network-manager-openvpn r22 - in trunk: . properties src



Author: dcbw
Date: Thu Feb 12 16:10:08 2009
New Revision: 22
URL: http://svn.gnome.org/viewvc/network-manager-openvpn?rev=22&view=rev

Log:
2009-02-12  Dan Williams  <dcbw redhat com>

	Patch from Robert Vogelgesang <vogel users sourceforge net>

	* properties/auth-helpers.c
	  properties/import-export.c
	  properties/nm-openvpn-dialog.glade
	  src/nm-openvpn-service.c
	  src/nm-openvpn-service.h
		- Handle HMAC authentication (--auth)



Modified:
   trunk/ChangeLog
   trunk/properties/auth-helpers.c
   trunk/properties/import-export.c
   trunk/properties/nm-openvpn-dialog.glade
   trunk/src/nm-openvpn-service.c
   trunk/src/nm-openvpn-service.h

Modified: trunk/properties/auth-helpers.c
==============================================================================
--- trunk/properties/auth-helpers.c	(original)
+++ trunk/properties/auth-helpers.c	Thu Feb 12 16:10:08 2009
@@ -721,6 +721,7 @@
 	NM_OPENVPN_KEY_TAP_DEV,
 	NM_OPENVPN_KEY_PROTO_TCP,
 	NM_OPENVPN_KEY_CIPHER,
+	NM_OPENVPN_KEY_AUTH,
 	NM_OPENVPN_KEY_TA_DIR,
 	NM_OPENVPN_KEY_TA,
 	NULL
@@ -865,6 +866,63 @@
 	g_strfreev (items);
 }
 
+#define HMACAUTH_COL_NAME 0
+#define HMACAUTH_COL_VALUE 1
+#define HMACAUTH_COL_DEFAULT 2
+
+static void
+populate_hmacauth_combo (GtkComboBox *box, const char *hmacauth)
+{
+	GtkListStore *store;
+	GtkTreeIter iter;
+	gboolean active_initialized = FALSE;
+	const char **item;
+	static const char *items[] = {
+		NM_OPENVPN_AUTH_NONE,
+		NM_OPENVPN_AUTH_MD5,
+		NM_OPENVPN_AUTH_SHA1,
+		NULL
+	};
+
+	store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING, G_TYPE_BOOLEAN);
+	gtk_combo_box_set_model (box, GTK_TREE_MODEL (store));
+
+	/* Add default option which won't pass --auth to openvpn */
+	gtk_list_store_append (store, &iter);
+	gtk_list_store_set (store, &iter,
+	                    HMACAUTH_COL_NAME, _("Default"),
+	                    HMACAUTH_COL_DEFAULT, TRUE, -1);
+
+	/* Add options */
+	for (item = items; *item; item++) {
+		const char *name = NULL;
+
+		if (!strcmp (*item, NM_OPENVPN_AUTH_NONE))
+			name = _("None");
+		else if (!strcmp (*item, NM_OPENVPN_AUTH_MD5))
+			name = _("MD-5");
+		else if (!strcmp (*item, NM_OPENVPN_AUTH_SHA1))
+			name = _("SHA-1");
+		else
+			g_assert_not_reached ();
+
+		gtk_list_store_append (store, &iter);
+		gtk_list_store_set (store, &iter,
+		                    HMACAUTH_COL_NAME, name,
+		                    HMACAUTH_COL_VALUE, *item,
+		                    HMACAUTH_COL_DEFAULT, FALSE, -1);
+		if (hmacauth && !strcmp (*item, hmacauth)) {
+			gtk_combo_box_set_active_iter (box, &iter);
+			active_initialized = TRUE;
+		}
+	}
+
+	if (!active_initialized)
+		gtk_combo_box_set_active (box, 0);
+
+	g_object_unref (store);
+}
+
 static void
 tls_auth_toggled_cb (GtkWidget *widget, gpointer user_data)
 {
@@ -959,6 +1017,14 @@
 		gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
 	}
 
+	widget = glade_xml_get_widget (xml, "cipher_combo");
+	value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_CIPHER);
+	populate_cipher_combo (GTK_COMBO_BOX (widget), value);
+
+	widget = glade_xml_get_widget (xml, "hmacauth_combo");
+	value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_AUTH);
+	populate_hmacauth_combo (GTK_COMBO_BOX (widget), value);
+
 	if (   !strcmp (contype, NM_OPENVPN_CONTYPE_TLS)
 	    || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)
 	    || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) {
@@ -966,10 +1032,6 @@
 		GtkTreeIter iter;
 		int direction = -1, active = -1;
 
