Hi Thomas,
Please take a look at the attached patches, I think I've addressed your remarks.
Cheers,
Matthias
>From 4c8233ef12eec9787536b9028618e76d188db372 Mon Sep 17 00:00:00 2001
From: Matthias Berndt <matthias.ber...@riskident.com>
Date: Fri, 22 Jan 2016 13:52:38 +0100
Subject: [PATCH 1/3] - allow comment lines inside blobs - prevent do_import
from processing lines that were already processed by handle_blob_item
---
properties/import-export.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/properties/import-export.c b/properties/import-export.c
index d624b52..0ef037a 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -222,7 +222,7 @@ handle_blob_item (const char ***line,
p++; \
if (!*p) \
goto finish; \
- } while (!*p[0]); \
+ } while (*p[0] == '\0' || *p[0] == '#' || *p[0] == ';'); \
} G_STMT_END
if (!strcmp (key, NM_OPENVPN_KEY_CA)) {
@@ -294,7 +294,7 @@ handle_blob_item (const char ***line,
nm_setting_vpn_add_data_item (s_vpn, key, path);
finish:
- line = &p;
+ *line = p;
g_free (filename);
g_free (dirname);
g_free (path);
--
2.5.0
>From 1962edfd047627751e9a3c828be07ca4f8af0145 Mon Sep 17 00:00:00 2001
From: Matthias Berndt <matthias.ber...@riskident.com>
Date: Fri, 22 Jan 2016 13:58:28 +0100
Subject: [PATCH 2/3] handle tls-auth blobs correctly
---
properties/import-export.c | 43 ++++++++++++++++++++++++++++++++++++-------
1 file changed, 36 insertions(+), 7 deletions(-)
diff --git a/properties/import-export.c b/properties/import-export.c
index 0ef037a..c6a3fd6 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -105,6 +105,9 @@
#define RPORT_TAG "rport "
#define SECRET_TAG "secret "
#define TLS_AUTH_TAG "tls-auth "
+#define TLS_AUTH_BLOB_START_TAG "<tls-auth>"
+#define TLS_AUTH_BLOB_END_TAG "</tls-auth>"
+#define KEY_DIRECTION_TAG "key-direction "
#define TLS_CLIENT_TAG "tls-client"
#define TLS_REMOTE_TAG "tls-remote "
#define REMOTE_CERT_TLS_TAG "remote-cert-tls "
@@ -192,21 +195,28 @@ handle_path_item (const char *line,
return TRUE;
}
+static void
+handle_direction (const char *tag, const char *key, char *leftover, NMSettingVpn *s_vpn);
+
#define CERT_BEGIN "-----BEGIN CERTIFICATE-----"
#define CERT_END "-----END CERTIFICATE-----"
#define PRIV_KEY_BEGIN "-----BEGIN PRIVATE KEY-----"
#define PRIV_KEY_END "-----END PRIVATE KEY-----"
#define RSA_PRIV_KEY_BEGIN "-----BEGIN RSA PRIVATE KEY-----"
#define RSA_PRIV_KEY_END "-----END RSA PRIVATE KEY-----"
+#define STATIC_KEY_BEGIN "-----BEGIN OpenVPN Static key V1-----"
+#define STATIC_KEY_END "-----END OpenVPN Static key V1-----"
static gboolean
handle_blob_item (const char ***line,
const char *key,
NMSettingVpn *s_vpn,
const char *name,
- GError **error)
+ GError **error,
+ char *last_seen_key_direction)
{
gboolean success = FALSE;
+ const char *key_direction_tag = NULL;
const char *blob_mark_start, *blob_mark_end;
const char *blob_mark_start2 = NULL, *blob_mark_end2 = NULL;
const char *start_tag, *end_tag;
@@ -235,6 +245,12 @@ handle_blob_item (const char ***line,
end_tag = CERT_BLOB_END_TAG;
blob_mark_start = CERT_BEGIN;
blob_mark_end = CERT_END;
+ } else if (!strcmp (key, NM_OPENVPN_KEY_TA)) {
+ start_tag = TLS_AUTH_BLOB_START_TAG;
+ end_tag = TLS_AUTH_BLOB_END_TAG;
