Hello everybody, this is my first post to this list, and it combines submitting a patch for a new feature, and a request for help.
The attached patch is against NetworkManager-openvpn-0.7.0-16.svn4027 (Fedora 9) and adds support for the --auth option of openvpn. The configuration import feature works, calling openvpn with the --auth option works, creating and changing a VPN configuration using the --auth option works, but one problem still exists: The GtkComboBox for this option in the "advanced" popup does not show the current state of this option. (But it works as expected when changing the value.) I've tried changing nm-openvpn-dialog.glade with glade-3 and vi many times, and double- and triple-checked the code in auth-helpers.c, which I've copied and modified from the handling of the cipher option. But I'm stuck and didn't get any further for hours. So I'm asking here for help. Please, can some glade and gtk expert look at this and tell me how this issue could be fixed? I need this patch for compatibilty with the openvpn setup of an Astaro firewall. The current state is enough to get a working VPN connection, but I would rather have this feature completed and included in the NetworkManager-0.7.0 release. ;-) Thanks, Robert
diff -u NetworkManager-openvpn-0.7.0/properties/auth-helpers.c.hmacauth NetworkManager-openvpn-0.7.0/properties/auth-helpers.c --- NetworkManager-openvpn-0.7.0/properties/auth-helpers.c.hmacauth 2008-08-29 15:30:50.000000000 +0200 +++ NetworkManager-openvpn-0.7.0/properties/auth-helpers.c 2008-11-02 23:47:27.000000000 +0100 @@ -585,6 +585,7 @@ NM_OPENVPN_KEY_TAP_DEV, NM_OPENVPN_KEY_PROTO_TCP, NM_OPENVPN_KEY_CIPHER, + NM_OPENVPN_KEY_AUTH, NM_OPENVPN_KEY_TA_DIR, NM_OPENVPN_KEY_TA, NULL @@ -734,6 +735,50 @@ g_strfreev (items); } +#define HMACAUTH_COL_NAME 0 +#define HMACAUTH_COL_DEFAULT 1 + +static void +populate_auth_combo (GtkComboBox *box, const char *hmacauth) +{ + GtkListStore *store; + GtkTreeIter iter; + gboolean user_added = FALSE; + gchar **item; + gchar *items[] = { + NM_OPENVPN_AUTH_NONE, + NM_OPENVPN_AUTH_MD5, + NM_OPENVPN_AUTH_SHA1, + NULL + }; + + store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_INT); + + /* Add default option which won't pass --auth to openvpn */ + gtk_list_store_append (store, &iter); + gtk_list_store_set (store, &iter, + HMACAUTH_COL_NAME, _("Default"), + HMACAUTH_COL_DEFAULT, TRUE, -1); + + /* Add options */ + for (item = items; *item; item++) { + gtk_list_store_append (store, &iter); + gtk_list_store_set (store, &iter, + HMACAUTH_COL_NAME, *item, + HMACAUTH_COL_DEFAULT, FALSE, -1); + if (hmacauth && !strcmp (*item, hmacauth)) { + gtk_combo_box_set_active_iter (box, &iter); + user_added = TRUE; + } + } + + if (!user_added) + gtk_combo_box_set_active (box, 0); + + gtk_combo_box_set_model (box, GTK_TREE_MODEL (store)); + g_object_unref (store); +} + static void tls_auth_toggled_cb (GtkWidget *widget, gpointer user_data) { @@ -840,6 +885,10 @@ value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_CIPHER); populate_cipher_combo (GTK_COMBO_BOX (widget), value); + widget = glade_xml_get_widget (xml, "hmacauth_combo"); + value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_AUTH); + populate_auth_combo (GTK_COMBO_BOX (widget), value); + widget = glade_xml_get_widget (xml, "tls_auth_checkbutton"); value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA); if (value && strlen (value)) @@ -944,6 +993,20 @@ } } + widget = glade_xml_get_widget (xml, "hmacauth_combo"); + model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); + if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) { + char *hmacauth = NULL; + gboolean is_default = TRUE; + + gtk_tree_model_get (model, &iter, + HMACAUTH_COL_NAME, &hmacauth, + HMACAUTH_COL_DEFAULT, &is_default, -1); + if (!is_default && hmacauth) { + g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_AUTH), g_strdup (hmacauth)); + } + } + widget = glade_xml_get_widget (xml, "tls_auth_checkbutton"); if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { char *filename; diff -u NetworkManager-openvpn-0.7.0/properties/import-export.c.hmacauth NetworkManager-openvpn-0.7.0/properties/import-export.c --- NetworkManager-openvpn-0.7.0/properties/import-export.c.hmacauth 2008-11-02 23:47:27.000000000 +0100 +++ NetworkManager-openvpn-0.7.0/properties/import-export.c 2008-11-02 23:47:27.000000000 +0100 @@ -55,6 +55,7 @@ #define SECRET_TAG "secret" #define AUTH_USER_PASS_TAG "auth-user-pass" #define TLS_AUTH_TAG "tls-auth" +#define AUTH_TAG "auth" static gboolean handle_path_item (const char *line, @@ -325,8 +326,24 @@ continue; } - if (!strncmp (*line, AUTH_USER_PASS_TAG, strlen (AUTH_USER_PASS_TAG))) + if (!strncmp (*line, AUTH_USER_PASS_TAG, strlen (AUTH_USER_PASS_TAG))) { have_pass = TRUE; + continue; + } + + if (!strncmp (*line, AUTH_TAG, strlen (AUTH_TAG))) { + items = get_args (*line + strlen (AUTH_TAG)); + if (!items) + continue; + + if (g_strv_length (items)) { + g_hash_table_insert (s_vpn->data, + g_strdup (NM_OPENVPN_KEY_AUTH), + g_strdup (items[0])); + } + g_strfreev (items); + continue; + } } if (default_path) diff -u NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade.hmacauth NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade --- NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade.hmacauth 2008-11-02 23:47:27.000000000 +0100 +++ NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade 2008-11-02 23:47:27.000000000 +0100 @@ -801,7 +801,7 @@ <widget class="GtkTable" id="table7"> <property name="visible">True</property> <property name="border_width">12</property> - <property name="n_rows">3</property> + <property name="n_rows">5</property> <property name="n_columns">2</property> <property name="column_spacing">12</property> <property name="row_spacing">6</property> @@ -809,6 +809,9 @@ <placeholder/> </child> <child> + <placeholder/> + </child> + <child> <widget class="GtkTable" id="table8"> <property name="visible">True</property> <property name="n_rows">3</property> @@ -884,8 +887,8 @@ <packing> <property name="left_attach">1</property> <property name="right_attach">2</property> - <property name="top_attach">2</property> - <property name="bottom_attach">3</property> + <property name="top_attach">3</property> + <property name="bottom_attach">5</property> </packing> </child> <child> @@ -898,8 +901,8 @@ </widget> <packing> <property name="right_attach">2</property> - <property name="top_attach">1</property> - <property name="bottom_attach">2</property> + <property name="top_attach">2</property> + <property name="bottom_attach">3</property> </packing> </child> <child> @@ -923,6 +926,29 @@ <property name="y_options">GTK_EXPAND</property> </packing> </child> + <child> + <widget class="GtkComboBox" id="hmacauth_combo"> + <property name="visible">True</property> + <property name="items" translatable="yes"> </property> + </widget> + <packing> + <property name="left_attach">1</property> + <property name="right_attach">2</property> + <property name="top_attach">1</property> + <property name="bottom_attach">2</property> + <property name="y_options"></property> + </packing> + </child> + <child> + <widget class="GtkLabel" id="label21"> + <property name="visible">True</property> + <property name="label" translatable="yes">HMAC auth:</property> + </widget> + <packing> + <property name="top_attach">1</property> + <property name="bottom_attach">2</property> + </packing> + </child> </widget> <packing> <property name="position">1</property> diff -u NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c.hmacauth NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c --- NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c.hmacauth 2008-08-29 15:30:50.000000000 +0200 +++ NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c 2008-11-03 00:28:44.000000000 +0100 @@ -83,6 +83,7 @@ } ValidProperty; static ValidProperty valid_properties[] = { + { NM_OPENVPN_KEY_AUTH, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_CA, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_CERT, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_CIPHER, G_TYPE_STRING, 0, 0, FALSE }, @@ -437,6 +438,18 @@ nm_vpn_plugin_set_state (plugin, NM_VPN_SERVICE_STATE_STOPPED); } +static gboolean +validate_auth (const char *auth) +{ + if (auth) { + if ( !strcmp (auth, NM_OPENVPN_AUTH_NONE) + || !strcmp (auth, NM_OPENVPN_AUTH_MD5) + || !strcmp (auth, NM_OPENVPN_AUTH_SHA1)) + return TRUE; + } + return FALSE; +} + static const char * get_connection_type (GHashTable *properties) { @@ -514,7 +527,7 @@ GError **error) { NMOpenvpnPluginPrivate *priv = NM_OPENVPN_PLUGIN_GET_PRIVATE (plugin); - const char *openvpn_binary, *connection_type, *tmp; + const char *openvpn_binary, *auth, *connection_type, *tmp; GPtrArray *args; GSource *openvpn_watch; GPid pid; @@ -530,6 +543,18 @@ return FALSE; } + auth = g_hash_table_lookup (properties, NM_OPENVPN_KEY_AUTH); + if (auth) { + if (!validate_auth(auth)) { + g_set_error (error, + NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "%s", + "Invalid HMAC auth."); + return FALSE; + } + } + connection_type = get_connection_type (properties); if (!connection_type) { g_set_error (error, @@ -596,6 +621,12 @@ add_openvpn_arg (args, tmp); } + /* Auth */ + if (auth) { + add_openvpn_arg (args, "--auth"); + add_openvpn_arg (args, auth); + } + /* TA */ tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_TA); if (tmp && strlen (tmp)) { diff -u NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h.hmacauth NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h --- NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h.hmacauth 2008-08-29 15:30:50.000000000 +0200 +++ NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h 2008-11-02 23:47:27.000000000 +0100 @@ -38,6 +38,7 @@ #define NM_DBUS_INTERFACE_OPENVPN "org.freedesktop.NetworkManager.openvpn" #define NM_DBUS_PATH_OPENVPN "/org/freedesktop/NetworkManager/openvpn" +#define NM_OPENVPN_KEY_AUTH "auth" #define NM_OPENVPN_KEY_CA "ca" #define NM_OPENVPN_KEY_CERT "cert" #define NM_OPENVPN_KEY_CIPHER "cipher" @@ -63,6 +64,10 @@ */ #define NM_OPENVPN_KEY_NOSECRET "no-secret" +#define NM_OPENVPN_AUTH_NONE "none" +#define NM_OPENVPN_AUTH_MD5 "MD5" +#define NM_OPENVPN_AUTH_SHA1 "SHA1" + #define NM_OPENVPN_CONTYPE_TLS "tls" #define NM_OPENVPN_CONTYPE_STATIC_KEY "static-key" #define NM_OPENVPN_CONTYPE_PASSWORD "password"
_______________________________________________ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list