[network-manager-openconnect/th/vpn-service-info-bgo767197: 2/2] change multiprotocol support to use a new "protocol" option
- From: Thomas Haller <thaller src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-openconnect/th/vpn-service-info-bgo767197: 2/2] change multiprotocol support to use a new "protocol" option
- Date: Thu, 9 Jun 2016 13:36:38 +0000 (UTC)
commit 13674d249c79577947bb250c775c672625337582
Author: Thomas Haller <thaller redhat com>
Date: Wed Jun 8 01:45:20 2016 +0200
change multiprotocol support to use a new "protocol" option
The recently added Juniper VPN support was realized by adding a
service-type alias openconnect.nc. Thereby, the protocol was encoded in
the service-type. That is not great, because traditionally the service-type
was the D-Bus bus name of the VPN service. Nowadays, with multi-VPN
support that somewhat changed and it's used as a base to generate the
real bus name.
Another important role that the service-type plays is in the connection,
where the vpn.service-type setting associates a connection with it's plugin.
The service-type should not be hacked to encode the openconnect protocol
option. Instead, add a NM_OPENCONNECT_KEY_PROTOCOL key.
However, in nm-connection-editor's UI we don't want to show the protocol
as an option inside the VPN dialog. Instead, the two protocols
"anyconnect" and "nc" should result in two separate entires in the
"add-connection" list. This way, the user first selects to create either
an "anyconnect" or "nc" VPN connection, and then the UI doesn't let
him switch protocol anymore.
This is realized by exposing the protocol as an "add-detail". When
populating the list of VPN types, connection-editor can ask the plugin
whether it supports multiple entires. Later, when adding the connection,
the protocol field is pre-filled via the "add-detail-key".
Note that nm-openconnect is mostly agnostic to the actual protocol
value. When openconnect gains support for a new protocol, the plugin
will just support it for the most part. The only thing that is missing
is to generate an additional add-connection entry.
Note that the supported protocols are inside the .name file. So, the
user could edit the plugin configuration with a new protocol. As a
result, the new protocol would show up in the list. However, that
doesn't really fly, because the plugin cannot show a proper name and
description for the unknown protocol. Also, the .name file is really
not user-configuration but a part of the plugin's implementation.
https://bugzilla.gnome.org/show_bug.cgi?id=767197
nm-openconnect-service.name.in | 4 +-
properties/nm-openconnect.c | 179 ++++++++++++++++++++++++++++++++++
src/nm-openconnect-service-defines.h | 1 +
src/nm-openconnect-service.c | 14 +--
4 files changed, 189 insertions(+), 9 deletions(-)
---
diff --git a/nm-openconnect-service.name.in b/nm-openconnect-service.name.in
index 38adcea..0dde170 100644
--- a/nm-openconnect-service.name.in
+++ b/nm-openconnect-service.name.in
@@ -1,6 +1,5 @@
[VPN Connection]
name=openconnect
-aliases=org.freedesktop.NetworkManager.openconnect.anyconnect;org.freedesktop.NetworkManager.openconnect.nc
service=org.freedesktop.NetworkManager.openconnect
program= LIBEXECDIR@/nm-openconnect-service
supports-multiple-connections=true
@@ -11,3 +10,6 @@ plugin= PLUGINDIR@/libnm-vpn-plugin-openconnect.so
[GNOME]
auth-dialog= LIBEXECDIR@/nm-openconnect-auth-dialog
properties= PLUGINDIR@/libnm-openconnect-properties
+
+[openconnect]
+supported-protocols=anyconnect,nc
diff --git a/properties/nm-openconnect.c b/properties/nm-openconnect.c
index ec1a3e8..afce341 100644
--- a/properties/nm-openconnect.c
+++ b/properties/nm-openconnect.c
@@ -94,6 +94,12 @@ G_DEFINE_TYPE_EXTENDED (OpenconnectEditorPlugin, openconnect_editor_plugin, G_TY
G_IMPLEMENT_INTERFACE (NM_TYPE_VPN_EDITOR_PLUGIN,
openconnect_editor_plugin_interface_init))
+typedef struct {
+ char **supported_protocols;
+} OpenconnectEditorPluginPrivate;
+
+#define OPENCONNECT_EDITOR_PLUGIN_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o),
OPENCONNECT_TYPE_EDITOR_PLUGIN, OpenconnectEditorPluginPrivate))
+
/************** UI widget class **************/
static void openconnect_editor_interface_init (NMVpnEditorInterface *iface_class);
@@ -595,10 +601,18 @@ update_connection (NMVpnEditor *iface,
GtkTextIter iter_start, iter_end;
GtkTextBuffer *buffer;
const char *auth_type = NULL;
+ const char *protocol = NULL;
+
+ s_vpn = nm_connection_get_setting_vpn (connection);
+ if (s_vpn)
+ protocol = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_PROTOCOL);
s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
g_object_set (s_vpn, NM_SETTING_VPN_SERVICE_TYPE, NM_VPN_SERVICE_TYPE_OPENCONNECT, NULL);
+ if (protocol)
+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PROTOCOL, protocol);
+
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "gateway_entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
@@ -792,6 +806,143 @@ get_capabilities (NMVpnEditorPlugin *iface)
NM_VPN_EDITOR_PLUGIN_CAPABILITY_IPV6);
}
+#ifndef NM_OPENCONNECT_OLD
+static void
+notify_plugin_info_set (NMVpnEditorPlugin *plugin,
+ NMVpnPluginInfo *plugin_info)
+{
+ OpenconnectEditorPluginPrivate *priv = OPENCONNECT_EDITOR_PLUGIN_GET_PRIVATE (plugin);
+ const char *supported_protocols;
+ guint i, j;
+
+ if (!plugin_info)
+ return;
+
+ supported_protocols = nm_vpn_plugin_info_lookup_property (plugin_info, "openconnect",
"supported-protocols");
+
+ g_strfreev (priv->supported_protocols);
+ priv->supported_protocols = supported_protocols
+ ? g_strsplit_set (supported_protocols, ",", -1)
+ : g_new0 (char *, 1);
+
+ /*remove empty entries and whitespace */
+ for (i = 0, j = 0; priv->supported_protocols[j]; j++) {
+ g_strstrip (priv->supported_protocols[j]);
+ if (priv->supported_protocols[j][0] == '\0')
+ g_free (priv->supported_protocols[j]);
+ else
+ priv->supported_protocols[i++] = priv->supported_protocols[j];
+ }
+ priv->supported_protocols[i] = NULL;
+}
+
+static gboolean
+call_get_signature (NMVpnEditorPlugin *plugin,
+ const char *request,
+ gboolean *free_types,
+ GType **types_in,
+ GType **types_out)
+{
+ if (!strcmp (request, "get-service-add-details")) {
+ static GType t_in[] = { G_TYPE_STRING, 0 };
+ static GType t_out[] = { 0 };
+
+ if (G_UNLIKELY (t_out[0] == 0))
+ t_out[0] = G_TYPE_STRV;
+
+ *types_in = t_in;
+ *types_out = t_out;
+ return TRUE;
+ }
+ if (!strcmp (request, "get-service-add-detail")) {
+ static GType t_in[] = { G_TYPE_STRING, G_TYPE_STRING, 0 };
+ static GType t_out[] = { G_TYPE_STRING, G_TYPE_STRING, G_TYPE_STRING, G_TYPE_UINT, 0 };
+
+ *types_in = t_in;
+ *types_out = t_out;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+static gboolean
+call (NMVpnEditorPlugin *plugin,
+ const char *request,
+ GError **error,
+ const GValue *const*args_in,
+ GValue *const*args_out)
+{
+ OpenconnectEditorPluginPrivate *priv;
