static void
test_nat_export (NMVpnPluginUiInterface *plugin,
const char *dir,
const char *tmpdir,
const char *nat_mode)
{
NMConnection *connection;
NMSettingVPN *s_vpn;
NMConnection *reimported;
char *path;
gboolean success;
GError *error = NULL;
int ret;
connection = get_basic_connection ("nat-export", plugin, dir, "basic.pcf");
ASSERT (connection != NULL, "nat-export", "failed to import connection");
s_vpn = nm_connection_get_setting_vpn (connection);
ASSERT (s_vpn != NULL, "nat-export", "imported connection had no VPN setting");
nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE, nat_mode);
path = g_build_path ("/", tmpdir, NAT_EXPORTED_NAME, NULL);
success = nm_vpn_plugin_ui_interface_export (plugin, path, connection, &error);
if (!success) {
if (!error)
FAIL ("nat-export", "export failed with missing error");
else
FAIL ("nat-export", "export failed: %s", error->message);
}
/* Now re-import it and compare the connections to ensure they are the same */
reimported = get_basic_connection ("nat-export", plugin, tmpdir, NAT_EXPORTED_NAME);
ret = unlink (path);
ASSERT (connection != NULL, "nat-export", "failed to re-import connection");
/* Clear secrets first, since they don't get exported, and thus would
* make the connection comparison below fail.
*/
remove_user_password (connection);
/* Since we don't export the user password, but the original connection
* had one, we need to add secret flags to the re-imported connection.
*/
s_vpn = nm_connection_get_setting_vpn (reimported);
nm_setting_set_secret_flags (NM_SETTING (s_vpn),
NM_VPNC_KEY_SECRET,
NM_SETTING_SECRET_FLAG_AGENT_OWNED,
NULL);
ASSERT (nm_connection_compare (connection, reimported, NM_SETTING_COMPARE_FLAG_EXACT) == TRUE,
"nat-export", "original and reimported connection differ");
g_object_unref (reimported);
g_object_unref (connection);
g_free (path);
}
static gboolean
real_need_secrets (NMVpnServicePlugin *plugin,
NMConnection *connection,
const char **setting_name,
GError **error)
{
NMSettingVpn *s_vpn;
NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
g_return_val_if_fail (NM_IS_VPN_SERVICE_PLUGIN (plugin), FALSE);
g_return_val_if_fail (NM_IS_CONNECTION (connection), FALSE);
s_vpn = nm_connection_get_setting_vpn (connection);
nm_setting_get_secret_flags (NM_SETTING (s_vpn), NM_SSTP_KEY_PASSWORD, &flags, NULL);
/* Don't need the password if it's not required */
if (flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)
return FALSE;
/* Don't need the password if we already have one */
if (nm_setting_vpn_get_secret (NM_SETTING_VPN (s_vpn), NM_SSTP_KEY_PASSWORD))
return FALSE;
/* Otherwise we need a password */
*setting_name = NM_SETTING_VPN_SETTING_NAME;
return TRUE;
}
static void
test_non_utf8_import (NMVpnPluginUiInterface *plugin, const char *dir)
{
NMConnection *connection;
NMSettingConnection *s_con;
NMSettingVPN *s_vpn;
const char *expected_id = "Att äta en ko";
const char *charset = NULL;
/* Change charset to ISO-8859-15 to match iso885915.pcf */
g_get_charset (&charset);
setlocale (LC_ALL, "de_DE@euro");
connection = get_basic_connection ("non-utf8-import", plugin, dir, "iso885915.pcf");
setlocale (LC_ALL, charset);
ASSERT (connection != NULL, "non-utf8-import", "failed to import connection");
/* Connection setting */
s_con = nm_connection_get_setting_connection (connection);
ASSERT (s_con != NULL,
"non-utf8-import", "missing 'connection' setting");
ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0,
"non-utf8-import", "unexpected connection ID");
ASSERT (nm_setting_connection_get_uuid (s_con) == NULL,
"non-utf8-import", "unexpected valid UUID");
/* VPN setting */
s_vpn = nm_connection_get_setting_vpn (connection);
ASSERT (s_vpn != NULL,
"non-utf8-import", "missing 'vpn' setting");
g_object_unref (connection);
}
static gboolean
write_connection_to_child (int fd, NMConnection *connection, GError **error)
{
NMSettingVPN *s_vpn;
WriteItemInfo info = { .fd = fd, .secret = FALSE, .error = error };
s_vpn = nm_connection_get_setting_vpn (connection);
if (!s_vpn) {
g_set_error_literal (error,
NM_SECRET_AGENT_ERROR,
NM_SECRET_AGENT_ERROR_INTERNAL_ERROR,
"Connection had no VPN setting");
return FALSE;
}
nm_setting_vpn_foreach_data_item (s_vpn, write_one_key_val, &info);
if (error && *error)
return FALSE;
info.secret = TRUE;
nm_setting_vpn_foreach_secret (s_vpn, write_one_key_val, &info);
if (error && *error)
return FALSE;
if (!write_item (fd, "DONE\n\n", error))
return FALSE;
return TRUE;
}
CEPage *
ce_page_vpn_new (NMConnectionEditor *editor,
NMConnection *connection,
GtkWindow *parent_window,
NMClient *client,
const char **out_secrets_setting_name,
GError **error)
{
CEPageVpn *self;
CEPageVpnPrivate *priv;
const char *service_type;
GError *local = NULL;
self = CE_PAGE_VPN (ce_page_new (CE_TYPE_PAGE_VPN,
editor,
connection,
parent_window,
client,
NULL,
NULL,
_("VPN")));
if (!self) {
g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("Could not load VPN user interface."));
return NULL;
}
priv = CE_PAGE_VPN_GET_PRIVATE (self);
priv->setting = nm_connection_get_setting_vpn (connection);
g_assert (priv->setting);
service_type = nm_setting_vpn_get_service_type (priv->setting);
g_assert (service_type);
priv->service_type = g_strdup (service_type);
priv->plugin = vpn_get_plugin_by_service (service_type);
if (!priv->plugin) {
g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("Could not find VPN plugin for “%s”."), service_type);
g_object_unref (self);
return NULL;
}
priv->plugin = g_object_ref (priv->plugin);
priv->editor = nm_vpn_editor_plugin_get_editor (priv->plugin, CE_PAGE (self)->connection, &local);
if (!priv->editor) {
g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC,
_("Could not load editor VPN plugin for “%s” (%s)."),
service_type, local ? local->message : _("unknown failure"));
g_clear_error (&local);
g_object_unref (self);
return NULL;
}
g_signal_connect (self, "initialized", G_CALLBACK (finish_setup), NULL);
*out_secrets_setting_name = NM_SETTING_VPN_SETTING_NAME;
return CE_PAGE (self);
}
NMVpnEditor *
nm_vpnc_editor_new (NMConnection *connection, GError **error)
{
NMVpnEditor *object;
VpncEditorPrivate *priv;
char *ui_file;
NMSettingVpn *s_vpn;
gboolean is_new = TRUE;
if (error)
