static void
test_setting_vpn_items (void)
{
NMSettingVPN *s_vpn;
s_vpn = (NMSettingVPN *) nm_setting_vpn_new ();
ASSERT (s_vpn != NULL,
"vpn-items",
"error creating vpn setting");
nm_setting_vpn_add_data_item (s_vpn, "foobar1", "blahblah1");
nm_setting_vpn_add_data_item (s_vpn, "foobar2", "blahblah2");
nm_setting_vpn_add_data_item (s_vpn, "foobar3", "blahblah3");
nm_setting_vpn_add_data_item (s_vpn, "foobar4", "blahblah4");
/* Ensure that added values are all present */
nm_setting_vpn_foreach_data_item (s_vpn, vpn_check_func, "vpn-data");
nm_setting_vpn_remove_data_item (s_vpn, "foobar1");
nm_setting_vpn_remove_data_item (s_vpn, "foobar2");
nm_setting_vpn_remove_data_item (s_vpn, "foobar3");
nm_setting_vpn_remove_data_item (s_vpn, "foobar4");
nm_setting_vpn_add_secret (s_vpn, "foobar1", "blahblah1");
nm_setting_vpn_add_secret (s_vpn, "foobar2", "blahblah2");
nm_setting_vpn_add_secret (s_vpn, "foobar3", "blahblah3");
nm_setting_vpn_add_secret (s_vpn, "foobar4", "blahblah4");
/* Ensure that added values are all present */
nm_setting_vpn_foreach_secret (s_vpn, vpn_check_func, "vpn-secrets");
nm_setting_vpn_remove_secret (s_vpn, "foobar1");
nm_setting_vpn_remove_secret (s_vpn, "foobar2");
nm_setting_vpn_remove_secret (s_vpn, "foobar3");
nm_setting_vpn_remove_secret (s_vpn, "foobar4");
/* Try to add some blank values and make sure they are rejected */
nm_setting_vpn_add_data_item (s_vpn, NULL, NULL);
nm_setting_vpn_add_data_item (s_vpn, "", "");
nm_setting_vpn_add_data_item (s_vpn, "foobar1", NULL);
nm_setting_vpn_add_data_item (s_vpn, "foobar1", "");
nm_setting_vpn_add_data_item (s_vpn, NULL, "blahblah1");
nm_setting_vpn_add_data_item (s_vpn, "", "blahblah1");
nm_setting_vpn_foreach_data_item (s_vpn, vpn_check_empty_func, "vpn-data-empty");
/* Try to add some blank secrets and make sure they are rejected */
nm_setting_vpn_add_secret (s_vpn, NULL, NULL);
nm_setting_vpn_add_secret (s_vpn, "", "");
nm_setting_vpn_add_secret (s_vpn, "foobar1", NULL);
nm_setting_vpn_add_secret (s_vpn, "foobar1", "");
nm_setting_vpn_add_secret (s_vpn, NULL, "blahblah1");
nm_setting_vpn_add_secret (s_vpn, "", "blahblah1");
nm_setting_vpn_foreach_secret (s_vpn, vpn_check_empty_func, "vpn-secrets-empty");
g_object_unref (s_vpn);
}
static void
read_vpn_secrets (GKeyFile *file, NMSettingVPN *s_vpn)
{
char **keys, **iter;
keys = g_key_file_get_keys (file, VPN_SECRETS_GROUP, NULL, NULL);
for (iter = keys; *iter; iter++) {
char *secret;
secret = g_key_file_get_string (file, VPN_SECRETS_GROUP, *iter, NULL);
if (secret) {
nm_setting_vpn_add_secret (s_vpn, *iter, secret);
g_free (secret);
}
}
g_strfreev (keys);
}
static void
save_one_password (NMSettingVPN *s_vpn,
GtkBuilder *builder,
const char *entry_name,
const char *combo_name,
const char *secret_key,
const char *type_key)
{
NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
const char *data_val = NULL, *password;
GtkWidget *entry, *combo;
entry = GTK_WIDGET (gtk_builder_get_object (builder, entry_name));
flags = GPOINTER_TO_UINT (g_object_get_data (G_OBJECT (entry), "flags"));
combo = GTK_WIDGET (gtk_builder_get_object (builder, combo_name));
switch (gtk_combo_box_get_active (GTK_COMBO_BOX (combo))) {
case PW_TYPE_SAVE:
password = gtk_entry_get_text (GTK_ENTRY (entry));
if (password && strlen (password))
nm_setting_vpn_add_secret (s_vpn, secret_key, password);
data_val = NM_OPENSWAN_PW_TYPE_SAVE;
break;
case PW_TYPE_UNUSED:
data_val = NM_OPENSWAN_PW_TYPE_UNUSED;
flags |= NM_SETTING_SECRET_FLAG_NOT_REQUIRED;
break;
case PW_TYPE_ASK:
default:
data_val = NM_OPENSWAN_PW_TYPE_ASK;
flags |= NM_SETTING_SECRET_FLAG_NOT_SAVED;
break;
}
/* Set both new secret flags and old data item for backwards compat */
nm_setting_vpn_add_data_item (s_vpn, type_key, data_val);
nm_setting_set_secret_flags (NM_SETTING (s_vpn), secret_key, flags, NULL);
}
static void
save_one_password (NMSettingVpn *s_vpn,
GtkBuilder *builder,
const char *entry_name,
const char *secret_key,
const char *type_key)
{
NMSettingSecretFlags flags;
const char *data_val = NULL, *password;
GtkWidget *entry;
/* Get secret flags */
