static void
hash_copy_advanced (gpointer key, gpointer data, gpointer user_data)
{
NMSettingVPN *s_vpn = NM_SETTING_VPN (user_data);
nm_setting_vpn_add_data_item (s_vpn, (const char *) key, (const char *) data);
}
static gboolean
real_need_secrets (NMVpnServicePlugin *plugin,
NMConnection *connection,
const char **setting_name,
GError **error)
{
NMSettingVpn *s_vpn;
NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
g_return_val_if_fail (NM_IS_VPN_SERVICE_PLUGIN (plugin), FALSE);
g_return_val_if_fail (NM_IS_CONNECTION (connection), FALSE);
s_vpn = nm_connection_get_setting_vpn (connection);
nm_setting_get_secret_flags (NM_SETTING (s_vpn), NM_SSTP_KEY_PASSWORD, &flags, NULL);
/* Don't need the password if it's not required */
if (flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)
return FALSE;
/* Don't need the password if we already have one */
if (nm_setting_vpn_get_secret (NM_SETTING_VPN (s_vpn), NM_SSTP_KEY_PASSWORD))
return FALSE;
/* Otherwise we need a password */
*setting_name = NM_SETTING_VPN_SETTING_NAME;
return TRUE;
}
static void
read_hash_of_string (GKeyFile *file, NMSetting *setting, const char *key)
{
char **keys, **iter;
char *value;
const char *setting_name = nm_setting_get_name (setting);
keys = nm_keyfile_plugin_kf_get_keys (file, setting_name, NULL, NULL);
if (!keys || !*keys)
return;
for (iter = keys; *iter; iter++) {
value = nm_keyfile_plugin_kf_get_string (file, setting_name, *iter, NULL);
if (!value)
continue;
if (NM_IS_SETTING_VPN (setting)) {
if (strcmp (*iter, NM_SETTING_VPN_SERVICE_TYPE))
nm_setting_vpn_add_data_item (NM_SETTING_VPN (setting), *iter, value);
}
if (NM_IS_SETTING_BOND (setting)) {
if (strcmp (*iter, NM_SETTING_BOND_INTERFACE_NAME))
nm_setting_bond_add_option (NM_SETTING_BOND (setting), *iter, value);
}
g_free (value);
}
g_strfreev (keys);
}
static void
write_one_secret_to_keyring (NMSetting *setting,
const char *key,
const GValue *value,
GParamFlags flags,
gpointer user_data)
{
Request *r = user_data;
GType type = G_VALUE_TYPE (value);
const char *secret;
/* Non-secrets obviously don't get saved in the keyring */
if (!(flags & NM_SETTING_PARAM_SECRET))
return;
if (NM_IS_SETTING_VPN (setting) && (g_strcmp0 (key, NM_SETTING_VPN_SECRETS) == 0)) {
g_return_if_fail (type == DBUS_TYPE_G_MAP_OF_STRING);
/* Process VPN secrets specially since it's a hash of secrets, not just one */
nm_setting_vpn_foreach_secret (NM_SETTING_VPN (setting),
vpn_secret_iter_cb,
r);
} else {
g_return_if_fail (type == G_TYPE_STRING);
secret = g_value_get_string (value);
if (secret && strlen (secret))
save_one_secret (r, setting, key, secret, NULL);
}
}
static void
get_property (GObject *object, guint prop_id,
GValue *value, GParamSpec *pspec)
{
NMSettingVpn *setting = NM_SETTING_VPN (object);
NMSettingVpnPrivate *priv = NM_SETTING_VPN_GET_PRIVATE (setting);
switch (prop_id) {
case PROP_SERVICE_TYPE:
g_value_set_string (value, nm_setting_vpn_get_service_type (setting));
break;
case PROP_USER_NAME:
g_value_set_string (value, nm_setting_vpn_get_user_name (setting));
break;
case PROP_PERSISTENT:
g_value_set_boolean (value, priv->persistent);
break;
case PROP_DATA:
g_value_take_boxed (value, _nm_utils_copy_strdict (priv->data));
break;
case PROP_SECRETS:
g_value_take_boxed (value, _nm_utils_copy_strdict (priv->secrets));
break;
case PROP_TIMEOUT:
g_value_set_uint (value, nm_setting_vpn_get_timeout (setting));
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
}
}
static gboolean
real_connect (NMVPNPlugin *plugin,
NMConnection *connection,
GError **error)
{
NMSettingVPN *s_vpn;
gint openconnect_fd = -1;
s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN));
g_assert (s_vpn);
if (!nm_openconnect_properties_validate (s_vpn, error))
goto out;
if (!nm_openconnect_secrets_validate (s_vpn, error))
goto out;
if (debug)
nm_connection_dump (connection);