g_return_val_if_fail (*error == NULL, NULL);
object = g_object_new (VPNC_TYPE_EDITOR, NULL);
if (!object) {
g_set_error (error, NMV_EDITOR_PLUGIN_ERROR, NMV_EDITOR_PLUGIN_ERROR_FAILED,
"could not create vpnc object");
return NULL;
}
priv = VPNC_EDITOR_GET_PRIVATE (object);
ui_file = g_strdup_printf ("%s/%s", UIDIR, "nm-vpnc-dialog.ui");
priv->builder = gtk_builder_new ();
gtk_builder_set_translation_domain (priv->builder, GETTEXT_PACKAGE);
if (!gtk_builder_add_from_file (priv->builder, ui_file, error)) {
g_warning ("Couldn't load builder file: %s",
error && *error ? (*error)->message : "(unknown)");
g_clear_error (error);
g_set_error (error, NMV_EDITOR_PLUGIN_ERROR, NMV_EDITOR_PLUGIN_ERROR_FAILED,
"could not load required resources at %s", ui_file);
g_free (ui_file);
g_object_unref (object);
return NULL;
}
g_free (ui_file);
priv->widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "vpnc-vbox"));
if (!priv->widget) {
g_set_error (error, NMV_EDITOR_PLUGIN_ERROR, NMV_EDITOR_PLUGIN_ERROR_FAILED,
"could not load UI widget");
g_object_unref (object);
return NULL;
}
g_object_ref_sink (priv->widget);
s_vpn = nm_connection_get_setting_vpn (connection);
if (s_vpn)
nm_setting_vpn_foreach_data_item (s_vpn, is_new_func, &is_new);
if (!init_plugin_ui (VPNC_EDITOR (object), connection, is_new, error)) {
g_object_unref (object);
return NULL;
}
return object;
}
static NMVpnPluginUiWidgetInterface *
nm_vpn_plugin_ui_widget_interface_new (NMConnection *connection, GError **error)
{
NMVpnPluginUiWidgetInterface *object;
OpenswanPluginUiWidgetPrivate *priv;
char *ui_file;
NMSettingVPN *s_vpn;
gboolean is_new = TRUE;
if (error)
g_return_val_if_fail (*error == NULL, NULL);
object = NM_VPN_PLUGIN_UI_WIDGET_INTERFACE (g_object_new (OPENSWAN_TYPE_PLUGIN_UI_WIDGET, NULL));
if (!object) {
g_set_error (error, OPENSWAN_PLUGIN_UI_ERROR, 0, "could not create openswan object");
return NULL;
}
priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (object);
ui_file = g_strdup_printf ("%s/%s", UIDIR, "nm-openswan-dialog.ui");
priv->builder = gtk_builder_new ();
g_assert (priv->builder);
gtk_builder_set_translation_domain (priv->builder, GETTEXT_PACKAGE);
if (!gtk_builder_add_from_file (priv->builder, ui_file, error)) {
g_warning ("Couldn't load builder file: %s",
error && *error ? (*error)->message : "(unknown)");
g_clear_error (error);
g_set_error (error, OPENSWAN_PLUGIN_UI_ERROR, 0,
"could not load required resources at %s", ui_file);
g_free (ui_file);
g_object_unref (object);
return NULL;
}
g_free (ui_file);
priv->widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "openswan-vbox"));
if (!priv->widget) {
g_set_error (error, OPENSWAN_PLUGIN_UI_ERROR, 0, "could not load UI widget");
g_object_unref (object);
return NULL;
}
g_object_ref_sink (priv->widget);
s_vpn = nm_connection_get_setting_vpn (connection);
if (s_vpn)
nm_setting_vpn_foreach_data_item (s_vpn, is_new_func, &is_new);
if (!init_plugin_ui (OPENSWAN_PLUGIN_UI_WIDGET (object), connection, is_new, error)) {
g_object_unref (object);
return NULL;
}
return object;
}
static void
import_cb (NMConnection *connection, gpointer user_data)
{
NewVpnInfo *info = (NewVpnInfo *) user_data;
NMSettingConnection *s_con;
NMSettingVPN *s_vpn;
const char *service_type;
char *s;
GError *error = NULL;
/* Basic sanity checks of the connection */
s_con = nm_connection_get_setting_connection (connection);
if (!s_con) {
s_con = NM_SETTING_CONNECTION (nm_setting_connection_new ());
nm_connection_add_setting (connection, NM_SETTING (s_con));
}
s = (char *) nm_setting_connection_get_id (s_con);
if (!s) {
GSList *connections;
connections = nm_remote_settings_list_connections (info->settings);
s = ce_page_get_next_available_name (connections, _("VPN connection %d"));
g_object_set (s_con, NM_SETTING_CONNECTION_ID, s, NULL);
g_free (s);
g_slist_free (connections);
}
s = (char *) nm_setting_connection_get_connection_type (s_con);
if (!s || strcmp (s, NM_SETTING_VPN_SETTING_NAME))
g_object_set (s_con, NM_SETTING_CONNECTION_TYPE, NM_SETTING_VPN_SETTING_NAME, NULL);
s = (char *) nm_setting_connection_get_uuid (s_con);
if (!s) {
s = nm_utils_uuid_generate ();
g_object_set (s_con, NM_SETTING_CONNECTION_UUID, s, NULL);
g_free (s);
}
s_vpn = nm_connection_get_setting_vpn (connection);
service_type = s_vpn ? nm_setting_vpn_get_service_type (s_vpn) : NULL;
if (!service_type || !strlen (service_type)) {
g_object_unref (connection);
connection = NULL;
error = g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
_("The VPN plugin failed to import the VPN connection correctly\n\nError: no VPN service type."));
}
info->result_func (connection, FALSE, error, info->user_data);
g_clear_error (&error);
g_object_unref (info->settings);
g_slice_free (NewVpnInfo, info);
}
static void
remove_user_password (NMConnection *connection)
{
NMSettingVPN *s_vpn;
s_vpn = nm_connection_get_setting_vpn (connection);
if (!s_vpn)
return;
if (nm_setting_vpn_get_secret (s_vpn, NM_VPNC_KEY_XAUTH_PASSWORD))
nm_setting_vpn_remove_secret (s_vpn, NM_VPNC_KEY_XAUTH_PASSWORD);
}
GHashTable *
advanced_dialog_new_hash_from_connection (NMConnection *connection,
GError **error)
{
GHashTable *hash;
NMSettingVpn *s_vpn;
hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free);
s_vpn = nm_connection_get_setting_vpn (connection);
nm_setting_vpn_foreach_data_item (s_vpn, copy_values, hash);
return hash;
}
static gboolean
handle_need_secrets (NMDBusSstpPpp *object,
GDBusMethodInvocation *invocation,
gpointer user_data)
{
NMSstpPlugin *self = NM_SSTP_PLUGIN (user_data);
NMSstpPluginPrivate *priv = NM_SSTP_PLUGIN_GET_PRIVATE (self);
NMSettingVpn *s_vpn;
const char *user, *password, *domain;
gchar *username;
remove_timeout_handler (NM_SSTP_PLUGIN (user_data));
s_vpn = nm_connection_get_setting_vpn (priv->connection);
g_assert (s_vpn);
/* Username; try SSTP specific username first, then generic username */
user = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_USER);
if (!user || !strlen (user))
user = nm_setting_vpn_get_user_name (s_vpn);
if (!user || !strlen (user)) {
g_dbus_method_invocation_return_error_literal (invocation,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION,
_("Missing VPN username."));
return FALSE;
}
