[PATCH] Support for openvpn --auth option



Hello everybody,

this is my first post to this list, and it combines submitting a patch
for a new feature, and a request for help.

The attached patch is against NetworkManager-openvpn-0.7.0-16.svn4027
(Fedora 9) and adds support for the --auth option of openvpn.  The
configuration import feature works, calling openvpn with the --auth
option works, creating and changing a VPN configuration using the
--auth option works, but one problem still exists:  The GtkComboBox
for this option in the "advanced" popup does not show the current
state of this option. (But it works as expected when changing the
value.)

I've tried changing nm-openvpn-dialog.glade with glade-3 and vi many
times, and double- and triple-checked the code in auth-helpers.c,
which I've copied and modified from the handling of the cipher option.
But I'm stuck and didn't get any further for hours.  So I'm asking
here for help.

Please, can some glade and gtk expert look at this and tell me
how this issue could be fixed?

I need this patch for compatibilty with the openvpn setup of an
Astaro firewall.  The current state is enough to get a working
VPN connection, but I would rather have this feature completed
and included in the NetworkManager-0.7.0 release. ;-)

Thanks,

	Robert

diff -u NetworkManager-openvpn-0.7.0/properties/auth-helpers.c.hmacauth NetworkManager-openvpn-0.7.0/properties/auth-helpers.c
--- NetworkManager-openvpn-0.7.0/properties/auth-helpers.c.hmacauth	2008-08-29 15:30:50.000000000 +0200
+++ NetworkManager-openvpn-0.7.0/properties/auth-helpers.c	2008-11-02 23:47:27.000000000 +0100
@@ -585,6 +585,7 @@
 	NM_OPENVPN_KEY_TAP_DEV,
 	NM_OPENVPN_KEY_PROTO_TCP,
 	NM_OPENVPN_KEY_CIPHER,
+	NM_OPENVPN_KEY_AUTH,
 	NM_OPENVPN_KEY_TA_DIR,
 	NM_OPENVPN_KEY_TA,
 	NULL
@@ -734,6 +735,50 @@
 	g_strfreev (items);
 }
 
+#define HMACAUTH_COL_NAME 0
+#define HMACAUTH_COL_DEFAULT 1
+
+static void
+populate_auth_combo (GtkComboBox *box, const char *hmacauth)
+{
+	GtkListStore *store;
+	GtkTreeIter iter;
+	gboolean user_added = FALSE;
+	gchar **item;
+	gchar *items[] = {
+		NM_OPENVPN_AUTH_NONE,
+		NM_OPENVPN_AUTH_MD5,
+		NM_OPENVPN_AUTH_SHA1,
+		NULL
+	};
+
+	store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_INT);
+
+	/* Add default option which won't pass --auth to openvpn */
+	gtk_list_store_append (store, &iter);
+	gtk_list_store_set (store, &iter,
+	                    HMACAUTH_COL_NAME, _("Default"),
+	                    HMACAUTH_COL_DEFAULT, TRUE, -1);
+
+	/* Add options */
+	for (item = items; *item; item++) {
+		gtk_list_store_append (store, &iter);
+		gtk_list_store_set (store, &iter,
+		                    HMACAUTH_COL_NAME, *item,
+		                    HMACAUTH_COL_DEFAULT, FALSE, -1);
+		if (hmacauth && !strcmp (*item, hmacauth)) {
+			gtk_combo_box_set_active_iter (box, &iter);
+			user_added = TRUE;
+		}
+	}
+
+	if (!user_added)
+		gtk_combo_box_set_active (box, 0);
+
+	gtk_combo_box_set_model (box, GTK_TREE_MODEL (store));
+	g_object_unref (store);
+}
+
 static void
 tls_auth_toggled_cb (GtkWidget *widget, gpointer user_data)
 {
@@ -840,6 +885,10 @@
 		value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_CIPHER);
 		populate_cipher_combo (GTK_COMBO_BOX (widget), value);
 
+		widget = glade_xml_get_widget (xml, "hmacauth_combo");
+		value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_AUTH);
+		populate_auth_combo (GTK_COMBO_BOX (widget), value);
+
 		widget = glade_xml_get_widget (xml, "tls_auth_checkbutton");
 		value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA);
 		if (value && strlen (value))
@@ -944,6 +993,20 @@
 			}
 		}
 		