+ blob_mark_start = STATIC_KEY_BEGIN;
+ blob_mark_end = STATIC_KEY_END;
+ key_direction_tag = "tls-auth";
} else if (!strcmp (key, NM_OPENVPN_KEY_KEY)) {
start_tag = KEY_BLOB_START_TAG;
end_tag = KEY_BLOB_END_TAG;
@@ -244,10 +260,10 @@ handle_blob_item (const char ***line,
blob_mark_end2 = RSA_PRIV_KEY_END;
} else
g_return_val_if_reached (FALSE);
-
p = *line;
if (strncmp (*p, start_tag, strlen (start_tag)))
goto finish;
+
NEXT_LINE;
if (blob_mark_start2 && !strcmp (*p, blob_mark_start2)) {
@@ -286,13 +302,17 @@ handle_blob_item (const char ***line,
/* Write the new file */
g_string_prepend_c (in_file, '\n');
g_string_prepend (in_file, blob_mark_start);
- g_string_append_printf (in_file, "%s", blob_mark_end);
+ g_string_append_printf (in_file, "%s\n", blob_mark_end);
success = g_file_set_contents (path, in_file->str, -1, error);
if (!success)
goto finish;
nm_setting_vpn_add_data_item (s_vpn, key, path);
-
+ if (key_direction_tag)
+ handle_direction(key_direction_tag,
+ NM_OPENVPN_KEY_TA_DIR,
+ last_seen_key_direction,
+ s_vpn);
finish:
*line = p;
g_free (filename);
@@ -300,6 +320,7 @@ finish:
g_free (path);
if (in_file)
g_string_free (in_file, TRUE);
+
return success;
}
@@ -507,6 +528,7 @@ do_import (const char *path, const char *contents, GError **error)
char *new_contents = NULL;
gboolean http_proxy = FALSE, socks_proxy = FALSE, proxy_set = FALSE;
int nitems;
+ char *last_seen_key_direction = NULL;
connection = nm_simple_connection_new ();
s_con = NM_SETTING_CONNECTION (nm_setting_connection_new ());
@@ -578,6 +600,10 @@ do_import (const char *path, const char *contents, GError **error)
continue;
}
+ if (!strncmp(*line, KEY_DIRECTION_TAG, strlen (KEY_DIRECTION_TAG))) {
+ last_seen_key_direction = *line + strlen(KEY_DIRECTION_TAG);
+ }
+
if (!strncmp (*line, DEV_TAG, strlen (DEV_TAG))) {
items = get_args (*line + strlen (DEV_TAG), &nitems);
if (nitems == 1) {
@@ -859,13 +885,16 @@ do_import (const char *path, const char *contents, GError **error)
if (handle_path_item (*line, KEY_TAG, NM_OPENVPN_KEY_KEY, s_vpn, default_path, NULL))
continue;
- if (handle_blob_item ((const char ***)&line, NM_OPENVPN_KEY_CA, s_vpn, basename, NULL))
+ if (handle_blob_item ((const char ***)&line, NM_OPENVPN_KEY_CA, s_vpn, basename, NULL, last_seen_key_direction))
+ continue;
+
+ if (handle_blob_item ((const char ***)&line, NM_OPENVPN_KEY_CERT, s_vpn, basename, NULL, last_seen_key_direction))
continue;
- if (handle_blob_item ((const char ***)&line, NM_OPENVPN_KEY_CERT, s_vpn, basename, NULL))
+ if (handle_blob_item ((const char ***)&line, NM_OPENVPN_KEY_KEY, s_vpn, basename, NULL, last_seen_key_direction))
continue;
- if (handle_blob_item ((const char ***)&line, NM_OPENVPN_KEY_KEY, s_vpn, basename, NULL))
+ if (handle_blob_item ((const char ***)&line, NM_OPENVPN_KEY_TA, s_vpn, basename, NULL, last_seen_key_direction))
continue;
if (handle_path_item (*line, SECRET_TAG, NM_OPENVPN_KEY_STATIC_KEY,
--
2.5.0
>From dbfa302a715b9feb3a63a5062033ac1c09b847af Mon Sep 17 00:00:00 2001
From: Matthias Berndt <matthias.ber...@riskident.com>
Date: Fri, 22 Jan 2016 16:42:21 +0100
Subject: [PATCH 3/3] add test for blob item parsing
---
properties/tests/conf/tls-inline-ca.pem | 18 ++++