password = nm_setting_vpn_get_secret (s_vpn, NM_SSTP_KEY_PASSWORD);
if (!password || !strlen (password)) {
g_dbus_method_invocation_return_error_literal (invocation,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION,
_("Missing or invalid VPN password."));
return FALSE;;
}
/* Domain is optional */
domain = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_DOMAIN);
/* Success */
if (domain && strlen (domain))
username = g_strdup_printf ("%s\\%s", domain, user);
else
username = g_strdup (user);
nmdbus_sstp_ppp_complete_need_secrets (object, invocation, username, password);
g_free (username);
return TRUE;
}
CEPage *
ce_page_vpn_new (NMConnection *connection,
GtkWindow *parent_window,
NMClient *client,
NMRemoteSettings *settings,
const char **out_secrets_setting_name,
GError **error)
{
CEPageVpn *self;
CEPageVpnPrivate *priv;
const char *service_type;
self = CE_PAGE_VPN (ce_page_new (CE_TYPE_PAGE_VPN,
connection,
parent_window,
client,
settings,
NULL,
NULL,
_("VPN")));
if (!self) {
g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("Could not load VPN user interface."));
return NULL;
}
priv = CE_PAGE_VPN_GET_PRIVATE (self);
priv->setting = nm_connection_get_setting_vpn (connection);
g_assert (priv->setting);
service_type = nm_setting_vpn_get_service_type (priv->setting);
g_assert (service_type);
priv->service_type = g_strdup (service_type);
priv->plugin = vpn_get_plugin_by_service (service_type);
if (!priv->plugin) {
g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("Could not find VPN plugin service for '%s'."), service_type);
g_object_unref (self);
return NULL;
}
g_signal_connect (self, "initialized", G_CALLBACK (finish_setup), NULL);
*out_secrets_setting_name = NM_SETTING_VPN_SETTING_NAME;
return CE_PAGE (self);
}
static gboolean
real_connect (NMVpnServicePlugin *plugin,
NMConnection *connection,
GError **error)
{
NMSstpPluginPrivate *priv = NM_SSTP_PLUGIN_GET_PRIVATE (plugin);
NMSettingVpn *s_vpn;
const char *gwaddr;
const char *value;
s_vpn = nm_connection_get_setting_vpn (connection);
g_assert (s_vpn);
gwaddr = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_GATEWAY);
if (!gwaddr || !strlen (gwaddr)) {
g_set_error_literal (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
_("Invalid or missing SSTP gateway."));
return FALSE;
}
/* Set the UUID of the connection */
value = nm_connection_get_uuid(connection);
if (value && strlen(value))
nm_setting_vpn_add_data_item(s_vpn, NM_SSTP_KEY_UUID, value);
if (!nm_sstp_properties_validate (s_vpn, error))
return FALSE;
if (!nm_sstp_secrets_validate (s_vpn, error))
return FALSE;
priv->connection = g_object_ref (connection);
if (getenv ("NM_PPP_DUMP_CONNECTION") || debug)
nm_connection_dump (connection);
return nm_sstp_start_pppd_binary (NM_SSTP_PLUGIN (plugin),
s_vpn,
gwaddr,
error);
}
static void
test_legacy_ike_port_1_import (NMVpnPluginUiInterface *plugin, const char *dir)
{
NMConnection *connection;
NMSettingConnection *s_con;
NMSettingVPN *s_vpn;
GError *error = NULL;
char *pcf;
const char *expected_id = "Don't use Legacy IKE Port (500)";
const char *value;
pcf = g_build_path ("/", dir, "use-legacy-ike-port-1.pcf", NULL);
ASSERT (pcf != NULL,
"use-legacy-ike-port-1", "failed to create pcf path");
connection = nm_vpn_plugin_ui_interface_import (plugin, pcf, &error);
if (error)
FAIL ("", "error importing %s: %s", pcf, error->message);
ASSERT (connection != NULL,
"use-legacy-ike-port-1", "error importing %s: (unknown)", pcf);
/* Connection setting */
s_con = nm_connection_get_setting_connection (connection);
ASSERT (s_con != NULL,
"use-legacy-ike-port-1", "missing 'connection' setting");
ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0,
"use-legacy-ike-port-1", "unexpected connection ID");
/* VPN setting */
s_vpn = nm_connection_get_setting_vpn (connection);
ASSERT (s_vpn != NULL,
"use-legacy-ike-port-1", "missing 'vpn' setting");
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_LOCAL_PORT);
ASSERT (value != NULL,
"use-legacy-ike-port-1", "unexpected missing value for item %s", NM_VPNC_KEY_LOCAL_PORT);
ASSERT (strcmp (value, "500") == 0,
"use-legacy-ike-port-1", "unexpected value for item %s", NM_VPNC_KEY_LOCAL_PORT);
g_free (pcf);
}
gboolean
nm_vpn_manager_activate_connection (NMVpnManager *manager,
NMVpnConnection *vpn,
GError **error)
{
NMConnection *connection;
NMSettingVpn *s_vpn;
NMVpnService *service;
const char *service_name;
NMDevice *device;
g_return_val_if_fail (NM_IS_VPN_MANAGER (manager), FALSE);
g_return_val_if_fail (NM_IS_VPN_CONNECTION (vpn), FALSE);
g_return_val_if_fail (error != NULL, FALSE);
g_return_val_if_fail (*error == NULL, FALSE);
device = nm_active_connection_get_device (NM_ACTIVE_CONNECTION (vpn));
g_assert (device);
if ( nm_device_get_state (device) != NM_DEVICE_STATE_ACTIVATED
&& nm_device_get_state (device) != NM_DEVICE_STATE_SECONDARIES) {
g_set_error_literal (error, NM_VPN_MANAGER_ERROR, NM_VPN_MANAGER_ERROR_DEVICE_NOT_ACTIVE,
"The base device for the VPN connection was not active.");
return FALSE;
}
connection = nm_active_connection_get_connection (NM_ACTIVE_CONNECTION (vpn));
g_assert (connection);
s_vpn = nm_connection_get_setting_vpn (connection);
g_assert (s_vpn);
service_name = nm_setting_vpn_get_service_type (s_vpn);
g_assert (service_name);
service = g_hash_table_lookup (NM_VPN_MANAGER_GET_PRIVATE (manager)->services, service_name);
if (!service) {
g_set_error (error, NM_VPN_MANAGER_ERROR, NM_VPN_MANAGER_ERROR_SERVICE_INVALID,
"The VPN service '%s' was not installed.",
service_name);
return FALSE;
}
return nm_vpn_service_activate (service, vpn, error);
}
static void
test_nat_force_natt (NMVpnPluginUiInterface *plugin, const char *dir)
{
NMConnection *connection;
NMSettingConnection *s_con;
NMSettingVPN *s_vpn;
GError *error = NULL;
char *pcf;
const char *expected_id = "Force NAT-T";
const char *value;
pcf = g_build_path ("/", dir, "force-natt.pcf", NULL);
ASSERT (pcf != NULL,
"force-natt", "failed to create pcf path");
connection = nm_vpn_plugin_ui_interface_import (plugin, pcf, &error);
if (error)
FAIL ("force-natt", "error importing %s: %s", pcf, error->message);
ASSERT (connection != NULL,
"force-natt", "error importing %s: (unknown)", pcf);
/* Connection setting */
s_con = nm_connection_get_setting_connection (connection);
