static gboolean
_service_cache_credentials (NML2tpPppService *self,
NMConnection *connection,
GError **error)
{
NML2tpPppServicePrivate *priv = NM_L2TP_PPP_SERVICE_GET_PRIVATE (self);
NMSettingVPN *s_vpn;
const char *username, *password, *domain;
g_return_val_if_fail (self != NULL, FALSE);
g_return_val_if_fail (connection != NULL, FALSE);
s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
if (!s_vpn) {
g_set_error_literal (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID,
_("Could not find secrets (connection invalid, no vpn setting)."));
return FALSE;
}
/* Username; try L2TP specific username first, then generic username */
username = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_USER);
if (username && strlen (username)) {
/* FIXME: This check makes about 0 sense. */
if (!username || !strlen (username)) {
g_set_error_literal (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID,
_("Invalid VPN username."));
return FALSE;
}
} else {
username = nm_setting_vpn_get_user_name (s_vpn);
if (!username || !strlen (username)) {
g_set_error_literal (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID,
_("Missing VPN username."));
return FALSE;
}
}
password = nm_setting_vpn_get_secret (s_vpn, NM_L2TP_KEY_PASSWORD);
if (!password || !strlen (password)) {
g_set_error_literal (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID,
_("Missing or invalid VPN password."));
return FALSE;
}
domain = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_DOMAIN);
if (domain && strlen (domain))
priv->domain = g_strdup(domain);
priv->username = g_strdup(username);
priv->password = g_strdup(password);
return TRUE;
}
static gboolean
init_plugin_ui (L2tpPluginUiWidget *self, NMConnection *connection, GError **error)
{
L2tpPluginUiWidgetPrivate *priv = L2TP_PLUGIN_UI_WIDGET_GET_PRIVATE (self);
NMSettingVPN *s_vpn;
GtkWidget *widget;
const char *value;
s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL);
widget = glade_xml_get_widget (priv->xml, "gateway_entry");
if (!widget)
return FALSE;
gtk_size_group_add_widget (priv->group, widget);
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_GATEWAY);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = glade_xml_get_widget (priv->xml, "user_entry");
if (!widget)
return FALSE;
gtk_size_group_add_widget (priv->group, widget);
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_USER);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = glade_xml_get_widget (priv->xml, "domain_entry");
if (!widget)
return FALSE;
gtk_size_group_add_widget (priv->group, widget);
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_DOMAIN);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = glade_xml_get_widget (priv->xml, "advanced_button");
g_signal_connect (G_OBJECT (widget), "clicked", G_CALLBACK (advanced_button_clicked_cb), self);
widget = glade_xml_get_widget (priv->xml, "show_passwords_checkbutton");
g_return_val_if_fail (widget != NULL, FALSE);
g_signal_connect (G_OBJECT (widget), "toggled",
(GCallback) show_toggled_cb,
self);
fill_vpn_passwords (priv->xml, priv->group, connection, stuff_changed_cb, self);
return TRUE;
}
static gboolean
handle_need_secrets (NMDBusSstpPpp *object,
GDBusMethodInvocation *invocation,
gpointer user_data)
{
NMSstpPlugin *self = NM_SSTP_PLUGIN (user_data);
NMSstpPluginPrivate *priv = NM_SSTP_PLUGIN_GET_PRIVATE (self);
NMSettingVpn *s_vpn;
const char *user, *password, *domain;
gchar *username;
remove_timeout_handler (NM_SSTP_PLUGIN (user_data));
s_vpn = nm_connection_get_setting_vpn (priv->connection);
g_assert (s_vpn);
/* Username; try SSTP specific username first, then generic username */
user = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_USER);
if (!user || !strlen (user))
user = nm_setting_vpn_get_user_name (s_vpn);
if (!user || !strlen (user)) {
g_dbus_method_invocation_return_error_literal (invocation,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION,
_("Missing VPN username."));
return FALSE;
}
password = nm_setting_vpn_get_secret (s_vpn, NM_SSTP_KEY_PASSWORD);
if (!password || !strlen (password)) {
g_dbus_method_invocation_return_error_literal (invocation,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION,
_("Missing or invalid VPN password."));
return FALSE;;
}
/* Domain is optional */
domain = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_DOMAIN);
/* Success */
if (domain && strlen (domain))
username = g_strdup_printf ("%s\\%s", domain, user);
else
username = g_strdup (user);
nmdbus_sstp_ppp_complete_need_secrets (object, invocation, username, password);
g_free (username);
return TRUE;
}
static void
init_password_icon (VpncEditor *self,
NMSettingVpn *s_vpn,
const char *secret_key,
const char *type_key,
const char *entry_name)
{
VpncEditorPrivate *priv = VPNC_EDITOR_GET_PRIVATE (self);
GtkWidget *entry;
const char *value;
const char *flags = NULL;
entry = GTK_WIDGET (gtk_builder_get_object (priv->builder, entry_name));
g_assert (entry);
nma_utils_setup_password_storage (entry, 0, (NMSetting *) s_vpn, secret_key,
TRUE, FALSE);
/* If there's no password and no flags in the setting,
* initialize flags as "always-ask".
*/
if (s_vpn) {
flags = secret_flags_to_pw_type (s_vpn, secret_key);
if (!flags || !strcmp (flags, NM_VPNC_PW_TYPE_SAVE))
flags = nm_setting_vpn_get_data_item (s_vpn, type_key);
}
value = gtk_entry_get_text (GTK_ENTRY (entry));
if ((!value || !*value) && !flags)
nma_utils_update_password_storage (entry, NM_SETTING_SECRET_FLAG_NOT_SAVED,
(NMSetting *) s_vpn, secret_key);
g_signal_connect (entry, "notify::secondary-icon-name",
G_CALLBACK (password_storage_changed_cb), self);
}
static void
test_items (const char *detail, NMSettingVPN *s_vpn, const Item *items, gboolean secrets)
{
const Item *iter;
guint32 expected_count = 0, actual_count = 0;
const char *value;
for (iter = items; iter->name; iter++) {
if (secrets)
value = nm_setting_vpn_get_secret (s_vpn, iter->name);
else
value = nm_setting_vpn_get_data_item (s_vpn, iter->name);
if (!iter->value) {
ASSERT (value == NULL, detail, "unexpected item '%s'", iter->name);
} else {
ASSERT (value != NULL, detail, "unexpected missing value for item %s", iter->name);
ASSERT (strcmp (value, iter->value) == 0, detail, "unexpected value for item %s (%s != %s",
iter->name, value, iter->value);
expected_count++;
}
}
if (secrets)
nm_setting_vpn_foreach_secret (s_vpn, item_count_func, &actual_count);
else
nm_setting_vpn_foreach_data_item (s_vpn, item_count_func, &actual_count);
ASSERT (actual_count == expected_count,
detail, "unexpected number of items (got %d, expected %d)", actual_count, expected_count);
}
static gboolean
real_connect (NMVpnServicePlugin *plugin,
NMConnection *connection,
GError **error)
{
NMSstpPluginPrivate *priv = NM_SSTP_PLUGIN_GET_PRIVATE (plugin);
NMSettingVpn *s_vpn;
const char *gwaddr;
const char *value;
s_vpn = nm_connection_get_setting_vpn (connection);
g_assert (s_vpn);
gwaddr = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_GATEWAY);
if (!gwaddr || !strlen (gwaddr)) {
g_set_error_literal (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
_("Invalid or missing SSTP gateway."));
return FALSE;
}
/* Set the UUID of the connection */
value = nm_connection_get_uuid(connection);
if (value && strlen(value))
nm_setting_vpn_add_data_item(s_vpn, NM_SSTP_KEY_UUID, value);
if (!nm_sstp_properties_validate (s_vpn, error))
return FALSE;
if (!nm_sstp_secrets_validate (s_vpn, error))
return FALSE;
priv->connection = g_object_ref (connection);
if (getenv ("NM_PPP_DUMP_CONNECTION") || debug)
nm_connection_dump (connection);
return nm_sstp_start_pppd_binary (NM_SSTP_PLUGIN (plugin),
s_vpn,
gwaddr,
error);
}
static void
test_legacy_ike_port_1_import (NMVpnPluginUiInterface *plugin, const char *dir)
{
NMConnection *connection;
NMSettingConnection *s_con;
NMSettingVPN *s_vpn;
GError *error = NULL;
char *pcf;
const char *expected_id = "Don't use Legacy IKE Port (500)";
const char *value;
pcf = g_build_path ("/", dir, "use-legacy-ike-port-1.pcf", NULL);
ASSERT (pcf != NULL,
"use-legacy-ike-port-1", "failed to create pcf path");
connection = nm_vpn_plugin_ui_interface_import (plugin, pcf, &error);
if (error)
FAIL ("", "error importing %s: %s", pcf, error->message);
ASSERT (connection != NULL,
"use-legacy-ike-port-1", "error importing %s: (unknown)", pcf);
/* Connection setting */
s_con = nm_connection_get_setting_connection (connection);
ASSERT (s_con != NULL,
"use-legacy-ike-port-1", "missing 'connection' setting");
ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0,
"use-legacy-ike-port-1", "unexpected connection ID");
/* VPN setting */