entry = GTK_WIDGET (gtk_builder_get_object (builder, entry_name));
flags = nma_utils_menu_to_secret_flags (entry);
/* Save password and convert flags to legacy data items */
switch (flags) {
case NM_SETTING_SECRET_FLAG_NONE:
case NM_SETTING_SECRET_FLAG_AGENT_OWNED:
password = gtk_entry_get_text (GTK_ENTRY (entry));
if (password && strlen (password))
nm_setting_vpn_add_secret (s_vpn, secret_key, password);
data_val = NM_VPNC_PW_TYPE_SAVE;
break;
case NM_SETTING_SECRET_FLAG_NOT_REQUIRED:
data_val = NM_VPNC_PW_TYPE_UNUSED;
break;
case NM_SETTING_SECRET_FLAG_NOT_SAVED:
default:
data_val = NM_VPNC_PW_TYPE_ASK;
break;
}
/* Set both new secret flags and old data item for backwards compat */
nm_setting_vpn_add_data_item (s_vpn, type_key, data_val);
nm_setting_set_secret_flags (NM_SETTING (s_vpn), secret_key, flags, NULL);
}
static NMConnection *
import (NMVpnPluginUiInterface *iface, const char *path, GError **error)
{
NMConnection *connection;
NMSettingConnection *s_con;
NMSettingVPN *s_vpn;
NMSettingIP4Config *s_ip4;
GKeyFile *keyfile;
GKeyFileFlags flags;
const char *buf;
gboolean bval;
keyfile = g_key_file_new ();
flags = G_KEY_FILE_KEEP_COMMENTS | G_KEY_FILE_KEEP_TRANSLATIONS;
if (!g_key_file_load_from_file (keyfile, path, flags, NULL)) {
g_set_error (error,
NM_OPENCONNECT_IMPORT_EXPORT_ERROR,
NM_OPENCONNECT_IMPORT_EXPORT_ERROR_NOT_OPENCONNECT,
"does not look like a %s VPN connection (parse failed)",
OPENCONNECT_PLUGIN_NAME);
return NULL;
}
connection = nm_connection_new ();
s_con = NM_SETTING_CONNECTION (nm_setting_connection_new ());
nm_connection_add_setting (connection, NM_SETTING (s_con));
s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
g_object_set (s_vpn, NM_SETTING_VPN_SERVICE_TYPE, NM_DBUS_SERVICE_OPENCONNECT, NULL);
nm_connection_add_setting (connection, NM_SETTING (s_vpn));
s_ip4 = NM_SETTING_IP4_CONFIG (nm_setting_ip4_config_new ());
nm_connection_add_setting (connection, NM_SETTING (s_ip4));
/* Host */
buf = g_key_file_get_string (keyfile, "openconnect", "Host", NULL);
if (buf) {
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_GATEWAY, buf);
} else {
g_set_error (error,
NM_OPENCONNECT_IMPORT_EXPORT_ERROR,
NM_OPENCONNECT_IMPORT_EXPORT_ERROR_BAD_DATA,
"does not look like a %s VPN connection (no Host)",
OPENCONNECT_PLUGIN_NAME);
g_object_unref (connection);
return NULL;
}
/* Optional Settings */
/* Description */
buf = g_key_file_get_string (keyfile, "openconnect", "Description", NULL);
if (buf)
g_object_set (s_con, NM_SETTING_CONNECTION_ID, buf, NULL);
/* CA Certificate */
buf = g_key_file_get_string (keyfile, "openconnect", "CACert", NULL);
if (buf)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_CACERT, buf);
/* Proxy */
buf = g_key_file_get_string (keyfile, "openconnect", "Proxy", NULL);
if (buf)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PROXY, buf);
/* Cisco Secure Desktop */
bval = g_key_file_get_boolean (keyfile, "openconnect", "CSDEnable", NULL);
if (bval)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_CSD_ENABLE, "yes");
/* Cisco Secure Desktop wrapper */
buf = g_key_file_get_string (keyfile, "openconnect", "CSDWrapper", NULL);
if (buf)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_CSD_WRAPPER, buf);
/* User Certificate */
buf = g_key_file_get_string (keyfile, "openconnect", "UserCertificate", NULL);
if (buf)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_USERCERT, buf);
/* Private Key */
buf = g_key_file_get_string (keyfile, "openconnect", "PrivateKey", NULL);
if (buf)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PRIVKEY, buf);
/* FSID */
bval = g_key_file_get_boolean (keyfile, "openconnect", "FSID", NULL);
if (bval)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID, "yes");
/* Soft token mode */
buf = g_key_file_get_string (keyfile, "openconnect", "StokenSource", NULL);
if (buf)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_TOKEN_MODE, buf);
/* Soft token secret */
buf = g_key_file_get_string (keyfile, "openconnect", "StokenString", NULL);
if (buf)
nm_setting_vpn_add_secret (s_vpn, NM_OPENCONNECT_KEY_TOKEN_SECRET, buf);
return connection;
}