static gboolean _service_cache_credentials (NML2tpPppService *self, NMConnection *connection, GError **error) { NML2tpPppServicePrivate *priv = NM_L2TP_PPP_SERVICE_GET_PRIVATE (self); NMSettingVPN *s_vpn; const char *username, *password, *domain; g_return_val_if_fail (self != NULL, FALSE); g_return_val_if_fail (connection != NULL, FALSE); s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN); if (!s_vpn) { g_set_error_literal (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID, _("Could not find secrets (connection invalid, no vpn setting).")); return FALSE; } /* Username; try L2TP specific username first, then generic username */ username = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_USER); if (username && strlen (username)) { /* FIXME: This check makes about 0 sense. */ if (!username || !strlen (username)) { g_set_error_literal (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID, _("Invalid VPN username.")); return FALSE; } } else { username = nm_setting_vpn_get_user_name (s_vpn); if (!username || !strlen (username)) { g_set_error_literal (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID, _("Missing VPN username.")); return FALSE; } } password = nm_setting_vpn_get_secret (s_vpn, NM_L2TP_KEY_PASSWORD); if (!password || !strlen (password)) { g_set_error_literal (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID, _("Missing or invalid VPN password.")); return FALSE; } domain = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_DOMAIN); if (domain && strlen (domain)) priv->domain = g_strdup(domain); priv->username = g_strdup(username); priv->password = g_strdup(password); return TRUE; }
static gboolean init_plugin_ui (L2tpPluginUiWidget *self, NMConnection *connection, GError **error) { L2tpPluginUiWidgetPrivate *priv = L2TP_PLUGIN_UI_WIDGET_GET_PRIVATE (self); NMSettingVPN *s_vpn; GtkWidget *widget; const char *value; s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN); priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL); widget = glade_xml_get_widget (priv->xml, "gateway_entry"); if (!widget) return FALSE; gtk_size_group_add_widget (priv->group, widget); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_GATEWAY); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = glade_xml_get_widget (priv->xml, "user_entry"); if (!widget) return FALSE; gtk_size_group_add_widget (priv->group, widget); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_USER); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = glade_xml_get_widget (priv->xml, "domain_entry"); if (!widget) return FALSE; gtk_size_group_add_widget (priv->group, widget); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_DOMAIN); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = glade_xml_get_widget (priv->xml, "advanced_button"); g_signal_connect (G_OBJECT (widget), "clicked", G_CALLBACK (advanced_button_clicked_cb), self); widget = glade_xml_get_widget (priv->xml, "show_passwords_checkbutton"); g_return_val_if_fail (widget != NULL, FALSE); g_signal_connect (G_OBJECT (widget), "toggled", (GCallback) show_toggled_cb, self); fill_vpn_passwords (priv->xml, priv->group, connection, stuff_changed_cb, self); return TRUE; }
static gboolean handle_need_secrets (NMDBusSstpPpp *object, GDBusMethodInvocation *invocation, gpointer user_data) { NMSstpPlugin *self = NM_SSTP_PLUGIN (user_data); NMSstpPluginPrivate *priv = NM_SSTP_PLUGIN_GET_PRIVATE (self); NMSettingVpn *s_vpn; const char *user, *password, *domain; gchar *username; remove_timeout_handler (NM_SSTP_PLUGIN (user_data)); s_vpn = nm_connection_get_setting_vpn (priv->connection); g_assert (s_vpn); /* Username; try SSTP specific username first, then generic username */ user = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_USER); if (!user || !strlen (user)) user = nm_setting_vpn_get_user_name (s_vpn); if (!user || !strlen (user)) { g_dbus_method_invocation_return_error_literal (invocation, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION, _("Missing VPN username.")); return FALSE; } password = nm_setting_vpn_get_secret (s_vpn, NM_SSTP_KEY_PASSWORD); if (!password || !strlen (password)) { g_dbus_method_invocation_return_error_literal (invocation, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION, _("Missing or invalid VPN password.")); return FALSE;; } /* Domain is optional */ domain = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_DOMAIN); /* Success */ if (domain && strlen (domain)) username = g_strdup_printf ("%s\\%s", domain, user); else username = g_strdup (user); nmdbus_sstp_ppp_complete_need_secrets (object, invocation, username, password); g_free (username); return TRUE; }
static void init_password_icon (VpncEditor *self, NMSettingVpn *s_vpn, const char *secret_key, const char *type_key, const char *entry_name) { VpncEditorPrivate *priv = VPNC_EDITOR_GET_PRIVATE (self); GtkWidget *entry; const char *value; const char *flags = NULL; entry = GTK_WIDGET (gtk_builder_get_object (priv->builder, entry_name)); g_assert (entry); nma_utils_setup_password_storage (entry, 0, (NMSetting *) s_vpn, secret_key, TRUE, FALSE); /* If there's no password and no flags in the setting, * initialize flags as "always-ask". */ if (s_vpn) { flags = secret_flags_to_pw_type (s_vpn, secret_key); if (!flags || !strcmp (flags, NM_VPNC_PW_TYPE_SAVE)) flags = nm_setting_vpn_get_data_item (s_vpn, type_key); } value = gtk_entry_get_text (GTK_ENTRY (entry)); if ((!value || !*value) && !flags) nma_utils_update_password_storage (entry, NM_SETTING_SECRET_FLAG_NOT_SAVED, (NMSetting *) s_vpn, secret_key); g_signal_connect (entry, "notify::secondary-icon-name", G_CALLBACK (password_storage_changed_cb), self); }
static void test_items (const char *detail, NMSettingVPN *s_vpn, const Item *items, gboolean secrets) { const Item *iter; guint32 expected_count = 0, actual_count = 0; const char *value; for (iter = items; iter->name; iter++) { if (secrets) value = nm_setting_vpn_get_secret (s_vpn, iter->name); else value = nm_setting_vpn_get_data_item (s_vpn, iter->name); if (!iter->value) { ASSERT (value == NULL, detail, "unexpected item '%s'", iter->name); } else { ASSERT (value != NULL, detail, "unexpected missing value for item %s", iter->name); ASSERT (strcmp (value, iter->value) == 0, detail, "unexpected value for item %s (%s != %s", iter->name, value, iter->value); expected_count++; } } if (secrets) nm_setting_vpn_foreach_secret (s_vpn, item_count_func, &actual_count); else nm_setting_vpn_foreach_data_item (s_vpn, item_count_func, &actual_count); ASSERT (actual_count == expected_count, detail, "unexpected number of items (got %d, expected %d)", actual_count, expected_count); }
static gboolean real_connect (NMVpnServicePlugin *plugin, NMConnection *connection, GError **error) { NMSstpPluginPrivate *priv = NM_SSTP_PLUGIN_GET_PRIVATE (plugin); NMSettingVpn *s_vpn; const char *gwaddr; const char *value; s_vpn = nm_connection_get_setting_vpn (connection); g_assert (s_vpn); gwaddr = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_GATEWAY); if (!gwaddr || !strlen (gwaddr)) { g_set_error_literal (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, _("Invalid or missing SSTP gateway.")); return FALSE; } /* Set the UUID of the connection */ value = nm_connection_get_uuid(connection); if (value && strlen(value)) nm_setting_vpn_add_data_item(s_vpn, NM_SSTP_KEY_UUID, value); if (!nm_sstp_properties_validate (s_vpn, error)) return FALSE; if (!nm_sstp_secrets_validate (s_vpn, error)) return FALSE; priv->connection = g_object_ref (connection); if (getenv ("NM_PPP_DUMP_CONNECTION") || debug) nm_connection_dump (connection); return nm_sstp_start_pppd_binary (NM_SSTP_PLUGIN (plugin), s_vpn, gwaddr, error); }
static void test_legacy_ike_port_1_import (NMVpnPluginUiInterface *plugin, const char *dir) { NMConnection *connection; NMSettingConnection *s_con; NMSettingVPN *s_vpn; GError *error = NULL; char *pcf; const char *expected_id = "Don't use Legacy IKE Port (500)"; const char *value; pcf = g_build_path ("/", dir, "use-legacy-ike-port-1.pcf", NULL); ASSERT (pcf != NULL, "use-legacy-ike-port-1", "failed to create pcf path"); connection = nm_vpn_plugin_ui_interface_import (plugin, pcf, &error); if (error) FAIL ("", "error importing %s: %s", pcf, error->message); ASSERT (connection != NULL, "use-legacy-ike-port-1", "error importing %s: (unknown)", pcf); /* Connection setting */ s_con = nm_connection_get_setting_connection (connection); ASSERT (s_con != NULL, "use-legacy-ike-port-1", "missing 'connection' setting"); ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0, "use-legacy-ike-port-1", "unexpected connection ID"); /* VPN setting */ s_vpn = nm_connection_get_setting_vpn (connection); ASSERT (s_vpn != NULL, "use-legacy-ike-port-1", "missing 'vpn' setting"); value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_LOCAL_PORT); ASSERT (value != NULL, "use-legacy-ike-port-1", "unexpected missing value for item %s", NM_VPNC_KEY_LOCAL_PORT); ASSERT (strcmp (value, "500") == 0, "use-legacy-ike-port-1", "unexpected value for item %s", NM_VPNC_KEY_LOCAL_PORT); g_free (pcf); }
static void test_nat_force_natt (NMVpnPluginUiInterface *plugin, const char *dir) { NMConnection *connection; NMSettingConnection *s_con; NMSettingVPN *s_vpn; GError *error = NULL; char *pcf; const char *expected_id = "Force NAT-T"; const char *value; pcf = g_build_path ("/", dir, "force-natt.pcf", NULL); ASSERT (pcf != NULL, "force-natt", "failed to create pcf path"); connection = nm_vpn_plugin_ui_interface_import (plugin, pcf, &error); if (error) FAIL ("force-natt", "error importing %s: %s", pcf, error->message); ASSERT (connection != NULL, "force-natt", "error importing %s: (unknown)", pcf); /* Connection setting */ s_con = nm_connection_get_setting_connection (connection); ASSERT (s_con != NULL, "force-natt", "missing 'connection' setting"); ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0, "force-natt", "unexpected connection ID"); /* VPN setting */ s_vpn = nm_connection_get_setting_vpn (connection); ASSERT (s_vpn != NULL, "force-natt", "missing 'vpn' setting"); value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE); ASSERT (value != NULL, "force-natt", "unexpected missing value for item %s", NM_VPNC_KEY_NAT_TRAVERSAL_MODE); ASSERT (strcmp (value, NM_VPNC_NATT_MODE_NATT_ALWAYS) == 0, "force-natt", "unexpected value for item %s", NM_VPNC_KEY_NAT_TRAVERSAL_MODE); g_free (pcf); }
static gboolean nm_sstp_properties_validate (NMSettingVpn *s_vpn, GError **error) { ValidateInfo info = { &valid_properties[0], error, FALSE }; int i; nm_setting_vpn_foreach_data_item (s_vpn, validate_one_property, &info); if (!info.have_items) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, "%s", _("No VPN configuration options.")); return FALSE; } if (*error) return FALSE; /* Ensure required properties exist */ for (i = 0; valid_properties[i].name; i++) { ValidProperty prop = valid_properties[i]; const char *value; if (!prop.required) continue; value = nm_setting_vpn_get_data_item (s_vpn, prop.name); if (!value || !strlen (value)) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, _("Missing required option '%s'."), prop.name); return FALSE; } } return TRUE; }
static void test_always_ask (NMVpnPluginUiInterface *plugin, const char *dir) { NMConnection *connection; NMSettingConnection *s_con; NMSettingVPN *s_vpn; GError *error = NULL; char *pcf; const char *expected_id = "Always Ask For Password"; const char *value; pcf = g_build_path ("/", dir, "always-ask.pcf", NULL); ASSERT (pcf != NULL, "always-ask", "failed to create pcf path"); connection = nm_vpn_plugin_ui_interface_import (plugin, pcf, &error); if (error) FAIL ("always-ask", "error importing %s: %s", pcf, error->message); ASSERT (connection != NULL, "always-ask", "error importing %s: (unknown)", pcf); /* Connection setting */ s_con = nm_connection_get_setting_connection (connection); ASSERT (s_con != NULL, "always-ask", "missing 'connection' setting"); ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0, "always-ask", "unexpected connection ID"); /* VPN setting */ s_vpn = nm_connection_get_setting_vpn (connection); ASSERT (s_vpn != NULL, "always-ask", "missing 'vpn' setting"); value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_XAUTH_PASSWORD_TYPE); ASSERT (value == NULL, "always-ask", "unexpected value for item %s", NM_VPNC_KEY_XAUTH_PASSWORD_TYPE); g_free (pcf); }
static gboolean real_connect (NMVPNPlugin *plugin, NMConnection *connection, GError **error) { NMSettingVPN *s_vpn; const char *user_name; s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN)); if (!s_vpn) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID, "%s", "Could not process the request because the VPN connection settings were invalid."); return FALSE; } user_name = nm_setting_vpn_get_user_name (s_vpn); if (!user_name && !nm_setting_vpn_get_data_item (s_vpn, NM_OPENSSH_KEY_USER)) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID, "%s", "Could not process the request because no username was provided."); return FALSE; } /* Validate the properties */ if (!nm_openssh_properties_validate (s_vpn, error)) return FALSE; /* Finally try to start sshtun */ if (!nm_openssh_start (plugin, s_vpn, error)) return FALSE; return TRUE; }
static gboolean init_plugin_ui (OpenswanPluginUiWidget *self, NMConnection *connection, gboolean new_connection, GError **error) { OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); NMSettingVPN *s_vpn = NULL; GtkWidget *widget; const char *value = NULL; s_vpn = nm_connection_get_setting_vpn (connection); priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "gateway_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_RIGHT); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "group_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_LEFTID); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Fill the VPN passwords *before* initializing the PW type combos, since * knowing if there are passwords when initializing the combos is helpful. */ setup_password_widget (self, "user_password_entry", s_vpn, NM_OPENSWAN_XAUTH_PASSWORD, new_connection); setup_password_widget (self, "group_password_entry", s_vpn, NM_OPENSWAN_PSK_VALUE, new_connection); init_one_pw_combo (self, s_vpn, "user_pass_type_combo", NM_OPENSWAN_XAUTH_PASSWORD, NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES, "user_password_entry"); init_one_pw_combo (self, s_vpn, "group_pass_type_combo", NM_OPENSWAN_PSK_VALUE, NM_OPENSWAN_PSK_INPUT_MODES, "group_password_entry"); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_LEFTXAUTHUSER); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Phase 1 Algorithms: IKE*/ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "phase1_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_IKE); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Phase 2 Algorithms: ESP*/ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "phase2_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_ESP); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "domain_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_DOMAIN); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "show_passwords_checkbutton")); g_return_val_if_fail (widget != NULL, FALSE); g_signal_connect (G_OBJECT (widget), "toggled", (GCallback) show_toggled_cb, self); return TRUE; }
static gboolean init_plugin_ui (VpncEditor *self, NMConnection *connection, gboolean new_connection, GError **error) { VpncEditorPrivate *priv = VPNC_EDITOR_GET_PRIVATE (self); NMSettingConnection *s_con = NULL; NMSettingVpn *s_vpn = NULL; GtkWidget *widget; GtkListStore *store; GtkTreeIter iter; const char *value = NULL; int active = -1; const char *natt_mode = NULL; const char *ike_dh_group = NULL; const char *vendor = NULL; const char *pfs_group = NULL; gboolean enabled = FALSE; GtkFileFilter *filter; if (connection) { s_con = nm_connection_get_setting_connection (connection); s_vpn = nm_connection_get_setting_vpn (connection); } priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "gateway_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_GATEWAY); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "group_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_ID); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "encryption_combo")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); store = gtk_list_store_new (1, G_TYPE_STRING); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Secure (default)"), -1); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Weak (use with caution)"), -1); if (s_vpn && (active < 0)) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_SINGLE_DES); if (value && !strcmp (value, "yes")) active = 1; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("None (completely insecure)"), -1); if (s_vpn && (active < 0)) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NO_ENCRYPTION); if (value && !strcmp (value, "yes")) active = 2; } gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); g_object_unref (store); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Fill the VPN passwords *before* initializing the PW type combos, since * knowing if there are passwords when initializing the combos is helpful. */ setup_password_widget (self, "user_password_entry", s_vpn, NM_VPNC_KEY_XAUTH_PASSWORD, new_connection); setup_password_widget (self, "group_password_entry", s_vpn, NM_VPNC_KEY_SECRET, new_connection); init_password_icon (self, s_vpn, NM_VPNC_KEY_XAUTH_PASSWORD, NM_VPNC_KEY_XAUTH_PASSWORD_TYPE, "user_password_entry"); init_password_icon (self, s_vpn, NM_VPNC_KEY_SECRET, NM_VPNC_KEY_SECRET_TYPE, "group_password_entry"); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_XAUTH_USER); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "domain_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_DOMAIN); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Vendor combo */ active = -1; store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING); if (s_vpn) vendor = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_VENDOR); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Cisco (default)"), 1, NM_VPNC_VENDOR_CISCO, -1); if ((active < 0) && vendor) { if (!strcmp (vendor, NM_VPNC_VENDOR_CISCO)) active = 0; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Netscreen"), 1, NM_VPNC_VENDOR_NETSCREEN, -1); if ((active < 0) && vendor) { if (!strcmp (vendor, NM_VPNC_VENDOR_NETSCREEN)) active = 1; } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "vendor_combo")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); g_object_unref (store); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Application version */ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "application_version_entry")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_APP_VERSION); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Interface name */ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "interface_name_entry")); g_return_val_if_fail (widget != NULL, FALSE); if (s_con) { value = nm_setting_connection_get_interface_name (s_con); if (value && strlen (value)) gtk_entry_set_text (GTK_ENTRY (widget), value); } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); active = -1; store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING); if (s_vpn) natt_mode = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("NAT-T when available (default)"), 1, NM_VPNC_NATT_MODE_NATT, -1); if ((active < 0) && natt_mode) { if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NATT)) active = 0; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("NAT-T always"), 1, NM_VPNC_NATT_MODE_NATT_ALWAYS, -1); if ((active < 0) && natt_mode) { if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NATT_ALWAYS)) active = 1; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Cisco UDP"), 1, NM_VPNC_NATT_MODE_CISCO, -1); if ((active < 0) && natt_mode) { if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_CISCO)) active = 2; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Disabled"), 1, NM_VPNC_NATT_MODE_NONE, -1); if ((active < 0) && natt_mode) { if (!strcmp (natt_mode, NM_VPNC_NATT_MODE_NONE)) active = 3; } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "natt_combo")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); g_object_unref (store); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); active = -1; store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING); if (s_vpn) ike_dh_group = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_DHGROUP); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 1"), 1, NM_VPNC_DHGROUP_DH1, -1); if ((active < 0) && ike_dh_group) { if (!strcmp (ike_dh_group, NM_VPNC_DHGROUP_DH1)) active = 0; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 2 (default)"), 1, NM_VPNC_DHGROUP_DH2, -1); if ((active < 0) && ike_dh_group) { if (!strcmp (ike_dh_group, NM_VPNC_DHGROUP_DH2)) active = 1; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 5"), 1, NM_VPNC_DHGROUP_DH5, -1); if ((active < 0) && ike_dh_group) { if (!strcmp (ike_dh_group, NM_VPNC_DHGROUP_DH5)) active = 2; } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "dhgroup_combo")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); g_object_unref (store); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 1 : active); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); /* Local Port */ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "local_port_spinbutton")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_LOCAL_PORT); if (value) { long int tmp; errno = 0; tmp = strtol (value, NULL, 10); if (errno != 0 || tmp < 0 || tmp > 65535) tmp = 0; widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "local_port_spinbutton")); gtk_spin_button_set_value (GTK_SPIN_BUTTON (widget), (gdouble) tmp); } } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (spinbutton_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dpd_checkbutton")); g_return_val_if_fail (widget != NULL, FALSE); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_DPD_IDLE_TIMEOUT); if (value) { long int tmp; errno = 0; tmp = strtol (value, NULL, 10); if (tmp >= 0 && tmp <= G_MAXUINT32 && errno == 0) priv->orig_dpd_timeout = (guint32) tmp; if (priv->orig_dpd_timeout == 0) gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); } } g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self); /* Perfect Forward Secrecy combo */ active = -1; store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_STRING); if (s_vpn) pfs_group = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_PERFECT_FORWARD); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Server (default)"), 1, NM_VPNC_PFS_SERVER, -1); if ((active < 0) && pfs_group) { if (!strcmp (pfs_group, NM_VPNC_PFS_SERVER)) active = 0; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("None"), 1, NM_VPNC_PFS_NOPFS, -1); if ((active < 0) && pfs_group) { if (!strcmp (pfs_group, NM_VPNC_PFS_NOPFS)) active = 1; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 1"), 1, NM_VPNC_PFS_DH1, -1); if ((active < 0) && pfs_group) { if (!strcmp (pfs_group, NM_VPNC_PFS_DH1)) active = 2; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 2"), 1, NM_VPNC_PFS_DH2, -1); if ((active < 0) && pfs_group) { if (!strcmp (pfs_group, NM_VPNC_PFS_DH2)) active = 3; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("DH Group 5"), 1, NM_VPNC_PFS_DH5, -1); if ((active < 0) && pfs_group) { if (!strcmp (pfs_group, NM_VPNC_PFS_DH5)) active = 4; } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "pfsecrecy_combo")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); g_object_unref (store); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? 0 : active); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "show_passwords_checkbutton")); g_return_val_if_fail (widget != NULL, FALSE); g_signal_connect (G_OBJECT (widget), "toggled", (GCallback) show_toggled_cb, self); /* hybrid auth */ enabled = FALSE; widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "hybrid_checkbutton")); g_return_val_if_fail (widget != NULL, FALSE); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_AUTHMODE); if (value && !strcmp("hybrid", value)) { gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); enabled = TRUE; } } g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (hybrid_toggled_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "ca_file_chooser")); g_return_val_if_fail (widget != NULL, FALSE); gtk_size_group_add_widget (priv->group, widget); gtk_widget_set_sensitive (widget, enabled); gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE); gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget), _("Choose a Certificate Authority (CA) certificate…")); filter = gtk_file_filter_new (); gtk_file_filter_add_custom (filter, GTK_FILE_FILTER_FILENAME, cert_filter, NULL, NULL); gtk_file_filter_set_name (filter, _("PEM certificates (*.pem, *.crt, *.cer)")); gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_CA_FILE); if (value && strlen (value)) gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); } g_signal_connect (G_OBJECT (widget), "file-set", G_CALLBACK (stuff_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "cafile_label")); g_return_val_if_fail (widget != NULL, FALSE); gtk_widget_set_sensitive (widget, enabled); /* advanced dialog */ priv->advanced_dialog = GTK_WIDGET (gtk_builder_get_object (priv->builder, "vpnc-advanced-dialog")); g_return_val_if_fail (priv->advanced_dialog != NULL, FALSE); g_signal_connect (G_OBJECT (priv->advanced_dialog), "delete-event", G_CALLBACK (gtk_widget_hide_on_delete), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "advanced_button")); g_return_val_if_fail (widget != NULL, FALSE); g_signal_connect (G_OBJECT (widget), "clicked", (GCallback) toggle_advanced_dialog_cb, self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "apply_button")); g_return_val_if_fail (widget != NULL, FALSE); g_signal_connect (G_OBJECT (widget), "clicked", (GCallback) toggle_advanced_dialog_cb, self); return TRUE; }
void tls_pw_init_auth_widget (GtkBuilder *builder, GtkSizeGroup *group, NMSettingVPN *s_vpn, ChangedCallback changed_cb, gpointer user_data) { GtkWidget *widget; const char *value; GtkFileFilter *filter; g_return_if_fail (builder != NULL); g_return_if_fail (group != NULL); g_return_if_fail (changed_cb != NULL); widget = GTK_WIDGET (gtk_builder_get_object (builder, "ca_cert_chooser")); gtk_size_group_add_widget (group, widget); filter = tls_file_chooser_filter_new (); gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter); gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE); gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget), _("Choose a Certificate Authority certificate...")); g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_CACERT); if (value && strlen (value)) gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); } widget = GTK_WIDGET (gtk_builder_get_object (builder, "cert_user_cert_chooser")); gtk_size_group_add_widget (group, widget); filter = tls_file_chooser_filter_new (); gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter); gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE); gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget), _("Choose your personal certificate...")); g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_USERCERT); if (value && strlen (value)) gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); } widget = GTK_WIDGET (gtk_builder_get_object (builder, "cert_private_key_chooser")); gtk_size_group_add_widget (group, widget); filter = tls_file_chooser_filter_new (); gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter); gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE); gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget), _("Choose your private key...")); g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_PRIVKEY); if (value && strlen (value)) gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); } }
static GPtrArray * construct_pppd_args (NMSstpPlugin *plugin, NMSettingVpn *s_vpn, const char *pppd, const char *gwaddr, GError **error) { GPtrArray *args = NULL; const char *value, *sstp_binary; char *ipparam, *tmp, *ca_cert = NULL, *proxy = NULL, *uuid = NULL; const char *proxy_server, *proxy_port; gboolean ign_cert; /* Get the proxy settings */ proxy_server = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_PROXY_SERVER); proxy_port = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_PROXY_PORT); if (proxy_server && proxy_port && strlen(proxy_server) && strlen(proxy_port)) { const char *proxy_user, *proxy_password; long int tmp_int; if (!str_to_int (proxy_port, &tmp_int)) tmp_int = 0; proxy_user = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_PROXY_USER); proxy_password = nm_setting_vpn_get_secret (s_vpn, NM_SSTP_KEY_PROXY_PASSWORD); proxy = g_strdup_printf("--proxy http://%s%s%s@%s:%ld", proxy_user, proxy_password ? ":" : "", proxy_password ? : "", proxy_server, tmp_int); } sstp_binary = nm_find_sstpc (); if (!sstp_binary) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, "%s", _("Could not find sstp client binary.")); return FALSE; } /* Validate the Gateway option */ if (!gwaddr || !strlen (gwaddr)) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION, "%s", _("Missing VPN gateway.")); goto error; } /* Create the argument vector for pppd */ args = g_ptr_array_new (); g_ptr_array_add (args, (gpointer) g_strdup (pppd)); g_ptr_array_add (args, (gpointer) g_strdup ("pty")); /* Get the CA Certificate (if any) */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_CA_CERT); if (value && strlen (value)) ca_cert = g_strdup_printf ("--ca-cert %s", value); /* Set the UUID of the connection */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_UUID); if (value && strlen(value)) uuid = g_strdup_printf ("--uuid %s", value); /* Ignore any certificate warnings */ value = nm_setting_vpn_get_data_item(s_vpn, NM_SSTP_KEY_IGN_CERT_WARN); if (value && !strcmp(value, "yes")) { ign_cert = TRUE; } /* Prepare the PTY option */ ipparam = g_strdup_printf ("nm-sstp-service-%d", getpid ()); tmp = g_strdup_printf ("%s %s %s --nolaunchpppd %s %s --ipparam %s %s %s", sstp_binary, gwaddr, ign_cert == TRUE ? "--cert-warn" : "", debug ? "--log-level 4" : "", proxy ? proxy : "", ipparam, uuid ? uuid : "", ca_cert ? ca_cert : "" ); g_ptr_array_add (args, (gpointer) tmp); if (ca_cert) g_free(ca_cert); if (uuid) g_free(uuid); /* Enable debug */ if (debug) g_ptr_array_add (args, (gpointer) g_strdup ("debug")); /* PPP options */ g_ptr_array_add (args, (gpointer) g_strdup ("noipv6")); g_ptr_array_add (args, (gpointer) g_strdup ("ipparam")); g_ptr_array_add (args, (gpointer) ipparam); g_ptr_array_add (args, (gpointer) g_strdup ("nodetach")); g_ptr_array_add (args, (gpointer) g_strdup ("lock")); g_ptr_array_add (args, (gpointer) g_strdup ("usepeerdns")); g_ptr_array_add (args, (gpointer) g_strdup ("noipdefault")); g_ptr_array_add (args, (gpointer) g_strdup ("nodefaultroute")); /* Don't need to auth the SSTP server */ g_ptr_array_add (args, (gpointer) g_strdup ("noauth")); /* Username; try SSTP specific username first, then generic username */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_USER); if (!value || !strlen (value)) value = nm_setting_vpn_get_user_name (s_vpn); if (!value || !strlen (value)) { g_set_error_literal (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION, _("Missing VPN username.")); return FALSE; } g_ptr_array_add (args, (gpointer) g_strdup ("user")); g_ptr_array_add (args, (gpointer) g_strdup (value)); /* Allow EAP (currently not supported */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_REFUSE_EAP); if (value && !strcmp (value, "yes")) g_ptr_array_add (args, (gpointer) g_strdup ("refuse-eap")); /* Allow plain text passwords */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_REFUSE_PAP); if (value && !strcmp (value, "yes")) g_ptr_array_add (args, (gpointer) g_strdup ("refuse-pap")); /* Allow CHAP-MD5 */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_REFUSE_CHAP); if (value && !strcmp (value, "yes")) g_ptr_array_add (args, (gpointer) g_strdup ("refuse-chap")); /* Allow MSCHAP */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_REFUSE_MSCHAP); if (value && !strcmp (value, "yes")) g_ptr_array_add (args, (gpointer) g_strdup ("refuse-mschap")); /* Allow MSCHAP-v2 */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_REFUSE_MSCHAPV2); if (value && !strcmp (value, "yes")) g_ptr_array_add (args, (gpointer) g_strdup ("refuse-mschap-v2")); /* Require MPPE */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_REQUIRE_MPPE); if (value && !strcmp (value, "yes")) g_ptr_array_add (args, (gpointer) g_strdup ("require-mppe")); /* Use MPPE-40 bit */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_REQUIRE_MPPE_40); if (value && !strcmp (value, "yes")) g_ptr_array_add (args, (gpointer) g_strdup ("require-mppe-40")); /* Use MPPE-128 bit */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_REQUIRE_MPPE_128); if (value && !strcmp (value, "yes")) g_ptr_array_add (args, (gpointer) g_strdup ("require-mppe-128")); /* Use stateful MPPE */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_MPPE_STATEFUL); if (value && !strcmp (value, "yes")) g_ptr_array_add (args, (gpointer) g_strdup ("mppe-stateful")); /* No BSD Compression */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_NOBSDCOMP); if (value && !strcmp (value, "yes")) g_ptr_array_add (args, (gpointer) g_strdup ("nobsdcomp")); /* No Deflate */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_NODEFLATE); if (value && !strcmp (value, "yes")) g_ptr_array_add (args, (gpointer) g_strdup ("nodeflate")); /* No Compression */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_NO_VJ_COMP); if (value && !strcmp (value, "yes")) g_ptr_array_add (args, (gpointer) g_strdup ("novj")); /* LCP Echo Failure */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_LCP_ECHO_FAILURE); if (value && strlen (value)) { long int tmp_int; /* Convert to integer and then back to string for security's sake * because strtol ignores some leading and trailing characters. */ if (str_to_int (value, &tmp_int)) { g_ptr_array_add (args, (gpointer) g_strdup ("lcp-echo-failure")); g_ptr_array_add (args, (gpointer) g_strdup_printf ("%ld", tmp_int)); } else { g_warning ("failed to convert lcp-echo-failure value '%s'", value); } } else { g_ptr_array_add (args, (gpointer) g_strdup ("lcp-echo-failure")); g_ptr_array_add (args, (gpointer) g_strdup ("0")); } /* LCP Echo Interval */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_LCP_ECHO_INTERVAL); if (value && strlen (value)) { long int tmp_int; /* Convert to integer and then back to string for security's sake * because strtol ignores some leading and trailing characters. */ if (str_to_int (value, &tmp_int)) { g_ptr_array_add (args, (gpointer) g_strdup ("lcp-echo-interval")); g_ptr_array_add (args, (gpointer) g_strdup_printf ("%ld", tmp_int)); } else { g_warning ("failed to convert lcp-echo-interval value '%s'", value); } } else { g_ptr_array_add (args, (gpointer) g_strdup ("lcp-echo-interval")); g_ptr_array_add (args, (gpointer) g_strdup ("0")); } /* Unit Number */ value = nm_setting_vpn_get_data_item (s_vpn, NM_SSTP_KEY_UNIT_NUM); if (value && *value) { long int tmp_int; if (str_to_int (value, &tmp_int)) { g_ptr_array_add (args, (gpointer) g_strdup ("unit")); g_ptr_array_add (args, (gpointer) g_strdup_printf ("%ld", tmp_int)); } else g_warning ("failed to convert unit value '%s'", value); } /* Add the SSTP PPP Plugin */ g_ptr_array_add (args, (gpointer) g_strdup ("plugin")); g_ptr_array_add (args, (gpointer) g_strdup (NM_SSTP_PPPD_PLUGIN)); /* Terminate pointer array with NULL */ g_ptr_array_add (args, NULL); return args; error: free_pppd_args (args); return FALSE; }
static gboolean real_connect (NMVPNPlugin *plugin, NMConnection *connection, GError **error) { NML2tpPluginPrivate *priv = NM_L2TP_PLUGIN_GET_PRIVATE (plugin); NMSettingVPN *s_vpn; const char *value; if (getenv ("NM_PPP_DUMP_CONNECTION") || debug) nm_connection_dump (connection); s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN)); g_assert (s_vpn); if (!nm_l2tp_properties_validate (s_vpn, error)) return FALSE; if (!nm_l2tp_secrets_validate (s_vpn, error)) return FALSE; /* Start our pppd plugin helper service */ if (priv->service) g_object_unref (priv->service); if (priv->connection) { g_object_unref (priv->connection); priv->connection = NULL; } priv->service = nm_l2tp_ppp_service_new (connection, error); if (!priv->service) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, "%s", _("Could not start pppd plugin helper service.")); return FALSE; } priv->connection = g_object_ref (connection); g_signal_connect (G_OBJECT (priv->service), "plugin-alive", G_CALLBACK (service_plugin_alive_cb), plugin); g_signal_connect (G_OBJECT (priv->service), "ppp-state", G_CALLBACK (service_ppp_state_cb), plugin); g_signal_connect (G_OBJECT (priv->service), "ip4-config", G_CALLBACK (service_ip4_config_cb), plugin); /* Cache the username and password so we can relay the secrets to the pppd * plugin when it asks for them. */ if (!_service_cache_credentials (priv->service, connection, error)) return FALSE; if (!nm_l2tp_resolve_gateway (NM_L2TP_PLUGIN (plugin), s_vpn, error)) return FALSE; if (!nm_l2tp_config_write (NM_L2TP_PLUGIN (plugin), s_vpn, error)) return FALSE; value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_ENABLE); g_message(_("ipsec enable flag: %s"), value?value:"(null)"); if(value && !strcmp(value,"yes")) { g_message(_("starting ipsec")); if (!nm_l2tp_start_ipsec(NM_L2TP_PLUGIN (plugin), s_vpn, error)) return FALSE; } if (!nm_l2tp_start_l2tpd_binary (NM_L2TP_PLUGIN (plugin), s_vpn, error)) return FALSE; return TRUE; }
static gboolean nm_openssh_start (NMVPNPlugin *plugin, NMSettingVPN *s_vpn, GError **error) { NMOpensshPluginPrivate *priv = NM_OPENSSH_PLUGIN_GET_PRIVATE(plugin); sshtun_handle_t handle; const char *tun_mode; char *tun_owner = NULL, *host = NULL, *user = NULL, *public_key = NULL, *private_key = NULL, *config_script = NULL; const char *val; int ret; gboolean retval = TRUE; GIOChannel *event_channel; GSource *child_watch, *event_watch; val = nm_setting_vpn_get_user_name (s_vpn); if (!val) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, "%s", "Can't get username."); retval = FALSE; goto out; } tun_owner = g_strdup (val); val = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSSH_KEY_TUN_USE_TAP); tun_mode = val && !strcmp (val, "yes") ? "ethernet" : "pointopoint"; val = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSSH_KEY_USER); user = val ? g_strdup (val) : g_strdup (tun_owner); val = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSSH_KEY_HOST); if (!val) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, "%s", "Host is missing."); retval = FALSE; goto out; } host = g_strdup (val); val = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSSH_KEY_PUBLIC_KEY); if (!val) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, "%s", "SSH public key is missing."); retval = FALSE; goto out; } public_key = g_strdup (val); val = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSSH_KEY_PRIVATE_KEY); if (!val) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, "%s", "SSH private key is missing."); retval = FALSE; goto out; } private_key = g_strdup (val); val = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSSH_KEY_CONFIG_SCRIPT); if (!val) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, "%s", "IP config script is missing."); retval = FALSE; goto out; } config_script = g_strdup (val); ret = sshtun_new (&handle); if (ret < 0) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_GENERAL, "%s", "Could not allocate memory for an sshtun process."); retval = FALSE; goto out; } ret = sshtun_set_params (handle, SSHTUN_PARAM_TUN_MODE, tun_mode, SSHTUN_PARAM_TUN_OWNER, tun_owner, SSHTUN_PARAM_USER, user, SSHTUN_PARAM_HOST, host, SSHTUN_PARAM_SERVICE, "ssh", SSHTUN_PARAM_PUBLIC_KEY, public_key, SSHTUN_PARAM_PRIVATE_KEY, private_key, SSHTUN_PARAM_CONFIG_SCRIPT, config_script, 0); if (ret < 0) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, "%s", "Could not set parameters for an sshtun process."); retval = FALSE; goto out; } ret = sshtun_start (handle); if (ret < 0) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, "%s", "Could not start an sshtun process."); retval = FALSE; goto out; } priv->handle = handle; val = nm_setting_vpn_get_secret (s_vpn, NM_OPENSSH_KEY_PASSWORD); priv->password = val ? g_strdup (val) : NULL; /* Watch the status change of the sshtun child process. */ child_watch = g_child_watch_source_new (sshtun_pid (priv->handle)); g_source_set_callback (child_watch, (GSourceFunc) child_watch_cb, plugin, NULL); g_source_attach (child_watch, NULL); g_source_unref (child_watch); /* Watch the normal event from the sshtun child process. */ event_channel = g_io_channel_unix_new (sshtun_event_fd (priv->handle)); event_watch = g_io_create_watch (event_channel, G_IO_IN); g_source_set_callback (event_watch, (GSourceFunc) event_watch_cb, plugin, NULL); g_source_attach (event_watch, NULL); g_source_unref (event_watch); g_io_channel_unref (event_channel); out: g_free (tun_owner); g_free (host); g_free (user); g_free (public_key); g_free (private_key); g_free (config_script); return retval; }
static void init_one_pw_combo (OpenswanPluginUiWidget *self, NMSettingVPN *s_vpn, const char *combo_name, const char *secret_key, const char *type_key, const char *entry_name) { OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); int active = -1; GtkWidget *widget; GtkListStore *store; GtkTreeIter iter; const char *value = NULL; guint32 default_idx = 1; /* If there's already a password and the password type can't be found in * the VPN settings, default to saving it. Otherwise, always ask for it. */ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, entry_name)); if (widget) { const char *tmp; tmp = gtk_entry_get_text (GTK_ENTRY (widget)); if (tmp && strlen (tmp)) default_idx = 0; } store = gtk_list_store_new (1, G_TYPE_STRING); if (s_vpn) { value = secret_flags_to_pw_type (s_vpn, secret_key); if (!value) value = nm_setting_vpn_get_data_item (s_vpn, type_key); } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Saved"), -1); if ((active < 0) && value) { if (!strcmp (value, NM_OPENSWAN_PW_TYPE_SAVE)) active = 0; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Always Ask"), -1); if ((active < 0) && value) { if (!strcmp (value, NM_OPENSWAN_PW_TYPE_ASK)) active = 1; } gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Not Required"), -1); if ((active < 0) && value) { if (!strcmp (value, NM_OPENSWAN_PW_TYPE_UNUSED)) active = 2; } widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, combo_name)); g_assert (widget); gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); g_object_unref (store); gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? default_idx : active); pw_type_changed_helper (self, widget); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (pw_type_combo_changed_cb), self); }
static gboolean vpn_openconnect_get_secrets (NMConnection *connection, GPtrArray *secrets) { GError *error = NULL; NMSettingVpn *s_vpn; const char *vpn_type, *gw, *port; char *cookie = NULL; char *gateway = NULL; char *gwcert = NULL; int status = 0; int i; gboolean ret; if (!connection) return FALSE; if (!nm_connection_is_type (connection, NM_SETTING_VPN_SETTING_NAME)) return FALSE; s_vpn = nm_connection_get_setting_vpn (connection); vpn_type = nm_setting_vpn_get_service_type (s_vpn); if (g_strcmp0 (vpn_type, NM_DBUS_INTERFACE ".openconnect")) return FALSE; /* Get gateway and port */ gw = nm_setting_vpn_get_data_item (s_vpn, "gateway"); port = gw ? strrchr (gw, ':') : NULL; /* Interactively authenticate to OpenConnect server and get secrets */ ret = nm_vpn_openconnect_authenticate_helper (gw, &cookie, &gateway, &gwcert, &status, &error); if (!ret) { g_printerr (_("Error: openconnect failed: %s\n"), error->message); g_clear_error (&error); return FALSE; } if (WIFEXITED (status)) { if (WEXITSTATUS (status) != 0) g_printerr (_("Error: openconnect failed with status %d\n"), WEXITSTATUS (status)); } else if (WIFSIGNALED (status)) g_printerr (_("Error: openconnect failed with signal %d\n"), WTERMSIG (status)); /* Append port to the host value */ if (gateway && port) { char *tmp = gateway; gateway = g_strdup_printf ("%s%s", gateway, port); g_free (tmp); } /* Fill secrets to the array */ for (i = 0; i < secrets->len; i++) { NMSecretAgentSimpleSecret *secret = secrets->pdata[i]; if (!g_strcmp0 (secret->vpn_type, vpn_type)) { if (!g_strcmp0 (secret->vpn_property, "cookie")) { g_free (secret->value); secret->value = cookie; cookie = NULL; } else if (!g_strcmp0 (secret->vpn_property, "gateway")) { g_free (secret->value); secret->value = gateway; gateway = NULL; } else if (!g_strcmp0 (secret->vpn_property, "gwcert")) { g_free (secret->value); secret->value = gwcert; gwcert = NULL; } } } g_free (cookie); g_free (gateway); g_free (gwcert); return TRUE; }
static gboolean nm_l2tp_start_ipsec(NML2tpPlugin *plugin, NMSettingVPN *s_vpn, GError **error) { // NML2tpPluginPrivate *priv = NM_L2TP_PLUGIN_GET_PRIVATE (plugin); const char *ipsec_binary; const char *value; char tmp_secrets[128]; char cmd1[4096],cmd11[4096],cmd2[4096]; char session_name[128]; guint sys=0; FILE *fp; if (!(ipsec_binary=nm_find_ipsec())) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, "%s", _("Could not find the ipsec binary.")); return FALSE; } sprintf(session_name, "nm-ipsec-l2tpd-%d", getpid()); sys += system("test -e /var/run/pluto/ipsec.info && . /var/run/pluto/ipsec.info;" "PATH=/usr/local/sbin:/usr/sbin:/sbin; export PATH;" "[ \"x$defaultrouteaddr\" = \"x\" ] && ipsec setup restart"); sys += system("PATH=/usr/local/sbin:/usr/sbin:/sbin ipsec whack" " --listen"); sprintf(cmd1,"test -e /var/run/pluto/ipsec.info && . /var/run/pluto/ipsec.info;" "PATH=/usr/local/sbin:/usr/sbin:/sbin ipsec addconn " " ${defaultrouteaddr:+--defaultroute} $defaultrouteaddr" " ${defaultroutenexthop:+--defaultroutenexthop} $defaultroutenexthop" " --config /var/run/nm-ipsec-l2tp.%d/ipsec.conf --verbose" " %s", getpid(),session_name); sprintf(cmd11, "PATH=/usr/local/sbin:/usr/sbin:/sbin ipsec auto " " --config /var/run/nm-ipsec-l2tp.%d/ipsec.conf --verbose" " --add %s", getpid(),session_name); sprintf(cmd2,"PATH=/usr/local/sbin:/usr/sbin:/sbin ipsec auto " " --config /var/run/nm-ipsec-l2tp.%d/ipsec.conf --verbose" " --up %s",getpid(),session_name); /* the way this works is sadly very messy we replace the user's /etc/ipsec.secrets file we ask openswan to reload the secrets, we whack in our connection, we then replace the secrets and ask openswan to reload them */ sprintf(tmp_secrets, "/etc/ipsec.secrets.%d",getpid()); if(-1==rename("/etc/ipsec.secrets", tmp_secrets) && errno != EEXIST) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, "%s", _("Cannot save /etc/ipsec.secrets")); return FALSE; } if(!(fp=fopen("/etc/ipsec.secrets","w"))) { rename(tmp_secrets, "/etc/ipsec.secrets"); g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, "%s", _("Cannot open /etc/ipsec.secrets for writing")); return FALSE; } value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_GROUP_NAME); fprintf(fp, "%s%s ",value?"@":"", value?value:"%any"); value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_GATEWAY_ID); fprintf(fp, "%s%s ",value?"@":"", value?value:"%any"); value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_PSK); if(!value)value=""; fprintf(fp, ": PSK \"%s\"\n",value); fclose(fp); sys += system("PATH=\"/sbin:/usr/sbin:/usr/local/sbin:$PATH\" ipsec secrets"); sys += system(cmd11); sys += system(cmd1); sys += system(cmd2); rename(tmp_secrets, "/etc/ipsec.secrets"); sys += system("PATH=\"/sbin:/usr/sbin:/usr/local/sbin:$PATH\" ipsec secrets"); if (sys != 0) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, "%s", _("Possible error in IPSec setup.")); return FALSE; } g_message(_("ipsec ready for action")); return TRUE; }
static gboolean nm_l2tp_resolve_gateway (NML2tpPlugin *plugin, NMSettingVPN *s_vpn, GError **error) { NML2tpPluginPrivate *priv = NM_L2TP_PLUGIN_GET_PRIVATE (plugin); const char *p, *src; gboolean is_name = FALSE; struct in_addr naddr; struct addrinfo hints; struct addrinfo *result = NULL, *rp; int err; char buf[INET_ADDRSTRLEN + 1]; p = src = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_GATEWAY); g_return_val_if_fail (src != NULL, FALSE); while (*p) { if (*p != '.' && !isdigit (*p)) { is_name = TRUE; break; } p++; } if (is_name == FALSE) { errno = 0; if (inet_pton (AF_INET, src, &naddr) <= 0) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, _("couldn't convert L2TP VPN gateway IP address '%s' (%d)"), src, errno); return FALSE; } priv->naddr = naddr.s_addr; priv->saddr = g_strdup (src); return TRUE; } /* It's a hostname, resolve it */ memset (&hints, 0, sizeof (hints)); hints.ai_family = AF_INET; hints.ai_flags = AI_ADDRCONFIG; err = getaddrinfo (src, NULL, &hints, &result); if (err != 0) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, _("couldn't look up L2TP VPN gateway IP address '%s' (%d)"), src, err); return FALSE; } /* If the hostname resolves to multiple IP addresses, use the first one. * FIXME: maybe we just want to use a random one instead? */ memset (&naddr, 0, sizeof (naddr)); for (rp = result; rp; rp = rp->ai_next) { if ( (rp->ai_family == AF_INET) && (rp->ai_addrlen == sizeof (struct sockaddr_in))) { struct sockaddr_in *inptr = (struct sockaddr_in *) rp->ai_addr; memcpy (&naddr, &(inptr->sin_addr), sizeof (struct in_addr)); break; } } freeaddrinfo (result); if (naddr.s_addr == 0) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, _("no usable addresses returned for L2TP VPN gateway '%s'"), src); return FALSE; } memset (buf, 0, sizeof (buf)); errno = 0; if (inet_ntop (AF_INET, &naddr, buf, sizeof (buf) - 1) == NULL) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, _("no usable addresses returned for L2TP VPN gateway '%s' (%d)"), src, errno); return FALSE; } g_message(_("Use '%s' as a gateway"), buf); priv->naddr = naddr.s_addr; priv->saddr = g_strdup (buf); return TRUE; }
static gboolean init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError **error) { StrongswanPluginUiWidgetPrivate *priv = STRONGSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); NMSettingVPN *settings; GtkWidget *widget; const char *value; settings = NM_SETTING_VPN(nm_connection_get_setting(connection, NM_TYPE_SETTING_VPN)); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "address-entry")); value = nm_setting_vpn_get_data_item (settings, "address"); if (value) gtk_entry_set_text (GTK_ENTRY (widget), value); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (settings_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "certificate-button")); value = nm_setting_vpn_get_data_item (settings, "certificate"); if (value) gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (settings_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user-label")); gtk_widget_set_no_show_all (widget, TRUE); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user-entry")); gtk_widget_set_no_show_all (widget, TRUE); value = nm_setting_vpn_get_data_item (settings, "user"); if (value) gtk_entry_set_text (GTK_ENTRY (widget), value); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (settings_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "method-combo")); gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("Certificate/private key")); gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("Certificate/ssh-agent")); gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("Smartcard")); gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("EAP")); gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("Pre-shared key")); value = nm_setting_vpn_get_data_item (settings, "method"); if (value) { if (g_strcmp0 (value, "key") == 0) { gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0); } if (g_strcmp0 (value, "agent") == 0) { gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1); } if (g_strcmp0 (value, "smartcard") == 0) { gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 2); } if (g_strcmp0 (value, "eap") == 0) { gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 3); } if (g_strcmp0 (value, "psk") == 0) { gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 4); } } if (gtk_combo_box_get_active (GTK_COMBO_BOX (widget)) == -1) { gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0); } update_layout (widget, priv); g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (settings_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "usercert-label")); gtk_widget_set_no_show_all (widget, TRUE); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "usercert-button")); gtk_widget_set_no_show_all (widget, TRUE); value = nm_setting_vpn_get_data_item (settings, "usercert"); if (value) gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (settings_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "userkey-label")); gtk_widget_set_no_show_all (widget, TRUE); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "userkey-button")); gtk_widget_set_no_show_all (widget, TRUE); value = nm_setting_vpn_get_data_item (settings, "userkey"); if (value) gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (settings_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "virtual-check")); value = nm_setting_vpn_get_data_item (settings, "virtual"); if (value && strcmp(value, "yes") == 0) { gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(widget), TRUE); } g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (settings_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "encap-check")); value = nm_setting_vpn_get_data_item (settings, "encap"); if (value && strcmp(value, "yes") == 0) { gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(widget), TRUE); } g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (settings_changed_cb), self); widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "ipcomp-check")); value = nm_setting_vpn_get_data_item (settings, "ipcomp"); if (value && strcmp(value, "yes") == 0) { gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(widget), TRUE); } g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (settings_changed_cb), self); return TRUE; }
static gint nm_openconnect_start_openconnect_binary (NMOPENCONNECTPlugin *plugin, NMSettingVPN *s_vpn, GError **error) { NMOPENCONNECTPluginPrivate *priv = NM_OPENCONNECT_PLUGIN_GET_PRIVATE (plugin); GPid pid; const char **openconnect_binary = NULL; GPtrArray *openconnect_argv; GSource *openconnect_watch; gint stdin_fd; const char *props_vpn_gw, *props_cookie, *props_cacert, *props_mtu, *props_gwcert, *props_proxy; /* Find openconnect */ openconnect_binary = openconnect_binary_paths; while (*openconnect_binary != NULL) { if (g_file_test (*openconnect_binary, G_FILE_TEST_EXISTS)) break; openconnect_binary++; } if (!*openconnect_binary) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, "%s", _("Could not find openconnect binary.")); return -1; } /* The actual gateway to use (after redirection) comes from the auth dialog, so it's in the secrets hash not the properties */ props_vpn_gw = nm_setting_vpn_get_secret (s_vpn, NM_OPENCONNECT_KEY_GATEWAY); if (!props_vpn_gw || !strlen (props_vpn_gw) ) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, "%s", _("No VPN gateway specified.")); return -1; } props_cookie = nm_setting_vpn_get_secret (s_vpn, NM_OPENCONNECT_KEY_COOKIE); if (!props_cookie || !strlen (props_cookie)) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, "%s", _("No WebVPN cookie provided.")); return -1; } props_gwcert = nm_setting_vpn_get_secret (s_vpn, NM_OPENCONNECT_KEY_GWCERT); props_cacert = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_CACERT); props_mtu = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_MTU); props_proxy = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_PROXY); openconnect_argv = g_ptr_array_new (); g_ptr_array_add (openconnect_argv, (gpointer) (*openconnect_binary)); if (props_gwcert && strlen(props_gwcert)) { g_ptr_array_add (openconnect_argv, (gpointer) "--servercert"); g_ptr_array_add (openconnect_argv, (gpointer) props_gwcert); } else if (props_cacert && strlen(props_cacert)) { g_ptr_array_add (openconnect_argv, (gpointer) "--cafile"); g_ptr_array_add (openconnect_argv, (gpointer) props_cacert); } if (props_mtu && strlen(props_mtu)) { g_ptr_array_add (openconnect_argv, (gpointer) "--mtu"); g_ptr_array_add (openconnect_argv, (gpointer) props_mtu); } if (props_proxy && strlen(props_proxy)) { g_ptr_array_add (openconnect_argv, (gpointer) "--proxy"); g_ptr_array_add (openconnect_argv, (gpointer) props_proxy); } g_ptr_array_add (openconnect_argv, (gpointer) "--syslog"); g_ptr_array_add (openconnect_argv, (gpointer) "--cookie-on-stdin"); g_ptr_array_add (openconnect_argv, (gpointer) "--script"); g_ptr_array_add (openconnect_argv, (gpointer) NM_OPENCONNECT_HELPER_PATH); priv->tun_name = create_persistent_tundev (); if (priv->tun_name) { g_ptr_array_add (openconnect_argv, (gpointer) "--interface"); g_ptr_array_add (openconnect_argv, (gpointer) priv->tun_name); } g_ptr_array_add (openconnect_argv, (gpointer) props_vpn_gw); if (debug) g_ptr_array_add (openconnect_argv, (gpointer) "--verbose"); g_ptr_array_add (openconnect_argv, NULL); if (!g_spawn_async_with_pipes (NULL, (char **) openconnect_argv->pdata, NULL, G_SPAWN_DO_NOT_REAP_CHILD, openconnect_drop_child_privs, priv->tun_name, &pid, &stdin_fd, NULL, NULL, error)) { g_ptr_array_free (openconnect_argv, TRUE); g_warning ("openconnect failed to start. error: '%s'", (*error)->message); return -1; } g_ptr_array_free (openconnect_argv, TRUE); g_message ("openconnect started with pid %d", pid); if (write(stdin_fd, props_cookie, strlen(props_cookie)) != strlen(props_cookie) || write(stdin_fd, "\n", 1) != 1) { g_warning ("openconnect didn't eat the cookie we fed it"); return -1; } close(stdin_fd); NM_OPENCONNECT_PLUGIN_GET_PRIVATE (plugin)->pid = pid; openconnect_watch = g_child_watch_source_new (pid); g_source_set_callback (openconnect_watch, (GSourceFunc) openconnect_watch_cb, plugin, NULL); g_source_attach (openconnect_watch, NULL); g_source_unref (openconnect_watch); return 0; }
static gboolean nm_l2tp_config_write (NML2tpPlugin *plugin, NMSettingVPN *s_vpn, GError **error) { NML2tpPluginPrivate *priv = NM_L2TP_PLUGIN_GET_PRIVATE (plugin); NML2tpPppServicePrivate *service_priv = NULL; char *filename; pid_t pid = getpid (); const char *value; // const char *username; gint conf_fd = -1; gint ipsec_fd = -1; gint pppopt_fd = -1; int port; int i; filename = g_strdup_printf ("/var/run/nm-ipsec-l2tp.%d", pid); mkdir(filename,0700); g_free (filename); filename = g_strdup_printf ("/var/run/nm-ipsec-l2tp.%d/ipsec.conf", pid); ipsec_fd = open (filename, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); g_free (filename); if (ipsec_fd == -1) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, "%s", _("Could not write ipsec config.")); return FALSE; } write_config_option (ipsec_fd, "version 2.0\n" "config setup\n" " nat_traversal=yes\n" " force_keepalive=yes\n" " protostack=netkey\n" " keep_alive=60\n" "\n"); write_config_option (ipsec_fd, "conn nm-ipsec-l2tpd-%d\n", pid); write_config_option (ipsec_fd, " auto=add\n" " type=transport\n" " auth=esp\n" " pfs=no\n" " authby=secret\n" " keyingtries=0\n" " left=%%defaultroute\n"); value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_GROUP_NAME); if(value)write_config_option (ipsec_fd, " leftid=@%s\n", value); /* value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_GATEWAY); */ write_config_option (ipsec_fd, " right=%s\n", priv->saddr); value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_GATEWAY_ID); if(value)write_config_option (ipsec_fd, " rightid=@%s\n", value); write_config_option (ipsec_fd, " esp=3des-sha1\n" " keyexchange=ike\n" " ike=3des-sha1-modp1024\n" " aggrmode=no\n" " forceencaps=yes\n"); filename = g_strdup_printf ("/var/run/nm-xl2tpd.conf.%d", pid); conf_fd = open (filename, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); g_free (filename); if (conf_fd == -1) { close(ipsec_fd); g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, "%s", _("Could not write xl2tpd config.")); return FALSE; } filename = g_strdup_printf ("/var/run/nm-ppp-options.xl2tpd.%d", pid); pppopt_fd = open (filename, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); g_free (filename); if (pppopt_fd == -1) { close(ipsec_fd); close(conf_fd); g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, "%s", _("Could not write ppp options.")); return FALSE; } /* L2TP options */ write_config_option (conf_fd, "[global]\n"); write_config_option (conf_fd, "access control = yes\n"); /* Check that xl2tpd's default port 1701 is free, if not - use 0 (ephemeral random port) */ /* port = get_free_l2tp_port(); */ port = 1701; if (!is_port_free (port)){ port = 0; g_warning("Port 1701 is busy, use ephemeral."); } write_config_option (conf_fd, "port = %d\n", port); if (debug){ /* write_config_option (conf_fd, "debug network = yes\n"); */ write_config_option (conf_fd, "debug state = yes\n"); write_config_option (conf_fd, "debug tunnel = yes\n"); write_config_option (conf_fd, "debug avp = yes\n"); } write_config_option (conf_fd, "[lac l2tp]\n"); /* value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_GATEWAY); */ write_config_option (conf_fd, "lns = %s\n", priv->saddr); if (priv->service) service_priv = NM_L2TP_PPP_SERVICE_GET_PRIVATE (priv->service); if (service_priv && strlen (service_priv->username)) { write_config_option (conf_fd, "name = %s\n", service_priv->username); } if (debug) write_config_option (conf_fd, "ppp debug = yes\n"); write_config_option (conf_fd, "pppoptfile = /var/run/nm-ppp-options.xl2tpd.%d\n", pid); write_config_option (conf_fd, "autodial = yes\n"); write_config_option (conf_fd, "tunnel rws = 8\n"); write_config_option (conf_fd, "tx bps = 100000000\n"); write_config_option (conf_fd, "rx bps = 100000000\n"); /* PPP options */ if (debug) write_config_option (pppopt_fd, "debug\n"); write_config_option (pppopt_fd, "ipparam nm-l2tp-service-%d\n", pid); write_config_option (pppopt_fd, "nodetach\n"); write_config_option (pppopt_fd, "lock\n"); write_config_option (pppopt_fd, "usepeerdns\n"); write_config_option (pppopt_fd, "noipdefault\n"); write_config_option (pppopt_fd, "nodefaultroute\n"); /* Don't need to auth the L2TP server */ write_config_option (pppopt_fd, "noauth\n"); /* pppd and xl2tpd on Linux require this option to support Android and iOS clients, and pppd on Linux clients won't work without the same option */ write_config_option (pppopt_fd, "noccp\n"); if (service_priv && strlen (service_priv->username)) { write_config_option (pppopt_fd, "name %s\n", service_priv->username); } for(i=0; ppp_options[i].name; i++){ value = nm_setting_vpn_get_data_item (s_vpn, ppp_options[i].name); if (value && !strcmp (value, "yes")) write_config_option (pppopt_fd, ppp_options[i].write_to_config); } value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_LCP_ECHO_FAILURE); if (value && strlen (value)) { long int tmp_int; /* Convert to integer and then back to string for security's sake * because strtol ignores some leading and trailing characters. */ errno = 0; tmp_int = strtol (value, NULL, 10); if (errno == 0) { write_config_option (pppopt_fd, "lcp-echo-failure %ld\n", tmp_int); } else { g_warning (_("failed to convert lcp-echo-failure value '%s'"), value); } } else { write_config_option (pppopt_fd, "lcp-echo-failure 0\n"); } value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_LCP_ECHO_INTERVAL); if (value && strlen (value)) { long int tmp_int; /* Convert to integer and then back to string for security's sake * because strtol ignores some leading and trailing characters. */ errno = 0; tmp_int = strtol (value, NULL, 10); if (errno == 0) { write_config_option (pppopt_fd, "lcp-echo-interval %ld\n", tmp_int); } else { g_warning (_("failed to convert lcp-echo-interval value '%s'"), value); } } else { write_config_option (pppopt_fd, "lcp-echo-interval 0\n"); } write_config_option (pppopt_fd, "plugin %s\n", NM_L2TP_PPPD_PLUGIN); close(ipsec_fd); close(conf_fd); close(pppopt_fd); return TRUE; }