+ const char *service_type;
+ const char *add_detail;
+
+ if (!strcmp (request, "get-service-add-details")) {
+ service_type = g_value_get_string (args_in[0]);
+
+ if (service_type) {
+ if (!strcmp (service_type, NM_VPN_SERVICE_TYPE_OPENCONNECT)) {
+ priv = OPENCONNECT_EDITOR_PLUGIN_GET_PRIVATE (plugin);
+ g_value_set_boxed (args_out[0], priv->supported_protocols);
+ return TRUE;
+ }
+ }
+ goto out_unknown_service_type;
+ }
+ if (!strcmp (request, "get-service-add-detail")) {
+ service_type = g_value_get_string (args_in[0]);
+ add_detail = g_value_get_string (args_in[1]);
+
+ if (service_type) {
+ if (!add_detail) {
+ g_set_error (error, NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_CALL_INVALID_ARGUMENT,
+ _("missing add_detail argument"));
+ return FALSE;
+ }
+ if (!strcmp (service_type, NM_VPN_SERVICE_TYPE_OPENCONNECT)) {
+ guint i;
+
+ if (!strcmp (add_detail, "anyconnect")) {
+ g_value_set_string (args_out[0], OPENCONNECT_PLUGIN_NAME);
+ g_value_set_string (args_out[1], OPENCONNECT_PLUGIN_DESC);
+ g_value_set_string (args_out[2], NM_OPENCONNECT_KEY_PROTOCOL);
+ g_value_set_uint (args_out[3], 0);
+ return TRUE;
+ }
+ if (!strcmp (add_detail, "nc")) {
+ g_value_set_string (args_out[0], _("Juniper Network Connect
(openconnect)"));
+ g_value_set_string (args_out[1], _("Compatible with Juniper Network
Connect / Pulse Secure SSL VPN"));
+ g_value_set_string (args_out[2], NM_OPENCONNECT_KEY_PROTOCOL);
+ g_value_set_uint (args_out[3], 0);
+ return TRUE;
+ }
+ priv = OPENCONNECT_EDITOR_PLUGIN_GET_PRIVATE (plugin);
+ for (i = 0; priv->supported_protocols[i]; i++) {
+ if (strcmp (add_detail, priv->supported_protocols[i]))
+ continue;
+ /* we don't know this protocol by name, but it's configured in the
.name file,
+ * so just take it. */
+ g_value_take_string (args_out[0], g_strdup_printf (_("Openconnect VPN
(%s)"), add_detail));
+ g_value_take_string (args_out[1], g_strdup_printf (_("Openconnect SSL
VPN with %s protocol"), add_detail));
+ g_value_set_string (args_out[2], NM_OPENCONNECT_KEY_PROTOCOL);
+ g_value_set_uint (args_out[3], 0);
+ return TRUE;
+ }
+
+ g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ _("add-detail '%s' for '%s' does not support add-details"),
add_detail, service_type);
+ return FALSE;
+ }
+ }
+ goto out_unknown_service_type;
+ }
+ return FALSE;
+out_unknown_service_type:
+ g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_CALL_INVALID_ARGUMENT,
+ _("Unknown service-type '%s'"), service_type);
+ return FALSE;
+}
+#endif
+
static NMVpnEditor *
get_editor (NMVpnEditorPlugin *iface, NMConnection *connection, GError **error)
{
@@ -819,11 +970,26 @@ get_property (GObject *object, guint prop_id,
}
static void
+openconnect_editor_plugin_dispose (GObject *object)
+{
+ OpenconnectEditorPlugin *plugin = OPENCONNECT_EDITOR_PLUGIN (object);
+ OpenconnectEditorPluginPrivate *priv = OPENCONNECT_EDITOR_PLUGIN_GET_PRIVATE (plugin);
+
+ g_strfreev (priv->supported_protocols);
+ priv->supported_protocols = NULL;
+
+ G_OBJECT_CLASS (openconnect_editor_plugin_parent_class)->dispose (object);
+}
+
+static void
openconnect_editor_plugin_class_init (OpenconnectEditorPluginClass *req_class)
{
GObjectClass *object_class = G_OBJECT_CLASS (req_class);
+ g_type_class_add_private (req_class, sizeof (OpenconnectEditorPluginPrivate));
+
object_class->get_property = get_property;
+ object_class->dispose = openconnect_editor_plugin_dispose;
g_object_class_override_property (object_class,
PROP_NAME,
@@ -841,6 +1007,14 @@ openconnect_editor_plugin_class_init (OpenconnectEditorPluginClass *req_class)
static void
openconnect_editor_plugin_init (OpenconnectEditorPlugin *plugin)
{
+ OpenconnectEditorPluginPrivate *priv = OPENCONNECT_EDITOR_PLUGIN_GET_PRIVATE (plugin);
+ char *dflt[] = {
+ "anyconnect",
+ "nc",
+ NULL,
+ };
+
+ priv->supported_protocols = g_strdupv (dflt);
}
static void
@@ -851,6 +1025,11 @@ openconnect_editor_plugin_interface_init (NMVpnEditorPluginInterface *iface_clas
iface_class->get_capabilities = get_capabilities;
iface_class->import_from_file = import;
iface_class->export_to_file = export;
+#ifndef NM_OPENCONNECT_OLD
+ iface_class->call_get_signature = call_get_signature;
+ iface_class->call = call;
+ iface_class->notify_plugin_info_set = notify_plugin_info_set;
+#endif
}
G_MODULE_EXPORT NMVpnEditorPlugin *
diff --git a/src/nm-openconnect-service-defines.h b/src/nm-openconnect-service-defines.h
index 8bc2626..6853505 100644
--- a/src/nm-openconnect-service-defines.h
+++ b/src/nm-openconnect-service-defines.h
@@ -40,6 +40,7 @@
#define NM_OPENCONNECT_KEY_PRIVKEY "userkey"
#define NM_OPENCONNECT_KEY_MTU "mtu"
#define NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID "pem_passphrase_fsid"
+#define NM_OPENCONNECT_KEY_PROTOCOL "protocol"
#define NM_OPENCONNECT_KEY_PROXY "proxy"
#define NM_OPENCONNECT_KEY_CSD_ENABLE "enable_csd_trojan"
#define NM_OPENCONNECT_KEY_CSD_WRAPPER "csd_wrapper"
diff --git a/src/nm-openconnect-service.c b/src/nm-openconnect-service.c
index 7e8be4f..4fccba2 100644
--- a/src/nm-openconnect-service.c
+++ b/src/nm-openconnect-service.c
@@ -364,7 +364,7 @@ nm_openconnect_start_openconnect_binary (NMOpenconnectPlugin *plugin,
GSource *openconnect_watch;
gint stdin_fd;
const char *props_vpn_gw, *props_cookie, *props_cacert, *props_mtu, *props_gwcert, *props_proxy;
- const char *service;
+ const char *protocol;
/* Find openconnect */
openconnect_binary = openconnect_binary_paths;
@@ -410,20 +410,18 @@ nm_openconnect_start_openconnect_binary (NMOpenconnectPlugin *plugin,
props_mtu = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_MTU);
props_proxy = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_PROXY);
- service = nm_setting_vpn_get_service_type (s_vpn);
openconnect_argv = g_ptr_array_new ();
g_ptr_array_add (openconnect_argv, (gpointer) (*openconnect_binary));
- if (service && g_str_has_prefix(service, NM_DBUS_SERVICE_OPENCONNECT ".")) {
- service += strlen(NM_DBUS_SERVICE_OPENCONNECT ".");
-
+ protocol = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_PROTOCOL);
+ if (protocol && strcmp (protocol, "anyconnect")) {
/* Special case for OpenConnect 7.06 which had --juniper but not --protocol */
- if (!strcmp(service, "juniper"))
+ if (!strcmp (protocol, "juniper"))
g_ptr_array_add (openconnect_argv, (gpointer) "--juniper");
else {
g_ptr_array_add (openconnect_argv, (gpointer) "--protocol");
- g_ptr_array_add (openconnect_argv, (gpointer) service);
+ g_ptr_array_add (openconnect_argv, (gpointer) protocol);
}
}
@@ -444,7 +442,7 @@ nm_openconnect_start_openconnect_binary (NMOpenconnectPlugin *plugin,
g_ptr_array_add (openconnect_argv, (gpointer) "--proxy");
g_ptr_array_add (openconnect_argv, (gpointer) props_proxy);
}
-
+
g_ptr_array_add (openconnect_argv, (gpointer) "--syslog");
g_ptr_array_add (openconnect_argv, (gpointer) "--cookie-on-stdin");
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
