[network-manager-openvpn: 3/6] properties: support tls-crypt in the UI
- From: Beniamino Galvani <bgalvani src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-openvpn: 3/6] properties: support tls-crypt in the UI
- Date: Fri, 12 May 2017 20:55:10 +0000 (UTC)
commit 4597d0bfedfe9257643202e8af64532cfb475613
Author: Beniamino Galvani <bgalvani redhat com>
Date: Thu May 11 17:23:46 2017 +0200
properties: support tls-crypt in the UI
properties/auth-helpers.c | 108 +++++++++++++-----------
properties/nm-openvpn-dialog.ui | 178 ++++++++++++++++++++++++---------------
2 files changed, 169 insertions(+), 117 deletions(-)
---
diff --git a/properties/auth-helpers.c b/properties/auth-helpers.c
index daf366c..defaee4 100644
--- a/properties/auth-helpers.c
+++ b/properties/auth-helpers.c
@@ -940,6 +940,7 @@ static const char *advanced_keys[] = {
NM_OPENVPN_KEY_AUTH,
NM_OPENVPN_KEY_TA_DIR,
NM_OPENVPN_KEY_TA,
+ NM_OPENVPN_KEY_TLS_CRYPT,
NM_OPENVPN_KEY_RENEG_SECONDS,
NM_OPENVPN_KEY_TLS_REMOTE,
NM_OPENVPN_KEY_VERIFY_X509_NAME,
@@ -1376,23 +1377,28 @@ populate_remote_cert_tls_combo (GtkComboBox *box, const char *remote_cert)
g_object_unref (store);
}
+#define TLS_AUTH_MODE_NONE 0
+#define TLS_AUTH_MODE_AUTH 1
+#define TLS_AUTH_MODE_CRYPT 2
+
static void
tls_auth_toggled_cb (GtkWidget *widget, gpointer user_data)
{
GtkBuilder *builder = (GtkBuilder *) user_data;
- gboolean use_auth = FALSE;
+ gint active;
- widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_checkbutton"));
- use_auth = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget));
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_mode"));
+ active = gtk_combo_box_get_active (GTK_COMBO_BOX (widget));
widget = GTK_WIDGET (gtk_builder_get_object (builder, "direction_label"));
- gtk_widget_set_sensitive (widget, use_auth);
+ gtk_widget_set_sensitive (widget, active == TLS_AUTH_MODE_AUTH);
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "direction_combo"));
+ gtk_widget_set_sensitive (widget, active == TLS_AUTH_MODE_AUTH);
+
widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_label"));
- gtk_widget_set_sensitive (widget, use_auth);
+ gtk_widget_set_sensitive (widget, active != TLS_AUTH_MODE_NONE);
widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_chooser"));
- gtk_widget_set_sensitive (widget, use_auth);
- widget = GTK_WIDGET (gtk_builder_get_object (builder, "direction_combo"));
- gtk_widget_set_sensitive (widget, use_auth);
+ gtk_widget_set_sensitive (widget, active != TLS_AUTH_MODE_NONE);
}
static void
@@ -1900,52 +1906,49 @@ advanced_dialog_new (GHashTable *hash, const char *contype)
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_NS_CERT_TYPE);
populate_ns_cert_type_combo (GTK_COMBO_BOX (widget), value);
- if ( !strcmp (contype, NM_OPENVPN_CONTYPE_TLS)
- || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)
- || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) {
+ if (NM_IN_STRSET (contype,
+ NM_OPENVPN_CONTYPE_TLS,
+ NM_OPENVPN_CONTYPE_PASSWORD_TLS,
+ NM_OPENVPN_CONTYPE_PASSWORD)) {
int direction = -1;
- active = 0;
- widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_checkbutton"));
- value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA);
- if (value && strlen (value))
- gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
- g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (tls_auth_toggled_cb), builder);
- tls_auth_toggled_cb (widget, builder);
-
- widget = GTK_WIDGET (gtk_builder_get_object (builder, "direction_combo"));
- value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA_DIR);
- if (value && strlen (value)) {
- direction = (int) strtol (value, NULL, 10);
- /* If direction is not 0 or 1, use no direction */
- if (direction != 0 && direction != 1)
- direction = -1;
- }
-
+ /* Initialize direction combo */
+ combo = GTK_WIDGET (gtk_builder_get_object (builder, "direction_combo"));
store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_INT);
-
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, TA_DIR_COL_NAME, _("None"), TA_DIR_COL_NUM, -1, -1);
-
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, TA_DIR_COL_NAME, "0", TA_DIR_COL_NUM, 0, -1);
- if (direction == 0)
- active = 1;
-
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, TA_DIR_COL_NAME, "1", TA_DIR_COL_NUM, 1, -1);
- if (direction == 1)
- active = 2;
-
- gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store));
+ gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (store));
g_object_unref (store);
- gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active);
+ gtk_combo_box_set_active (GTK_COMBO_BOX (combo), 0);
+ combo = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_mode"));
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_chooser"));
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA);
- if (value && strlen (value)) {
- widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_chooser"));