+		widget = glade_xml_get_widget (xml, "hmacauth_combo");
+		model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
+		if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) {
+			char *hmacauth = NULL;
+			gboolean is_default = TRUE;
+
+			gtk_tree_model_get (model, &iter,
+			                    HMACAUTH_COL_NAME, &hmacauth,
+			                    HMACAUTH_COL_DEFAULT, &is_default, -1);
+			if (!is_default && hmacauth) {
+				g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_AUTH), g_strdup (hmacauth));
+			}
+		}
+		
 		widget = glade_xml_get_widget (xml, "tls_auth_checkbutton");
 		if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
 			char *filename;
diff -u NetworkManager-openvpn-0.7.0/properties/import-export.c.hmacauth NetworkManager-openvpn-0.7.0/properties/import-export.c
--- NetworkManager-openvpn-0.7.0/properties/import-export.c.hmacauth	2008-11-02 23:47:27.000000000 +0100
+++ NetworkManager-openvpn-0.7.0/properties/import-export.c	2008-11-02 23:47:27.000000000 +0100
@@ -55,6 +55,7 @@
 #define SECRET_TAG "secret"
 #define AUTH_USER_PASS_TAG "auth-user-pass"
 #define TLS_AUTH_TAG "tls-auth"
+#define AUTH_TAG "auth"
 
 static gboolean
 handle_path_item (const char *line,
@@ -325,8 +326,24 @@
 			continue;
 		}
 
-		if (!strncmp (*line, AUTH_USER_PASS_TAG, strlen (AUTH_USER_PASS_TAG)))
+		if (!strncmp (*line, AUTH_USER_PASS_TAG, strlen (AUTH_USER_PASS_TAG))) {
 			have_pass = TRUE;
+			continue;
+		}
+
+		if (!strncmp (*line, AUTH_TAG, strlen (AUTH_TAG))) {
+			items = get_args (*line + strlen (AUTH_TAG));
+			if (!items)
+				continue;
+
+			if (g_strv_length (items)) {
+				g_hash_table_insert (s_vpn->data,
+				                     g_strdup (NM_OPENVPN_KEY_AUTH),
+				                     g_strdup (items[0]));
+			}
+			g_strfreev (items);
+			continue;
+		}
 	}
 
 	if (default_path)
diff -u NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade.hmacauth NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade
--- NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade.hmacauth	2008-11-02 23:47:27.000000000 +0100
+++ NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade	2008-11-02 23:47:27.000000000 +0100
@@ -801,7 +801,7 @@
               <widget class="GtkTable" id="table7">
                 <property name="visible">True</property>
                 <property name="border_width">12</property>
-                <property name="n_rows">3</property>
+                <property name="n_rows">5</property>
                 <property name="n_columns">2</property>
                 <property name="column_spacing">12</property>
                 <property name="row_spacing">6</property>
@@ -809,6 +809,9 @@
                   <placeholder/>
                 </child>
                 <child>
+                  <placeholder/>
+                </child>
+                <child>
                   <widget class="GtkTable" id="table8">
                     <property name="visible">True</property>
                     <property name="n_rows">3</property>
@@ -884,8 +887,8 @@
                   <packing>
                     <property name="left_attach">1</property>
                     <property name="right_attach">2</property>
-                    <property name="top_attach">2</property>
-                    <property name="bottom_attach">3</property>
+                    <property name="top_attach">3</property>
+                    <property name="bottom_attach">5</property>
                   </packing>
                 </child>
                 <child>
@@ -898,8 +901,8 @@
                   </widget>
                   <packing>
                     <property name="right_attach">2</property>
-                    <property name="top_attach">1</property>
-                    <property name="bottom_attach">2</property>
+                    <property name="top_attach">2</property>
+                    <property name="bottom_attach">3</property>
                   </packing>
                 </child>
                 <child>
@@ -923,6 +926,29 @@
                     <property name="y_options">GTK_EXPAND</property>
                   </packing>
                 </child>
+                <child>
+                  <widget class="GtkComboBox" id="hmacauth_combo">
+                    <property name="visible">True</property>
+                    <property name="items" translatable="yes"> </property>
+                  </widget>
+                  <packing>
+                    <property name="left_attach">1</property>
+                    <property name="right_attach">2</property>
+                    <property name="top_attach">1</property>
+                    <property name="bottom_attach">2</property>
+                    <property name="y_options"></property>
+                  </packing>
+                </child>
+                <child>
+                  <widget class="GtkLabel" id="label21">
+                    <property name="visible">True</property>
+                    <property name="label" translatable="yes">HMAC auth:</property>
+                  </widget>
+                  <packing>
+                    <property name="top_attach">1</property>
+                    <property name="bottom_attach">2</property>
+                  </packing>
+                </child>
               </widget>
               <packing>
                 <property name="position">1</property>
diff -u NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c.hmacauth NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c
--- NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c.hmacauth	2008-08-29 15:30:50.000000000 +0200
+++ NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c	2008-11-03 00:28:44.000000000 +0100
@@ -83,6 +83,7 @@
 } ValidProperty;
 
 static ValidProperty valid_properties[] = {
+	{ NM_OPENVPN_KEY_AUTH,                 G_TYPE_STRING, 0, 0, FALSE },
 	{ NM_OPENVPN_KEY_CA,                   G_TYPE_STRING, 0, 0, FALSE },
 	{ NM_OPENVPN_KEY_CERT,                 G_TYPE_STRING, 0, 0, FALSE },
 	{ NM_OPENVPN_KEY_CIPHER,               G_TYPE_STRING, 0, 0, FALSE },
@@ -437,6 +438,18 @@
 	nm_vpn_plugin_set_state (plugin, NM_VPN_SERVICE_STATE_STOPPED);
 }
 
+static gboolean
+validate_auth (const char *auth)
+{
+	if (auth) {
+		if (   !strcmp (auth, NM_OPENVPN_AUTH_NONE)
+		    || !strcmp (auth, NM_OPENVPN_AUTH_MD5)
+		    || !strcmp (auth, NM_OPENVPN_AUTH_SHA1))
+			return TRUE;
+	}
+	return FALSE;
+}
+
 static const char *
 get_connection_type (GHashTable *properties)
 {
@@ -514,7 +527,7 @@
                                  GError **error)
 {
 	NMOpenvpnPluginPrivate *priv = NM_OPENVPN_PLUGIN_GET_PRIVATE (plugin);
-	const char *openvpn_binary, *connection_type, *tmp;
+	const char *openvpn_binary, *auth, *connection_type, *tmp;
 	GPtrArray *args;
 	GSource *openvpn_watch;
 	GPid pid;
@@ -530,6 +543,18 @@
 		return FALSE;
 	}
 
+	auth = g_hash_table_lookup (properties, NM_OPENVPN_KEY_AUTH);
+	if (auth) {
+		if (!validate_auth(auth)) {
+			g_set_error (error,
+			             NM_VPN_PLUGIN_ERROR,
+			             NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+			             "%s",
+			             "Invalid HMAC auth.");
+			return FALSE;
+		}
+	}
+
 	connection_type = get_connection_type (properties);
 	if (!connection_type) {
 		g_set_error (error,
@@ -596,6 +621,12 @@
 		add_openvpn_arg (args, tmp);
 	}
 
+	/* Auth */
+	if (auth) {
+		add_openvpn_arg (args, "--auth");
+		add_openvpn_arg (args, auth);
+	}
+
 	/* TA */
 	tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_TA);
 	if (tmp && strlen (tmp)) {
diff -u NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h.hmacauth NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h
--- NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h.hmacauth	2008-08-29 15:30:50.000000000 +0200
+++ NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h	2008-11-02 23:47:27.000000000 +0100
@@ -38,6 +38,7 @@
 #define NM_DBUS_INTERFACE_OPENVPN  "org.freedesktop.NetworkManager.openvpn"
 #define NM_DBUS_PATH_OPENVPN       "/org/freedesktop/NetworkManager/openvpn"
 
+#define NM_OPENVPN_KEY_AUTH "auth"
 #define NM_OPENVPN_KEY_CA "ca"
 #define NM_OPENVPN_KEY_CERT "cert"
 #define NM_OPENVPN_KEY_CIPHER "cipher"
@@ -63,6 +64,10 @@
  */
 #define NM_OPENVPN_KEY_NOSECRET "no-secret"
 
+#define NM_OPENVPN_AUTH_NONE "none"
+#define NM_OPENVPN_AUTH_MD5  "MD5"
+#define NM_OPENVPN_AUTH_SHA1 "SHA1"
+
 #define NM_OPENVPN_CONTYPE_TLS          "tls"
 #define NM_OPENVPN_CONTYPE_STATIC_KEY   "static-key"
 #define NM_OPENVPN_CONTYPE_PASSWORD     "password"


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]