[network-manager-openvpn] import: fix parsing of key direction
- From: Beniamino Galvani <bgalvani src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-openvpn] import: fix parsing of key direction
- Date: Fri, 4 Aug 2017 11:36:45 +0000 (UTC)
commit 28636684a268e280accaeb378f00f4a80e9e0377
Author: Beniamino Galvani <bgalvani redhat com>
Date: Fri Aug 4 09:54:48 2017 +0200
import: fix parsing of key direction
The direction was ignored if the 'key-direction' statement appeared
after 'tls-auth' or 'secret'.
https://bugzilla.gnome.org/show_bug.cgi?id=778154
Makefile.am | 1 +
properties/import-export.c | 30 +++++++++++++++++-------------
properties/tests/conf/static2.ovpn | 6 ++++++
properties/tests/conf/tls.ovpn | 4 +++-
properties/tests/test-import-export.c | 13 ++++++++-----
5 files changed, 35 insertions(+), 19 deletions(-)
---
diff --git a/Makefile.am b/Makefile.am
index e6ba7cf..cd6e310 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -293,6 +293,7 @@ EXTRA_DIST += \
properties/tests/conf/rport.ovpn \
properties/tests/conf/static.key \
properties/tests/conf/static.ovpn \
+ properties/tests/conf/static2.ovpn \
properties/tests/conf/tls.ovpn \
properties/tests/conf/tls2.ovpn \
properties/tests/conf/tun-opts.conf \
diff --git a/properties/import-export.c b/properties/import-export.c
index c796d35..b2f555d 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -794,7 +794,8 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
gs_free char *basename = NULL;
gs_free char *default_path = NULL;
char *tmp, *tmp2;
- const char *last_seen_key_direction = NULL;
+ const char *ta_direction = NULL, *secret_direction = NULL;
+ gboolean allow_ta_direction = FALSE, allow_secret_direction = FALSE;
gboolean have_certs, have_ca;
GSList *inline_blobs = NULL, *sl_iter;
@@ -871,8 +872,9 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_KEY_DIRECTION)) {
if (!args_params_check_nargs_n (params, 1, &line_error))
goto handle_line_error;
- if (!args_params_parse_key_direction (params, 1, &last_seen_key_direction,
&line_error))
+ if (!args_params_parse_key_direction (params, 1, &ta_direction, &line_error))
goto handle_line_error;
+ secret_direction = ta_direction;
continue;
}
@@ -1175,8 +1177,8 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
const char *s_direction = NULL;
can_have_direction = NM_IN_STRSET (params[0],
- NMV_OVPN_TAG_SECRET,
- NMV_OVPN_TAG_TLS_AUTH);
+ NMV_OVPN_TAG_SECRET,
+ NMV_OVPN_TAG_TLS_AUTH);
if (!args_params_check_nargs_minmax (params, 1, can_have_direction ? 2 : 1,
&line_error))
goto handle_line_error;
@@ -1188,7 +1190,6 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
if (params[2]) {
if (!args_params_parse_key_direction (params, 2, &s_direction, &line_error))
goto handle_line_error;
- last_seen_key_direction = s_direction;
}
if (!g_path_is_absolute (file))
@@ -1207,12 +1208,14 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
else if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_SECRET)) {
setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_STATIC_KEY, file);
if (s_direction)
- setting_vpn_add_data_item (s_vpn,
NM_OPENVPN_KEY_STATIC_KEY_DIRECTION, s_direction);
+ secret_direction = s_direction;
+ allow_secret_direction = TRUE;
have_sk = TRUE;
} else if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_TLS_AUTH)) {
setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_TA, file);
if (s_direction)
- setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR, s_direction);
+ ta_direction = s_direction;
+ allow_ta_direction = TRUE;
} else if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_TLS_CRYPT))
setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_TLS_CRYPT, file);
else
@@ -1405,7 +1408,6 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
gboolean is_base64 = FALSE;
char *f_path;
const char *key;
- gboolean can_have_direction = FALSE;
GString *blob_data;
InlineBlobData *inline_blob_data;
@@ -1422,10 +1424,10 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
key = NM_OPENVPN_KEY_TLS_CRYPT;
else if (nm_streq (token, INLINE_BLOB_TLS_AUTH)) {
key = NM_OPENVPN_KEY_TA;
- can_have_direction = TRUE;
+ allow_ta_direction = TRUE;
} else if (nm_streq (token, INLINE_BLOB_SECRET)) {
key = NM_OPENVPN_KEY_STATIC_KEY;
- can_have_direction = TRUE;
+ allow_secret_direction = TRUE;
} else {
line_error = g_strdup_printf (_("unsupported blob/xml element"));
goto handle_line_error;
@@ -1502,9 +1504,6 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_CERT, f_path);
setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_KEY, f_path);
}
- if ( can_have_direction
- && last_seen_key_direction)
- setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR,
last_seen_key_direction);
continue;
}
@@ -1522,6 +1521,11 @@ handle_line_error:
goto out_error;
}
+ if (allow_secret_direction && secret_direction)
+ setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY_DIRECTION, secret_direction);
+ if (allow_ta_direction && ta_direction)
+ setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR, ta_direction);
+
if (!have_client && !have_sk) {
g_set_error_literal (error,
NMV_EDITOR_PLUGIN_ERROR,
diff --git a/properties/tests/conf/static2.ovpn b/properties/tests/conf/static2.ovpn
new file mode 100644
index 0000000..71e26a4
--- /dev/null
+++ b/properties/tests/conf/static2.ovpn
@@ -0,0 +1,6 @@
+remote 10.11.12.13
+dev tun
+ifconfig 10.8.0.2 10.8.0.1
+secret static.key
+key-direction 0
+
diff --git a/properties/tests/conf/tls.ovpn b/properties/tests/conf/tls.ovpn
index f1be325..0e51a22 100644
--- a/properties/tests/conf/tls.ovpn
+++ b/properties/tests/conf/tls.ovpn
@@ -16,11 +16,13 @@ ca keys/mg8.ca
cert keys/clee.crt
key keys/clee.key
-tls-auth keys/46.key 1
+tls-auth keys/46.key
remote-cert-tls server
tls-remote "/CN=myvpn.company.com"
verify-x509-name "C=US, L=Cambridge, CN=GNOME, emailAddress=networkmanager-list gnome org" subject
+key-direction 1
+
comp-lzo
verb 3
diff --git a/properties/tests/test-import-export.c b/properties/tests/test-import-export.c
index d541d08..e9d4496 100644
--- a/properties/tests/test-import-export.c
+++ b/properties/tests/test-import-export.c
@@ -523,16 +523,18 @@ test_non_utf8_import (void)
}
static void
-test_static_key_import (void)
+test_static_key_import (gconstpointer test_data)
{
_CREATE_PLUGIN (plugin);
NMConnection *connection;
NMSettingConnection *s_con;
NMSettingVpn *s_vpn;
- const char *expected_id = "static";
+ const char *file, *expected_id, *expected_dir;
char *expected_path;
- connection = get_basic_connection (plugin, SRCDIR, "static.ovpn");
+ nmtst_test_data_unpack (test_data, &file, &expected_id, &expected_dir);
+
+ connection = get_basic_connection (plugin, SRCDIR, file);
g_assert (connection);
/* Connection setting */
@@ -554,7 +556,7 @@ test_static_key_import (void)
_check_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS, NULL);
_check_item (s_vpn, NM_OPENVPN_KEY_REMOTE, "10.11.12.13");
_check_item (s_vpn, NM_OPENVPN_KEY_PORT, NULL);
- _check_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY_DIRECTION, "1");
+ _check_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY_DIRECTION, expected_dir);
_check_item (s_vpn, NM_OPENVPN_KEY_TA, NULL);
_check_item (s_vpn, NM_OPENVPN_KEY_TA_DIR, NULL);
_check_item (s_vpn, NM_OPENVPN_KEY_CIPHER, NULL);
@@ -1109,7 +1111,8 @@ int main (int argc, char **argv)
_add_test_func_simple (test_non_utf8_import);
- _add_test_func_simple (test_static_key_import);
+ _add_test_func ("static-import-1", test_static_key_import, "static.ovpn", "static", "1");
+ _add_test_func ("static-import-2", test_static_key_import, "static2.ovpn", "static2", "0");
_add_test_func ("static", test_export_compare, "static.ovpn", "static.ovpntest");
_add_test_func ("port-import", test_port_import, "port.ovpn", "port", "2345");
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