ASSERT (s_con != NULL,
"force-natt", "missing 'connection' setting");
ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0,
"force-natt", "unexpected connection ID");
/* VPN setting */
s_vpn = nm_connection_get_setting_vpn (connection);
ASSERT (s_vpn != NULL,
"force-natt", "missing 'vpn' setting");
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
ASSERT (value != NULL,
"force-natt", "unexpected missing value for item %s", NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
ASSERT (strcmp (value, NM_VPNC_NATT_MODE_NATT_ALWAYS) == 0,
"force-natt", "unexpected value for item %s", NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
g_free (pcf);
}
void
vpn_export (NMConnection *connection)
{
GtkWidget *dialog;
NMVpnPluginUiInterface *plugin;
NMSettingVPN *s_vpn = NULL;
const char *service_type;
const char *home_folder;
s_vpn = nm_connection_get_setting_vpn (connection);
service_type = s_vpn ? nm_setting_vpn_get_service_type (s_vpn) : NULL;
if (!service_type) {
g_warning ("%s: invalid VPN connection!", __func__);
return;
}
dialog = gtk_file_chooser_dialog_new (_("Export VPN connection..."),
NULL,
GTK_FILE_CHOOSER_ACTION_SAVE,
GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL,
GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT,
NULL);
home_folder = g_get_home_dir ();
gtk_file_chooser_set_current_folder (GTK_FILE_CHOOSER (dialog), home_folder);
plugin = vpn_get_plugin_by_service (service_type);
if (plugin) {
char *suggested = NULL;
suggested = nm_vpn_plugin_ui_interface_get_suggested_name (plugin, connection);
if (suggested) {
gtk_file_chooser_set_current_name (GTK_FILE_CHOOSER (dialog), suggested);
g_free (suggested);
}
}
g_signal_connect (G_OBJECT (dialog), "close", G_CALLBACK (gtk_widget_destroy), NULL);
g_signal_connect (G_OBJECT (dialog), "response", G_CALLBACK (export_vpn_to_file_cb), g_object_ref (connection));
gtk_widget_show_all (dialog);
gtk_window_present (GTK_WINDOW (dialog));
}
gboolean
vpn_supports_ipv6 (NMConnection *connection)
{
NMSettingVPN *s_vpn;
const char *service_type;
NMVpnPluginUiInterface *plugin;
guint32 capabilities;
s_vpn = nm_connection_get_setting_vpn (connection);
g_return_val_if_fail (s_vpn != NULL, FALSE);
service_type = nm_setting_vpn_get_service_type (s_vpn);
g_return_val_if_fail (service_type != NULL, FALSE);
plugin = vpn_get_plugin_by_service (service_type);
g_return_val_if_fail (plugin != NULL, FALSE);
capabilities = nm_vpn_plugin_ui_interface_get_capabilities (plugin);
return (capabilities & NM_VPN_PLUGIN_UI_CAPABILITY_IPV6) != 0;
}
gboolean
vpn_supports_ipv6 (NMConnection *connection)
{
NMSettingVpn *s_vpn;
const char *service_type;
NMVpnEditorPlugin *plugin;
guint32 capabilities;
s_vpn = nm_connection_get_setting_vpn (connection);
g_return_val_if_fail (s_vpn != NULL, FALSE);
service_type = nm_setting_vpn_get_service_type (s_vpn);
g_return_val_if_fail (service_type != NULL, FALSE);
plugin = vpn_get_plugin_by_service (service_type);
if (!plugin)
return FALSE;
capabilities = nm_vpn_editor_plugin_get_capabilities (plugin);
return (capabilities & NM_VPN_EDITOR_PLUGIN_CAPABILITY_IPV6) != 0;
}
static void
test_always_ask (NMVpnPluginUiInterface *plugin, const char *dir)
{
NMConnection *connection;
NMSettingConnection *s_con;
NMSettingVPN *s_vpn;
GError *error = NULL;
char *pcf;
const char *expected_id = "Always Ask For Password";
const char *value;
pcf = g_build_path ("/", dir, "always-ask.pcf", NULL);
ASSERT (pcf != NULL,
"always-ask", "failed to create pcf path");
connection = nm_vpn_plugin_ui_interface_import (plugin, pcf, &error);
if (error)
FAIL ("always-ask", "error importing %s: %s", pcf, error->message);
ASSERT (connection != NULL,
"always-ask", "error importing %s: (unknown)", pcf);
/* Connection setting */
s_con = nm_connection_get_setting_connection (connection);
ASSERT (s_con != NULL,
"always-ask", "missing 'connection' setting");
ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0,
"always-ask", "unexpected connection ID");
/* VPN setting */
s_vpn = nm_connection_get_setting_vpn (connection);
ASSERT (s_vpn != NULL,
"always-ask", "missing 'vpn' setting");
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_XAUTH_PASSWORD_TYPE);
ASSERT (value == NULL,
"always-ask", "unexpected value for item %s", NM_VPNC_KEY_XAUTH_PASSWORD_TYPE);
g_free (pcf);
}
static gboolean
init_plugin_ui (VpncEditor *self,
NMConnection *connection,
gboolean new_connection,
GError **error)
{
VpncEditorPrivate *priv = VPNC_EDITOR_GET_PRIVATE (self);
NMSettingConnection *s_con = NULL;
NMSettingVpn *s_vpn = NULL;
GtkWidget *widget;
GtkListStore *store;
GtkTreeIter iter;
const char *value = NULL;
int active = -1;
const char *natt_mode = NULL;
const char *ike_dh_group = NULL;
const char *vendor = NULL;
const char *pfs_group = NULL;
gboolean enabled = FALSE;
GtkFileFilter *filter;
if (connection) {
s_con = nm_connection_get_setting_connection (connection);
s_vpn = nm_connection_get_setting_vpn (connection);
}
priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "gateway_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_GATEWAY);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "group_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_ID);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "encryption_combo"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
store = gtk_list_store_new (1, G_TYPE_STRING);
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Secure (default)"), -1);
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Weak (use with caution)"), -1);
if (s_vpn && (active < 0)) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_SINGLE_DES);
if (value && !strcmp (value, "yes"))
active = 1;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("None (completely insecure)"), -1);
if (s_vpn && (active < 0)) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NO_ENCRYPTION);
if (value && !strcmp (value, "yes"))
active = 2;
}
gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store));
g_object_unref (store);
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
/* Fill the VPN passwords *before* initializing the PW type combos, since
* knowing if there are passwords when initializing the combos is helpful.
