static gboolean
real_need_secrets (NMVPNPlugin *plugin,
NMConnection *connection,
char **setting_name,
GError **error)
{
NMSetting *s_vpn;
NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
g_return_val_if_fail (NM_IS_VPN_PLUGIN (plugin), FALSE);
g_return_val_if_fail (NM_IS_CONNECTION (connection), FALSE);
s_vpn = nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
nm_setting_get_secret_flags (NM_SETTING (s_vpn), NM_L2TP_KEY_PASSWORD, &flags, NULL);
/* Don't need the password if it's not required */
if (flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)
return FALSE;
/* Don't need the password if we already have one */
if (nm_setting_vpn_get_secret (NM_SETTING_VPN (s_vpn), NM_L2TP_KEY_PASSWORD))
return FALSE;
/* Otherwise we need a password */
*setting_name = NM_SETTING_VPN_SETTING_NAME;
return TRUE;
}
NMVPNServiceState
nm_vpn_plugin_get_state (NMVPNPlugin *plugin)
{
g_return_val_if_fail (NM_IS_VPN_PLUGIN (plugin), NM_VPN_SERVICE_STATE_UNKNOWN);
return NM_VPN_PLUGIN_GET_PRIVATE (plugin)->state;
}
static gboolean
real_need_secrets (NMVPNPlugin *plugin,
NMConnection *connection,
char **setting_name,
GError **error)
{
NMSettingVPN *s_vpn;
gboolean need_secrets = FALSE;
g_return_val_if_fail (NM_IS_VPN_PLUGIN (plugin), FALSE);
g_return_val_if_fail (NM_IS_CONNECTION (connection), FALSE);
s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN));
if (!s_vpn) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID,
"%s",
"Could not process the request because the VPN connection settings were invalid.");
return FALSE;
}
if (!nm_setting_vpn_get_secret (s_vpn, NM_OPENSSH_KEY_PASSWORD))
need_secrets = TRUE;
if (need_secrets)
*setting_name = NM_SETTING_VPN_SETTING_NAME;
return need_secrets;
}
void
nm_vpn_plugin_set_config (NMVPNPlugin *plugin,
GHashTable *config)
{
NMVPNPluginPrivate *priv = NM_VPN_PLUGIN_GET_PRIVATE (plugin);
GValue *val;
g_return_if_fail (NM_IS_VPN_PLUGIN (plugin));
g_return_if_fail (config != NULL);
priv->got_config = TRUE;
val = g_hash_table_lookup (config, NM_VPN_PLUGIN_CONFIG_HAS_IP4);
if (val && g_value_get_boolean (val))
priv->has_ip4 = TRUE;
val = g_hash_table_lookup (config, NM_VPN_PLUGIN_CONFIG_HAS_IP6);
if (val && g_value_get_boolean (val))
priv->has_ip6 = TRUE;
/* Record the items that need to also be inserted into the
* ip4config, for compatibility with older daemons.
*/
_g_value_set (&priv->banner, g_hash_table_lookup (config, NM_VPN_PLUGIN_CONFIG_BANNER));
_g_value_set (&priv->tundev, g_hash_table_lookup (config, NM_VPN_PLUGIN_CONFIG_TUNDEV));
_g_value_set (&priv->gateway, g_hash_table_lookup (config, NM_VPN_PLUGIN_CONFIG_EXT_GATEWAY));
_g_value_set (&priv->mtu, g_hash_table_lookup (config, NM_VPN_PLUGIN_CONFIG_MTU));
g_signal_emit (plugin, signals[CONFIG], 0, config);
}
void
nm_vpn_plugin_failure (NMVPNPlugin *plugin,
NMVPNPluginFailure reason)
{
g_return_if_fail (NM_IS_VPN_PLUGIN (plugin));
g_signal_emit (plugin, signals[FAILURE], 0, reason);
}
static gboolean
impl_vpn_plugin_need_secrets (NMVPNPlugin *plugin,
GHashTable *properties,
char **setting_name,
GError **err)
{
gboolean ret = FALSE;
NMConnection *connection;
char *sn = NULL;
GError *ns_err = NULL;
gboolean needed = FALSE;
GError *cnfh_err = NULL;
g_return_val_if_fail (NM_IS_VPN_PLUGIN (plugin), FALSE);
g_return_val_if_fail (properties != NULL, FALSE);
connection = nm_connection_new_from_hash (properties, &cnfh_err);
if (!connection) {
g_set_error (err,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID,
"The connection was invalid: '%s' / '%s' invalid: %d.",
g_type_name (nm_connection_lookup_setting_type_by_quark (cnfh_err->domain)),
cnfh_err->message, cnfh_err->code);
g_error_free (cnfh_err);
return FALSE;
}
if (!NM_VPN_PLUGIN_GET_CLASS (plugin)->need_secrets) {
*setting_name = "";
ret = TRUE;
goto out;
}
needed = NM_VPN_PLUGIN_GET_CLASS (plugin)->need_secrets (plugin, connection, &sn, &ns_err);
if (ns_err) {
*err = g_error_copy (ns_err);
g_error_free (ns_err);
goto out;
}
ret = TRUE;
if (needed) {
/* Push back the quit timer so the VPN plugin doesn't quit in the
* middle of asking the user for secrets.