openconnect_fd = nm_openconnect_start_openconnect_binary (NM_OPENCONNECT_PLUGIN (plugin), s_vpn, error);
if (!openconnect_fd)
return TRUE;
out:
return FALSE;
}
static void
get_property (GObject *object, guint prop_id,
GValue *value, GParamSpec *pspec)
{
NMSettingVPN *setting = NM_SETTING_VPN (object);
NMSettingVPNPrivate *priv = NM_SETTING_VPN_GET_PRIVATE (setting);
switch (prop_id) {
case PROP_SERVICE_TYPE:
g_value_set_string (value, nm_setting_vpn_get_service_type (setting));
break;
case PROP_USER_NAME:
g_value_set_string (value, nm_setting_vpn_get_user_name (setting));
break;
case PROP_DATA:
g_value_set_boxed (value, priv->data);
break;
case PROP_SECRETS:
g_value_set_boxed (value, priv->secrets);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
}
}
static gboolean
real_need_secrets (NMVPNPlugin *plugin,
NMConnection *connection,
char **setting_name,
GError **error)
{
NMSettingVPN *s_vpn;
gboolean need_secrets = FALSE;
g_return_val_if_fail (NM_IS_VPN_PLUGIN (plugin), FALSE);
g_return_val_if_fail (NM_IS_CONNECTION (connection), FALSE);
s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN));
if (!s_vpn) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID,
"%s",
"Could not process the request because the VPN connection settings were invalid.");
return FALSE;
}
if (!nm_setting_vpn_get_secret (s_vpn, NM_OPENSSH_KEY_PASSWORD))
need_secrets = TRUE;
if (need_secrets)
*setting_name = NM_SETTING_VPN_SETTING_NAME;
return need_secrets;
}
static gboolean
compare_property (NMSetting *setting,
NMSetting *other,
const GParamSpec *prop_spec,
NMSettingCompareFlags flags)
{
gboolean same;
/* We only need to treat the 'secrets' property specially */
if (g_strcmp0 (prop_spec->name, NM_SETTING_VPN_SECRETS) != 0)
return NM_SETTING_CLASS (nm_setting_vpn_parent_class)->compare_property (setting, other, prop_spec, flags);
/* Compare A to B to ensure everything in A is found in B */
same = compare_one_secret (NM_SETTING_VPN (setting), NM_SETTING_VPN (other), flags);
if (same) {
/* And then B to A to ensure everything in B is also found in A */
same = compare_one_secret (NM_SETTING_VPN (other), NM_SETTING_VPN (setting), flags);
}
return same;
}
static gboolean
update_connection (NMVpnPluginUiWidgetInterface *iface,
NMConnection *connection,
GError **error)
{
L2tpPluginUiWidget *self = L2TP_PLUGIN_UI_WIDGET (iface);
L2tpPluginUiWidgetPrivate *priv = L2TP_PLUGIN_UI_WIDGET_GET_PRIVATE (self);
NMSettingVPN *s_vpn;
GtkWidget *widget;
const char *str;
gboolean valid = FALSE;
if (!check_validity (self, error))
return FALSE;
s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
g_object_set (s_vpn, NM_SETTING_VPN_SERVICE_TYPE, NM_DBUS_SERVICE_L2TP, NULL);
/* Gateway */
widget = glade_xml_get_widget (priv->xml, "gateway_entry");
str = gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_L2TP_KEY_GATEWAY, str);
/* Username */
widget = glade_xml_get_widget (priv->xml, "user_entry");
str = gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_L2TP_KEY_USER, str);
/* Domain */
widget = glade_xml_get_widget (priv->xml, "domain_entry");
str = gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_L2TP_KEY_DOMAIN, str);
if (priv->advanced)
g_hash_table_foreach (priv->advanced, hash_copy_advanced, s_vpn);
nm_connection_add_setting (connection, NM_SETTING (s_vpn));
valid = TRUE;
return valid;
}
static gboolean
real_connect (NMVPNPlugin *plugin,
NMConnection *connection,
GError **error)
{
NMSettingVPN *s_vpn;
const char *user_name;
s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN));
if (!s_vpn) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID,
"%s",
"Could not process the request because the VPN connection settings were invalid.");
return FALSE;
}
user_name = nm_setting_vpn_get_user_name (s_vpn);
if (!user_name && !nm_setting_vpn_get_data_item (s_vpn, NM_OPENSSH_KEY_USER)) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID,
"%s",