-		widget = glade_xml_get_widget (xml, "cipher_combo");
-		value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_CIPHER);
-		populate_cipher_combo (GTK_COMBO_BOX (widget), value);
-
 		widget = glade_xml_get_widget (xml, "tls_auth_checkbutton");
 		value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA);
 		if (value && strlen (value))
@@ -1012,7 +1074,7 @@
 		}
 	} else {
 		widget = glade_xml_get_widget (xml, "options_notebook");
-		gtk_notebook_remove_page (GTK_NOTEBOOK (widget), 1);
+		gtk_notebook_remove_page (GTK_NOTEBOOK (widget), 2);
 	}
 
 out:
@@ -1059,7 +1121,9 @@
 		g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_TAP_DEV), g_strdup ("yes"));
 
 	contype = g_object_get_data (G_OBJECT (dialog), "connection-type");
-	if (!strcmp (contype, NM_OPENVPN_CONTYPE_TLS) || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
+	if (   !strcmp (contype, NM_OPENVPN_CONTYPE_TLS)
+	    || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)
+	    || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) {
 		GtkTreeModel *model;
 		GtkTreeIter iter;
 
@@ -1077,6 +1141,20 @@
 			}
 		}
 		
+		widget = glade_xml_get_widget (xml, "hmacauth_combo");
+		model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
+		if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) {
+			char *hmacauth = NULL;
+			gboolean is_default = TRUE;
+
+			gtk_tree_model_get (model, &iter,
+			                    HMACAUTH_COL_VALUE, &hmacauth,
+			                    HMACAUTH_COL_DEFAULT, &is_default, -1);
+			if (!is_default && hmacauth) {
+				g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_AUTH), g_strdup (hmacauth));
+			}
+		}
+		
 		widget = glade_xml_get_widget (xml, "tls_auth_checkbutton");
 		if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
 			char *filename;

Modified: trunk/properties/import-export.c
==============================================================================
--- trunk/properties/import-export.c	(original)
+++ trunk/properties/import-export.c	Thu Feb 12 16:10:08 2009
@@ -55,6 +55,7 @@
 #define SECRET_TAG "secret"
 #define AUTH_USER_PASS_TAG "auth-user-pass"
 #define TLS_AUTH_TAG "tls-auth"
+#define AUTH_TAG "auth"
 
 static gboolean
 handle_path_item (const char *line,
@@ -315,8 +316,21 @@
 			continue;
 		}
 
-		if (!strncmp (*line, AUTH_USER_PASS_TAG, strlen (AUTH_USER_PASS_TAG)))
+		if (!strncmp (*line, AUTH_USER_PASS_TAG, strlen (AUTH_USER_PASS_TAG))) {
 			have_pass = TRUE;
+			continue;
+		}
+
+		if (!strncmp (*line, AUTH_TAG, strlen (AUTH_TAG))) {
+			items = get_args (*line + strlen (AUTH_TAG));
+			if (!items)
+				continue;
+
+			if (g_strv_length (items))
+				nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_AUTH, items[0]);
+			g_strfreev (items);
+			continue;
+		}
 	}
 
 	if (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY))

