Hi Beniamino et al, I have addressed your comments in the attached patches.
Cheers, Matthias
>From 4c8233ef12eec9787536b9028618e76d188db372 Mon Sep 17 00:00:00 2001 From: Matthias Berndt <matthias.ber...@riskident.com> Date: Fri, 22 Jan 2016 13:52:38 +0100 Subject: [PATCH 1/3] - allow comment lines inside blobs - prevent do_import from processing lines that were already processed by handle_blob_item --- properties/import-export.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/properties/import-export.c b/properties/import-export.c index d624b52..0ef037a 100644 --- a/properties/import-export.c +++ b/properties/import-export.c @@ -222,7 +222,7 @@ handle_blob_item (const char ***line, p++; \ if (!*p) \ goto finish; \ - } while (!*p[0]); \ + } while (*p[0] == '\0' || *p[0] == '#' || *p[0] == ';'); \ } G_STMT_END if (!strcmp (key, NM_OPENVPN_KEY_CA)) { @@ -294,7 +294,7 @@ handle_blob_item (const char ***line, nm_setting_vpn_add_data_item (s_vpn, key, path); finish: - line = &p; + *line = p; g_free (filename); g_free (dirname); g_free (path); -- 2.5.0
>From 13b51bd8231081cc818da2294a00c86796715094 Mon Sep 17 00:00:00 2001 From: Matthias Berndt <matthias.ber...@riskident.com> Date: Fri, 22 Jan 2016 13:58:28 +0100 Subject: [PATCH 2/3] handle tls-auth blobs correctly --- properties/import-export.c | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/properties/import-export.c b/properties/import-export.c index 0ef037a..ce9cbef 100644 --- a/properties/import-export.c +++ b/properties/import-export.c @@ -105,6 +105,9 @@ #define RPORT_TAG "rport " #define SECRET_TAG "secret " #define TLS_AUTH_TAG "tls-auth " +#define TLS_AUTH_BLOB_START_TAG "<tls-auth>" +#define TLS_AUTH_BLOB_END_TAG "</tls-auth>" +#define KEY_DIRECTION_TAG "key-direction " #define TLS_CLIENT_TAG "tls-client" #define TLS_REMOTE_TAG "tls-remote " #define REMOTE_CERT_TLS_TAG "remote-cert-tls " @@ -192,12 +195,17 @@ handle_path_item (const char *line, return TRUE; } +static void +handle_direction (const char *tag, const char *key, char *leftover, NMSettingVpn *s_vpn); + #define CERT_BEGIN "-----BEGIN CERTIFICATE-----" #define CERT_END "-----END CERTIFICATE-----" #define PRIV_KEY_BEGIN "-----BEGIN PRIVATE KEY-----" #define PRIV_KEY_END "-----END PRIVATE KEY-----" #define RSA_PRIV_KEY_BEGIN "-----BEGIN RSA PRIVATE KEY-----" #define RSA_PRIV_KEY_END "-----END RSA PRIVATE KEY-----" +#define STATIC_KEY_BEGIN "-----BEGIN OpenVPN Static key V1-----" +#define STATIC_KEY_END "-----END OpenVPN Static key V1-----" static gboolean handle_blob_item (const char ***line, @@ -235,6 +243,11 @@ handle_blob_item (const char ***line, end_tag = CERT_BLOB_END_TAG; blob_mark_start = CERT_BEGIN; blob_mark_end = CERT_END; + } else if (!strcmp (key, NM_OPENVPN_KEY_TA)) { + start_tag = TLS_AUTH_BLOB_START_TAG; + end_tag = TLS_AUTH_BLOB_END_TAG; + blob_mark_start = STATIC_KEY_BEGIN; + blob_mark_end = STATIC_KEY_END; } else if (!strcmp (key, NM_OPENVPN_KEY_KEY)) { start_tag = KEY_BLOB_START_TAG; end_tag = KEY_BLOB_END_TAG; @@ -244,10 +257,10 @@ handle_blob_item (const