[network-manager-applet] applet: migrate openvpn passwords for secrets flags
- From: Dan Williams <dcbw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-applet] applet: migrate openvpn passwords for secrets flags
- Date: Mon, 4 Apr 2011 21:53:46 +0000 (UTC)
commit f1d336c23e6b6d01be4f0cc87058a976da3879c9
Author: Dan Williams <dcbw redhat com>
Date: Mon Apr 4 16:08:07 2011 -0500
applet: migrate openvpn passwords for secrets flags
src/gconf-helpers/gconf-upgrade.c | 82 +++++++++++++++
src/gconf-helpers/tests/08openvpn-not-saved.xml | 106 +++++++++++++++++++
src/gconf-helpers/tests/08openvpn-saved.xml | 106 +++++++++++++++++++
src/gconf-helpers/tests/Makefile.am | 3 +-
src/gconf-helpers/tests/test-upgrade.c | 125 +++++++++++++++++++++++
5 files changed, 421 insertions(+), 1 deletions(-)
---
diff --git a/src/gconf-helpers/gconf-upgrade.c b/src/gconf-helpers/gconf-upgrade.c
index d168e58..c9f39ee 100644
--- a/src/gconf-helpers/gconf-upgrade.c
+++ b/src/gconf-helpers/gconf-upgrade.c
@@ -2062,6 +2062,85 @@ migrate_vpnc (NMConnection *connection, NMSettingVPN *s_vpn)
}
}
+#define NM_DBUS_SERVICE_OPENVPN "org.freedesktop.NetworkManager.openvpn"
+#define NM_OPENVPN_KEY_PASSWORD "password"
+#define NM_OPENVPN_KEY_CERTPASS "cert-pass"
+#define NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD "http-proxy-password"
+#define NM_OPENVPN_KEY_CONNECTION_TYPE "connection-type"
+#define NM_OPENVPN_CONTYPE_TLS "tls"
+#define NM_OPENVPN_CONTYPE_PASSWORD "password"
+#define NM_OPENVPN_CONTYPE_PASSWORD_TLS "password-tls"
+#define NM_OPENVPN_KEY_PROXY_TYPE "proxy-type"
+
+static NMSettingSecretFlags
+openvpn_get_secret_flags (const char *uuid, const char *secret_name)
+{
+ GList *found = NULL;
+ GnomeKeyringResult ret;
+ NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED;
+
+ ret = gnome_keyring_find_itemsv_sync (GNOME_KEYRING_ITEM_GENERIC_SECRET,
+ &found,
+ KEYRING_UUID_TAG,
+ GNOME_KEYRING_ATTRIBUTE_TYPE_STRING,
+ uuid,
+ KEYRING_SN_TAG,
+ GNOME_KEYRING_ATTRIBUTE_TYPE_STRING,
+ NM_SETTING_VPN_SETTING_NAME,
+ KEYRING_SK_TAG,
+ GNOME_KEYRING_ATTRIBUTE_TYPE_STRING,
+ secret_name,
+ NULL);
+ if (ret != GNOME_KEYRING_RESULT_OK || found == NULL)
+ flags |= NM_SETTING_SECRET_FLAG_NOT_SAVED;
+ gnome_keyring_found_list_free (found);
+
+ return flags;
+}
+
+static void
+migrate_openvpn (NMConnection *connection, NMSettingVPN *s_vpn)
+{
+ NMSettingSecretFlags flags;
+ const char *tmp;
+ gboolean check_pw = FALSE, check_cp = FALSE;
+
+ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE);
+ if (!tmp)
+ return;
+
+ if (!strcmp (tmp, NM_OPENVPN_CONTYPE_TLS))
+ check_cp = TRUE;
+ else if (!strcmp (tmp, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
+ check_pw = TRUE;
+ check_cp = TRUE;
+ } else if (!strcmp (tmp, NM_OPENVPN_CONTYPE_PASSWORD))
+ check_pw = TRUE;
+
+ /* For each secret, we need to check the keyring to see whether the secret
+ * is present or not, and if it's *not*, then we mark the secret as both
+ * not-saved and agent-owned. If it is present, the secret is just marked
+ * agent-owned.
+ */
+
+ if (check_pw) {
+ flags = openvpn_get_secret_flags (nm_connection_get_uuid (connection), NM_OPENVPN_KEY_PASSWORD);
+ nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENVPN_KEY_PASSWORD, flags, NULL);
+ }
+
+ if (check_cp) {
+ flags = openvpn_get_secret_flags (nm_connection_get_uuid (connection), NM_OPENVPN_KEY_CERTPASS);
+ nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENVPN_KEY_CERTPASS, flags, NULL);
+ }
+
+ /* HTTP proxy password */
+ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_TYPE);
+ if (g_strcmp0 (tmp, "http") == 0 || g_strcmp0 (tmp, "socks") == 0) {
+ flags = openvpn_get_secret_flags (nm_connection_get_uuid (connection), NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD);
+ nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD, flags, NULL);
+ }
+}
+
#define NM_DBUS_SERVICE_PPTP "org.freedesktop.NetworkManager.pptp"
#define NM_PPTP_KEY_PASSWORD "password"
@@ -2095,6 +2174,9 @@ nm_gconf_migrate_09_secret_flags (GConfClient *client,
/* Mark the password as agent-owned */
nm_setting_set_secret_flags (setting, NM_PPTP_KEY_PASSWORD, NM_SETTING_SECRET_FLAG_AGENT_OWNED, NULL);
return;
+ } else if (g_strcmp0 (service, NM_DBUS_SERVICE_OPENVPN) == 0) {
+ migrate_openvpn (connection, s_vpn);
+ return;
}
/* Other VPNs not handled specially here just go through the
diff --git a/src/gconf-helpers/tests/08openvpn-not-saved.xml b/src/gconf-helpers/tests/08openvpn-not-saved.xml
new file mode 100644
index 0000000..ae7fbe3
--- /dev/null
+++ b/src/gconf-helpers/tests/08openvpn-not-saved.xml
@@ -0,0 +1,106 @@
+<gconfentryfile>
+ <entrylist base="/system/networking/connections">
+ <entry>
+ <key>5/connection/id</key>
+ <value>
+ <string>test-openvpn</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/connection/name</key>
+ <value>
+ <string>connection</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/connection/timestamp</key>
+ <value>
+ <string>1290572370</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/connection/type</key>
+ <value>
+ <string>vpn</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/connection/uuid</key>
+ <value>
+ <string>8a9ffa89-aca5-4350-ac82-d68cffc84eae</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/ipv4/method</key>
+ <value>
+ <string>auto</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/ipv4/name</key>
+ <value>
+ <string>ipv4</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/ipv4/never-default</key>
+ <value>
+ <bool>true</bool>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/ca</key>
+ <value>
+ <string>/home/max/some-cert-ca.pem</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/cipher</key>
+ <value>
+ <string>AES-256-CBC</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/connection-type</key>
+ <value>
+ <string>password</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/port</key>
+ <value>
+ <string>443</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/proto-tcp</key>
+ <value>
+ <string>yes</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/remote</key>
+ <value>
+ <string>openvpn.server.com</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/reneg-seconds</key>
+ <value>
+ <string>0</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/service-type</key>
+ <value>
+ <string>org.freedesktop.NetworkManager.openvpn</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/username</key>
+ <value>
+ <string>max</string>
+ </value>
+ </entry>
+ </entrylist>
+</gconfentryfile>
diff --git a/src/gconf-helpers/tests/08openvpn-saved.xml b/src/gconf-helpers/tests/08openvpn-saved.xml
new file mode 100644
index 0000000..ae7fbe3
--- /dev/null
+++ b/src/gconf-helpers/tests/08openvpn-saved.xml
@@ -0,0 +1,106 @@
+<gconfentryfile>
+ <entrylist base="/system/networking/connections">
+ <entry>
+ <key>5/connection/id</key>
+ <value>
+ <string>test-openvpn</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/connection/name</key>
+ <value>
+ <string>connection</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/connection/timestamp</key>
+ <value>
+ <string>1290572370</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/connection/type</key>
+ <value>
+ <string>vpn</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/connection/uuid</key>
+ <value>
+ <string>8a9ffa89-aca5-4350-ac82-d68cffc84eae</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/ipv4/method</key>
+ <value>
+ <string>auto</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/ipv4/name</key>
+ <value>
+ <string>ipv4</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/ipv4/never-default</key>
+ <value>
+ <bool>true</bool>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/ca</key>
+ <value>
+ <string>/home/max/some-cert-ca.pem</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/cipher</key>
+ <value>
+ <string>AES-256-CBC</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/connection-type</key>
+ <value>
+ <string>password</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/port</key>
+ <value>
+ <string>443</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/proto-tcp</key>
+ <value>
+ <string>yes</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/remote</key>
+ <value>
+ <string>openvpn.server.com</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/reneg-seconds</key>
+ <value>
+ <string>0</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/service-type</key>
+ <value>
+ <string>org.freedesktop.NetworkManager.openvpn</string>
+ </value>
+ </entry>
+ <entry>
+ <key>5/vpn/username</key>
+ <value>
+ <string>max</string>
+ </value>
+ </entry>
+ </entrylist>
+</gconfentryfile>
diff --git a/src/gconf-helpers/tests/Makefile.am b/src/gconf-helpers/tests/Makefile.am
index 81f2d30..b046859 100644
--- a/src/gconf-helpers/tests/Makefile.am
+++ b/src/gconf-helpers/tests/Makefile.am
@@ -27,5 +27,6 @@ EXTRA_DIST = \
test-import.xml \
08wifi.xml \
08vpnc.xml \
- 08openvpn.xml
+ 08openvpn-not-saved.xml \
+ 08openvpn-saved.xml
diff --git a/src/gconf-helpers/tests/test-upgrade.c b/src/gconf-helpers/tests/test-upgrade.c
index 2dd85e8..b850395 100644
--- a/src/gconf-helpers/tests/test-upgrade.c
+++ b/src/gconf-helpers/tests/test-upgrade.c
@@ -380,6 +380,129 @@ test_upgrade_08_vpnc (void)
fake_keyring_clear ();
}
+static void
+upgrade_08_openvpn_saved_cb (NMConnection *connection, gpointer user_data)
+{
+ NMSettingVPN *s_vpn;
+ NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
+ gboolean success;
+
+ /* And check to make sure we've got our wpa-psk flags */
+ s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
+ g_assert (s_vpn);
+
+ success = nm_setting_get_secret_flags (NM_SETTING (s_vpn),
+ "password",
+ &flags,
+ NULL);
+ g_assert (success);
+ g_assert_cmpint (flags, ==, NM_SETTING_SECRET_FLAG_AGENT_OWNED);
+
+ /* Connection isn't a TLS connection, so we don't expect any flags here */
+ flags = NM_SETTING_SECRET_FLAG_NONE;
+ success = nm_setting_get_secret_flags (NM_SETTING (s_vpn),
+ "cert-pass",
+ &flags,
+ NULL);
+ g_assert (success == FALSE);
+ g_assert_cmpint (flags, ==, NM_SETTING_SECRET_FLAG_NONE);
+}
+
+static void
+test_upgrade_08_openvpn_saved (void)
+{
+ GConfClient *client;
+ gboolean success;
+ guint32 stamp;
+ GError *error = NULL;
+ GnomeKeyringAttributeList *attrs;
+ char *display_name = NULL;
+ GnomeKeyringResult ret;
+
+ client = gconf_client_get_default ();
+ stamp = (guint32) gconf_client_get_int (client, APPLET_PREFS_STAMP, &error);
+ g_assert (stamp == 0);
+ g_assert_no_error (error);
+
+ success = fake_gconf_add_xml (client, TESTDIR "/08openvpn-saved.xml");
+ g_assert (success);
+
+ /* Add the user password */
+ attrs = _create_keyring_add_attr_list ("8a9ffa89-aca5-4350-ac82-d68cffc84eae",
+ "test-openvpn",
+ NM_SETTING_VPN_SETTING_NAME,
+ "password",
+ &display_name);
+ g_assert (attrs);
+ ret = gnome_keyring_item_create_sync (NULL,
+ GNOME_KEYRING_ITEM_GENERIC_SECRET,
+ display_name,
+ attrs,
+ "blahblah my password",
+ TRUE,
+ NULL);
+ g_assert_cmpint (ret, ==, GNOME_KEYRING_RESULT_OK);
+ gnome_keyring_attribute_list_free (attrs);
+ g_free (display_name);
+
+ /* Now do the conversion */
+ nm_gconf_move_connections_to_system (upgrade_08_openvpn_saved_cb, NULL);
+
+ g_object_unref (client);
+ fake_keyring_clear ();
+}
+
+static void
+upgrade_08_openvpn_not_saved_cb (NMConnection *connection, gpointer user_data)
+{
+ NMSettingVPN *s_vpn;
+ NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
+ gboolean success;
+
+ /* And check to make sure we've got our wpa-psk flags */
+ s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
+ g_assert (s_vpn);
+
+ success = nm_setting_get_secret_flags (NM_SETTING (s_vpn),
+ "password",
+ &flags,
+ NULL);
+ g_assert (success);
+ g_assert_cmpint (flags, ==, NM_SETTING_SECRET_FLAG_AGENT_OWNED | NM_SETTING_SECRET_FLAG_NOT_SAVED);
+
+ /* Connection isn't a TLS connection, so we don't expect any flags here */
+ flags = NM_SETTING_SECRET_FLAG_NONE;
+ success = nm_setting_get_secret_flags (NM_SETTING (s_vpn),
+ "cert-pass",
+ &flags,
+ NULL);
+ g_assert (success == FALSE);
+ g_assert_cmpint (flags, ==, NM_SETTING_SECRET_FLAG_NONE);
+}
+
+static void
+test_upgrade_08_openvpn_not_saved (void)
+{
+ GConfClient *client;
+ gboolean success;
+ guint32 stamp;
+ GError *error = NULL;
+
+ client = gconf_client_get_default ();
+ stamp = (guint32) gconf_client_get_int (client, APPLET_PREFS_STAMP, &error);
+ g_assert (stamp == 0);
+ g_assert_no_error (error);
+
+ success = fake_gconf_add_xml (client, TESTDIR "/08openvpn-not-saved.xml");
+ g_assert (success);
+
+ /* Passwords for this connection are not saved so we don't add anything to the keyring */
+
+ /* Now do the conversion */
+ nm_gconf_move_connections_to_system (upgrade_08_openvpn_not_saved_cb, NULL);
+ g_object_unref (client);
+}
+
/*******************************************/
#if GLIB_CHECK_VERSION(2,25,12)
@@ -404,6 +527,8 @@ int main (int argc, char **argv)
g_test_suite_add (suite, TESTCASE (test_upgrade_08_wifi, NULL));
g_test_suite_add (suite, TESTCASE (test_upgrade_08_vpnc, NULL));
+ g_test_suite_add (suite, TESTCASE (test_upgrade_08_openvpn_saved, NULL));
+ g_test_suite_add (suite, TESTCASE (test_upgrade_08_openvpn_not_saved, NULL));
return g_test_run ();
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