+ value2 = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TLS_CRYPT);
+ if (value2 && value2[0]) {
+ gtk_combo_box_set_active (GTK_COMBO_BOX (combo), TLS_AUTH_MODE_CRYPT);
+ gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value2);
+ } else if (value && value[0]) {
+ gtk_combo_box_set_active (GTK_COMBO_BOX (combo), TLS_AUTH_MODE_AUTH);
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
- }
+ value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA_DIR);
+ if (value && value[0]) {
+ direction = (int) strtol (value, NULL, 10);
+ /* If direction is not 0 or 1, use no direction */
+ if (direction != 0 && direction != 1)
+ direction = -1;
+ }
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "direction_combo"));
+ gtk_combo_box_set_active (GTK_COMBO_BOX (widget), direction + 1);
+ } else
+ gtk_combo_box_set_active (GTK_COMBO_BOX (combo), TLS_AUTH_MODE_NONE);
+
+ g_signal_connect (G_OBJECT (combo), "changed", G_CALLBACK (tls_auth_toggled_cb), builder);
+ tls_auth_toggled_cb (combo, builder);
} else {
widget = GTK_WIDGET (gtk_builder_get_object (builder, "options_notebook"));
gtk_notebook_remove_page (GTK_NOTEBOOK (widget), 2);
@@ -2196,6 +2199,7 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
if ( !strcmp (contype, NM_OPENVPN_CONTYPE_TLS)
|| !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)
|| !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) {
+ char *filename;
entry = GTK_WIDGET (gtk_builder_get_object (builder, "tls_remote_entry"));
value = gtk_entry_get_text (GTK_ENTRY (entry));
@@ -2247,15 +2251,13 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
}
}
- widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_checkbutton"));
- if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
- char *filename;
-
+ combo = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_mode"));
+ switch (gtk_combo_box_get_active (GTK_COMBO_BOX (combo))) {
+ case TLS_AUTH_MODE_AUTH:
widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_chooser"));
filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
- if (filename && strlen (filename)) {
+ if (filename && filename[0])
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_TA), g_strdup (filename));
- }
g_free (filename);
widget = GTK_WIDGET (gtk_builder_get_object (builder, "direction_combo"));
@@ -2269,10 +2271,20 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
g_strdup_printf ("%d", direction));
}
}
+ break;
+ case TLS_AUTH_MODE_CRYPT:
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_chooser"));
+ filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
+ if (filename && filename[0])
+ g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_TLS_CRYPT), g_strdup
(filename));
+ g_free (filename);
+ break;
+ case TLS_AUTH_MODE_NONE:
+ break;
}
}
- widget = GTK_WIDGET (gtk_builder_get_object (builder, "ping_checkbutton"));
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "ping_checkbutton"));
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
int ping_val;
diff --git a/properties/nm-openvpn-dialog.ui b/properties/nm-openvpn-dialog.ui
index a3cc25c..bdc1b0c 100644
--- a/properties/nm-openvpn-dialog.ui
+++ b/properties/nm-openvpn-dialog.ui
@@ -54,13 +54,11 @@
<property name="page_increment">10</property>
</object>
<object class="GtkAdjustment" id="adjustment9">
- <property name="lower">0</property>
<property name="upper">100000000</property>
<property name="value">100</property>
<property name="step_increment">1</property>
<property name="page_increment">10</property>
</object>
-
<object class="GtkListStore" id="liststore1"/>
<object class="GtkListStore" id="liststore2"/>
<object class="GtkListStore" id="model1">
@@ -74,6 +72,23 @@
</row>
</data>
</object>
+ <object class="GtkListStore" id="model10">
+ <columns>
+ <!-- column-name gchararray -->
+ <column type="gchararray"/>
+ </columns>
+ <data>
+ <row>
+ <col id="0" translatable="yes">None</col>
+ </row>
+ <row>
+ <col id="0" translatable="yes">TLS-Auth</col>
+ </row>
+ <row>
+ <col id="0" translatable="yes">TLS-Crypt</col>
+ </row>
+ </data>
+ </object>
<object class="GtkListStore" id="model2">
<columns>
<!-- column-name gchararray -->
@@ -1612,19 +1627,19 @@ config: ping <n></property>
</packing>
</child>
<child>
- <object class="GtkBox" id="hbox10">
+ <object class="GtkBox" id="hbox9">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child>
- <object class="GtkCheckButton" id="max_routes_checkbutton">
- <property name="label" translatable="yes">Specify max routes:</property>
+ <object class="GtkCheckButton" id="ping_exit_restart_checkbutton">
+ <property name="label" translatable="yes">Specify _exit or restart ping:</property>
<property name="use_action_appearance">False</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip_text" translatable="yes">Specify the maximum number of
routes the server is allowed to specify.