properties/tests/conf/tls-inline-cert.pem | 22 +++++
properties/tests/conf/tls-inline-key.pem | 51 +++++++++++
properties/tests/conf/tls-inline-ta.pem | 18 ++++
properties/tests/conf/tls-inline.ovpn | 146 ++++++++++++++++++++++++++++++
properties/tests/test-import-export.c | 89 ++++++++++++++++++
6 files changed, 344 insertions(+)
create mode 100644 properties/tests/conf/tls-inline-ca.pem
create mode 100644 properties/tests/conf/tls-inline-cert.pem
create mode 100644 properties/tests/conf/tls-inline-key.pem
create mode 100644 properties/tests/conf/tls-inline-ta.pem
create mode 100644 properties/tests/conf/tls-inline.ovpn
diff --git a/properties/tests/conf/tls-inline-ca.pem b/properties/tests/conf/tls-inline-ca.pem
new file mode 100644
index 0000000..f051ebe
--- /dev/null
+++ b/properties/tests/conf/tls-inline-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9zCCAd+gAwIBAgIJAMiKuqrHoqE2MA0GCSqGSIb3DQEBDQUAMBIxEDAOBgNV
+BAMMB3Rlc3QtY2EwHhcNMTYwMTIyMTMxNzQ5WhcNMTgxMTExMTMxNzQ5WjASMRAw
+DgYDVQQDDAd0ZXN0LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+pg9t+Tuwi6yU+rGz+TkNMwYMvyAAxImfcclrLDoUxL6pA8qdAEqxtLqeoJaY5pzX
+cxBbr6ZgXuBvWF3D6la8D86vLOfP7mJxSiktEVae3Z/RrPuwqX1x/wkQRK4e1o9w
+VwTNVka0p2phJUOtALGfufIsHkL54iushxwVJ9NWDrObA9fPIJTfsAyTpBuQgIzm
+qb91nn50aF/shSdzRDhvs/BIRh+IIqUtgm5LbwDNz4gZnQRpkL2Ta5wUVc8/+iH9
+EY60AbbCtAnji278YT2IeFLCjezH1JwEiccbC3+g4mn2oHsd48cgppDV/tENWAzP
+yBjdPxikDYOSg7F4UuA8fQIDAQABo1AwTjAdBgNVHQ4EFgQUIbmxkSfwBRkbgiAM
+w+H9ccZnStQwHwYDVR0jBBgwFoAUIbmxkSfwBRkbgiAMw+H9ccZnStQwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAQEAjTsHpzg1zOI9z7CxYy66XLOMA/tO
+Vy6i1lqtwHsOn540y91W1dkpNe1DxI3qbWedAsEvgjCwgmBNI5Za6d48ot4vqx7j
+ItWtfJFCtX6LRKkLR97yR6ZeqdcnuZuc0hnofo0NDhbUa8RAaHuVLIgMqn3L/ET4
+HmO3GpQ81Y4pWqQCPbWbQIwGQ3gBBcfn8+g3Q5GZ0r2oCYGl7QlDvZnbLn1frDrV
+ALPX6sA/1Fzx+VFMdwJFuhupZYXTA+NSiPu4mqGkedQwzdeQRyStlYo51hi5Af2B
+LZR3iq5pNe7DW2YaqcSdQsrFVl3y5btaw/+R2lyZtiStTMGA+SphvLn4/w==
+-----END CERTIFICATE-----
diff --git a/properties/tests/conf/tls-inline-cert.pem b/properties/tests/conf/tls-inline-cert.pem
new file mode 100644
index 0000000..352a2fe
--- /dev/null
+++ b/properties/tests/conf/tls-inline-cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDojCCAooCCQCu+mQn9w/PJDANBgkqhkiG9w0BAQ0FADASMRAwDgYDVQQDDAd0
+ZXN0LWNhMB4XDTE2MDEyMjEzMjAwNFoXDTE3MDEyMTEzMjAwNFowFDESMBAGA1UE
+AwwJdGVzdC1jZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv/dC
+/LXKu1V9OOTxznvvLvoxtXFsDvywO4qtWcYip9CloNjUD03kJJBzrzAnV+EOCg94
+5Nw6SFMbbZ751H+or6S58pyy+9Iyxu1Uo3ION+1bbeCqcOv+BCMKovuqavlzmN/o
+yO4ll4Iz+0CqznwbE4IePG4bKmS2nm11CD9Kw6b/3qz9fdaXb+/DuOlqvLQNHrfm
+VnS2Z7HKzNWhac9dLTst0mYrZ/Fs8puSSI83BvGZgzuYdtarJIcMoOzXN7BmO2XZ
+EI2iMMXeNLwv65MdJ6MYZ1CAtY7frSVlKiLTrZL83Elz2R66l3MLCng6dI+2f6sM
+duFKTb7Mzzlq3Lldt4EeA3vcmzPgH4W8Ihu4IgNSVMTawEnMTW7fvHdZtK7Geqsc
+/mY9IJYpwrQkuDlGcB0Nzteg1v+w3kvU79/16lfuzWHlsVvDPBk2UBiXicL45jaD
+xARwPNdyFYAglURwcFrpOmq2GGml1qMB6s55K8dzqe+ZmDm1mfVdGseBjTcrBFbi
+ZRZWhmY3MSkuQ5FhDDB55U59aGAIeSwv265GDNFv9M/cTV/+SEpzv+o6lROycN/+
+PGC74FT19f9E3nmZu+B0pV5ByP0NARc5tlvGQ2WnuHuNmo6KfNujcqRqZInkk6HS
+BPotLss3GZcJ97qkbw1A8oghx29pG8edJy52w/MCAwEAATANBgkqhkiG9w0BAQ0F
+AAOCAQEAkUVsxyanQN1iPW3d17hfZ3o0lmSihZkw396FXP34tGUeIvk2EbFHS1Jy