Modified: trunk/properties/nm-openvpn-dialog.glade
==============================================================================
--- trunk/properties/nm-openvpn-dialog.glade	(original)
+++ trunk/properties/nm-openvpn-dialog.glade	Thu Feb 12 16:10:08 2009
@@ -948,10 +948,92 @@
               </packing>
             </child>
             <child>
+              <widget class="GtkAlignment" id="alignment24">
+                <property name="visible">True</property>
+                <property name="xalign">0</property>
+                <property name="yalign">0</property>
+                <property name="top_padding">12</property>
+                <property name="bottom_padding">12</property>
+                <property name="left_padding">12</property>
+                <property name="right_padding">12</property>
+                <child>
+                  <widget class="GtkTable" id="table9">
+                    <property name="visible">True</property>
+                    <property name="n_rows">2</property>
+                    <property name="n_columns">2</property>
+                    <property name="column_spacing">12</property>
+                    <property name="row_spacing">12</property>
+                    <child>
+                      <widget class="GtkComboBox" id="hmacauth_combo">
+                        <property name="visible">True</property>
+                        <property name="items" translatable="yes"> </property>
+                      </widget>
+                      <packing>
+                        <property name="left_attach">1</property>
+                        <property name="right_attach">2</property>
+                        <property name="top_attach">1</property>
+                        <property name="bottom_attach">2</property>
+                        <property name="y_options"></property>
+                      </packing>
+                    </child>
+                    <child>
+                      <widget class="GtkLabel" id="label24">
+                        <property name="visible">True</property>
+                        <property name="xalign">0</property>
+                        <property name="label" translatable="yes">HMAC Authentication:</property>
+                      </widget>
+                      <packing>
+                        <property name="top_attach">1</property>
+                        <property name="bottom_attach">2</property>
+                        <property name="x_options">GTK_FILL</property>
+                        <property name="y_options"></property>
+                      </packing>
+                    </child>
+                    <child>
+                      <widget class="GtkLabel" id="label19">
+                        <property name="visible">True</property>
+                        <property name="xalign">0</property>
+                        <property name="label" translatable="yes">Cipher:</property>
+                      </widget>
+                      <packing>
+                        <property name="x_options">GTK_FILL</property>
+                        <property name="y_options"></property>
+                      </packing>
+                    </child>
+                    <child>
+                      <widget class="GtkComboBox" id="cipher_combo">
+                        <property name="visible">True</property>
+                        <property name="items" translatable="yes"> </property>
+                      </widget>
+                      <packing>
+                        <property name="left_attach">1</property>
+                        <property name="right_attach">2</property>
+                        <property name="y_options"></property>
+                      </packing>
+                    </child>
+                  </widget>
+                </child>
+              </widget>
+              <packing>
+                <property name="position">1</property>
+              </packing>
+            </child>
+            <child>
+              <widget class="GtkLabel" id="label21">
+                <property name="visible">True</property>
+                <property name="label" translatable="yes">Security</property>
+              </widget>
+              <packing>
+                <property name="type">tab</property>
+                <property name="position">1</property>
+                <property name="tab_fill">False</property>
+              </packing>
+            </child>
+            <child>
               <widget class="GtkTable" id="table7">
                 <property name="visible">True</property>
                 <property name="border_width">12</property>
-                <property name="n_rows">3</property>
+                <property name="n_rows">2</property>
                 <property name="n_columns">2</property>
                 <property name="column_spacing">12</property>
                 <property name="row_spacing">6</property>
@@ -1034,8 +1116,8 @@
                   <packing>
                     <property name="left_attach">1</property>
                     <property name="right_attach">2</property>
-                    <property name="top_attach">2</property>
-                    <property name="bottom_attach">3</property>
+                    <property name="top_attach">1</property>
+                    <property name="bottom_attach">2</property>
                   </packing>
                 </child>
                 <child>
@@ -1049,44 +1131,21 @@
                   </widget>
                   <packing>
                     <property name="right_attach">2</property>
-                    <property name="top_attach">1</property>
-                    <property name="bottom_attach">2</property>
-                  </packing>
-                </child>
-                <child>
-                  <widget class="GtkLabel" id="label19">
-                    <property name="visible">True</property>
-                    <property name="xalign">0</property>
-                    <property name="label" translatable="yes">Cipher:</property>
-                  </widget>
-                  <packing>
-                    <property name="y_options"></property>
-                  </packing>
-                </child>
-                <child>
-                  <widget class="GtkComboBox" id="cipher_combo">
-                    <property name="visible">True</property>
-                    <property name="items" translatable="yes"> </property>
-                  </widget>
-                  <packing>
-                    <property name="left_attach">1</property>
-                    <property name="right_attach">2</property>
-                    <property name="y_options"></property>
                   </packing>
                 </child>
               </widget>
               <packing>
-                <property name="position">1</property>
+                <property name="position">2</property>
               </packing>
             </child>
             <child>
               <widget class="GtkLabel" id="label18">
                 <property name="visible">True</property>
-                <property name="label" translatable="yes">Certificates (TLS)</property>
+                <property name="label" translatable="yes">TLS Authentication</property>
               </widget>
               <packing>
                 <property name="type">tab</property>
-                <property name="position">1</property>
+                <property name="position">2</property>
                 <property name="tab_fill">False</property>
               </packing>
             </child>