-config: max-routes <n></property>
+ <property name="tooltip_text" translatable="yes">Exit or restart after n seconds
pass without reception of a ping or other packet from remote.
+config: ping-exit | ping-restart <n></property>
<property name="use_underline">True</property>
<property name="xalign">0.5</property>
<property name="draw_indicator">True</property>
@@ -1636,42 +1651,62 @@ config: max-routes <n></property>
</packing>
</child>
<child>
- <object class="GtkSpinButton" id="max_routes_spinbutton">
+ <object class="GtkComboBox" id="ping_exit_restart_combo">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip_text" translatable="yes">Specify the maximum number of
routes the server is allowed to specify.
-config: max-routes <n></property>
- <property name="adjustment">adjustment9</property>
+ <property name="tooltip_text" translatable="yes">Exit or restart after n seconds
pass without reception of a ping or other packet from remote.
+config: ping-exit | ping-restart <n></property>
+ <property name="model">model8</property>
+ <child>
+ <object class="GtkCellRendererText" id="renderer11"/>
+ <attributes>
+ <attribute name="text">0</attribute>
+ </attributes>
+ </child>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ <property name="position">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkSpinButton" id="ping_exit_restart_spinbutton">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="tooltip_text" translatable="yes">Exit or restart after n seconds
pass without reception of a ping or other packet from remote.
+config: ping-exit | ping-restart <n></property>
+ <property name="adjustment">adjustment8</property>
<property name="climb_rate">1</property>
<property name="numeric">True</property>
</object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
- <property name="position">1</property>
+ <property name="position">2</property>
</packing>
</child>
</object>
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
- <property name="position">12</property>
+ <property name="position">11</property>
</packing>
</child>
<child>
- <object class="GtkBox" id="hbox9">
+ <object class="GtkBox" id="hbox10">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child>
- <object class="GtkCheckButton" id="ping_exit_restart_checkbutton">
- <property name="label" translatable="yes">Specify _exit or restart ping:</property>
+ <object class="GtkCheckButton" id="max_routes_checkbutton">
+ <property name="label" translatable="yes">Specify max routes:</property>
<property name="use_action_appearance">False</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip_text" translatable="yes">Exit or restart after n seconds
pass without reception of a ping or other packet from remote.
-config: ping-exit | ping-restart <n></property>
+ <property name="tooltip_text" translatable="yes">Specify the maximum number of
routes the server is allowed to specify.
+config: max-routes <n></property>
<property name="use_underline">True</property>
<property name="xalign">0.5</property>
<property name="draw_indicator">True</property>
@@ -1683,46 +1718,26 @@ config: ping-exit | ping-restart <n></property>
</packing>
</child>
<child>
- <object class="GtkComboBox" id="ping_exit_restart_combo">
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="tooltip_text" translatable="yes">Exit or restart after n seconds
pass without reception of a ping or other packet from remote.
-config: ping-exit | ping-restart <n></property>
- <property name="model">model8</property>
- <child>
- <object class="GtkCellRendererText" id="renderer11"/>
- <attributes>
- <attribute name="text">0</attribute>
- </attributes>
- </child>
- </object>
- <packing>
- <property name="expand">False</property>
- <property name="fill">False</property>
- <property name="position">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkSpinButton" id="ping_exit_restart_spinbutton">
+ <object class="GtkSpinButton" id="max_routes_spinbutton">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip_text" translatable="yes">Exit or restart after n seconds
pass without reception of a ping or other packet from remote.
-config: ping-exit | ping-restart <n></property>
- <property name="adjustment">adjustment8</property>
+ <property name="tooltip_text" translatable="yes">Specify the maximum number of
routes the server is allowed to specify.
