network-manager-openvpn r22 - in trunk: . properties src
- From: dcbw svn gnome org
- To: svn-commits-list gnome org
- Subject: network-manager-openvpn r22 - in trunk: . properties src
- Date: Thu, 12 Feb 2009 16:10:08 +0000 (UTC)
Author: dcbw
Date: Thu Feb 12 16:10:08 2009
New Revision: 22
URL: http://svn.gnome.org/viewvc/network-manager-openvpn?rev=22&view=rev
Log:
2009-02-12 Dan Williams <dcbw redhat com>
Patch from Robert Vogelgesang <vogel users sourceforge net>
* properties/auth-helpers.c
properties/import-export.c
properties/nm-openvpn-dialog.glade
src/nm-openvpn-service.c
src/nm-openvpn-service.h
- Handle HMAC authentication (--auth)
Modified:
trunk/ChangeLog
trunk/properties/auth-helpers.c
trunk/properties/import-export.c
trunk/properties/nm-openvpn-dialog.glade
trunk/src/nm-openvpn-service.c
trunk/src/nm-openvpn-service.h
Modified: trunk/properties/auth-helpers.c
==============================================================================
--- trunk/properties/auth-helpers.c (original)
+++ trunk/properties/auth-helpers.c Thu Feb 12 16:10:08 2009
@@ -721,6 +721,7 @@
NM_OPENVPN_KEY_TAP_DEV,
NM_OPENVPN_KEY_PROTO_TCP,
NM_OPENVPN_KEY_CIPHER,
+ NM_OPENVPN_KEY_AUTH,
NM_OPENVPN_KEY_TA_DIR,
NM_OPENVPN_KEY_TA,
NULL
@@ -865,6 +866,63 @@
g_strfreev (items);
}
+#define HMACAUTH_COL_NAME 0
+#define HMACAUTH_COL_VALUE 1
+#define HMACAUTH_COL_DEFAULT 2
+
+static void
+populate_hmacauth_combo (GtkComboBox *box, const char *hmacauth)
+{
+ GtkListStore *store;
+ GtkTreeIter iter;
+ gboolean active_initialized = FALSE;
+ const char **item;
+ static const char *items[] = {
+ NM_OPENVPN_AUTH_NONE,
+ NM_OPENVPN_AUTH_MD5,
+ NM_OPENVPN_AUTH_SHA1,
+ NULL
+ };
+
+ store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING, G_TYPE_BOOLEAN);
+ gtk_combo_box_set_model (box, GTK_TREE_MODEL (store));
+
+ /* Add default option which won't pass --auth to openvpn */
+ gtk_list_store_append (store, &iter);
+ gtk_list_store_set (store, &iter,
+ HMACAUTH_COL_NAME, _("Default"),
+ HMACAUTH_COL_DEFAULT, TRUE, -1);
+
+ /* Add options */
+ for (item = items; *item; item++) {
+ const char *name = NULL;
+
+ if (!strcmp (*item, NM_OPENVPN_AUTH_NONE))
+ name = _("None");
+ else if (!strcmp (*item, NM_OPENVPN_AUTH_MD5))
+ name = _("MD-5");
+ else if (!strcmp (*item, NM_OPENVPN_AUTH_SHA1))
+ name = _("SHA-1");
+ else
+ g_assert_not_reached ();
+
+ gtk_list_store_append (store, &iter);
+ gtk_list_store_set (store, &iter,
+ HMACAUTH_COL_NAME, name,
+ HMACAUTH_COL_VALUE, *item,
+ HMACAUTH_COL_DEFAULT, FALSE, -1);
+ if (hmacauth && !strcmp (*item, hmacauth)) {
+ gtk_combo_box_set_active_iter (box, &iter);
+ active_initialized = TRUE;
+ }
+ }
+
+ if (!active_initialized)
+ gtk_combo_box_set_active (box, 0);
+
+ g_object_unref (store);
+}
+
static void
tls_auth_toggled_cb (GtkWidget *widget, gpointer user_data)
{
@@ -959,6 +1017,14 @@
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
}
+ widget = glade_xml_get_widget (xml, "cipher_combo");
+ value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_CIPHER);
+ populate_cipher_combo (GTK_COMBO_BOX (widget), value);
+
+ widget = glade_xml_get_widget (xml, "hmacauth_combo");
+ value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_AUTH);
+ populate_hmacauth_combo (GTK_COMBO_BOX (widget), value);
+
if ( !strcmp (contype, NM_OPENVPN_CONTYPE_TLS)
|| !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)
|| !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) {
@@ -966,10 +1032,6 @@
GtkTreeIter iter;
int direction = -1, active = -1;
- widget = glade_xml_get_widget (xml, "cipher_combo");
- value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_CIPHER);
- populate_cipher_combo (GTK_COMBO_BOX (widget), value);
-
widget = glade_xml_get_widget (xml, "tls_auth_checkbutton");
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA);
if (value && strlen (value))
@@ -1012,7 +1074,7 @@
}
} else {
widget = glade_xml_get_widget (xml, "options_notebook");
- gtk_notebook_remove_page (GTK_NOTEBOOK (widget), 1);
+ gtk_notebook_remove_page (GTK_NOTEBOOK (widget), 2);
}
out:
@@ -1059,7 +1121,9 @@
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_TAP_DEV), g_strdup ("yes"));
contype = g_object_get_data (G_OBJECT (dialog), "connection-type");
- if (!strcmp (contype, NM_OPENVPN_CONTYPE_TLS) || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
+ if ( !strcmp (contype, NM_OPENVPN_CONTYPE_TLS)
+ || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)
+ || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) {
GtkTreeModel *model;
GtkTreeIter iter;
@@ -1077,6 +1141,20 @@
}
}
+ widget = glade_xml_get_widget (xml, "hmacauth_combo");
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
+ if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) {
+ char *hmacauth = NULL;
+ gboolean is_default = TRUE;
+
+ gtk_tree_model_get (model, &iter,
+ HMACAUTH_COL_VALUE, &hmacauth,
+ HMACAUTH_COL_DEFAULT, &is_default, -1);
+ if (!is_default && hmacauth) {
+ g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_AUTH), g_strdup (hmacauth));
+ }
+ }
+
widget = glade_xml_get_widget (xml, "tls_auth_checkbutton");
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
char *filename;
Modified: trunk/properties/import-export.c
==============================================================================
--- trunk/properties/import-export.c (original)
+++ trunk/properties/import-export.c Thu Feb 12 16:10:08 2009
@@ -55,6 +55,7 @@
#define SECRET_TAG "secret"
#define AUTH_USER_PASS_TAG "auth-user-pass"
#define TLS_AUTH_TAG "tls-auth"
+#define AUTH_TAG "auth"
static gboolean
handle_path_item (const char *line,
@@ -315,8 +316,21 @@
continue;
}
- if (!strncmp (*line, AUTH_USER_PASS_TAG, strlen (AUTH_USER_PASS_TAG)))
+ if (!strncmp (*line, AUTH_USER_PASS_TAG, strlen (AUTH_USER_PASS_TAG))) {
have_pass = TRUE;
+ continue;
+ }
+
+ if (!strncmp (*line, AUTH_TAG, strlen (AUTH_TAG))) {
+ items = get_args (*line + strlen (AUTH_TAG));
+ if (!items)
+ continue;
+
+ if (g_strv_length (items))
+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_AUTH, items[0]);
+ g_strfreev (items);
+ continue;
+ }
}
if (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY))
Modified: trunk/properties/nm-openvpn-dialog.glade
==============================================================================
--- trunk/properties/nm-openvpn-dialog.glade (original)
+++ trunk/properties/nm-openvpn-dialog.glade Thu Feb 12 16:10:08 2009
@@ -948,10 +948,92 @@
</packing>
</child>
<child>
+ <widget class="GtkAlignment" id="alignment24">
+ <property name="visible">True</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0</property>
+ <property name="top_padding">12</property>
+ <property name="bottom_padding">12</property>
+ <property name="left_padding">12</property>
+ <property name="right_padding">12</property>
+ <child>
+ <widget class="GtkTable" id="table9">
+ <property name="visible">True</property>
+ <property name="n_rows">2</property>
+ <property name="n_columns">2</property>
+ <property name="column_spacing">12</property>
+ <property name="row_spacing">12</property>
+ <child>
+ <widget class="GtkComboBox" id="hmacauth_combo">
+ <property name="visible">True</property>
+ <property name="items" translatable="yes"> </property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+ <child>
+ <widget class="GtkLabel" id="label24">
+ <property name="visible">True</property>
+ <property name="xalign">0</property>
+ <property name="label" translatable="yes">HMAC Authentication:</property>
+ </widget>
+ <packing>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="x_options">GTK_FILL</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+ <child>
+ <widget class="GtkLabel" id="label19">
+ <property name="visible">True</property>
+ <property name="xalign">0</property>
+ <property name="label" translatable="yes">Cipher:</property>
+ </widget>
+ <packing>
+ <property name="x_options">GTK_FILL</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+ <child>
+ <widget class="GtkComboBox" id="cipher_combo">
+ <property name="visible">True</property>
+ <property name="items" translatable="yes"> </property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="position">1</property>
+ </packing>
+ </child>
+ <child>
+ <widget class="GtkLabel" id="label21">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Security</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ <property name="position">1</property>
+ <property name="tab_fill">False</property>
+ </packing>
+ </child>
+ <child>
<widget class="GtkTable" id="table7">
<property name="visible">True</property>
<property name="border_width">12</property>
- <property name="n_rows">3</property>
+ <property name="n_rows">2</property>
<property name="n_columns">2</property>
<property name="column_spacing">12</property>
<property name="row_spacing">6</property>