s_vpn = nm_connection_get_setting_vpn (connection);
ASSERT (s_vpn != NULL,
"use-legacy-ike-port-1", "missing 'vpn' setting");
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_LOCAL_PORT);
ASSERT (value != NULL,
"use-legacy-ike-port-1", "unexpected missing value for item %s", NM_VPNC_KEY_LOCAL_PORT);
ASSERT (strcmp (value, "500") == 0,
"use-legacy-ike-port-1", "unexpected value for item %s", NM_VPNC_KEY_LOCAL_PORT);
g_free (pcf);
}
static void
test_nat_force_natt (NMVpnPluginUiInterface *plugin, const char *dir)
{
NMConnection *connection;
NMSettingConnection *s_con;
NMSettingVPN *s_vpn;
GError *error = NULL;
char *pcf;
const char *expected_id = "Force NAT-T";
const char *value;
pcf = g_build_path ("/", dir, "force-natt.pcf", NULL);
ASSERT (pcf != NULL,
"force-natt", "failed to create pcf path");
connection = nm_vpn_plugin_ui_interface_import (plugin, pcf, &error);
if (error)
FAIL ("force-natt", "error importing %s: %s", pcf, error->message);
ASSERT (connection != NULL,
"force-natt", "error importing %s: (unknown)", pcf);
/* Connection setting */
s_con = nm_connection_get_setting_connection (connection);
ASSERT (s_con != NULL,
"force-natt", "missing 'connection' setting");
ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0,
"force-natt", "unexpected connection ID");
/* VPN setting */
s_vpn = nm_connection_get_setting_vpn (connection);
ASSERT (s_vpn != NULL,
"force-natt", "missing 'vpn' setting");
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
ASSERT (value != NULL,
"force-natt", "unexpected missing value for item %s", NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
ASSERT (strcmp (value, NM_VPNC_NATT_MODE_NATT_ALWAYS) == 0,
"force-natt", "unexpected value for item %s", NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
g_free (pcf);
}
static gboolean
nm_sstp_properties_validate (NMSettingVpn *s_vpn,
GError **error)
{
ValidateInfo info = { &valid_properties[0], error, FALSE };
int i;
nm_setting_vpn_foreach_data_item (s_vpn, validate_one_property, &info);
if (!info.have_items) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"%s",
_("No VPN configuration options."));
return FALSE;
}
if (*error)
return FALSE;
/* Ensure required properties exist */
for (i = 0; valid_properties[i].name; i++) {
ValidProperty prop = valid_properties[i];
const char *value;
if (!prop.required)
continue;
value = nm_setting_vpn_get_data_item (s_vpn, prop.name);
if (!value || !strlen (value)) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
_("Missing required option '%s'."),
prop.name);
return FALSE;
}
}
return TRUE;
}
static void
test_always_ask (NMVpnPluginUiInterface *plugin, const char *dir)
{
NMConnection *connection;
NMSettingConnection *s_con;
NMSettingVPN *s_vpn;
GError *error = NULL;
char *pcf;
const char *expected_id = "Always Ask For Password";
const char *value;
pcf = g_build_path ("/", dir, "always-ask.pcf", NULL);
ASSERT (pcf != NULL,
"always-ask", "failed to create pcf path");
connection = nm_vpn_plugin_ui_interface_import (plugin, pcf, &error);
if (error)
FAIL ("always-ask", "error importing %s: %s", pcf, error->message);
ASSERT (connection != NULL,
"always-ask", "error importing %s: (unknown)", pcf);
/* Connection setting */
s_con = nm_connection_get_setting_connection (connection);
ASSERT (s_con != NULL,
"always-ask", "missing 'connection' setting");
ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0,
"always-ask", "unexpected connection ID");
/* VPN setting */
s_vpn = nm_connection_get_setting_vpn (connection);
ASSERT (s_vpn != NULL,
"always-ask", "missing 'vpn' setting");
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_XAUTH_PASSWORD_TYPE);
ASSERT (value == NULL,
"always-ask", "unexpected value for item %s", NM_VPNC_KEY_XAUTH_PASSWORD_TYPE);
g_free (pcf);
}
static gboolean
real_connect (NMVPNPlugin *plugin,
NMConnection *connection,
GError **error)
{
NMSettingVPN *s_vpn;
const char *user_name;
s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN));
if (!s_vpn) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID,
"%s",
"Could not process the request because the VPN connection settings were invalid.");
return FALSE;
}
user_name = nm_setting_vpn_get_user_name (s_vpn);
if (!user_name && !nm_setting_vpn_get_data_item (s_vpn, NM_OPENSSH_KEY_USER)) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID,
"%s",
"Could not process the request because no username was provided.");
return FALSE;
}
/* Validate the properties */
if (!nm_openssh_properties_validate (s_vpn, error))
return FALSE;
/* Finally try to start sshtun */
if (!nm_openssh_start (plugin, s_vpn, error))
return FALSE;
return TRUE;
}
static gboolean
init_plugin_ui (OpenswanPluginUiWidget *self,
NMConnection *connection,
gboolean new_connection,
GError **error)
{
OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self);
NMSettingVPN *s_vpn = NULL;
GtkWidget *widget;
const char *value = NULL;
s_vpn = nm_connection_get_setting_vpn (connection);
priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "gateway_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_RIGHT);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "group_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_LEFTID);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
/* Fill the VPN passwords *before* initializing the PW type combos, since
* knowing if there are passwords when initializing the combos is helpful.
*/
setup_password_widget (self,
"user_password_entry",
s_vpn,
NM_OPENSWAN_XAUTH_PASSWORD,
new_connection);
setup_password_widget (self,
"group_password_entry",
s_vpn,
NM_OPENSWAN_PSK_VALUE,
new_connection);
init_one_pw_combo (self,
s_vpn,
"user_pass_type_combo",
NM_OPENSWAN_XAUTH_PASSWORD,
NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES,
"user_password_entry");
init_one_pw_combo (self,
s_vpn,
"group_pass_type_combo",
NM_OPENSWAN_PSK_VALUE,
NM_OPENSWAN_PSK_INPUT_MODES,
"group_password_entry");
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_LEFTXAUTHUSER);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
/* Phase 1 Algorithms: IKE*/
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "phase1_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_IKE);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
/* Phase 2 Algorithms: ESP*/
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "phase2_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_ESP);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "domain_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_DOMAIN);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "show_passwords_checkbutton"));
g_return_val_if_fail (widget != NULL, FALSE);
g_signal_connect (G_OBJECT (widget), "toggled",
(GCallback) show_toggled_cb,
self);
return TRUE;
}
static gboolean
init_plugin_ui (VpncEditor *self,
NMConnection *connection,
gboolean new_connection,
GError **error)
{
VpncEditorPrivate *priv = VPNC_EDITOR_GET_PRIVATE (self);
NMSettingConnection *s_con = NULL;
NMSettingVpn *s_vpn = NULL;
GtkWidget *widget;
GtkListStore *store;
GtkTreeIter iter;
const char *value = NULL;
int active = -1;
const char *natt_mode = NULL;
const char *ike_dh_group = NULL;
const char *vendor = NULL;
const char *pfs_group = NULL;
gboolean enabled = FALSE;
GtkFileFilter *filter;
if (connection) {
s_con = nm_connection_get_setting_connection (connection);
s_vpn = nm_connection_get_setting_vpn (connection);
}
priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "gateway_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_GATEWAY);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "group_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_ID);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "encryption_combo"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
store = gtk_list_store_new (1, G_TYPE_STRING);
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Secure (default)"), -1);
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Weak (use with caution)"), -1);
if (s_vpn && (active < 0)) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_SINGLE_DES);
if (value && !strcmp (value, "yes"))
active = 1;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("None (completely insecure)"), -1);
if (s_vpn && (active < 0)) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NO_ENCRYPTION);
if (value && !strcmp (value, "yes"))
active = 2;
}
gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store));
g_object_unref (store);
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
/* Fill the VPN passwords *before* initializing the PW type combos, since
* knowing if there are passwords when initializing the combos is helpful.