+3Gh4r1adB5bil0X1GYU8AFPKaM+CqWagyBAYXwX6YaXb1pzFn8Ixw6t0gRoAW9ex
+MW4Eduh8JOYi+KkJaXj5SAVDd3ZDCIwW3rN+jIMy2tvnuWW07UW5HvOZ4qRXyOlZ
+mqUBgft97uOiVEor8KEhrBzgGzT72ELOykzZGWEuWWy0ytbPrAc+XyodvylvAGzR
+lj74pDerwl/oUl80vRgEl8M1o4nGdoe17SfaGhD7MP+YD2HmY2kTCw8ks70KBpxJ
+nCtKkguacJwDtUeh2jpbXZKBQAgqkw==
+-----END CERTIFICATE-----
diff --git a/properties/tests/conf/tls-inline-key.pem b/properties/tests/conf/tls-inline-key.pem
new file mode 100644
index 0000000..d9956fd
--- /dev/null
+++ b/properties/tests/conf/tls-inline-key.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEAv/dC/LXKu1V9OOTxznvvLvoxtXFsDvywO4qtWcYip9CloNjU
+D03kJJBzrzAnV+EOCg945Nw6SFMbbZ751H+or6S58pyy+9Iyxu1Uo3ION+1bbeCq
+cOv+BCMKovuqavlzmN/oyO4ll4Iz+0CqznwbE4IePG4bKmS2nm11CD9Kw6b/3qz9
+fdaXb+/DuOlqvLQNHrfmVnS2Z7HKzNWhac9dLTst0mYrZ/Fs8puSSI83BvGZgzuY
+dtarJIcMoOzXN7BmO2XZEI2iMMXeNLwv65MdJ6MYZ1CAtY7frSVlKiLTrZL83Elz
+2R66l3MLCng6dI+2f6sMduFKTb7Mzzlq3Lldt4EeA3vcmzPgH4W8Ihu4IgNSVMTa
+wEnMTW7fvHdZtK7Geqsc/mY9IJYpwrQkuDlGcB0Nzteg1v+w3kvU79/16lfuzWHl
+sVvDPBk2UBiXicL45jaDxARwPNdyFYAglURwcFrpOmq2GGml1qMB6s55K8dzqe+Z
+mDm1mfVdGseBjTcrBFbiZRZWhmY3MSkuQ5FhDDB55U59aGAIeSwv265GDNFv9M/c
+TV/+SEpzv+o6lROycN/+PGC74FT19f9E3nmZu+B0pV5ByP0NARc5tlvGQ2WnuHuN
+mo6KfNujcqRqZInkk6HSBPotLss3GZcJ97qkbw1A8oghx29pG8edJy52w/MCAwEA
+AQKCAgAlSagvYjiA7vgl5wK5MwWgwGSLc/6jYp3w0t0dRQlSQ4sIlVWLq3uXRp/R
+9a6OuV56wcqf2c9QYSRAxNKOXkWr6HleEOYLWCcY0NzR6sOsRWSvESbKTGzI7O2R
+/wR5Rv8XQNb8wJV4uofSVBtZhG3V+j5ZSqHoOCvo1iYXdgPVwUiOPlf264n66j3A
+W0aqZObvgpUxUfZkafqUkyKJZQgaUxZxefsQc6rP7Twa8AamSKOjBB53ZvdTXxAq
+6hZb8N3Kx9vEBV7tzmF9KNi+D5NoMZv55X86xQfZoBvodV9cpeKL/5CLKhbgeC46
+2GOyZH/0iIshRF2kgF1UGzkQqsjzF2YPAgIXYA5nCSln/qf9Xt9/iXzMvkEsD94J
+SGxPrjoNpcd0JXsQRiEuxJnQUZrFlP1egFC1sHmGDt9NJ2T1nGFGeaX0yfpjwo8o
+wSqYC4/fzFwED80OFNujWQBKeposBztzmYviSh/ls+lAXFPSki+UTld9XmI5Ju/6
+6yMiORUVGNa+/Swc5ymXcbgD0x5lZtDtx7pAkkZJE7apdUTZWo9xgi9/WnBzZozE
+PEVVZjmnU7xfcxK2YQbgS5eAAScuh6T+Np4wBJinqdZpoTy33cNu4hquGMAvtfhZ
+MHQJ9mQb0ZzrYKYTqC/dCJmHcKozpoRlXExtkKKS1Uu6wCJmsQKCAQEA+L2M2Pb7
+O4vyJle0TVRi6T4s337T9JLXbyPXlD5KBF3VD3S4Wc1eks7oeORE20JeI4WdWbbI
+5lF+fZCo7Uwok2SZDbdgVK5NeBl7P2eDWAOTTR+mcZ7XWhR5TD2Nu1fU1AagSnIH
+ac+q94vltojt8bGd0+wGPVr1jsUr/uWzS8dCuAttuXl2cgKO2rc1c6AkWGXX1W7d
+H283HoFHwbpeulTL0pULD5pFQtDwS1NI+T4Rr/E9lmm3V2/XZS06UklFA/C0ZpE4
+atVXWNPWkObeZP8U84h66jUisO40cHTSQRj6+0dqEYECmmDX1bOIkxGAPfdjhOgd
+VNYMQljpyIaKNQKCAQEAxZGGCgn/Ab6oX77R89/8QlJJlJcz5zl+qmKfdVCV2d+p
+B7TIlXEMwgxyGzmYQrmPGpLcolRGn+JHi43/8hkGegjhS9jCh5ndRoTQVlMxczR7
+aJH/fh9YVuvIl7hTiIUbuEklbYnuh9tSfGJtZG7gSICjx3YnKgMNbpMRrA00NX0h
+qtQS6kE1X4CjNIi4i6uUHziFJ3127kBN9WTzph1DhO5F9IfH91j+qnuzkQlKLoDP
+DTnv9dXuhAjOy87ugdNYrgfdlt9Jm36lY9x+WLiuRg1gdCj+6hGxZpgkAO+Hsqcc
+0aRyVevBFGk8eiMSkHmMN1XeT/gb0w+DCO90iuCahwKCAQEAvQX2oe5WjzLTSrX9
+i4JkRBF+sjzEP6jTVF8tdTc8skLIJZ2ydnPtuazI1w3JEcJGncHtCH8x/mzRrgQf
+i20DrLaW5OiEqPVoY6shkNZN5rWY29QAfXmS9551ay2fpk2hq5p5dvlejtdEeify
+4hr+j1xFrwU+3KNh1iQaQfM2pJCBMDFnKbqW+x7chnMRiJOa6x5Bva0pFrlCbskZ
+yauiTwEffyDKLgozNgpngSaCXv3/HPA7uDEQJb8VNYsANgX+D3d88DDNacpEPXmG
+Jcl8Gc4KkuMVXSQR/9iVOxxbpyKfoBLuFO0wGDcd7gUn9XMoPG7iTt7BY3XiDQ1a
+Y4tyPQKCAQEAjDySj1evGdbyfxvcvaX00kLEleOJ5QwLm/frRgOQiplWyvCJHIKl
+Uqww5qBIMryyFmO+lr8Jbn3Y2PdPgNJApajd+s9+rXAK//5QP6ZHyIWtP3m6iBTJ