"Could not process the request because no username was provided.");
return FALSE;
}
/* Validate the properties */
if (!nm_openssh_properties_validate (s_vpn, error))
return FALSE;
/* Finally try to start sshtun */
if (!nm_openssh_start (plugin, s_vpn, error))
return FALSE;
return TRUE;
}
static gboolean
real_need_secrets (NMVPNPlugin *plugin,
NMConnection *connection,
char **setting_name,
GError **error)
{
NMSettingVPN *s_vpn;
g_return_val_if_fail (NM_IS_VPN_PLUGIN (plugin), FALSE);
g_return_val_if_fail (NM_IS_CONNECTION (connection), FALSE);
s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN));
if (!s_vpn) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID,
"%s",
"Could not process the request because the VPN connection settings were invalid.");
return FALSE;
}
/* We just need the WebVPN cookie, and the final IP address of the gateway
(after HTTP redirects, which do happen). All the certificate/SecurID
nonsense can be handled for us, in the user's context, by auth-dialog */
if (!nm_setting_vpn_get_secret (s_vpn, NM_OPENCONNECT_KEY_GATEWAY)) {
*setting_name = NM_SETTING_VPN_SETTING_NAME;
return TRUE;
}
if (!nm_setting_vpn_get_secret (s_vpn, NM_OPENCONNECT_KEY_COOKIE)) {
*setting_name = NM_SETTING_VPN_SETTING_NAME;
return TRUE;
}
if (!nm_setting_vpn_get_secret (s_vpn, NM_OPENCONNECT_KEY_GWCERT)) {
*setting_name = NM_SETTING_VPN_SETTING_NAME;
return TRUE;
}
return FALSE;
}
static void
vpn_secret_iter_cb (const char *key, const char *secret, gpointer user_data)
{
Request *r = user_data;
NMSetting *setting;
const char *service_name, *id;
char *display_name;
if (secret && strlen (secret)) {
setting = nm_connection_get_setting (r->connection, NM_TYPE_SETTING_VPN);
g_assert (setting);
service_name = nm_setting_vpn_get_service_type (NM_SETTING_VPN (setting));
g_assert (service_name);
id = nm_connection_get_id (r->connection);
g_assert (id);
display_name = g_strdup_printf ("VPN %s secret for %s/%s/" NM_SETTING_VPN_SETTING_NAME,
key,
id,
service_name);
save_one_secret (r, setting, key, secret, display_name);
g_free (display_name);
}
}
static gboolean
update_connection (NMVpnPluginUiWidgetInterface *iface,
NMConnection *connection,
GError **error)
{
OpenswanPluginUiWidget *self = OPENSWAN_PLUGIN_UI_WIDGET (iface);
OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self);
NMSettingVPN *s_vpn;
GtkWidget *widget;
char *str;
if (!check_validity (self, error))
return FALSE;
s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
g_object_set (s_vpn, NM_SETTING_VPN_SERVICE_TYPE, NM_DBUS_SERVICE_OPENSWAN, NULL);
/* Gateway */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "gateway_entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_RIGHT, str);
/* Group name */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "group_entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_LEFTID, str);
/* User name*/
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_LEFTXAUTHUSER, str);
/* Phase 1 Algorithms: ike */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "phase1_entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_IKE, str);
/* Phase 2 Algorithms: esp */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "phase2_entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_ESP, str);
/* Domain entry */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "domain_entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DOMAIN, str);
save_one_password (s_vpn,
priv->builder,
"user_password_entry",
"user_pass_type_combo",
NM_OPENSWAN_XAUTH_PASSWORD,
NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES);
save_one_password (s_vpn,
priv->builder,
"group_password_entry",
"group_pass_type_combo",
NM_OPENSWAN_PSK_VALUE,
NM_OPENSWAN_PSK_INPUT_MODES);
nm_connection_add_setting (connection, NM_SETTING (s_vpn));
return TRUE;
}
static gboolean
update_connection (NMVpnEditor *editor,
NMConnection *connection,
GError **error)
{
VpncEditor *self = VPNC_EDITOR (editor);
VpncEditorPrivate *priv = VPNC_EDITOR_GET_PRIVATE (self);
NMSettingConnection *s_con;
NMSettingVpn *s_vpn;
GtkWidget *widget;
char *str;
guint32 port;
GtkTreeModel *model;
GtkTreeIter iter;
if (!check_validity (self, error))
return FALSE;
s_con = nm_connection_get_setting_connection (connection);
s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
g_object_set (s_vpn, NM_SETTING_VPN_SERVICE_TYPE, NM_DBUS_SERVICE_VPNC, NULL);
/* Interface name */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "interface_name_entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
g_object_set (G_OBJECT (s_con), NM_SETTING_CONNECTION_INTERFACE_NAME, str, NULL);
/* Gateway */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "gateway_entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_GATEWAY, str);
/* Group name */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "group_entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_ID, str);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_XAUTH_USER, str);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "domain_entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_DOMAIN, str);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "vendor_combo"));
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) {
const char *vendor = NULL;
gtk_tree_model_get (model, &iter, 1, &vendor, -1);
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_VENDOR, vendor);
} else
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_VENDOR, NM_VPNC_VENDOR_CISCO);
/* Application version */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "application_version_entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_APP_VERSION, str);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "encryption_combo"));
switch (gtk_combo_box_get_active (GTK_COMBO_BOX (widget))) {
case ENC_TYPE_WEAK:
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_SINGLE_DES, "yes");
break;
case ENC_TYPE_NONE:
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_NO_ENCRYPTION, "yes");
break;
case ENC_TYPE_SECURE:
default:
break;
}
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "natt_combo"));
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) {
const char *mode = NULL;
gtk_tree_model_get (model, &iter, 1, &mode, -1);
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE, mode);
} else
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE, NM_VPNC_NATT_MODE_NATT);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "dhgroup_combo"));
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) {
const char *dhgroup = NULL;
gtk_tree_model_get (model, &iter, 1, &dhgroup, -1);
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_DHGROUP, dhgroup);
} else
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_DHGROUP, NM_VPNC_DHGROUP_DH2);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "pfsecrecy_combo"));
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) {
const char *pfs = NULL;
gtk_tree_model_get (model, &iter, 1, &pfs, -1);
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_PERFECT_FORWARD, pfs);
} else
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_PERFECT_FORWARD, NM_VPNC_PFS_SERVER);
/* Local port */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "local_port_spinbutton"));
port = gtk_spin_button_get_value_as_int (GTK_SPIN_BUTTON (widget));
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_LOCAL_PORT, g_strdup_printf ("%d", port));
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dpd_checkbutton"));
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_DPD_IDLE_TIMEOUT, "0");
} else {
/* If DPD was disabled and now the user wishes to enable it, just
* don't pass the DPD_IDLE_TIMEOUT option to vpnc and thus use the
* default DPD idle time. Otherwise keep the original DPD idle timeout.