*/
setup_password_widget (self,
"user_password_entry",
s_vpn,
NM_VPNC_KEY_XAUTH_PASSWORD,
new_connection);
setup_password_widget (self,
"group_password_entry",
s_vpn,
NM_VPNC_KEY_SECRET,
new_connection);
init_password_icon (self,
s_vpn,
NM_VPNC_KEY_XAUTH_PASSWORD,
NM_VPNC_KEY_XAUTH_PASSWORD_TYPE,
"user_password_entry");
init_password_icon (self,
s_vpn,
NM_VPNC_KEY_SECRET,
NM_VPNC_KEY_SECRET_TYPE,
"group_password_entry");
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_XAUTH_USER);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "domain_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_DOMAIN);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
/* Vendor combo */
active = -1;
store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING);
if (s_vpn)
vendor = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_VENDOR);
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Cisco (default)"), 1, NM_VPNC_VENDOR_CISCO, -1);
if ((active < 0) && vendor) {
if (!strcmp (vendor, NM_VPNC_VENDOR_CISCO))
active = 0;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Netscreen"), 1, NM_VPNC_VENDOR_NETSCREEN, -1);
if ((active < 0) && vendor) {
if (!strcmp (vendor, NM_VPNC_VENDOR_NETSCREEN))
active = 1;
}
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "vendor_combo"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store));
g_object_unref (store);
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
/* Application version */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "application_version_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_APP_VERSION);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
/* Interface name */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "interface_name_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
if (s_con) {
value = nm_setting_connection_get_interface_name (s_con);
if (value && strlen (value))
gtk_entry_set_text (GTK_ENTRY (widget), value);
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
active = -1;
store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING);
if (s_vpn)
natt_mode = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("NAT-T when available (default)"), 1, NM_VPNC_NATT_MODE_NATT, -1);
if ((active < 0) && natt_mode) {
if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NATT))
active = 0;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("NAT-T always"), 1, NM_VPNC_NATT_MODE_NATT_ALWAYS, -1);
if ((active < 0) && natt_mode) {
if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NATT_ALWAYS))
active = 1;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Cisco UDP"), 1, NM_VPNC_NATT_MODE_CISCO, -1);
if ((active < 0) && natt_mode) {
if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_CISCO))
active = 2;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Disabled"), 1, NM_VPNC_NATT_MODE_NONE, -1);
if ((active < 0) && natt_mode) {
if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NONE))
active = 3;
}
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "natt_combo"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store));
g_object_unref (store);
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
active = -1;
store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING);
if (s_vpn)
ike_dh_group = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_DHGROUP);
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("DH Group 1"), 1, NM_VPNC_DHGROUP_DH1, -1);
if ((active < 0) && ike_dh_group) {
if (!strcmp (ike_dh_group, NM_VPNC_DHGROUP_DH1))
active = 0;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("DH Group 2 (default)"), 1, NM_VPNC_DHGROUP_DH2, -1);
if ((active < 0) && ike_dh_group) {
if (!strcmp (ike_dh_group, NM_VPNC_DHGROUP_DH2))
active = 1;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("DH Group 5"), 1, NM_VPNC_DHGROUP_DH5, -1);
if ((active < 0) && ike_dh_group) {
if (!strcmp (ike_dh_group, NM_VPNC_DHGROUP_DH5))
active = 2;
}
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "dhgroup_combo"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store));
g_object_unref (store);
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 1 : active);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
/* Local Port */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "local_port_spinbutton"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_LOCAL_PORT);
if (value) {
long int tmp;
errno = 0;
tmp = strtol (value, NULL, 10);
if (errno != 0 || tmp < 0 || tmp > 65535)
tmp = 0;
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "local_port_spinbutton"));
gtk_spin_button_set_value (GTK_SPIN_BUTTON (widget), (gdouble) tmp);
}
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (spinbutton_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dpd_checkbutton"));
g_return_val_if_fail (widget != NULL, FALSE);
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_DPD_IDLE_TIMEOUT);
if (value) {
long int tmp;
errno = 0;
tmp = strtol (value, NULL, 10);
if (tmp >= 0 && tmp <= G_MAXUINT32 && errno == 0)
priv->orig_dpd_timeout = (guint32) tmp;
if (priv->orig_dpd_timeout == 0)
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
}
}
g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);
/* Perfect Forward Secrecy combo */
active = -1;
store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING);
if (s_vpn)
pfs_group = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_PERFECT_FORWARD);
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Server (default)"), 1, NM_VPNC_PFS_SERVER, -1);
if ((active < 0) && pfs_group) {
if (!strcmp (pfs_group, NM_VPNC_PFS_SERVER))
active = 0;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("None"), 1, NM_VPNC_PFS_NOPFS, -1);
if ((active < 0) && pfs_group) {
if (!strcmp (pfs_group, NM_VPNC_PFS_NOPFS))
active = 1;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("DH Group 1"), 1, NM_VPNC_PFS_DH1, -1);
if ((active < 0) && pfs_group) {
if (!strcmp (pfs_group, NM_VPNC_PFS_DH1))
active = 2;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("DH Group 2"), 1, NM_VPNC_PFS_DH2, -1);
if ((active < 0) && pfs_group) {
if (!strcmp (pfs_group, NM_VPNC_PFS_DH2))
active = 3;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("DH Group 5"), 1, NM_VPNC_PFS_DH5, -1);
if ((active < 0) && pfs_group) {
if (!strcmp (pfs_group, NM_VPNC_PFS_DH5))
active = 4;
}
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "pfsecrecy_combo"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store));
g_object_unref (store);
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "show_passwords_checkbutton"));
g_return_val_if_fail (widget != NULL, FALSE);
g_signal_connect (G_OBJECT (widget), "toggled",
(GCallback) show_toggled_cb,
self);
/* hybrid auth */
enabled = FALSE;
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "hybrid_checkbutton"));
g_return_val_if_fail (widget != NULL, FALSE);
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_AUTHMODE);
if (value && !strcmp("hybrid", value)) {
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
enabled = TRUE;
}
}
g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (hybrid_toggled_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "ca_file_chooser"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, widget);
gtk_widget_set_sensitive (widget, enabled);
gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
_("Choose a Certificate Authority (CA) certificate…"));
filter = gtk_file_filter_new ();
gtk_file_filter_add_custom (filter, GTK_FILE_FILTER_FILENAME, cert_filter, NULL, NULL);
gtk_file_filter_set_name (filter, _("PEM certificates (*.pem, *.crt, *.cer)"));
gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_CA_FILE);
if (value && strlen (value))
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
}
g_signal_connect (G_OBJECT (widget), "file-set", G_CALLBACK (stuff_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "cafile_label"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_widget_set_sensitive (widget, enabled);
/* advanced dialog */
priv->advanced_dialog = GTK_WIDGET (gtk_builder_get_object (priv->builder, "vpnc-advanced-dialog"));
g_return_val_if_fail (priv->advanced_dialog != NULL, FALSE);
g_signal_connect (G_OBJECT (priv->advanced_dialog), "delete-event",
G_CALLBACK (gtk_widget_hide_on_delete), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "advanced_button"));