+yNEOjps5OAN7vKC3H3yzwt1sPHxFN+/35Z7iIjf87rZB94YPGjg5IeqTVkW4s2zb
+7NFLh4Owsvt0ZYDiCzjkjZM5gwFIbVYCUj4ri7pBt5IFGpA50q5saHvn/HRunupe
+pnv2Bfb5l0+kd8t/f5M5FVWdIjgluuZEVdcy6uEaqJ0sdi1yCPP9N1Olgi2fNtvk
+Lo/QbMWubLzKSZD6/3qWjYdKNLJ74AQzywKCAQEAxHLfZajXY4YYz1BXbsSQrzqq
+7bgnZaXIsgK03McCrt5XQY7ghLF9j2w/rQLrvFA5pMZ8x6GKmoy95i6FGHm7i4rd
+Cu40r2tRUC5IugVxfa2/MUC4v94JjecwkozwgD0SPGwIQVyBDjewTeoQNXRUYZ/I
+hR/fOhfbcpPl9Z/EIkIy5qbCJxzNxG0L3sKMjSlywfC0yazyoaraNtdslHhHO+IP
+rwJTkcFBJ3zf3oYYfRJAzAs0IAfUL5XgQUnNarC8uExCjtcs6TAhNEkoopcvVwAM
+GV1Yd6yBQHcbi55KeCKYklG7YpX5nqTV5Sk3sTNeUPBcKMS+Mryry8yoTUtCQQ==
+-----END RSA PRIVATE KEY-----
diff --git a/properties/tests/conf/tls-inline-ta.pem b/properties/tests/conf/tls-inline-ta.pem
new file mode 100644
index 0000000..f13ac58
--- /dev/null
+++ b/properties/tests/conf/tls-inline-ta.pem
@@ -0,0 +1,18 @@
+-----BEGIN OpenVPN Static key V1-----
+378e209d0fe8efe398afa86bdb19b9a8
+f9cc3ae06e42f9468f97d81724101046
+1722e4888756212c05dd0e9341e28388
+aa6f1ea6fbb46779a2e1ce6db1fcef47
+69bd0266c9e14f02a2f19760e77d2f71
+59f6e96769bcc09eda1786adbbd51a50
+f027a829b0a71106b01a046972b1cd20
+41774be1515f81e8760da576077f543d
+75d6deb92c9bfd7760a12b0f05938e7d
+63fc0c663cdbb623d3f45fcfcbc2009c
+1fc36c7b8ecc147462fb7c8747676574
+3b7bd0d6a89aa90514d453b9f1b92e22
+57bb24180cd867357131ac9972f118b8
+d4cebc0da588fed8ec73b9b9be86962d
+1a28946996a012767fae84851c126bab
+65fee86c5e72d11c6d10c01728e33000
+-----END OpenVPN Static key V1-----
diff --git a/properties/tests/conf/tls-inline.ovpn b/properties/tests/conf/tls-inline.ovpn
new file mode 100644
index 0000000..373d6f3
--- /dev/null
+++ b/properties/tests/conf/tls-inline.ovpn
@@ -0,0 +1,146 @@
+remote 173.8.149.245 1194
+resolv-retry infinite
+
+dev tun
+persist-key
+persist-tun
+link-mtu 1400
+proto udp
+nobind
+pull
+tls-client
+
+float
+
+<ca>
+# comments are allowed here!
+
+# and so are empty lines
+-----BEGIN CERTIFICATE-----
+MIIC9zCCAd+gAwIBAgIJAMiKuqrHoqE2MA0GCSqGSIb3DQEBDQUAMBIxEDAOBgNV
+BAMMB3Rlc3QtY2EwHhcNMTYwMTIyMTMxNzQ5WhcNMTgxMTExMTMxNzQ5WjASMRAw
+DgYDVQQDDAd0ZXN0LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+pg9t+Tuwi6yU+rGz+TkNMwYMvyAAxImfcclrLDoUxL6pA8qdAEqxtLqeoJaY5pzX
+cxBbr6ZgXuBvWF3D6la8D86vLOfP7mJxSiktEVae3Z/RrPuwqX1x/wkQRK4e1o9w
+VwTNVka0p2phJUOtALGfufIsHkL54iushxwVJ9NWDrObA9fPIJTfsAyTpBuQgIzm
+qb91nn50aF/shSdzRDhvs/BIRh+IIqUtgm5LbwDNz4gZnQRpkL2Ta5wUVc8/+iH9
+EY60AbbCtAnji278YT2IeFLCjezH1JwEiccbC3+g4mn2oHsd48cgppDV/tENWAzP
+yBjdPxikDYOSg7F4UuA8fQIDAQABo1AwTjAdBgNVHQ4EFgQUIbmxkSfwBRkbgiAM
+w+H9ccZnStQwHwYDVR0jBBgwFoAUIbmxkSfwBRkbgiAMw+H9ccZnStQwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAQEAjTsHpzg1zOI9z7CxYy66XLOMA/tO
+Vy6i1lqtwHsOn540y91W1dkpNe1DxI3qbWedAsEvgjCwgmBNI5Za6d48ot4vqx7j
+ItWtfJFCtX6LRKkLR97yR6ZeqdcnuZuc0hnofo0NDhbUa8RAaHuVLIgMqn3L/ET4
+HmO3GpQ81Y4pWqQCPbWbQIwGQ3gBBcfn8+g3Q5GZ0r2oCYGl7QlDvZnbLn1frDrV
+ALPX6sA/1Fzx+VFMdwJFuhupZYXTA+NSiPu4mqGkedQwzdeQRyStlYo51hi5Af2B
+LZR3iq5pNe7DW2YaqcSdQsrFVl3y5btaw/+R2lyZtiStTMGA+SphvLn4/w==
+-----END CERTIFICATE-----
+</ca>
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIDojCCAooCCQCu+mQn9w/PJDANBgkqhkiG9w0BAQ0FADASMRAwDgYDVQQDDAd0
+ZXN0LWNhMB4XDTE2MDEyMjEzMjAwNFoXDTE3MDEyMTEzMjAwNFowFDESMBAGA1UE
