Re: OpenVPN support questions
- From: Crispin Flowerday <gnome flowerday cx>
- To: tim niemueller de
- Cc: NetworkManager-list gnome org
- Subject: Re: OpenVPN support questions
- Date: Fri, 02 Dec 2005 21:07:43 +0000
Tim,
Right, I have hacked it together to get it to work for me :-) It ended
up being really simple, just pass the 'cert' and 'key' argument, and
change the device to 'tap', although I ran across a couple of issues:
- The syslog logging is commented out, hence why I didn't see anything
- The management socket ends up closed, but with the g_io_channel still
attached. This causes a 100% CPU spin
I have attached a patch which fixes the above 2 issues, it is also at:
http://patches.theflowerdays.com/d/nm-openvpn.diff
My other changes are total hacks in the service program at the moment,
so not ready for public consumption :-)
Crispin
Index: nm-openvpn-service.c
===================================================================
RCS file: /cvs/gnome/NetworkManager/vpn-daemons/openvpn/src/nm-openvpn-service.c,v
retrieving revision 1.2
diff -u -8 -p -r1.2 nm-openvpn-service.c
--- nm-openvpn-service.c 30 Nov 2005 17:56:51 -0000 1.2
+++ nm-openvpn-service.c 2 Dec 2005 20:55:39 -0000
@@ -60,18 +60,18 @@ static const char *openvpn_binary_paths[
typedef struct _NmOpenVPN_IOData
{
char *username;
char *password;
gint child_stdin_fd;
gint child_stdout_fd;
gint child_stderr_fd;
- gint socket_fd;
- FILE *socket_file;
+ GIOChannel *socket_channel;
+ guint socket_channel_eventid;
} NmOpenVPN_IOData;
typedef struct NmOpenVPNData
{
GMainLoop *loop;
DBusConnection *con;
NMVPNState state;
GPid pid;
@@ -267,19 +267,22 @@ static void
nm_openvpn_disconnect_management_socket (NmOpenVPNData *data)
{
g_return_if_fail (data != NULL);
// This should no throw a warning since this can happen in
// non-password modes
if ( data->io_data == NULL) return;
- fclose( data->io_data->socket_file );
- data->io_data->socket_fd = -1;
- data->io_data->socket_file = NULL;
+ g_source_remove (data->io_data->socket_channel_eventid);
+ g_io_channel_shutdown (data->io_data->socket_channel, FALSE, NULL);
+ g_io_channel_unref (data->io_data->socket_channel);
+
+ if (data->io_data->username) g_free (data->io_data->username);
+ if (data->io_data->password) g_free (data->io_data->password);
g_free (data->io_data);
data->io_data = NULL;
}
/*
* nm_openvpn_helper_timer_cb
@@ -358,33 +361,32 @@ nm_openvpn_socket_data_cb (GIOChannel *s
if (g_io_channel_read_line (source, &str, NULL, NULL, NULL) == G_IO_STATUS_NORMAL) {
int len;
len = strlen (str);
if ( len > 0 ) {
char *auth;
- //printf("Read: %s\n", str);
+ /* printf("Read: %s\n", str); */
if ( sscanf(str, ">PASSWORD:Need '%a[^']' username/password", &auth) > 0 ) {
- if ( io_data->username != NULL ) {
- // printf("Queried for %s. Write: username=%s, password=%s\n", auth, io_data->username, io_data->password);
- fprintf( io_data->socket_file, "username \"%s\" %s\n", auth, io_data->username);
- fprintf( io_data->socket_file, "password \"%s\" %s\n", auth, io_data->password);
- fflush( io_data->socket_file );
+ if ( io_data->username != NULL ) {
+ gsize written;
+ char *buf = g_strdup_printf ("username \"%s\" %s\n"
+ "password \"%s\" %s\n",
+ auth, io_data->username,
+ auth, io_data->password);
+ /* Will always write everything in blocking channels (on success) */
+ g_io_channel_write_chars (source, buf, strlen (buf), &written, NULL);
+ g_io_channel_flush (source, NULL);
+ g_free (buf);
}
- g_free( io_data->username );
- g_free( io_data->password );
- free( auth );
- io_data->username = NULL;
- io_data->password = NULL;
-
return TRUE;
} else if ( strstr(str, ">PASSWORD:Verification Failed: ") == str ) {
nm_warning("Password verification failed");
nm_openvpn_dbus_signal_failure (data, NM_DBUS_VPN_SIGNAL_LOGIN_FAILED);
nm_openvpn_disconnect_management_socket (data);
@@ -441,25 +443,23 @@ nm_openvpn_connect_timer_cb (NmOpenVPNDa
} else {
nm_warning ("Could not open management socket");
nm_openvpn_dbus_signal_failure (data, NM_DBUS_VPN_SIGNAL_LAUNCH_FAILED);
return FALSE;
}
} else {
GIOChannel *openvpn_socket_channel;
guint openvpn_socket_channel_eventid;
-
- io_data->socket_fd = socket_fd;
+
+ openvpn_socket_channel = g_io_channel_unix_new (socket_fd);
+ openvpn_socket_channel_eventid = g_io_add_watch (openvpn_socket_channel, G_IO_IN, nm_openvpn_socket_data_cb, data);
+ g_io_channel_set_encoding (openvpn_socket_channel, NULL, NULL);
- if ( (io_data->socket_file = fdopen( socket_fd, "w+" )) != NULL ) {
- openvpn_socket_channel = g_io_channel_unix_new (socket_fd);
- openvpn_socket_channel_eventid = g_io_add_watch (openvpn_socket_channel, G_IO_IN, nm_openvpn_socket_data_cb, data);
- g_io_channel_set_encoding (openvpn_socket_channel, NULL, NULL);
- g_io_channel_unref (openvpn_socket_channel);
- }
+ io_data->socket_channel = openvpn_socket_channel;
+ io_data->socket_channel_eventid = openvpn_socket_channel_eventid;
return FALSE;
}
}
/*
* nm_openvpn_schedule_helper_timer
@@ -631,18 +631,19 @@ nm_openvpn_start_openvpn_binary (NmOpenV
g_ptr_array_add (openvpn_argv, (gpointer) data_items[++i]);
} else if ( (strcmp( data_items[i], "comp-lzo" ) == 0) &&
(strcmp( data_items[++i], "yes" ) == 0) ) {
g_ptr_array_add (openvpn_argv, (gpointer) "--comp-lzo");
}
}
g_ptr_array_add (openvpn_argv, (gpointer) "--nobind");
g_ptr_array_add (openvpn_argv, (gpointer) "--dev");
g_ptr_array_add (openvpn_argv, (gpointer) "tun");
- // g_ptr_array_add (openvpn_argv, (gpointer) "--syslog openvpn-nm");
+ g_ptr_array_add (openvpn_argv, (gpointer) "--syslog");
+ g_ptr_array_add (openvpn_argv, (gpointer) "openvpn-nm");
g_ptr_array_add (openvpn_argv, (gpointer) "--up");
g_ptr_array_add (openvpn_argv, (gpointer) NM_OPENVPN_HELPER_PATH);
g_ptr_array_add (openvpn_argv, (gpointer) "--up-restart");
g_ptr_array_add (openvpn_argv, (gpointer) "--persist-key");
g_ptr_array_add (openvpn_argv, (gpointer) "--persist-tun");
switch ( data->connection_type ) {
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
