[NetworkManager-openvpn] Added option for allow-pull-fqdn



commit e83b4f89962854f75475ef0fe86f938746c684db
Author: Ralph Benjamin Ruijs <ralph ruijs ing com>
Date:   Mon Jul 13 22:23:09 2020 +0200

    Added option for allow-pull-fqdn
    
    This allows the server to push routes that include DNS-names and not
    just ips/networks. OpenVPN will then resolve those names and add the
    routes accordingly.
    
    As an example `push route google.com` will result in all traffic to
    google.com be redirected over the vpn. The `up` scripts do not need
    any special handling as they are passed the resolved options:
    
    route_network_13=ip_1_of_google
    route_network_12=ip_2_of_google
    
    Co-authored-by: Florian Apolloner <florian apolloner eu>
    
    https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/merge_requests/28

 properties/import-export.c      | 10 ++++++++++
 properties/nm-openvpn-dialog.ui | 31 +++++++++++++++++++++++++------
 properties/nm-openvpn-editor.c  |  6 ++++++
 shared/nm-service-defines.h     |  1 +
 shared/utils.h                  |  1 +
 src/nm-openvpn-service.c        |  5 +++++
 6 files changed, 48 insertions(+), 6 deletions(-)
---
diff --git a/properties/import-export.c b/properties/import-export.c
index 816cd3d4..8260d83a 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -1193,6 +1193,13 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
                        continue;
                }
 
+               if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_ALLOW_PULL_FQDN)) {
+                       if (!args_params_check_nargs_n (params, 0, &line_error))
+                               goto handle_line_error;
+                       setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_ALLOW_PULL_FQDN, "yes");
+                       continue;
+               }
+
                if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_TUN_IPV6)) {
                        if (!args_params_check_nargs_n (params, 0, &line_error))
                                goto handle_line_error;
@@ -1958,6 +1965,9 @@ do_export_create (NMConnection *connection, const char *path, GError **error)
        if (nm_streq0 (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_RANDOM_HOSTNAME), "yes"))
                args_write_line (f, NMV_OVPN_TAG_REMOTE_RANDOM_HOSTNAME);
 
+       if (nm_streq0 (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_ALLOW_PULL_FQDN), "yes"))
+               args_write_line (f, NMV_OVPN_TAG_ALLOW_PULL_FQDN);
+
        if (nm_streq0 (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TUN_IPV6), "yes"))
                args_write_line (f, NMV_OVPN_TAG_TUN_IPV6);
 
diff --git a/properties/nm-openvpn-dialog.ui b/properties/nm-openvpn-dialog.ui
index bd1ad1d0..cffbc2d6 100644
--- a/properties/nm-openvpn-dialog.ui
+++ b/properties/nm-openvpn-dialog.ui
@@ -1316,6 +1316,25 @@ config: remote-random</property>
                     <property name="position">8</property>
                   </packing>
                 </child>
+                <child>
+                  <object class="GtkCheckButton" id="allow_pull_fqdn_checkbutton">
+                    <property name="label" translatable="yes">Allow Pull FQDN</property>
+                    <property name="use_action_appearance">False</property>
+                    <property name="visible">True</property>
+                    <property name="can_focus">True</property>
+                    <property name="receives_default">False</property>
+                    <property name="tooltip_text" translatable="yes">Allow client to pull DNS names from 
server
+config: allow-pull-fqdn</property>
+                    <property name="use_underline">True</property>
+                    <property name="xalign">0</property>
+                    <property name="draw_indicator">True</property>
+                  </object>
+                  <packing>
+                    <property name="expand">False</property>
+                    <property name="fill">True</property>
+                    <property name="position">9</property>
+                  </packing>
+                </child>
                 <child>
                   <object class="GtkCheckButton" id="remote_random_hostname_checkbutton">
                     <property name="label" translatable="yes">_Prefix remote DNS name with random 
string</property>
@@ -1332,7 +1351,7 @@ config: remote-random-hostname</property>
                   <packing>
                     <property name="expand">False</property>
                     <property name="fill">True</property>
-                    <property name="position">9</property>
+                    <property name="position">10</property>
                   </packing>
                 </child>
                 <child>
@@ -1351,7 +1370,7 @@ config: tun-ipv6</property>
                   <packing>
                     <property name="expand">False</property>
                     <property name="fill">True</property>
-                    <property name="position">10</property>
+                    <property name="position">11</property>
                   </packing>
                 </child>
                 <child>
@@ -1398,7 +1417,7 @@ config: ping &lt;n&gt;</property>
                   <packing>
                     <property name="expand">False</property>
                     <property name="fill">True</property>
-                    <property name="position">11</property>
+                    <property name="position">12</property>
                   </packing>
                 </child>
                 <child>
@@ -1465,7 +1484,7 @@ config: ping-exit | ping-restart &lt;n&gt;</property>
                   <packing>
                     <property name="expand">False</property>
                     <property name="fill">True</property>
-                    <property name="position">12</property>
+                    <property name="position">13</property>
                   </packing>
                 </child>
                 <child>
@@ -1487,7 +1506,7 @@ config: float</property>
                   <packing>
                     <property name="expand">False</property>
                     <property name="fill">True</property>
-                    <property name="position">13</property>
+                    <property name="position">14</property>
                   </packing>
                 </child>
                 <child>
@@ -1534,7 +1553,7 @@ config: max-routes &lt;n&gt;</property>
                   <packing>
                     <property name="expand">False</property>
                     <property name="fill">True</property>
-                    <property name="position">14</property>
+                    <property name="position">15</property>
                   </packing>
                 </child>
               </object>
diff --git a/properties/nm-openvpn-editor.c b/properties/nm-openvpn-editor.c
index d1ebe43f..c89ba8f8 100644
--- a/properties/nm-openvpn-editor.c
+++ b/properties/nm-openvpn-editor.c
@@ -646,6 +646,7 @@ sk_file_chooser_filter_new (void)
 }
 
