[PATCH] openvpn plugin: implement support for auth option

From: Robert Vogelgesang <vogel users sourceforge net>
To: networkmanager-list gnome org
Subject: [PATCH] openvpn plugin: implement support for auth option
Date: Mon, 5 Jan 2009 01:26:32 +0100

Hello,

this is a new version of my patch to implement support for the auth
option of openvpn.  This patch must be applied after the patch to
move the cipher option handling I posted just a few minutes ago.

	Robert

diff -u NetworkManager-openvpn-0.7.0/properties/auth-helpers.c.hmacauth NetworkManager-openvpn-0.7.0/properties/auth-helpers.c
--- NetworkManager-openvpn-0.7.0/properties/auth-helpers.c.hmacauth	2009-01-04 23:25:42.000000000 +0100
+++ NetworkManager-openvpn-0.7.0/properties/auth-helpers.c	2009-01-05 00:02:33.000000000 +0100
@@ -721,6 +721,7 @@
 	NM_OPENVPN_KEY_TAP_DEV,
 	NM_OPENVPN_KEY_PROTO_TCP,
 	NM_OPENVPN_KEY_CIPHER,
+	NM_OPENVPN_KEY_AUTH,
 	NM_OPENVPN_KEY_TA_DIR,
 	NM_OPENVPN_KEY_TA,
 	NULL
@@ -865,6 +866,50 @@
 	g_strfreev (items);
 }
 
+#define HMACAUTH_COL_NAME 0
+#define HMACAUTH_COL_DEFAULT 1
+
+static void
+populate_hmacauth_combo (GtkComboBox *box, const char *hmacauth)
+{
+	GtkListStore *store;
+	GtkTreeIter iter;
+	gboolean active_initialized = FALSE;
+	gchar **item;
+	gchar *items[] = {
+		NM_OPENVPN_AUTH_NONE,
+		NM_OPENVPN_AUTH_MD5,
+		NM_OPENVPN_AUTH_SHA1,
+		NULL
+	};
+
+	store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_BOOLEAN);
+	gtk_combo_box_set_model (box, GTK_TREE_MODEL (store));
+
+	/* Add default option which won't pass --auth to openvpn */
+	gtk_list_store_append (store, &iter);
+	gtk_list_store_set (store, &iter,
+	                    HMACAUTH_COL_NAME, _("Default"),
+	                    HMACAUTH_COL_DEFAULT, TRUE, -1);
+
+	/* Add options */
+	for (item = items; *item; item++) {
+		gtk_list_store_append (store, &iter);
+		gtk_list_store_set (store, &iter,
+		                    HMACAUTH_COL_NAME, *item,
+		                    HMACAUTH_COL_DEFAULT, FALSE, -1);
+		if (hmacauth && !strcmp (*item, hmacauth)) {
+			gtk_combo_box_set_active_iter (box, &iter);
+			active_initialized = TRUE;
+		}
+	}
+
+	if (!active_initialized)
+		gtk_combo_box_set_active (box, 0);
+
+	g_object_unref (store);
+}
+
 static void
 tls_auth_toggled_cb (GtkWidget *widget, gpointer user_data)
 {
@@ -963,6 +1008,10 @@
 	value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_CIPHER);
 	populate_cipher_combo (GTK_COMBO_BOX (widget), value);
 
+	widget = glade_xml_get_widget (xml, "hmacauth_combo");
+	value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_AUTH);
+	populate_hmacauth_combo (GTK_COMBO_BOX (widget), value);
+
 	if (   !strcmp (contype, NM_OPENVPN_CONTYPE_TLS)
 	    || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS)
 	    || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) {
@@ -1077,6 +1126,20 @@
 			}
 		}
 		
