Hello,
this is a new version of my patch to implement support for the auth
option of openvpn. This patch must be applied after the patch to
move the cipher option handling I posted just a few minutes ago.
Robert
diff -u NetworkManager-openvpn-0.7.0/properties/auth-helpers.c.hmacauth
NetworkManager-openvpn-0.7.0/properties/auth-helpers.c
--- NetworkManager-openvpn-0.7.0/properties/auth-helpers.c.hmacauth
2009-01-04 23:25:42.000000000 +0100
+++ NetworkManager-openvpn-0.7.0/properties/auth-helpers.c 2009-01-05
00:02:33.000000000 +0100
@@ -721,6 +721,7 @@
NM_OPENVPN_KEY_TAP_DEV,
NM_OPENVPN_KEY_PROTO_TCP,
NM_OPENVPN_KEY_CIPHER,
+ NM_OPENVPN_KEY_AUTH,
NM_OPENVPN_KEY_TA_DIR,
NM_OPENVPN_KEY_TA,
NULL
@@ -865,6 +866,50 @@
g_strfreev (items);
}
+#define HMACAUTH_COL_NAME 0
+#define HMACAUTH_COL_DEFAULT 1
+
+static void
+populate_hmacauth_combo (GtkComboBox *box, const char *hmacauth)
+{
+ GtkListStore *store;
+ GtkTreeIter iter;
+ gboolean active_initialized = FALSE;
+ gchar **item;
+ gchar *items[] = {
+ NM_OPENVPN_AUTH_NONE,
+ NM_OPENVPN_AUTH_MD5,
+ NM_OPENVPN_AUTH_SHA1,
+ NULL
+ };
+
+ store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_BOOLEAN);
+ gtk_combo_box_set_model (box, GTK_TREE_MODEL (store));
+
+ /* Add default option which won't pass --auth to openvpn */
+ gtk_list_store_append (store, &iter);
+ gtk_list_store_set (store, &iter,
+ HMACAUTH_COL_NAME, _("Default"),
+ HMACAUTH_COL_DEFAULT, TRUE, -1);
+
+ /* Add options */
+ for (item = items; *item; item++) {
+ gtk_list_store_append (store, &iter);
+ gtk_list_store_set (store, &iter,
+ HMACAUTH_COL_NAME, *item,
+ HMACAUTH_COL_DEFAULT, FALSE, -1);
+ if (hmacauth && !strcmp (*item, hmacauth)) {
+ gtk_combo_box_set_active_iter (box, &iter);
+ active_initialized = TRUE;
+ }
+ }
+
+ if (!active_initialized)
+ gtk_combo_box_set_active (box, 0);
+
+ g_object_unref (store);
+}
+
static void
tls_auth_toggled_cb (GtkWidget *widget, gpointer user_data)
{
@@ -963,6 +1008,10 @@
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_CIPHER);
populate_cipher_combo (GTK_COMBO_BOX (widget), value);
+ widget = glade_xml_get_widget (xml, "hmacauth_combo");
+ value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_AUTH);
+ populate_hmacauth_combo (GTK_COMBO_BOX (widget), value);
+
if ( !strcmp (contype, NM_OPENVPN_CONTYPE_TLS)
|| !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)
|| !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) {
@@ -1077,6 +1126,20 @@
}
}
+ widget = glade_xml_get_widget (xml, "hmacauth_combo");
+ model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
+ if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget),
&iter)) {
+ char *hmacauth = NULL;
+ gboolean is_default = TRUE;
+
+ gtk_tree_model_get (model, &iter,
+ HMACAUTH_COL_NAME, &hmacauth,
+ HMACAUTH_COL_DEFAULT, &is_default,
-1);
+ if (!is_default && hmacauth) {
+ g_hash_table_insert (hash, g_strdup
(NM_OPENVPN_KEY_AUTH), g_strdup (hmacauth));
+ }
+ }
+
widget = glade_xml_get_widget (xml, "tls_auth_checkbutton");
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
char *filename;
diff -u NetworkManager-openvpn-0.7.0/properties/import-export.c.hmacauth
NetworkManager-openvpn-0.7.0/properties/import-export.c
--- NetworkManager-openvpn-0.7.0/properties/import-export.c.hmacauth
2008-10-29 11:36:20.000000000 +0100
+++ NetworkManager-openvpn-0.7.0/properties/import-export.c 2009-01-04
23:25:42.000000000 +0100
@@ -55,6 +55,7 @@
#define SECRET_TAG "secret"
#define AUTH_USER_PASS_TAG "auth-user-pass"
#define TLS_AUTH_TAG "tls-auth"
+#define AUTH_TAG "auth"
static gboolean
handle_path_item (const char *line,
@@ -315,8 +316,21 @@
continue;
}
- if (!strncmp (*line, AUTH_USER_PASS_TAG, strlen
(AUTH_USER_PASS_TAG)))
+ if (!strncmp (*line, AUTH_USER_PASS_TAG, strlen
(AUTH_USER_PASS_TAG))) {
have_pass = TRUE;
+ continue;
+ }
+
+ if (!strncmp (*line, AUTH_TAG, strlen (AUTH_TAG))) {
+ items = get_args (*line + strlen (AUTH_TAG));
+ if (!items)
+ continue;
+
+ if (g_strv_length (items))
+ nm_setting_vpn_add_data_item (s_vpn,
NM_OPENVPN_KEY_AUTH, items[0]);
+ g_strfreev (items);
+ continue;
+ }
}
if (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY))
diff -u
NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade.hmacauth
NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade
--- NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade.hmacauth
2009-01-04 23:25:42.000000000 +0100
+++ NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade
2009-01-04 23:55:55.000000000 +0100
@@ -950,7 +950,7 @@
<child>
<widget class="GtkTable" id="table9">
<property name="visible">True</property>
- <property name="n_rows">1</property>
+ <property name="n_rows">2</property>
<property name="n_columns">2</property>
<child>
<widget class="GtkComboBox" id="cipher_combo">
@@ -973,6 +973,31 @@
<property name="y_options"></property>
</packing>
</child>
+ <child>
+ <widget class="GtkComboBox" id="hmacauth_combo">
+ <property name="visible">True</property>
+ <property name="items" translatable="yes"> </property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+ <child>
+ <widget class="GtkLabel" id="label24">
+ <property name="visible">True</property>
+ <property name="xalign">0</property>
+ <property name="label" translatable="yes">HMAC
auth:</property>
+ </widget>
+ <packing>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
</widget>
<packing>
<property name="position">1</property>
diff -u NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c.hmacauth
NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c
--- NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c.hmacauth
2008-10-29 11:36:19.000000000 +0100
+++ NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c 2009-01-04
23:25:42.000000000 +0100
@@ -83,6 +83,7 @@
} ValidProperty;
static ValidProperty valid_properties[] = {
+ { NM_OPENVPN_KEY_AUTH, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_CA, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_CERT, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_CIPHER, G_TYPE_STRING, 0, 0, FALSE },
@@ -501,6 +502,18 @@
nm_vpn_plugin_set_state (plugin, NM_VPN_SERVICE_STATE_STOPPED);
}
+static gboolean
+validate_auth (const char *auth)
+{
+ if (auth) {
+ if ( !strcmp (auth, NM_OPENVPN_AUTH_NONE)
+ || !strcmp (auth, NM_OPENVPN_AUTH_MD5)
+ || !strcmp (auth, NM_OPENVPN_AUTH_SHA1))
+ return TRUE;
+ }
+ return FALSE;
+}
+
static const char *
validate_connection_type (const char *ctype)
{
@@ -575,7 +588,7 @@
GError **error)
{
NMOpenvpnPluginPrivate *priv = NM_OPENVPN_PLUGIN_GET_PRIVATE (plugin);
- const char *openvpn_binary, *connection_type, *tmp;
+ const char *openvpn_binary, *auth, *connection_type, *tmp;
GPtrArray *args;
GSource *openvpn_watch;
GPid pid;
@@ -590,6 +603,18 @@
"Could not find the openvpn binary.");
return FALSE;
}
+
+ auth = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_AUTH);
+ if (auth) {
+ if (!validate_auth(auth)) {
+ g_set_error (error,
+ NM_VPN_PLUGIN_ERROR,
+ NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ "%s",
+ "Invalid HMAC auth.");
+ return FALSE;
+ }
+ }
tmp = nm_setting_vpn_get_data_item (s_vpn,
NM_OPENVPN_KEY_CONNECTION_TYPE);
connection_type = validate_connection_type (tmp);
@@ -658,6 +683,12 @@
add_openvpn_arg (args, tmp);
}
+ /* Auth */
+ if (auth) {
+ add_openvpn_arg (args, "--auth");
+ add_openvpn_arg (args, auth);
+ }
+
/* TA */
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA);
if (tmp && strlen (tmp)) {
diff -u NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h.hmacauth
NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h
--- NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h.hmacauth
2008-09-13 22:47:24.000000000 +0200
+++ NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h 2009-01-04
23:25:42.000000000 +0100
@@ -38,6 +38,7 @@
#define NM_DBUS_INTERFACE_OPENVPN "org.freedesktop.NetworkManager.openvpn"
#define NM_DBUS_PATH_OPENVPN "/org/freedesktop/NetworkManager/openvpn"
+#define NM_OPENVPN_KEY_AUTH "auth"
#define NM_OPENVPN_KEY_CA "ca"
#define NM_OPENVPN_KEY_CERT "cert"
#define NM_OPENVPN_KEY_CIPHER "cipher"
@@ -63,6 +64,10 @@
*/
#define NM_OPENVPN_KEY_NOSECRET "no-secret"
+#define NM_OPENVPN_AUTH_NONE "none"
+#define NM_OPENVPN_AUTH_MD5 "MD5"
+#define NM_OPENVPN_AUTH_SHA1 "SHA1"
+
#define NM_OPENVPN_CONTYPE_TLS "tls"
#define NM_OPENVPN_CONTYPE_STATIC_KEY "static-key"
#define NM_OPENVPN_CONTYPE_PASSWORD "password"
_______________________________________________
NetworkManager-list mailing list
NetworkManager-list@gnome.org
http://mail.gnome.org/mailman/listinfo/networkmanager-list
