[network-manager-applet] applet: migrate openvpn passwords for secrets flags



commit f1d336c23e6b6d01be4f0cc87058a976da3879c9
Author: Dan Williams <dcbw redhat com>
Date:   Mon Apr 4 16:08:07 2011 -0500

    applet: migrate openvpn passwords for secrets flags

 src/gconf-helpers/gconf-upgrade.c               |   82 +++++++++++++++
 src/gconf-helpers/tests/08openvpn-not-saved.xml |  106 +++++++++++++++++++
 src/gconf-helpers/tests/08openvpn-saved.xml     |  106 +++++++++++++++++++
 src/gconf-helpers/tests/Makefile.am             |    3 +-
 src/gconf-helpers/tests/test-upgrade.c          |  125 +++++++++++++++++++++++
 5 files changed, 421 insertions(+), 1 deletions(-)
---
diff --git a/src/gconf-helpers/gconf-upgrade.c b/src/gconf-helpers/gconf-upgrade.c
index d168e58..c9f39ee 100644
--- a/src/gconf-helpers/gconf-upgrade.c
+++ b/src/gconf-helpers/gconf-upgrade.c
@@ -2062,6 +2062,85 @@ migrate_vpnc (NMConnection *connection, NMSettingVPN *s_vpn)
 	}
 }
 
+#define NM_DBUS_SERVICE_OPENVPN "org.freedesktop.NetworkManager.openvpn"
+#define NM_OPENVPN_KEY_PASSWORD "password"
+#define NM_OPENVPN_KEY_CERTPASS "cert-pass"
+#define NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD "http-proxy-password"
+#define NM_OPENVPN_KEY_CONNECTION_TYPE "connection-type"
+#define NM_OPENVPN_CONTYPE_TLS          "tls"
+#define NM_OPENVPN_CONTYPE_PASSWORD     "password"
+#define NM_OPENVPN_CONTYPE_PASSWORD_TLS "password-tls"
+#define NM_OPENVPN_KEY_PROXY_TYPE "proxy-type"
+
+static NMSettingSecretFlags
+openvpn_get_secret_flags (const char *uuid, const char *secret_name)
+{
+	GList *found = NULL;
+	GnomeKeyringResult ret;
+	NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED;
+
+	ret = gnome_keyring_find_itemsv_sync (GNOME_KEYRING_ITEM_GENERIC_SECRET,
+		                                  &found,
+		                                  KEYRING_UUID_TAG,
+		                                  GNOME_KEYRING_ATTRIBUTE_TYPE_STRING,
+										  uuid,
+		                                  KEYRING_SN_TAG,
+		                                  GNOME_KEYRING_ATTRIBUTE_TYPE_STRING,
+		                                  NM_SETTING_VPN_SETTING_NAME,
+		                                  KEYRING_SK_TAG,
+		                                  GNOME_KEYRING_ATTRIBUTE_TYPE_STRING,
+		                                  secret_name,
+		                                  NULL);
+	if (ret != GNOME_KEYRING_RESULT_OK || found == NULL)
+		flags |= NM_SETTING_SECRET_FLAG_NOT_SAVED;
+	gnome_keyring_found_list_free (found);
+
+	return flags;
+}
+
+static void
+migrate_openvpn (NMConnection *connection, NMSettingVPN *s_vpn)
+{
+	NMSettingSecretFlags flags;
+	const char *tmp;
+	gboolean check_pw = FALSE, check_cp = FALSE;
+
+	tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE);
+	if (!tmp)
+		return;
+
+	if (!strcmp (tmp, NM_OPENVPN_CONTYPE_TLS))
+		check_cp = TRUE;
+	else if (!strcmp (tmp, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
+		check_pw = TRUE;
+		check_cp = TRUE;
+	} else if (!strcmp (tmp, NM_OPENVPN_CONTYPE_PASSWORD))
+		check_pw = TRUE;
+
+	/* For each secret, we need to check the keyring to see whether the secret
+	 * is present or not, and if it's *not*, then we mark the secret as both
+	 * not-saved and agent-owned.  If it is present, the secret is just marked
+	 * agent-owned.
+	 */
+
+	if (check_pw) {
+		flags = openvpn_get_secret_flags (nm_connection_get_uuid (connection), NM_OPENVPN_KEY_PASSWORD);
+		nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENVPN_KEY_PASSWORD, flags, NULL);
+	}
+
+	if (check_cp) {
+		flags = openvpn_get_secret_flags (nm_connection_get_uuid (connection), NM_OPENVPN_KEY_CERTPASS);
+		nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENVPN_KEY_CERTPASS, flags, NULL);
+	}
+
+	/* HTTP proxy password */
+	tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_TYPE);
+	if (g_strcmp0 (tmp, "http") == 0 || g_strcmp0 (tmp, "socks") == 0) {
+		flags = openvpn_get_secret_flags (nm_connection_get_uuid (connection), NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD);
+		nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD, flags, NULL);
+	}
+}
+
 #define NM_DBUS_SERVICE_PPTP "org.freedesktop.NetworkManager.pptp"
 #define NM_PPTP_KEY_PASSWORD "password"
 
@@ -2095,6 +2174,9 @@ nm_gconf_migrate_09_secret_flags (GConfClient *client,
 			/* Mark the password as agent-owned */
 			nm_setting_set_secret_flags (setting, NM_PPTP_KEY_PASSWORD, NM_SETTING_SECRET_FLAG_AGENT_OWNED, NULL);
 			return;
+		} else if (g_strcmp0 (service, NM_DBUS_SERVICE_OPENVPN) == 0) {
+			migrate_openvpn (connection, s_vpn);
+			return;
 		}
 
 		/* Other VPNs not handled specially here just go through the
diff --git a/src/gconf-helpers/tests/08openvpn-not-saved.xml b/src/gconf-helpers/tests/08openvpn-not-saved.xml
new file mode 100644
index 0000000..ae7fbe3
--- /dev/null
+++ b/src/gconf-helpers/tests/08openvpn-not-saved.xml
@@ -0,0 +1,106 @@
+<gconfentryfile>
+  <entrylist base="/system/networking/connections">
+    <entry>
+      <key>5/connection/id</key>
+      <value>
+        <string>test-openvpn</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/connection/name</key>
+      <value>
+        <string>connection</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/connection/timestamp</key>
+      <value>
+        <string>1290572370</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/connection/type</key>
+      <value>
+        <string>vpn</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/connection/uuid</key>
+      <value>
+        <string>8a9ffa89-aca5-4350-ac82-d68cffc84eae</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/ipv4/method</key>
+      <value>
+        <string>auto</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/ipv4/name</key>
+      <value>
+        <string>ipv4</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/ipv4/never-default</key>
+      <value>
+        <bool>true</bool>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/ca</key>
+      <value>
+        <string>/home/max/some-cert-ca.pem</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/cipher</key>
+      <value>
+        <string>AES-256-CBC</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/connection-type</key>
+      <value>
+        <string>password</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/port</key>
+      <value>
+        <string>443</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/proto-tcp</key>
+      <value>
+        <string>yes</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/remote</key>
+      <value>
+        <string>openvpn.server.com</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/reneg-seconds</key>
+      <value>
+        <string>0</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/service-type</key>
+      <value>
+        <string>org.freedesktop.NetworkManager.openvpn</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/username</key>
+      <value>
+        <string>max</string>
+      </value>
+    </entry>
+  </entrylist>
+</gconfentryfile>
diff --git a/src/gconf-helpers/tests/08openvpn-saved.xml b/src/gconf-helpers/tests/08openvpn-saved.xml
new file mode 100644
index 0000000..ae7fbe3
--- /dev/null
+++ b/src/gconf-helpers/tests/08openvpn-saved.xml
@@ -0,0 +1,106 @@
+<gconfentryfile>
+  <entrylist base="/system/networking/connections">
+    <entry>
+      <key>5/connection/id</key>
+      <value>
+        <string>test-openvpn</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/connection/name</key>
+      <value>
+        <string>connection</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/connection/timestamp</key>
+      <value>
+        <string>1290572370</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/connection/type</key>
+      <value>
+        <string>vpn</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/connection/uuid</key>
+      <value>
+        <string>8a9ffa89-aca5-4350-ac82-d68cffc84eae</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/ipv4/method</key>
+      <value>
+        <string>auto</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/ipv4/name</key>
+      <value>
+        <string>ipv4</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/ipv4/never-default</key>
+      <value>
+        <bool>true</bool>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/ca</key>
+      <value>
+        <string>/home/max/some-cert-ca.pem</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/cipher</key>
+      <value>
+        <string>AES-256-CBC</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/connection-type</key>
+      <value>
+        <string>password</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/port</key>
+      <value>
+        <string>443</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/proto-tcp</key>
+      <value>
+        <string>yes</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/remote</key>
+      <value>
+        <string>openvpn.server.com</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/reneg-seconds</key>
+      <value>
+        <string>0</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/service-type</key>
+      <value>
+        <string>org.freedesktop.NetworkManager.openvpn</string>
+      </value>
+    </entry>
+    <entry>
+      <key>5/vpn/username</key>
+      <value>
+        <string>max</string>
+      </value>
+    </entry>
+  </entrylist>
+</gconfentryfile>
diff --git a/src/gconf-helpers/tests/Makefile.am b/src/gconf-helpers/tests/Makefile.am
index 81f2d30..b046859 100644
--- a/src/gconf-helpers/tests/Makefile.am
+++ b/src/gconf-helpers/tests/Makefile.am
@@ -27,5 +27,6 @@ EXTRA_DIST = \
 	test-import.xml \
 	08wifi.xml \
 	08vpnc.xml \
-	08openvpn.xml
+	08openvpn-not-saved.xml \
+	08openvpn-saved.xml
 
diff --git a/src/gconf-helpers/tests/test-upgrade.c b/src/gconf-helpers/tests/test-upgrade.c
index 2dd85e8..b850395 100644
--- a/src/gconf-helpers/tests/test-upgrade.c
+++ b/src/gconf-helpers/tests/test-upgrade.c
@@ -380,6 +380,129 @@ test_upgrade_08_vpnc (void)
 	fake_keyring_clear ();
 }
 
+static void
+upgrade_08_openvpn_saved_cb (NMConnection *connection, gpointer user_data)
+{
+	NMSettingVPN *s_vpn;
+	NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
+	gboolean success;
+
+	/* And check to make sure we've got our wpa-psk flags */
+	s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
+	g_assert (s_vpn);
+
+	success = nm_setting_get_secret_flags (NM_SETTING (s_vpn),
+	                                       "password",
+	                                       &flags,
+	                                       NULL);
+	g_assert (success);
+	g_assert_cmpint (flags, ==, NM_SETTING_SECRET_FLAG_AGENT_OWNED);
+
+	/* Connection isn't a TLS connection, so we don't expect any flags here */
+	flags = NM_SETTING_SECRET_FLAG_NONE;
+	success = nm_setting_get_secret_flags (NM_SETTING (s_vpn),
+	                                       "cert-pass",
+	                                       &flags,
+	                                       NULL);
+	g_assert (success == FALSE);
+	g_assert_cmpint (flags, ==, NM_SETTING_SECRET_FLAG_NONE);
+}
+
+static void
+test_upgrade_08_openvpn_saved (void)
+{
+	GConfClient *client;
+	gboolean success;
+	guint32 stamp;
+	GError *error = NULL;
+	GnomeKeyringAttributeList *attrs;
+	char *display_name = NULL;
+	GnomeKeyringResult ret;
+
+	client = gconf_client_get_default ();
+	stamp = (guint32) gconf_client_get_int (client, APPLET_PREFS_STAMP, &error);
+	g_assert (stamp == 0);
+	g_assert_no_error (error);
+
+	success = fake_gconf_add_xml (client, TESTDIR "/08openvpn-saved.xml");
+	g_assert (success);
+
+	/* Add the user password */
+	attrs = _create_keyring_add_attr_list ("8a9ffa89-aca5-4350-ac82-d68cffc84eae",
+	                                       "test-openvpn",
+	                                       NM_SETTING_VPN_SETTING_NAME,
+	                                       "password",
+	                                       &display_name);
+	g_assert (attrs);
+	ret = gnome_keyring_item_create_sync (NULL,
+	                                      GNOME_KEYRING_ITEM_GENERIC_SECRET,
+	                                      display_name,
+	                                      attrs,
+	                                      "blahblah my password",
+	                                      TRUE,
+	                                      NULL);