g_return_val_if_fail (widget != NULL, FALSE);
g_signal_connect (G_OBJECT (widget), "clicked",
(GCallback) toggle_advanced_dialog_cb,
self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "apply_button"));
g_return_val_if_fail (widget != NULL, FALSE);
g_signal_connect (G_OBJECT (widget), "clicked",
(GCallback) toggle_advanced_dialog_cb,
self);
return TRUE;
}
void
tls_pw_init_auth_widget (GtkBuilder *builder,
GtkSizeGroup *group,
NMSettingVPN *s_vpn,
ChangedCallback changed_cb,
gpointer user_data)
{
GtkWidget *widget;
const char *value;
GtkFileFilter *filter;
g_return_if_fail (builder != NULL);
g_return_if_fail (group != NULL);
g_return_if_fail (changed_cb != NULL);
widget = GTK_WIDGET (gtk_builder_get_object (builder, "ca_cert_chooser"));
gtk_size_group_add_widget (group, widget);
filter = tls_file_chooser_filter_new ();
gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
_("Choose a Certificate Authority certificate..."));
g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data);
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_CACERT);
if (value && strlen (value))
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
}
widget = GTK_WIDGET (gtk_builder_get_object (builder, "cert_user_cert_chooser"));
gtk_size_group_add_widget (group, widget);
filter = tls_file_chooser_filter_new ();
gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
_("Choose your personal certificate..."));
g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data);
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_USERCERT);
if (value && strlen (value))
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
}
widget = GTK_WIDGET (gtk_builder_get_object (builder, "cert_private_key_chooser"));
gtk_size_group_add_widget (group, widget);
filter = tls_file_chooser_filter_new ();
gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
_("Choose your private key..."));
g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data);
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_PRIVKEY);
if (value && strlen (value))
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
}
}
static GPtrArray *
construct_pppd_args (NMSstpPlugin *plugin,
NMSettingVpn *s_vpn,
const char *pppd,
const char *gwaddr,
GError **error)
{
GPtrArray *args = NULL;
const char *value, *sstp_binary;
char *ipparam, *tmp, *ca_cert = NULL, *proxy = NULL, *uuid = NULL;
const char *proxy_server, *proxy_port;
gboolean ign_cert;
/* Get the proxy settings */
proxy_server = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_PROXY_SERVER);
proxy_port = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_PROXY_PORT);
if (proxy_server && proxy_port && strlen(proxy_server) && strlen(proxy_port)) {
const char *proxy_user, *proxy_password;
long int tmp_int;
if (!str_to_int (proxy_port, &tmp_int))
tmp_int = 0;
proxy_user = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_PROXY_USER);
proxy_password = nm_setting_vpn_get_secret (s_vpn, NM_SSTP_KEY_PROXY_PASSWORD);
proxy = g_strdup_printf("--proxy http://%s%s%s@%s:%ld",
proxy_user,
proxy_password ? ":" : "",
proxy_password ? : "",
proxy_server,
tmp_int);
}
sstp_binary = nm_find_sstpc ();
if (!sstp_binary) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"%s",
_("Could not find sstp client binary."));
return FALSE;
}
/* Validate the Gateway option */
if (!gwaddr || !strlen (gwaddr)) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION,
"%s",
_("Missing VPN gateway."));
goto error;
}
/* Create the argument vector for pppd */
args = g_ptr_array_new ();
g_ptr_array_add (args, (gpointer) g_strdup (pppd));
g_ptr_array_add (args, (gpointer) g_strdup ("pty"));
/* Get the CA Certificate (if any) */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_CA_CERT);
if (value && strlen (value))
ca_cert = g_strdup_printf ("--ca-cert %s", value);
/* Set the UUID of the connection */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_UUID);
if (value && strlen(value))
uuid = g_strdup_printf ("--uuid %s", value);
/* Ignore any certificate warnings */
value = nm_setting_vpn_get_data_item(s_vpn, NM_SSTP_KEY_IGN_CERT_WARN);
if (value && !strcmp(value, "yes")) {
ign_cert = TRUE;
}
/* Prepare the PTY option */
ipparam = g_strdup_printf ("nm-sstp-service-%d", getpid ());
tmp = g_strdup_printf ("%s %s %s --nolaunchpppd %s %s --ipparam %s %s %s",
sstp_binary, gwaddr,
ign_cert == TRUE ? "--cert-warn" : "",
debug ? "--log-level 4" : "",
proxy ? proxy : "",
ipparam,
uuid ? uuid : "",
ca_cert ? ca_cert : ""
);
g_ptr_array_add (args, (gpointer) tmp);
if (ca_cert)
g_free(ca_cert);
if (uuid)
g_free(uuid);
/* Enable debug */
if (debug)
g_ptr_array_add (args, (gpointer) g_strdup ("debug"));
/* PPP options */
g_ptr_array_add (args, (gpointer) g_strdup ("noipv6"));
g_ptr_array_add (args, (gpointer) g_strdup ("ipparam"));
g_ptr_array_add (args, (gpointer) ipparam);
g_ptr_array_add (args, (gpointer) g_strdup ("nodetach"));
g_ptr_array_add (args, (gpointer) g_strdup ("lock"));
g_ptr_array_add (args, (gpointer) g_strdup ("usepeerdns"));
g_ptr_array_add (args, (gpointer) g_strdup ("noipdefault"));
g_ptr_array_add (args, (gpointer) g_strdup ("nodefaultroute"));
/* Don't need to auth the SSTP server */
g_ptr_array_add (args, (gpointer) g_strdup ("noauth"));
/* Username; try SSTP specific username first, then generic username */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_USER);
if (!value || !strlen (value))
value = nm_setting_vpn_get_user_name (s_vpn);
if (!value || !strlen (value)) {
g_set_error_literal (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION,
_("Missing VPN username."));
return FALSE;
}
g_ptr_array_add (args, (gpointer) g_strdup ("user"));
g_ptr_array_add (args, (gpointer) g_strdup (value));
/* Allow EAP (currently not supported */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_REFUSE_EAP);
if (value && !strcmp (value, "yes"))
g_ptr_array_add (args, (gpointer) g_strdup ("refuse-eap"));
/* Allow plain text passwords */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_REFUSE_PAP);
if (value && !strcmp (value, "yes"))
g_ptr_array_add (args, (gpointer) g_strdup ("refuse-pap"));
/* Allow CHAP-MD5 */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_REFUSE_CHAP);
if (value && !strcmp (value, "yes"))
g_ptr_array_add (args, (gpointer) g_strdup ("refuse-chap"));
/* Allow MSCHAP */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_REFUSE_MSCHAP);
if (value && !strcmp (value, "yes"))
g_ptr_array_add (args, (gpointer) g_strdup ("refuse-mschap"));
/* Allow MSCHAP-v2 */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_REFUSE_MSCHAPV2);
if (value && !strcmp (value, "yes"))
g_ptr_array_add (args, (gpointer) g_strdup ("refuse-mschap-v2"));
/* Require MPPE */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_REQUIRE_MPPE);
if (value && !strcmp (value, "yes"))
g_ptr_array_add (args, (gpointer) g_strdup ("require-mppe"));
/* Use MPPE-40 bit */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_REQUIRE_MPPE_40);
if (value && !strcmp (value, "yes"))
g_ptr_array_add (args, (gpointer) g_strdup ("require-mppe-40"));
/* Use MPPE-128 bit */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_REQUIRE_MPPE_128);
if (value && !strcmp (value, "yes"))
g_ptr_array_add (args, (gpointer) g_strdup ("require-mppe-128"));
/* Use stateful MPPE */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_MPPE_STATEFUL);
if (value && !strcmp (value, "yes"))
g_ptr_array_add (args, (gpointer) g_strdup ("mppe-stateful"));
/* No BSD Compression */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_NOBSDCOMP);
if (value && !strcmp (value, "yes"))
g_ptr_array_add (args, (gpointer) g_strdup ("nobsdcomp"));
/* No Deflate */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_NODEFLATE);
if (value && !strcmp (value, "yes"))
g_ptr_array_add (args, (gpointer) g_strdup ("nodeflate"));
/* No Compression */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_NO_VJ_COMP);
if (value && !strcmp (value, "yes"))
g_ptr_array_add (args, (gpointer) g_strdup ("novj"));
/* LCP Echo Failure */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_LCP_ECHO_FAILURE);
if (value && strlen (value)) {
long int tmp_int;
/* Convert to integer and then back to string for security's sake
* because strtol ignores some leading and trailing characters.
*/
if (str_to_int (value, &tmp_int)) {
g_ptr_array_add (args, (gpointer) g_strdup ("lcp-echo-failure"));
g_ptr_array_add (args, (gpointer) g_strdup_printf ("%ld", tmp_int));
} else {
g_warning ("failed to convert lcp-echo-failure value '%s'", value);
}
} else {
g_ptr_array_add (args, (gpointer) g_strdup ("lcp-echo-failure"));
g_ptr_array_add (args, (gpointer) g_strdup ("0"));
}
/* LCP Echo Interval */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_LCP_ECHO_INTERVAL);
if (value && strlen (value)) {
long int tmp_int;
/* Convert to integer and then back to string for security's sake
* because strtol ignores some leading and trailing characters.
*/
if (str_to_int (value, &tmp_int)) {
g_ptr_array_add (args, (gpointer) g_strdup ("lcp-echo-interval"));
g_ptr_array_add (args, (gpointer) g_strdup_printf ("%ld", tmp_int));
} else {
g_warning ("failed to convert lcp-echo-interval value '%s'", value);
}
} else {
g_ptr_array_add (args, (gpointer) g_strdup ("lcp-echo-interval"));
g_ptr_array_add (args, (gpointer) g_strdup ("0"));
}
/* Unit Number */
value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_UNIT_NUM);
if (value && *value) {
long int tmp_int;
if (str_to_int (value, &tmp_int)) {
g_ptr_array_add (args, (gpointer) g_strdup ("unit"));
g_ptr_array_add (args, (gpointer) g_strdup_printf ("%ld", tmp_int));
} else
g_warning ("failed to convert unit value '%s'", value);
}
/* Add the SSTP PPP Plugin */
g_ptr_array_add (args, (gpointer) g_strdup ("plugin"));
g_ptr_array_add (args, (gpointer) g_strdup (NM_SSTP_PPPD_PLUGIN));
/* Terminate pointer array with NULL */
g_ptr_array_add (args, NULL);
return args;
error:
free_pppd_args (args);
return FALSE;
}
static gboolean
real_connect (NMVPNPlugin *plugin,
NMConnection *connection,
GError **error)
{
NML2tpPluginPrivate *priv = NM_L2TP_PLUGIN_GET_PRIVATE (plugin);
NMSettingVPN *s_vpn;
const char *value;
if (getenv ("NM_PPP_DUMP_CONNECTION") || debug)
nm_connection_dump (connection);
s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN));
g_assert (s_vpn);
if (!nm_l2tp_properties_validate (s_vpn, error))
return FALSE;
if (!nm_l2tp_secrets_validate (s_vpn, error))
return FALSE;
/* Start our pppd plugin helper service */
if (priv->service)
g_object_unref (priv->service);
if (priv->connection) {
g_object_unref (priv->connection);
priv->connection = NULL;
}
priv->service = nm_l2tp_ppp_service_new (connection, error);
if (!priv->service) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"%s",
_("Could not start pppd plugin helper service."));
return FALSE;
}
priv->connection = g_object_ref (connection);
g_signal_connect (G_OBJECT (priv->service), "plugin-alive", G_CALLBACK (service_plugin_alive_cb), plugin);
g_signal_connect (G_OBJECT (priv->service), "ppp-state", G_CALLBACK (service_ppp_state_cb), plugin);
g_signal_connect (G_OBJECT (priv->service), "ip4-config", G_CALLBACK (service_ip4_config_cb), plugin);
/* Cache the username and password so we can relay the secrets to the pppd
* plugin when it asks for them.
*/
if (!_service_cache_credentials (priv->service, connection, error))
return FALSE;
if (!nm_l2tp_resolve_gateway (NM_L2TP_PLUGIN (plugin), s_vpn, error))
return FALSE;
if (!nm_l2tp_config_write (NM_L2TP_PLUGIN (plugin), s_vpn, error))
return FALSE;
value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_ENABLE);
g_message(_("ipsec enable flag: %s"), value?value:"(null)");
if(value && !strcmp(value,"yes")) {
g_message(_("starting ipsec"));
if (!nm_l2tp_start_ipsec(NM_L2TP_PLUGIN (plugin), s_vpn, error))
return FALSE;
}
if (!nm_l2tp_start_l2tpd_binary (NM_L2TP_PLUGIN (plugin), s_vpn, error))
return FALSE;
return TRUE;
}
static gboolean
nm_openssh_start (NMVPNPlugin *plugin, NMSettingVPN *s_vpn, GError **error)
{
NMOpensshPluginPrivate *priv = NM_OPENSSH_PLUGIN_GET_PRIVATE(plugin);
sshtun_handle_t handle;
const char *tun_mode;
char *tun_owner = NULL, *host = NULL, *user = NULL,
*public_key = NULL, *private_key = NULL, *config_script = NULL;
const char *val;
int ret;
gboolean retval = TRUE;
GIOChannel *event_channel;
GSource *child_watch, *event_watch;
val = nm_setting_vpn_get_user_name (s_vpn);
if (!val) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"%s",
"Can't get username.");
retval = FALSE;
goto out;
}
tun_owner = g_strdup (val);
val = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSSH_KEY_TUN_USE_TAP);
tun_mode = val && !strcmp (val, "yes") ? "ethernet" : "pointopoint";
val = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSSH_KEY_USER);
user = val ? g_strdup (val) : g_strdup (tun_owner);
val = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSSH_KEY_HOST);
if (!val) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"%s",
"Host is missing.");
retval = FALSE;
goto out;
}
host = g_strdup (val);
val = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSSH_KEY_PUBLIC_KEY);
if (!val) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"%s",
"SSH public key is missing.");
retval = FALSE;
goto out;
}
public_key = g_strdup (val);
val = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSSH_KEY_PRIVATE_KEY);
if (!val) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"%s",
"SSH private key is missing.");
retval = FALSE;
goto out;
}
private_key = g_strdup (val);
val = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSSH_KEY_CONFIG_SCRIPT);
if (!val) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"%s",
"IP config script is missing.");
retval = FALSE;
goto out;
}
config_script = g_strdup (val);
ret = sshtun_new (&handle);
if (ret < 0) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_GENERAL,
"%s",
"Could not allocate memory for an sshtun process.");
retval = FALSE;
goto out;
}
ret = sshtun_set_params (handle,
SSHTUN_PARAM_TUN_MODE, tun_mode,
SSHTUN_PARAM_TUN_OWNER, tun_owner,
SSHTUN_PARAM_USER, user,
SSHTUN_PARAM_HOST, host,
SSHTUN_PARAM_SERVICE, "ssh",
SSHTUN_PARAM_PUBLIC_KEY, public_key,
SSHTUN_PARAM_PRIVATE_KEY, private_key,
SSHTUN_PARAM_CONFIG_SCRIPT, config_script,
0);
if (ret < 0) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"%s",
"Could not set parameters for an sshtun process.");
retval = FALSE;
goto out;
}
ret = sshtun_start (handle);
if (ret < 0) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"%s",
"Could not start an sshtun process.");
retval = FALSE;
goto out;
}
priv->handle = handle;
val = nm_setting_vpn_get_secret (s_vpn, NM_OPENSSH_KEY_PASSWORD);
priv->password = val ? g_strdup (val) : NULL;
/* Watch the status change of the sshtun child process. */
child_watch = g_child_watch_source_new (sshtun_pid (priv->handle));
g_source_set_callback (child_watch,
(GSourceFunc) child_watch_cb, plugin,
NULL);
g_source_attach (child_watch, NULL);
g_source_unref (child_watch);
/* Watch the normal event from the sshtun child process. */
event_channel = g_io_channel_unix_new (sshtun_event_fd (priv->handle));
event_watch = g_io_create_watch (event_channel, G_IO_IN);
g_source_set_callback (event_watch,
(GSourceFunc) event_watch_cb, plugin,
NULL);
g_source_attach (event_watch, NULL);
g_source_unref (event_watch);
g_io_channel_unref (event_channel);
out:
g_free (tun_owner);
g_free (host);
g_free (user);
g_free (public_key);
g_free (private_key);
g_free (config_script);
return retval;
}
static void
init_one_pw_combo (OpenswanPluginUiWidget *self,
NMSettingVPN *s_vpn,
const char *combo_name,
const char *secret_key,
const char *type_key,
const char *entry_name)
{
OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self);
int active = -1;
GtkWidget *widget;
GtkListStore *store;
GtkTreeIter iter;
const char *value = NULL;
guint32 default_idx = 1;
/* If there's already a password and the password type can't be found in
* the VPN settings, default to saving it. Otherwise, always ask for it.
*/
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, entry_name));
if (widget) {
const char *tmp;
tmp = gtk_entry_get_text (GTK_ENTRY (widget));
if (tmp && strlen (tmp))
default_idx = 0;
}
store = gtk_list_store_new (1, G_TYPE_STRING);
if (s_vpn) {
value = secret_flags_to_pw_type (s_vpn, secret_key);
if (!value)
value = nm_setting_vpn_get_data_item (s_vpn, type_key);
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Saved"), -1);
if ((active < 0) && value) {
if (!strcmp (value, NM_OPENSWAN_PW_TYPE_SAVE))
active = 0;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Always Ask"), -1);
if ((active < 0) && value) {
if (!strcmp (value, NM_OPENSWAN_PW_TYPE_ASK))
active = 1;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Not Required"), -1);
if ((active < 0) && value) {
if (!strcmp (value, NM_OPENSWAN_PW_TYPE_UNUSED))
active = 2;
}
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, combo_name));
g_assert (widget);
gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store));
g_object_unref (store);
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? default_idx : active);
pw_type_changed_helper (self, widget);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (pw_type_combo_changed_cb), self);
}
static gboolean
vpn_openconnect_get_secrets (NMConnection *connection, GPtrArray *secrets)
{
GError *error = NULL;
NMSettingVpn *s_vpn;
const char *vpn_type, *gw, *port;
char *cookie = NULL;
char *gateway = NULL;
char *gwcert = NULL;
int status = 0;
int i;
gboolean ret;
if (!connection)
return FALSE;
if (!nm_connection_is_type (connection, NM_SETTING_VPN_SETTING_NAME))
return FALSE;
s_vpn = nm_connection_get_setting_vpn (connection);
vpn_type = nm_setting_vpn_get_service_type (s_vpn);
if (g_strcmp0 (vpn_type, NM_DBUS_INTERFACE ".openconnect"))
return FALSE;
/* Get gateway and port */
gw = nm_setting_vpn_get_data_item (s_vpn, "gateway");
port = gw ? strrchr (gw, ':') : NULL;
/* Interactively authenticate to OpenConnect server and get secrets */
ret = nm_vpn_openconnect_authenticate_helper (gw, &cookie, &gateway, &gwcert, &status, &error);
if (!ret) {
g_printerr (_("Error: openconnect failed: %s\n"), error->message);
g_clear_error (&error);
return FALSE;
}
if (WIFEXITED (status)) {
if (WEXITSTATUS (status) != 0)
g_printerr (_("Error: openconnect failed with status %d\n"), WEXITSTATUS (status));
} else if (WIFSIGNALED (status))
g_printerr (_("Error: openconnect failed with signal %d\n"), WTERMSIG (status));
/* Append port to the host value */
if (gateway && port) {
char *tmp = gateway;
gateway = g_strdup_printf ("%s%s", gateway, port);
g_free (tmp);
}
/* Fill secrets to the array */
for (i = 0; i < secrets->len; i++) {
NMSecretAgentSimpleSecret *secret = secrets->pdata[i];
if (!g_strcmp0 (secret->vpn_type, vpn_type)) {
if (!g_strcmp0 (secret->vpn_property, "cookie")) {
g_free (secret->value);
secret->value = cookie;
cookie = NULL;
} else if (!g_strcmp0 (secret->vpn_property, "gateway")) {
g_free (secret->value);
secret->value = gateway;
gateway = NULL;
} else if (!g_strcmp0 (secret->vpn_property, "gwcert")) {
g_free (secret->value);
secret->value = gwcert;
gwcert = NULL;
}
}
}
g_free (cookie);
g_free (gateway);
g_free (gwcert);
return TRUE;
}
static gboolean
nm_l2tp_start_ipsec(NML2tpPlugin *plugin,
NMSettingVPN *s_vpn,
GError **error)
{
// NML2tpPluginPrivate *priv = NM_L2TP_PLUGIN_GET_PRIVATE (plugin);
const char *ipsec_binary;
const char *value;
char tmp_secrets[128];
char cmd1[4096],cmd11[4096],cmd2[4096];
char session_name[128];
guint sys=0;
FILE *fp;
if (!(ipsec_binary=nm_find_ipsec())) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"%s",
_("Could not find the ipsec binary."));
return FALSE;
}
sprintf(session_name, "nm-ipsec-l2tpd-%d", getpid());
sys += system("test -e /var/run/pluto/ipsec.info && . /var/run/pluto/ipsec.info;"
"PATH=/usr/local/sbin:/usr/sbin:/sbin; export PATH;"
"[ \"x$defaultrouteaddr\" = \"x\" ] && ipsec setup restart");
sys += system("PATH=/usr/local/sbin:/usr/sbin:/sbin ipsec whack"
" --listen");
sprintf(cmd1,"test -e /var/run/pluto/ipsec.info && . /var/run/pluto/ipsec.info;"
"PATH=/usr/local/sbin:/usr/sbin:/sbin ipsec addconn "
" ${defaultrouteaddr:+--defaultroute} $defaultrouteaddr"
" ${defaultroutenexthop:+--defaultroutenexthop} $defaultroutenexthop"
" --config /var/run/nm-ipsec-l2tp.%d/ipsec.conf --verbose"
" %s", getpid(),session_name);
sprintf(cmd11, "PATH=/usr/local/sbin:/usr/sbin:/sbin ipsec auto "
" --config /var/run/nm-ipsec-l2tp.%d/ipsec.conf --verbose"
" --add %s", getpid(),session_name);
sprintf(cmd2,"PATH=/usr/local/sbin:/usr/sbin:/sbin ipsec auto "
" --config /var/run/nm-ipsec-l2tp.%d/ipsec.conf --verbose"
" --up %s",getpid(),session_name);
/* the way this works is sadly very messy
we replace the user's /etc/ipsec.secrets file
we ask openswan to reload the secrets,
we whack in our connection,
we then replace the secrets and ask openswan to reload them
*/
sprintf(tmp_secrets, "/etc/ipsec.secrets.%d",getpid());
if(-1==rename("/etc/ipsec.secrets", tmp_secrets) && errno != EEXIST) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"%s",
_("Cannot save /etc/ipsec.secrets"));
return FALSE;
}
if(!(fp=fopen("/etc/ipsec.secrets","w"))) {
rename(tmp_secrets, "/etc/ipsec.secrets");
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"%s",
_("Cannot open /etc/ipsec.secrets for writing"));
return FALSE;
}
value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_GROUP_NAME);
fprintf(fp, "%s%s ",value?"@":"", value?value:"%any");
value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_GATEWAY_ID);
fprintf(fp, "%s%s ",value?"@":"", value?value:"%any");
value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_PSK);
if(!value)value="";
fprintf(fp, ": PSK \"%s\"\n",value);
fclose(fp);
sys += system("PATH=\"/sbin:/usr/sbin:/usr/local/sbin:$PATH\" ipsec secrets");
sys += system(cmd11);
sys += system(cmd1);
sys += system(cmd2);
rename(tmp_secrets, "/etc/ipsec.secrets");
sys += system("PATH=\"/sbin:/usr/sbin:/usr/local/sbin:$PATH\" ipsec secrets");
if (sys != 0) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"%s",
_("Possible error in IPSec setup."));
return FALSE;
}
g_message(_("ipsec ready for action"));
return TRUE;
}
static gboolean
nm_l2tp_resolve_gateway (NML2tpPlugin *plugin,
NMSettingVPN *s_vpn,
GError **error)
{
NML2tpPluginPrivate *priv = NM_L2TP_PLUGIN_GET_PRIVATE (plugin);
const char *p, *src;
gboolean is_name = FALSE;
struct in_addr naddr;
struct addrinfo hints;
struct addrinfo *result = NULL, *rp;
int err;
char buf[INET_ADDRSTRLEN + 1];
p = src = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_GATEWAY);
g_return_val_if_fail (src != NULL, FALSE);
while (*p) {
if (*p != '.' && !isdigit (*p)) {
is_name = TRUE;
break;
}
p++;
}
if (is_name == FALSE) {
errno = 0;
if (inet_pton (AF_INET, src, &naddr) <= 0) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
_("couldn't convert L2TP VPN gateway IP address '%s' (%d)"),
src, errno);
return FALSE;
}
priv->naddr = naddr.s_addr;
priv->saddr = g_strdup (src);
return TRUE;
}
/* It's a hostname, resolve it */
memset (&hints, 0, sizeof (hints));
hints.ai_family = AF_INET;
hints.ai_flags = AI_ADDRCONFIG;
err = getaddrinfo (src, NULL, &hints, &result);
if (err != 0) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
_("couldn't look up L2TP VPN gateway IP address '%s' (%d)"),
src, err);
return FALSE;
}
/* If the hostname resolves to multiple IP addresses, use the first one.
* FIXME: maybe we just want to use a random one instead?
*/
memset (&naddr, 0, sizeof (naddr));
for (rp = result; rp; rp = rp->ai_next) {
if ( (rp->ai_family == AF_INET)
&& (rp->ai_addrlen == sizeof (struct sockaddr_in))) {
struct sockaddr_in *inptr = (struct sockaddr_in *) rp->ai_addr;
memcpy (&naddr, &(inptr->sin_addr), sizeof (struct in_addr));
break;
}
}
freeaddrinfo (result);
if (naddr.s_addr == 0) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
_("no usable addresses returned for L2TP VPN gateway '%s'"),
src);
return FALSE;
}
memset (buf, 0, sizeof (buf));
errno = 0;
if (inet_ntop (AF_INET, &naddr, buf, sizeof (buf) - 1) == NULL) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
_("no usable addresses returned for L2TP VPN gateway '%s' (%d)"),
src, errno);
return FALSE;
}
g_message(_("Use '%s' as a gateway"), buf);
priv->naddr = naddr.s_addr;
priv->saddr = g_strdup (buf);
return TRUE;
}
static gboolean
init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError **error)
{
StrongswanPluginUiWidgetPrivate *priv = STRONGSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self);
NMSettingVPN *settings;
GtkWidget *widget;
const char *value;
settings = NM_SETTING_VPN(nm_connection_get_setting(connection, NM_TYPE_SETTING_VPN));
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "address-entry"));
value = nm_setting_vpn_get_data_item (settings, "address");
if (value)
gtk_entry_set_text (GTK_ENTRY (widget), value);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (settings_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "certificate-button"));
value = nm_setting_vpn_get_data_item (settings, "certificate");
if (value)
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (settings_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user-label"));
gtk_widget_set_no_show_all (widget, TRUE);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user-entry"));
gtk_widget_set_no_show_all (widget, TRUE);
value = nm_setting_vpn_get_data_item (settings, "user");
if (value)
gtk_entry_set_text (GTK_ENTRY (widget), value);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (settings_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "method-combo"));
gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("Certificate/private key"));
gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("Certificate/ssh-agent"));
gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("Smartcard"));
gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("EAP"));
gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("Pre-shared key"));
value = nm_setting_vpn_get_data_item (settings, "method");
if (value) {
if (g_strcmp0 (value, "key") == 0) {
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0);
}
if (g_strcmp0 (value, "agent") == 0) {
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1);
}
if (g_strcmp0 (value, "smartcard") == 0) {
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 2);
}
if (g_strcmp0 (value, "eap") == 0) {
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 3);
}
if (g_strcmp0 (value, "psk") == 0) {
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 4);
}
}
if (gtk_combo_box_get_active (GTK_COMBO_BOX (widget)) == -1)
{
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0);
}
update_layout (widget, priv);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (settings_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "usercert-label"));
gtk_widget_set_no_show_all (widget, TRUE);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "usercert-button"));
gtk_widget_set_no_show_all (widget, TRUE);
value = nm_setting_vpn_get_data_item (settings, "usercert");
if (value)
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (settings_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "userkey-label"));
gtk_widget_set_no_show_all (widget, TRUE);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "userkey-button"));
gtk_widget_set_no_show_all (widget, TRUE);
value = nm_setting_vpn_get_data_item (settings, "userkey");
if (value)
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (settings_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "virtual-check"));
value = nm_setting_vpn_get_data_item (settings, "virtual");
if (value && strcmp(value, "yes") == 0)
{
gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(widget), TRUE);
}
g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (settings_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "encap-check"));
value = nm_setting_vpn_get_data_item (settings, "encap");
if (value && strcmp(value, "yes") == 0)
{
gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(widget), TRUE);
}
g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (settings_changed_cb), self);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "ipcomp-check"));
value = nm_setting_vpn_get_data_item (settings, "ipcomp");
if (value && strcmp(value, "yes") == 0)
{
gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(widget), TRUE);
}
g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (settings_changed_cb), self);
return TRUE;
}
static gint
nm_openconnect_start_openconnect_binary (NMOPENCONNECTPlugin *plugin,
NMSettingVPN *s_vpn,
GError **error)
{
NMOPENCONNECTPluginPrivate *priv = NM_OPENCONNECT_PLUGIN_GET_PRIVATE (plugin);
GPid pid;
const char **openconnect_binary = NULL;
GPtrArray *openconnect_argv;
GSource *openconnect_watch;
gint stdin_fd;
const char *props_vpn_gw, *props_cookie, *props_cacert, *props_mtu, *props_gwcert, *props_proxy;
/* Find openconnect */
openconnect_binary = openconnect_binary_paths;
while (*openconnect_binary != NULL) {
if (g_file_test (*openconnect_binary, G_FILE_TEST_EXISTS))
break;
openconnect_binary++;
}
if (!*openconnect_binary) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"%s",
_("Could not find openconnect binary."));
return -1;
}
/* The actual gateway to use (after redirection) comes from the auth
dialog, so it's in the secrets hash not the properties */
props_vpn_gw = nm_setting_vpn_get_secret (s_vpn, NM_OPENCONNECT_KEY_GATEWAY);
if (!props_vpn_gw || !strlen (props_vpn_gw) ) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"%s",
_("No VPN gateway specified."));
return -1;
}
props_cookie = nm_setting_vpn_get_secret (s_vpn, NM_OPENCONNECT_KEY_COOKIE);
if (!props_cookie || !strlen (props_cookie)) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"%s",
_("No WebVPN cookie provided."));
return -1;
}
props_gwcert = nm_setting_vpn_get_secret (s_vpn, NM_OPENCONNECT_KEY_GWCERT);
props_cacert = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_CACERT);
props_mtu = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_MTU);
props_proxy = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_PROXY);
openconnect_argv = g_ptr_array_new ();
g_ptr_array_add (openconnect_argv, (gpointer) (*openconnect_binary));
if (props_gwcert && strlen(props_gwcert)) {
g_ptr_array_add (openconnect_argv, (gpointer) "--servercert");
g_ptr_array_add (openconnect_argv, (gpointer) props_gwcert);
} else if (props_cacert && strlen(props_cacert)) {
g_ptr_array_add (openconnect_argv, (gpointer) "--cafile");
g_ptr_array_add (openconnect_argv, (gpointer) props_cacert);
}
if (props_mtu && strlen(props_mtu)) {
g_ptr_array_add (openconnect_argv, (gpointer) "--mtu");
g_ptr_array_add (openconnect_argv, (gpointer) props_mtu);
}
if (props_proxy && strlen(props_proxy)) {
g_ptr_array_add (openconnect_argv, (gpointer) "--proxy");
g_ptr_array_add (openconnect_argv, (gpointer) props_proxy);
}
g_ptr_array_add (openconnect_argv, (gpointer) "--syslog");
g_ptr_array_add (openconnect_argv, (gpointer) "--cookie-on-stdin");
g_ptr_array_add (openconnect_argv, (gpointer) "--script");
g_ptr_array_add (openconnect_argv, (gpointer) NM_OPENCONNECT_HELPER_PATH);
priv->tun_name = create_persistent_tundev ();
if (priv->tun_name) {
g_ptr_array_add (openconnect_argv, (gpointer) "--interface");
g_ptr_array_add (openconnect_argv, (gpointer) priv->tun_name);
}
g_ptr_array_add (openconnect_argv, (gpointer) props_vpn_gw);
if (debug)
g_ptr_array_add (openconnect_argv, (gpointer) "--verbose");
g_ptr_array_add (openconnect_argv, NULL);
if (!g_spawn_async_with_pipes (NULL, (char **) openconnect_argv->pdata, NULL,
G_SPAWN_DO_NOT_REAP_CHILD,
openconnect_drop_child_privs, priv->tun_name,
&pid, &stdin_fd, NULL, NULL, error)) {
g_ptr_array_free (openconnect_argv, TRUE);
g_warning ("openconnect failed to start. error: '%s'", (*error)->message);
return -1;
}
g_ptr_array_free (openconnect_argv, TRUE);
g_message ("openconnect started with pid %d", pid);
if (write(stdin_fd, props_cookie, strlen(props_cookie)) != strlen(props_cookie) ||
write(stdin_fd, "\n", 1) != 1) {
g_warning ("openconnect didn't eat the cookie we fed it");
return -1;
}
close(stdin_fd);
NM_OPENCONNECT_PLUGIN_GET_PRIVATE (plugin)->pid = pid;
openconnect_watch = g_child_watch_source_new (pid);
g_source_set_callback (openconnect_watch, (GSourceFunc) openconnect_watch_cb, plugin, NULL);
g_source_attach (openconnect_watch, NULL);
g_source_unref (openconnect_watch);
return 0;
}
static gboolean
nm_l2tp_config_write (NML2tpPlugin *plugin,
NMSettingVPN *s_vpn,
GError **error)
{
NML2tpPluginPrivate *priv = NM_L2TP_PLUGIN_GET_PRIVATE (plugin);
NML2tpPppServicePrivate *service_priv = NULL;
char *filename;
pid_t pid = getpid ();
const char *value;
// const char *username;
gint conf_fd = -1;
gint ipsec_fd = -1;
gint pppopt_fd = -1;
int port;
int i;
filename = g_strdup_printf ("/var/run/nm-ipsec-l2tp.%d", pid);
mkdir(filename,0700);
g_free (filename);
filename = g_strdup_printf ("/var/run/nm-ipsec-l2tp.%d/ipsec.conf", pid);
ipsec_fd = open (filename, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
g_free (filename);
if (ipsec_fd == -1) {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"%s",
_("Could not write ipsec config."));
return FALSE;
}
write_config_option (ipsec_fd, "version 2.0\n"
"config setup\n"
" nat_traversal=yes\n"
" force_keepalive=yes\n"
" protostack=netkey\n"
" keep_alive=60\n"
"\n");
write_config_option (ipsec_fd, "conn nm-ipsec-l2tpd-%d\n", pid);
write_config_option (ipsec_fd,
" auto=add\n"
" type=transport\n"
" auth=esp\n"
" pfs=no\n"
" authby=secret\n"
" keyingtries=0\n"
" left=%%defaultroute\n");
value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_GROUP_NAME);
if(value)write_config_option (ipsec_fd, " leftid=@%s\n", value);
/* value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_GATEWAY); */
write_config_option (ipsec_fd, " right=%s\n", priv->saddr);
value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_GATEWAY_ID);
if(value)write_config_option (ipsec_fd, " rightid=@%s\n", value);
write_config_option (ipsec_fd,
" esp=3des-sha1\n"
" keyexchange=ike\n"
" ike=3des-sha1-modp1024\n"
" aggrmode=no\n"
" forceencaps=yes\n");
filename = g_strdup_printf ("/var/run/nm-xl2tpd.conf.%d", pid);
conf_fd = open (filename, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
g_free (filename);
if (conf_fd == -1) {
close(ipsec_fd);
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"%s",
_("Could not write xl2tpd config."));
return FALSE;
}
filename = g_strdup_printf ("/var/run/nm-ppp-options.xl2tpd.%d", pid);
pppopt_fd = open (filename, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
g_free (filename);
if (pppopt_fd == -1) {
close(ipsec_fd);
close(conf_fd);
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
"%s",
_("Could not write ppp options."));
return FALSE;
}
/* L2TP options */
write_config_option (conf_fd, "[global]\n");
write_config_option (conf_fd, "access control = yes\n");
/* Check that xl2tpd's default port 1701 is free, if not - use 0 (ephemeral random port) */
/* port = get_free_l2tp_port(); */
port = 1701;
if (!is_port_free (port)){
port = 0;
g_warning("Port 1701 is busy, use ephemeral.");
}
write_config_option (conf_fd, "port = %d\n", port);
if (debug){
/* write_config_option (conf_fd, "debug network = yes\n"); */
write_config_option (conf_fd, "debug state = yes\n");
write_config_option (conf_fd, "debug tunnel = yes\n");
write_config_option (conf_fd, "debug avp = yes\n");
}
write_config_option (conf_fd, "[lac l2tp]\n");
/* value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_GATEWAY); */
write_config_option (conf_fd, "lns = %s\n", priv->saddr);
if (priv->service)
service_priv = NM_L2TP_PPP_SERVICE_GET_PRIVATE (priv->service);
if (service_priv && strlen (service_priv->username)) {
write_config_option (conf_fd, "name = %s\n", service_priv->username);
}
if (debug)
write_config_option (conf_fd, "ppp debug = yes\n");
write_config_option (conf_fd, "pppoptfile = /var/run/nm-ppp-options.xl2tpd.%d\n", pid);
write_config_option (conf_fd, "autodial = yes\n");
write_config_option (conf_fd, "tunnel rws = 8\n");
write_config_option (conf_fd, "tx bps = 100000000\n");
write_config_option (conf_fd, "rx bps = 100000000\n");
/* PPP options */
if (debug)
write_config_option (pppopt_fd, "debug\n");
write_config_option (pppopt_fd, "ipparam nm-l2tp-service-%d\n", pid);
write_config_option (pppopt_fd, "nodetach\n");
write_config_option (pppopt_fd, "lock\n");
write_config_option (pppopt_fd, "usepeerdns\n");
write_config_option (pppopt_fd, "noipdefault\n");
write_config_option (pppopt_fd, "nodefaultroute\n");
/* Don't need to auth the L2TP server */
write_config_option (pppopt_fd, "noauth\n");
/* pppd and xl2tpd on Linux require this option to support Android and iOS clients,
and pppd on Linux clients won't work without the same option */
write_config_option (pppopt_fd, "noccp\n");
if (service_priv && strlen (service_priv->username)) {
write_config_option (pppopt_fd, "name %s\n", service_priv->username);
}
for(i=0; ppp_options[i].name; i++){
value = nm_setting_vpn_get_data_item (s_vpn, ppp_options[i].name);
if (value && !strcmp (value, "yes"))
write_config_option (pppopt_fd, ppp_options[i].write_to_config);
}
value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_LCP_ECHO_FAILURE);
if (value && strlen (value)) {
long int tmp_int;
/* Convert to integer and then back to string for security's sake
* because strtol ignores some leading and trailing characters.
*/
errno = 0;
tmp_int = strtol (value, NULL, 10);
if (errno == 0) {
write_config_option (pppopt_fd, "lcp-echo-failure %ld\n", tmp_int);
} else {
g_warning (_("failed to convert lcp-echo-failure value '%s'"), value);
}
} else {
write_config_option (pppopt_fd, "lcp-echo-failure 0\n");
}
value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_LCP_ECHO_INTERVAL);
if (value && strlen (value)) {
long int tmp_int;
/* Convert to integer and then back to string for security's sake
* because strtol ignores some leading and trailing characters.
*/
errno = 0;
tmp_int = strtol (value, NULL, 10);
if (errno == 0) {
write_config_option (pppopt_fd, "lcp-echo-interval %ld\n", tmp_int);
} else {
g_warning (_("failed to convert lcp-echo-interval value '%s'"), value);
}
} else {
write_config_option (pppopt_fd, "lcp-echo-interval 0\n");
}
write_config_option (pppopt_fd, "plugin %s\n", NM_L2TP_PPPD_PLUGIN);
close(ipsec_fd);
close(conf_fd);
close(pppopt_fd);
return TRUE;
}
