[network-manager-openvpn] export: implement export for static-key configurations (bgo #573986)
- From: Dan Williams <dcbw src gnome org>
- To: svn-commits-list gnome org
- Cc:
- Subject: [network-manager-openvpn] export: implement export for static-key configurations (bgo #573986)
- Date: Mon, 23 Nov 2009 20:39:29 +0000 (UTC)
commit 9e9af334534e0684621a4739ed08ebb98de7cb83
Author: Dan Williams <dcbw redhat com>
Date: Mon Nov 23 12:37:17 2009 -0800
export: implement export for static-key configurations (bgo #573986)
properties/import-export.c | 35 +++++++++++
properties/tests/Makefile.am | 2 +-
properties/tests/conf/Makefile.am | 4 +-
properties/tests/conf/static.key | 21 +++++++
properties/tests/conf/static.ovpn | 5 ++
properties/tests/test-import-export.c | 105 +++++++++++++++++++++++++++++++++
6 files changed, 170 insertions(+), 2 deletions(-)
---
diff --git a/properties/import-export.c b/properties/import-export.c
index c99df54..f3d1213 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -427,7 +427,11 @@ do_export (const char *path, NMConnection *connection, GError **error)
const char *connection_type = NULL;
const char *user_cert = NULL;
const char *private_key = NULL;
+ const char *static_key = NULL;
+ const char *static_key_direction = NULL;
const char *port = NULL;
+ const char *local_ip = NULL;
+ const char *remote_ip = NULL;
gboolean success = FALSE;
gboolean device_tun = TRUE;
gboolean proto_udp = TRUE;
@@ -478,6 +482,16 @@ do_export (const char *path, NMConnection *connection, GError **error)
private_key = value;
}
+ if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_STATIC_KEY)) {
+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY);
+ if (value && strlen (value))
+ static_key = value;
+
+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY_DIRECTION);
+ if (value && strlen (value))
+ static_key_direction = value;
+ }
+
/* Advanced values start */
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PORT);
if (value && strlen (value))
@@ -505,6 +519,14 @@ do_export (const char *path, NMConnection *connection, GError **error)
if (value && strlen (value))
cipher = value;
+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_LOCAL_IP);
+ if (value && strlen (value))
+ local_ip = value;
+
+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_IP);
+ if (value && strlen (value))
+ remote_ip = value;
+
/* Advanced values end */
fprintf (f, "client\n");
@@ -521,6 +543,16 @@ do_export (const char *path, NMConnection *connection, GError **error)
|| !strcmp(connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS))
fprintf (f, "auth-user-pass\n");
+ if (!strcmp(connection_type, NM_OPENVPN_CONTYPE_STATIC_KEY)) {
+ if (static_key) {
+ fprintf (f, "secret %s%s%s\n",
+ static_key,
+ static_key_direction ? " " : "",
+ static_key_direction ? static_key_direction : "");
+ } else
+ g_warning ("%s: invalid openvpn static key configuration (missing static key)", __func__);
+ }
+
if (reneg_exists)
fprintf (f, "reneg-sec %d\n", reneg);
@@ -533,6 +565,9 @@ do_export (const char *path, NMConnection *connection, GError **error)
fprintf (f, "dev %s\n", device_tun ? "tun" : "tap");
fprintf (f, "proto %s\n", proto_udp ? "udp" : "tcp");
+ if (local_ip && remote_ip)
+ fprintf (f, "ifconfig %s %s\n", local_ip, remote_ip);
+
/* Add hard-coded stuff */
fprintf (f,
"nobind\n"
diff --git a/properties/tests/Makefile.am b/properties/tests/Makefile.am
index 6fb6ab7..61bd22e 100644
--- a/properties/tests/Makefile.am
+++ b/properties/tests/Makefile.am
@@ -13,7 +13,7 @@ test_import_export_CPPFLAGS = \
$(GTK_CFLAGS) \
$(GCONF_CFLAGS) \
$(GNOMEKEYRING_CFLAGS) \
- $(NETWORK_MANAGER_CFLAGS) \
+ $(NETWORK_MANAGER_CFLAGS) \
$(DBUS_CFLAGS)
test_import_export_LDADD = \
diff --git a/properties/tests/conf/Makefile.am b/properties/tests/conf/Makefile.am
index 6a0dd98..b291d05 100644
--- a/properties/tests/conf/Makefile.am
+++ b/properties/tests/conf/Makefile.am
@@ -1,6 +1,8 @@
EXTRA_DIST = \
password.conf \
tls.ovpn \
- iso885915.ovpn
+ iso885915.ovpn \
+ static.key \
+ static.ovpn
diff --git a/properties/tests/conf/static.key b/properties/tests/conf/static.key
new file mode 100644
index 0000000..8762c36
--- /dev/null
+++ b/properties/tests/conf/static.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+378e209d0fe8efe398afa86bdb19b9a8
+f9cc3ae06e42f9468f97d81724101046
+1722e4888756212c05dd0e9341e28388
+aa6f1ea6fbb46779a2e1ce6db1fcef47
+69bd0266c9e14f02a2f19760e77d2f71
+59f6e96769bcc09eda1786adbbd51a50
+f027a829b0a71106b01a046972b1cd20
+41774be1515f81e8760da576077f543d
+75d6deb92c9bfd7760a12b0f05938e7d
+63fc0c663cdbb623d3f45fcfcbc2009c
+1fc36c7b8ecc147462fb7c8747676574
+3b7bd0d6a89aa90514d453b9f1b92e22
+57bb24180cd867357131ac9972f118b8
+d4cebc0da588fed8ec73b9b9be86962d
+1a28946996a012767fae84851c126bab
+65fee86c5e72d11c6d10c01728e33000
+-----END OpenVPN Static key V1-----
diff --git a/properties/tests/conf/static.ovpn b/properties/tests/conf/static.ovpn
new file mode 100644
index 0000000..eae6b67
--- /dev/null
+++ b/properties/tests/conf/static.ovpn
@@ -0,0 +1,5 @@
+remote 10.11.12.13
+dev tun
+ifconfig 10.8.0.2 10.8.0.1
+secret static.key 1
+
diff --git a/properties/tests/test-import-export.c b/properties/tests/test-import-export.c
index 455f08e..d0f5340 100644
--- a/properties/tests/test-import-export.c
+++ b/properties/tests/test-import-export.c
@@ -390,6 +390,108 @@ test_non_utf8_import (NMVpnPluginUiInterface *plugin, const char *dir)
g_object_unref (connection);
}
+static void
+test_static_key_import (NMVpnPluginUiInterface *plugin, const char *dir)
+{
+ NMConnection *connection;
+ NMSettingConnection *s_con;
+ NMSettingIP4Config *s_ip4;
+ NMSettingVPN *s_vpn;
+ const char *expected_id = "static";
+ char *expected_path;
+
+ connection = get_basic_connection ("static-key-import", plugin, dir, "static.ovpn");
+ ASSERT (connection != NULL, "static-key-import", "failed to import connection");
+
+ /* Connection setting */
+ s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION);
+ ASSERT (s_con != NULL,
+ "static-key-import", "missing 'connection' setting");
+
+ ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0,
+ "static-key-import", "unexpected connection ID");
+
+ ASSERT (nm_setting_connection_get_uuid (s_con) == NULL,
+ "static-key-import", "unexpected valid UUID");
+
+ /* IP4 setting */
+ s_ip4 = (NMSettingIP4Config *) nm_connection_get_setting (connection, NM_TYPE_SETTING_IP4_CONFIG);
+ ASSERT (s_ip4 == NULL,
+ "static-key-import", "unexpected 'ip4-config' setting");
+
+ /* VPN setting */
+ s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
+ ASSERT (s_vpn != NULL,
+ "static-key-import", "missing 'vpn' setting");
+
+ /* Data items */
+ test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE, NM_OPENVPN_CONTYPE_STATIC_KEY);
+ test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_TAP_DEV, NULL);
+ test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_PROTO_TCP, NULL);
+ test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_COMP_LZO, NULL);
+ test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS, NULL);
+ test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_REMOTE, "10.11.12.13");
+ test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_PORT, NULL);
+ test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_STATIC_KEY_DIRECTION, "1");
+ test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_TA, NULL);
+ test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_TA_DIR, NULL);
+ test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_CIPHER, NULL);
+ test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_LOCAL_IP, "10.8.0.2");
+ test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_REMOTE_IP, "10.8.0.1");
+ test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_AUTH, NULL);
+
+ expected_path = g_strdup_printf ("%s/static.key", dir);
+ test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_STATIC_KEY, expected_path);
+ g_free (expected_path);
+
+ /* Secrets */
+ test_secret ("static-key-import-secrets", s_vpn, NM_OPENVPN_KEY_PASSWORD, NULL);
+ test_secret ("static-key-import-secrets", s_vpn, NM_OPENVPN_KEY_CERTPASS, NULL);
+
+ g_object_unref (connection);
+}
+
+#define STATIC_KEY_EXPORTED_NAME "static.ovpntest"
+static void
+test_static_key_export (NMVpnPluginUiInterface *plugin, const char *dir)
+{
+ NMConnection *connection;
+ NMConnection *reimported;
+ char *path;
+ gboolean success;
+ GError *error = NULL;
+ int ret;
+
+ connection = get_basic_connection ("static-key-export", plugin, dir, "static.ovpn");
+ ASSERT (connection != NULL, "static-key-export", "failed to import connection");
+
+ path = g_build_path ("/", dir, STATIC_KEY_EXPORTED_NAME, NULL);
+ success = nm_vpn_plugin_ui_interface_export (plugin, path, connection, &error);
+ if (!success) {
+ if (!error)
+ FAIL ("static-key-export", "export failed with missing error");
+ else
+ FAIL ("static-key-export", "export failed: %s", error->message);
+ }
+
+ /* Now re-import it and compare the connections to ensure they are the same */
+ reimported = get_basic_connection ("static-key-export", plugin, dir, STATIC_KEY_EXPORTED_NAME);
+ ret = unlink (path);
+ ASSERT (connection != NULL, "static-key-export", "failed to re-import connection");
+
+ /* Clear secrets first, since they don't get exported, and thus would
+ * make the connection comparison below fail.
+ */
+ remove_secrets (connection);
+
+ ASSERT (nm_connection_compare (connection, reimported, NM_SETTING_COMPARE_FLAG_EXACT) == TRUE,
+ "static-key-export", "original and reimported connection differ");
+
+ g_object_unref (reimported);
+ g_object_unref (connection);
+ g_free (path);
+}
+
int main (int argc, char **argv)
{
GError *error = NULL;
@@ -421,6 +523,9 @@ int main (int argc, char **argv)
test_non_utf8_import (plugin, argv[1]);
+ test_static_key_import (plugin, argv[1]);
+ test_static_key_export (plugin, argv[1]);
+
g_object_unref (plugin);
basename = g_path_get_basename (argv[0]);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