*/
setup_password_widget (self,
"user_password_entry",
s_vpn,
NM_VPNC_KEY_XAUTH_PASSWORD,
new_connection);
setup_password_widget (self,
"group_password_entry",
s_vpn,
NM_VPNC_KEY_SECRET,
new_connection);
init_password_icon (self,
s_vpn,
NM_VPNC_KEY_XAUTH_PASSWORD,
NM_VPNC_KEY_XAUTH_PASSWORD_TYPE,
"user_password_entry");
init_password_icon (self,
s_vpn,
NM_VPNC_KEY_SECRET,
NM_VPNC_KEY_SECRET_TYPE,
"group_password_entry");
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_XAUTH_USER);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "domain_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_DOMAIN);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
/* Vendor combo */
active = -1;
store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING);
if (s_vpn)
vendor = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_VENDOR);
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Cisco (default)"), 1, NM_VPNC_VENDOR_CISCO, -1);
if ((active < 0) && vendor) {
if (!strcmp (vendor, NM_VPNC_VENDOR_CISCO))
active = 0;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Netscreen"), 1, NM_VPNC_VENDOR_NETSCREEN, -1);
if ((active < 0) && vendor) {
if (!strcmp (vendor, NM_VPNC_VENDOR_NETSCREEN))
active = 1;
}
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "vendor_combo"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store));
g_object_unref (store);
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
/* Application version */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "application_version_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_APP_VERSION);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
/* Interface name */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "interface_name_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
if (s_con) {
value = nm_setting_connection_get_interface_name (s_con);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
active = -1;
store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING);
if (s_vpn)
natt_mode = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("NAT-T when available (default)"), 1, NM_VPNC_NATT_MODE_NATT, -1);
if ((active < 0) && natt_mode) {
if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NATT))
active = 0;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("NAT-T always"), 1, NM_VPNC_NATT_MODE_NATT_ALWAYS, -1);
if ((active < 0) && natt_mode) {
if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NATT_ALWAYS))
active = 1;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Cisco UDP"), 1, NM_VPNC_NATT_MODE_CISCO, -1);
if ((active < 0) && natt_mode) {
if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_CISCO))
active = 2;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Disabled"), 1, NM_VPNC_NATT_MODE_NONE, -1);
if ((active < 0) && natt_mode) {
if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NONE))
active = 3;
}
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "natt_combo"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store));
g_object_unref (store);
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
active = -1;
store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING);
if (s_vpn)
ike_dh_group = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_DHGROUP);
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("DH Group 1"), 1, NM_VPNC_DHGROUP_DH1, -1);
if ((active < 0) && ike_dh_group) {
if (!strcmp (ike_dh_group, NM_VPNC_DHGROUP_DH1))
active = 0;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("DH Group 2 (default)"), 1, NM_VPNC_DHGROUP_DH2, -1);
if ((active < 0) && ike_dh_group) {
if (!strcmp (ike_dh_group, NM_VPNC_DHGROUP_DH2))
active = 1;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("DH Group 5"), 1, NM_VPNC_DHGROUP_DH5, -1);
if ((active < 0) && ike_dh_group) {
if (!strcmp (ike_dh_group, NM_VPNC_DHGROUP_DH5))
active = 2;
}
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "dhgroup_combo"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store));
g_object_unref (store);
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 1 : active);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
/* Local Port */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "local_port_spinbutton"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_LOCAL_PORT);
if (value) {
long int tmp;
errno = 0;
tmp = strtol (value, NULL, 10);
if (errno != 0 || tmp < 0 || tmp > 65535)
tmp = 0;
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "local_port_spinbutton"));
gtk_spin_button_set_value (GTK_SPIN_BUTTON (widget), (gdouble) tmp);
}
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (spinbutton_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dpd_checkbutton"));
g_return_val_if_fail (widget != NULL, FALSE);
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_DPD_IDLE_TIMEOUT);
if (value) {
long int tmp;
errno = 0;
tmp = strtol (value, NULL, 10);
if (tmp >= 0 && tmp <= G_MAXUINT32 && errno == 0)
priv->orig_dpd_timeout = (guint32) tmp;
if (priv->orig_dpd_timeout == 0)
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
}
}
g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);
/* Perfect Forward Secrecy combo */
active = -1;
store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING);
if (s_vpn)
pfs_group = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_PERFECT_FORWARD);
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Server (default)"), 1, NM_VPNC_PFS_SERVER, -1);
if ((active < 0) && pfs_group) {
if (!strcmp (pfs_group, NM_VPNC_PFS_SERVER))
active = 0;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("None"), 1, NM_VPNC_PFS_NOPFS, -1);
if ((active < 0) && pfs_group) {
if (!strcmp (pfs_group, NM_VPNC_PFS_NOPFS))
active = 1;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("DH Group 1"), 1, NM_VPNC_PFS_DH1, -1);
if ((active < 0) && pfs_group) {
if (!strcmp (pfs_group, NM_VPNC_PFS_DH1))
active = 2;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("DH Group 2"), 1, NM_VPNC_PFS_DH2, -1);
if ((active < 0) && pfs_group) {
if (!strcmp (pfs_group, NM_VPNC_PFS_DH2))
active = 3;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("DH Group 5"), 1, NM_VPNC_PFS_DH5, -1);
if ((active < 0) && pfs_group) {
