Ubuntu
network-manager-openvpn package

Merge lp:~ubuntu-branches/ubuntu/utopic/network-manager-openvpn/utopic-201405040311 into lp:ubuntu/utopic/network-manager-openvpn

  1. Utopic (14.10)
  2. utopic-201405040311
  3. Merge into utopic
Proposed by Ubuntu Package Importer
Status: Needs review
Proposed branch: lp:~ubuntu-branches/ubuntu/utopic/network-manager-openvpn/utopic-201405040311
Merge into: lp:ubuntu/utopic/network-manager-openvpn
Diff against target: 1042 lines (+2/-1020) (has conflicts)
2 files modified
.pc/01-export-user-nobody.patch/properties/import-export.c (+0/-1018)
properties/import-export.c (+2/-2)
Contents conflict in .pc/applied-patches
To merge this branch: bzr merge lp:~ubuntu-branches/ubuntu/utopic/network-manager-openvpn/utopic-201405040311
Reviewer Review Type Date Requested Status
Ubuntu branches Pending
Review via email: mp+218208@code.launchpad.net

Description of the change

The package importer has detected a possible inconsistency between the package history in the archive and the history in bzr. As the archive is authoritative the importer has made lp:ubuntu/utopic/network-manager-openvpn reflect what is in the archive and the old bzr branch has been pushed to lp:~ubuntu-branches/ubuntu/utopic/network-manager-openvpn/utopic-201405040311. This merge proposal was created so that an Ubuntu developer can review the situations and perform a merge/upload if necessary. There are three typical cases where this can happen.
  1. Where someone pushes a change to bzr and someone else uploads the package without that change. This is the reason that this check is done by the importer. If this appears to be the case then a merge/upload should be done if the changes that were in bzr are still desirable.
  2. The importer incorrectly detected the above situation when someone made a change in bzr and then uploaded it.
  3. The importer incorrectly detected the above situation when someone just uploaded a package and didn't touch bzr.

If this case doesn't appear to be the first situation then set the status of the merge proposal to "Rejected" and help avoid the problem in future by filing a bug at https://bugs.launchpad.net/udd linking to this merge proposal.

(this is an automatically generated message)

To post a comment you must log in.

Unmerged revisions

22. By Stéphane Graber

releasing version 0.9.8.4-2ubuntu1

21. By Stéphane Graber

Merge from Debian unstable

20. By Stéphane Graber

Merging shared upstream rev into target branch.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== removed directory '.pc/01-export-user-nobody.patch'
=== removed directory '.pc/01-export-user-nobody.patch/properties'
=== removed file '.pc/01-export-user-nobody.patch/properties/import-export.c'
--- .pc/01-export-user-nobody.patch/properties/import-export.c 2013-02-21 15:09:10 +0000
+++ .pc/01-export-user-nobody.patch/properties/import-export.c 1970-01-01 00:00:00 +0000
@@ -1,1018 +0,0 @@
1/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
2/***************************************************************************
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License along
15 * with this program; if not, write to the Free Software Foundation, Inc.,
16 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
17 *
18 * Copyright (C) 2008 - 2013 Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
19 *
20 **************************************************************************/
21
22#ifdef HAVE_CONFIG_H
23#include <config.h>
24#endif
25
26#include <string.h>
27#include <sys/types.h>
28#include <stdlib.h>
29#include <sys/stat.h>
30#include <fcntl.h>
31#include <unistd.h>
32#include <errno.h>
33#include <ctype.h>
34#include <stdio.h>
35
36#include <glib/gi18n-lib.h>
37
38#include <nm-setting-vpn.h>
39#include <nm-setting-connection.h>
40#include <nm-setting-ip4-config.h>
41
42#include "import-export.h"
43#include "nm-openvpn.h"
44#include "../src/nm-openvpn-service.h"
45#include "../common/utils.h"
46
47#define AUTH_TAG "auth "
48#define AUTH_USER_PASS_TAG "auth-user-pass"
49#define CA_TAG "ca "
50#define CERT_TAG "cert "
51#define CIPHER_TAG "cipher "
52#define CLIENT_TAG "client"
53#define COMP_TAG "comp-lzo"
54#define DEV_TAG "dev "
55#define FRAGMENT_TAG "fragment "
56#define IFCONFIG_TAG "ifconfig "
57#define KEY_TAG "key "
58#define MSSFIX_TAG "mssfix"
59#define PKCS12_TAG "pkcs12 "
60#define PORT_TAG "port "
61#define PROTO_TAG "proto "
62#define HTTP_PROXY_TAG "http-proxy "
63#define HTTP_PROXY_RETRY_TAG "http-proxy-retry"
64#define SOCKS_PROXY_TAG "socks-proxy "
65#define SOCKS_PROXY_RETRY_TAG "socks-proxy-retry"
66#define REMOTE_TAG "remote "
67#define RENEG_SEC_TAG "reneg-sec "
68#define RPORT_TAG "rport "
69#define SECRET_TAG "secret "
70#define TLS_AUTH_TAG "tls-auth "
71#define TLS_CLIENT_TAG "tls-client"
72#define TLS_REMOTE_TAG "tls-remote "
73#define REMOTE_CERT_TLS_TAG "remote-cert-tls "
74#define TUNMTU_TAG "tun-mtu "
75
76
77static char *
78unquote (const char *line, char **leftover)
79{
80 char *tmp, *item, *unquoted = NULL, *p;
81 gboolean quoted = FALSE;
82
83 if (leftover)
84 g_return_val_if_fail (*leftover == NULL, FALSE);
85
86 tmp = g_strdup (line);
87 item = g_strstrip (tmp);
88 if (!strlen (item)) {
89 g_free (tmp);
90 return NULL;
91 }
92
93 /* Simple unquote */
94 if ((item[0] == '"') || (item[0] == '\'')) {
95 quoted = TRUE;
96 item++;
97 }
98
99 /* Unquote stuff using openvpn unquoting rules */
100 unquoted = g_malloc0 (strlen (item) + 1);
101 for (p = unquoted; *item; item++, p++) {
102 if (quoted && ((*item == '"') || (*item == '\'')))
103 break;
104 else if (!quoted && isspace (*item))
105 break;
106
107 if (*item == '\\' && *(item+1) == '\\')
108 *p = *(++item);
109 else if (*item == '\\' && *(item+1) == '"')
110 *p = *(++item);
111 else if (*item == '\\' && *(item+1) == ' ')
112 *p = *(++item);
113 else
114 *p = *item;
115 }
116 if (leftover && *item)
117 *leftover = g_strdup (item + 1);
118
119 g_free (tmp);
120 return unquoted;
121}
122
123
124static gboolean
125handle_path_item (const char *line,
126 const char *tag,
127 const char *key,
128 NMSettingVPN *s_vpn,
129 const char *path,
130 char **leftover)
131{
132 char *file, *full_path = NULL;
133
134 if (strncmp (line, tag, strlen (tag)))
135 return FALSE;
136
137 file = unquote (line + strlen (tag), leftover);
138 if (!file) {
139 if (leftover) {
140 g_free (*leftover);
141 leftover = NULL;
142 }
143 return FALSE;
144 }
145
146 /* If file isn't an absolute file name, add the default path */
147 if (!g_path_is_absolute (file))
148 full_path = g_build_filename (path, file, NULL);
149
150 nm_setting_vpn_add_data_item (s_vpn, key, full_path ? full_path : file);
151
152 g_free (file);
153 g_free (full_path);
154 return TRUE;
155}
156
157static char **
158get_args (const char *line, int *nitems)
159{
160 char **split, **sanitized, **tmp, **tmp2;
161
162 split = g_strsplit_set (line, " \t", 0);
163 sanitized = g_malloc0 (sizeof (char *) * (g_strv_length (split) + 1));
164
165 for (tmp = split, tmp2 = sanitized; *tmp; tmp++) {
166 if (strlen (*tmp))
167 *tmp2++ = g_strdup (*tmp);
168 }
169
170 g_strfreev (split);
171 *nitems = g_strv_length (sanitized);
172
173 return sanitized;
174}
175
176static void
177handle_direction (const char *tag, const char *key, char *leftover, NMSettingVPN *s_vpn)
178{
179 glong direction;
180
181 if (!leftover)
182 return;
183
184 leftover = g_strstrip (leftover);
185 if (!strlen (leftover))
186 return;
187
188 errno = 0;
189 direction = strtol (leftover, NULL, 10);
190 if (errno == 0) {
191 if (direction == 0)
192 nm_setting_vpn_add_data_item (s_vpn, key, "0");
193 else if (direction == 1)
194 nm_setting_vpn_add_data_item (s_vpn, key, "1");
195 } else
196 g_warning ("%s: unknown %s direction '%s'", __func__, tag, leftover);
197}
198
199static char *
200parse_port (const char *str, const char *line)
201{
202 glong port;
203
204 errno = 0;
205 port = strtol (str, NULL, 10);
206 if ((errno == 0) && (port > 0) && (port < 65536))
207 return g_strdup_printf ("%d", (gint) port);
208
209 g_warning ("%s: invalid remote port in option '%s'", __func__, line);
210 return NULL;
211}
212
213static gboolean
214parse_http_proxy_auth (const char *path,
215 const char *file,
216 char **out_user,
217 char **out_pass)
218{
219 char *contents = NULL, *abspath = NULL, *tmp;
220 GError *error = NULL;
221 char **lines, **iter;
222
223 g_return_val_if_fail (out_user != NULL, FALSE);
224 g_return_val_if_fail (out_pass != NULL, FALSE);
225
226 if (!file || !strcmp (file, "stdin") || !strcmp (file, "auto") || !strcmp (file, "'auto'"))
227 return TRUE;
228
229 if (!g_path_is_absolute (file)) {
230 tmp = g_path_get_dirname (path);
231 abspath = g_build_path ("/", tmp, file, NULL);
232 g_free (tmp);
233 } else
234 abspath = g_strdup (file);
235
236 /* Grab user/pass from authfile */
237 if (!g_file_get_contents (abspath, &contents, NULL, &error)) {
238 g_warning ("%s: unable to read HTTP proxy authfile '%s': (%d) %s",
239 __func__, abspath, error ? error->code : -1,
240 error && error->message ? error->message : "(unknown)");
241 g_clear_error (&error);
242 g_free (abspath);
243 return FALSE;
244 }
245
246 lines = g_strsplit_set (contents, "\n\r", 0);
247 for (iter = lines; iter && *iter; iter++) {
248 if (!strlen (*iter))
249 continue;
250 if (!*out_user)
251 *out_user = g_strdup (g_strstrip (*iter));
252 else if (!*out_pass) {
253 *out_pass = g_strdup (g_strstrip (*iter));
254 break;
255 }
256 }
257 if (lines)
258 g_strfreev (lines);
259 g_free (contents);
260 g_free (abspath);
261
262 return *out_user && *out_pass;
263}
264
265NMConnection *
266do_import (const char *path, char **lines, GError **error)
267{
268 NMConnection *connection = NULL;
269 NMSettingConnection *s_con;
270 NMSettingVPN *s_vpn;
271 char *last_dot;
272 char **line;
273 gboolean have_client = FALSE, have_remote = FALSE;
274 gboolean have_pass = FALSE, have_sk = FALSE;
275 const char *ctype = NULL;
276 char *basename;
277 char *default_path, *tmp, *tmp2;
278 gboolean http_proxy = FALSE, socks_proxy = FALSE, proxy_set = FALSE;
279 int nitems;
280
281 connection = nm_connection_new ();
282 s_con = NM_SETTING_CONNECTION (nm_setting_connection_new ());
283 nm_connection_add_setting (connection, NM_SETTING (s_con));
284
285 s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
286
287 g_object_set (s_vpn, NM_SETTING_VPN_SERVICE_TYPE, NM_DBUS_SERVICE_OPENVPN, NULL);
288
289 /* Get the default path for ca, cert, key file, these files maybe
290 * in same path with the configuration file */
291 if (g_path_is_absolute (path))
292 default_path = g_path_get_dirname (path);
293 else {
294 tmp = g_get_current_dir ();
295 tmp2 = g_path_get_dirname (path);
296 default_path = g_build_filename (tmp, tmp2, NULL);
297 g_free (tmp);
298 g_free (tmp2);
299 }
300
301 basename = g_path_get_basename (path);
302 last_dot = strrchr (basename, '.');
303 if (last_dot)
304 *last_dot = '\0';
305 g_object_set (s_con, NM_SETTING_CONNECTION_ID, basename, NULL);
306 g_free (basename);
307
308 for (line = lines; *line; line++) {
309 char *comment, **items = NULL, *leftover = NULL;
310
311 if ((comment = strchr (*line, '#')))
312 *comment = '\0';
313 if ((comment = strchr (*line, ';')))
314 *comment = '\0';
315 if (!strlen (*line))
316 continue;
317
318 if ( !strncmp (*line, CLIENT_TAG, strlen (CLIENT_TAG))
319 || !strncmp (*line, TLS_CLIENT_TAG, strlen (TLS_CLIENT_TAG))) {
320 have_client = TRUE;
321 continue;
322 }
323
324 if (!strncmp (*line, DEV_TAG, strlen (DEV_TAG))) {
325 items = get_args (*line + strlen (DEV_TAG), &nitems);
326 if (nitems == 1) {
327 if (g_str_has_prefix (items[0], "tun")) {
328 /* ignore; default is tun */
329 } else if (g_str_has_prefix (items[0], "tap"))
330 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TAP_DEV, "yes");
331 else
332 g_warning ("%s: unknown %s option '%s'", __func__, DEV_TAG, *line);
333 } else
334 g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
335
336 g_strfreev (items);
337 continue;
338 }
339
340 if (!strncmp (*line, PROTO_TAG, strlen (PROTO_TAG))) {
341 items = get_args (*line + strlen (PROTO_TAG), &nitems);
342 if (nitems == 1) {
343 /* Valid parameters are "udp", "tcp-client" and "tcp-server".
344 * 'tcp' isn't technically valid, but it used to be accepted so
345 * we'll handle it here anyway.
346 */
347 if (!strcmp (items[0], "udp")) {
348 /* ignore; udp is default */
349 } else if ( !strcmp (items[0], "tcp-client")
350 || !strcmp (items[0], "tcp-server")
351 || !strcmp (items[0], "tcp")) {
352 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_PROTO_TCP, "yes");
353 } else
354 g_warning ("%s: unknown %s option '%s'", __func__, PROTO_TAG, *line);
355 } else
356 g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
357
358 g_strfreev (items);
359 continue;
360 }
361
362 if (!strncmp (*line, MSSFIX_TAG, strlen (MSSFIX_TAG))) {
363 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_MSSFIX, "yes");
364 continue;
365 }
366
367 if (!strncmp (*line, TUNMTU_TAG, strlen (TUNMTU_TAG))) {
368 items = get_args (*line + strlen (TUNMTU_TAG), &nitems);
369 if (nitems == 1) {
370 glong secs;
371
372 errno = 0;
373 secs = strtol (items[0], NULL, 10);
374 if ((errno == 0) && (secs >= 0) && (secs < 0xffff)) {
375 tmp = g_strdup_printf ("%d", (guint32) secs);
376 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TUNNEL_MTU, tmp);
377 g_free (tmp);
378 } else
379 g_warning ("%s: invalid size in option '%s'", __func__, *line);
380 } else
381 g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
382
383 g_strfreev (items);
384 continue;
385 }
386
387 if (!strncmp (*line, FRAGMENT_TAG, strlen (FRAGMENT_TAG))) {
388 items = get_args (*line + strlen (FRAGMENT_TAG), &nitems);
389
390 if (nitems == 1) {
391 glong secs;
392
393 errno = 0;
394 secs = strtol (items[0], NULL, 10);
395 if ((errno == 0) && (secs >= 0) && (secs < 0xffff)) {
396 tmp = g_strdup_printf ("%d", (guint32) secs);
397 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_FRAGMENT_SIZE, tmp);
398 g_free (tmp);
399 } else
400 g_warning ("%s: invalid size in option '%s'", __func__, *line);
401 } else
402 g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
403
404 g_strfreev (items);
405 continue;
406 }
407
408 if (!strncmp (*line, COMP_TAG, strlen (COMP_TAG))) {
409 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_COMP_LZO, "yes");
410 continue;
411 }
412
413 if (!strncmp (*line, RENEG_SEC_TAG, strlen (RENEG_SEC_TAG))) {
414 items = get_args (*line + strlen (RENEG_SEC_TAG), &nitems);
415
416 if (nitems == 1) {
417 glong secs;
418
419 errno = 0;
420 secs = strtol (items[0], NULL, 10);
421 if ((errno == 0) && (secs >= 0) && (secs <= 604800)) {
422 tmp = g_strdup_printf ("%d", (guint32) secs);
423 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS, tmp);
424 g_free (tmp);
425 } else
426 g_warning ("%s: invalid time length in option '%s'", __func__, *line);
427 }
428 g_strfreev (items);
429 continue;
430 }
431
432 if ( !strncmp (*line, HTTP_PROXY_RETRY_TAG, strlen (HTTP_PROXY_RETRY_TAG))
433 || !strncmp (*line, SOCKS_PROXY_RETRY_TAG, strlen (SOCKS_PROXY_RETRY_TAG))) {
434 nm_setting_vpn_add_data_item (s_vpn,
435 g_strdup (NM_OPENVPN_KEY_PROXY_RETRY),
436 g_strdup ("yes"));
437 continue;
438 }
439
440 http_proxy = g_str_has_prefix (*line, HTTP_PROXY_TAG);
441 socks_proxy = g_str_has_prefix (*line, SOCKS_PROXY_TAG);
442 if ((http_proxy || socks_proxy) && !proxy_set) {
443 gboolean success = FALSE;
444 const char *proxy_type = NULL;
445
446 if (http_proxy) {
447 items = get_args (*line + strlen (HTTP_PROXY_TAG), &nitems);
448 proxy_type = "http";
449 } else if (socks_proxy) {
450 items = get_args (*line + strlen (SOCKS_PROXY_TAG), &nitems);
451 proxy_type = "socks";
452 }
453
454 if (nitems >= 2) {
455 glong port;
456 char *s_port = NULL;
457 char *user = NULL, *pass = NULL;
458
459 success = TRUE;
460 if (http_proxy && nitems >= 3)
461 success = parse_http_proxy_auth (path, items[2], &user, &pass);
462
463 if (success) {
464 success = FALSE;
465 errno = 0;
466 port = strtol (items[1], NULL, 10);
467 if ((errno == 0) && (port > 0) && (port < 65536)) {
468 s_port = g_strdup_printf ("%d", (guint32) port);
469 success = TRUE;
470 }
471 }
472
473 if (success && proxy_type) {
474 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_TYPE, proxy_type);
475
476 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_SERVER, items[0]);
477 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_PORT, s_port);
478 if (user)
479 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_HTTP_PROXY_USERNAME, user);
480 if (pass) {
481 nm_setting_vpn_add_secret (s_vpn, NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD, pass);
482 nm_setting_set_secret_flags (NM_SETTING (s_vpn),
483 NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD,
484 NM_SETTING_SECRET_FLAG_AGENT_OWNED,
485 NULL);
486 }
487 proxy_set = TRUE;
488 }
489 g_free (s_port);
490 g_free (user);
491 g_free (pass);
492 }
493
494 if (!success)
495 g_warning ("%s: invalid proxy option '%s'", __func__, *line);
496
497 g_strfreev (items);
498 continue;
499 }
500
501 if (!strncmp (*line, REMOTE_TAG, strlen (REMOTE_TAG))) {
502 items = get_args (*line + strlen (REMOTE_TAG), &nitems);
503 if (nitems >= 1 && nitems <= 3) {
504 const char *prev = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE);
505 char *new_remote = g_strdup_printf ("%s%s%s", prev ? prev : "", prev ? ", " : "", items[0]);
506 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE, new_remote);
507 g_free (new_remote);
508 have_remote = TRUE;
509
510 if (nitems >= 2) {
511 tmp = parse_port (items[1], *line);
512 if (tmp) {
513 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_PORT, tmp);
514 g_free (tmp);
515
516 if (nitems == 3) {
517 /* TODO */
518 }
519 }
520 }
521 } else
522 g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
523
524 g_strfreev (items);
525 continue;
526 }
527
528 if ( !strncmp (*line, PORT_TAG, strlen (PORT_TAG))
529 || !strncmp (*line, RPORT_TAG, strlen (RPORT_TAG))) {
530 /* Port specified in 'remote' always takes precedence */
531 if (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PORT))
532 continue;
533
534 if (!strncmp (*line, PORT_TAG, strlen (PORT_TAG)))
535 items = get_args (*line + strlen (PORT_TAG), &nitems);
536 else if (!strncmp (*line, RPORT_TAG, strlen (RPORT_TAG)))
537 items = get_args (*line + strlen (RPORT_TAG), &nitems);
538 else
539 g_assert_not_reached ();
540
541 if (nitems == 1) {
542 tmp = parse_port (items[0], *line);
543 if (tmp) {
544 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_PORT, tmp);
545 g_free (tmp);
546 }
547 } else
548 g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
549
550 g_strfreev (items);
551 continue;
552 }
553
554 if ( handle_path_item (*line, PKCS12_TAG, NM_OPENVPN_KEY_CA, s_vpn, default_path, NULL) &&
555 handle_path_item (*line, PKCS12_TAG, NM_OPENVPN_KEY_CERT, s_vpn, default_path, NULL) &&
556 handle_path_item (*line, PKCS12_TAG, NM_OPENVPN_KEY_KEY, s_vpn, default_path, NULL))
557 continue;
558
559 if (handle_path_item (*line, CA_TAG, NM_OPENVPN_KEY_CA, s_vpn, default_path, NULL))
560 continue;
561
562 if (handle_path_item (*line, CERT_TAG, NM_OPENVPN_KEY_CERT, s_vpn, default_path, NULL))
563 continue;
564
565 if (handle_path_item (*line, KEY_TAG, NM_OPENVPN_KEY_KEY, s_vpn, default_path, NULL))
566 continue;
567
568 if (handle_path_item (*line, SECRET_TAG, NM_OPENVPN_KEY_STATIC_KEY,
569 s_vpn, default_path, &leftover)) {
570 handle_direction ("secret",
571 NM_OPENVPN_KEY_STATIC_KEY_DIRECTION,
572 leftover,
573 s_vpn);
574 g_free (leftover);
575 have_sk = TRUE;
576 continue;
577 }
578
579 if (handle_path_item (*line, TLS_AUTH_TAG, NM_OPENVPN_KEY_TA,
580 s_vpn, default_path, &leftover)) {
581 handle_direction ("tls-auth",
582 NM_OPENVPN_KEY_TA_DIR,
583 leftover,
584 s_vpn);
585 g_free (leftover);
586 continue;
587 }
588
589 if (!strncmp (*line, CIPHER_TAG, strlen (CIPHER_TAG))) {
590 items = get_args (*line + strlen (CIPHER_TAG), &nitems);
591 if (nitems == 1)
592 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_CIPHER, items[0]);
593 else
594 g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
595
596 g_strfreev (items);
597 continue;
598 }
599
600 if (!strncmp (*line, TLS_REMOTE_TAG, strlen (TLS_REMOTE_TAG))) {
601 char *unquoted = unquote (*line + strlen (TLS_REMOTE_TAG), NULL);
602
603 if (unquoted) {
604 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TLS_REMOTE, unquoted);
605 g_free (unquoted);
606 } else
607 g_warning ("%s: unknown %s option '%s'", __func__, TLS_REMOTE_TAG, *line);
608
609 continue;
610 }
611
612 if (!strncmp (*line, REMOTE_CERT_TLS_TAG, strlen (REMOTE_CERT_TLS_TAG))) {
613 items = get_args (*line + strlen (REMOTE_CERT_TLS_TAG), &nitems);
614 if (nitems == 1) {
615 if ( !strcmp (items[0], NM_OPENVPN_REM_CERT_TLS_CLIENT)
616 || !strcmp (items[0], NM_OPENVPN_REM_CERT_TLS_SERVER)) {
617 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_CERT_TLS, items[0]);
618 } else
619 g_warning ("%s: unknown %s option '%s'", __func__, REMOTE_CERT_TLS_TAG, *line);
620 }
621
622 g_strfreev (items);
623 continue;
624 }
625
626 if (!strncmp (*line, IFCONFIG_TAG, strlen (IFCONFIG_TAG))) {
627 items = get_args (*line + strlen (IFCONFIG_TAG), &nitems);
628 if (nitems == 2) {
629 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_LOCAL_IP, items[0]);
630 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_IP, items[1]);
631 } else
632 g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
633
634 g_strfreev (items);
635 continue;
636 }
637
638 if (!strncmp (*line, AUTH_USER_PASS_TAG, strlen (AUTH_USER_PASS_TAG))) {
639 have_pass = TRUE;
640 continue;
641 }
642
643 if (!strncmp (*line, AUTH_TAG, strlen (AUTH_TAG))) {
644 items = get_args (*line + strlen (AUTH_TAG), &nitems);
645 if (nitems == 1)
646 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_AUTH, items[0]);
647 else
648 g_warning ("%s: invalid number of arguments in option '%s'", __func__, *line);
649 g_strfreev (items);
650 continue;
651 }
652 }
653
654 if (!have_client && !have_sk) {
655 g_set_error (error,
656 OPENVPN_PLUGIN_UI_ERROR,
657 OPENVPN_PLUGIN_UI_ERROR_FILE_NOT_OPENVPN,
658 "The file to import wasn't a valid OpenVPN client configuration.");
659 g_object_unref (connection);
660 connection = NULL;
661 } else if (!have_remote) {
662 g_set_error (error,
663 OPENVPN_PLUGIN_UI_ERROR,
664 OPENVPN_PLUGIN_UI_ERROR_FILE_NOT_OPENVPN,
665 "The file to import wasn't a valid OpenVPN configure (no remote).");
666 g_object_unref (connection);
667 connection = NULL;
668 } else {
669 gboolean have_certs = FALSE, have_ca = FALSE;
670
671 if (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CA))
672 have_ca = TRUE;
673
674 if ( have_ca
675 && nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CERT)
676 && nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY))
677 have_certs = TRUE;
678
679 /* Determine connection type */
680 if (have_pass) {
681 if (have_certs)
682 ctype = NM_OPENVPN_CONTYPE_PASSWORD_TLS;
683 else if (have_ca)
684 ctype = NM_OPENVPN_CONTYPE_PASSWORD;
685 } else if (have_certs) {
686 ctype = NM_OPENVPN_CONTYPE_TLS;
687 } else if (have_sk)
688 ctype = NM_OPENVPN_CONTYPE_STATIC_KEY;
689
690 if (!ctype)
691 ctype = NM_OPENVPN_CONTYPE_TLS;
692
693 nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE, ctype);
694
695 /* Default secret flags to be agent-owned */
696 if (have_pass) {
697 nm_setting_set_secret_flags (NM_SETTING (s_vpn),
698 NM_OPENVPN_KEY_PASSWORD,
699 NM_SETTING_SECRET_FLAG_AGENT_OWNED,
700 NULL);
701 }
702 if (have_certs) {
703 const char *key_path;
704
705 key_path = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY);
706 if (key_path && is_encrypted (key_path)) {
707 /* If there should be a private key password, default it to
708 * being agent-owned.
709 */
710 nm_setting_set_secret_flags (NM_SETTING (s_vpn),
711 NM_OPENVPN_KEY_CERTPASS,
712 NM_SETTING_SECRET_FLAG_AGENT_OWNED,
713 NULL);
714 }
715 }
716 }
717
718 g_free (default_path);
719
720 if (connection)
721 nm_connection_add_setting (connection, NM_SETTING (s_vpn));
722 else if (s_vpn)
723 g_object_unref (s_vpn);
724
725 return connection;
726}
727
728gboolean
729do_export (const char *path, NMConnection *connection, GError **error)
730{
731 NMSettingConnection *s_con;
732 NMSettingVPN *s_vpn;
733 FILE *f;
734 const char *value;
735 const char *gateways = NULL;
736 char **gw_list, **gw_iter;
737 const char *cipher = NULL;
738 const char *cacert = NULL;
739 const char *connection_type = NULL;
740 const char *user_cert = NULL;
741 const char *private_key = NULL;
742 const char *static_key = NULL;
743 const char *static_key_direction = NULL;
744 const char *port = NULL;
745 const char *local_ip = NULL;
746 const char *remote_ip = NULL;
747 const char *tls_remote = NULL;
748 const char *remote_cert_tls = NULL;
749 const char *tls_auth = NULL;
750 const char *tls_auth_dir = NULL;
751 gboolean success = FALSE;
752 gboolean device_tun = TRUE;
753 gboolean proto_udp = TRUE;
754 gboolean use_lzo = FALSE;
755 gboolean reneg_exists = FALSE;
756 guint32 reneg = 0;
757 const char *proxy_type = NULL;
758 const char *proxy_server = NULL;
759 const char *proxy_port = NULL;
760 const char *proxy_retry = NULL;
761 const char *proxy_username = NULL;
762 const char *proxy_password = NULL;
763
764 s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION));
765 g_assert (s_con);
766
767 s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
768
769 f = fopen (path, "w");
770 if (!f) {
771 g_set_error (error, 0, 0, "could not open file for writing");
772 return FALSE;
773 }
774
775 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE);
776 if (value && strlen (value))
777 gateways = value;
778 else {
779 g_set_error (error, 0, 0, "connection was incomplete (missing gateway)");
780 goto done;
781 }
782
783 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE);
784 if (value && strlen (value))
785 connection_type = value;
786
787 if ( !strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS)
788 || !strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD)
789 || !strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
790 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CA);
791 if (value && strlen (value))
792 cacert = value;
793 }
794
795 if ( !strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS)
796 || !strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
797 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CERT);
798 if (value && strlen (value))
799 user_cert = value;
800
801 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEY);
802 if (value && strlen (value))
803 private_key = value;
804 }
805
806 if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_STATIC_KEY)) {
807 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY);
808 if (value && strlen (value))
809 static_key = value;
810
811 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY_DIRECTION);
812 if (value && strlen (value))
813 static_key_direction = value;
814 }
815
816 /* Export tls-remote value now*/
817 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TLS_REMOTE);
818 if (value && strlen (value))
819 tls_remote = value;
820
821 /* Advanced values start */
822 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PORT);
823 if (value && strlen (value))
824 port = value;
825
826 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS);
827 if (value && strlen (value)) {
828 reneg_exists = TRUE;
829 reneg = strtol (value, NULL, 10);
830 }
831
832 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROTO_TCP);
833 if (value && !strcmp (value, "yes"))
834 proto_udp = FALSE;
835
836 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TAP_DEV);
837 if (value && !strcmp (value, "yes"))
838 device_tun = FALSE;
839
840 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_COMP_LZO);
841 if (value && !strcmp (value, "yes"))
842 use_lzo = TRUE;
843
844 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CIPHER);
845 if (value && strlen (value))
846 cipher = value;
847
848 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_LOCAL_IP);
849 if (value && strlen (value))
850 local_ip = value;
851
852 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_IP);
853 if (value && strlen (value))
854 remote_ip = value;
855
856 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA);
857 if (value && strlen (value))
858 tls_auth = value;
859
860 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR);
861 if (value && strlen (value))
862 tls_auth_dir = value;
863
864 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_CERT_TLS);
865 if (value && strlen (value))
866 remote_cert_tls = value;
867
868 /* Advanced values end */
869
870 fprintf (f, "client\n");
871
872 gw_list = g_strsplit_set (gateways, " ,", 0);
873 for (gw_iter = gw_list; gw_iter && *gw_iter; gw_iter++) {
874 if (**gw_iter == '\0')
875 continue;
876 fprintf (f, "remote %s%s%s\n",
877 *gw_iter,
878 port ? " " : "",
879 port ? port : "");
880 }
881 g_strfreev (gw_list);
882
883 /* Handle PKCS#12 (all certs are the same file) */
884 if ( cacert && user_cert && private_key
885 && !strcmp (cacert, user_cert) && !strcmp (cacert, private_key))
886 fprintf (f, "pkcs12 %s\n", cacert);
887 else {
888 if (cacert)
889 fprintf (f, "ca %s\n", cacert);
890 if (user_cert)
891 fprintf (f, "cert %s\n", user_cert);
892 if (private_key)
893 fprintf(f, "key %s\n", private_key);
894 }
895
896 if ( !strcmp(connection_type, NM_OPENVPN_CONTYPE_PASSWORD)
897 || !strcmp(connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS))
898 fprintf (f, "auth-user-pass\n");
899
900 if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_STATIC_KEY)) {
901 if (static_key) {
902 fprintf (f, "secret %s%s%s\n",
903 static_key,
904 static_key_direction ? " " : "",
905 static_key_direction ? static_key_direction : "");
906 } else
907 g_warning ("%s: invalid openvpn static key configuration (missing static key)", __func__);
908 }
909
910 if (reneg_exists)
911 fprintf (f, "reneg-sec %d\n", reneg);
912
913 if (cipher)
914 fprintf (f, "cipher %s\n", cipher);
915
916 if (use_lzo)
917 fprintf (f, "comp-lzo yes\n");
918
919 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_MSSFIX);
920 if (value && strlen (value)) {
921 if (!strcmp (value, "yes"))
922 fprintf (f, MSSFIX_TAG "\n");
923 }
924
925 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TUNNEL_MTU);
926 if (value && strlen (value))
927 fprintf (f, TUNMTU_TAG " %d\n", (int) strtol (value, NULL, 10));
928
929 value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_FRAGMENT_SIZE);
930 if (value && strlen (value))
931 fprintf (f, FRAGMENT_TAG " %d\n", (int) strtol (value, NULL, 10));
932
933 fprintf (f, "dev %s\n", device_tun ? "tun" : "tap");
934 fprintf (f, "proto %s\n", proto_udp ? "udp" : "tcp");
935
936 if (local_ip && remote_ip)
937 fprintf (f, "ifconfig %s %s\n", local_ip, remote_ip);
938
939 if ( !strcmp(connection_type, NM_OPENVPN_CONTYPE_TLS)
940 || !strcmp(connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) {
941 if (tls_remote)
942 fprintf (f,"tls-remote \"%s\"\n", tls_remote);
943
944 if (remote_cert_tls)
945 fprintf (f,"remote-cert-tls %s\n", remote_cert_tls);
946
947 if (tls_auth) {
948 fprintf (f, "tls-auth %s%s%s\n",
949 tls_auth,
950 tls_auth_dir ? " " : "",
951 tls_auth_dir ? tls_auth_dir : "");
952 }
953 }
954
955 /* Proxy stuff */
956 proxy_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_TYPE);
957 if (proxy_type && strlen (proxy_type)) {
958 proxy_server = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_SERVER);
959 proxy_port = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_PORT);
960 proxy_retry = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_RETRY);
961 proxy_username = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_HTTP_PROXY_USERNAME);
962 proxy_password = nm_setting_vpn_get_secret (s_vpn, NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD);
963
964 if (!strcmp (proxy_type, "http") && proxy_server && proxy_port) {
965 char *authfile, *authcontents, *base, *dirname;
966
967 if (!proxy_port)
968 proxy_port = "8080";
969
970 /* If there's a username, need to write an authfile */
971 base = g_path_get_basename (path);
972 dirname = g_path_get_dirname (path);
973 authfile = g_strdup_printf ("%s/%s-httpauthfile", dirname, base);
974 g_free (base);
975 g_free (dirname);
976
977 fprintf (f, "http-proxy %s %s%s%s\n",
978 proxy_server,
979 proxy_port,
980 proxy_username ? " " : "",
981 proxy_username ? authfile : "");
982 if (proxy_retry && !strcmp (proxy_retry, "yes"))
983 fprintf (f, "http-proxy-retry\n");
984
985 /* Write out the authfile */
986 if (proxy_username) {
987 authcontents = g_strdup_printf ("%s\n%s\n",
988 proxy_username,
989 proxy_password ? proxy_password : "");
990 g_file_set_contents (authfile, authcontents, -1, NULL);
991 g_free (authcontents);
992 }
993 g_free (authfile);
994 } else if (!strcmp (proxy_type, "socks") && proxy_server && proxy_port) {
995 if (!proxy_port)
996 proxy_port = "1080";
997 fprintf (f, "socks-proxy %s %s\n", proxy_server, proxy_port);
998 if (proxy_retry && !strcmp (proxy_retry, "yes"))
999 fprintf (f, "socks-proxy-retry\n");
1000 }
1001 }
1002
1003 /* Add hard-coded stuff */
1004 fprintf (f,
1005 "nobind\n"
1006 "auth-nocache\n"
1007 "script-security 2\n"
1008 "persist-key\n"
1009 "persist-tun\n"
1010 "user openvpn\n"
1011 "group openvpn\n");
1012 success = TRUE;
1013
1014done:
1015 fclose (f);
1016 return success;
1017}
1018
10190
=== renamed file '.pc/applied-patches' => '.pc/applied-patches.THIS'
=== modified file 'properties/import-export.c'
--- properties/import-export.c 2013-02-21 15:09:10 +0000
+++ properties/import-export.c 2014-05-04 03:20:32 +0000
@@ -1007,8 +1007,8 @@
1007 "script-security 2\n"1007 "script-security 2\n"
1008 "persist-key\n"1008 "persist-key\n"
1009 "persist-tun\n"1009 "persist-tun\n"
1010 "user nobody\n"1010 "user openvpn\n"
1011 "group nogroup\n");1011 "group openvpn\n");
1012 success = TRUE;1012 success = TRUE;
10131013
1014done:1014done:
10151015
=== modified file 'properties/nm-openvpn.c'

Subscribers

People subscribed via source and target branches

to all changes: