static void test_nat_export (NMVpnPluginUiInterface *plugin, const char *dir, const char *tmpdir, const char *nat_mode) { NMConnection *connection; NMSettingVPN *s_vpn; NMConnection *reimported; char *path; gboolean success; GError *error = NULL; int ret; connection = get_basic_connection ("nat-export", plugin, dir, "basic.pcf"); ASSERT (connection != NULL, "nat-export", "failed to import connection"); s_vpn = nm_connection_get_setting_vpn (connection); ASSERT (s_vpn != NULL, "nat-export", "imported connection had no VPN setting"); nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE, nat_mode); path = g_build_path ("/", tmpdir, NAT_EXPORTED_NAME, NULL); success = nm_vpn_plugin_ui_interface_export (plugin, path, connection, &error); if (!success) { if (!error) FAIL ("nat-export", "export failed with missing error"); else FAIL ("nat-export", "export failed: %s", error->message); } /* Now re-import it and compare the connections to ensure they are the same */ reimported = get_basic_connection ("nat-export", plugin, tmpdir, NAT_EXPORTED_NAME); ret = unlink (path); ASSERT (connection != NULL, "nat-export", "failed to re-import connection"); /* Clear secrets first, since they don't get exported, and thus would * make the connection comparison below fail. */ remove_user_password (connection); /* Since we don't export the user password, but the original connection * had one, we need to add secret flags to the re-imported connection. */ s_vpn = nm_connection_get_setting_vpn (reimported); nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_VPNC_KEY_SECRET, NM_SETTING_SECRET_FLAG_AGENT_OWNED, NULL); ASSERT (nm_connection_compare (connection, reimported, NM_SETTING_COMPARE_FLAG_EXACT) == TRUE, "nat-export", "original and reimported connection differ"); g_object_unref (reimported); g_object_unref (connection); g_free (path); }
static gboolean real_need_secrets (NMVpnServicePlugin *plugin, NMConnection *connection, const char **setting_name, GError **error) { NMSettingVpn *s_vpn; NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; g_return_val_if_fail (NM_IS_VPN_SERVICE_PLUGIN (plugin), FALSE); g_return_val_if_fail (NM_IS_CONNECTION (connection), FALSE); s_vpn = nm_connection_get_setting_vpn (connection); nm_setting_get_secret_flags (NM_SETTING (s_vpn), NM_SSTP_KEY_PASSWORD, &flags, NULL); /* Don't need the password if it's not required */ if (flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) return FALSE; /* Don't need the password if we already have one */ if (nm_setting_vpn_get_secret (NM_SETTING_VPN (s_vpn), NM_SSTP_KEY_PASSWORD)) return FALSE; /* Otherwise we need a password */ *setting_name = NM_SETTING_VPN_SETTING_NAME; return TRUE; }
static void test_non_utf8_import (NMVpnPluginUiInterface *plugin, const char *dir) { NMConnection *connection; NMSettingConnection *s_con; NMSettingVPN *s_vpn; const char *expected_id = "Att äta en ko"; const char *charset = NULL; /* Change charset to ISO-8859-15 to match iso885915.pcf */ g_get_charset (&charset); setlocale (LC_ALL, "de_DE@euro"); connection = get_basic_connection ("non-utf8-import", plugin, dir, "iso885915.pcf"); setlocale (LC_ALL, charset); ASSERT (connection != NULL, "non-utf8-import", "failed to import connection"); /* Connection setting */ s_con = nm_connection_get_setting_connection (connection); ASSERT (s_con != NULL, "non-utf8-import", "missing 'connection' setting"); ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0, "non-utf8-import", "unexpected connection ID"); ASSERT (nm_setting_connection_get_uuid (s_con) == NULL, "non-utf8-import", "unexpected valid UUID"); /* VPN setting */ s_vpn = nm_connection_get_setting_vpn (connection); ASSERT (s_vpn != NULL, "non-utf8-import", "missing 'vpn' setting"); g_object_unref (connection); }
static gboolean write_connection_to_child (int fd, NMConnection *connection, GError **error) { NMSettingVPN *s_vpn; WriteItemInfo info = { .fd = fd, .secret = FALSE, .error = error }; s_vpn = nm_connection_get_setting_vpn (connection); if (!s_vpn) { g_set_error_literal (error, NM_SECRET_AGENT_ERROR, NM_SECRET_AGENT_ERROR_INTERNAL_ERROR, "Connection had no VPN setting"); return FALSE; } nm_setting_vpn_foreach_data_item (s_vpn, write_one_key_val, &info); if (error && *error) return FALSE; info.secret = TRUE; nm_setting_vpn_foreach_secret (s_vpn, write_one_key_val, &info); if (error && *error) return FALSE; if (!write_item (fd, "DONE\n\n", error)) return FALSE; return TRUE; }
CEPage * ce_page_vpn_new (NMConnectionEditor *editor, NMConnection *connection, GtkWindow *parent_window, NMClient *client, const char **out_secrets_setting_name, GError **error) { CEPageVpn *self; CEPageVpnPrivate *priv; const char *service_type; GError *local = NULL; self = CE_PAGE_VPN (ce_page_new (CE_TYPE_PAGE_VPN, editor, connection, parent_window, client, NULL, NULL, _("VPN"))); if (!self) { g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("Could not load VPN user interface.")); return NULL; } priv = CE_PAGE_VPN_GET_PRIVATE (self); priv->setting = nm_connection_get_setting_vpn (connection); g_assert (priv->setting); service_type = nm_setting_vpn_get_service_type (priv->setting); g_assert (service_type); priv->service_type = g_strdup (service_type); priv->plugin = vpn_get_plugin_by_service (service_type); if (!priv->plugin) { g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("Could not find VPN plugin for “%s”."), service_type); g_object_unref (self); return NULL; } priv->plugin = g_object_ref (priv->plugin); priv->editor = nm_vpn_editor_plugin_get_editor (priv->plugin, CE_PAGE (self)->connection, &local); if (!priv->editor) { g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("Could not load editor VPN plugin for “%s” (%s)."), service_type, local ? local->message : _("unknown failure")); g_clear_error (&local); g_object_unref (self); return NULL; } g_signal_connect (self, "initialized", G_CALLBACK (finish_setup), NULL); *out_secrets_setting_name = NM_SETTING_VPN_SETTING_NAME; return CE_PAGE (self); }
NMVpnEditor * nm_vpnc_editor_new (NMConnection *connection, GError **error) { NMVpnEditor *object; VpncEditorPrivate *priv; char *ui_file; NMSettingVpn *s_vpn; gboolean is_new = TRUE; if (error) g_return_val_if_fail (*error == NULL, NULL); object = g_object_new (VPNC_TYPE_EDITOR, NULL); if (!object) { g_set_error (error, NMV_EDITOR_PLUGIN_ERROR, NMV_EDITOR_PLUGIN_ERROR_FAILED, "could not create vpnc object"); return NULL; } priv = VPNC_EDITOR_GET_PRIVATE (object); ui_file = g_strdup_printf ("%s/%s", UIDIR, "nm-vpnc-dialog.ui"); priv->builder = gtk_builder_new (); gtk_builder_set_translation_domain (priv->builder, GETTEXT_PACKAGE); if (!gtk_builder_add_from_file (priv->builder, ui_file, error)) { g_warning ("Couldn't load builder file: %s", error && *error ? (*error)->message : "(unknown)"); g_clear_error (error); g_set_error (error, NMV_EDITOR_PLUGIN_ERROR, NMV_EDITOR_PLUGIN_ERROR_FAILED, "could not load required resources at %s", ui_file); g_free (ui_file); g_object_unref (object); return NULL; } g_free (ui_file); priv->widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "vpnc-vbox")); if (!priv->widget) { g_set_error (error, NMV_EDITOR_PLUGIN_ERROR, NMV_EDITOR_PLUGIN_ERROR_FAILED, "could not load UI widget"); g_object_unref (object); return NULL; } g_object_ref_sink (priv->widget); s_vpn = nm_connection_get_setting_vpn (connection); if (s_vpn) nm_setting_vpn_foreach_data_item (s_vpn, is_new_func, &is_new); if (!init_plugin_ui (VPNC_EDITOR (object), connection, is_new, error)) { g_object_unref (object); return NULL; } return object; }
static NMVpnPluginUiWidgetInterface * nm_vpn_plugin_ui_widget_interface_new (NMConnection *connection, GError **error) { NMVpnPluginUiWidgetInterface *object; OpenswanPluginUiWidgetPrivate *priv; char *ui_file; NMSettingVPN *s_vpn; gboolean is_new = TRUE; if (error) g_return_val_if_fail (*error == NULL, NULL); object = NM_VPN_PLUGIN_UI_WIDGET_INTERFACE (g_object_new (OPENSWAN_TYPE_PLUGIN_UI_WIDGET, NULL)); if (!object) { g_set_error (error, OPENSWAN_PLUGIN_UI_ERROR, 0, "could not create openswan object"); return NULL; } priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (object); ui_file = g_strdup_printf ("%s/%s", UIDIR, "nm-openswan-dialog.ui"); priv->builder = gtk_builder_new (); g_assert (priv->builder); gtk_builder_set_translation_domain (priv->builder, GETTEXT_PACKAGE); if (!gtk_builder_add_from_file (priv->builder, ui_file, error)) { g_warning ("Couldn't load builder file: %s", error && *error ? (*error)->message : "(unknown)"); g_clear_error (error); g_set_error (error, OPENSWAN_PLUGIN_UI_ERROR, 0, "could not load required resources at %s", ui_file); g_free (ui_file); g_object_unref (object); return NULL; } g_free (ui_file); priv->widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "openswan-vbox")); if (!priv->widget) { g_set_error (error, OPENSWAN_PLUGIN_UI_ERROR, 0, "could not load UI widget"); g_object_unref (object); return NULL; } g_object_ref_sink (priv->widget); s_vpn = nm_connection_get_setting_vpn (connection); if (s_vpn) nm_setting_vpn_foreach_data_item (s_vpn, is_new_func, &is_new); if (!init_plugin_ui (OPENSWAN_PLUGIN_UI_WIDGET (object), connection, is_new, error)) { g_object_unref (object); return NULL; } return object; }
static void import_cb (NMConnection *connection, gpointer user_data) { NewVpnInfo *info = (NewVpnInfo *) user_data; NMSettingConnection *s_con; NMSettingVPN *s_vpn; const char *service_type; char *s; GError *error = NULL; /* Basic sanity checks of the connection */ s_con = nm_connection_get_setting_connection (connection); if (!s_con) { s_con = NM_SETTING_CONNECTION (nm_setting_connection_new ()); nm_connection_add_setting (connection, NM_SETTING (s_con)); } s = (char *) nm_setting_connection_get_id (s_con); if (!s) { GSList *connections; connections = nm_remote_settings_list_connections (info->settings); s = ce_page_get_next_available_name (connections, _("VPN connection %d")); g_object_set (s_con, NM_SETTING_CONNECTION_ID, s, NULL); g_free (s); g_slist_free (connections); } s = (char *) nm_setting_connection_get_connection_type (s_con); if (!s || strcmp (s, NM_SETTING_VPN_SETTING_NAME)) g_object_set (s_con, NM_SETTING_CONNECTION_TYPE, NM_SETTING_VPN_SETTING_NAME, NULL); s = (char *) nm_setting_connection_get_uuid (s_con); if (!s) { s = nm_utils_uuid_generate (); g_object_set (s_con, NM_SETTING_CONNECTION_UUID, s, NULL); g_free (s); } s_vpn = nm_connection_get_setting_vpn (connection); service_type = s_vpn ? nm_setting_vpn_get_service_type (s_vpn) : NULL; if (!service_type || !strlen (service_type)) { g_object_unref (connection); connection = NULL; error = g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC, _("The VPN plugin failed to import the VPN connection correctly\n\nError: no VPN service type.")); } info->result_func (connection, FALSE, error, info->user_data); g_clear_error (&error); g_object_unref (info->settings); g_slice_free (NewVpnInfo, info); }
static void remove_user_password (NMConnection *connection) { NMSettingVPN *s_vpn; s_vpn = nm_connection_get_setting_vpn (connection); if (!s_vpn) return; if (nm_setting_vpn_get_secret (s_vpn, NM_VPNC_KEY_XAUTH_PASSWORD)) nm_setting_vpn_remove_secret (s_vpn, NM_VPNC_KEY_XAUTH_PASSWORD); }
GHashTable * advanced_dialog_new_hash_from_connection (NMConnection *connection, GError **error) { GHashTable *hash; NMSettingVpn *s_vpn; hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free); s_vpn = nm_connection_get_setting_vpn (connection); nm_setting_vpn_foreach_data_item (s_vpn, copy_values, hash); return hash; }
static gboolean handle_need_secrets (NMDBusSstpPpp *object, GDBusMethodInvocation *invocation, gpointer user_data) { NMSstpPlugin *self = NM_SSTP_PLUGIN (user_data); NMSstpPluginPrivate *priv = NM_SSTP_PLUGIN_GET_PRIVATE (self); NMSettingVpn *s_vpn; const char *user, *password, *domain; gchar *username; remove_timeout_handler (NM_SSTP_PLUGIN (user_data)); s_vpn = nm_connection_get_setting_vpn (priv->connection); g_assert (s_vpn); /* Username; try SSTP specific username first, then generic username */ user = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_USER); if (!user || !strlen (user)) user = nm_setting_vpn_get_user_name (s_vpn); if (!user || !strlen (user)) { g_dbus_method_invocation_return_error_literal (invocation, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION, _("Missing VPN username.")); return FALSE; } password = nm_setting_vpn_get_secret (s_vpn, NM_SSTP_KEY_PASSWORD); if (!password || !strlen (password)) { g_dbus_method_invocation_return_error_literal (invocation, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION, _("Missing or invalid VPN password.")); return FALSE;; } /* Domain is optional */ domain = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_DOMAIN); /* Success */ if (domain && strlen (domain)) username = g_strdup_printf ("%s\\%s", domain, user); else username = g_strdup (user); nmdbus_sstp_ppp_complete_need_secrets (object, invocation, username, password); g_free (username); return TRUE; }