*/
if (priv->orig_dpd_timeout >= 10) {
char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout);
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_DPD_IDLE_TIMEOUT, tmp);
g_free (tmp);
}
}
/* User password */
save_one_password (s_vpn,
priv->builder,
"user_password_entry",
NM_VPNC_KEY_XAUTH_PASSWORD,
NM_VPNC_KEY_XAUTH_PASSWORD_TYPE);
/* Group password */
save_one_password (s_vpn,
priv->builder,
"group_password_entry",
NM_VPNC_KEY_SECRET,
NM_VPNC_KEY_SECRET_TYPE);
/* hybrid auth */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "hybrid_checkbutton"));
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_AUTHMODE, "hybrid");
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "ca_file_chooser"));
str = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_CA_FILE, str);
nm_connection_add_setting (connection, NM_SETTING (s_vpn));
return TRUE;
}
static gboolean
update_connection (NMVpnPluginUiWidgetInterface *iface,
NMConnection *connection,
GError **error)
{
StrongswanPluginUiWidget *self = STRONGSWAN_PLUGIN_UI_WIDGET (iface);
StrongswanPluginUiWidgetPrivate *priv = STRONGSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self);
NMSettingVPN *settings;
GtkWidget *widget;
gboolean active;
char *str;
if (!check_validity (self, error))
return FALSE;
settings = NM_SETTING_VPN (nm_setting_vpn_new ());
g_object_set (settings, NM_SETTING_VPN_SERVICE_TYPE,
NM_DBUS_SERVICE_STRONGSWAN, NULL);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "address-entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str)) {
nm_setting_vpn_add_data_item (settings, "address", str);
}
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "certificate-button"));
str = (char *) gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
if (str) {
nm_setting_vpn_add_data_item (settings, "certificate", str);
}
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "method-combo"));
switch (gtk_combo_box_get_active (GTK_COMBO_BOX (widget)))
{
default:
case 0:
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "userkey-button"));
str = (char *) gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
if (str) {
nm_setting_vpn_add_data_item (settings, "userkey", str);
}
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "usercert-button"));
str = (char *) gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
if (str) {
nm_setting_vpn_add_data_item (settings, "usercert", str);
}
str = "key";
break;
case 1:
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "usercert-button"));
str = (char *) gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
if (str) {
nm_setting_vpn_add_data_item (settings, "usercert", str);
}
str = "agent";
break;
case 2:
str = "smartcard";
break;
case 3:
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user-entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str)) {
nm_setting_vpn_add_data_item (settings, "user", str);
}
str = "eap";
break;
case 4:
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user-entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str)) {
nm_setting_vpn_add_data_item (settings, "user", str);
}
str = "psk";
break;
}
nm_setting_vpn_add_data_item (settings, "method", str);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "virtual-check"));
active = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget));
nm_setting_vpn_add_data_item (settings, "virtual", active ? "yes" : "no");
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "encap-check"));
active = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget));
nm_setting_vpn_add_data_item (settings, "encap", active ? "yes" : "no");
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "ipcomp-check"));
active = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget));
nm_setting_vpn_add_data_item (settings, "ipcomp", active ? "yes" : "no");
nm_setting_set_secret_flags (NM_SETTING (settings), "password",
NM_SETTING_SECRET_FLAG_AGENT_OWNED, NULL);
nm_connection_add_setting (connection, NM_SETTING (settings));
return TRUE;
}
static gboolean
init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError **error)
{
StrongswanPluginUiWidgetPrivate *priv = STRONGSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self);
NMSettingVPN *settings;
GtkWidget *widget;
const char *value;
settings = NM_SETTING_VPN(nm_connection_get_setting(connection, NM_TYPE_SETTING_VPN));
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "address-entry"));
value = nm_setting_vpn_get_data_item (settings, "address");
if (value)
gtk_entry_set_text (GTK_ENTRY (widget), value);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (settings_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "certificate-button"));
value = nm_setting_vpn_get_data_item (settings, "certificate");
