Commit c0f75491 authored by Michael Biebl's avatar Michael Biebl

Imported Upstream version 1.0.6

parent 06e5120c
=======================================================
network-manager-openvpn-1.0.6
Overview of changes since network-manager-openvpn-1.0.2
=======================================================
* Enhanced the GUI to support agent-owned and always-ask passwords
* Updated Polish, Czech and Hungarian translations
* Support running unprivileged
=======================================================
network-manager-openvpn-1.0.2
Overview of changes since network-manager-openvpn-1.0.0
......@@ -9,6 +19,7 @@ Overview of changes since network-manager-openvpn-1.0.0
* Build fixes
* Updated translations
=======================================================
network-manager-openvpn-1.0
Overview of changes since network-manager-openvpn-0.9.10
......
This diff is collapsed.
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for NetworkManager-openvpn 1.0.2.
# Generated by GNU Autoconf 2.69 for NetworkManager-openvpn 1.0.6.
#
# Report bugs to <dcbw@redhat.com>.
#
......@@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='NetworkManager-openvpn'
PACKAGE_TARNAME='NetworkManager-openvpn'
PACKAGE_VERSION='1.0.2'
PACKAGE_STRING='NetworkManager-openvpn 1.0.2'
PACKAGE_VERSION='1.0.6'
PACKAGE_STRING='NetworkManager-openvpn 1.0.6'
PACKAGE_BUGREPORT='dcbw@redhat.com'
PACKAGE_URL=''
......@@ -1402,7 +1402,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures NetworkManager-openvpn 1.0.2 to adapt to many kinds of systems.
\`configure' configures NetworkManager-openvpn 1.0.6 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
......@@ -1473,7 +1473,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of NetworkManager-openvpn 1.0.2:";;
short | recursive ) echo "Configuration of NetworkManager-openvpn 1.0.6:";;
esac
cat <<\_ACEOF
......@@ -1609,7 +1609,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
NetworkManager-openvpn configure 1.0.2
NetworkManager-openvpn configure 1.0.6
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
......@@ -2032,7 +2032,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by NetworkManager-openvpn $as_me 1.0.2, which was
It was created by NetworkManager-openvpn $as_me 1.0.6, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
......@@ -2895,7 +2895,7 @@ fi
# Define the identity of the package.
PACKAGE='NetworkManager-openvpn'
VERSION='1.0.2'
VERSION='1.0.6'
cat >>confdefs.h <<_ACEOF
......@@ -13884,12 +13884,12 @@ if test -n "$NMGTK_CFLAGS"; then
pkg_cv_NMGTK_CFLAGS="$NMGTK_CFLAGS"
elif test -n "$PKG_CONFIG"; then
if test -n "$PKG_CONFIG" && \
{ { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnm-gtk >= 0.9.10\""; } >&5
($PKG_CONFIG --exists --print-errors "libnm-gtk >= 0.9.10") 2>&5
{ { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnm-gtk >= 1.0.5\""; } >&5
($PKG_CONFIG --exists --print-errors "libnm-gtk >= 1.0.5") 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
pkg_cv_NMGTK_CFLAGS=`$PKG_CONFIG --cflags "libnm-gtk >= 0.9.10" 2>/dev/null`
pkg_cv_NMGTK_CFLAGS=`$PKG_CONFIG --cflags "libnm-gtk >= 1.0.5" 2>/dev/null`
test "x$?" != "x0" && pkg_failed=yes
else
pkg_failed=yes
......@@ -13901,12 +13901,12 @@ if test -n "$NMGTK_LIBS"; then
pkg_cv_NMGTK_LIBS="$NMGTK_LIBS"
elif test -n "$PKG_CONFIG"; then
if test -n "$PKG_CONFIG" && \
{ { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnm-gtk >= 0.9.10\""; } >&5
($PKG_CONFIG --exists --print-errors "libnm-gtk >= 0.9.10") 2>&5
{ { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnm-gtk >= 1.0.5\""; } >&5
($PKG_CONFIG --exists --print-errors "libnm-gtk >= 1.0.5") 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
pkg_cv_NMGTK_LIBS=`$PKG_CONFIG --libs "libnm-gtk >= 0.9.10" 2>/dev/null`
pkg_cv_NMGTK_LIBS=`$PKG_CONFIG --libs "libnm-gtk >= 1.0.5" 2>/dev/null`
test "x$?" != "x0" && pkg_failed=yes
else
pkg_failed=yes
......@@ -13927,14 +13927,14 @@ else
_pkg_short_errors_supported=no
fi
if test $_pkg_short_errors_supported = yes; then
NMGTK_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libnm-gtk >= 0.9.10" 2>&1`
NMGTK_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libnm-gtk >= 1.0.5" 2>&1`
else
NMGTK_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libnm-gtk >= 0.9.10" 2>&1`
NMGTK_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libnm-gtk >= 1.0.5" 2>&1`
fi
# Put the nasty error message in config.log where it belongs
echo "$NMGTK_PKG_ERRORS" >&5
as_fn_error $? "Package requirements (libnm-gtk >= 0.9.10) were not met:
as_fn_error $? "Package requirements (libnm-gtk >= 1.0.5) were not met:
$NMGTK_PKG_ERRORS
......@@ -14715,7 +14715,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by NetworkManager-openvpn $as_me 1.0.2, which was
This file was extended by NetworkManager-openvpn $as_me 1.0.6, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
......@@ -14781,7 +14781,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
NetworkManager-openvpn config.status 1.0.2
NetworkManager-openvpn config.status 1.0.6
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
......