*/
schedule_quit_timer (plugin);
g_assert (sn);
*setting_name = g_strdup (sn);
} else {
/* No secrets required */
*setting_name = g_strdup ("");
}
out:
return ret;
}
void
nm_vpn_plugin_set_login_banner (NMVPNPlugin *plugin,
const char *banner)
{
g_return_if_fail (NM_IS_VPN_PLUGIN (plugin));
g_return_if_fail (banner != NULL);
g_signal_emit (plugin, signals[LOGIN_BANNER], 0, banner);
}
static gboolean
nm_vpn_plugin_connect (NMVPNPlugin *plugin,
NMConnection *connection,
GError **err)
{
NMVPNPluginPrivate *priv = NM_VPN_PLUGIN_GET_PRIVATE (plugin);
gboolean ret = FALSE;
NMVPNServiceState state;
g_return_val_if_fail (NM_IS_VPN_PLUGIN (plugin), FALSE);
state = nm_vpn_plugin_get_state (plugin);
switch (state) {
case NM_VPN_SERVICE_STATE_STARTING:
g_set_error (err,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_STARTING_IN_PROGRESS,
"%s",
"Could not process the request because the VPN connection is already being started.");
break;
case NM_VPN_SERVICE_STATE_STARTED:
g_set_error (err,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_ALREADY_STARTED,
"%s",
"Could not process the request because a VPN connection was already active.");
break;
case NM_VPN_SERVICE_STATE_STOPPING:
g_set_error (err,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_STOPPING_IN_PROGRESS,
"%s",
"Could not process the request because the VPN connection is being stopped.");
break;
case NM_VPN_SERVICE_STATE_STOPPED:
case NM_VPN_SERVICE_STATE_INIT:
nm_vpn_plugin_set_state (plugin, NM_VPN_SERVICE_STATE_STARTING);
ret = NM_VPN_PLUGIN_GET_CLASS (plugin)->connect (plugin, connection, err);
if (!ret) {
/* Stop the plugin from and idle handler so that the Connect
* method return gets sent before the STOP StateChanged signal.
*/
if (priv->fail_stop_id)
g_source_remove (priv->fail_stop_id);
priv->fail_stop_id = g_idle_add (fail_stop, plugin);
}
break;
default:
g_assert_not_reached ();
break;
}
return ret;
}
void
nm_vpn_plugin_set_ip4_config (NMVPNPlugin *plugin,
GHashTable *ip4_config)
{
g_return_if_fail (NM_IS_VPN_PLUGIN (plugin));
g_return_if_fail (ip4_config != NULL);
g_signal_emit (plugin, signals[IP4_CONFIG], 0, ip4_config);
nm_vpn_plugin_set_state (plugin, NM_VPN_SERVICE_STATE_STARTED);
}
void
nm_vpn_plugin_set_state (NMVPNPlugin *plugin,
NMVPNServiceState state)
{
NMVPNPluginPrivate *priv;
g_return_if_fail (NM_IS_VPN_PLUGIN (plugin));
priv = NM_VPN_PLUGIN_GET_PRIVATE (plugin);
if (priv->state != state) {
priv->state = state;
g_signal_emit (plugin, signals[STATE_CHANGED], 0, state);
}
}
DBusGConnection *
nm_vpn_plugin_get_connection (NMVPNPlugin *plugin)
{
DBusGConnection *connection;
g_return_val_if_fail (NM_IS_VPN_PLUGIN (plugin), NULL);
connection = NM_VPN_PLUGIN_GET_PRIVATE (plugin)->connection;
if (connection)
dbus_g_connection_ref (connection);
return connection;
}
void
nm_vpn_plugin_set_ip4_config (NMVPNPlugin *plugin,
GHashTable *ip4_config)
{
NMVPNPluginPrivate *priv = NM_VPN_PLUGIN_GET_PRIVATE (plugin);
GHashTable *combined_config;
GHashTableIter iter;
gpointer key, value;
g_return_if_fail (NM_IS_VPN_PLUGIN (plugin));
g_return_if_fail (ip4_config != NULL);
priv->got_ip4 = TRUE;
/* Old plugins won't send the "config" signal and thus can't send
* NM_VPN_PLUGIN_CONFIG_HAS_IP4 either. But since they don't support IPv6,
* we can safely assume that, if we don't receive a "config" signal but do
* receive an "ip4-config" signal, the old plugin supports IPv4.
*/
if (!priv->got_config)
priv->has_ip4 = TRUE;
/* Older NetworkManager daemons expect all config info to be in
* the ip4 config, so they won't even notice the "config" signal
* being emitted. So just copy all of that data into the ip4
* config too.