if (value)
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (settings_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user-label"));
gtk_widget_set_no_show_all (widget, TRUE);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user-entry"));
gtk_widget_set_no_show_all (widget, TRUE);
value = nm_setting_vpn_get_data_item (settings, "user");
if (value)
gtk_entry_set_text (GTK_ENTRY (widget), value);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (settings_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "method-combo"));
gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("Certificate/private key"));
gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("Certificate/ssh-agent"));
gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("Smartcard"));
gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("EAP"));
gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("Pre-shared key"));
value = nm_setting_vpn_get_data_item (settings, "method");
if (value) {
if (g_strcmp0 (value, "key") == 0) {
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0);
}
if (g_strcmp0 (value, "agent") == 0) {
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1);
}
if (g_strcmp0 (value, "smartcard") == 0) {
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 2);
}
if (g_strcmp0 (value, "eap") == 0) {
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 3);
}
if (g_strcmp0 (value, "psk") == 0) {
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 4);
}
}
if (gtk_combo_box_get_active (GTK_COMBO_BOX (widget)) == -1)
{
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0);
}
update_layout (widget, priv);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (settings_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "usercert-label"));
gtk_widget_set_no_show_all (widget, TRUE);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "usercert-button"));
gtk_widget_set_no_show_all (widget, TRUE);
value = nm_setting_vpn_get_data_item (settings, "usercert");
if (value)
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (settings_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "userkey-label"));
gtk_widget_set_no_show_all (widget, TRUE);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "userkey-button"));
gtk_widget_set_no_show_all (widget, TRUE);
value = nm_setting_vpn_get_data_item (settings, "userkey");
if (value)
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (settings_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "virtual-check"));
value = nm_setting_vpn_get_data_item (settings, "virtual");
if (value && strcmp(value, "yes") == 0)
{
gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(widget), TRUE);
}
g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (settings_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "encap-check"));
value = nm_setting_vpn_get_data_item (settings, "encap");
if (value && strcmp(value, "yes") == 0)
{
gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(widget), TRUE);
}
g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (settings_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "ipcomp-check"));
value = nm_setting_vpn_get_data_item (settings, "ipcomp");
if (value && strcmp(value, "yes") == 0)
{
gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(widget), TRUE);
}
g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (settings_changed_cb), self);
return TRUE;
}
static gboolean
real_connect (NMVPNPlugin *plugin,
NMConnection *connection,
GError **error)
{
NML2tpPluginPrivate *priv = NM_L2TP_PLUGIN_GET_PRIVATE (plugin);
NMSettingVPN *s_vpn;
const char *value;
if (getenv ("NM_PPP_DUMP_CONNECTION") || debug)
nm_connection_dump (connection);
s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN));
g_assert (s_vpn);
if (!nm_l2tp_properties_validate (s_vpn, error))
return FALSE;
if (!nm_l2tp_secrets_validate (s_vpn, error))
return FALSE;
/* Start our pppd plugin helper service */
if (priv->service)
g_object_unref (priv->service);
if (priv->connection) {
g_object_unref (priv->connection);
priv->connection = NULL;
}
priv->service = nm_l2tp_ppp_service_new (connection, error);
if (!priv->service) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"%s",
_("Could not start pppd plugin helper service."));
return FALSE;
}
priv->connection = g_object_ref (connection);
g_signal_connect (G_OBJECT (priv->service), "plugin-alive", G_CALLBACK (service_plugin_alive_cb), plugin);
g_signal_connect (G_OBJECT (priv->service), "ppp-state", G_CALLBACK (service_ppp_state_cb), plugin);
g_signal_connect (G_OBJECT (priv->service), "ip4-config", G_CALLBACK (service_ip4_config_cb), plugin);
/* Cache the username and password so we can relay the secrets to the pppd
* plugin when it asks for them.
*/
if (!_service_cache_credentials (priv->service, connection, error))
return FALSE;
if (!nm_l2tp_resolve_gateway (NM_L2TP_PLUGIN (plugin), s_vpn, error))
return FALSE;
if (!nm_l2tp_config_write (NM_L2TP_PLUGIN (plugin), s_vpn, error))
return FALSE;
value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_ENABLE);
g_message(_("ipsec enable flag: %s"), value?value:"(null)");
if(value && !strcmp(value,"yes")) {
g_message(_("starting ipsec"));
if (!nm_l2tp_start_ipsec(NM_L2TP_PLUGIN (plugin), s_vpn, error))
return FALSE;
}
if (!nm_l2tp_start_l2tpd_binary (NM_L2TP_PLUGIN (plugin), s_vpn, error))
return FALSE;
return TRUE;
}
static NMConnection *
import (NMVpnPluginUiInterface *iface, const char *path, GError **error)
{
NMConnection *connection;
NMSettingConnection *s_con;
NMSettingVPN *s_vpn;
NMSettingIP4Config *s_ip4;
GKeyFile *keyfile;
GKeyFileFlags flags;
const char *buf;
keyfile = g_key_file_new ();
flags = G_KEY_FILE_KEEP_COMMENTS | G_KEY_FILE_KEEP_TRANSLATIONS;
if (!g_key_file_load_from_file (keyfile, path, flags, error)) {
g_set_error (error,
NM_IODINE_IMPORT_EXPORT_ERROR,
NM_IODINE_IMPORT_EXPORT_ERROR_NOT_IODINE,
"does not look like a %s VPN connection (parse failed)",
IODINE_PLUGIN_NAME);
return NULL;
}
connection = nm_connection_new ();
s_con = NM_SETTING_CONNECTION (nm_setting_connection_new ());
nm_connection_add_setting (connection, NM_SETTING (s_con));
s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
g_object_set (s_vpn,
NM_SETTING_VPN_SERVICE_TYPE,
NM_DBUS_SERVICE_IODINE,
NULL);
nm_connection_add_setting (connection, NM_SETTING (s_vpn));
s_ip4 = NM_SETTING_IP4_CONFIG (nm_setting_ip4_config_new ());
nm_connection_add_setting (connection, NM_SETTING (s_ip4));
/* top level domain */
buf = g_key_file_get_string (keyfile, "iodine", "topdomain", NULL);
if (buf) {
nm_setting_vpn_add_data_item (s_vpn, NM_IODINE_KEY_TOPDOMAIN, buf);
} else {
g_set_error (error,
NM_IODINE_IMPORT_EXPORT_ERROR,
NM_IODINE_IMPORT_EXPORT_ERROR_NOT_IODINE,
"does not look like a %s VPN connection "
"(no top level domain)",
IODINE_PLUGIN_NAME);
g_object_unref (connection);
return NULL;
}
/* Optional Settings */
/* Description */
buf = g_key_file_get_string (keyfile, "iodine", "Description", NULL);
if (buf)
g_object_set (s_con, NM_SETTING_CONNECTION_ID, buf, NULL);
/* Name server */
buf = g_key_file_get_string (keyfile, "iodine", "Nameserver", NULL);
if (buf)
nm_setting_vpn_add_data_item (s_vpn, NM_IODINE_KEY_NAMESERVER, buf);
/* Fragment size */
buf = g_key_file_get_string (keyfile, "iodine", "Fragsize", NULL);
if (buf)
nm_setting_vpn_add_data_item (s_vpn, NM_IODINE_KEY_FRAGSIZE, "yes");
return connection;
}
static NMConnection *
import (NMVpnPluginUiInterface *iface, const char *path, GError **error)
{
NMConnection *connection;
NMSettingConnection *s_con;
NMSettingVPN *s_vpn;
NMSettingIP4Config *s_ip4;
GKeyFile *keyfile;
GKeyFileFlags flags;
const char *buf;
gboolean bval;
keyfile = g_key_file_new ();