CEPage * ce_page_vpn_new (NMConnection *connection, GtkWindow *parent_window, NMClient *client, NMRemoteSettings *settings, const char **out_secrets_setting_name, GError **error) { CEPageVpn *self; CEPageVpnPrivate *priv; const char *service_type; self = CE_PAGE_VPN (ce_page_new (CE_TYPE_PAGE_VPN, connection, parent_window, client, settings, NULL, NULL, _("VPN"))); if (!self) { g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("Could not load VPN user interface.")); return NULL; } priv = CE_PAGE_VPN_GET_PRIVATE (self); priv->setting = nm_connection_get_setting_vpn (connection); g_assert (priv->setting); service_type = nm_setting_vpn_get_service_type (priv->setting); g_assert (service_type); priv->service_type = g_strdup (service_type); priv->plugin = vpn_get_plugin_by_service (service_type); if (!priv->plugin) { g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("Could not find VPN plugin service for '%s'."), service_type); g_object_unref (self); return NULL; } g_signal_connect (self, "initialized", G_CALLBACK (finish_setup), NULL); *out_secrets_setting_name = NM_SETTING_VPN_SETTING_NAME; return CE_PAGE (self); }
static gboolean real_connect (NMVpnServicePlugin *plugin, NMConnection *connection, GError **error) { NMSstpPluginPrivate *priv = NM_SSTP_PLUGIN_GET_PRIVATE (plugin); NMSettingVpn *s_vpn; const char *gwaddr; const char *value; s_vpn = nm_connection_get_setting_vpn (connection); g_assert (s_vpn); gwaddr = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_GATEWAY); if (!gwaddr || !strlen (gwaddr)) { g_set_error_literal (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, _("Invalid or missing SSTP gateway.")); return FALSE; } /* Set the UUID of the connection */ value = nm_connection_get_uuid(connection); if (value && strlen(value)) nm_setting_vpn_add_data_item(s_vpn, NM_SSTP_KEY_UUID, value); if (!nm_sstp_properties_validate (s_vpn, error)) return FALSE; if (!nm_sstp_secrets_validate (s_vpn, error)) return FALSE; priv->connection = g_object_ref (connection); if (getenv ("NM_PPP_DUMP_CONNECTION") || debug) nm_connection_dump (connection); return nm_sstp_start_pppd_binary (NM_SSTP_PLUGIN (plugin), s_vpn, gwaddr, error); }
static void test_legacy_ike_port_1_import (NMVpnPluginUiInterface *plugin, const char *dir) { NMConnection *connection; NMSettingConnection *s_con; NMSettingVPN *s_vpn; GError *error = NULL; char *pcf; const char *expected_id = "Don't use Legacy IKE Port (500)"; const char *value; pcf = g_build_path ("/", dir, "use-legacy-ike-port-1.pcf", NULL); ASSERT (pcf != NULL, "use-legacy-ike-port-1", "failed to create pcf path"); connection = nm_vpn_plugin_ui_interface_import (plugin, pcf, &error); if (error) FAIL ("", "error importing %s: %s", pcf, error->message); ASSERT (connection != NULL, "use-legacy-ike-port-1", "error importing %s: (unknown)", pcf); /* Connection setting */ s_con = nm_connection_get_setting_connection (connection); ASSERT (s_con != NULL, "use-legacy-ike-port-1", "missing 'connection' setting"); ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0, "use-legacy-ike-port-1", "unexpected connection ID"); /* VPN setting */ s_vpn = nm_connection_get_setting_vpn (connection); ASSERT (s_vpn != NULL, "use-legacy-ike-port-1", "missing 'vpn' setting"); value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_LOCAL_PORT); ASSERT (value != NULL, "use-legacy-ike-port-1", "unexpected missing value for item %s", NM_VPNC_KEY_LOCAL_PORT); ASSERT (strcmp (value, "500") == 0, "use-legacy-ike-port-1", "unexpected value for item %s", NM_VPNC_KEY_LOCAL_PORT); g_free (pcf); }
gboolean nm_vpn_manager_activate_connection (NMVpnManager *manager, NMVpnConnection *vpn, GError **error) { NMConnection *connection; NMSettingVpn *s_vpn; NMVpnService *service; const char *service_name; NMDevice *device; g_return_val_if_fail (NM_IS_VPN_MANAGER (manager), FALSE); g_return_val_if_fail (NM_IS_VPN_CONNECTION (vpn), FALSE); g_return_val_if_fail (error != NULL, FALSE); g_return_val_if_fail (*error == NULL, FALSE); device = nm_active_connection_get_device (NM_ACTIVE_CONNECTION (vpn)); g_assert (device); if ( nm_device_get_state (device) != NM_DEVICE_STATE_ACTIVATED && nm_device_get_state (device) != NM_DEVICE_STATE_SECONDARIES) { g_set_error_literal (error, NM_VPN_MANAGER_ERROR, NM_VPN_MANAGER_ERROR_DEVICE_NOT_ACTIVE, "The base device for the VPN connection was not active."); return FALSE; } connection = nm_active_connection_get_connection (NM_ACTIVE_CONNECTION (vpn)); g_assert (connection); s_vpn = nm_connection_get_setting_vpn (connection); g_assert (s_vpn); service_name = nm_setting_vpn_get_service_type (s_vpn); g_assert (service_name); service = g_hash_table_lookup (NM_VPN_MANAGER_GET_PRIVATE (manager)->services, service_name); if (!service) { g_set_error (error, NM_VPN_MANAGER_ERROR, NM_VPN_MANAGER_ERROR_SERVICE_INVALID, "The VPN service '%s' was not installed.", service_name); return FALSE; } return nm_vpn_service_activate (service, vpn, error); }
static void test_nat_force_natt (NMVpnPluginUiInterface *plugin, const char *dir) { NMConnection *connection; NMSettingConnection *s_con; NMSettingVPN *s_vpn; GError *error = NULL; char *pcf; const char *expected_id = "Force NAT-T"; const char *value; pcf = g_build_path ("/", dir, "force-natt.pcf", NULL); ASSERT (pcf != NULL, "force-natt", "failed to create pcf path"); connection = nm_vpn_plugin_ui_interface_import (plugin, pcf, &error); if (error) FAIL ("force-natt", "error importing %s: %s", pcf, error->message); ASSERT (connection != NULL, "force-natt", "error importing %s: (unknown)", pcf); /* Connection setting */ s_con = nm_connection_get_setting_connection (connection); ASSERT (s_con != NULL, "force-natt", "missing 'connection' setting"); ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0, "force-natt", "unexpected connection ID"); /* VPN setting */ s_vpn = nm_connection_get_setting_vpn (connection); ASSERT (s_vpn != NULL, "force-natt", "missing 'vpn' setting"); value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE); ASSERT (value != NULL, "force-natt", "unexpected missing value for item %s", NM_VPNC_KEY_NAT_TRAVERSAL_MODE); ASSERT (strcmp (value, NM_VPNC_NATT_MODE_NATT_ALWAYS) == 0, "force-natt", "unexpected value for item %s", NM_VPNC_KEY_NAT_TRAVERSAL_MODE); g_free (pcf); }
void vpn_export (NMConnection *connection) { GtkWidget *dialog; NMVpnPluginUiInterface *plugin; NMSettingVPN *s_vpn = NULL; const char *service_type; const char *home_folder; s_vpn = nm_connection_get_setting_vpn (connection); service_type = s_vpn ? nm_setting_vpn_get_service_type (s_vpn) : NULL; if (!service_type) { g_warning ("%s: invalid VPN connection!", __func__); return; } dialog = gtk_file_chooser_dialog_new (_("Export VPN connection..."), NULL, GTK_FILE_CHOOSER_ACTION_SAVE, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, NULL); home_folder = g_get_home_dir (); gtk_file_chooser_set_current_folder (GTK_FILE_CHOOSER (dialog), home_folder); plugin = vpn_get_plugin_by_service (service_type); if (plugin) { char *suggested = NULL; suggested = nm_vpn_plugin_ui_interface_get_suggested_name (plugin, connection); if (suggested) { gtk_file_chooser_set_current_name (GTK_FILE_CHOOSER (dialog), suggested); g_free (suggested); } } g_signal_connect (G_OBJECT (dialog), "close", G_CALLBACK (gtk_widget_destroy), NULL); g_signal_connect (G_OBJECT (dialog), "response", G_CALLBACK (export_vpn_to_file_cb), g_object_ref (connection)); gtk_widget_show_all (dialog); gtk_window_present (GTK_WINDOW (dialog)); }
gboolean vpn_supports_ipv6 (NMConnection *connection) { NMSettingVPN *s_vpn; const char *service_type; NMVpnPluginUiInterface *plugin; guint32 capabilities; s_vpn = nm_connection_get_setting_vpn (connection); g_return_val_if_fail (s_vpn != NULL, FALSE); service_type = nm_setting_vpn_get_service_type (s_vpn); g_return_val_if_fail (service_type != NULL, FALSE); plugin = vpn_get_plugin_by_service (service_type); g_return_val_if_fail (plugin != NULL, FALSE); capabilities = nm_vpn_plugin_ui_interface_get_capabilities (plugin); return (capabilities & NM_VPN_PLUGIN_UI_CAPABILITY_IPV6) != 0; }
gboolean vpn_supports_ipv6 (NMConnection *connection) { NMSettingVpn *s_vpn; const char *service_type; NMVpnEditorPlugin *plugin; guint32 capabilities; s_vpn = nm_connection_get_setting_vpn (connection); g_return_val_if_fail (s_vpn != NULL, FALSE); service_type = nm_setting_vpn_get_service_type (s_vpn); g_return_val_if_fail (service_type != NULL, FALSE); plugin = vpn_get_plugin_by_service (service_type); if (!plugin) return FALSE; capabilities = nm_vpn_editor_plugin_get_capabilities (plugin); return (capabilities & NM_VPN_EDITOR_PLUGIN_CAPABILITY_IPV6) != 0; }
static void test_always_ask (NMVpnPluginUiInterface *plugin, const char *dir) { NMConnection *connection; NMSettingConnection *s_con; NMSettingVPN *s_vpn; GError *error = NULL; char *pcf; const char *expected_id = "Always Ask For Password"; const char *value; pcf = g_build_path ("/", dir, "always-ask.pcf", NULL); ASSERT (pcf != NULL, "always-ask", "failed to create pcf path"); connection = nm_vpn_plugin_ui_interface_import (plugin, pcf, &error); if (error) FAIL ("always-ask", "error importing %s: %s", pcf, error->message); ASSERT (connection != NULL, "always-ask", "error importing %s: (unknown)", pcf); /* Connection setting */ s_con = nm_connection_get_setting_connection (connection); ASSERT (s_con != NULL, "always-ask", "missing 'connection' setting"); ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0, "always-ask", "unexpected connection ID"); /* VPN setting */ s_vpn = nm_connection_get_setting_vpn (connection); ASSERT (s_vpn != NULL, "always-ask", "missing 'vpn' setting"); value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_XAUTH_PASSWORD_TYPE); ASSERT (value == NULL, "always-ask", "unexpected value for item %s", NM_VPNC_KEY_XAUTH_PASSWORD_TYPE); g_free (pcf); }
static gboolean init_plugin_ui (VpncEditor *self, NMConnection *connection, gboolean new_connection, GError **error) { VpncEditorPrivate *priv = VPNC_EDITOR_GET_PRIVATE (self); NMSettingConnection *s_con = NULL; NMSettingVpn *s_vpn = NULL; GtkWidget *widget; GtkListStore *store; GtkTreeIter iter; const char *value = NULL; int active = -1; const char *natt_mode = NULL; const char *ike_dh_group = NULL; const char *vendor = NULL; const char *pfs_group = NULL; gboolean enabled = FALSE; GtkFileFilter *filter; if (connection) { s_con = nm_connection_get_setting_connection (connection); s_vpn = nm_connection_get_setting_vpn (connection); } priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "gateway_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_GATEWAY); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "group_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_ID); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "encryption_combo")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); store = gtk_list_store_new (1, G_TYPE_STRING); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Secure (default)"), -1); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Weak (use with caution)"), -1); if (s_vpn && (active < 0)) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_SINGLE_DES); if (value && !strcmp (value, "yes")) active = 1; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("None (completely insecure)"), -1); if (s_vpn && (active < 0)) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NO_ENCRYPTION); if (value && !strcmp (value, "yes")) active = 2; } gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); g_object_unref (store); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Fill the VPN passwords *before* initializing