+AwwJdGVzdC1jZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv/dC
+/LXKu1V9OOTxznvvLvoxtXFsDvywO4qtWcYip9CloNjUD03kJJBzrzAnV+EOCg94
+5Nw6SFMbbZ751H+or6S58pyy+9Iyxu1Uo3ION+1bbeCqcOv+BCMKovuqavlzmN/o
+yO4ll4Iz+0CqznwbE4IePG4bKmS2nm11CD9Kw6b/3qz9fdaXb+/DuOlqvLQNHrfm
+VnS2Z7HKzNWhac9dLTst0mYrZ/Fs8puSSI83BvGZgzuYdtarJIcMoOzXN7BmO2XZ
+EI2iMMXeNLwv65MdJ6MYZ1CAtY7frSVlKiLTrZL83Elz2R66l3MLCng6dI+2f6sM
+duFKTb7Mzzlq3Lldt4EeA3vcmzPgH4W8Ihu4IgNSVMTawEnMTW7fvHdZtK7Geqsc
+/mY9IJYpwrQkuDlGcB0Nzteg1v+w3kvU79/16lfuzWHlsVvDPBk2UBiXicL45jaD
+xARwPNdyFYAglURwcFrpOmq2GGml1qMB6s55K8dzqe+ZmDm1mfVdGseBjTcrBFbi
+ZRZWhmY3MSkuQ5FhDDB55U59aGAIeSwv265GDNFv9M/cTV/+SEpzv+o6lROycN/+
+PGC74FT19f9E3nmZu+B0pV5ByP0NARc5tlvGQ2WnuHuNmo6KfNujcqRqZInkk6HS
+BPotLss3GZcJ97qkbw1A8oghx29pG8edJy52w/MCAwEAATANBgkqhkiG9w0BAQ0F
+AAOCAQEAkUVsxyanQN1iPW3d17hfZ3o0lmSihZkw396FXP34tGUeIvk2EbFHS1Jy
+3Gh4r1adB5bil0X1GYU8AFPKaM+CqWagyBAYXwX6YaXb1pzFn8Ixw6t0gRoAW9ex
+MW4Eduh8JOYi+KkJaXj5SAVDd3ZDCIwW3rN+jIMy2tvnuWW07UW5HvOZ4qRXyOlZ
+mqUBgft97uOiVEor8KEhrBzgGzT72ELOykzZGWEuWWy0ytbPrAc+XyodvylvAGzR
+lj74pDerwl/oUl80vRgEl8M1o4nGdoe17SfaGhD7MP+YD2HmY2kTCw8ks70KBpxJ
+nCtKkguacJwDtUeh2jpbXZKBQAgqkw==
+-----END CERTIFICATE-----
+</cert>
+<key>
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEAv/dC/LXKu1V9OOTxznvvLvoxtXFsDvywO4qtWcYip9CloNjU
+D03kJJBzrzAnV+EOCg945Nw6SFMbbZ751H+or6S58pyy+9Iyxu1Uo3ION+1bbeCq
+cOv+BCMKovuqavlzmN/oyO4ll4Iz+0CqznwbE4IePG4bKmS2nm11CD9Kw6b/3qz9
+fdaXb+/DuOlqvLQNHrfmVnS2Z7HKzNWhac9dLTst0mYrZ/Fs8puSSI83BvGZgzuY
+dtarJIcMoOzXN7BmO2XZEI2iMMXeNLwv65MdJ6MYZ1CAtY7frSVlKiLTrZL83Elz
+2R66l3MLCng6dI+2f6sMduFKTb7Mzzlq3Lldt4EeA3vcmzPgH4W8Ihu4IgNSVMTa
+wEnMTW7fvHdZtK7Geqsc/mY9IJYpwrQkuDlGcB0Nzteg1v+w3kvU79/16lfuzWHl
+sVvDPBk2UBiXicL45jaDxARwPNdyFYAglURwcFrpOmq2GGml1qMB6s55K8dzqe+Z
+mDm1mfVdGseBjTcrBFbiZRZWhmY3MSkuQ5FhDDB55U59aGAIeSwv265GDNFv9M/c
+TV/+SEpzv+o6lROycN/+PGC74FT19f9E3nmZu+B0pV5ByP0NARc5tlvGQ2WnuHuN
+mo6KfNujcqRqZInkk6HSBPotLss3GZcJ97qkbw1A8oghx29pG8edJy52w/MCAwEA
+AQKCAgAlSagvYjiA7vgl5wK5MwWgwGSLc/6jYp3w0t0dRQlSQ4sIlVWLq3uXRp/R
+9a6OuV56wcqf2c9QYSRAxNKOXkWr6HleEOYLWCcY0NzR6sOsRWSvESbKTGzI7O2R
+/wR5Rv8XQNb8wJV4uofSVBtZhG3V+j5ZSqHoOCvo1iYXdgPVwUiOPlf264n66j3A
+W0aqZObvgpUxUfZkafqUkyKJZQgaUxZxefsQc6rP7Twa8AamSKOjBB53ZvdTXxAq
+6hZb8N3Kx9vEBV7tzmF9KNi+D5NoMZv55X86xQfZoBvodV9cpeKL/5CLKhbgeC46
+2GOyZH/0iIshRF2kgF1UGzkQqsjzF2YPAgIXYA5nCSln/qf9Xt9/iXzMvkEsD94J
+SGxPrjoNpcd0JXsQRiEuxJnQUZrFlP1egFC1sHmGDt9NJ2T1nGFGeaX0yfpjwo8o
+wSqYC4/fzFwED80OFNujWQBKeposBztzmYviSh/ls+lAXFPSki+UTld9XmI5Ju/6
+6yMiORUVGNa+/Swc5ymXcbgD0x5lZtDtx7pAkkZJE7apdUTZWo9xgi9/WnBzZozE
+PEVVZjmnU7xfcxK2YQbgS5eAAScuh6T+Np4wBJinqdZpoTy33cNu4hquGMAvtfhZ
+MHQJ9mQb0ZzrYKYTqC/dCJmHcKozpoRlXExtkKKS1Uu6wCJmsQKCAQEA+L2M2Pb7
+O4vyJle0TVRi6T4s337T9JLXbyPXlD5KBF3VD3S4Wc1eks7oeORE20JeI4WdWbbI
+5lF+fZCo7Uwok2SZDbdgVK5NeBl7P2eDWAOTTR+mcZ7XWhR5TD2Nu1fU1AagSnIH
+ac+q94vltojt8bGd0+wGPVr1jsUr/uWzS8dCuAttuXl2cgKO2rc1c6AkWGXX1W7d
+H283HoFHwbpeulTL0pULD5pFQtDwS1NI+T4Rr/E9lmm3V2/XZS06UklFA/C0ZpE4
+atVXWNPWkObeZP8U84h66jUisO40cHTSQRj6+0dqEYECmmDX1bOIkxGAPfdjhOgd
+VNYMQljpyIaKNQKCAQEAxZGGCgn/Ab6oX77R89/8QlJJlJcz5zl+qmKfdVCV2d+p
+B7TIlXEMwgxyGzmYQrmPGpLcolRGn+JHi43/8hkGegjhS9jCh5ndRoTQVlMxczR7