+	g_assert_cmpint (ret, ==, GNOME_KEYRING_RESULT_OK);
+	gnome_keyring_attribute_list_free (attrs);
+	g_free (display_name);
+
+	/* Now do the conversion */
+	nm_gconf_move_connections_to_system (upgrade_08_openvpn_saved_cb, NULL);
+
+	g_object_unref (client);
+	fake_keyring_clear ();
+}
+
+static void
+upgrade_08_openvpn_not_saved_cb (NMConnection *connection, gpointer user_data)
+{
+	NMSettingVPN *s_vpn;
+	NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
+	gboolean success;
+
+	/* And check to make sure we've got our wpa-psk flags */
+	s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
+	g_assert (s_vpn);
+
+	success = nm_setting_get_secret_flags (NM_SETTING (s_vpn),
+	                                       "password",
+	                                       &flags,
+	                                       NULL);
+	g_assert (success);
+	g_assert_cmpint (flags, ==, NM_SETTING_SECRET_FLAG_AGENT_OWNED | NM_SETTING_SECRET_FLAG_NOT_SAVED);
+
+	/* Connection isn't a TLS connection, so we don't expect any flags here */
+	flags = NM_SETTING_SECRET_FLAG_NONE;
+	success = nm_setting_get_secret_flags (NM_SETTING (s_vpn),
+	                                       "cert-pass",
+	                                       &flags,
+	                                       NULL);
+	g_assert (success == FALSE);
+	g_assert_cmpint (flags, ==, NM_SETTING_SECRET_FLAG_NONE);
+}
+
+static void
+test_upgrade_08_openvpn_not_saved (void)
+{
+	GConfClient *client;
+	gboolean success;
+	guint32 stamp;
+	GError *error = NULL;
+
+	client = gconf_client_get_default ();
+	stamp = (guint32) gconf_client_get_int (client, APPLET_PREFS_STAMP, &error);
+	g_assert (stamp == 0);
+	g_assert_no_error (error);
+
+	success = fake_gconf_add_xml (client, TESTDIR "/08openvpn-not-saved.xml");
+	g_assert (success);
+
+	/* Passwords for this connection are not saved so we don't add anything to the keyring */
+
+	/* Now do the conversion */
+	nm_gconf_move_connections_to_system (upgrade_08_openvpn_not_saved_cb, NULL);
+	g_object_unref (client);
+}
+
 /*******************************************/
 
 #if GLIB_CHECK_VERSION(2,25,12)
@@ -404,6 +527,8 @@ int main (int argc, char **argv)
 
 	g_test_suite_add (suite, TESTCASE (test_upgrade_08_wifi, NULL));
 	g_test_suite_add (suite, TESTCASE (test_upgrade_08_vpnc, NULL));
+	g_test_suite_add (suite, TESTCASE (test_upgrade_08_openvpn_saved, NULL));
+	g_test_suite_add (suite, TESTCASE (test_upgrade_08_openvpn_not_saved, NULL));
 
 	return g_test_run ();
 }



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]