the PW type combos, since * knowing if there are passwords when initializing the combos is helpful. */ setup_password_widget (self, "user_password_entry", s_vpn, NM_VPNC_KEY_XAUTH_PASSWORD, new_connection); setup_password_widget (self, "group_password_entry", s_vpn, NM_VPNC_KEY_SECRET, new_connection); init_password_icon (self, s_vpn, NM_VPNC_KEY_XAUTH_PASSWORD, NM_VPNC_KEY_XAUTH_PASSWORD_TYPE, "user_password_entry"); init_password_icon (self, s_vpn, NM_VPNC_KEY_SECRET, NM_VPNC_KEY_SECRET_TYPE, "group_password_entry"); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_XAUTH_USER); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "domain_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_DOMAIN); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Vendor combo */ active = -1; store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING); if (s_vpn) vendor = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_VENDOR); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Cisco (default)"), 1, NM_VPNC_VENDOR_CISCO, -1); if ((active < 0) && vendor) { if (!strcmp (vendor, NM_VPNC_VENDOR_CISCO)) active = 0; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Netscreen"), 1, NM_VPNC_VENDOR_NETSCREEN, -1); if ((active < 0) && vendor) { if (!strcmp (vendor, NM_VPNC_VENDOR_NETSCREEN)) active = 1; } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "vendor_combo")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); g_object_unref (store); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Application version */ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "application_version_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_APP_VERSION); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Interface name */ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "interface_name_entry")); g_return_val_if_fail (widget != NULL, FALSE); if (s_con) { value = nm_setting_connection_get_interface_name (s_con); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); active = -1; store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING); if (s_vpn) natt_mode = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("NAT-T when available (default)"), 1, NM_VPNC_NATT_MODE_NATT, -1); if ((active < 0) && natt_mode) { if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NATT)) active = 0; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("NAT-T always"), 1, NM_VPNC_NATT_MODE_NATT_ALWAYS, -1); if ((active < 0) && natt_mode) { if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NATT_ALWAYS)) active = 1; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Cisco UDP"), 1, NM_VPNC_NATT_MODE_CISCO, -1); if ((active < 0) && natt_mode) { if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_CISCO)) active = 2; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Disabled"), 1, NM_VPNC_NATT_MODE_NONE, -1); if ((active < 0) && natt_mode) { if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NONE)) active = 3; } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "natt_combo")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); g_object_unref (store); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); active = -1; store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING); if (s_vpn) ike_dh_group = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_DHGROUP); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 1"), 1, NM_VPNC_DHGROUP_DH1, -1); if ((active < 0) && ike_dh_group) { if (!strcmp (ike_dh_group, NM_VPNC_DHGROUP_DH1)) active = 0; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 2 (default)"), 1, NM_VPNC_DHGROUP_DH2, -1); if ((active < 0) && ike_dh_group) { if (!strcmp (ike_dh_group, NM_VPNC_DHGROUP_DH2)) active = 1; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 5"), 1, NM_VPNC_DHGROUP_DH5, -1); if ((active < 0) && ike_dh_group) { if (!strcmp (ike_dh_group, NM_VPNC_DHGROUP_DH5)) active = 2; } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "dhgroup_combo")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); g_object_unref (store); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 1 : active); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Local Port */ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "local_port_spinbutton")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_LOCAL_PORT); if (value) { long int tmp; errno = 0; tmp = strtol (value, NULL, 10); if (errno != 0 || tmp < 0 || tmp > 65535) tmp = 0; widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "local_port_spinbutton")); gtk_spin_button_set_value (GTK_SPIN_BUTTON (widget), (gdouble) tmp); } } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (spinbutton_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dpd_checkbutton")); g_return_val_if_fail (widget != NULL, FALSE); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_DPD_IDLE_TIMEOUT); if (value) { long int tmp; errno = 0; tmp = strtol (value, NULL, 10); if (tmp >= 0 && tmp <= G_MAXUINT32 && errno == 0) priv->orig_dpd_timeout = (guint32) tmp; if (priv->orig_dpd_timeout == 0) gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); } } g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self); /* Perfect Forward Secrecy combo */ active = -1; store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING); if (s_vpn) pfs_group = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_PERFECT_FORWARD); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Server (default)"), 1, NM_VPNC_PFS_SERVER, -1); if ((active < 0) && pfs_group) { if (!strcmp (pfs_group, NM_VPNC_PFS_SERVER)) active = 0; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("None"), 1, NM_VPNC_PFS_NOPFS, -1); if ((active < 0) && pfs_group) { if (!strcmp (pfs_group, NM_VPNC_PFS_NOPFS)) active = 1; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 1"), 1, NM_VPNC_PFS_DH1, -1); if ((active < 0) && pfs_group) { if (!strcmp (pfs_group, NM_VPNC_PFS_DH1)) active = 2; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 2"), 1, NM_VPNC_PFS_DH2, -1); if ((active < 0) && pfs_group) { if (!strcmp (pfs_group, NM_VPNC_PFS_DH2)) active = 3; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 5"), 1, NM_VPNC_PFS_DH5, -1); if ((active < 0) && pfs_group) { if (!strcmp (pfs_group, NM_VPNC_PFS_DH5)) active = 4; } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "pfsecrecy_combo")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); g_object_unref (store); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "show_passwords_checkbutton")); g_return_val_if_fail (widget != NULL, FALSE); g_signal_connect (G_OBJECT (widget), "toggled", (GCallback) show_toggled_cb, self); /* hybrid auth */ enabled = FALSE; widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "hybrid_checkbutton")); g_return_val_if_fail (widget != NULL, FALSE); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_AUTHMODE); if (value && !strcmp("hybrid", value)) { gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); enabled = TRUE; } } g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (hybrid_toggled_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "ca_file_chooser")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, widget); gtk_widget_set_sensitive (widget, enabled); gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE); gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget), _("Choose a Certificate Authority (CA) certificate…")); filter = gtk_file_filter_new (); gtk_file_filter_add_custom (filter, GTK_FILE_FILTER_FILENAME, cert_filter, NULL, NULL); gtk_file_filter_set_name (filter, _("PEM certificates (*.pem, *.crt, *.cer)")); gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_CA_FILE); if (value && strlen (value)) gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); } g_signal_connect (G_OBJECT (widget), "file-set", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "cafile_label")); g_return_val_if_fail (widget != NULL, FALSE); gtk_widget_set_sensitive (widget, enabled); /* advanced dialog */ priv->advanced_dialog = GTK_WIDGET (gtk_builder_get_object (priv->builder, "vpnc-advanced-dialog")); g_return_val_if_fail (priv->advanced_dialog != NULL, FALSE); g_signal_connect (G_OBJECT (priv->advanced_dialog), "delete-event", G_CALLBACK (gtk_widget_hide_on_delete), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "advanced_button")); g_return_val_if_fail (widget != NULL, FALSE); g_signal_connect (G_OBJECT (widget), "clicked", (GCallback) toggle_advanced_dialog_cb, self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "apply_button")); g_return_val_if_fail (widget != NULL, FALSE); g_signal_connect (G_OBJECT (widget), "clicked", (GCallback) toggle_advanced_dialog_cb, self); return TRUE; }
static gboolean vpn_openconnect_get_secrets (NMConnection *connection, GPtrArray *secrets) { GError *error = NULL; NMSettingVpn *s_vpn; const char *vpn_type, *gw, *port; char *cookie = NULL; char *gateway = NULL; char *gwcert = NULL; int status = 0; int i; gboolean ret; if (!connection) return FALSE; if (!nm_connection_is_type (connection, NM_SETTING_VPN_SETTING_NAME)) return FALSE; s_vpn = nm_connection_get_setting_vpn (connection); vpn_type = nm_setting_vpn_get_service_type (s_vpn); if (g_strcmp0 (vpn_type, NM_DBUS_INTERFACE ".openconnect")) return FALSE; /* Get gateway and port */ gw = nm_setting_vpn_get_data_item (s_vpn, "gateway"); port = gw ? strrchr (gw, ':') : NULL; /* Interactively authenticate to OpenConnect server and get secrets */ ret = nm_vpn_openconnect_authenticate_helper (gw, &cookie, &gateway, &gwcert, &status, &error); if (!ret) { g_printerr (_("Error: openconnect failed: %s\n"), error->message); g_clear_error (&error); return FALSE; } if (WIFEXITED (status)) { if (WEXITSTATUS (status) != 0) g_printerr (_("Error: openconnect failed with status %d\n"), WEXITSTATUS (status)); } else if (WIFSIGNALED (status)) g_printerr (_("Error: openconnect failed with signal %d\n"), WTERMSIG (status)); /* Append port to the host value */ if (gateway && port) { char *tmp = gateway; gateway = g_strdup_printf ("%s%s", gateway, port); g_free (tmp); } /* Fill secrets to the array */ for (i = 0; i < secrets->len; i++) { NMSecretAgentSimpleSecret *secret = secrets->pdata[i]; if (!g_strcmp0 (secret->vpn_type, vpn_type)) { if (!g_strcmp0 (secret->vpn_property, "cookie")) { g_free (secret->value); secret->value = cookie; cookie = NULL; } else if (!g_strcmp0 (secret->vpn_property, "gateway")) { g_free (secret->value); secret->value = gateway; gateway = NULL; } else if (!g_strcmp0 (secret->vpn_property, "gwcert")) { g_free (secret->value); secret->value = gwcert; gwcert = NULL; } } } g_free (cookie); g_free (gateway); g_free (gwcert); return TRUE; }
static void test_basic_import (NMVpnPluginUiInterface *plugin, const char *dir) { NMConnection *connection; NMSettingConnection *s_con; NMSettingIP4Config *s_ip4; NMSettingVPN *s_vpn; NMIP4Route *route; struct in_addr tmp; const char *expected_id = "Basic VPN"; const char *expected_route1_dest = "10.0.0.0"; const char *expected_route1_gw = "0.0.0.0"; const char *expected_route2_dest = "172.16.0.0"; const char *expected_route2_gw = "0.0.0.0"; connection = get_basic_connection ("basic-import", plugin, dir, "basic.pcf"); ASSERT (connection != NULL, "basic-import", "failed to import connection"); /* Connection setting */ s_con = nm_connection_get_setting_connection (connection); ASSERT (s_con != NULL, "basic-import", "missing 'connection' setting"); ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0, "basic-import", "unexpected connection ID"); ASSERT (nm_setting_connection_get_uuid (s_con) == NULL, "basic-import", "unexpected valid UUID"); /* IP4 setting */ s_ip4 = nm_connection_get_setting_ip4_config (connection); ASSERT (s_ip4 != NULL, "basic-import", "missing 'ip4-config' setting"); ASSERT (nm_setting_ip4_config_get_num_addresses (s_ip4) == 0, "basic-import", "unexpected addresses"); ASSERT (nm_setting_ip4_config_get_never_default (s_ip4) == TRUE, "basic-import", "never-default unexpectedly FALSE"); ASSERT (nm_setting_ip4_config_get_method (s_ip4) == NULL, "basic-import", "unexpected IPv4 method"); ASSERT (nm_setting_ip4_config_get_dhcp_client_id (s_ip4) == NULL, "basic-import", "unexpected valid DHCP client ID"); ASSERT (nm_setting_ip4_config_get_dhcp_hostname (s_ip4) == NULL, "basic-import", "unexpected valid DHCP hostname"); ASSERT (nm_setting_ip4_config_get_num_dns_searches (s_ip4) == 0, "basic-import", "unexpected DNS searches"); ASSERT (nm_setting_ip4_config_get_num_dns (s_ip4) == 0, "basic-import", "unexpected DNS servers"); ASSERT (nm_setting_ip4_config_get_num_routes (s_ip4) == 2, "basic-import", "unexpected number of routes"); /* Route #1 */ route = nm_setting_ip4_config_get_route (s_ip4, 0); ASSERT (inet_pton (AF_INET, expected_route1_dest, &tmp) > 0, "basic-import", "couldn't convert expected route destination #1"); ASSERT (nm_ip4_route_get_dest (route) == tmp.s_addr, "basic-import", "unexpected route #1 destination"); ASSERT (inet_pton (AF_INET, expected_route1_gw, &tmp) > 0, "basic-import", "couldn't convert expected route next hop #1"); ASSERT (nm_ip4_route_get_next_hop (route) == tmp.s_addr, "basic-import", "unexpected route #1 next hop"); ASSERT (nm_ip4_route_get_prefix (route) == 8, "basic-import", "unexpected route #1 prefix"); ASSERT (nm_ip4_route_get_metric (route) == 0, "basic-import", "unexpected route #1 metric"); /* Route #2 */ route = nm_setting_ip4_config_get_route (s_ip4, 1); ASSERT (inet_pton (AF_INET, expected_route2_dest, &tmp) > 0, "basic-import", "couldn't convert expected route destination #2"); ASSERT (nm_ip4_route_get_dest (route) == tmp.s_addr, "basic-import", "unexpected route #2 destination"); ASSERT (inet_pton (AF_INET, expected_route2_gw, &tmp) > 0, "basic-import", "couldn't convert expected route next hop #2"); ASSERT (nm_ip4_route_get_next_hop (route) == tmp.s_addr, "basic-import", "unexpected route #2 next hop"); ASSERT (nm_ip4_route_get_prefix (route) == 16, "basic-import", "unexpected route #2 prefix"); ASSERT (nm_ip4_route_get_metric (route) == 0, "basic-import", "unexpected route #2 metric"); /* VPN setting */ s_vpn = nm_connection_get_setting_vpn (connection); ASSERT (s_vpn != NULL, "basic-import", "missing 'vpn' setting"); /* Data items */ test_items ("basic-import-data", s_vpn, &basic_items[0], FALSE); /* Secrets */ test_items ("basic-import-secrets", s_vpn, &basic_secrets[0], TRUE); g_object_unref (connection); }
static void export_vpn_to_file_cb (GtkWidget *dialog, gint response, gpointer user_data) { NMConnection *connection = NM_CONNECTION (user_data); char *filename = NULL; GError *error = NULL; NMVpnPluginUiInterface *plugin; NMSettingConnection *s_con = NULL; NMSettingVPN *s_vpn = NULL; const char *service_type; const char *id = NULL; gboolean success = FALSE; if (response != GTK_RESPONSE_ACCEPT) goto out; filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (dialog)); if (!filename) { g_set_error (&error, G_IO_ERROR, G_IO_ERROR_FAILED, "no filename"); goto done; } if (g_file_test (filename, G_FILE_TEST_EXISTS)) { int replace_response; GtkWidget *replace_dialog; char *bname; bname = g_path_get_basename (filename); replace_dialog = gtk_message_dialog_new (NULL, GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_QUESTION, GTK_BUTTONS_CANCEL, _("A file named \"%s\" already exists."), bname); gtk_dialog_add_buttons (GTK_DIALOG (replace_dialog), _("_Replace"), GTK_RESPONSE_OK, NULL); gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (replace_dialog), _("Do you want to replace %s with the VPN connection you are saving?"), bname); g_free (bname); replace_response = gtk_dialog_run (GTK_DIALOG (replace_dialog)); gtk_widget_destroy (replace_dialog); if (replace_response != GTK_RESPONSE_OK) goto out; } s_con = nm_connection_get_setting_connection (connection); id = s_con ? nm_setting_connection_get_id (s_con) : NULL; if (!id) { g_set_error (&error, G_IO_ERROR, G_IO_ERROR_FAILED, "connection setting invalid"); goto done; } s_vpn = nm_connection_get_setting_vpn (connection); service_type = s_vpn ? nm_setting_vpn_get_service_type (s_vpn) : NULL; if (!service_type) { g_set_error (&error, G_IO_ERROR, G_IO_ERROR_FAILED, "VPN setting invalid"); goto done; } plugin = vpn_get_plugin_by_service (service_type); if (plugin) success = nm_vpn_plugin_ui_interface_export (plugin, filename, connection, &error); done: if (!success) { GtkWidget *err_dialog; char *bname = filename ? g_path_get_basename (filename) : g_strdup ("(none)"); err_dialog = gtk_message_dialog_new (NULL, GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR, GTK_BUTTONS_OK, _("Cannot export VPN connection")); gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (err_dialog), _("The VPN connection '%s' could not be exported to %s.\n\nError: %s."), id ? id : "(unknown)", bname, error ? error->message : "unknown error"); g_free (bname); g_signal_connect (err_dialog, "delete-event", G_CALLBACK (gtk_widget_destroy), NULL); g_signal_connect (err_dialog, "response", G_CALLBACK (gtk_widget_destroy), NULL); gtk_widget_show_all (err_dialog); gtk_window_present (GTK_WINDOW (err_dialog)); } out: if (error) g_error_free (error); g_object_unref (connection); gtk_widget_hide (dialog); gtk_widget_destroy (dialog); }
NMConnection * nm_keyfile_plugin_connection_from_file (const char *filename, GError **error) { GKeyFile *key_file; struct stat statbuf; gboolean bad_owner, bad_permissions; NMConnection *connection = NULL; NMSettingConnection *s_con; NMSetting *setting; gchar **groups; gsize length; int i; gboolean vpn_secrets = FALSE; const char *ctype; GError *verify_error = NULL; if (stat (filename, &statbuf) != 0 || !S_ISREG (statbuf.st_mode)) { g_set_error_literal (error, KEYFILE_PLUGIN_ERROR, 0, "File did not exist or was not a regular file"); return NULL; } bad_owner = getuid () != statbuf.st_uid; bad_permissions = statbuf.st_mode & 0077; if (bad_owner || bad_permissions) { g_set_error (error, KEYFILE_PLUGIN_ERROR, 0, "File permissions (%o) or owner (%d) were insecure", statbuf.st_mode, statbuf.st_uid); return NULL; } key_file = g_key_file_new (); if (!g_key_file_load_from_file (key_file, filename, G_KEY_FILE_NONE, error)) goto out; connection = nm_connection_new (); groups = g_key_file_get_groups (key_file, &length); for (i = 0; i < length; i++) { /* Only read out secrets when needed */ if (!strcmp (groups[i], VPN_SECRETS_GROUP)) { vpn_secrets = TRUE; continue; } setting = read_setting (key_file, filename, groups[i]); if (setting) nm_connection_add_setting (connection, setting); } /* Make sure that we have the base device type setting even if * the keyfile didn't include it, which can happen when the base * device type setting is all default values (like ethernet). */ s_con = nm_connection_get_setting_connection (connection); if (s_con) { ctype = nm_setting_connection_get_connection_type (s_con); setting = nm_connection_get_setting_by_name (connection, ctype); if (ctype) { if (!setting && !strcmp (ctype, NM_SETTING_WIRED_SETTING_NAME)) nm_connection_add_setting (connection, nm_setting_wired_new ()); } } /* Handle vpn secrets after the 'vpn' setting was read */ if (vpn_secrets) { NMSettingVPN *s_vpn; s_vpn = nm_connection_get_setting_vpn (connection); if (s_vpn) read_vpn_secrets (key_file, s_vpn); } g_strfreev (groups); /* Verify the connection */ if (!nm_connection_verify (connection, &verify_error)) { g_set_error (error, KEYFILE_PLUGIN_ERROR, 0, "invalid or missing connection property '%s/%s'", verify_error ? g_type_name (nm_connection_lookup_setting_type_by_quark (verify_error->domain)) : "(unknown)", (verify_error && verify_error->message) ? verify_error->message : "(unknown)"); g_clear_error (&verify_error); g_object_unref (connection); connection = NULL; g_warning ("Connection failed to verify: %s", verify_error ? g_type_name (nm_connection_lookup_setting_type_by_quark (verify_error->domain)) : "(unknown)"); } out: g_key_file_free (key_file); return connection; }
gboolean applet_vpn_request_get_secrets (SecretsRequest *req, GError **error) { VpnSecretsInfo *info = (VpnSecretsInfo *) req; AppletVpnRequestPrivate *priv; NMSettingConnection *s_con; NMSettingVPN *s_vpn; const char *connection_type; const char *service_type; char *bin_path; const char *argv[10]; gboolean success = FALSE; guint i = 0; applet_secrets_request_set_free_func (req, free_vpn_secrets_info); s_con = nm_connection_get_setting_connection (req->connection); g_return_val_if_fail (s_con != NULL, FALSE); connection_type = nm_setting_connection_get_connection_type (s_con); g_return_val_if_fail (connection_type != NULL, FALSE); g_return_val_if_fail (strcmp (connection_type, NM_SETTING_VPN_SETTING_NAME) == 0, FALSE); s_vpn = nm_connection_get_setting_vpn (req->connection); g_return_val_if_fail (s_vpn != NULL, FALSE); service_type = nm_setting_vpn_get_service_type (s_vpn); g_return_val_if_fail (service_type != NULL, FALSE); /* find the auth-dialog binary */ bin_path = find_auth_dialog_binary (service_type, error); if (!bin_path) return FALSE; info->vpn = (AppletVpnRequest *) g_object_new (APPLET_TYPE_VPN_REQUEST, NULL); if (!info->vpn) { g_set_error_literal (error, NM_SECRET_AGENT_ERROR, NM_SECRET_AGENT_ERROR_INTERNAL_ERROR, "Could not create VPN secrets request object"); goto out; } priv = APPLET_VPN_REQUEST_GET_PRIVATE (info->vpn); memset (argv, 0, sizeof (argv)); argv[i++] = bin_path; argv[i++] = "-u"; argv[i++] = nm_setting_connection_get_uuid (s_con); argv[i++] = "-n"; argv[i++] = nm_setting_connection_get_id (s_con); argv[i++] = "-s"; argv[i++] = service_type; if (req->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION) argv[i++] = "-i"; if (req->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW) argv[i++] = "-r"; if (!g_spawn_async_with_pipes (NULL, /* working_directory */ (gchar **) argv, /* argv */ NULL, /* envp */ G_SPAWN_DO_NOT_REAP_CHILD, /* flags */ vpn_child_setup, /* child_setup */ NULL, /* user_data */ &priv->pid, /* child_pid */ &priv->child_stdin, /* standard_input */ &priv->child_stdout, /* standard_output */ NULL, /* standard_error */ error)) /* error */ goto out; /* catch when child is reaped */ priv->watch_id = g_child_watch_add (priv->pid, child_finished_cb, info); /* listen to what child has to say */ priv->channel = g_io_channel_unix_new (priv->child_stdout); priv->channel_eventid = g_io_add_watch (priv->channel, G_IO_IN, child_stdout_data_cb, info); g_io_channel_set_encoding (priv->channel, NULL, NULL); /* Dump parts of the connection to the child */ success = write_connection_to_child (priv->child_stdin, req->connection, error); out: g_free (bin_path); return success; }
static gboolean init_plugin_ui (OpenswanPluginUiWidget *self, NMConnection *connection, gboolean new_connection, GError **error) { OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); NMSettingVPN *s_vpn = NULL; GtkWidget *widget; const char *value = NULL; s_vpn = nm_connection_get_setting_vpn (connection); priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "gateway_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_RIGHT); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "group_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_LEFTID); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Fill the VPN passwords *before* initializing the PW type combos, since * knowing if there are passwords when initializing the combos is helpful. */ setup_password_widget (self, "user_password_entry", s_vpn, NM_OPENSWAN_XAUTH_PASSWORD, new_connection); setup_password_widget (self, "group_password_entry", s_vpn, NM_OPENSWAN_PSK_VALUE, new_connection); init_one_pw_combo (self, s_vpn, "user_pass_type_combo", NM_OPENSWAN_XAUTH_PASSWORD, NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES, "user_password_entry"); init_one_pw_combo (self, s_vpn, "group_pass_type_combo", NM_OPENSWAN_PSK_VALUE, NM_OPENSWAN_PSK_INPUT_MODES, "group_password_entry"); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_LEFTXAUTHUSER); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Phase 1 Algorithms: IKE*/ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "phase1_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_IKE); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Phase 2 Algorithms: ESP*/ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "phase2_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_ESP); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "domain_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_DOMAIN); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "show_passwords_checkbutton")); g_return_val_if_fail (widget != NULL, FALSE); g_signal_connect (G_OBJECT (widget), "toggled", (GCallback) show_toggled_cb, self); return TRUE; }