+		widget = glade_xml_get_widget (xml, "hmacauth_combo");
+		model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
+		if (gtk_combo_box_get_active_iter (GTK_COMBO_BOX (widget), &iter)) {
+			char *hmacauth = NULL;
+			gboolean is_default = TRUE;
+
+			gtk_tree_model_get (model, &iter,
+			                    HMACAUTH_COL_NAME, &hmacauth,
+			                    HMACAUTH_COL_DEFAULT, &is_default, -1);
+			if (!is_default && hmacauth) {
+				g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_AUTH), g_strdup (hmacauth));
+			}
+		}
+		
 		widget = glade_xml_get_widget (xml, "tls_auth_checkbutton");
 		if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
 			char *filename;
diff -u NetworkManager-openvpn-0.7.0/properties/import-export.c.hmacauth NetworkManager-openvpn-0.7.0/properties/import-export.c
--- NetworkManager-openvpn-0.7.0/properties/import-export.c.hmacauth	2008-10-29 11:36:20.000000000 +0100
+++ NetworkManager-openvpn-0.7.0/properties/import-export.c	2009-01-04 23:25:42.000000000 +0100
@@ -55,6 +55,7 @@
 #define SECRET_TAG "secret"
 #define AUTH_USER_PASS_TAG "auth-user-pass"
 #define TLS_AUTH_TAG "tls-auth"
+#define AUTH_TAG "auth"
 
 static gboolean
 handle_path_item (const char *line,
@@ -315,8 +316,21 @@
 			continue;
 		}
 
-		if (!strncmp (*line, AUTH_USER_PASS_TAG, strlen (AUTH_USER_PASS_TAG)))
+		if (!strncmp (*line, AUTH_USER_PASS_TAG, strlen (AUTH_USER_PASS_TAG))) {
 			have_pass = TRUE;
+			continue;
+		}
+
+		if (!strncmp (*line, AUTH_TAG, strlen (AUTH_TAG))) {
+			items = get_args (*line + strlen (AUTH_TAG));
+			if (!items)
+				continue;
+
+			if (g_strv_length (items))
+				nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_AUTH, items[0]);
+			g_strfreev (items);
+			continue;
+		}
 	}
 
 	if (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY))
diff -u NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade.hmacauth NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade
--- NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade.hmacauth	2009-01-04 23:25:42.000000000 +0100
+++ NetworkManager-openvpn-0.7.0/properties/nm-openvpn-dialog.glade	2009-01-04 23:55:55.000000000 +0100
@@ -950,7 +950,7 @@
             <child>
               <widget class="GtkTable" id="table9">
                 <property name="visible">True</property>
-                <property name="n_rows">1</property>
+                <property name="n_rows">2</property>
                 <property name="n_columns">2</property>
                 <child>
                   <widget class="GtkComboBox" id="cipher_combo">
@@ -973,6 +973,31 @@
                     <property name="y_options"></property>
                   </packing>
                 </child>
+                <child>
+                  <widget class="GtkComboBox" id="hmacauth_combo">
+                    <property name="visible">True</property>
+                    <property name="items" translatable="yes"> </property>
+                  </widget>
+                  <packing>
+                    <property name="left_attach">1</property>
+                    <property name="right_attach">2</property>
+                    <property name="top_attach">1</property>
+                    <property name="bottom_attach">2</property>
+		    <property name="y_options"></property>
+                  </packing>
+                </child>
+                <child>
+                  <widget class="GtkLabel" id="label24">
+                    <property name="visible">True</property>
+		    <property name="xalign">0</property>
+                    <property name="label" translatable="yes">HMAC auth:</property>
+                  </widget>
+                  <packing>
+                    <property name="top_attach">1</property>
+                    <property name="bottom_attach">2</property>
+		    <property name="y_options"></property>
+                  </packing>
+                </child>
               </widget>
               <packing>
                 <property name="position">1</property>
diff -u NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c.hmacauth NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c
--- NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c.hmacauth	2008-10-29 11:36:19.000000000 +0100
+++ NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.c	2009-01-04 23:25:42.000000000 +0100
@@ -83,6 +83,7 @@
 } ValidProperty;
 
 static ValidProperty valid_properties[] = {
+	{ NM_OPENVPN_KEY_AUTH,                 G_TYPE_STRING, 0, 0, FALSE },
 	{ NM_OPENVPN_KEY_CA,                   G_TYPE_STRING, 0, 0, FALSE },
 	{ NM_OPENVPN_KEY_CERT,                 G_TYPE_STRING, 0, 0, FALSE },
 	{ NM_OPENVPN_KEY_CIPHER,               G_TYPE_STRING, 0, 0, FALSE },
@@ -501,6 +502,18 @@
 	nm_vpn_plugin_set_state (plugin, NM_VPN_SERVICE_STATE_STOPPED);
 }
 
+static gboolean
+validate_auth (const char *auth)
+{
+	if (auth) {
+		if (   !strcmp (auth, NM_OPENVPN_AUTH_NONE)
+		    || !strcmp (auth, NM_OPENVPN_AUTH_MD5)
+		    || !strcmp (auth, NM_OPENVPN_AUTH_SHA1))
+			return TRUE;
+	}
+	return FALSE;
+}
+
 static const char *
 validate_connection_type (const char *ctype)
 {
@@ -575,7 +588,7 @@
                                  GError **error)
 {
 	NMOpenvpnPluginPrivate *priv = NM_OPENVPN_PLUGIN_GET_PRIVATE (plugin);
-	const char *openvpn_binary, *connection_type, *tmp;
+	const char *openvpn_binary, *auth, *connection_type, *tmp;
 	GPtrArray *args;
 	GSource *openvpn_watch;
 	GPid pid;
@@ -590,6 +603,18 @@
 		             "Could not find the openvpn binary.");
 		return FALSE;
 	}
+  
+ 	auth = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_AUTH);
+ 	if (auth) {
+ 		if (!validate_auth(auth)) {
+ 			g_set_error (error,
+ 			             NM_VPN_PLUGIN_ERROR,
+ 			             NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ 			             "%s",
+ 			             "Invalid HMAC auth.");
+ 			return FALSE;
+ 		}
+ 	}
 
 	tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE);
 	connection_type = validate_connection_type (tmp);
@@ -658,6 +683,12 @@
 		add_openvpn_arg (args, tmp);
 	}
 
+	/* Auth */
+	if (auth) {
+		add_openvpn_arg (args, "--auth");
+		add_openvpn_arg (args, auth);
+	}
+
 	/* TA */
 	tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA);
 	if (tmp && strlen (tmp)) {
diff -u NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h.hmacauth NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h
--- NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h.hmacauth	2008-09-13 22:47:24.000000000 +0200
+++ NetworkManager-openvpn-0.7.0/src/nm-openvpn-service.h	2009-01-04 23:25:42.000000000 +0100
@@ -38,6 +38,7 @@
 #define NM_DBUS_INTERFACE_OPENVPN  "org.freedesktop.NetworkManager.openvpn"
 #define NM_DBUS_PATH_OPENVPN       "/org/freedesktop/NetworkManager/openvpn"
 
+#define NM_OPENVPN_KEY_AUTH "auth"
 #define NM_OPENVPN_KEY_CA "ca"
 #define NM_OPENVPN_KEY_CERT "cert"
 #define NM_OPENVPN_KEY_CIPHER "cipher"
@@ -63,6 +64,10 @@
  */
 #define NM_OPENVPN_KEY_NOSECRET "no-secret"
 
+#define NM_OPENVPN_AUTH_NONE "none"
+#define NM_OPENVPN_AUTH_MD5  "MD5"
+#define NM_OPENVPN_AUTH_SHA1 "SHA1"
+
 #define NM_OPENVPN_CONTYPE_TLS          "tls"
 #define NM_OPENVPN_CONTYPE_STATIC_KEY   "static-key"
 #define NM_OPENVPN_CONTYPE_PASSWORD     "password"

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]