+aJH/fh9YVuvIl7hTiIUbuEklbYnuh9tSfGJtZG7gSICjx3YnKgMNbpMRrA00NX0h
+qtQS6kE1X4CjNIi4i6uUHziFJ3127kBN9WTzph1DhO5F9IfH91j+qnuzkQlKLoDP
+DTnv9dXuhAjOy87ugdNYrgfdlt9Jm36lY9x+WLiuRg1gdCj+6hGxZpgkAO+Hsqcc
+0aRyVevBFGk8eiMSkHmMN1XeT/gb0w+DCO90iuCahwKCAQEAvQX2oe5WjzLTSrX9
+i4JkRBF+sjzEP6jTVF8tdTc8skLIJZ2ydnPtuazI1w3JEcJGncHtCH8x/mzRrgQf
+i20DrLaW5OiEqPVoY6shkNZN5rWY29QAfXmS9551ay2fpk2hq5p5dvlejtdEeify
+4hr+j1xFrwU+3KNh1iQaQfM2pJCBMDFnKbqW+x7chnMRiJOa6x5Bva0pFrlCbskZ
+yauiTwEffyDKLgozNgpngSaCXv3/HPA7uDEQJb8VNYsANgX+D3d88DDNacpEPXmG
+Jcl8Gc4KkuMVXSQR/9iVOxxbpyKfoBLuFO0wGDcd7gUn9XMoPG7iTt7BY3XiDQ1a
+Y4tyPQKCAQEAjDySj1evGdbyfxvcvaX00kLEleOJ5QwLm/frRgOQiplWyvCJHIKl
+Uqww5qBIMryyFmO+lr8Jbn3Y2PdPgNJApajd+s9+rXAK//5QP6ZHyIWtP3m6iBTJ
+yNEOjps5OAN7vKC3H3yzwt1sPHxFN+/35Z7iIjf87rZB94YPGjg5IeqTVkW4s2zb
+7NFLh4Owsvt0ZYDiCzjkjZM5gwFIbVYCUj4ri7pBt5IFGpA50q5saHvn/HRunupe
+pnv2Bfb5l0+kd8t/f5M5FVWdIjgluuZEVdcy6uEaqJ0sdi1yCPP9N1Olgi2fNtvk
+Lo/QbMWubLzKSZD6/3qWjYdKNLJ74AQzywKCAQEAxHLfZajXY4YYz1BXbsSQrzqq
+7bgnZaXIsgK03McCrt5XQY7ghLF9j2w/rQLrvFA5pMZ8x6GKmoy95i6FGHm7i4rd
+Cu40r2tRUC5IugVxfa2/MUC4v94JjecwkozwgD0SPGwIQVyBDjewTeoQNXRUYZ/I
+hR/fOhfbcpPl9Z/EIkIy5qbCJxzNxG0L3sKMjSlywfC0yazyoaraNtdslHhHO+IP
+rwJTkcFBJ3zf3oYYfRJAzAs0IAfUL5XgQUnNarC8uExCjtcs6TAhNEkoopcvVwAM
+GV1Yd6yBQHcbi55KeCKYklG7YpX5nqTV5Sk3sTNeUPBcKMS+Mryry8yoTUtCQQ==
+-----END RSA PRIVATE KEY-----
+</key>
+
+key-direction 1
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+378e209d0fe8efe398afa86bdb19b9a8
+f9cc3ae06e42f9468f97d81724101046
+1722e4888756212c05dd0e9341e28388
+aa6f1ea6fbb46779a2e1ce6db1fcef47
+69bd0266c9e14f02a2f19760e77d2f71
+59f6e96769bcc09eda1786adbbd51a50
+f027a829b0a71106b01a046972b1cd20
+41774be1515f81e8760da576077f543d
+75d6deb92c9bfd7760a12b0f05938e7d
+63fc0c663cdbb623d3f45fcfcbc2009c
+1fc36c7b8ecc147462fb7c8747676574
+3b7bd0d6a89aa90514d453b9f1b92e22
+57bb24180cd867357131ac9972f118b8
+d4cebc0da588fed8ec73b9b9be86962d
+1a28946996a012767fae84851c126bab
+65fee86c5e72d11c6d10c01728e33000
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+remote-cert-tls server
+tls-remote "/CN=myvpn.company.com"
+
+comp-lzo
+verb 3
+
diff --git a/properties/tests/test-import-export.c b/properties/tests/test-import-export.c
index fb476ca..a04f9fc 100644
--- a/properties/tests/test-import-export.c
+++ b/properties/tests/test-import-export.c
@@ -294,6 +294,94 @@ test_tls_import (NMVpnEditorPlugin *plugin, const char *dir)
g_object_unref (connection);
}
+static void
+test_file_contents (const char *id,
+ const char *dir,
+ NMSettingVpn *s_vpn,
+ char *item) {
+ const char *path;
+ char *path2;
+ char *contents;
+ char *expected_contents;
+ gsize length;
+ gsize expected_length;
+ char *test;
+
+ test = g_strdup_printf("%s-%s", id, item);
+
+ path = nm_setting_vpn_get_data_item(s_vpn, item);
+ ASSERT(g_file_get_contents(path, &contents, &length, NULL), test,
+ "failed to open file");
+ path2 = g_strdup_printf ("%s/%s-%s.pem", dir, id, item);
+ ASSERT(g_file_get_contents(path2, &expected_contents, &expected_length, NULL),
+ test, "failed to load test data?!");
+ g_free (path2);
+
+ ASSERT(length == expected_length && !memcmp(contents, expected_contents, length),
+ test, "file contents were not the same");
+ g_free (contents);
