>From 13b51bd8231081cc818da2294a00c86796715094 Mon Sep 17 00:00:00 2001 From: Matthias Berndt Date: Fri, 22 Jan 2016 13:58:28 +0100 Subject: [PATCH 2/3] handle tls-auth blobs correctly --- properties/import-export.c | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/properties/import-export.c b/properties/import-export.c index 0ef037a..ce9cbef 100644 --- a/properties/import-export.c +++ b/properties/import-export.c @@ -105,6 +105,9 @@ #define RPORT_TAG "rport " #define SECRET_TAG "secret " #define TLS_AUTH_TAG "tls-auth " +#define TLS_AUTH_BLOB_START_TAG "" +#define TLS_AUTH_BLOB_END_TAG "" +#define KEY_DIRECTION_TAG "key-direction " #define TLS_CLIENT_TAG "tls-client" #define TLS_REMOTE_TAG "tls-remote " #define REMOTE_CERT_TLS_TAG "remote-cert-tls " @@ -192,12 +195,17 @@ handle_path_item (const char *line, return TRUE; } +static void +handle_direction (const char *tag, const char *key, char *leftover, NMSettingVpn *s_vpn); + #define CERT_BEGIN "-----BEGIN CERTIFICATE-----" #define CERT_END "-----END CERTIFICATE-----" #define PRIV_KEY_BEGIN "-----BEGIN PRIVATE KEY-----" #define PRIV_KEY_END "-----END PRIVATE KEY-----" #define RSA_PRIV_KEY_BEGIN "-----BEGIN RSA PRIVATE KEY-----" #define RSA_PRIV_KEY_END "-----END RSA PRIVATE KEY-----" +#define STATIC_KEY_BEGIN "-----BEGIN OpenVPN Static key V1-----" +#define STATIC_KEY_END "-----END OpenVPN Static key V1-----" static gboolean handle_blob_item (const char ***line, @@ -235,6 +243,11 @@ handle_blob_item (const char ***line, end_tag = CERT_BLOB_END_TAG; blob_mark_start = CERT_BEGIN; blob_mark_end = CERT_END; + } else if (!strcmp (key, NM_OPENVPN_KEY_TA)) { + start_tag = TLS_AUTH_BLOB_START_TAG; + end_tag = TLS_AUTH_BLOB_END_TAG; + blob_mark_start = STATIC_KEY_BEGIN; + blob_mark_end = STATIC_KEY_END; } else if (!strcmp (key, NM_OPENVPN_KEY_KEY)) { start_tag = KEY_BLOB_START_TAG; end_tag = KEY_BLOB_END_TAG; @@ -244,10 +257,10 @@ handle_blob_item (const char ***line, blob_mark_end2 = RSA_PRIV_KEY_END; } else g_return_val_if_reached (FALSE); - p = *line; if (strncmp (*p, start_tag, strlen (start_tag))) goto finish; + NEXT_LINE; if (blob_mark_start2 && !strcmp (*p, blob_mark_start2)) { @@ -286,7 +299,7 @@ handle_blob_item (const char ***line, /* Write the new file */ g_string_prepend_c (in_file, '\n'); g_string_prepend (in_file, blob_mark_start); - g_string_append_printf (in_file, "%s", blob_mark_end); + g_string_append_printf (in_file, "%s\n", blob_mark_end); success = g_file_set_contents (path, in_file->str, -1, error); if (!success) goto finish; @@ -300,6 +313,7 @@ finish: g_free (path); if (in_file) g_string_free (in_file, TRUE); + return success; } @@ -507,6 +521,7 @@ do_import (const char *path, const char *contents, GError **error) char *new_contents = NULL; gboolean http_proxy = FALSE, socks_proxy = FALSE, proxy_set = FALSE; int nitems; + char *last_seen_key_direction = NULL; connection = nm_simple_connection_new (); s_con = NM_SETTING_CONNECTION (nm_setting_connection_new ()); @@ -578,6 +593,9 @@ do_import (const char *path, const char *contents, GError **error) continue; } + if (!strncmp(*line, KEY_DIRECTION_TAG, strlen (KEY_DIRECTION_TAG))) + last_seen_key_direction = *line + strlen (KEY_DIRECTION_TAG); + if (!strncmp (*line, DEV_TAG, strlen (DEV_TAG))) { items = get_args (*line + strlen (DEV_TAG), &nitems); if (nitems == 1) { @@ -868,6 +886,14 @@ do_import (const char *path, const char *contents, GError **error) if (handle_blob_item ((const char ***)&line, NM_OPENVPN_KEY_KEY, s_vpn, basename, NULL)) continue; + if (handle_blob_item ((const char ***)&line, NM_OPENVPN_KEY_TA, s_vpn, basename, NULL)) { + handle_direction("tls-auth", + NM_OPENVPN_KEY_TA_DIR, + last_seen_key_direction, + s_vpn); + continue; + } + if (handle_path_item (*line, SECRET_TAG, NM_OPENVPN_KEY_STATIC_KEY, s_vpn, default_path, &leftover)) { handle_direction ("secret", -- 2.5.0