if (!strcmp (pfs_group, NM_VPNC_PFS_DH5))
active = 4;
}
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "pfsecrecy_combo"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store));
g_object_unref (store);
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "show_passwords_checkbutton"));
g_return_val_if_fail (widget != NULL, FALSE);
g_signal_connect (G_OBJECT (widget), "toggled",
(GCallback) show_toggled_cb,
self);
/* hybrid auth */
enabled = FALSE;
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "hybrid_checkbutton"));
g_return_val_if_fail (widget != NULL, FALSE);
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_AUTHMODE);
if (value && !strcmp("hybrid", value)) {
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
enabled = TRUE;
}
}
g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (hybrid_toggled_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "ca_file_chooser"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, widget);
gtk_widget_set_sensitive (widget, enabled);
gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
_("Choose a Certificate Authority (CA) certificate…"));
filter = gtk_file_filter_new ();
gtk_file_filter_add_custom (filter, GTK_FILE_FILTER_FILENAME, cert_filter, NULL, NULL);
gtk_file_filter_set_name (filter, _("PEM certificates (*.pem, *.crt, *.cer)"));
gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_CA_FILE);
if (value && strlen (value))
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
}
g_signal_connect (G_OBJECT (widget), "file-set", G_CALLBACK (stuff_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "cafile_label"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_widget_set_sensitive (widget, enabled);
/* advanced dialog */
priv->advanced_dialog = GTK_WIDGET (gtk_builder_get_object (priv->builder, "vpnc-advanced-dialog"));
g_return_val_if_fail (priv->advanced_dialog != NULL, FALSE);
g_signal_connect (G_OBJECT (priv->advanced_dialog), "delete-event",
G_CALLBACK (gtk_widget_hide_on_delete), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "advanced_button"));
g_return_val_if_fail (widget != NULL, FALSE);
g_signal_connect (G_OBJECT (widget), "clicked",
(GCallback) toggle_advanced_dialog_cb,
self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "apply_button"));
g_return_val_if_fail (widget != NULL, FALSE);
g_signal_connect (G_OBJECT (widget), "clicked",
(GCallback) toggle_advanced_dialog_cb,
self);
return TRUE;
}
static gboolean
vpn_openconnect_get_secrets (NMConnection *connection, GPtrArray *secrets)
{
GError *error = NULL;
NMSettingVpn *s_vpn;
const char *vpn_type, *gw, *port;
char *cookie = NULL;
char *gateway = NULL;
char *gwcert = NULL;
int status = 0;
int i;
gboolean ret;
if (!connection)
return FALSE;
if (!nm_connection_is_type (connection, NM_SETTING_VPN_SETTING_NAME))
return FALSE;
s_vpn = nm_connection_get_setting_vpn (connection);
vpn_type = nm_setting_vpn_get_service_type (s_vpn);
if (g_strcmp0 (vpn_type, NM_DBUS_INTERFACE ".openconnect"))
return FALSE;
/* Get gateway and port */
gw = nm_setting_vpn_get_data_item (s_vpn, "gateway");
port = gw ? strrchr (gw, ':') : NULL;
/* Interactively authenticate to OpenConnect server and get secrets */
ret = nm_vpn_openconnect_authenticate_helper (gw, &cookie, &gateway, &gwcert, &status, &error);
if (!ret) {
g_printerr (_("Error: openconnect failed: %s\n"), error->message);
g_clear_error (&error);
return FALSE;
}
if (WIFEXITED (status)) {
if (WEXITSTATUS (status) != 0)
g_printerr (_("Error: openconnect failed with status %d\n"), WEXITSTATUS (status));
} else if (WIFSIGNALED (status))
g_printerr (_("Error: openconnect failed with signal %d\n"), WTERMSIG (status));
/* Append port to the host value */
if (gateway && port) {
char *tmp = gateway;
gateway = g_strdup_printf ("%s%s", gateway, port);
g_free (tmp);
}
/* Fill secrets to the array */
for (i = 0; i < secrets->len; i++) {
NMSecretAgentSimpleSecret *secret = secrets->pdata[i];
if (!g_strcmp0 (secret->vpn_type, vpn_type)) {
if (!g_strcmp0 (secret->vpn_property, "cookie")) {
g_free (secret->value);
secret->value = cookie;
cookie = NULL;
} else if (!g_strcmp0 (secret->vpn_property, "gateway")) {
g_free (secret->value);
secret->value = gateway;
gateway = NULL;
} else if (!g_strcmp0 (secret->vpn_property, "gwcert")) {
g_free (secret->value);
secret->value = gwcert;
gwcert = NULL;
}
}
}
g_free (cookie);
g_free (gateway);
g_free (gwcert);
return TRUE;
}
static void
test_basic_import (NMVpnPluginUiInterface *plugin, const char *dir)
{
NMConnection *connection;
NMSettingConnection *s_con;
NMSettingIP4Config *s_ip4;
NMSettingVPN *s_vpn;
NMIP4Route *route;
struct in_addr tmp;
const char *expected_id = "Basic VPN";
const char *expected_route1_dest = "10.0.0.0";
const char *expected_route1_gw = "0.0.0.0";
const char *expected_route2_dest = "172.16.0.0";
const char *expected_route2_gw = "0.0.0.0";
connection = get_basic_connection ("basic-import", plugin, dir, "basic.pcf");
ASSERT (connection != NULL, "basic-import", "failed to import connection");
/* Connection setting */
s_con = nm_connection_get_setting_connection (connection);
ASSERT (s_con != NULL,
"basic-import", "missing 'connection' setting");
ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0,
"basic-import", "unexpected connection ID");
ASSERT (nm_setting_connection_get_uuid (s_con) == NULL,
"basic-import", "unexpected valid UUID");
/* IP4 setting */
s_ip4 = nm_connection_get_setting_ip4_config (connection);
ASSERT (s_ip4 != NULL,
"basic-import", "missing 'ip4-config' setting");
ASSERT (nm_setting_ip4_config_get_num_addresses (s_ip4) == 0,
"basic-import", "unexpected addresses");
ASSERT (nm_setting_ip4_config_get_never_default (s_ip4) == TRUE,
"basic-import", "never-default unexpectedly FALSE");
ASSERT (nm_setting_ip4_config_get_method (s_ip4) == NULL,
"basic-import", "unexpected IPv4 method");
ASSERT (nm_setting_ip4_config_get_dhcp_client_id (s_ip4) == NULL,
"basic-import", "unexpected valid DHCP client ID");
ASSERT (nm_setting_ip4_config_get_dhcp_hostname (s_ip4) == NULL,
"basic-import", "unexpected valid DHCP hostname");
ASSERT (nm_setting_ip4_config_get_num_dns_searches (s_ip4) == 0,
"basic-import", "unexpected DNS searches");
ASSERT (nm_setting_ip4_config_get_num_dns (s_ip4) == 0,