+config: max-routes <n></property>
+ <property name="adjustment">adjustment9</property>
<property name="climb_rate">1</property>
<property name="numeric">True</property>
</object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
- <property name="position">2</property>
+ <property name="position">1</property>
</packing>
</child>
</object>
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
- <property name="position">11</property>
+ <property name="position">12</property>
</packing>
</child>
</object>
@@ -1914,11 +1929,11 @@ config: auth</property>
<object class="GtkEntry" id="tls_remote_entry">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="hexpand">True</property>
<property name="tooltip_text" translatable="yes">Subject or Common Name to
verify server certificate information against.
config: verify-x509-name subject-or-name [mode]
config (legacy mode): tls-remote subject-or-name</property>
+ <property name="hexpand">True</property>
</object>
<packing>
<property name="left_attach">1</property>
@@ -1943,7 +1958,6 @@ config (legacy mode): tls-remote subject-or-name</property>
<object class="GtkComboBox" id="tls_remote_mode_combo">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="hexpand">True</property>
<property name="tooltip_text" translatable="yes">Verify server certificate
identification.
When enabled, connection will only succeed if the server certificate matches some expected properties.
@@ -1954,6 +1968,7 @@ The legacy option tls-remote is deprecated and removed from OpenVPN 2.4 and newe
config: verify-x509-name subject-or-name [mode]
config (legacy mode): tls-remote subject-or-name</property>
+ <property name="hexpand">True</property>
<property name="model">model9</property>
<child>
<object class="GtkCellRendererText" id="renderer12"/>
@@ -1967,9 +1982,6 @@ config (legacy mode): tls-remote subject-or-name</property>
<property name="top_attach">0</property>
</packing>
</child>
- <child>
- <placeholder/>
- </child>
</object>
<packing>
<property name="expand">True</property>
@@ -2118,23 +2130,6 @@ config: ns-cert-type client|server</property>
<property name="row_spacing">6</property>
<property name="column_spacing">12</property>
<child>
- <object class="GtkCheckButton" id="tls_auth_checkbutton">
- <property name="label" translatable="yes">Use additional _TLS
authentication</property>
- <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="receives_default">False</property>
- <property name="tooltip_text" translatable="yes">Add an additional layer of HMAC
authentication.</property>
- <property name="use_underline">True</property>
- <property name="xalign">0</property>
- <property name="draw_indicator">True</property>
- </object>
- <packing>
- <property name="left_attach">0</property>
- <property name="top_attach">0</property>
- </packing>
- </child>
- <child>
<object class="GtkGrid" id="table8">
<property name="visible">True</property>
<property name="can_focus">False</property>
@@ -2154,7 +2149,7 @@ config: ns-cert-type client|server</property>
</object>
<packing>
<property name="left_attach">0</property>
- <property name="top_attach">1</property>
+ <property name="top_attach">2</property>
</packing>
</child>
<child>
@@ -2167,7 +2162,7 @@ config: tls-auth <file> [direction]</property>
</object>
<packing>
<property name="left_attach">1</property>
- <property name="top_attach">0</property>
+ <property name="top_attach">1</property>
</packing>
</child>
<child>
@@ -2187,7 +2182,7 @@ config: tls-auth <file> [direction]</property>
</object>
<packing>
<property name="left_attach">1</property>
- <property name="top_attach">1</property>
+ <property name="top_attach">2</property>
</packing>
</child>
<child>
@@ -2201,6 +2196,37 @@ config: tls-auth <file> [direction]</property>
</object>
<packing>
<property name="left_attach">0</property>
+ <property name="top_attach">1</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">Mode</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkComboBox" id="tls_auth_mode">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="model">model10</property>
+ <property name="active">0</property>
+ <property name="tooltip_text" translatable="yes">Add an additional layer of
encryption or HMAC authentication.</property>
+ <property name="id_column">0</property>
+ <child>
+ <object class="GtkCellRendererText" id="renderer16"/>
+ <attributes>
+ <attribute name="text">0</attribute>
+ </attributes>
+ </child>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
<property name="top_attach">0</property>
</packing>
</child>
@@ -2210,6 +2236,20 @@ config: tls-auth <file> [direction]</property>
<property name="top_attach">1</property>
</packing>
</child>
+ <child>
+ <object class="GtkLabel">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="halign">start</property>
+ <property name="valign">start</property>
+ <property name="label" translatable="yes">Additional TLS authentication or
encryption</property>
+ <property name="tooltip_text" translatable="yes">Add an additional layer of
encryption or HMAC authentication.</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">0</property>
+ </packing>
+ </child>
</object>
<packing>
<property name="expand">True</property>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
