[network-manager-vpnc/NETWORKMANAGER_0_7] import/export: handle NAT Traversal modes better

From: Dan Williams <dcbw src gnome org>
To: svn-commits-list gnome org
Cc:
Subject: [network-manager-vpnc/NETWORKMANAGER_0_7] import/export: handle NAT Traversal modes better
Date: Wed, 13 Jan 2010 20:30:03 +0000 (UTC)
commit 19c9334aa71c99f6263643e7115af8522ead0a14
Author: Dan Williams <dcbw redhat com>
Date:   Wed Jan 13 12:22:37 2010 -0800

    import/export: handle NAT Traversal modes better
    
    Unfortunately PCF files don't have a way of specifying whether
    to use Cisco-UDP or the newer and more standardized NAT-T.  So
    we'll use a custom NM key for that.  We default to Cisco-UDP
    for compatibility with older versions of nm-vpnc but this allows
    sysadmins to get the right behavior if they are installing
    newer concentrators that use NAT-T.

 properties/nm-vpnc.c                  |   41 +++++++---
 properties/tests/pcf/nat-cisco.pcf    |   38 +++++++++
 properties/tests/pcf/natt.pcf         |   39 +++++++++
 properties/tests/test-import-export.c |  142 ++++++++++++++++++++++++++++++++-
 4 files changed, 246 insertions(+), 14 deletions(-)
---
diff --git a/properties/nm-vpnc.c b/properties/nm-vpnc.c
index 0d084e5..5050ad9 100644
--- a/properties/nm-vpnc.c
+++ b/properties/nm-vpnc.c
@@ -1060,22 +1060,31 @@ import (NMVpnPluginUiInterface *iface, const char *path, GError **error)
 			nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_SINGLE_DES, "yes");
 	}
 
-	/* Default is enabled, only disabled if explicit EnableNat=0 exists */
+	/* Disable all NAT Traversal if explicit EnableNat=0 exists, otherwise
+	 * default to NAT-T which is newer and standardized.  If EnableNat=1, then
+	 * use Cisco-UDP like always; but if the key "X-NM-Use-NAT-T" is set, then
+	 * use NAT-T.
+	 */
+	nm_setting_vpn_add_data_item (s_vpn,
+	                              NM_VPNC_KEY_NAT_TRAVERSAL_MODE,
+	                              NM_VPNC_NATT_MODE_CISCO);
+
 	if (pcf_file_lookup_bool (pcf, "main", "EnableNat", &bool_value)) {
-		if (!bool_value) {
+		if (bool_value) {
+			bool_value = FALSE;
+			if (   pcf_file_lookup_bool (pcf, "main", "X-NM-Use-NAT-T", &bool_value)
+			    && bool_value) {
+				nm_setting_vpn_add_data_item (s_vpn,
+				                              NM_VPNC_KEY_NAT_TRAVERSAL_MODE,
+				                              NM_VPNC_NATT_MODE_NATT);
+			}
+		} else {
 			nm_setting_vpn_add_data_item (s_vpn,
 			                              NM_VPNC_KEY_NAT_TRAVERSAL_MODE,
 			                              NM_VPNC_NATT_MODE_NONE);
 		}
 	}
 
-	/* Default to Cisco UDP */
-	if (!nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE)) {
-		nm_setting_vpn_add_data_item (s_vpn,
-		                              NM_VPNC_KEY_NAT_TRAVERSAL_MODE,
-		                              NM_VPNC_NATT_MODE_CISCO);
-	}
-
 	if (pcf_file_lookup_int (pcf, "main", "PeerTimeout", &val)) {
 		if ((val == 0) || ((val >= 10) && (val <= 86400))) {
 			char *tmp = g_strdup_printf ("%d", (gint) val);
@@ -1144,6 +1153,7 @@ export (NMVpnPluginUiInterface *iface,
 	gboolean success = FALSE;
 	guint32 routes_count = 0;
 	gboolean save_password = FALSE;
+	gboolean use_natt = FALSE;
 
 	s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION));
 	s_ip4 = (NMSettingIP4Config *) nm_connection_get_setting (connection, NM_TYPE_SETTING_IP4_CONFIG);
@@ -1185,8 +1195,15 @@ export (NMVpnPluginUiInterface *iface,
 		singledes = TRUE;
 
 	value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
-	if (value && strlen (value) && strcmp (value, NM_VPNC_NATT_MODE_NONE))
-		enablenat = TRUE;
+	if (value && strlen (value)) {
+		if (!strcmp (value, NM_VPNC_NATT_MODE_CISCO)) {
+			enablenat = TRUE;
+			use_natt = FALSE;
+		} else if (!strcmp (value, NM_VPNC_NATT_MODE_NATT)) {
+			enablenat = TRUE;
+			use_natt = TRUE;
+		}
+	}
 
 	value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_DPD_IDLE_TIMEOUT);
 	if (value && strlen (value))
@@ -1264,6 +1281,7 @@ export (NMVpnPluginUiInterface *iface,
 		 "EnableSplitDNS=1\n"
 		 "SingleDES=%s\n"
 		 "SPPhonebook=\n"
+		 "X-NM-Use-NAT-T=%s\n"
 		 "%s\n",
 		 /* Description */   nm_setting_connection_get_id (s_con),
 		 /* Host */          gateway,
@@ -1275,6 +1293,7 @@ export (NMVpnPluginUiInterface *iface,
 		 /* NTDomain */      domain != NULL ? domain : "",
 		 /* PeerTimeout */   peertimeout != NULL ? peertimeout : "0",
 		 /* SingleDES */     singledes ? "1" : "0",
+		 /* X-NM-Use-NAT-T */ use_natt ? "1" : "0",
 		 /* X-NM-Routes */   (routes && routes->str) ? routes->str : "");
 
 	success = TRUE;
diff --git a/properties/tests/pcf/nat-cisco.pcf b/properties/tests/pcf/nat-cisco.pcf
new file mode 100644
index 0000000..d875a6e
--- /dev/null
+++ b/properties/tests/pcf/nat-cisco.pcf
@@ -0,0 +1,38 @@
+[main]
+Description=NAT-Cisco
+!Host=10.20.30.40
+!AuthType=1
+!GroupName=blahblah
+!GroupPwd=my-group-password
+!enc_GroupPwd=
+EnableISPConnect=0
+ISPConnectType=0
+ISPConnect=
+ISPCommand=
+Username=bsmith
+SaveUserPassword=1
+UserPassword=my-user-password
+enc_UserPassword=
+!NTDomain=COMPANY
+!EnableBackup=0
+!BackupServer=
+!EnableMSLogon=1
+!MSLogonType=0
+EnableNat=1
+!TunnelingMode=0
+!TcpTunnelingPort=10000
+CertStore=0
+CertName=
+CertPath=
+CertSubjectName=
+CertSerialHash=00000000000000000000000000000000
+SendCertChain=0
+VerifyCertDN=
+DHGroup=2
+ForceKeepAlives=1
+PeerTimeout=90
+!EnableLocalLAN=1
+!EnableSplitDNS=1
+ISPPhonebook=
+X-NM-Routes=10.0.0.0/8 172.16.0.0/16
+
diff --git a/properties/tests/pcf/natt.pcf b/properties/tests/pcf/natt.pcf
new file mode 100644
index 0000000..40b6196
--- /dev/null
+++ b/properties/tests/pcf/natt.pcf
@@ -0,0 +1,39 @@
+[main]
+Description=NAT-T
+!Host=10.20.30.40
+!AuthType=1
+!GroupName=blahblah
+!GroupPwd=my-group-password
+!enc_GroupPwd=
+EnableISPConnect=0
+ISPConnectType=0
+ISPConnect=
+ISPCommand=
+Username=bsmith
+SaveUserPassword=1
+UserPassword=my-user-password
+enc_UserPassword=
+!NTDomain=COMPANY
+!EnableBackup=0
+!BackupServer=
+!EnableMSLogon=1
+!MSLogonType=0
+EnableNat=1
+!TunnelingMode=0
+!TcpTunnelingPort=10000
+CertStore=0
+CertName=
+CertPath=
+CertSubjectName=
+CertSerialHash=00000000000000000000000000000000
+SendCertChain=0
+VerifyCertDN=
+DHGroup=2
+ForceKeepAlives=1
+PeerTimeout=90
+!EnableLocalLAN=1
+!EnableSplitDNS=1
+ISPPhonebook=
+X-NM-Routes=10.0.0.0/8 172.16.0.0/16
+X-NM-Use-NAT-T=1
+
diff --git a/properties/tests/test-import-export.c b/properties/tests/test-import-export.c
index fc39f6d..ef2ce5a 100644
--- a/properties/tests/test-import-export.c
+++ b/properties/tests/test-import-export.c
@@ -260,7 +260,7 @@ remove_secrets (NMConnection *connection)
 	g_slist_free (keys);
 }
 
-#define EXPORTED_NAME "basic-export-test.pcf"
+#define BASIC_EXPORTED_NAME "basic-export-test.pcf"
 static void
 test_basic_export (NMVpnPluginUiInterface *plugin, const char *dir)
 {
@@ -274,7 +274,7 @@ test_basic_export (NMVpnPluginUiInterface *plugin, const char *dir)
 	connection = get_basic_connection ("basic-export", plugin, dir, "basic.pcf");
 	ASSERT (connection != NULL, "basic-export", "failed to import connection");
 
-	path = g_build_path ("/", dir, EXPORTED_NAME, NULL);
+	path = g_build_path ("/", dir, BASIC_EXPORTED_NAME, NULL);
 	success = nm_vpn_plugin_ui_interface_export (plugin, path, connection, &error);
 	if (!success) {
 		if (!error)
@@ -284,7 +284,7 @@ test_basic_export (NMVpnPluginUiInterface *plugin, const char *dir)
 	}
 
 	/* Now re-import it and compare the connections to ensure they are the same */
-	reimported = get_basic_connection ("basic-export", plugin, dir, EXPORTED_NAME);
+	reimported = get_basic_connection ("basic-export", plugin, dir, BASIC_EXPORTED_NAME);
 	ret = unlink (path);
 	ASSERT (connection != NULL, "basic-export", "failed to re-import connection");
 
@@ -301,6 +301,52 @@ test_basic_export (NMVpnPluginUiInterface *plugin, const char *dir)
 	g_free (path);
 }
 
+#define NAT_EXPORTED_NAME "nat-export-test.pcf"
+static void
+test_nat_export (NMVpnPluginUiInterface *plugin, const char *dir, const char *nat_mode)
+{
+	NMConnection *connection;
+	NMSettingVPN *s_vpn;
+	NMConnection *reimported;
+	char *path;
+	gboolean success;
+	GError *error = NULL;
+	int ret;
+
+	connection = get_basic_connection ("nat-export", plugin, dir, "basic.pcf");
+	ASSERT (connection != NULL, "nat-export", "failed to import connection");
+
+	s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
+	ASSERT (s_vpn != NULL, "nat-export", "imported connection had no VPN setting");
+
+	nm_setting_vpn_add_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE, nat_mode);
+
+	path = g_build_path ("/", dir, NAT_EXPORTED_NAME, NULL);
+	success = nm_vpn_plugin_ui_interface_export (plugin, path, connection, &error);
+	if (!success) {
+		if (!error)
+			FAIL ("nat-export", "export failed with missing error");
+		else
+			FAIL ("nat-export", "export failed: %s", error->message);
+	}
+
+	/* Now re-import it and compare the connections to ensure they are the same */
+	reimported = get_basic_connection ("nat-export", plugin, dir, NAT_EXPORTED_NAME);
+	ret = unlink (path);
+	ASSERT (connection != NULL, "nat-export", "failed to re-import connection");
+
+	/* Clear secrets first, since they don't get exported, and thus would
+	 * make the connection comparison below fail.
+	 */
+	remove_secrets (connection);
+
+	ASSERT (nm_connection_compare (connection, reimported, NM_SETTING_COMPARE_FLAG_EXACT) == TRUE,
+	        "nat-export", "original and reimported connection differ");
+
+	g_object_unref (reimported);
+	g_object_unref (connection);
+	g_free (path);
+}
 
 static void
 test_everything_via_vpn (NMVpnPluginUiInterface *plugin, const char *dir)
@@ -388,6 +434,92 @@ test_no_natt (NMVpnPluginUiInterface *plugin, const char *dir)
 }
 
 static void
+test_nat_cisco (NMVpnPluginUiInterface *plugin, const char *dir)
+{
+	NMConnection *connection;
+	NMSettingConnection *s_con;
+	NMSettingVPN *s_vpn;
+	GError *error = NULL;
+	char *pcf;
+	const char *expected_id = "NAT-Cisco";
+	const char *value;
+
+	pcf = g_build_path ("/", dir, "nat-cisco.pcf", NULL);
+	ASSERT (pcf != NULL,
+	        "nat-cisco", "failed to create pcf path");
+
+	connection = nm_vpn_plugin_ui_interface_import (plugin, pcf, &error);
+	if (error)
+		FAIL ("nat-cisco", "error importing %s: %s", pcf, error->message);
+	ASSERT (connection != NULL,
+	        "nat-cisco", "error importing %s: (unknown)", pcf);
+
+	/* Connection setting */
+	s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION);
+	ASSERT (s_con != NULL,
+	        "nat-cisco", "missing 'connection' setting");
+
+	ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0,
+	        "nat-cisco", "unexpected connection ID");
+
+	/* VPN setting */
+	s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
+	ASSERT (s_vpn != NULL,
+	        "nat-cisco", "missing 'vpn' setting");
+
+	value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
+	ASSERT (value != NULL,
+	        "nat-cisco", "unexpected missing value for item %s", NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
+	ASSERT (strcmp (value, NM_VPNC_NATT_MODE_CISCO) == 0,
+	        "nat-cisco", "unexpected value for item %s", NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
+
+	g_free (pcf);
+}
+
+static void
+test_nat_natt (NMVpnPluginUiInterface *plugin, const char *dir)
+{
+	NMConnection *connection;
+	NMSettingConnection *s_con;
+	NMSettingVPN *s_vpn;
+	GError *error = NULL;
+	char *pcf;
+	const char *expected_id = "NAT-T";
+	const char *value;
+
+	pcf = g_build_path ("/", dir, "natt.pcf", NULL);
+	ASSERT (pcf != NULL,
+	        "natt", "failed to create pcf path");
+
+	connection = nm_vpn_plugin_ui_interface_import (plugin, pcf, &error);
+	if (error)
+		FAIL ("natt", "error importing %s: %s", pcf, error->message);
+	ASSERT (connection != NULL,
+	        "natt", "error importing %s: (unknown)", pcf);
+
+	/* Connection setting */
+	s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION);
+	ASSERT (s_con != NULL,
+	        "natt", "missing 'connection' setting");
+
+	ASSERT (strcmp (nm_setting_connection_get_id (s_con), expected_id) == 0,
+	        "natt", "unexpected connection ID");
+
+	/* VPN setting */
+	s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
+	ASSERT (s_vpn != NULL,
+	        "natt", "missing 'vpn' setting");
+
+	value = nm_setting_vpn_get_data_item (s_vpn, NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
+	ASSERT (value != NULL,
+	        "natt", "unexpected missing value for item %s", NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
+	ASSERT (strcmp (value, NM_VPNC_NATT_MODE_NATT) == 0,
+	        "natt", "unexpected value for item %s", NM_VPNC_KEY_NAT_TRAVERSAL_MODE);
+
+	g_free (pcf);
+}
+
+static void
 test_always_ask (NMVpnPluginUiInterface *plugin, const char *dir)
 {
 	NMConnection *connection;
@@ -490,10 +622,14 @@ int main (int argc, char **argv)
 	test_basic_import (plugin, argv[1]);
 	test_everything_via_vpn (plugin, argv[1]);
 	test_no_natt (plugin, argv[1]);
+	test_nat_cisco (plugin, argv[1]);
+	test_nat_natt (plugin, argv[1]);
 	test_always_ask (plugin, argv[1]);
 	test_non_utf8_import (plugin, argv[1]);
 
 	test_basic_export (plugin, argv[1]);
+	test_nat_export (plugin, argv[1], NM_VPNC_NATT_MODE_CISCO);
+	test_nat_export (plugin, argv[1], NM_VPNC_NATT_MODE_NATT);
 
 	g_object_unref (plugin);
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]