"basic-import", "unexpected DNS servers");
ASSERT (nm_setting_ip4_config_get_num_routes (s_ip4) == 2,
"basic-import", "unexpected number of routes");
/* Route #1 */
route = nm_setting_ip4_config_get_route (s_ip4, 0);
ASSERT (inet_pton (AF_INET, expected_route1_dest, &tmp) > 0,
"basic-import", "couldn't convert expected route destination #1");
ASSERT (nm_ip4_route_get_dest (route) == tmp.s_addr,
"basic-import", "unexpected route #1 destination");
ASSERT (inet_pton (AF_INET, expected_route1_gw, &tmp) > 0,
"basic-import", "couldn't convert expected route next hop #1");
ASSERT (nm_ip4_route_get_next_hop (route) == tmp.s_addr,
"basic-import", "unexpected route #1 next hop");
ASSERT (nm_ip4_route_get_prefix (route) == 8,
"basic-import", "unexpected route #1 prefix");
ASSERT (nm_ip4_route_get_metric (route) == 0,
"basic-import", "unexpected route #1 metric");
/* Route #2 */
route = nm_setting_ip4_config_get_route (s_ip4, 1);
ASSERT (inet_pton (AF_INET, expected_route2_dest, &tmp) > 0,
"basic-import", "couldn't convert expected route destination #2");
ASSERT (nm_ip4_route_get_dest (route) == tmp.s_addr,
"basic-import", "unexpected route #2 destination");
ASSERT (inet_pton (AF_INET, expected_route2_gw, &tmp) > 0,
"basic-import", "couldn't convert expected route next hop #2");
ASSERT (nm_ip4_route_get_next_hop (route) == tmp.s_addr,
"basic-import", "unexpected route #2 next hop");
ASSERT (nm_ip4_route_get_prefix (route) == 16,
"basic-import", "unexpected route #2 prefix");
ASSERT (nm_ip4_route_get_metric (route) == 0,
"basic-import", "unexpected route #2 metric");
/* VPN setting */
s_vpn = nm_connection_get_setting_vpn (connection);
ASSERT (s_vpn != NULL,
"basic-import", "missing 'vpn' setting");
/* Data items */
test_items ("basic-import-data", s_vpn, &basic_items[0], FALSE);
/* Secrets */
test_items ("basic-import-secrets", s_vpn, &basic_secrets[0], TRUE);
g_object_unref (connection);
}
static void
export_vpn_to_file_cb (GtkWidget *dialog, gint response, gpointer user_data)
{
NMConnection *connection = NM_CONNECTION (user_data);
char *filename = NULL;
GError *error = NULL;
NMVpnPluginUiInterface *plugin;
NMSettingConnection *s_con = NULL;
NMSettingVPN *s_vpn = NULL;
const char *service_type;
const char *id = NULL;
gboolean success = FALSE;
if (response != GTK_RESPONSE_ACCEPT)
goto out;
filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (dialog));
if (!filename) {
g_set_error (&error, G_IO_ERROR, G_IO_ERROR_FAILED, "no filename");
goto done;
}
if (g_file_test (filename, G_FILE_TEST_EXISTS)) {
int replace_response;
GtkWidget *replace_dialog;
char *bname;
bname = g_path_get_basename (filename);
replace_dialog = gtk_message_dialog_new (NULL,
GTK_DIALOG_DESTROY_WITH_PARENT,
GTK_MESSAGE_QUESTION,
GTK_BUTTONS_CANCEL,
_("A file named \"%s\" already exists."),
bname);
gtk_dialog_add_buttons (GTK_DIALOG (replace_dialog), _("_Replace"), GTK_RESPONSE_OK, NULL);
gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (replace_dialog),
_("Do you want to replace %s with the VPN connection you are saving?"), bname);
g_free (bname);
replace_response = gtk_dialog_run (GTK_DIALOG (replace_dialog));
gtk_widget_destroy (replace_dialog);
if (replace_response != GTK_RESPONSE_OK)
goto out;
}
s_con = nm_connection_get_setting_connection (connection);
id = s_con ? nm_setting_connection_get_id (s_con) : NULL;
if (!id) {
g_set_error (&error, G_IO_ERROR, G_IO_ERROR_FAILED, "connection setting invalid");
goto done;
}
s_vpn = nm_connection_get_setting_vpn (connection);
service_type = s_vpn ? nm_setting_vpn_get_service_type (s_vpn) : NULL;
if (!service_type) {
g_set_error (&error, G_IO_ERROR, G_IO_ERROR_FAILED, "VPN setting invalid");
goto done;
}
plugin = vpn_get_plugin_by_service (service_type);
if (plugin)
success = nm_vpn_plugin_ui_interface_export (plugin, filename, connection, &error);
done:
if (!success) {
GtkWidget *err_dialog;
char *bname = filename ? g_path_get_basename (filename) : g_strdup ("(none)");
err_dialog = gtk_message_dialog_new (NULL,
GTK_DIALOG_DESTROY_WITH_PARENT,
GTK_MESSAGE_ERROR,
GTK_BUTTONS_OK,
_("Cannot export VPN connection"));
gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (err_dialog),
_("The VPN connection '%s' could not be exported to %s.\n\nError: %s."),
id ? id : "(unknown)", bname, error ? error->message : "unknown error");
g_free (bname);
g_signal_connect (err_dialog, "delete-event", G_CALLBACK (gtk_widget_destroy), NULL);
g_signal_connect (err_dialog, "response", G_CALLBACK (gtk_widget_destroy), NULL);
gtk_widget_show_all (err_dialog);
gtk_window_present (GTK_WINDOW (err_dialog));
}
out:
if (error)
g_error_free (error);
g_object_unref (connection);
gtk_widget_hide (dialog);
gtk_widget_destroy (dialog);
}
NMConnection *
nm_keyfile_plugin_connection_from_file (const char *filename, GError **error)
{
GKeyFile *key_file;
struct stat statbuf;
gboolean bad_owner, bad_permissions;
NMConnection *connection = NULL;
NMSettingConnection *s_con;
NMSetting *setting;
gchar **groups;
gsize length;
int i;
gboolean vpn_secrets = FALSE;
const char *ctype;
GError *verify_error = NULL;
if (stat (filename, &statbuf) != 0 || !S_ISREG (statbuf.st_mode)) {
g_set_error_literal (error, KEYFILE_PLUGIN_ERROR, 0,
"File did not exist or was not a regular file");
return NULL;
}
bad_owner = getuid () != statbuf.st_uid;
bad_permissions = statbuf.st_mode & 0077;
if (bad_owner || bad_permissions) {
g_set_error (error, KEYFILE_PLUGIN_ERROR, 0,
"File permissions (%o) or owner (%d) were insecure",
statbuf.st_mode, statbuf.st_uid);
return NULL;
}
key_file = g_key_file_new ();
if (!g_key_file_load_from_file (key_file, filename, G_KEY_FILE_NONE, error))
goto out;
connection = nm_connection_new ();
groups = g_key_file_get_groups (key_file, &length);
for (i = 0; i < length; i++) {
/* Only read out secrets when needed */
if (!strcmp (groups[i], VPN_SECRETS_GROUP)) {
vpn_secrets = TRUE;
continue;
}
setting = read_setting (key_file, filename, groups[i]);
if (setting)
nm_connection_add_setting (connection, setting);
}
/* Make sure that we have the base device type setting even if
* the keyfile didn't include it, which can happen when the base
* device type setting is all default values (like ethernet).
*/
s_con = nm_connection_get_setting_connection (connection);
if (s_con) {
ctype = nm_setting_connection_get_connection_type (s_con);
setting = nm_connection_get_setting_by_name (connection, ctype);
if (ctype) {
if (!setting && !strcmp (ctype, NM_SETTING_WIRED_SETTING_NAME))
nm_connection_add_setting (connection, nm_setting_wired_new ());
}
}
/* Handle vpn secrets after the 'vpn' setting was read */
if (vpn_secrets) {
NMSettingVPN *s_vpn;
s_vpn = nm_connection_get_setting_vpn (connection);
if (s_vpn)
read_vpn_secrets (key_file, s_vpn);
}
g_strfreev (groups);
/* Verify the connection */
if (!nm_connection_verify (connection, &verify_error)) {
g_set_error (error, KEYFILE_PLUGIN_ERROR, 0,
"invalid or missing connection property '%s/%s'",
verify_error ? g_type_name (nm_connection_lookup_setting_type_by_quark (verify_error->domain)) : "(unknown)",
(verify_error && verify_error->message) ? verify_error->message : "(unknown)");
g_clear_error (&verify_error);
g_object_unref (connection);
connection = NULL;
g_warning ("Connection failed to verify: %s",
verify_error ? g_type_name (nm_connection_lookup_setting_type_by_quark (verify_error->domain)) : "(unknown)");
}
out:
g_key_file_free (key_file);
return connection;
}
gboolean
applet_vpn_request_get_secrets (SecretsRequest *req, GError **error)
{
VpnSecretsInfo *info = (VpnSecretsInfo *) req;
AppletVpnRequestPrivate *priv;
NMSettingConnection *s_con;
NMSettingVPN *s_vpn;
const char *connection_type;
const char *service_type;
char *bin_path;
const char *argv[10];
gboolean success = FALSE;
guint i = 0;
applet_secrets_request_set_free_func (req, free_vpn_secrets_info);
s_con = nm_connection_get_setting_connection (req->connection);
g_return_val_if_fail (s_con != NULL, FALSE);
connection_type = nm_setting_connection_get_connection_type (s_con);
g_return_val_if_fail (connection_type != NULL, FALSE);
g_return_val_if_fail (strcmp (connection_type, NM_SETTING_VPN_SETTING_NAME) == 0, FALSE);
s_vpn = nm_connection_get_setting_vpn (req->connection);
g_return_val_if_fail (s_vpn != NULL, FALSE);
service_type = nm_setting_vpn_get_service_type (s_vpn);
g_return_val_if_fail (service_type != NULL, FALSE);
/* find the auth-dialog binary */
bin_path = find_auth_dialog_binary (service_type, error);
if (!bin_path)
return FALSE;
info->vpn = (AppletVpnRequest *) g_object_new (APPLET_TYPE_VPN_REQUEST, NULL);
if (!info->vpn) {
g_set_error_literal (error,
NM_SECRET_AGENT_ERROR,
NM_SECRET_AGENT_ERROR_INTERNAL_ERROR,
"Could not create VPN secrets request object");
goto out;
}
priv = APPLET_VPN_REQUEST_GET_PRIVATE (info->vpn);
memset (argv, 0, sizeof (argv));
argv[i++] = bin_path;
argv[i++] = "-u";
argv[i++] = nm_setting_connection_get_uuid (s_con);
argv[i++] = "-n";
argv[i++] = nm_setting_connection_get_id (s_con);
argv[i++] = "-s";
argv[i++] = service_type;
if (req->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION)
argv[i++] = "-i";
if (req->flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW)
argv[i++] = "-r";
if (!g_spawn_async_with_pipes (NULL, /* working_directory */
(gchar **) argv, /* argv */
NULL, /* envp */
G_SPAWN_DO_NOT_REAP_CHILD, /* flags */
vpn_child_setup, /* child_setup */
NULL, /* user_data */
&priv->pid, /* child_pid */
&priv->child_stdin, /* standard_input */
&priv->child_stdout, /* standard_output */
NULL, /* standard_error */
error)) /* error */
goto out;
/* catch when child is reaped */
priv->watch_id = g_child_watch_add (priv->pid, child_finished_cb, info);
/* listen to what child has to say */
priv->channel = g_io_channel_unix_new (priv->child_stdout);
priv->channel_eventid = g_io_add_watch (priv->channel, G_IO_IN, child_stdout_data_cb, info);
g_io_channel_set_encoding (priv->channel, NULL, NULL);
/* Dump parts of the connection to the child */
success = write_connection_to_child (priv->child_stdin, req->connection, error);
out:
g_free (bin_path);
return success;
}
static gboolean
init_plugin_ui (OpenswanPluginUiWidget *self,
NMConnection *connection,
gboolean new_connection,
GError **error)
{
OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self);
NMSettingVPN *s_vpn = NULL;
GtkWidget *widget;
const char *value = NULL;
s_vpn = nm_connection_get_setting_vpn (connection);
priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "gateway_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_RIGHT);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "group_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_LEFTID);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
/* Fill the VPN passwords *before* initializing the PW type combos, since
* knowing if there are passwords when initializing the combos is helpful.
*/
setup_password_widget (self,
"user_password_entry",
s_vpn,
NM_OPENSWAN_XAUTH_PASSWORD,
new_connection);
setup_password_widget (self,
"group_password_entry",
s_vpn,
NM_OPENSWAN_PSK_VALUE,
new_connection);
init_one_pw_combo (self,
s_vpn,
"user_pass_type_combo",
NM_OPENSWAN_XAUTH_PASSWORD,
NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES,
"user_password_entry");
init_one_pw_combo (self,
s_vpn,
"group_pass_type_combo",
NM_OPENSWAN_PSK_VALUE,
NM_OPENSWAN_PSK_INPUT_MODES,
"group_password_entry");
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_LEFTXAUTHUSER);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
/* Phase 1 Algorithms: IKE*/
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "phase1_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_IKE);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
/* Phase 2 Algorithms: ESP*/
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "phase2_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_ESP);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "domain_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_DOMAIN);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "show_passwords_checkbutton"));
g_return_val_if_fail (widget != NULL, FALSE);
g_signal_connect (G_OBJECT (widget), "toggled",
(GCallback) show_toggled_cb,
self);
return TRUE;
}