 static const char *const advanced_keys[] = {
+       NM_OPENVPN_KEY_ALLOW_PULL_FQDN,
        NM_OPENVPN_KEY_AUTH,
        NM_OPENVPN_KEY_CIPHER,
        NM_OPENVPN_KEY_COMPRESS,
@@ -1602,6 +1603,7 @@ advanced_dialog_new (GHashTable *hash, const char *contype)
 
        _builder_init_toggle_button (builder, "remote_random_checkbutton", _hash_get_boolean (hash, 
NM_OPENVPN_KEY_REMOTE_RANDOM));
        _builder_init_toggle_button (builder, "remote_random_hostname_checkbutton", _hash_get_boolean (hash, 
NM_OPENVPN_KEY_REMOTE_RANDOM_HOSTNAME));
+       _builder_init_toggle_button (builder, "allow_pull_fqdn_checkbutton", _hash_get_boolean (hash, 
NM_OPENVPN_KEY_ALLOW_PULL_FQDN));
        _builder_init_toggle_button (builder, "tun_ipv6_checkbutton", _hash_get_boolean (hash, 
NM_OPENVPN_KEY_TUN_IPV6));
 
        widget = GTK_WIDGET (gtk_builder_get_object (builder, "cipher_combo"));
@@ -1961,6 +1963,10 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog)
        if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
                g_hash_table_insert (hash, NM_OPENVPN_KEY_REMOTE_RANDOM_HOSTNAME, g_strdup ("yes"));
 
+       widget = GTK_WIDGET (gtk_builder_get_object (builder, "allow_pull_fqdn_checkbutton"));
+       if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
+               g_hash_table_insert (hash, NM_OPENVPN_KEY_ALLOW_PULL_FQDN, g_strdup ("yes"));
+
        widget = GTK_WIDGET (gtk_builder_get_object (builder, "tun_ipv6_checkbutton"));
        if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
                g_hash_table_insert (hash, NM_OPENVPN_KEY_TUN_IPV6, g_strdup ("yes"));
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 4a858b4c..46b4104b 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -29,6 +29,7 @@
 #define NM_DBUS_INTERFACE_OPENVPN  "org.freedesktop.NetworkManager.openvpn"
 #define NM_DBUS_PATH_OPENVPN       "/org/freedesktop/NetworkManager/openvpn"
 
+#define NM_OPENVPN_KEY_ALLOW_PULL_FQDN           "allow-pull-fqdn"
 #define NM_OPENVPN_KEY_AUTH                      "auth"
 #define NM_OPENVPN_KEY_CA                        "ca"
 #define NM_OPENVPN_KEY_CERT                      "cert"
diff --git a/shared/utils.h b/shared/utils.h
index b532b5d3..477ad709 100644
--- a/shared/utils.h
+++ b/shared/utils.h
@@ -23,6 +23,7 @@
 #ifndef UTILS_H
 #define UTILS_H
 
+#define NMV_OVPN_TAG_ALLOW_PULL_FQDN        "allow-pull-fqdn"
 #define NMV_OVPN_TAG_AUTH                   "auth"
 #define NMV_OVPN_TAG_AUTH_NOCACHE           "auth-nocache"
 #define NMV_OVPN_TAG_NCP_DISABLE            "ncp-disable"
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 27ff30e7..e9fa084c 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -138,6 +138,7 @@ typedef struct {
 } ValidProperty;
 
 static const ValidProperty valid_properties[] = {
+       { NM_OPENVPN_KEY_ALLOW_PULL_FQDN,           G_TYPE_BOOLEAN, 0, 0, FALSE },
        { NM_OPENVPN_KEY_AUTH,                      G_TYPE_STRING, 0, 0, FALSE },
        { NM_OPENVPN_KEY_CA,                        G_TYPE_STRING, 0, 0, FALSE },
        { NM_OPENVPN_KEY_CERT,                      G_TYPE_STRING, 0, 0, FALSE },
@@ -1454,6 +1455,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
        if (nm_streq0 (tmp, "yes"))
                args_add_strv (args, "--remote-random-hostname");
 
+       tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_ALLOW_PULL_FQDN);
+       if (nm_streq0 (tmp, "yes"))
+               args_add_strv (args, "--allow-pull-fqdn");
+
        tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TUN_IPV6);
        if (nm_streq0 (tmp, "yes"))
                args_add_strv (args, "--tun-ipv6");


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]