+ g_free (expected_contents);
+ g_free (test);
+}
+
+static void
+test_tls_inline_import (NMVpnEditorPlugin *plugin, const char *dir)
+{
+ NMConnection *connection;
+ NMSettingConnection *s_con;
+ NMSettingVpn *s_vpn;
+ const char *expected_id = "tls-inline";
+
+ connection = get_basic_connection ("tls-import", plugin, dir, "tls-inline.ovpn");
+ ASSERT (connection != NULL, "tls-import", "failed to import connection");
+
+ /* Connection setting */
+ s_con = nm_connection_get_setting_connection (connection);
+ ASSERT (s_con != NULL,
+ "tls-import", "missing 'connection' setting");
+
+ ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0,
+ "tls-import", "unexpected connection ID");
+
+ ASSERT (nm_setting_connection_get_uuid (s_con) == NULL,
+ "tls-import", "unexpected valid UUID");
+
+ /* VPN setting */
+ s_vpn = nm_connection_get_setting_vpn (connection);
+ ASSERT (s_vpn != NULL,
+ "tls-import", "missing 'vpn' setting");
+
+ /* Data items */
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE, NM_OPENVPN_CONTYPE_TLS);
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_DEV, "tun");
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_PROTO_TCP, NULL);
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_COMP_LZO, "yes");
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_FLOAT, "yes");
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS, NULL);
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_REMOTE, "173.8.149.245:1194");
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_PORT, NULL);
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_STATIC_KEY, NULL);
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_STATIC_KEY_DIRECTION, NULL);
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_CIPHER, NULL);
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_LOCAL_IP, NULL);
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_REMOTE_IP, NULL);
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_AUTH, NULL);
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_TLS_REMOTE, "/CN=myvpn.company.com");
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_REMOTE_CERT_TLS, "server");
+
+ test_file_contents (expected_id, dir, s_vpn, NM_OPENVPN_KEY_CA);
+ test_file_contents (expected_id, dir, s_vpn, NM_OPENVPN_KEY_CERT);
+ test_file_contents (expected_id, dir, s_vpn, NM_OPENVPN_KEY_KEY);
+ test_file_contents (expected_id, dir, s_vpn, NM_OPENVPN_KEY_TA);
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_TA_DIR, "1");
+
+ test_secret ("tls-import-secrets", s_vpn, NM_OPENVPN_KEY_PASSWORD, NULL);
+ test_secret ("tls-import-secrets", s_vpn, NM_OPENVPN_KEY_CERTPASS, NULL);
+
+ g_object_unref (connection);
+}
+
+
#define TLS_EXPORTED_NAME "tls.ovpntest"
static void
test_tls_export (NMVpnEditorPlugin *plugin, const char *dir, const char *tmpdir)
@@ -1244,6 +1332,7 @@ int main (int argc, char **argv)
test_password_export (plugin, test_dir, argv[2]);
test_tls_import (plugin, test_dir);
+ test_tls_inline_import (plugin, test_dir);
test_tls_export (plugin, test_dir, argv[2]);
test_pkcs12_import (plugin, test_dir);
--
2.5.0
_______________________________________________
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list