*/
combined_config = g_hash_table_new (g_str_hash, g_str_equal);
g_hash_table_iter_init (&iter, ip4_config);
while (g_hash_table_iter_next (&iter, &key, &value))
g_hash_table_insert (combined_config, key, value);
if (G_VALUE_TYPE (&priv->banner) != G_TYPE_INVALID)
g_hash_table_insert (combined_config, NM_VPN_PLUGIN_IP4_CONFIG_BANNER, &priv->banner);
if (G_VALUE_TYPE (&priv->tundev) != G_TYPE_INVALID)
g_hash_table_insert (combined_config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, &priv->tundev);
if (G_VALUE_TYPE (&priv->gateway) != G_TYPE_INVALID)
g_hash_table_insert (combined_config, NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY, &priv->gateway);
if (G_VALUE_TYPE (&priv->mtu) != G_TYPE_INVALID)
g_hash_table_insert (combined_config, NM_VPN_PLUGIN_IP4_CONFIG_MTU, &priv->mtu);
g_signal_emit (plugin, signals[IP4_CONFIG], 0, combined_config);
g_hash_table_destroy (combined_config);
if ( priv->has_ip4 == priv->got_ip4
&& priv->has_ip6 == priv->got_ip6)
nm_vpn_plugin_set_state (plugin, NM_VPN_SERVICE_STATE_STARTED);
}
void
nm_vpn_plugin_set_ip6_config (NMVPNPlugin *plugin,
GHashTable *ip6_config)
{
NMVPNPluginPrivate *priv = NM_VPN_PLUGIN_GET_PRIVATE (plugin);
g_return_if_fail (NM_IS_VPN_PLUGIN (plugin));
g_return_if_fail (ip6_config != NULL);
priv->got_ip6 = TRUE;
g_signal_emit (plugin, signals[IP6_CONFIG], 0, ip6_config);
if ( priv->has_ip4 == priv->got_ip4
&& priv->has_ip6 == priv->got_ip6)
nm_vpn_plugin_set_state (plugin, NM_VPN_SERVICE_STATE_STARTED);
}
gboolean
nm_vpn_plugin_disconnect (NMVPNPlugin *plugin, GError **err)
{
gboolean ret = FALSE;
NMVPNServiceState state;
g_return_val_if_fail (NM_IS_VPN_PLUGIN (plugin), FALSE);
state = nm_vpn_plugin_get_state (plugin);
switch (state) {
case NM_VPN_SERVICE_STATE_STOPPING:
g_set_error (err,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_STOPPING_IN_PROGRESS,
"%s",
"Could not process the request because the VPN connection is already being stopped.");
break;
case NM_VPN_SERVICE_STATE_STOPPED:
g_set_error (err,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_ALREADY_STOPPED,
"%s",
"Could not process the request because no VPN connection was active.");
break;
case NM_VPN_SERVICE_STATE_STARTING:
case NM_VPN_SERVICE_STATE_STARTED:
nm_vpn_plugin_set_state (plugin, NM_VPN_SERVICE_STATE_STOPPING);
ret = NM_VPN_PLUGIN_GET_CLASS (plugin)->disconnect (plugin, err);
nm_vpn_plugin_set_state (plugin, NM_VPN_SERVICE_STATE_STOPPED);
break;
case NM_VPN_SERVICE_STATE_INIT:
ret = TRUE;
break;
default:
g_warning ("Unhandled VPN service state %d", state);
g_assert_not_reached ();
break;
}
return ret;
}
static gboolean
real_need_secrets (NMVPNPlugin *plugin,
NMConnection *connection,
char **setting_name,
GError **error)
{
NMSettingVPN *s_vpn;
g_return_val_if_fail (NM_IS_VPN_PLUGIN (plugin), FALSE);
g_return_val_if_fail (NM_IS_CONNECTION (connection), FALSE);
s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN));
if (!s_vpn) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID,
"%s",
"Could not process the request because the VPN connection settings were invalid.");
return FALSE;
}
/* We just need the WebVPN cookie, and the final IP address of the gateway
(after HTTP redirects, which do happen). All the certificate/SecurID
nonsense can be handled for us, in the user's context, by auth-dialog */
if (!nm_setting_vpn_get_secret (s_vpn, NM_OPENCONNECT_KEY_GATEWAY)) {
*setting_name = NM_SETTING_VPN_SETTING_NAME;
return TRUE;
}
if (!nm_setting_vpn_get_secret (s_vpn, NM_OPENCONNECT_KEY_COOKIE)) {
*setting_name = NM_SETTING_VPN_SETTING_NAME;
return TRUE;
}
if (!nm_setting_vpn_get_secret (s_vpn, NM_OPENCONNECT_KEY_GWCERT)) {
*setting_name = NM_SETTING_VPN_SETTING_NAME;
return TRUE;
}
return FALSE;
}