AC_PREREQ(2.52)
AC_INIT(NetworkManager-openvpn, 1.0.2, dcbw@redhat.com, NetworkManager-openvpn)
AC_INIT(NetworkManager-openvpn, 1.0.6, dcbw@redhat.com, NetworkManager-openvpn)
AM_INIT_AUTOMAKE([1.9 subdir-objects tar-ustar no-dist-gzip dist-bzip2])
AM_MAINTAINER_MODE
......@@ -82,7 +82,7 @@ if test x"$with_gnome" != xno; then
AC_SUBST(GTK_LIBS)
GTK_CFLAGS="$GTK_CFLAGS -DGDK_VERSION_MIN_REQUIRED=GDK_VERSION_3_4"
PKG_CHECK_MODULES(NMGTK, libnm-gtk >= 0.9.10)
PKG_CHECK_MODULES(NMGTK, libnm-gtk >= 1.0.5)
AC_SUBST(NMGTK_CFLAGS)
AC_SUBST(NMGTK_LIBS)
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
......@@ -18,6 +18,7 @@ libnm_openvpn_properties_la_CFLAGS = \
$(GLIB_CFLAGS) \
$(GTK_CFLAGS) \
$(NM_CFLAGS) \
$(NMGTK_CFLAGS) \
$(DISABLE_DEPRECATED) \
-I$(top_srcdir)/ \
-DICONDIR=\""$(datadir)/pixmaps"\" \
......@@ -30,6 +31,7 @@ libnm_openvpn_properties_la_CFLAGS = \
libnm_openvpn_properties_la_LIBADD = \
$(GTK_LIBS) \
$(NM_LIBS) \
$(NMGTK_LIBS) \
$(top_builddir)/common/libnm-openvpn-common.la
libnm_openvpn_properties_la_LDFLAGS = \
......
......@@ -134,7 +134,7 @@ am__installdirs = "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(uidir)"
LTLIBRARIES = $(plugin_LTLIBRARIES)
am__DEPENDENCIES_1 =
libnm_openvpn_properties_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(top_builddir)/common/libnm-openvpn-common.la
am_libnm_openvpn_properties_la_OBJECTS = \
libnm_openvpn_properties_la-nm-openvpn.lo \
......@@ -433,6 +433,7 @@ libnm_openvpn_properties_la_CFLAGS = \
$(GLIB_CFLAGS) \
$(GTK_CFLAGS) \
$(NM_CFLAGS) \
$(NMGTK_CFLAGS) \
$(DISABLE_DEPRECATED) \
-I$(top_srcdir)/ \
-DICONDIR=\""$(datadir)/pixmaps"\" \
......@@ -445,6 +446,7 @@ libnm_openvpn_properties_la_CFLAGS = \
libnm_openvpn_properties_la_LIBADD = \
$(GTK_LIBS) \
$(NM_LIBS) \
$(NMGTK_LIBS) \
$(top_builddir)/common/libnm-openvpn-common.la
libnm_openvpn_properties_la_LDFLAGS = \
......