@@ -1034,8 +1116,8 @@
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
- <property name="top_attach">2</property>
- <property name="bottom_attach">3</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
</packing>
</child>
<child>
@@ -1049,44 +1131,21 @@
</widget>
<packing>
<property name="right_attach">2</property>
- <property name="top_attach">1</property>
- <property name="bottom_attach">2</property>
- </packing>
- </child>
- <child>
- <widget class="GtkLabel" id="label19">
- <property name="visible">True</property>
- <property name="xalign">0</property>
- <property name="label" translatable="yes">Cipher:</property>
- </widget>
- <packing>
- <property name="y_options"></property>
- </packing>
- </child>
- <child>
- <widget class="GtkComboBox" id="cipher_combo">
- <property name="visible">True</property>
- <property name="items" translatable="yes"> </property>
- </widget>
- <packing>
- <property name="left_attach">1</property>
- <property name="right_attach">2</property>
- <property name="y_options"></property>
</packing>
</child>
</widget>
<packing>
- <property name="position">1</property>
+ <property name="position">2</property>
</packing>
</child>
<child>
<widget class="GtkLabel" id="label18">
<property name="visible">True</property>
- <property name="label" translatable="yes">Certificates (TLS)</property>
+ <property name="label" translatable="yes">TLS Authentication</property>
</widget>
<packing>
<property name="type">tab</property>
- <property name="position">1</property>
+ <property name="position">2</property>
<property name="tab_fill">False</property>
</packing>
</child>
Modified: trunk/src/nm-openvpn-service.c
==============================================================================
--- trunk/src/nm-openvpn-service.c (original)
+++ trunk/src/nm-openvpn-service.c Thu Feb 12 16:10:08 2009
@@ -83,6 +83,7 @@
} ValidProperty;
static ValidProperty valid_properties[] = {
+ { NM_OPENVPN_KEY_AUTH, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_CA, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_CERT, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_CIPHER, G_TYPE_STRING, 0, 0, FALSE },
@@ -501,6 +502,18 @@
nm_vpn_plugin_set_state (plugin, NM_VPN_SERVICE_STATE_STOPPED);
}
+static gboolean
+validate_auth (const char *auth)
+{
+ if (auth) {
+ if ( !strcmp (auth, NM_OPENVPN_AUTH_NONE)
+ || !strcmp (auth, NM_OPENVPN_AUTH_MD5)
+ || !strcmp (auth, NM_OPENVPN_AUTH_SHA1))
+ return TRUE;
+ }
+ return FALSE;
+}
+
static const char *
validate_connection_type (const char *ctype)
{
@@ -575,7 +588,7 @@
GError **error)
{
NMOpenvpnPluginPrivate *priv = NM_OPENVPN_PLUGIN_GET_PRIVATE (plugin);
- const char *openvpn_binary, *connection_type, *tmp;
+ const char *openvpn_binary, *auth, *connection_type, *tmp;
GPtrArray *args;
GSource *openvpn_watch;
GPid pid;
@@ -590,6 +603,18 @@
"Could not find the openvpn binary.");
return FALSE;
}
+
+ auth = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_AUTH);
+ if (auth) {
+ if (!validate_auth(auth)) {
+ g_set_error (error,
+ NM_VPN_PLUGIN_ERROR,
+ NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ "%s",
+ "Invalid HMAC auth.");
+ return FALSE;
+ }
+ }
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE);
connection_type = validate_connection_type (tmp);
@@ -658,6 +683,12 @@
add_openvpn_arg (args, tmp);
}
+ /* Auth */
+ if (auth) {
+ add_openvpn_arg (args, "--auth");
+ add_openvpn_arg (args, auth);
+ }
+
/* TA */
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA);
if (tmp && strlen (tmp)) {
Modified: trunk/src/nm-openvpn-service.h
==============================================================================
--- trunk/src/nm-openvpn-service.h (original)
+++ trunk/src/nm-openvpn-service.h Thu Feb 12 16:10:08 2009
@@ -38,6 +38,7 @@
#define NM_DBUS_INTERFACE_OPENVPN "org.freedesktop.NetworkManager.openvpn"
#define NM_DBUS_PATH_OPENVPN "/org/freedesktop/NetworkManager/openvpn"
+#define NM_OPENVPN_KEY_AUTH "auth"
#define NM_OPENVPN_KEY_CA "ca"
#define NM_OPENVPN_KEY_CERT "cert"
#define NM_OPENVPN_KEY_CIPHER "cipher"
@@ -63,6 +64,10 @@
*/
#define NM_OPENVPN_KEY_NOSECRET "no-secret"
+#define NM_OPENVPN_AUTH_NONE "none"
+#define NM_OPENVPN_AUTH_MD5 "MD5"
+#define NM_OPENVPN_AUTH_SHA1 "SHA1"
+
#define NM_OPENVPN_CONTYPE_TLS "tls"
#define NM_OPENVPN_CONTYPE_STATIC_KEY "static-key"
#define NM_OPENVPN_CONTYPE_PASSWORD "password"
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]