_channel; - guint openvpn_socket_channel_eventid; + GIOChannel *openvpn_socket_channel; + guint openvpn_socket_channel_eventid; openvpn_socket_channel = g_io_channel_unix_new (socket_fd); openvpn_socket_channel_eventid = g_io_add_watch (openvpn_socket_channel, @@ -363,20 +406,21 @@ openvpn_watch_cb (GPid pid, gint status, gpointer user_data) nm_vpn_plugin_set_state (plugin, NM_VPN_SERVICE_STATE_STOPPED); } -static int +static const char * get_connection_type (GHashTable *properties) { - int connection_type = NM_OPENVPN_CONTYPE_INVALID; - gpointer tmp; + const char *ctype; - tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CONNECTION_TYPE); - if (tmp) - connection_type = g_value_get_int ((GValue *) tmp); + ctype = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CONNECTION_TYPE); + if (ctype) { + if ( !strcmp (ctype, NM_OPENVPN_CONTYPE_TLS) + || !strcmp (ctype, NM_OPENVPN_CONTYPE_STATIC_KEY) + || !strcmp (ctype, NM_OPENVPN_CONTYPE_PASSWORD) + || !strcmp (ctype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) + return ctype; + } - if (connection_type < NM_OPENVPN_CONTYPE_INVALID || connection_type > NM_OPENVPN_CONTYPE_PASSWORD_TLS) - connection_type = NM_OPENVPN_CONTYPE_INVALID; - - return connection_type; + return NULL; } static const char * @@ -398,43 +442,56 @@ nm_find_openvpn (void) return *openvpn_binary; } -static gint -nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, GHashTable *properties) +static void +free_openvpn_args (GPtrArray *args) +{ + g_ptr_array_foreach (args, (GFunc) g_free, NULL); + g_ptr_array_free (args, TRUE); +} + +static gboolean +nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, + GHashTable *properties, + GError **error) { NMOpenvpnPluginPrivate *priv = NM_OPENVPN_PLUGIN_GET_PRIVATE (plugin); - GPid pid; - const char *openvpn_binary; + const char *openvpn_binary, *connection_type, *tmp; GPtrArray *openvpn_argv; GSource *openvpn_watch; - gpointer tmp; - gint stdin_fd; - gint stdout_fd; - gint stderr_fd; - int connection_type; - GError *err = NULL; + GPid pid; /* Find openvpn */ openvpn_binary = nm_find_openvpn (); if (!openvpn_binary) { - nm_info ("Could not find openvpn binary."); - return -1; + g_set_error (error, + NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "%s", + "Could not find the openvpn binary."); + return FALSE; } connection_type = get_connection_type (properties); - if (connection_type == NM_OPENVPN_CONTYPE_INVALID) - return -1; + if (!connection_type) { + g_set_error (error, + NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "%s", + "Invalid connection type."); + return FALSE; + } openvpn_argv = g_ptr_array_new (); g_ptr_array_add (openvpn_argv, (gpointer) (openvpn_binary)); tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_REMOTE); - if (tmp) { + if (tmp && strlen (tmp)) { g_ptr_array_add (openvpn_argv, (gpointer) "--remote"); - g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp)); + g_ptr_array_add (openvpn_argv, (gpointer) tmp); } tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_COMP_LZO); - if (tmp && g_value_get_boolean ((GValue *) tmp)) + if (tmp && !strcmp (tmp, "yes")) g_ptr_array_add (openvpn_argv, (gpointer) "--comp-lzo"); g_ptr_array_add (openvpn_argv, (gpointer) "--nobind"); @@ -442,7 +499,7 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, GHashTable *properties /* Device, either tun or tap */ g_ptr_array_add (openvpn_argv, (gpointer) "--dev"); tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_TAP_DEV); - if (tmp && g_value_get_boolean ((GValue *) tmp)) + if (tmp && !strcmp (tmp, "yes")) g_ptr_array_add (openvpn_argv, (gpointer) "tap"); else g_ptr_array_add (openvpn_argv, (gpointer) "tun"); @@ -450,7 +507,7 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, GHashTable *properties /* Protocol, either tcp or udp */ g_ptr_array_add (openvpn_argv, (gpointer) "--proto"); tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_PROTO_TCP); - if (tmp && g_value_get_boolean ((GValue *) tmp)) + if (tmp && !strcmp (tmp, "yes")) g_ptr_array_add (openvpn_argv, (gpointer) "tcp-client"); else g_ptr_array_add (openvpn_argv, (gpointer) "udp"); @@ -458,29 +515,46 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, GHashTable *properties /* Port */ g_ptr_array_add (openvpn_argv, (gpointer) "--port"); tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_PORT); - if (tmp) - /* The string here is leaked, big deal. */ - g_ptr_array_add (openvpn_argv, g_strdup_printf ("%u", g_value_get_int ((GValue *) tmp))); - else + if (tmp && strlen (tmp)) { + long int tmp_int; + + /* Convert -> int and back to string for security's sake since + * strtol() ignores some leading and trailing characters. + */ + errno = 0; + tmp_int = strtol (tmp, NULL, 10); + if (errno == 0) + g_ptr_array_add (openvpn_argv, (gpointer) g_strdup_printf ("%ld", tmp_int)); + else { + g_set_error (error, + NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "Invalid port number '%s'.", + tmp); + free_openvpn_args (openvpn_argv); + return FALSE; + } + } else { /* Default to IANA assigned port 1194 */ g_ptr_array_add (openvpn_argv, (GValue *) "1194"); + } /* Cipher */ tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CIPHER); - if (tmp) { + if (tmp && strlen (tmp)) { g_ptr_array_add (openvpn_argv, (gpointer) "--cipher"); - g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp)); + g_ptr_array_add (openvpn_argv, (gpointer) tmp); } /* TA */ tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_TA); - if (tmp) { + if (tmp && strlen (tmp)) { g_ptr_array_add (openvpn_argv, (gpointer) "--tls-auth"); - g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp)); + g_ptr_array_add (openvpn_argv, (gpointer) tmp); tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_TA_DIR); - if (tmp && strlen (g_value_get_string (tmp))) - g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp)); + if (tmp && strlen (tmp)) + g_ptr_array_add (openvpn_argv, (gpointer) tmp); } /* Syslog */ @@ -508,34 +582,31 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, GHashTable *properties g_ptr_array_add (openvpn_argv, (gpointer) "--route-noexec"); /* Now append configuration options which are dependent on the configuration type */ - switch (connection_type) { - case NM_OPENVPN_CONTYPE_TLS: + if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS)) { g_ptr_array_add (openvpn_argv, (gpointer) "--client"); tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CA); - if (tmp) { + if (tmp && strlen (tmp)) { g_ptr_array_add (openvpn_argv, (gpointer) "--ca"); - g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp)); + g_ptr_array_add (openvpn_argv, (gpointer) tmp); } tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CERT); - if (tmp) { + if (tmp && strlen (tmp)) { g_ptr_array_add (openvpn_argv, (gpointer) "--cert"); - g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp)); + g_ptr_array_add (openvpn_argv, (gpointer) tmp); } tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_KEY); - if (tmp) { + if (tmp && strlen (tmp)) { g_ptr_array_add (openvpn_argv, (gpointer) "--key"); - g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp)); + g_ptr_array_add (openvpn_argv, (gpointer) tmp); } - break; - - case NM_OPENVPN_CONTYPE_STATIC_KEY: + } else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_STATIC_KEY)) { tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_SHARED_KEY); - if (tmp) { + if (tmp && strlen (tmp)) { g_ptr_array_add (openvpn_argv, (gpointer) "--secret"); - g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp)); + g_ptr_array_add (openvpn_argv, (gpointer) tmp); } g_ptr_array_add (openvpn_argv, (gpointer) "--ifconfig"); @@ -543,70 +614,80 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, GHashTable *properties tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_LOCAL_IP); if (!tmp) { /* Insufficient data (FIXME: this should really be detected when validating the properties */ - g_ptr_array_free (openvpn_argv, TRUE); - return -1; + g_set_error (error, + NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "%s", + "Missing required local IP address for static key mode."); + free_openvpn_args (openvpn_argv); + return FALSE; } - g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp)); + g_ptr_array_add (openvpn_argv, (gpointer) tmp); tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_REMOTE_IP); if (!tmp) { /* Insufficient data (FIXME: this should really be detected when validating the properties */ - g_ptr_array_free (openvpn_argv, TRUE); - return -1; + g_set_error (error, + NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "%s", + "Missing required remote IP address for static key mode."); + free_openvpn_args (openvpn_argv); + return FALSE; } - g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp)); - break; - - case NM_OPENVPN_CONTYPE_PASSWORD: + g_ptr_array_add (openvpn_argv, (gpointer) tmp); + } else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD)) { /* Client mode */ g_ptr_array_add (openvpn_argv, (gpointer) "--client"); /* Use user/path authentication */ g_ptr_array_add (openvpn_argv, (gpointer) "--auth-user-pass"); tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CA); - if (tmp) { + if (tmp && strlen (tmp)) { g_ptr_array_add (openvpn_argv, (gpointer) "--ca"); - g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp)); + g_ptr_array_add (openvpn_argv, (gpointer) tmp); } - break; - - case NM_OPENVPN_CONTYPE_PASSWORD_TLS: + } else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) { g_ptr_array_add (openvpn_argv, (gpointer) "--client"); tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CA); - if (tmp) { + if (tmp && strlen (tmp)) { g_ptr_array_add (openvpn_argv, (gpointer) "--ca"); - g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp)); + g_ptr_array_add (openvpn_argv, (gpointer) tmp); } tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CERT); - if (tmp) { + if (tmp && strlen (tmp)) { g_ptr_array_add (openvpn_argv, (gpointer) "--cert"); - g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp)); + g_ptr_array_add (openvpn_argv, (gpointer) tmp); } tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_KEY); - if (tmp) { + if (tmp && strlen (tmp)) { g_ptr_array_add (openvpn_argv, (gpointer) "--key"); - g_ptr_array_add (openvpn_argv, (gpointer) g_value_get_string ((GValue *) tmp)); + g_ptr_array_add (openvpn_argv, (gpointer) tmp); } /* Use user/path authentication */ g_ptr_array_add (openvpn_argv, (gpointer) "--auth-user-pass"); - break; + } else { + g_set_error (error, + NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "Unknown connection type '%s'.", + connection_type); + free_openvpn_args (openvpn_argv); + return FALSE; } g_ptr_array_add (openvpn_argv, NULL); - if (!g_spawn_async_with_pipes (NULL, (char **) openvpn_argv->pdata, NULL, - G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, &stdin_fd, - &stdout_fd, &stderr_fd, &err)) { - g_ptr_array_free (openvpn_argv, TRUE); - nm_warning ("openvpn failed to start. error: '%s'", err->message); - g_error_free (err); - return -1; + if (!g_spawn_async (NULL, (char **) openvpn_argv->pdata, NULL, + G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, error)) { + free_openvpn_args (openvpn_argv); + return FALSE; } - g_ptr_array_free (openvpn_argv, TRUE); + free_openvpn_args (openvpn_argv); nm_info ("openvpn started with pid %d", pid); @@ -621,72 +702,47 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, GHashTable *properties X509USERPASS: Will require username and password and maybe certificate password X509: May require certificate password */ - if (connection_type == NM_OPENVPN_CONTYPE_PASSWORD || - connection_type == NM_OPENVPN_CONTYPE_PASSWORD_TLS || - connection_type == NM_OPENVPN_CONTYPE_TLS) { + if ( !strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS) + || !strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD) + || !strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) { + NMOpenvpnPluginIOData *io_data; - NMOpenvpnPluginIOData *io_data; - - io_data = g_new0 (NMOpenvpnPluginIOData, 1); - io_data->child_stdin_fd = stdin_fd; - io_data->child_stdout_fd = stdout_fd; - io_data->child_stderr_fd = stderr_fd; + io_data = g_new0 (NMOpenvpnPluginIOData, 1); tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_USERNAME); - if (tmp) - io_data->username = g_strdup ((char *) g_value_get_string ((GValue *) tmp)); + io_data->username = tmp ? g_strdup (tmp) : NULL; tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_PASSWORD); - if (tmp) - io_data->password = g_strdup ((char *) g_value_get_string ((GValue *) tmp)); + io_data->password = tmp ? g_strdup (tmp) : NULL; tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CERTPASS); - if (tmp) - io_data->certpass = g_strdup ((char *) g_value_get_string ((GValue *) tmp)); + io_data->certpass = tmp ? g_strdup (tmp) : NULL; priv->io_data = io_data; nm_openvpn_schedule_connect_timer (plugin); } - return stdin_fd; + return TRUE; } static gboolean real_connect (NMVPNPlugin *plugin, - NMConnection *connection, - GError **err) + NMConnection *connection, + GError **error) { - NMSettingVPNProperties *properties; - gint fd; - gboolean success = FALSE; + NMSettingVPN *s_vpn; - properties = NM_SETTING_VPN_PROPERTIES (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN_PROPERTIES)); - if (!properties || !nm_openvpn_properties_validate (properties->data)) { - g_set_error (err, - NM_VPN_PLUGIN_ERROR, - NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - "%s", - "Invalid arguments."); - goto out; - } + s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN)); + g_assert (s_vpn); - if ((fd = nm_openvpn_start_openvpn_binary (NM_OPENVPN_PLUGIN (plugin), properties->data)) < 0) { - g_set_error (err, - NM_VPN_PLUGIN_ERROR, - NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, - "%s", - "Could not start openvpn binary."); - goto out; - } + if (!nm_openvpn_properties_validate (s_vpn->data, error)); + return FALSE; - success = TRUE; + if (!nm_openvpn_start_openvpn_binary (NM_OPENVPN_PLUGIN (plugin), s_vpn->data, error)) + return FALSE; - out: - /* FIXME: It never did that but I guess it should? */ -/* close (fd); */ - - return success; + return TRUE; } static gboolean @@ -695,15 +751,15 @@ real_need_secrets (NMVPNPlugin *plugin, char **setting_name, GError **error) { - NMSettingVPNProperties *s_vpn_props; - int connection_type; + NMSettingVPN *s_vpn; + const char *connection_type; gboolean need_secrets = FALSE; g_return_val_if_fail (NM_IS_VPN_PLUGIN (plugin), FALSE); g_return_val_if_fail (NM_IS_CONNECTION (connection), FALSE); - s_vpn_props = NM_SETTING_VPN_PROPERTIES (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN_PROPERTIES)); - if (!s_vpn_props) { + s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN)); + if (!s_vpn) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID, @@ -712,30 +768,28 @@ real_need_secrets (NMVPNPlugin *plugin, return FALSE; } - connection_type = get_connection_type (s_vpn_props->data); - switch (connection_type) { - case NM_OPENVPN_CONTYPE_PASSWORD_TLS: + connection_type = get_connection_type (s_vpn->data); + if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) { /* Will require username and password and maybe certificate password */ - if (!g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_CERTPASS)) + if (!g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_CERTPASS)) need_secrets = TRUE; - /* Fall through */ - case NM_OPENVPN_CONTYPE_PASSWORD: + + if (!g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_USERNAME) || + !g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_PASSWORD)) + need_secrets = TRUE; + } else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD)) { /* Will require username and password */ - if (!g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_USERNAME) || - !g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_PASSWORD)) + if (!g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_USERNAME) || + !g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_PASSWORD)) need_secrets = TRUE; - break; - case NM_OPENVPN_CONTYPE_TLS: + } else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS)) { /* May require certificate password */ - if (!g_hash_table_lookup (s_vpn_props->data, NM_OPENVPN_KEY_CERTPASS)) + if (!g_hash_table_lookup (s_vpn->data, NM_OPENVPN_KEY_CERTPASS)) need_secrets = TRUE; - break; - default: - break; } if (need_secrets) - *setting_name = NM_SETTING_VPN_PROPERTIES_SETTING_NAME; + *setting_name = NM_SETTING_VPN_SETTING_NAME; return need_secrets; } diff --git a/vpn-daemons/openvpn/src/nm-openvpn-service.h b/vpn-daemons/openvpn/src/nm-openvpn-service.h index ef7804c5e4..ac9399cefe 100644 --- a/vpn-daemons/openvpn/src/nm-openvpn-service.h +++ b/vpn-daemons/openvpn/src/nm-openvpn-service.h @@ -38,24 +38,15 @@ #define NM_DBUS_INTERFACE_OPENVPN "org.freedesktop.NetworkManager.openvpn" #define NM_DBUS_PATH_OPENVPN "/org/freedesktop/NetworkManager/openvpn" -/* Do not change numbers, only add if needed! - See properties/nm-openvpn.c:connection_type_changed() for details - */ -#define NM_OPENVPN_CONTYPE_INVALID -1 -#define NM_OPENVPN_CONTYPE_TLS 0 -#define NM_OPENVPN_CONTYPE_STATIC_KEY 1 -#define NM_OPENVPN_CONTYPE_PASSWORD 2 -#define NM_OPENVPN_CONTYPE_PASSWORD_TLS 3 - #define NM_OPENVPN_KEY_CA "ca" #define NM_OPENVPN_KEY_CERT "cert" #define NM_OPENVPN_KEY_CIPHER "cipher" #define NM_OPENVPN_KEY_COMP_LZO "comp-lzo" #define NM_OPENVPN_KEY_CONNECTION_TYPE "connection-type" -#define NM_OPENVPN_KEY_TAP_DEV "dev" +#define NM_OPENVPN_KEY_TAP_DEV "tap-dev" #define NM_OPENVPN_KEY_KEY "key" #define NM_OPENVPN_KEY_LOCAL_IP "local-ip" -#define NM_OPENVPN_KEY_PROTO_TCP "proto" +#define NM_OPENVPN_KEY_PROTO_TCP "proto-tcp" #define NM_OPENVPN_KEY_PORT "port" #define NM_OPENVPN_KEY_REMOTE "remote" #define NM_OPENVPN_KEY_REMOTE_IP "remote-ip" @@ -69,6 +60,11 @@ #define NM_OPENVPN_KEY_CERTPASS "cert-pass" #define NM_OPENVPN_KEY_NOSECRET "no-secret" +#define NM_OPENVPN_CONTYPE_TLS "tls" +#define NM_OPENVPN_CONTYPE_STATIC_KEY "static-key" +#define NM_OPENVPN_CONTYPE_PASSWORD "password" +#define NM_OPENVPN_CONTYPE_PASSWORD_TLS "password-tls" + typedef struct { NMVPNPlugin parent; } NMOpenvpnPlugin;