......@@ -37,16 +37,13 @@
#include <nm-setting-connection.h>
#include <nm-setting-8021x.h>
#include <nm-utils.h>
#include <nm-ui-utils.h>
#include "auth-helpers.h"
#include "nm-openvpn.h"
#include "src/nm-openvpn-service.h"
#include "common/utils.h"
#define PW_TYPE_SAVE 0
#define PW_TYPE_ASK 1
#define PW_TYPE_UNUSED 2
#define BLOCK_HANDLER_ID "block-handler-id"
static void
......@@ -61,7 +58,6 @@ setup_secret_widget (GtkBuilder *builder,
NMSettingVPN *s_vpn,
const char *secret_key)
{
NMSettingSecretFlags pw_flags = NM_SETTING_SECRET_FLAG_NONE;
GtkWidget *widget;
GtkWidget *show_passwords;
const char *tmp;
......@@ -76,9 +72,6 @@ setup_secret_widget (GtkBuilder *builder,
tmp = nm_setting_vpn_get_secret (s_vpn, secret_key);
if (tmp)
gtk_entry_set_text (GTK_ENTRY (widget), tmp);
nm_setting_get_secret_flags (NM_SETTING (s_vpn), secret_key, &pw_flags, NULL);
g_object_set_data (G_OBJECT (widget), "flags", GUINT_TO_POINTER (pw_flags));
}
return widget;
......@@ -233,87 +226,9 @@ tls_setup (GtkBuilder *builder,
g_free (tmp);
gtk_size_group_add_widget (group, widget);
g_signal_connect (widget, "changed", G_CALLBACK (changed_cb), user_data);
}
static void
pw_type_combo_changed_cb (GtkWidget *combo, gpointer user_data)
{
GtkWidget *entry = user_data;
/* If the user chose "Not required", desensitize and clear the correct
* password entry.
*/
switch (gtk_combo_box_get_active (GTK_COMBO_BOX (combo))) {
case PW_TYPE_ASK:
case PW_TYPE_UNUSED:
gtk_entry_set_text (GTK_ENTRY (entry), "");
gtk_widget_set_sensitive (entry, FALSE);
break;
default:
gtk_widget_set_sensitive (entry, TRUE);
break;
}
}
static void
init_one_pw_combo (GtkBuilder *builder,
NMSettingVPN *s_vpn,
const char *prefix,
const char *secret_key,
GtkWidget *entry_widget,
ChangedCallback changed_cb,
gpointer user_data)
{
int active = -1;
GtkWidget *widget;
GtkListStore *store;
GtkTreeIter iter;
const char *value = NULL;
char *tmp;
guint32 default_idx = 1;
NMSettingSecretFlags pw_flags = NM_SETTING_SECRET_FLAG_NONE;
/* If there's already a password and the password type can't be found in
* the VPN settings, default to saving it. Otherwise, always ask for it.
*/
value = gtk_entry_get_text (GTK_ENTRY (entry_widget));
if (value && strlen (value))
default_idx = 0;
store = gtk_list_store_new (1, G_TYPE_STRING);
if (s_vpn)
nm_setting_get_secret_flags (NM_SETTING (s_vpn), secret_key, &pw_flags, NULL);
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Saved"), -1);
if ( (active < 0)
&& !(pw_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED)
&& !(pw_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)) {
active = PW_TYPE_SAVE;
}
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Always Ask"), -1);
if ((active < 0) && (pw_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED))
active = PW_TYPE_ASK;
gtk_list_store_append (store, &iter);
gtk_list_store_set (store, &iter, 0, _("Not Required"), -1);
if ((active < 0) && (pw_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED))
active = PW_TYPE_UNUSED;
tmp = g_strdup_printf ("%s_pass_type_combo", prefix);
widget = GTK_WIDGET (gtk_builder_get_object (builder, tmp));
g_assert (widget);
g_free (tmp);
gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store));
g_object_unref (store);
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active < 0 ? default_idx : active);
pw_type_combo_changed_cb (widget, entry_widget);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (pw_type_combo_changed_cb), entry_widget);
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (changed_cb), user_data);
nma_utils_setup_password_storage (widget, 0, (NMSetting *) s_vpn, NM_OPENVPN_KEY_CERTPASS,
TRUE, FALSE);
}
static void
......@@ -347,7 +262,8 @@ pw_setup (GtkBuilder *builder,
gtk_size_group_add_widget (group, widget);
g_signal_connect (widget, "changed", G_CALLBACK (changed_cb), user_data);
init_one_pw_combo (builder, s_vpn, prefix, NM_OPENVPN_KEY_PASSWORD, widget, changed_cb, user_data);
nma_utils_setup_password_storage (widget, 0, (NMSetting *) s_vpn, NM_OPENVPN_KEY_PASSWORD,
TRUE, FALSE);
}
void
......@@ -696,7 +612,7 @@ update_tls (GtkBuilder *builder, const char *prefix, NMSettingVPN *s_vpn)
if (str && strlen (str))
nm_setting_vpn_add_secret (s_vpn, NM_OPENVPN_KEY_CERTPASS, str);
pw_flags = GPOINTER_TO_UINT (g_object_get_data (G_OBJECT (widget), "flags"));
pw_flags = nma_utils_menu_to_secret_flags (widget);
nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENVPN_KEY_CERTPASS, pw_flags, NULL);
}
......@@ -731,25 +647,7 @@ update_pw (GtkBuilder *builder, const char *prefix, NMSettingVPN *s_vpn)
nm_setting_vpn_add_secret (s_vpn, NM_OPENVPN_KEY_PASSWORD, str);
/* Update password flags */
pw_flags = GPOINTER_TO_UINT (g_object_get_data (G_OBJECT (widget), "flags"));
pw_flags &= ~(NM_SETTING_SECRET_FLAG_NOT_SAVED | NM_SETTING_SECRET_FLAG_NOT_REQUIRED);
tmp = g_strdup_printf ("%s_pass_type_combo", prefix);
widget = GTK_WIDGET (gtk_builder_get_object (builder, tmp));
g_free (tmp);
switch (gtk_combo_box_get_active (GTK_COMBO_BOX (widget))) {
case PW_TYPE_SAVE:
break;
case PW_TYPE_UNUSED:
pw_flags |= NM_SETTING_SECRET_FLAG_NOT_REQUIRED;
break;
case PW_TYPE_ASK:
default:
pw_flags |= NM_SETTING_SECRET_FLAG_NOT_SAVED;
break;
}
pw_flags = nma_utils_menu_to_secret_flags (widget);
nm_setting_set_secret_flags (NM_SETTING (s_vpn), NM_OPENVPN_KEY_PASSWORD, pw_flags, NULL);
}
......@@ -1024,7 +922,7 @@ advanced_dialog_new_hash_from_connection (NMConnection *connection,
{
GHashTable *hash;
NMSettingVPN *s_vpn;
const char *secret;
const char *secret, *flags;
hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free);
......@@ -1038,6 +936,11 @@ advanced_dialog_new_hash_from_connection (NMConnection *connection,
g_strdup (NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD),
g_strdup (secret));
}
flags = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD"-flags");
if (flags)
g_hash_table_insert (hash,
g_strdup (NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD"-flags"),
g_strdup (flags));
return hash;
}
......@@ -1455,6 +1358,7 @@ advanced_dialog_new (GHashTable *hash, const char *contype)
GtkListStore *store;
GtkTreeIter iter;
guint32 active = PROXY_TYPE_NONE;
guint32 pw_flags = NM_SETTING_SECRET_FLAG_NONE;
GError *error = NULL;
g_return_val_if_fail (hash != NULL, NULL);
......@@ -1558,10 +1462,12 @@ advanced_dialog_new (GHashTable *hash, const char *contype)
tmp = strtol (value, NULL, 10);
if (errno != 0 || tmp < 0 || tmp > 65535)
tmp = 0;
widget = GTK_WIDGET (gtk_builder_get_object (builder, "proxy_password_entry"));
g_object_set_data (G_OBJECT (widget), "flags", GUINT_TO_POINTER ((guint32) tmp));
pw_flags = (guint32) tmp;
}
}
widget = GTK_WIDGET (gtk_builder_get_object (builder, "proxy_password_entry"));
nma_utils_setup_password_storage (widget, pw_flags, NULL, NULL,
TRUE, FALSE);
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_PROXY_TYPE);
if (value) {
......@@ -1926,7 +1832,7 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
g_strdup (value));
}
pw_flags = GPOINTER_TO_UINT (g_object_get_data (G_OBJECT (widget), "flags"));
pw_flags = nma_utils_menu_to_secret_flags (widget);
if (pw_flags != NM_SETTING_SECRET_FLAG_NONE) {
g_hash_table_insert (hash,
g_strdup (NM_OPENVPN_KEY_HTTP_PROXY_PASSWORD"-flags"),
......
......@@ -403,7 +403,7 @@ config: auth-user-pass</property>
<packing>
<property name="left_attach">1</property>
<property name="top_attach">1</property>
<property name="width">1</property>
<property name="width">2</property>
<property name="height">1</property>
</packing>
</child>
......@@ -494,25 +494,6 @@ config: auth-user-pass</property>
<property name="height">1</property>
</packing>
</child>
<child>
<object class="GtkComboBox" id="pw_pass_type_combo">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="model">liststore1</property>
<child>
<object class="GtkCellRendererText" id="renderer7"/>
<attributes>
<attribute name="text">0</attribute>
</attributes>
</child>
</object>
<packing>
<property name="left_attach">2</property>
<property name="top_attach">1</property>
<property name="width">1</property>
<property name="height">1</property>
</packing>
</child>
</object>
<packing>
<property name="position">1</property>
......@@ -642,7 +623,7 @@ config: auth-user-pass</property>
<packing>
<property name="left_attach">1</property>
<property name="top_attach">1</property>
<property name="width">1</property>
<property name="width">2</property>
<property name="height">1</property>
</packing>
</child>
......@@ -755,25 +736,6 @@ config: auth-user-pass</property>
<property name="height">1</property>
</packing>
</child>
<child>
<object class="GtkComboBox" id="pw_tls_pass_type_combo">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="model">liststore2</property>
<child>
<object class="GtkCellRendererText" id="renderer8"/>
<attributes>
<attribute name="text">0</attribute>
</attributes>
</child>
</object>
<packing>
<property name="left_attach">2</property>
<property name="top_attach">1</property>
<property name="width">1</property>
<property name="height">1</property>
</packing>
</child>
</object>
<packing>
<property name="position">2</property>
......
......@@ -10,12 +10,14 @@ test_import_export_SOURCES = \
test_import_export_CPPFLAGS = \
$(GLIB_CFLAGS) \
$(GTK_CFLAGS) \
$(NM_CFLAGS)
$(NM_CFLAGS) \
$(NMGTK_CFLAGS)
test_import_export_LDADD = \
$(GTHREAD_LIBS) \
$(GTK_LIBS) \
$(NM_LIBS) \
$(NMGTK_LIBS) \
$(top_builddir)/properties/libnm-openvpn-properties.la
if WITH_TESTS
......
......@@ -109,7 +109,7 @@ am_test_import_export_OBJECTS = \
test_import_export_OBJECTS = $(am_test_import_export_OBJECTS)
am__DEPENDENCIES_1 =
test_import_export_DEPENDENCIES = $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(top_builddir)/properties/libnm-openvpn-properties.la
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
......@@ -388,12 +388,14 @@ test_import_export_SOURCES = \
test_import_export_CPPFLAGS = \
$(GLIB_CFLAGS) \
$(GTK_CFLAGS) \
$(NM_CFLAGS)
$(NM_CFLAGS) \
$(NMGTK_CFLAGS)
test_import_export_LDADD = \
$(GTHREAD_LIBS) \
$(GTK_LIBS) \
$(NM_LIBS) \
$(NMGTK_LIBS) \
$(top_builddir)/properties/libnm-openvpn-properties.la
all: all-recursive
......
......@@ -47,6 +47,8 @@
#include <ctype.h>
#include <errno.h>
#include <locale.h>
#include <pwd.h>
#include <grp.h>
#include <NetworkManager.h>
#include <NetworkManagerVPN.h>
......@@ -733,6 +735,14 @@ validate_connection_type (const char *ctype)
return NULL;
}
static gboolean
connection_type_is_tls_mode (const char *connection_type)
{
return strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS) == 0
|| strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD) == 0
|| strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS) == 0;
}
static const char *
nm_find_openvpn (void)
{
......@@ -867,6 +877,63 @@ update_io_data_from_vpn_setting (NMOpenvpnPluginIOData *io_data,
io_data->proxy_password = tmp ? g_strdup (tmp) : NULL;
}
#define MAX_GROUPS 128
static gboolean
is_dir_writable (const char *dir, const char *user)
{
struct stat sb;
struct passwd *pw;
if (stat (dir, &sb) == -1)
return FALSE;
pw = getpwnam (user);
if (!pw)
return FALSE;
if (pw->pw_uid == 0)
return TRUE;
if (sb.st_mode & S_IWOTH)
return TRUE;
else if (sb.st_mode & S_IWGRP) {
/* Group has write access. Is user in that group? */
int i, ngroups = MAX_GROUPS;
gid_t groups[MAX_GROUPS];
getgrouplist (user, pw->pw_gid, groups, &ngroups);
for (i = 0; i < ngroups && i < MAX_GROUPS; i++) {
if (groups[i] == sb.st_gid)
return TRUE;
}
} else if (sb.st_mode & S_IWUSR) {
/* The owner has write access. Does the user own the file? */
if (pw->pw_uid == sb.st_uid)
return TRUE;
}
return FALSE;
}
/* Check existence of 'tmp' directory inside @chdir
* and write access in @chdir and @chdir/tmp for @user.
*/
static gboolean
check_chroot_dir_usability (const char *chdir, const char *user)
{
char *tmp_dir;
gboolean b1, b2;
tmp_dir = g_strdup_printf ("%s/tmp", chdir);
if (!g_file_test (tmp_dir, G_FILE_TEST_IS_DIR)) {
g_free (tmp_dir);
return FALSE;
}
b1 = is_dir_writable (chdir, user);
b2 = is_dir_writable (tmp_dir, user);
g_free (tmp_dir);
return b1 && b2;
}
static gboolean
nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
NMSettingVPN *s_vpn,
......@@ -882,6 +949,7 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
gboolean dev_type_is_tap;
char *stmp;
const char *defport, *proto_tcp;
const char *nm_openvpn_user, *nm_openvpn_group, *nm_openvpn_chroot;
/* Find openvpn */
openvpn_binary = nm_find_openvpn ();
......@@ -1108,7 +1176,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
/* Reneg seconds */
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS);
if (tmp && strlen (tmp)) {
if (!connection_type_is_tls_mode (connection_type)) {
/* Ignore --reneg-sec option if we are not in TLS mode (as enabled
* by --client below). openvpn will error out otherwise, see bgo#749050. */
} else if (tmp && strlen (tmp)) {
add_openvpn_arg (args, "--reneg-sec");
if (!add_openvpn_arg_int (args, tmp)) {
g_set_error (error,
......@@ -1282,6 +1353,54 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
return FALSE;
}
/* Allow openvpn to be run as a specified user:group and drop privileges. */
nm_openvpn_user = getenv ("NM_OPENVPN_USER");
nm_openvpn_group = getenv ("NM_OPENVPN_GROUP");
nm_openvpn_chroot = getenv ("NM_OPENVPN_CHROOT");
if (!nm_openvpn_user)
nm_openvpn_user = NM_OPENVPN_USER;
if (!nm_openvpn_group)
nm_openvpn_group = NM_OPENVPN_GROUP;
if (!nm_openvpn_chroot)
nm_openvpn_chroot = NM_OPENVPN_CHROOT;
if (*nm_openvpn_user) {
if (getpwnam (nm_openvpn_user)) {
add_openvpn_arg (args, "--user");
add_openvpn_arg (args, nm_openvpn_user);
} else {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
_("User '%s' not found, check NM_OPENVPN_USER."),
nm_openvpn_user);
free_openvpn_args (args);
return FALSE;
}
}
if (*nm_openvpn_group) {
if (getgrnam (nm_openvpn_group)) {
add_openvpn_arg (args, "--group");
add_openvpn_arg (args, nm_openvpn_group);
} else {
g_set_error (error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
_("Group '%s' not found, check NM_OPENVPN_GROUP."),
nm_openvpn_group);
free_openvpn_args (args);
return FALSE;
}
}
if (*nm_openvpn_chroot) {
if (check_chroot_dir_usability (nm_openvpn_chroot, nm_openvpn_user)) {
add_openvpn_arg (args, "--chroot");
add_openvpn_arg (args, nm_openvpn_chroot);
} else
g_warning ("Directory '%s' not usable for chroot by '%s', openvpn will not be chrooted.",
nm_openvpn_chroot, nm_openvpn_user);
}
g_ptr_array_add (args, NULL);
if (debug) {
......
......@@ -100,6 +100,11 @@
#define NM_OPENVPN_REM_CERT_TLS_CLIENT "client"
#define NM_OPENVPN_REM_CERT_TLS_SERVER "server"
/* User name and group to run nm-openvpn-service under */
#define NM_OPENVPN_USER "nm-openvpn"
#define NM_OPENVPN_GROUP "nm-openvpn"
#define NM_OPENVPN_CHROOT LOCALSTATEDIR "/lib/openvpn/chroot"
typedef struct {
NMVPNPlugin parent;
} NMOpenvpnPlugin;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment