Ubuntu
network-manager-openvpn package

Merge lp:~ubuntu-branches/ubuntu/utopic/network-manager-openvpn/utopic-201405040311 into lp:ubuntu/utopic/network-manager-openvpn

  1. Utopic (14.10)
  2. utopic-201405040311
  3. Merge into utopic
Proposed by Ubuntu Package Importer
Status: Needs review
Proposed branch: lp:~ubuntu-branches/ubuntu/utopic/network-manager-openvpn/utopic-201405040311
Merge into: lp:ubuntu/utopic/network-manager-openvpn
Diff against target: 1042 lines (+2/-1020) (has conflicts)
2 files modified
.pc/01-export-user-nobody.patch/properties/import-export.c (+0/-1018)
properties/import-export.c (+2/-2)
Contents conflict in .pc/applied-patches
To merge this branch: bzr merge lp:~ubuntu-branches/ubuntu/utopic/network-manager-openvpn/utopic-201405040311
Reviewer Review Type Date Requested Status
Ubuntu branches Pending
Review via email: mp+218208@code.launchpad.net

Description of the change

The package importer has detected a possible inconsistency between the package history in the archive and the history in bzr. As the archive is authoritative the importer has made lp:ubuntu/utopic/network-manager-openvpn reflect what is in the archive and the old bzr branch has been pushed to lp:~ubuntu-branches/ubuntu/utopic/network-manager-openvpn/utopic-201405040311. This merge proposal was created so that an Ubuntu developer can review the situations and perform a merge/upload if necessary. There are three typical cases where this can happen.
  1. Where someone pushes a change to bzr and someone else uploads the package without that change. This is the reason that this check is done by the importer. If this appears to be the case then a merge/upload should be done if the changes that were in bzr are still desirable.
  2. The importer incorrectly detected the above situation when someone made a change in bzr and then uploaded it.
  3. The importer incorrectly detected the above situation when someone just uploaded a package and didn't touch bzr.

If this case doesn't appear to be the first situation then set the status of the merge proposal to "Rejected" and help avoid the problem in future by filing a bug at https://bugs.launchpad.net/udd linking to this merge proposal.

(this is an automatically generated message)

To post a comment you must log in.

Unmerged revisions

22. By Stéphane Graber

releasing version 0.9.8.4-2ubuntu1

21. By Stéphane Graber

Merge from Debian unstable

20. By Stéphane Graber

Merging shared upstream rev into target branch.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== removed directory '.pc/01-export-user-nobody.patch'
2=== removed directory '.pc/01-export-user-nobody.patch/properties'
3=== removed file '.pc/01-export-user-nobody.patch/properties/import-export.c'
4--- .pc/01-export-user-nobody.patch/properties/import-export.c 2013-02-21 15:09:10 +0000
5+++ .pc/01-export-user-nobody.patch/properties/import-export.c 1970-01-01 00:00:00 +0000
6@@ -1,1018 +0,0 @@
7-/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
8-/***************************************************************************
9- *
10- * This program is free software; you can redistribute it and/or modify
11- * it under the terms of the GNU General Public License as published by
12- * the Free Software Foundation; either version 2 of the License, or
13- * (at your option) any later version.
14- *
15- * This program is distributed in the hope that it will be useful,
16- * but WITHOUT ANY WARRANTY; without even the implied warranty of
17- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18- * GNU General Public License for more details.
19- *
20- * You should have received a copy of the GNU General Public License along
21- * with this program; if not, write to the Free Software Foundation, Inc.,
22- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23- *
24- * Copyright (C) 2008 - 2013 Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
25- *
26- **************************************************************************/
27-
28-#ifdef HAVE_CONFIG_H
29-#include <config.h>
30-#endif
31-
32-#include <string.h>
33-#include <sys/types.h>
34-#include <stdlib.h>
35-#include <sys/stat.h>
36-#include <fcntl.h>
37-#include <unistd.h>
38-#include <errno.h>
39-#include <ctype.h>
40-#include <stdio.h>
41-
42-#include <glib/gi18n-lib.h>
43-
44-#include <nm-setting-vpn.h>
45-#include <nm-setting-connection.h>
46-#include <nm-setting-ip4-config.h>
47-
48-#include "import-export.h"
49-#include "nm-openvpn.h"
50-#include "../src/nm-openvpn-service.h"
51-#include "../common/utils.h"
52-
53-#define AUTH_TAG "auth "
54-#define AUTH_USER_PASS_TAG "auth-user-pass"
55-#define CA_TAG "ca "
56-#define CERT_TAG "cert "
57-#define CIPHER_TAG "cipher "
58-#define CLIENT_TAG "client"
59-#define COMP_TAG "comp-lzo"
60-#define DEV_TAG "dev "
61-#define FRAGMENT_TAG "fragment "
62-#define IFCONFIG_TAG "ifconfig "
63-#define KEY_TAG "key "
64-#define MSSFIX_TAG "mssfix"
65-#define PKCS12_TAG "pkcs12 "
66-#define PORT_TAG "port "
67-#define PROTO_TAG "proto "
68-#define HTTP_PROXY_TAG "http-proxy "
69-#define HTTP_PROXY_RETRY_TAG "http-proxy-retry"
70-#define SOCKS_PROXY_TAG "socks-proxy "
71-#define SOCKS_PROXY_RETRY_TAG "socks-proxy-retry"
72-#define REMOTE_TAG "remote "
73-#define RENEG_SEC_TAG "reneg-sec "
74-#define RPORT_TAG "rport "
75-#define SECRET_TAG "secret "
76-#define TLS_AUTH_TAG "tls-auth "
77-#define TLS_CLIENT_TAG "tls-client"
78-#define TLS_REMOTE_TAG "tls-remote "
79-#define REMOTE_CERT_TLS_TAG "remote-cert-tls "
80-#define TUNMTU_TAG "tun-mtu "
81-
82-
83-static char *
84-unquote (const char *line, char **leftover)
85-{
86- char *tmp, *item, *unquoted = NULL, *p;
87- gboolean quoted = FALSE;
88-
89- if (leftover)
90- g_return_val_if_fail (*leftover == NULL, FALSE);
91-
92- tmp = g_strdup (line);
93- item = g_strstrip (tmp);
94- if (!strlen (item)) {
95- g_free (tmp);
96- return NULL;
97- }
98-
99- /* Simple unquote */
100- if ((item[0] == '"') || (item[0] == '\'')) {
101- quoted = TRUE;
102- item++;
103- }
104-
105- /* Unquote stuff using openvpn unquoting rules */
106- unquoted = g_malloc0 (strlen (item) + 1);
107- for (p = unquoted; *item; item++, p++) {
108- if (quoted && ((*item == '"') || (*item == '\'')))
109- break;
110- else if (!quoted && isspace (*item))
111- break;
112-
113- if (*item == '\\' && *(item+1) == '\\')
114- *p = *(++item);
115- else if (*item == '\\' && *(item+1) == '"')
116- *p = *(++item);
117- else if (*item == '\\' && *(item+1) == ' ')
118- *p = *(++item);
119- else
120- *p = *item;
121- }
122- if (leftover && *item)
123- *leftover = g_strdup (item + 1);
124-
125- g_free (tmp);
126- return unquoted;
127-}
128-
129-
130-static gboolean
131-handle_path_item (const char *line,
132- const char *tag,
133- const char *key,
134- NMSettingVPN *s_vpn,
135- const char *path,
136- char **leftover)
137-{
138- char *file, *full_path = NULL;
139-
140- if (strncmp (line, tag, strlen (tag)))
141- return FALSE;
142-
143- file = unquote (line + strlen (tag), leftover);
144- if (!file) {
145- if (leftover) {
146- g_free (*leftover);
147- leftover = NULL;
148- }
149- return FALSE;
150- }
151-
152- /* If file isn't an absolute file name, add the default path */
153- if (!g_path_is_absolute (file))
154- full_path = g_build_filename (path, file, NULL);
155-
156- nm_setting_vpn_add_data_item (s_vpn, key, full_path ? full_path : file);
157-
158- g_free (file);
159- g_free (full_path);
160- return TRUE;
161-}
162-
163-static char **
164-get_args (const char *line, int *nitems)
165-{
166- char **split, **sanitized, **tmp, **tmp2;
167-
168- split = g_strsplit_set (line, " \t", 0);
169- sanitized = g_malloc0 (sizeof (char *) * (g_strv_length (split) + 1));
170-
171- for (tmp = split, tmp2 = sanitized; *tmp; tmp++) {
172- if (strlen (*tmp))
173- *tmp2++ = g_strdup (*tmp);
174- }
175-
176- g_strfreev (split);
177- *nitems = g_strv_length (sanitized);
178-
179- return sanitized;
180-}
181-
182-static void
183-handle_direction (const char *tag, const char *key, char *leftover, NMSettingVPN *s_vpn)
184-{
185- glong direction;
186-
187- if (!leftover)
188- return;
189-
190- leftover = g_strstrip (leftover);
191- if (!strlen (leftover))
192- return;
193-
194- errno = 0;
195- direction = strtol (leftover, NULL, 10);
196- if (errno == 0) {
197- if (direction == 0)
198- nm_setting_vpn_add_data_item (s_vpn, key, "0");
199- else if (direction == 1)
200- nm_setting_vpn_add_data_item (s_vpn, key, "1");
201- } else
202- g_warning ("%s: unknown %s direction '%s'", __func__, tag, leftover);
203-}
204-
205-static char *
206-parse_port (const char *str, const char *line)
207-{
208- glong port;
209-
210- errno = 0;
211- port = strtol (str, NULL, 10);
212- if ((errno == 0) && (port > 0) && (port < 65536))
213- return g_strdup_printf ("%d", (gint) port);
214-
215- g_warning ("%s: invalid remote port in option '%s'", __func__, line);
216- return NULL;
217-}
218-
219-static gboolean
220-parse_http_proxy_auth (const char *path,
221- const char *file,
222- char **out_user,
223- char **out_pass)
224-{
225- char *contents = NULL, *abspath = NULL, *tmp;
226- GError *error = NULL;
227- char **lines, **iter;
228-
229- g_return_val_if_fail (out_user != NULL, FALSE);
230- g_return_val_if_fail (out_pass != NULL, FALSE);
231-
232- if (!file || !strcmp (file, "stdin") || !strcmp (file, "auto") || !strcmp (file, "'auto'"))
233- return TRUE;
234-
235- if (!g_path_is_absolute (file)) {
236- tmp = g_path_get_dirname (path);
237- abspath = g_build_path ("/", tmp, file, NULL);
238- g_free (tmp);
239- } else
240- abspath = g_strdup (file);
241-
242- /* Grab user/pass from authfile */
243- if (!g_file_get_contents (abspath, &contents, NULL, &error)) {
244- g_warning ("%s: unable to read HTTP proxy authfile '%s': (%d) %s",
245- __func__, abspath, error ? error->code : -1,
246- error && error->message ? error->message : "(unknown)");
247- g_clear_error (&error);
248- g_free (abspath);
249- return FALSE;
250- }
251-
252- lines = g_strsplit_set (contents, "\n\r", 0);
253- for (iter = lines; iter && *iter; iter++) {
254- if (!strlen (*iter))
255- continue;
256- if (!*out_user)
257- *out_user = g_strdup (g_strstrip (*iter));
258- else if (!*out_pass) {
259- *out_pass = g_strdup (g_strstrip (*iter));
260- break;
261- }
262- }
263- if (lines)
264- g_strfreev (lines);
265- g_free (contents);
266- g_free (abspath);
267-
268- return *out_user && *out_pass;
269-}
270-
271-NMConnection *
272-do_import (const char *path, char **lines, GError **error)
273-{
274- NMConnection *connection = NULL;
275- NMSettingConnection *s_con;
276- NMSettingVPN *s_vpn;
277- char *last_dot;
278- char **line;
279- gboolean have_client = FALSE, have_remote = FALSE;
280- gboolean have_pass = FALSE, have_sk = FALSE;
281- const char *ctype = NULL;
282- char *basename;
283- char *default_path, *tmp, *tmp2;
284- gboolean http_proxy = FALSE, socks_proxy = FALSE, proxy_set = FALSE;
285- int nitems;
286-
287- connection = nm_connection_new ();
288- s_con = NM_SETTING_CONNECTION (nm_setting_connection_new ());
289- nm_connection_add_setting (connection, NM_SETTING (s_con));
290-
291- s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
292-
293- g_object_set (s_vpn, NM_SETTING_VPN_SERVICE_TYPE, NM_DBUS_SERVICE_OPENVPN, NULL);
294-
295- /* Get the default path for ca, cert, key file, these files maybe
296- * in same path with the configuration file */
297- if (g_path_is_absolute (path))
298- default_path = g_path_get_dirname (path);
299- else {
300- tmp = g_get_current_dir ();
301- tmp2 = g_path_get_dirname (path);
302- default_path = g_build_filename (tmp, tmp2, NULL);
303- g_free (tmp);
304- g_free (tmp2);
305- }
306-
307- basename = g_path_get_basename (path);
308- last_dot = strrchr (basename, '.');
309- if (last_dot)
310- *last_dot = '\0';
311- g_object_set (s_con, NM_SETTING_CONNECTION_ID, basename, NULL);
312- g_free (basename);
313-
314- for (line = lines; *line; line++) {
315- char *comment, **items = NULL, *leftover = NULL;
316-
317- if ((comment = strchr (*line, '#')))
318- *comment = '\0';
319- if ((comment = strchr (*line, ';')))
320- *comment = '\0';
321- if (!strlen (*line))
322- continue;
323-
324- if ( !strncmp (*line, CLIENT_TAG, strlen (CLIENT_TAG))
325- || !strncmp (*line, TLS_CLIENT_TAG, strlen (TLS_CLIENT_TAG))) {
326- have_client = TRUE;
327- continue;
328- }
329-
330- if (!strncmp (*line, DEV_TAG, strlen (DEV_TAG))) {
331- items = get_args (*line + strlen (DEV_TAG), &nitems);
332- if (nitems == 1) {
333- if (g_str_has_prefix (items[0], "tun")) {
334- /* ignore; default is tun */
335- } else if (g_str_has_prefix (items[0], "tap"))
336- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TAP_DEV, "yes");
337- else
338- g_warning ("%s: unknown %s option '%s'", __func__, DEV_TAG, *line);
339- } else
340- g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
341-
342- g_strfreev (items);
343- continue;
344- }
345-
346- if (!strncmp (*line, PROTO_TAG, strlen (PROTO_TAG))) {
347- items = get_args (*line + strlen (PROTO_TAG), &nitems);
348- if (nitems == 1) {
349- /* Valid parameters are "udp", "tcp-client" and "tcp-server".
350- * 'tcp' isn't technically valid, but it used to be accepted so
351- * we'll handle it here anyway.
352- */
353- if (!strcmp (items[0], "udp")) {
354- /* ignore; udp is default */
355- } else if ( !strcmp (items[0], "tcp-client")
356- || !strcmp (items[0], "tcp-server")
357- || !strcmp (items[0], "tcp")) {
358- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_PROTO_TCP, "yes");
359- } else
360- g_warning ("%s: unknown %s option '%s'", __func__, PROTO_TAG, *line);
361- } else
362- g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
363-
364- g_strfreev (items);
365- continue;
366- }
367-
368- if (!strncmp (*line, MSSFIX_TAG, strlen (MSSFIX_TAG))) {
369- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_MSSFIX, "yes");
370- continue;
371- }
372-
373- if (!strncmp (*line, TUNMTU_TAG, strlen (TUNMTU_TAG))) {
374- items = get_args (*line + strlen (TUNMTU_TAG), &nitems);
375- if (nitems == 1) {
376- glong secs;
377-
378- errno = 0;
379- secs = strtol (items[0], NULL, 10);
380- if ((errno == 0) && (secs >= 0) && (secs < 0xffff)) {
381- tmp = g_strdup_printf ("%d", (guint32) secs);
382- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TUNNEL_MTU, tmp);
383- g_free (tmp);
384- } else
385- g_warning ("%s: invalid size in option '%s'", __func__, *line);
386- } else
387- g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
388-
389- g_strfreev (items);
390- continue;
391- }
392-
393- if (!strncmp (*line, FRAGMENT_TAG, strlen (FRAGMENT_TAG))) {
394- items = get_args (*line + strlen (FRAGMENT_TAG), &nitems);
395-
396- if (nitems == 1) {
397- glong secs;
398-
399- errno = 0;
400- secs = strtol (items[0], NULL, 10);
401- if ((errno == 0) && (secs >= 0) && (secs < 0xffff)) {
402- tmp = g_strdup_printf ("%d", (guint32) secs);
403- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_FRAGMENT_SIZE, tmp);
404- g_free (tmp);
405- } else
406- g_warning ("%s: invalid size in option '%s'", __func__, *line);
407- } else
408- g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
409-
410- g_strfreev (items);
411- continue;
412- }
413-
414- if (!strncmp (*line, COMP_TAG, strlen (COMP_TAG))) {
415- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_COMP_LZO, "yes");
416- continue;
417- }
418-
419- if (!strncmp (*line, RENEG_SEC_TAG, strlen (RENEG_SEC_TAG))) {
420- items = get_args (*line + strlen (RENEG_SEC_TAG), &nitems);
421-
422- if (nitems == 1) {
423- glong secs;
424-
425- errno = 0;
426- secs = strtol (items[0], NULL, 10);
427- if ((errno == 0) && (secs >= 0) && (secs <= 604800)) {
428- tmp = g_strdup_printf ("%d", (guint32) secs);
429- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS, tmp);
430- g_free (tmp);
431- } else
432- g_warning ("%s: invalid time length in option '%s'", __func__, *line);
433- }
434- g_strfreev (items);
435- continue;
436- }
437-
438- if ( !strncmp (*line, HTTP_PROXY_RETRY_TAG, strlen (HTTP_PROXY_RETRY_TAG))
439- || !strncmp (*line, SOCKS_PROXY_RETRY_TAG, strlen (SOCKS_PROXY_RETRY_TAG))) {
440- nm_setting_vpn_add_data_item (s_vpn,
441- g_strdup (NM_OPENVPN_KEY_PROXY_RETRY),
442- g_strdup ("yes"));
443- continue;
444- }
445-
446- http_proxy = g_str_has_prefix (*line, HTTP_PROXY_TAG);
447- socks_proxy = g_str_has_prefix (*line, SOCKS_PROXY_TAG);
448- if ((http_proxy || socks_proxy) && !proxy_set) {
449- gboolean success = FALSE;
450- const char *proxy_type = NULL;
451-
452- if (http_proxy) {
453- items = get_args (*line + strlen (HTTP_PROXY_TAG), &nitems);
454- proxy_type = "http";
455- } else if (socks_proxy) {
456- items = get_args (*line + strlen (SOCKS_PROXY_TAG), &nitems);
457- proxy_type = "socks";
458- }
459-
460- if (nitems >= 2) {
461- glong port;
462- char *s_port = NULL;
463- char *user = NULL, *pass = NULL;
464-
465- success = TRUE;
466- if (http_proxy && nitems >= 3)
467- success = parse_http_proxy_auth (path, items[2], &user, &pass);
468-
469- if (success) {
470- success = FALSE;
471- errno = 0;
472- port = strtol (items[1], NULL, 10);
473- if ((errno == 0) && (port > 0) && (port < 65536)) {
474- s_port = g_strdup_printf ("%d", (guint32) port);
475- success = TRUE;
476- }
477- }
478-
479- if (success && proxy_type) {
480- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_TYPE, proxy_type);
481-
482- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_SERVER, items[0]);
483- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_PORT, s_port);
484- if (user)
485- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_HTTP_PROXY_USERNAME, user);
486- if (pass) {
487- nm_setting_vpn_add_secret (s_vpn, NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD, pass);
488- nm_setting_set_secret_flags (NM_SETTING (s_vpn),
489- NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD,
490- NM_SETTING_SECRET_FLAG_AGENT_OWNED,
491- NULL);
492- }
493- proxy_set = TRUE;
494- }
495- g_free (s_port);
496- g_free (user);
497- g_free (pass);
498- }
499-
500- if (!success)
501- g_warning ("%s: invalid proxy option '%s'", __func__, *line);
502-
503- g_strfreev (items);
504- continue;
505- }
506-
507- if (!strncmp (*line, REMOTE_TAG, strlen (REMOTE_TAG))) {
508- items = get_args (*line + strlen (REMOTE_TAG), &nitems);
509- if (nitems >= 1 && nitems <= 3) {
510- const char *prev = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE);
511- char *new_remote = g_strdup_printf ("%s%s%s", prev ? prev : "", prev ? ", " : "", items[0]);
512- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE, new_remote);
513- g_free (new_remote);
514- have_remote = TRUE;
515-
516- if (nitems >= 2) {
517- tmp = parse_port (items[1], *line);
518- if (tmp) {
519- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_PORT, tmp);
520- g_free (tmp);
521-
522- if (nitems == 3) {
523- /* TODO */
524- }
525- }
526- }
527- } else
528- g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
529-
530- g_strfreev (items);
531- continue;
532- }
533-
534- if ( !strncmp (*line, PORT_TAG, strlen (PORT_TAG))
535- || !strncmp (*line, RPORT_TAG, strlen (RPORT_TAG))) {
536- /* Port specified in 'remote' always takes precedence */
537- if (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PORT))
538- continue;
539-
540- if (!strncmp (*line, PORT_TAG, strlen (PORT_TAG)))
541- items = get_args (*line + strlen (PORT_TAG), &nitems);
542- else if (!strncmp (*line, RPORT_TAG, strlen (RPORT_TAG)))
543- items = get_args (*line + strlen (RPORT_TAG), &nitems);
544- else
545- g_assert_not_reached ();
546-
547- if (nitems == 1) {
548- tmp = parse_port (items[0], *line);
549- if (tmp) {
550- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_PORT, tmp);
551- g_free (tmp);
552- }
553- } else
554- g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
555-
556- g_strfreev (items);
557- continue;
558- }
559-
560- if ( handle_path_item (*line, PKCS12_TAG, NM_OPENVPN_KEY_CA, s_vpn, default_path, NULL) &&
561- handle_path_item (*line, PKCS12_TAG, NM_OPENVPN_KEY_CERT, s_vpn, default_path, NULL) &&
562- handle_path_item (*line, PKCS12_TAG, NM_OPENVPN_KEY_KEY, s_vpn, default_path, NULL))
563- continue;
564-
565- if (handle_path_item (*line, CA_TAG, NM_OPENVPN_KEY_CA, s_vpn, default_path, NULL))
566- continue;
567-
568- if (handle_path_item (*line, CERT_TAG, NM_OPENVPN_KEY_CERT, s_vpn, default_path, NULL))
569- continue;
570-
571- if (handle_path_item (*line, KEY_TAG, NM_OPENVPN_KEY_KEY, s_vpn, default_path, NULL))
572- continue;
573-
574- if (handle_path_item (*line, SECRET_TAG, NM_OPENVPN_KEY_STATIC_KEY,
575- s_vpn, default_path, &leftover)) {
576- handle_direction ("secret",
577- NM_OPENVPN_KEY_STATIC_KEY_DIRECTION,
578- leftover,
579- s_vpn);
580- g_free (leftover);
581- have_sk = TRUE;
582- continue;
583- }
584-
585- if (handle_path_item (*line, TLS_AUTH_TAG, NM_OPENVPN_KEY_TA,
586- s_vpn, default_path, &leftover)) {
587- handle_direction ("tls-auth",
588- NM_OPENVPN_KEY_TA_DIR,
589- leftover,
590- s_vpn);
591- g_free (leftover);
592- continue;
593- }
594-
595- if (!strncmp (*line, CIPHER_TAG, strlen (CIPHER_TAG))) {
596- items = get_args (*line + strlen (CIPHER_TAG), &nitems);
597- if (nitems == 1)
598- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_CIPHER, items[0]);
599- else
600- g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
601-
602- g_strfreev (items);
603- continue;
604- }
605-
606- if (!strncmp (*line, TLS_REMOTE_TAG, strlen (TLS_REMOTE_TAG))) {
607- char *unquoted = unquote (*line + strlen (TLS_REMOTE_TAG), NULL);
608-
609- if (unquoted) {
610- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TLS_REMOTE, unquoted);
611- g_free (unquoted);
612- } else
613- g_warning ("%s: unknown %s option '%s'", __func__, TLS_REMOTE_TAG, *line);
614-
615- continue;
616- }
617-
618- if (!strncmp (*line, REMOTE_CERT_TLS_TAG, strlen (REMOTE_CERT_TLS_TAG))) {
619- items = get_args (*line + strlen (REMOTE_CERT_TLS_TAG), &nitems);
620- if (nitems == 1) {
621- if ( !strcmp (items[0], NM_OPENVPN_REM_CERT_TLS_CLIENT)
622- || !strcmp (items[0], NM_OPENVPN_REM_CERT_TLS_SERVER)) {
623- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_CERT_TLS, items[0]);
624- } else
625- g_warning ("%s: unknown %s option '%s'", __func__, REMOTE_CERT_TLS_TAG, *line);
626- }
627-
628- g_strfreev (items);
629- continue;
630- }
631-
632- if (!strncmp (*line, IFCONFIG_TAG, strlen (IFCONFIG_TAG))) {
633- items = get_args (*line + strlen (IFCONFIG_TAG), &nitems);
634- if (nitems == 2) {
635- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_LOCAL_IP, items[0]);
636- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_IP, items[1]);
637- } else
638- g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
639-
640- g_strfreev (items);
641- continue;
642- }
643-
644- if (!strncmp (*line, AUTH_USER_PASS_TAG, strlen (AUTH_USER_PASS_TAG))) {
645- have_pass = TRUE;
646- continue;
647- }
648-
649- if (!strncmp (*line, AUTH_TAG, strlen (AUTH_TAG))) {
650- items = get_args (*line + strlen (AUTH_TAG), &nitems);
651- if (nitems == 1)
652- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_AUTH, items[0]);
653- else
654- g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
655- g_strfreev (items);
656- continue;
657- }
658- }
659-
660- if (!have_client && !have_sk) {
661- g_set_error (error,
662- OPENVPN_PLUGIN_UI_ERROR,
663- OPENVPN_PLUGIN_UI_ERROR_FILE_NOT_OPENVPN,
664- "The file to import wasn't a valid OpenVPN client configuration.");
665- g_object_unref (connection);
666- connection = NULL;
667- } else if (!have_remote) {
668- g_set_error (error,
669- OPENVPN_PLUGIN_UI_ERROR,
670- OPENVPN_PLUGIN_UI_ERROR_FILE_NOT_OPENVPN,
671- "The file to import wasn't a valid OpenVPN configure (no remote).");
672- g_object_unref (connection);
673- connection = NULL;
674- } else {
675- gboolean have_certs = FALSE, have_ca = FALSE;
676-
677- if (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CA))
678- have_ca = TRUE;
679-
680- if ( have_ca
681- && nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CERT)
682- && nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY))
683- have_certs = TRUE;
684-
685- /* Determine connection type */
686- if (have_pass) {
687- if (have_certs)
688- ctype = NM_OPENVPN_CONTYPE_PASSWORD_TLS;
689- else if (have_ca)
690- ctype = NM_OPENVPN_CONTYPE_PASSWORD;
691- } else if (have_certs) {
692- ctype = NM_OPENVPN_CONTYPE_TLS;
693- } else if (have_sk)
694- ctype = NM_OPENVPN_CONTYPE_STATIC_KEY;
695-
696- if (!ctype)
697- ctype = NM_OPENVPN_CONTYPE_TLS;
698-
699- nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE, ctype);
700-
701- /* Default secret flags to be agent-owned */
702- if (have_pass) {
703- nm_setting_set_secret_flags (NM_SETTING (s_vpn),
704- NM_OPENVPN_KEY_PASSWORD,
705- NM_SETTING_SECRET_FLAG_AGENT_OWNED,
706- NULL);
707- }
708- if (have_certs) {
709- const char *key_path;
710-
711- key_path = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY);
712- if (key_path && is_encrypted (key_path)) {
713- /* If there should be a private key password, default it to
714- * being agent-owned.
715- */
716- nm_setting_set_secret_flags (NM_SETTING (s_vpn),
717- NM_OPENVPN_KEY_CERTPASS,
718- NM_SETTING_SECRET_FLAG_AGENT_OWNED,
719- NULL);
720- }
721- }
722- }
723-
724- g_free (default_path);
725-
726- if (connection)
727- nm_connection_add_setting (connection, NM_SETTING (s_vpn));
728- else if (s_vpn)
729- g_object_unref (s_vpn);
730-
731- return connection;
732-}
733-
734-gboolean
735-do_export (const char *path, NMConnection *connection, GError **error)
736-{
737- NMSettingConnection *s_con;
738- NMSettingVPN *s_vpn;
739- FILE *f;
740- const char *value;
741- const char *gateways = NULL;
742- char **gw_list, **gw_iter;
743- const char *cipher = NULL;
744- const char *cacert = NULL;
745- const char *connection_type = NULL;
746- const char *user_cert = NULL;
747- const char *private_key = NULL;
748- const char *static_key = NULL;
749- const char *static_key_direction = NULL;
750- const char *port = NULL;
751- const char *local_ip = NULL;
752- const char *remote_ip = NULL;
753- const char *tls_remote = NULL;
754- const char *remote_cert_tls = NULL;
755- const char *tls_auth = NULL;
756- const char *tls_auth_dir = NULL;
757- gboolean success = FALSE;
758- gboolean device_tun = TRUE;
759- gboolean proto_udp = TRUE;
760- gboolean use_lzo = FALSE;
761- gboolean reneg_exists = FALSE;
762- guint32 reneg = 0;
763- const char *proxy_type = NULL;
764- const char *proxy_server = NULL;
765- const char *proxy_port = NULL;
766- const char *proxy_retry = NULL;
767- const char *proxy_username = NULL;
768- const char *proxy_password = NULL;
769-
770- s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION));
771- g_assert (s_con);
772-
773- s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
774-
775- f = fopen (path, "w");
776- if (!f) {
777- g_set_error (error, 0, 0, "could not open file for writing");
778- return FALSE;
779- }
780-
781- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE);
782- if (value && strlen (value))
783- gateways = value;
784- else {
785- g_set_error (error, 0, 0, "connection was incomplete (missing gateway)");
786- goto done;
787- }
788-
789- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE);
790- if (value && strlen (value))
791- connection_type = value;
792-
793- if ( !strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS)
794- || !strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD)
795- || !strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
796- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CA);
797- if (value && strlen (value))
798- cacert = value;
799- }
800-
801- if ( !strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS)
802- || !strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
803- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CERT);
804- if (value && strlen (value))
805- user_cert = value;
806-
807- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY);
808- if (value && strlen (value))
809- private_key = value;
810- }
811-
812- if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_STATIC_KEY)) {
813- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY);
814- if (value && strlen (value))
815- static_key = value;
816-
817- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY_DIRECTION);
818- if (value && strlen (value))
819- static_key_direction = value;
820- }
821-
822- /* Export tls-remote value now*/
823- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TLS_REMOTE);
824- if (value && strlen (value))
825- tls_remote = value;
826-
827- /* Advanced values start */
828- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PORT);
829- if (value && strlen (value))
830- port = value;
831-
832- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS);
833- if (value && strlen (value)) {
834- reneg_exists = TRUE;
835- reneg = strtol (value, NULL, 10);
836- }
837-
838- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROTO_TCP);
839- if (value && !strcmp (value, "yes"))
840- proto_udp = FALSE;
841-
842- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TAP_DEV);
843- if (value && !strcmp (value, "yes"))
844- device_tun = FALSE;
845-
846- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_COMP_LZO);
847- if (value && !strcmp (value, "yes"))
848- use_lzo = TRUE;
849-
850- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CIPHER);
851- if (value && strlen (value))
852- cipher = value;
853-
854- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_LOCAL_IP);
855- if (value && strlen (value))
856- local_ip = value;
857-
858- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_IP);
859- if (value && strlen (value))
860- remote_ip = value;
861-
862- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA);
863- if (value && strlen (value))
864- tls_auth = value;
865-
866- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR);
867- if (value && strlen (value))
868- tls_auth_dir = value;
869-
870- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_CERT_TLS);
871- if (value && strlen (value))
872- remote_cert_tls = value;
873-
874- /* Advanced values end */
875-
876- fprintf (f, "client\n");
877-
878- gw_list = g_strsplit_set (gateways, " ,", 0);
879- for (gw_iter = gw_list; gw_iter && *gw_iter; gw_iter++) {
880- if (**gw_iter == '\0')
881- continue;
882- fprintf (f, "remote %s%s%s\n",
883- *gw_iter,
884- port ? " " : "",
885- port ? port : "");
886- }
887- g_strfreev (gw_list);
888-
889- /* Handle PKCS#12 (all certs are the same file) */
890- if ( cacert && user_cert && private_key
891- && !strcmp (cacert, user_cert) && !strcmp (cacert, private_key))
892- fprintf (f, "pkcs12 %s\n", cacert);
893- else {
894- if (cacert)
895- fprintf (f, "ca %s\n", cacert);
896- if (user_cert)
897- fprintf (f, "cert %s\n", user_cert);
898- if (private_key)
899- fprintf(f, "key %s\n", private_key);
900- }
901-
902- if ( !strcmp(connection_type, NM_OPENVPN_CONTYPE_PASSWORD)
903- || !strcmp(connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS))
904- fprintf (f, "auth-user-pass\n");
905-
906- if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_STATIC_KEY)) {
907- if (static_key) {
908- fprintf (f, "secret %s%s%s\n",
909- static_key,
910- static_key_direction ? " " : "",
911- static_key_direction ? static_key_direction : "");
912- } else
913- g_warning ("%s: invalid openvpn static key configuration (missing static key)", __func__);
914- }
915-
916- if (reneg_exists)
917- fprintf (f, "reneg-sec %d\n", reneg);
918-
919- if (cipher)
920- fprintf (f, "cipher %s\n", cipher);
921-
922- if (use_lzo)
923- fprintf (f, "comp-lzo yes\n");
924-
925- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_MSSFIX);
926- if (value && strlen (value)) {
927- if (!strcmp (value, "yes"))
928- fprintf (f, MSSFIX_TAG "\n");
929- }
930-
931- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TUNNEL_MTU);
932- if (value && strlen (value))
933- fprintf (f, TUNMTU_TAG " %d\n", (int) strtol (value, NULL, 10));
934-
935- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_FRAGMENT_SIZE);
936- if (value && strlen (value))
937- fprintf (f, FRAGMENT_TAG " %d\n", (int) strtol (value, NULL, 10));
938-
939- fprintf (f, "dev %s\n", device_tun ? "tun" : "tap");
940- fprintf (f, "proto %s\n", proto_udp ? "udp" : "tcp");
941-
942- if (local_ip && remote_ip)
943- fprintf (f, "ifconfig %s %s\n", local_ip, remote_ip);
944-
945- if ( !strcmp(connection_type, NM_OPENVPN_CONTYPE_TLS)
946- || !strcmp(connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
947- if (tls_remote)
948- fprintf (f,"tls-remote \"%s\"\n", tls_remote);
949-
950- if (remote_cert_tls)
951- fprintf (f,"remote-cert-tls %s\n", remote_cert_tls);
952-
953- if (tls_auth) {
954- fprintf (f, "tls-auth %s%s%s\n",
955- tls_auth,
956- tls_auth_dir ? " " : "",
957- tls_auth_dir ? tls_auth_dir : "");
958- }
959- }
960-
961- /* Proxy stuff */
962- proxy_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_TYPE);
963- if (proxy_type && strlen (proxy_type)) {
964- proxy_server = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_SERVER);
965- proxy_port = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_PORT);
966- proxy_retry = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_RETRY);
967- proxy_username = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_HTTP_PROXY_USERNAME);
968- proxy_password = nm_setting_vpn_get_secret (s_vpn, NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD);
969-
970- if (!strcmp (proxy_type, "http") && proxy_server && proxy_port) {
971- char *authfile, *authcontents, *base, *dirname;
972-
973- if (!proxy_port)
974- proxy_port = "8080";
975-
976- /* If there's a username, need to write an authfile */
977- base = g_path_get_basename (path);
978- dirname = g_path_get_dirname (path);
979- authfile = g_strdup_printf ("%s/%s-httpauthfile", dirname, base);
980- g_free (base);
981- g_free (dirname);
982-
983- fprintf (f, "http-proxy %s %s%s%s\n",
984- proxy_server,
985- proxy_port,
986- proxy_username ? " " : "",
987- proxy_username ? authfile : "");
988- if (proxy_retry && !strcmp (proxy_retry, "yes"))
989- fprintf (f, "http-proxy-retry\n");
990-
991- /* Write out the authfile */
992- if (proxy_username) {
993- authcontents = g_strdup_printf ("%s\n%s\n",
994- proxy_username,
995- proxy_password ? proxy_password : "");
996- g_file_set_contents (authfile, authcontents, -1, NULL);
997- g_free (authcontents);
998- }
999- g_free (authfile);
1000- } else if (!strcmp (proxy_type, "socks") && proxy_server && proxy_port) {
1001- if (!proxy_port)
1002- proxy_port = "1080";
1003- fprintf (f, "socks-proxy %s %s\n", proxy_server, proxy_port);
1004- if (proxy_retry && !strcmp (proxy_retry, "yes"))
1005- fprintf (f, "socks-proxy-retry\n");
1006- }
1007- }
1008-
1009- /* Add hard-coded stuff */
1010- fprintf (f,
1011- "nobind\n"
1012- "auth-nocache\n"
1013- "script-security 2\n"
1014- "persist-key\n"
1015- "persist-tun\n"
1016- "user openvpn\n"
1017- "group openvpn\n");
1018- success = TRUE;
1019-
1020-done:
1021- fclose (f);
1022- return success;
1023-}
1024-
1025
1026=== renamed file '.pc/applied-patches' => '.pc/applied-patches.THIS'
1027=== modified file 'properties/import-export.c'
1028--- properties/import-export.c 2013-02-21 15:09:10 +0000
1029+++ properties/import-export.c 2014-05-04 03:20:32 +0000
1030@@ -1007,8 +1007,8 @@
1031 "script-security 2\n"
1032 "persist-key\n"
1033 "persist-tun\n"
1034- "user nobody\n"
1035- "group nogroup\n");
1036+ "user openvpn\n"
1037+ "group openvpn\n");
1038 success = TRUE;
1039
1040 done:
1041
1042=== modified file 'properties/nm-openvpn.c'

Subscribers

People subscribed via source and target branches

to all changes: