[network-manager-openvpn/bg/options: 1/5] openvpn: Add support for tls-crypt

From: Beniamino Galvani <bgalvani src gnome org>
To: commits-list gnome org
Cc:
Subject: [network-manager-openvpn/bg/options: 1/5] openvpn: Add support for tls-crypt
Date: Fri, 12 May 2017 15:42:09 +0000 (UTC)
commit 9f2536057ac8ffb8a15d4336773094612c262460
Author: Pau Espin Pedrol <pespin shar gmail com>
Date:   Sun Jan 29 04:15:10 2017 +0100

    openvpn: Add support for tls-crypt
    
    https://bugzilla.gnome.org/show_bug.cgi?id=777768
    
    Signed-off-by: Pau Espin Pedrol <pespin shar gmail com>

 properties/import-export.c |   18 +++++++++++-------
 shared/utils.h             |    1 +
 src/nm-openvpn-service.c   |   15 +++++++++------
 3 files changed, 21 insertions(+), 13 deletions(-)
---
diff --git a/properties/import-export.c b/properties/import-export.c
index 54ff342..c5cae86 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -44,6 +44,7 @@
 #define INLINE_BLOB_PKCS12              "pkcs12"
 #define INLINE_BLOB_SECRET              "secret"
 #define INLINE_BLOB_TLS_AUTH            "tls-auth"
+#define INLINE_BLOB_TLS_CRYPT           "tls-crypt"
 
 const char *_nmovpn_test_temp_path = NULL;
 
@@ -1155,7 +1156,8 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
                                 NMV_OVPN_TAG_CERT,
                                 NMV_OVPN_TAG_KEY,
                                 NMV_OVPN_TAG_SECRET,
-                                NMV_OVPN_TAG_TLS_AUTH)) {
+                                NMV_OVPN_TAG_TLS_AUTH,
+                                NMV_OVPN_TAG_TLS_CRYPT)) {
                        const char *file;
                        gs_free char *file_free = NULL;
                        gboolean can_have_direction;
@@ -1196,7 +1198,7 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
                                if (s_direction)
                                        setting_vpn_add_data_item (s_vpn, 
NM_OPENVPN_KEY_STATIC_KEY_DIRECTION, s_direction);
                                have_sk = TRUE;
-                       } else if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_TLS_AUTH)) {
+                       } else if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_TLS_AUTH, NMV_OVPN_TAG_TLS_CRYPT)) {
                                setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_TA, file);
                                if (s_direction)
                                        setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR, s_direction);
@@ -1403,7 +1405,9 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
                        else if (nm_streq (token, INLINE_BLOB_PKCS12)) {
                                is_base64 = TRUE;
                                key = NULL;
-                       } else if (nm_streq (token, INLINE_BLOB_TLS_AUTH)) {
+                       } else if (nm_streq (token, INLINE_BLOB_TLS_CRYPT))
+                               key = NM_OPENVPN_KEY_TA;
+                       else if (nm_streq (token, INLINE_BLOB_TLS_AUTH)) {
                                key = NM_OPENVPN_KEY_TA;
                                can_have_direction = TRUE;
                        } else if (nm_streq (token, INLINE_BLOB_SECRET)) {
@@ -1959,11 +1963,12 @@ do_export_create (NMConnection *connection, const char *path, GError **error)
                ta_key = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA);
                if (_arg_is_set (ta_key)) {
                        gs_free char *s_free = NULL;
-
+                       const char *ta_dir = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR);
+                       const char *tls_type = _arg_is_set (ta_dir) ? NMV_OVPN_TAG_TLS_AUTH : 
NMV_OVPN_TAG_TLS_CRYPT;
                        args_write_line (f,
-                                        NMV_OVPN_TAG_TLS_AUTH,
+                                        tls_type,
                                         nmv_utils_str_utf8safe_unescape_c (ta_key, &s_free),
-                                        _arg_is_set (nm_setting_vpn_get_data_item (s_vpn, 
NM_OPENVPN_KEY_TA_DIR)));
+                                        _arg_is_set (ta_dir));
                }
        }
 
@@ -2104,4 +2109,3 @@ do_export (const char *path, NMConnection *connection, GError **error)
 
        return TRUE;
 }
-
diff --git a/shared/utils.h b/shared/utils.h
index 61b35b6..05b8076 100644
--- a/shared/utils.h
+++ b/shared/utils.h
@@ -67,6 +67,7 @@
 #define NMV_OVPN_TAG_TLS_AUTH           "tls-auth"
 #define NMV_OVPN_TAG_TLS_CIPHER         "tls-cipher"
 #define NMV_OVPN_TAG_TLS_CLIENT         "tls-client"
+#define NMV_OVPN_TAG_TLS_CRYPT          "tls-crypt"
 #define NMV_OVPN_TAG_TLS_REMOTE         "tls-remote"
 #define NMV_OVPN_TAG_TOPOLOGY           "topology"
 #define NMV_OVPN_TAG_TUN_IPV6           "tun-ipv6"
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index d71ed62..acb95a1 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -1579,12 +1579,15 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
        /* TA */
        tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA);
        if (tmp && tmp[0]) {
-               add_openvpn_arg (args, "--tls-auth");
-               add_openvpn_arg_utf8safe (args, tmp);
-
-               tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR);
-               if (tmp && tmp[0])
-                       add_openvpn_arg (args, tmp);
+               tmp2 = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR);
+               if (tmp2 && strlen (tmp2)) {
+                       add_openvpn_arg (args, "--tls-auth");
+                       add_openvpn_arg_utf8safe (args, tmp);
+                       add_openvpn_arg (args, tmp2);
+               } else {
+                       add_openvpn_arg (args, "--tls-crypt");
+                       add_openvpn_arg_utf8safe (args, tmp);
+               }
        }
 
        /* tls-remote */
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]