Modified: trunk/src/nm-openvpn-service.c
==============================================================================
--- trunk/src/nm-openvpn-service.c	(original)
+++ trunk/src/nm-openvpn-service.c	Thu Feb 12 16:10:08 2009
@@ -83,6 +83,7 @@
 } ValidProperty;
 
 static ValidProperty valid_properties[] = {
+	{ NM_OPENVPN_KEY_AUTH,                 G_TYPE_STRING, 0, 0, FALSE },
 	{ NM_OPENVPN_KEY_CA,                   G_TYPE_STRING, 0, 0, FALSE },
 	{ NM_OPENVPN_KEY_CERT,                 G_TYPE_STRING, 0, 0, FALSE },
 	{ NM_OPENVPN_KEY_CIPHER,               G_TYPE_STRING, 0, 0, FALSE },
@@ -501,6 +502,18 @@
 	nm_vpn_plugin_set_state (plugin, NM_VPN_SERVICE_STATE_STOPPED);
 }
 
+static gboolean
+validate_auth (const char *auth)
+{
+	if (auth) {
+		if (   !strcmp (auth, NM_OPENVPN_AUTH_NONE)
+		    || !strcmp (auth, NM_OPENVPN_AUTH_MD5)
+		    || !strcmp (auth, NM_OPENVPN_AUTH_SHA1))
+			return TRUE;
+	}
+	return FALSE;
+}
+
 static const char *
 validate_connection_type (const char *ctype)
 {
@@ -575,7 +588,7 @@
                                  GError **error)
 {
 	NMOpenvpnPluginPrivate *priv = NM_OPENVPN_PLUGIN_GET_PRIVATE (plugin);
-	const char *openvpn_binary, *connection_type, *tmp;
+	const char *openvpn_binary, *auth, *connection_type, *tmp;
 	GPtrArray *args;
 	GSource *openvpn_watch;
 	GPid pid;
@@ -590,6 +603,18 @@
 		             "Could not find the openvpn binary.");
 		return FALSE;
 	}
+  
+ 	auth = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_AUTH);
+ 	if (auth) {
+ 		if (!validate_auth(auth)) {
+ 			g_set_error (error,
+ 			             NM_VPN_PLUGIN_ERROR,
+ 			             NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ 			             "%s",
+ 			             "Invalid HMAC auth.");
+ 			return FALSE;
+ 		}
+ 	}
 
 	tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE);
 	connection_type = validate_connection_type (tmp);
@@ -658,6 +683,12 @@
 		add_openvpn_arg (args, tmp);
 	}
 
+	/* Auth */
+	if (auth) {
+		add_openvpn_arg (args, "--auth");
+		add_openvpn_arg (args, auth);
+	}
+
 	/* TA */
 	tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA);
 	if (tmp && strlen (tmp)) {

Modified: trunk/src/nm-openvpn-service.h
==============================================================================
--- trunk/src/nm-openvpn-service.h	(original)
+++ trunk/src/nm-openvpn-service.h	Thu Feb 12 16:10:08 2009
@@ -38,6 +38,7 @@
 #define NM_DBUS_INTERFACE_OPENVPN  "org.freedesktop.NetworkManager.openvpn"
 #define NM_DBUS_PATH_OPENVPN       "/org/freedesktop/NetworkManager/openvpn"
 
+#define NM_OPENVPN_KEY_AUTH "auth"
 #define NM_OPENVPN_KEY_CA "ca"
 #define NM_OPENVPN_KEY_CERT "cert"
 #define NM_OPENVPN_KEY_CIPHER "cipher"
@@ -63,6 +64,10 @@
  */
 #define NM_OPENVPN_KEY_NOSECRET "no-secret"
 
+#define NM_OPENVPN_AUTH_NONE "none"
+#define NM_OPENVPN_AUTH_MD5  "MD5"
+#define NM_OPENVPN_AUTH_SHA1 "SHA1"
+
 #define NM_OPENVPN_CONTYPE_TLS          "tls"
 #define NM_OPENVPN_CONTYPE_STATIC_KEY   "static-key"
 #define NM_OPENVPN_CONTYPE_PASSWORD     "password"



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]