Hello, this is a new version of my patch to implement support for the auth option of openvpn. This patch must be applied after the patch to move the cipher option handling I posted just a few minutes ago.
Robert
diff -u NetworkManager-openvpn-0.7.0/properties/auth-helpers.c.hmacauth NetworkManager-openvpn-0.7.0/properties/auth-helpers.c --- NetworkManager-openvpn-0.7.0/properties/auth-helpers.c.hmacauth 2009-01-04 23:25:42.000000000 +0100 +++ NetworkManager-openvpn-0.7.0/properties/auth-helpers.c 2009-01-05 00:02:33.000000000 +0100 @@ -721,6 +721,7 @@ NM_OPENVPN_KEY_TAP_DEV, NM_OPENVPN_KEY_PROTO_TCP, NM_OPENVPN_KEY_CIPHER, + NM_OPENVPN_KEY_AUTH, NM_OPENVPN_KEY_TA_DIR, NM_OPENVPN_KEY_TA, NULL @@ -865,6 +866,50 @@ g_strfreev (items); } +#define HMACAUTH_COL_NAME 0 +#define HMACAUTH_COL_DEFAULT 1 + +static void +populate_hmacauth_combo (GtkComboBox *box, const char *hmacauth) +{ + GtkListStore *store; + GtkTreeIter iter; + gboolean active_initialized = FALSE; + gchar **item; + gchar *items[] = { + NM_OPENVPN_AUTH_NONE, + NM_OPENVPN_AUTH_MD5, + NM_OPENVPN_AUTH_SHA1, + NULL + }; + + store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_BOOLEAN); + gtk_combo_box_set_model (box, GTK_TREE_MODEL (store)); + + /* Add default option which won't pass --auth to openvpn */ + gtk_list_store_append (store, &iter); + gtk_list_store_set (store, &iter, + HMACAUTH_COL_NAME, _("Default"), + HMACAUTH_COL_DEFAULT, TRUE, -1); + + /* Add options */ + for (item = items; *item; item++) { + gtk_list_store_append (store, &iter); + gtk_list_store_set (store, &iter, + HMACAUTH_COL_NAME, *item, + HMACAUTH_COL_DEFAULT, FALSE, -1); + if (hmacauth && !strcmp (*item, hmacauth)) { + gtk_combo_box_set_active_iter (box, &iter); + active_initialized = TRUE; + } + } + + if (!active_initialized) + gtk_combo_box_set_active (box, 0); + + g_object_unref (store); +} + static void tls_auth_toggled_cb (GtkWidget *widget, gpointer user_data) { @@ -963,6 +1008,10 @@ value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_CIPHER); populate_cipher_combo (GTK_COMBO_BOX (widget), value); + widget = glade_xml_get_widget (xml, "hmacauth_combo"); + value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_AUTH); + populate_hmacauth_combo (GTK_COMBO_BOX (widget), value); + if ( !strcmp (contype, NM_OPENVPN_CONTYPE_TLS) || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS) || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) { @@ -1077,6 +1126,20 @@ } } + widget = glade_xml_get_widget (xml, "hmacauth_combo"); + model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); + if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) { + char *hmacauth = NULL; + gboolean is_default = TRUE; + + gtk_tree_model_get (model, &iter, + HMACAUTH_COL_NAME, &hmacauth, + HMACAUTH_COL_DEFAULT, &is_default, -1); + if (!is_default && hmacauth) { + g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_AUTH), g_strdup (hmacauth)); + } + } + widget = glade_xml_get_widget (xml, "tls_auth_checkbutton"); if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { char *filename; diff -u NetworkManager-openvpn-0.7.0/properties/import-export.c.hmacauth NetworkManager-openvpn-0.7.0/properties/import-export.c --- NetworkManager-openvpn-0.7.0/properties/import-export.c.hmacauth 2008-10-29 11:36:20.000000000 +0100 +++ NetworkManager-openvpn-0.7.0/properties/import-export.c 2009-01-04 23:25:42.000000000 +0100 @@ -55,6 +55,7 @@ #define SECRET_TAG "secret" #define AUTH_USER_PASS_TAG "auth-user-pass" #define TLS_AUTH_TAG "tls-auth" +#define AUTH_TAG "auth" static gboolean handle_path_item (const char *line, @@ -315,8 +316,21 @@ continue; } - if (!strncmp (*line, AUTH_USER_PASS_TAG, strlen (AUTH_USER_PASS_TAG))) + if (!strncmp (*line, AUTH_USER_PASS_TAG, strlen (AUTH_USER_PASS_TAG))) { have_pass = TRUE; + continue; + } + + if (!strncmp (*line, AUTH_TAG, strlen (AUTH_TAG))) { + items = get_args (*line + strlen (AUTH_TAG)); + if (!items) + continue; + + if (g_strv_length (items)) + nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_AUTH, items[0]); + g_strfreev (items); + continue; + } } if (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY)) diff -u NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade.hmacauth NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade --- NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade.hmacauth 2009-01-04 23:25:42.000000000 +0100 +++ NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade 2009-01-04 23:55:55.000000000 +0100 @@ -950,7 +950,7 @@ <child> <widget class="GtkTable" id="table9"> <property name="visible">True</property> - <property name="n_rows">1</property> + <property name="n_rows">2</property> <property name="n_columns">2</property> <child> <widget class="GtkComboBox" id="cipher_combo"> @@ -973,6 +973,31 @@ <property name="y_options"></property> </packing> </child> + <child> + <widget class="GtkComboBox" id="hmacauth_combo"> + <property name="visible">True</property> + <property name="items" translatable="yes"> </property> + </widget> + <packing> + <property name="left_attach">1</property> + <property name="right_attach">2</property> + <property name="top_attach">1</property> + <property name="bottom_attach">2</property> + <property name="y_options"></property> + </packing> + </child> + <child> + <widget class="GtkLabel" id="label24"> + <property name="visible">True</property> + <property name="xalign">0</property> + <property name="label" translatable="yes">HMAC auth:</property> + </widget> + <packing> + <property name="top_attach">1</property> + <property name="bottom_attach">2</property> + <property name="y_options"></property> + </packing> + </child> </widget> <packing> <property name="position">1</property> diff -u NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c.hmacauth NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c --- NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c.hmacauth 2008-10-29 11:36:19.000000000 +0100 +++ NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c 2009-01-04 23:25:42.000000000 +0100 @@ -83,6 +83,7 @@ } ValidProperty; static ValidProperty valid_properties[] = { + { NM_OPENVPN_KEY_AUTH, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_CA, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_CERT, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_CIPHER, G_TYPE_STRING, 0, 0, FALSE }, @@ -501,6 +502,18 @@ nm_vpn_plugin_set_state (plugin, NM_VPN_SERVICE_STATE_STOPPED); } +static gboolean +validate_auth (const char *auth) +{ + if (auth) { + if ( !strcmp (auth, NM_OPENVPN_AUTH_NONE) + || !strcmp (auth, NM_OPENVPN_AUTH_MD5) + || !strcmp (auth, NM_OPENVPN_AUTH_SHA1)) + return TRUE; + } + return FALSE; +} + static const char * validate_connection_type (const char *ctype) { @@ -575,7 +588,7 @@ GError **error) { NMOpenvpnPluginPrivate *priv = NM_OPENVPN_PLUGIN_GET_PRIVATE (plugin); - const char *openvpn_binary, *connection_type, *tmp; + const char *openvpn_binary, *auth, *connection_type, *tmp; GPtrArray *args; GSource *openvpn_watch; GPid pid; @@ -590,6 +603,18 @@ "Could not find the openvpn binary."); return FALSE; } + + auth = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_AUTH); + if (auth) { + if (!validate_auth(auth)) { + g_set_error (error, + NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "%s", + "Invalid HMAC auth."); + return FALSE; + } + } tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE); connection_type = validate_connection_type (tmp); @@ -658,6 +683,12 @@ add_openvpn_arg (args, tmp); } + /* Auth */ + if (auth) { + add_openvpn_arg (args, "--auth"); + add_openvpn_arg (args, auth); + } + /* TA */ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA); if (tmp && strlen (tmp)) { diff -u NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h.hmacauth NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h --- NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h.hmacauth 2008-09-13 22:47:24.000000000 +0200 +++ NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h 2009-01-04 23:25:42.000000000 +0100 @@ -38,6 +38,7 @@ #define NM_DBUS_INTERFACE_OPENVPN "org.freedesktop.NetworkManager.openvpn" #define NM_DBUS_PATH_OPENVPN "/org/freedesktop/NetworkManager/openvpn" +#define NM_OPENVPN_KEY_AUTH "auth" #define NM_OPENVPN_KEY_CA "ca" #define NM_OPENVPN_KEY_CERT "cert" #define NM_OPENVPN_KEY_CIPHER "cipher" @@ -63,6 +64,10 @@ */ #define NM_OPENVPN_KEY_NOSECRET "no-secret" +#define NM_OPENVPN_AUTH_NONE "none" +#define NM_OPENVPN_AUTH_MD5 "MD5" +#define NM_OPENVPN_AUTH_SHA1 "SHA1" + #define NM_OPENVPN_CONTYPE_TLS "tls" #define NM_OPENVPN_CONTYPE_STATIC_KEY "static-key" #define NM_OPENVPN_CONTYPE_PASSWORD "password"
_______________________________________________ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list