[NetworkManager-openvpn] add ncp-disable support to disable cipher negotiation

From: Thomas Haller <thaller src gnome org>
To: commits-list gnome org
Cc:
Subject: [NetworkManager-openvpn] add ncp-disable support to disable cipher negotiation
Date: Mon, 19 Nov 2018 14:03:55 +0000 (UTC)
commit add21332342c8d930e57b4ab954a764e50096a0a
Author: Cyrinux <levis cyril gmail com>
Date:   Sat Nov 17 21:12:35 2018 +0100

    add ncp-disable support to disable cipher negotiation
    
    [thaller redhat com: fix spelling for negotiation]
    
    https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/merge_requests/12

 properties/nm-openvpn-dialog.ui       | 20 ++++++++++++++++++++
 properties/nm-openvpn-editor.c        |  6 ++++++
 properties/tests/conf/keysize.ovpn    |  2 +-
 properties/tests/test-import-export.c |  1 +
 shared/nm-service-defines.h           |  1 +
 shared/utils.h                        |  1 +
 src/nm-openvpn-service.c              |  5 +++++
 7 files changed, 35 insertions(+), 1 deletion(-)
---
diff --git a/properties/nm-openvpn-dialog.ui b/properties/nm-openvpn-dialog.ui
index e89e53f..511a763 100644
--- a/properties/nm-openvpn-dialog.ui
+++ b/properties/nm-openvpn-dialog.ui
@@ -1614,6 +1614,26 @@ config: auth</property>
                         <property name="top_attach">2</property>
                       </packing>
                     </child>
+                    <child>
+                      <object class="GtkCheckButton" id="ncp_disable_checkbutton">
+                        <property name="label" translatable="yes">Disable cipher _negotiation</property>
+                        <property name="use_action_appearance">False</property>
+                        <property name="visible">True</property>
+                        <property name="can_focus">True</property>
+                        <property name="receives_default">False</property>
+                        <property name="tooltip_text" translatable="yes">Disable cipher negotiation between 
client and server.
+config: ncp-disable</property>
+                        <property name="use_underline">True</property>
+                        <property name="xalign">0</property>
+                        <property name="draw_indicator">True</property>
+                      </object>
+                      <packing>
+                        <property name="left_attach">0</property>
+                        <property name="top_attach">7</property>
+                        <property name="expand">False</property>
+                        <property name="fill">True</property>
+                      </packing>
+                    </child>
                     <child>
                       <object class="GtkCheckButton" id="crl_file_check">
                         <property name="label" translatable="yes">Verify CRL from file</property>
diff --git a/properties/nm-openvpn-editor.c b/properties/nm-openvpn-editor.c
index 7d5192c..5c409b4 100644
--- a/properties/nm-openvpn-editor.c
+++ b/properties/nm-openvpn-editor.c
@@ -698,6 +698,7 @@ static const char *const advanced_keys[] = {
        NM_OPENVPN_KEY_MAX_ROUTES,
        NM_OPENVPN_KEY_MSSFIX,
        NM_OPENVPN_KEY_MTU_DISC,
+       NM_OPENVPN_KEY_NCP_DISABLE,
        NM_OPENVPN_KEY_NS_CERT_TYPE,
        NM_OPENVPN_KEY_PING,
        NM_OPENVPN_KEY_PING_EXIT,
@@ -1605,6 +1606,7 @@ advanced_dialog_new (GHashTable *hash, const char *contype)
        _builder_init_toggle_button (builder, "mssfix_checkbutton", _hash_get_boolean (hash, 
NM_OPENVPN_KEY_MSSFIX));
        _builder_init_toggle_button (builder, "float_checkbutton", _hash_get_boolean (hash, 
NM_OPENVPN_KEY_FLOAT));
        _builder_init_toggle_button (builder, "tcp_checkbutton", _hash_get_boolean (hash, 
NM_OPENVPN_KEY_PROTO_TCP));
+       _builder_init_toggle_button (builder, "ncp_disable_checkbutton", _hash_get_boolean (hash, 
NM_OPENVPN_KEY_NCP_DISABLE));
 
 
        /* Populate device-related widgets */
@@ -1952,6 +1954,10 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog)
        if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
                g_hash_table_insert (hash, NM_OPENVPN_KEY_PROTO_TCP, g_strdup ("yes"));
 
+       widget = GTK_WIDGET (gtk_builder_get_object (builder, "ncp_disable_checkbutton"));
+       if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
+               g_hash_table_insert (hash, NM_OPENVPN_KEY_NCP_DISABLE, g_strdup ("yes"));
+
        widget = GTK_WIDGET (gtk_builder_get_object (builder, "dev_checkbutton"));
        if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
                int device_type;
diff --git a/properties/tests/conf/keysize.ovpn b/properties/tests/conf/keysize.ovpn
index 8d83d89..3efd91d 100644
--- a/properties/tests/conf/keysize.ovpn
+++ b/properties/tests/conf/keysize.ovpn
@@ -17,4 +17,4 @@ cert ssl/client.crt
 key ssl/client.key
 cipher BF-CBC
 keysize 512
-
+ncp-disable
diff --git a/properties/tests/test-import-export.c b/properties/tests/test-import-export.c
index 1938fba..f5f3a18 100644
--- a/properties/tests/test-import-export.c
+++ b/properties/tests/test-import-export.c
@@ -928,6 +928,7 @@ test_keysize_import (void)
 
        /* Data items */
        _check_item (s_vpn, NM_OPENVPN_KEY_KEYSIZE, "512");
+       _check_item (s_vpn, NM_OPENVPN_KEY_NCP_DISABLE, NULL);
 
        g_object_unref (connection);
 }
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 340d8d0..c0fb724 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -41,6 +41,7 @@
 #define NM_OPENVPN_KEY_DEV_TYPE                  "dev-type"
 #define NM_OPENVPN_KEY_EXTRA_CERTS               "extra-certs"
 #define NM_OPENVPN_KEY_FLOAT                     "float"
+#define NM_OPENVPN_KEY_NCP_DISABLE               "ncp-disable"
 #define NM_OPENVPN_KEY_FRAGMENT_SIZE             "fragment-size"
 #define NM_OPENVPN_KEY_HTTP_PROXY_USERNAME       "http-proxy-username"
 #define NM_OPENVPN_KEY_KEY                       "key"
diff --git a/shared/utils.h b/shared/utils.h
index b459160..e3f30be 100644
--- a/shared/utils.h
+++ b/shared/utils.h
@@ -24,6 +24,7 @@
 
 #define NMV_OVPN_TAG_AUTH               "auth"
 #define NMV_OVPN_TAG_AUTH_NOCACHE       "auth-nocache"
+#define NMV_OVPN_TAG_NCP_DISABLE        "ncp-disable"
 #define NMV_OVPN_TAG_AUTH_USER_PASS     "auth-user-pass"
 #define NMV_OVPN_TAG_CA                 "ca"
 #define NMV_OVPN_TAG_CERT               "cert"
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 05c1bb6..59b64eb 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -152,6 +152,7 @@ static const ValidProperty valid_properties[] = {
        { NM_OPENVPN_KEY_CRL_VERIFY_DIR,            G_TYPE_STRING, 0, 0, FALSE },
        { NM_OPENVPN_KEY_EXTRA_CERTS,               G_TYPE_STRING, 0, 0, FALSE },
        { NM_OPENVPN_KEY_FLOAT,                     G_TYPE_BOOLEAN, 0, 0, FALSE },
+       { NM_OPENVPN_KEY_NCP_DISABLE,               G_TYPE_BOOLEAN, 0, 0, FALSE },
        { NM_OPENVPN_KEY_FRAGMENT_SIZE,             G_TYPE_INT, 0, G_MAXINT, FALSE },
        { NM_OPENVPN_KEY_KEY,                       G_TYPE_STRING, 0, 0, FALSE },
        { NM_OPENVPN_KEY_LOCAL_IP,                  G_TYPE_STRING, 0, 0, TRUE },
@@ -1505,6 +1506,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
        if (nm_streq0 (tmp, "yes"))
                args_add_strv (args, "--float");
 
+       tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_NCP_DISABLE);
+       if (nm_streq0 (tmp, "yes"))
+               args_add_strv (args, "--ncp-disable");
+
        /* ping, ping-exit, ping-restart */
        tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PING);
        if (tmp) {
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]