flags = G_KEY_FILE_KEEP_COMMENTS | G_KEY_FILE_KEEP_TRANSLATIONS;
if (!g_key_file_load_from_file (keyfile, path, flags, NULL)) {
g_set_error (error,
NM_OPENCONNECT_IMPORT_EXPORT_ERROR,
NM_OPENCONNECT_IMPORT_EXPORT_ERROR_NOT_OPENCONNECT,
"does not look like a %s VPN connection (parse failed)",
OPENCONNECT_PLUGIN_NAME);
return NULL;
}
connection = nm_connection_new ();
s_con = NM_SETTING_CONNECTION (nm_setting_connection_new ());
nm_connection_add_setting (connection, NM_SETTING (s_con));
s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
g_object_set (s_vpn, NM_SETTING_VPN_SERVICE_TYPE, NM_DBUS_SERVICE_OPENCONNECT, NULL);
nm_connection_add_setting (connection, NM_SETTING (s_vpn));
s_ip4 = NM_SETTING_IP4_CONFIG (nm_setting_ip4_config_new ());
nm_connection_add_setting (connection, NM_SETTING (s_ip4));
/* Host */
buf = g_key_file_get_string (keyfile, "openconnect", "Host", NULL);
if (buf) {
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_GATEWAY, buf);
} else {
g_set_error (error,
NM_OPENCONNECT_IMPORT_EXPORT_ERROR,
NM_OPENCONNECT_IMPORT_EXPORT_ERROR_BAD_DATA,
"does not look like a %s VPN connection (no Host)",
OPENCONNECT_PLUGIN_NAME);
g_object_unref (connection);
return NULL;
}
/* Optional Settings */
/* Description */
buf = g_key_file_get_string (keyfile, "openconnect", "Description", NULL);
if (buf)
g_object_set (s_con, NM_SETTING_CONNECTION_ID, buf, NULL);
/* CA Certificate */
buf = g_key_file_get_string (keyfile, "openconnect", "CACert", NULL);
if (buf)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_CACERT, buf);
/* Proxy */
buf = g_key_file_get_string (keyfile, "openconnect", "Proxy", NULL);
if (buf)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PROXY, buf);
/* Cisco Secure Desktop */
bval = g_key_file_get_boolean (keyfile, "openconnect", "CSDEnable", NULL);
if (bval)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_CSD_ENABLE, "yes");
/* Cisco Secure Desktop wrapper */
buf = g_key_file_get_string (keyfile, "openconnect", "CSDWrapper", NULL);
if (buf)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_CSD_WRAPPER, buf);
/* User Certificate */
buf = g_key_file_get_string (keyfile, "openconnect", "UserCertificate", NULL);
if (buf)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_USERCERT, buf);
/* Private Key */
buf = g_key_file_get_string (keyfile, "openconnect", "PrivateKey", NULL);
if (buf)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PRIVKEY, buf);
/* FSID */
bval = g_key_file_get_boolean (keyfile, "openconnect", "FSID", NULL);
if (bval)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID, "yes");
/* Soft token mode */
buf = g_key_file_get_string (keyfile, "openconnect", "StokenSource", NULL);
if (buf)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_TOKEN_MODE, buf);
/* Soft token secret */
buf = g_key_file_get_string (keyfile, "openconnect", "StokenString", NULL);
if (buf)
nm_setting_vpn_add_secret (s_vpn, NM_OPENCONNECT_KEY_TOKEN_SECRET, buf);
return connection;
}