char ***line, blob_mark_end2 = RSA_PRIV_KEY_END; } else g_return_val_if_reached (FALSE); - p = *line; if (strncmp (*p, start_tag, strlen (start_tag))) goto finish; + NEXT_LINE; if (blob_mark_start2 && !strcmp (*p, blob_mark_start2)) { @@ -286,7 +299,7 @@ handle_blob_item (const char ***line, /* Write the new file */ g_string_prepend_c (in_file, '\n'); g_string_prepend (in_file, blob_mark_start); - g_string_append_printf (in_file, "%s", blob_mark_end); + g_string_append_printf (in_file, "%s\n", blob_mark_end); success = g_file_set_contents (path, in_file->str, -1, error); if (!success) goto finish; @@ -300,6 +313,7 @@ finish: g_free (path); if (in_file) g_string_free (in_file, TRUE); + return success; } @@ -507,6 +521,7 @@ do_import (const char *path, const char *contents, GError **error) char *new_contents = NULL; gboolean http_proxy = FALSE, socks_proxy = FALSE, proxy_set = FALSE; int nitems; + char *last_seen_key_direction = NULL; connection = nm_simple_connection_new (); s_con = NM_SETTING_CONNECTION (nm_setting_connection_new ()); @@ -578,6 +593,9 @@ do_import (const char *path, const char *contents, GError **error) continue; } + if (!strncmp(*line, KEY_DIRECTION_TAG, strlen (KEY_DIRECTION_TAG))) + last_seen_key_direction = *line + strlen (KEY_DIRECTION_TAG); + if (!strncmp (*line, DEV_TAG, strlen (DEV_TAG))) { items = get_args (*line + strlen (DEV_TAG), &nitems); if (nitems == 1) { @@ -868,6 +886,14 @@ do_import (const char *path, const char *contents, GError **error) if (handle_blob_item ((const char ***)&line, NM_OPENVPN_KEY_KEY, s_vpn, basename, NULL)) continue; + if (handle_blob_item ((const char ***)&line, NM_OPENVPN_KEY_TA, s_vpn, basename, NULL)) { + handle_direction("tls-auth", + NM_OPENVPN_KEY_TA_DIR, + last_seen_key_direction, + s_vpn); + continue; + } + if (handle_path_item (*line, SECRET_TAG, NM_OPENVPN_KEY_STATIC_KEY, s_vpn, default_path, &leftover)) { handle_direction ("secret", -- 2.5.0
>From 82dca01d3901bbb9633cbfd9a4800eac46b38cbb Mon Sep 17 00:00:00 2001 From: Matthias Berndt <matthias.ber...@riskident.com> Date: Fri, 22 Jan 2016 16:42:21 +0100 Subject: [PATCH 3/3] add test for blob item parsing --- properties/tests/conf/tls-inline-ca.pem | 18 ++++ properties/tests/conf/tls-inline-cert.pem | 22 +++++ properties/tests/conf/tls-inline-key.pem | 51 +++++++++++ properties/tests/conf/tls-inline-ta.pem | 18 ++++ properties/tests/conf/tls-inline.ovpn | 146 ++++++++++++++++++++++++++++++ properties/tests/test-import-export.c | 89 ++++++++++++++++++ 6 files changed, 344 insertions(+) create mode 100644 properties/tests/conf/tls-inline-ca.pem create mode 100644 properties/tests/conf/tls-inline-cert.pem create mode 100644 properties/tests/conf/tls-inline-key.pem create mode 100644 properties/tests/conf/tls-inline-ta.pem create mode 100644 properties/tests/conf/tls-inline.ovpn diff --git a/properties/tests/conf/tls-inline-ca.pem b/properties/tests/conf/tls-inline-ca.pem new file mode 100644 index 0000000..f051ebe --- /dev/null +++ b/properties/tests/conf/tls-inline-ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9zCCAd+gAwIBAgIJAMiKuqrHoqE2MA0GCSqGSIb3DQEBDQUAMBIxEDAOBgNV +BAMMB3Rlc3QtY2EwHhcNMTYwMTIyMTMxNzQ5WhcNMTgxMTExMTMxNzQ5WjASMRAw +DgYDVQQDDAd0ZXN0LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +pg9t+Tuwi6yU+rGz+TkNMwYMvyAAxImfcclrLDoUxL6pA8qdAEqxtLqeoJaY5pzX +cxBbr6ZgXuBvWF3D6la8D86vLOfP7mJxSiktEVae3Z/RrPuwqX1x/wkQRK4e1o9w +VwTNVka0p2phJUOtALGfufIsHkL54iushxwVJ9NWDrObA9fPIJTfsAyTpBuQgIzm +qb91nn50aF/shSdzRDhvs/BIRh+IIqUtgm5LbwDNz4gZnQRpkL2Ta5wUVc8/+iH9 +EY60AbbCtAnji278YT2IeFLCjezH1JwEiccbC3+g4mn2oHsd48cgppDV/tENWAzP +yBjdPxikDYOSg7F4UuA8fQIDAQABo1AwTjAdBgNVHQ4EFgQUIbmxkSfwBRkbgiAM +w+H9ccZnStQwHwYDVR0jBBgwFoAUIbmxkSfwBRkbgiAMw+H9ccZnStQwDAYDVR0T +BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAQEAjTsHpzg1zOI9z7CxYy66XLOMA/tO +Vy6i1lqtwHsOn540y91W1dkpNe1DxI3qbWedAsEvgjCwgmBNI5Za6d48ot4vqx7j +ItWtfJFCtX6LRKkLR97yR6ZeqdcnuZuc0hnofo0NDhbUa8RAaHuVLIgMqn3L/ET4 +HmO3GpQ81Y4pWqQCPbWbQIwGQ3gBBcfn8+g3Q5GZ0r2oCYGl7QlDvZnbLn1frDrV +ALPX6sA/1Fzx+VFMdwJFuhupZYXTA+NSiPu4mqGkedQwzdeQRyStlYo51hi5Af2B +LZR3iq5pNe7DW2YaqcSdQsrFVl3y5btaw/+R2lyZtiStTMGA+SphvLn4/w== +-----END CERTIFICATE----- diff --git a/properties/tests/conf/tls-inline-cert.pem b/properties/tests/conf/tls-inline-cert.pem new file mode 100644 index 0000000..352a2fe --- /dev/null +++ b/properties/tests/conf/tls-inline-cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDojCCAooCCQCu+mQn9w/PJDANBgkqhkiG9w0BAQ0FADASMRAwDgYDVQQDDAd0 +ZXN0LWNhMB4XDTE2MDEyMjEzMjAwNFoXDTE3MDEyMTEzMjAwNFowFDESMBAGA1UE +AwwJdGVzdC1jZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv/dC +/LXKu1V9OOTxznvvLvoxtXFsDvywO4qtWcYip9CloNjUD03kJJBzrzAnV+EOCg94 +5Nw6SFMbbZ751H+or6S58pyy+9Iyxu1Uo3ION+1bbeCqcOv+BCMKovuqavlzmN/o +yO4ll4Iz+0CqznwbE4IePG4bKmS2nm11CD9Kw6b/3qz9fdaXb+/DuOlqvLQNHrfm +VnS2Z7HKzNWhac9dLTst0mYrZ/Fs8puSSI83BvGZgzuYdtarJIcMoOzXN7BmO2XZ +EI2iMMXeNLwv65MdJ6MYZ1CAtY7frSVlKiLTrZL83Elz2R66l3MLCng6dI+2f6sM +duFKTb7Mzzlq3Lldt4EeA3vcmzPgH4W8Ihu4IgNSVMTawEnMTW7fvHdZtK7Geqsc +/mY9IJYpwrQkuDlGcB0Nzteg1v+w3kvU79/16lfuzWHlsVvDPBk2UBiXicL45jaD +xARwPNdyFYAglURwcFrpOmq2GGml1qMB6s55K8dzqe+ZmDm1mfVdGseBjTcrBFbi +ZRZWhmY3MSkuQ5FhDDB55U59aGAIeSwv265GDNFv9M/cTV/+SEpzv+o6lROycN/+ +PGC74FT19f9E3nmZu+B0pV5ByP0NARc5tlvGQ2WnuHuNmo6KfNujcqRqZInkk6HS +BPotLss3GZcJ97qkbw1A8oghx29pG8edJy52w/MCAwEAATANBgkqhkiG9w0BAQ0F +AAOCAQEAkUVsxyanQN1iPW3d17hfZ3o0lmSihZkw396FXP34tGUeIvk2EbFHS1Jy +3Gh4r1adB5bil0X1GYU8AFPKaM+CqWagyBAYXwX6YaXb1pzFn8Ixw6t0gRoAW9ex +MW4Eduh8JOYi+KkJaXj5SAVDd3ZDCIwW3rN+jIMy2tvnuWW07UW5HvOZ4qRXyOlZ +mqUBgft97uOiVEor8KEhrBzgGzT72ELOykzZGWEuWWy0ytbPrAc+XyodvylvAGzR +lj74pDerwl/oUl80vRgEl8M1o4nGdoe17SfaGhD7MP+YD2HmY2kTCw8ks70KBpxJ +nCtKkguacJwDtUeh2jpbXZKBQAgqkw== +-----END CERTIFICATE----- diff --git a/properties/tests/conf/tls-inline-key.pem b/properties/tests/conf/tls-inline-key.pem new file mode 100644 index 0000000..d9956fd --- /dev/null +++ b/properties/tests/conf/tls-inline-key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKgIBAAKCAgEAv/dC/LXKu1V9OOTxznvvLvoxtXFsDvywO4qtWcYip9CloNjU +D03kJJBzrzAnV+EOCg945Nw6SFMbbZ751H+or6S58pyy+9Iyxu1Uo3ION+1bbeCq +cOv+BCMKovuqavlzmN/oyO4ll4Iz+0CqznwbE4IePG4bKmS2nm11CD9Kw6b/3qz9 +fdaXb+/DuOlqvLQNHrfmVnS2Z7HKzNWhac9dLTst0mYrZ/Fs8puSSI83BvGZgzuY +dtarJIcMoOzXN7BmO2XZEI2iMMXeNLwv65MdJ6MYZ1CAtY7frSVlKiLTrZL83Elz +2R66l3MLCng6dI+2f6sMduFKTb7Mzzlq3Lldt4EeA3vcmzPgH4W8Ihu4IgNSVMTa +wEnMTW7fvHdZtK7Geqsc/mY9IJYpwrQkuDlGcB0Nzteg1v+w3kvU79/16lfuzWHl +sVvDPBk2UBiXicL45jaDxARwPNdyFYAglURwcFrpOmq2GGml1qMB6s55K8dzqe+Z +mDm1mfVdGseBjTcrBFbiZRZWhmY3MSkuQ5FhDDB55U59aGAIeSwv265GDNFv9M/c +TV/+SEpzv+o6lROycN/+PGC74FT19f9E3nmZu+B0pV5ByP0NARc5tlvGQ2WnuHuN +mo6KfNujcqRqZInkk6HSBPotLss3GZcJ97qkbw1A8oghx29pG8edJy52w/MCAwEA +AQKCAgAlSagvYjiA7vgl5wK5MwWgwGSLc/6jYp3w0t0dRQlSQ4sIlVWLq3uXRp/R +9a6OuV56wcqf2c9QYSRAxNKOXkWr6HleEOYLWCcY0NzR6sOsRWSvESbKTGzI7O2R +/wR5Rv8XQNb8wJV4uofSVBtZhG3V+j5ZSqHoOCvo1iYXdgPVwUiOPlf264n66j3A +W0aqZObvgpUxUfZkafqUkyKJZQgaUxZxefsQc6rP7Twa8AamSKOjBB53ZvdTXxAq +6hZb8N3Kx9vEBV7tzmF9KNi+D5NoMZv55X86xQfZoBvodV9cpeKL/5CLKhbgeC46 +2GOyZH/0iIshRF2kgF1UGzkQqsjzF2YPAgIXYA5nCSln/qf9Xt9/iXzMvkEsD94J +SGxPrjoNpcd0JXsQRiEuxJnQUZrFlP1egFC1sHmGDt9NJ2T1nGFGeaX0yfpjwo8o +wSqYC4/fzFwED80OFNujWQBKeposBztzmYviSh/ls+lAXFPSki+UTld9XmI5Ju/6 +6yMiORUVGNa+/Swc5ymXcbgD0x5lZtDtx7pAkkZJE7apdUTZWo9xgi9/WnBzZozE +PEVVZjmnU7xfcxK2YQbgS5eAAScuh6T+Np4wBJinqdZpoTy33cNu4hquGMAvtfhZ +MHQJ9mQb0ZzrYKYTqC/dCJmHcKozpoRlXExtkKKS1Uu6wCJmsQKCAQEA+L2M2Pb7 +O4vyJle0TVRi6T4s337T9JLXbyPXlD5KBF3VD3S4Wc1eks7oeORE20JeI4WdWbbI +5lF+fZCo7Uwok2SZDbdgVK5NeBl7P2eDWAOTTR+mcZ7XWhR5TD2Nu1fU1AagSnIH +ac+q94vltojt8bGd0+wGPVr1jsUr/uWzS8dCuAttuXl2cgKO2rc1c6AkWGXX1W7d +H283HoFHwbpeulTL0pULD5pFQtDwS1NI+T4Rr/E9lmm3V2/XZS06UklFA/C0ZpE4 +atVXWNPWkObeZP8U84h66jUisO40cHTSQRj6+0dqEYECmmDX1bOIkxGAPfdjhOgd +VNYMQljpyIaKNQKCAQEAxZGGCgn/Ab6oX77R89/8QlJJlJcz5zl+qmKfdVCV2d+p +B7TIlXEMwgxyGzmYQrmPGpLcolRGn+JHi43/8hkGegjhS9jCh5ndRoTQVlMxczR7 +aJH/fh9YVuvIl7hTiIUbuEklbYnuh9tSfGJtZG7gSICjx3YnKgMNbpMRrA00NX0h +qtQS6kE1X4CjNIi4i6uUHziFJ3127kBN9WTzph1DhO5F9IfH91j+qnuzkQlKLoDP +DTnv9dXuhAjOy87ugdNYrgfdlt9Jm36lY9x+WLiuRg1gdCj+6hGxZpgkAO+Hsqcc +0aRyVevBFGk8eiMSkHmMN1XeT/gb0w+DCO90iuCahwKCAQEAvQX2oe5WjzLTSrX9 +i4JkRBF+sjzEP6jTVF8tdTc8skLIJZ2ydnPtuazI1w3JEcJGncHtCH8x/mzRrgQf +i20DrLaW5OiEqPVoY6shkNZN5rWY29QAfXmS9551ay2fpk2hq5p5dvlejtdEeify +4hr+j1xFrwU+3KNh1iQaQfM2pJCBMDFnKbqW+x7chnMRiJOa6x5Bva0pFrlCbskZ +yauiTwEffyDKLgozNgpngSaCXv3/HPA7uDEQJb8VNYsANgX+D3d88DDNacpEPXmG +Jcl8Gc4KkuMVXSQR/9iVOxxbpyKfoBLuFO0wGDcd7gUn9XMoPG7iTt7BY3XiDQ1a +Y4tyPQKCAQEAjDySj1evGdbyfxvcvaX00kLEleOJ5QwLm/frRgOQiplWyvCJHIKl +Uqww5qBIMryyFmO+lr8Jbn3Y2PdPgNJApajd+s9+rXAK//5QP6ZHyIWtP3m6iBTJ +yNEOjps5OAN7vKC3H3yzwt1sPHxFN+/35Z7iIjf87rZB94YPGjg5IeqTVkW4s2zb +7NFLh4Owsvt0ZYDiCzjkjZM5gwFIbVYCUj4ri7pBt5IFGpA50q5saHvn/HRunupe +pnv2Bfb5l0+kd8t/f5M5FVWdIjgluuZEVdcy6uEaqJ0sdi1yCPP9N1Olgi2fNtvk +Lo/QbMWubLzKSZD6/3qWjYdKNLJ74AQzywKCAQEAxHLfZajXY4YYz1BXbsSQrzqq +7bgnZaXIsgK03McCrt5XQY7ghLF9j2w/rQLrvFA5pMZ8x6GKmoy95i6FGHm7i4rd +Cu40r2tRUC5IugVxfa2/MUC4v94JjecwkozwgD0SPGwIQVyBDjewTeoQNXRUYZ/I +hR/fOhfbcpPl9Z/EIkIy5qbCJxzNxG0L3sKMjSlywfC0yazyoaraNtdslHhHO+IP +rwJTkcFBJ3zf3oYYfRJAzAs0IAfUL5XgQUnNarC8uExCjtcs6TAhNEkoopcvVwAM +GV1Yd6yBQHcbi55KeCKYklG7YpX5nqTV5Sk3sTNeUPBcKMS+Mryry8yoTUtCQQ== +-----END RSA PRIVATE KEY----- diff --git a/properties/tests/conf/tls-inline-ta.pem b/properties/tests/conf/tls-inline-ta.pem new file mode 100644 index 0000000..f13ac58 --- /dev/null +++ b/properties/tests/conf/tls-inline-ta.pem @@ -0,0 +1,18 @@ +-----BEGIN OpenVPN Static key V1----- +378e209d0fe8efe398afa86bdb19b9a8 +f9cc3ae06e42f9468f97d81724101046 +1722e4888756212c05dd0e9341e28388 +aa6f1ea6fbb46779a2e1ce6db1fcef47 +69bd0266c9e14f02a2f19760e77d2f71 +59f6e96769bcc09eda1786adbbd51a50 +f027a829b0a71106b01a046972b1cd20 +41774be1515f81e8760da576077f543d +75d6deb92c9bfd7760a12b0f05938e7d +63fc0c663cdbb623d3f45fcfcbc2009c +1fc36c7b8ecc147462fb7c8747676574 +3b7bd0d6a89aa90514d453b9f1b92e22 +57bb24180cd867357131ac9972f118b8 +d4cebc0da588fed8ec73b9b9be86962d +1a28946996a012767fae84851c126bab +65fee86c5e72d11c6d10c01728e33000 +-----END OpenVPN Static key V1----- diff --git a/properties/tests/conf/tls-inline.ovpn b/properties/tests/conf/tls-inline.ovpn new file mode 100644 index 0000000..373d6f3 --- /dev/null +++ b/properties/tests/conf/tls-inline.ovpn @@ -0,0 +1,146 @@ +remote 173.8.149.245 1194 +resolv-retry infinite + +dev tun +persist-key +persist-tun +link-mtu 1400 +proto udp +nobind +pull +tls-client + +float + +<ca> +# comments are allowed here! + +# and so are empty lines +-----BEGIN CERTIFICATE----- +MIIC9zCCAd+gAwIBAgIJAMiKuqrHoqE2MA0GCSqGSIb3DQEBDQUAMBIxEDAOBgNV +BAMMB3Rlc3QtY2EwHhcNMTYwMTIyMTMxNzQ5WhcNMTgxMTExMTMxNzQ5WjASMRAw +DgYDVQQDDAd0ZXN0LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +pg9t+Tuwi6yU+rGz+TkNMwYMvyAAxImfcclrLDoUxL6pA8qdAEqxtLqeoJaY5pzX +cxBbr6ZgXuBvWF3D6la8D86vLOfP7mJxSiktEVae3Z/RrPuwqX1x/wkQRK4e1o9w +VwTNVka0p2phJUOtALGfufIsHkL54iushxwVJ9NWDrObA9fPIJTfsAyTpBuQgIzm +qb91nn50aF/shSdzRDhvs/BIRh+IIqUtgm5LbwDNz4gZnQRpkL2Ta5wUVc8/+iH9 +EY60AbbCtAnji278YT2IeFLCjezH1JwEiccbC3+g4mn2oHsd48cgppDV/tENWAzP +yBjdPxikDYOSg7F4UuA8fQIDAQABo1AwTjAdBgNVHQ4EFgQUIbmxkSfwBRkbgiAM +w+H9ccZnStQwHwYDVR0jBBgwFoAUIbmxkSfwBRkbgiAMw+H9ccZnStQwDAYDVR0T +BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAQEAjTsHpzg1zOI9z7CxYy66XLOMA/tO +Vy6i1lqtwHsOn540y91W1dkpNe1DxI3qbWedAsEvgjCwgmBNI5Za6d48ot4vqx7j +ItWtfJFCtX6LRKkLR97yR6ZeqdcnuZuc0hnofo0NDhbUa8RAaHuVLIgMqn3L/ET4 +HmO3GpQ81Y4pWqQCPbWbQIwGQ3gBBcfn8+g3Q5GZ0r2oCYGl7QlDvZnbLn1frDrV +ALPX6sA/1Fzx+VFMdwJFuhupZYXTA+NSiPu4mqGkedQwzdeQRyStlYo51hi5Af2B +LZR3iq5pNe7DW2YaqcSdQsrFVl3y5btaw/+R2lyZtiStTMGA+SphvLn4/w== +-----END CERTIFICATE----- +</ca> +<cert> +-----BEGIN CERTIFICATE----- +MIIDojCCAooCCQCu+mQn9w/PJDANBgkqhkiG9w0BAQ0FADASMRAwDgYDVQQDDAd0 +ZXN0LWNhMB4XDTE2MDEyMjEzMjAwNFoXDTE3MDEyMTEzMjAwNFowFDESMBAGA1UE +AwwJdGVzdC1jZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv/dC +/LXKu1V9OOTxznvvLvoxtXFsDvywO4qtWcYip9CloNjUD03kJJBzrzAnV+EOCg94 +5Nw6SFMbbZ751H+or6S58pyy+9Iyxu1Uo3ION+1bbeCqcOv+BCMKovuqavlzmN/o +yO4ll4Iz+0CqznwbE4IePG4bKmS2nm11CD9Kw6b/3qz9fdaXb+/DuOlqvLQNHrfm +VnS2Z7HKzNWhac9dLTst0mYrZ/Fs8puSSI83BvGZgzuYdtarJIcMoOzXN7BmO2XZ +EI2iMMXeNLwv65MdJ6MYZ1CAtY7frSVlKiLTrZL83Elz2R66l3MLCng6dI+2f6sM +duFKTb7Mzzlq3Lldt4EeA3vcmzPgH4W8Ihu4IgNSVMTawEnMTW7fvHdZtK7Geqsc +/mY9IJYpwrQkuDlGcB0Nzteg1v+w3kvU79/16lfuzWHlsVvDPBk2UBiXicL45jaD +xARwPNdyFYAglURwcFrpOmq2GGml1qMB6s55K8dzqe+ZmDm1mfVdGseBjTcrBFbi +ZRZWhmY3MSkuQ5FhDDB55U59aGAIeSwv265GDNFv9M/cTV/+SEpzv+o6lROycN/+ +PGC74FT19f9E3nmZu+B0pV5ByP0NARc5tlvGQ2WnuHuNmo6KfNujcqRqZInkk6HS +BPotLss3GZcJ97qkbw1A8oghx29pG8edJy52w/MCAwEAATANBgkqhkiG9w0BAQ0F +AAOCAQEAkUVsxyanQN1iPW3d17hfZ3o0lmSihZkw396FXP34tGUeIvk2EbFHS1Jy +3Gh4r1adB5bil0X1GYU8AFPKaM+CqWagyBAYXwX6YaXb1pzFn8Ixw6t0gRoAW9ex +MW4Eduh8JOYi+KkJaXj5SAVDd3ZDCIwW3rN+jIMy2tvnuWW07UW5HvOZ4qRXyOlZ +mqUBgft97uOiVEor8KEhrBzgGzT72ELOykzZGWEuWWy0ytbPrAc+XyodvylvAGzR +lj74pDerwl/oUl80vRgEl8M1o4nGdoe17SfaGhD7MP+YD2HmY2kTCw8ks70KBpxJ +nCtKkguacJwDtUeh2jpbXZKBQAgqkw== +-----END CERTIFICATE----- +</cert> +<key> +-----BEGIN RSA PRIVATE KEY----- +MIIJKgIBAAKCAgEAv/dC/LXKu1V9OOTxznvvLvoxtXFsDvywO4qtWcYip9CloNjU +D03kJJBzrzAnV+EOCg945Nw6SFMbbZ751H+or6S58pyy+9Iyxu1Uo3ION+1bbeCq +cOv+BCMKovuqavlzmN/oyO4ll4Iz+0CqznwbE4IePG4bKmS2nm11CD9Kw6b/3qz9 +fdaXb+/DuOlqvLQNHrfmVnS2Z7HKzNWhac9dLTst0mYrZ/Fs8puSSI83BvGZgzuY +dtarJIcMoOzXN7BmO2XZEI2iMMXeNLwv65MdJ6MYZ1CAtY7frSVlKiLTrZL83Elz +2R66l3MLCng6dI+2f6sMduFKTb7Mzzlq3Lldt4EeA3vcmzPgH4W8Ihu4IgNSVMTa +wEnMTW7fvHdZtK7Geqsc/mY9IJYpwrQkuDlGcB0Nzteg1v+w3kvU79/16lfuzWHl +sVvDPBk2UBiXicL45jaDxARwPNdyFYAglURwcFrpOmq2GGml1qMB6s55K8dzqe+Z +mDm1mfVdGseBjTcrBFbiZRZWhmY3MSkuQ5FhDDB55U59aGAIeSwv265GDNFv9M/c +TV/+SEpzv+o6lROycN/+PGC74FT19f9E3nmZu+B0pV5ByP0NARc5tlvGQ2WnuHuN +mo6KfNujcqRqZInkk6HSBPotLss3GZcJ97qkbw1A8oghx29pG8edJy52w/MCAwEA +AQKCAgAlSagvYjiA7vgl5wK5MwWgwGSLc/6jYp3w0t0dRQlSQ4sIlVWLq3uXRp/R +9a6OuV56wcqf2c9QYSRAxNKOXkWr6HleEOYLWCcY0NzR6sOsRWSvESbKTGzI7O2R +/wR5Rv8XQNb8wJV4uofSVBtZhG3V+j5ZSqHoOCvo1iYXdgPVwUiOPlf264n66j3A +W0aqZObvgpUxUfZkafqUkyKJZQgaUxZxefsQc6rP7Twa8AamSKOjBB53ZvdTXxAq +6hZb8N3Kx9vEBV7tzmF9KNi+D5NoMZv55X86xQfZoBvodV9cpeKL/5CLKhbgeC46 +2GOyZH/0iIshRF2kgF1UGzkQqsjzF2YPAgIXYA5nCSln/qf9Xt9/iXzMvkEsD94J +SGxPrjoNpcd0JXsQRiEuxJnQUZrFlP1egFC1sHmGDt9NJ2T1nGFGeaX0yfpjwo8o +wSqYC4/fzFwED80OFNujWQBKeposBztzmYviSh/ls+lAXFPSki+UTld9XmI5Ju/6 +6yMiORUVGNa+/Swc5ymXcbgD0x5lZtDtx7pAkkZJE7apdUTZWo9xgi9/WnBzZozE +PEVVZjmnU7xfcxK2YQbgS5eAAScuh6T+Np4wBJinqdZpoTy33cNu4hquGMAvtfhZ +MHQJ9mQb0ZzrYKYTqC/dCJmHcKozpoRlXExtkKKS1Uu6wCJmsQKCAQEA+L2M2Pb7 +O4vyJle0TVRi6T4s337T9JLXbyPXlD5KBF3VD3S4Wc1eks7oeORE20JeI4WdWbbI +5lF+fZCo7Uwok2SZDbdgVK5NeBl7P2eDWAOTTR+mcZ7XWhR5TD2Nu1fU1AagSnIH +ac+q94vltojt8bGd0+wGPVr1jsUr/uWzS8dCuAttuXl2cgKO2rc1c6AkWGXX1W7d +H283HoFHwbpeulTL0pULD5pFQtDwS1NI+T4Rr/E9lmm3V2/XZS06UklFA/C0ZpE4 +atVXWNPWkObeZP8U84h66jUisO40cHTSQRj6+0dqEYECmmDX1bOIkxGAPfdjhOgd +VNYMQljpyIaKNQKCAQEAxZGGCgn/Ab6oX77R89/8QlJJlJcz5zl+qmKfdVCV2d+p +B7TIlXEMwgxyGzmYQrmPGpLcolRGn+JHi43/8hkGegjhS9jCh5ndRoTQVlMxczR7 +aJH/fh9YVuvIl7hTiIUbuEklbYnuh9tSfGJtZG7gSICjx3YnKgMNbpMRrA00NX0h +qtQS6kE1X4CjNIi4i6uUHziFJ3127kBN9WTzph1DhO5F9IfH91j+qnuzkQlKLoDP +DTnv9dXuhAjOy87ugdNYrgfdlt9Jm36lY9x+WLiuRg1gdCj+6hGxZpgkAO+Hsqcc +0aRyVevBFGk8eiMSkHmMN1XeT/gb0w+DCO90iuCahwKCAQEAvQX2oe5WjzLTSrX9 +i4JkRBF+sjzEP6jTVF8tdTc8skLIJZ2ydnPtuazI1w3JEcJGncHtCH8x/mzRrgQf +i20DrLaW5OiEqPVoY6shkNZN5rWY29QAfXmS9551ay2fpk2hq5p5dvlejtdEeify +4hr+j1xFrwU+3KNh1iQaQfM2pJCBMDFnKbqW+x7chnMRiJOa6x5Bva0pFrlCbskZ +yauiTwEffyDKLgozNgpngSaCXv3/HPA7uDEQJb8VNYsANgX+D3d88DDNacpEPXmG +Jcl8Gc4KkuMVXSQR/9iVOxxbpyKfoBLuFO0wGDcd7gUn9XMoPG7iTt7BY3XiDQ1a +Y4tyPQKCAQEAjDySj1evGdbyfxvcvaX00kLEleOJ5QwLm/frRgOQiplWyvCJHIKl +Uqww5qBIMryyFmO+lr8Jbn3Y2PdPgNJApajd+s9+rXAK//5QP6ZHyIWtP3m6iBTJ +yNEOjps5OAN7vKC3H3yzwt1sPHxFN+/35Z7iIjf87rZB94YPGjg5IeqTVkW4s2zb +7NFLh4Owsvt0ZYDiCzjkjZM5gwFIbVYCUj4ri7pBt5IFGpA50q5saHvn/HRunupe +pnv2Bfb5l0+kd8t/f5M5FVWdIjgluuZEVdcy6uEaqJ0sdi1yCPP9N1Olgi2fNtvk +Lo/QbMWubLzKSZD6/3qWjYdKNLJ74AQzywKCAQEAxHLfZajXY4YYz1BXbsSQrzqq +7bgnZaXIsgK03McCrt5XQY7ghLF9j2w/rQLrvFA5pMZ8x6GKmoy95i6FGHm7i4rd +Cu40r2tRUC5IugVxfa2/MUC4v94JjecwkozwgD0SPGwIQVyBDjewTeoQNXRUYZ/I +hR/fOhfbcpPl9Z/EIkIy5qbCJxzNxG0L3sKMjSlywfC0yazyoaraNtdslHhHO+IP +rwJTkcFBJ3zf3oYYfRJAzAs0IAfUL5XgQUnNarC8uExCjtcs6TAhNEkoopcvVwAM +GV1Yd6yBQHcbi55KeCKYklG7YpX5nqTV5Sk3sTNeUPBcKMS+Mryry8yoTUtCQQ== +-----END RSA PRIVATE KEY----- +</key> + +key-direction 1 +<tls-auth> +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +378e209d0fe8efe398afa86bdb19b9a8 +f9cc3ae06e42f9468f97d81724101046 +1722e4888756212c05dd0e9341e28388 +aa6f1ea6fbb46779a2e1ce6db1fcef47 +69bd0266c9e14f02a2f19760e77d2f71 +59f6e96769bcc09eda1786adbbd51a50 +f027a829b0a71106b01a046972b1cd20 +41774be1515f81e8760da576077f543d +75d6deb92c9bfd7760a12b0f05938e7d +63fc0c663cdbb623d3f45fcfcbc2009c +1fc36c7b8ecc147462fb7c8747676574 +3b7bd0d6a89aa90514d453b9f1b92e22 +57bb24180cd867357131ac9972f118b8 +d4cebc0da588fed8ec73b9b9be86962d +1a28946996a012767fae84851c126bab +65fee86c5e72d11c6d10c01728e33000 +-----END OpenVPN Static key V1----- +</tls-auth> + +remote-cert-tls server +tls-remote "/CN=myvpn.company.com" + +comp-lzo +verb 3 + diff --git a/properties/tests/test-import-export.c b/properties/tests/test-import-export.c index fb476ca..a04f9fc 100644 --- a/properties/tests/test-import-export.c +++ b/properties/tests/test-import-export.c @@ -294,6 +294,94 @@ test_tls_import (NMVpnEditorPlugin *plugin, const char *dir) g_object_unref (connection); } +static void +test_file_contents (const char *id, + const char *dir, + NMSettingVpn *s_vpn, + char *item) { + const char *path; + char *path2; + char *contents; + char *expected_contents; + gsize length; + gsize expected_length; + char *test; + + test = g_strdup_printf("%s-%s", id, item); + + path = nm_setting_vpn_get_data_item(s_vpn, item); + ASSERT(g_file_get_contents(path, &contents, &length, NULL), test, + "failed to open file"); + path2 = g_strdup_printf ("%s/%s-%s.pem", dir, id, item); + ASSERT(g_file_get_contents(path2, &expected_contents, &expected_length, NULL), + test, "failed to load test data?!"); + g_free (path2); + + ASSERT(length == expected_length && !memcmp(contents, expected_contents, length), + test, "file contents were not the same"); + g_free (contents); + g_free (expected_contents); + g_free (test); +} + +static void +test_tls_inline_import (NMVpnEditorPlugin *plugin, const char *dir) +{ + NMConnection *connection; + NMSettingConnection *s_con; + NMSettingVpn *s_vpn; + const char *expected_id = "tls-inline"; + + connection = get_basic_connection ("tls-import", plugin, dir, "tls-inline.ovpn"); + ASSERT (connection != NULL, "tls-import", "failed to import connection"); + + /* Connection setting */ + s_con = nm_connection_get_setting_connection (connection); + ASSERT (s_con != NULL, + "tls-import", "missing 'connection' setting"); + + ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0, + "tls-import", "unexpected connection ID"); + + ASSERT (nm_setting_connection_get_uuid (s_con) == NULL, + "tls-import", "unexpected valid UUID"); + + /* VPN setting */ + s_vpn = nm_connection_get_setting_vpn (connection); + ASSERT (s_vpn != NULL, + "tls-import", "missing 'vpn' setting"); + + /* Data items */ + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE, NM_OPENVPN_CONTYPE_TLS); + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_DEV, "tun"); + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_PROTO_TCP, NULL); + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_COMP_LZO, "yes"); + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_FLOAT, "yes"); + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS, NULL); + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_REMOTE, "173.8.149.245:1194"); + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_PORT, NULL); + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_STATIC_KEY, NULL); + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_STATIC_KEY_DIRECTION, NULL); + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_CIPHER, NULL); + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_LOCAL_IP, NULL); + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_REMOTE_IP, NULL); + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_AUTH, NULL); + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_TLS_REMOTE, "/CN=myvpn.company.com"); + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_REMOTE_CERT_TLS, "server"); + + test_file_contents (expected_id, dir, s_vpn, NM_OPENVPN_KEY_CA); + test_file_contents (expected_id, dir, s_vpn, NM_OPENVPN_KEY_CERT); + test_file_contents (expected_id, dir, s_vpn, NM_OPENVPN_KEY_KEY); + test_file_contents (expected_id, dir, s_vpn, NM_OPENVPN_KEY_TA); + test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_TA_DIR, "1"); + + test_secret ("tls-import-secrets", s_vpn, NM_OPENVPN_KEY_PASSWORD, NULL); + test_secret ("tls-import-secrets", s_vpn, NM_OPENVPN_KEY_CERTPASS, NULL); + + g_object_unref (connection); +} + + #define TLS_EXPORTED_NAME "tls.ovpntest" static void test_tls_export (NMVpnEditorPlugin *plugin, const char *dir, const char *tmpdir) @@ -1244,6 +1332,7 @@ int main (int argc, char **argv) test_password_export (plugin, test_dir, argv[2]); test_tls_import (plugin, test_dir); + test_tls_inline_import (plugin, test_dir); test_tls_export (plugin, test_dir, argv[2]); test_pkcs12_import (plugin, test_dir); -- 2.5.0
_______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list