diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/aclocal.m4 network-manager-openvpn-1.2.10/aclocal.m4 --- network-manager-openvpn-1.2.6/aclocal.m4 2016-10-03 17:10:48.000000000 +0200 +++ network-manager-openvpn-1.2.10/aclocal.m4 2017-05-17 16:06:19.000000000 +0200 @@ -491,7 +491,7 @@ ]) dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- -dnl serial 11 (pkg-config-0.29) +dnl serial 11 (pkg-config-0.29.1) dnl dnl Copyright © 2004 Scott James Remnant . dnl Copyright © 2012-2015 Dan Nicholson @@ -533,7 +533,7 @@ dnl See the "Since" comment for each macro you use to see what version dnl of the macros you require. m4_defun([PKG_PREREQ], -[m4_define([PKG_MACROS_VERSION], [0.29]) +[m4_define([PKG_MACROS_VERSION], [0.29.1]) m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) ])dnl PKG_PREREQ @@ -1932,6 +1932,7 @@ AC_SUBST([am__untar]) ]) # _AM_PROG_TAR +m4_include([m4/attributes.m4]) m4_include([m4/compiler_options.m4]) m4_include([m4/git-sha-record.m4]) m4_include([m4/intltool.m4]) diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/auth-dialog/main.c network-manager-openvpn-1.2.10/auth-dialog/main.c --- network-manager-openvpn-1.2.6/auth-dialog/main.c 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/auth-dialog/main.c 2017-03-06 19:32:12.000000000 +0100 @@ -510,7 +510,7 @@ */ prompt = get_passwords_required (data, hints, &need_password, &need_certpass, &need_proxypass); if (!prompt) - prompt = g_strdup_printf (_("You need to authenticate to access the Virtual Private Network '%s'."), vpn_name); + prompt = g_strdup_printf (_("You need to authenticate to access the Virtual Private Network “%s”."), vpn_name); /* Exit early if we don't need any passwords */ if (!need_password && !need_certpass && !need_proxypass) diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/auth-dialog/Makefile.am network-manager-openvpn-1.2.10/auth-dialog/Makefile.am --- network-manager-openvpn-1.2.6/auth-dialog/Makefile.am 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/auth-dialog/Makefile.am 1970-01-01 01:00:00.000000000 +0100 @@ -1,26 +0,0 @@ -libexec_PROGRAMS = nm-openvpn-auth-dialog - -nm_openvpn_auth_dialog_CPPFLAGS = \ - $(GLIB_CFLAGS) \ - $(GTK_CFLAGS) \ - $(LIBNM_CFLAGS) \ - $(LIBNMA_CFLAGS) \ - $(LIBSECRET_CFLAGS) \ - -I$(top_srcdir)/shared \ - -DICONDIR=\""$(datadir)/pixmaps"\" \ - -DUIDIR=\""$(uidir)"\" \ - -DBINDIR=\""$(bindir)"\" \ - -DGNOMELOCALEDIR=\"$(datadir)/locale\" - -nm_openvpn_auth_dialog_SOURCES = \ - $(top_srcdir)/shared/utils.c \ - $(top_srcdir)/shared/utils.h \ - main.c - -nm_openvpn_auth_dialog_LDADD = \ - $(GTK_LIBS) \ - $(LIBNM_LIBS) \ - $(LIBNMA_LIBS) \ - $(LIBSECRET_LIBS) - -CLEANFILES = *~ diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/configure.ac network-manager-openvpn-1.2.10/configure.ac --- network-manager-openvpn-1.2.6/configure.ac 2016-10-03 17:10:29.000000000 +0200 +++ network-manager-openvpn-1.2.10/configure.ac 2017-05-17 16:04:17.000000000 +0200 @@ -1,16 +1,23 @@ AC_PREREQ(2.52) AC_INIT(NetworkManager-openvpn, - 1.2.6, + 1.2.10, https://bugzilla.gnome.org/enter_bug.cgi?product=NetworkManager, NetworkManager-openvpn) AM_INIT_AUTOMAKE([1.9 tar-ustar no-dist-gzip dist-xz]) AM_MAINTAINER_MODE +AM_SILENT_RULES([yes]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([config.h]) +dnl Prefer gcc-* variants; the ones libtool would choose don't work with LTO +AC_CHECK_TOOLS(AR, [gcc-ar ar], false) +AC_CHECK_TOOLS(RANLIB, [gcc-ranlib ranlib], :) + +LT_INIT([disable-static]) + dnl dnl Require programs dnl @@ -91,11 +98,7 @@ GTK_CFLAGS="$GTK_CFLAGS -DGDK_VERSION_MIN_REQUIRED=GDK_VERSION_3_4" PKG_CHECK_MODULES(LIBNMA, libnma >= 1.2.0) - PKG_CHECK_MODULES(LIBSECRET, libsecret-1 >= 0.18, [], [ - dnl We use the secret service API that went stable in 0.18 - PKG_CHECK_MODULES(LIBSECRET, libsecret-unstable) - LIBSECRET_CFLAGS="$LIBSECRET_CFLAGS -DSECRET_API_SUBJECT_TO_CHANGE" - ]) + PKG_CHECK_MODULES(LIBSECRET, libsecret-1 >= 0.18) if test x"$with_libnm_glib" != xno; then PKG_CHECK_MODULES(LIBNM_GTK, libnm-gtk >= 1.2.0) @@ -117,7 +120,9 @@ NM_VPN_SERVICE_DIR=`$PKG_CONFIG --define-variable prefix='\${prefix}' --variable vpnservicedir libnm` AC_SUBST(NM_VPN_SERVICE_DIR) -NM_COMPILER_WARNINGS +NM_COMPILER_WARNINGS([yes]) +NM_LTO +NM_LD_GC NM_PLUGIN_DIR="$libdir/NetworkManager" AC_SUBST(NM_PLUGIN_DIR) @@ -139,13 +144,7 @@ AC_CONFIG_FILES([ Makefile -src/Makefile -auth-dialog/Makefile -properties/Makefile -properties/tests/Makefile -properties/tests/conf/Makefile po/Makefile.in -shared/Makefile ]) AC_OUTPUT @@ -155,3 +154,6 @@ echo " --with-libnm-glib=$with_libnm_glib" echo " --enable-absolute-paths=$enable_absolute_paths" echo " --enable-more-warnings=$set_more_warnings" +echo " --enable-lto=$enable_lto" +echo " --enable-ld-gc=$enable_ld_gc" +echo "" diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/debian/changelog network-manager-openvpn-1.2.10/debian/changelog --- network-manager-openvpn-1.2.6/debian/changelog 2017-09-01 00:39:06.000000000 +0200 +++ network-manager-openvpn-1.2.10/debian/changelog 2017-09-01 15:28:41.000000000 +0200 @@ -1,3 +1,11 @@ +network-manager-openvpn (1.2.10-0ubuntu1) UNRELEASED; urgency=medium + + * New upstream version (ffe lp: #1714509) + - Allow choosing Adaptive or None LZO compression methods in the + connection properties dialog (lp: #1714509) + + -- Sebastien Bacher Fri, 01 Sep 2017 15:28:41 +0200 + network-manager-openvpn (1.2.6-2ubuntu3) artful; urgency=medium * debian/control, debian/rules: diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/linker-script-binary.ver network-manager-openvpn-1.2.10/linker-script-binary.ver --- network-manager-openvpn-1.2.6/linker-script-binary.ver 1970-01-01 01:00:00.000000000 +0100 +++ network-manager-openvpn-1.2.10/linker-script-binary.ver 2017-03-06 19:32:12.000000000 +0100 @@ -0,0 +1,6 @@ +{ +global: + _IO_stdin_used; +local: + *; +}; diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/Makefile.am network-manager-openvpn-1.2.10/Makefile.am --- network-manager-openvpn-1.2.6/Makefile.am 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/Makefile.am 2017-05-17 15:11:37.000000000 +0200 @@ -1,10 +1,26 @@ -AUTOMAKE_OPTIONS = foreign +AUTOMAKE_OPTIONS = foreign subdir-objects -SUBDIRS = shared src properties po +DISTCHECK_CONFIGURE_FLAGS = \ + --enable-more-warnings=yes -if WITH_GNOME -SUBDIRS += auth-dialog -endif +libexec_PROGRAMS = + +noinst_LTLIBRARIES = + +EXTRA_DIST = + +CLEANFILES = + +check_programs = + +noinst_PROGRAMS = + +SUBDIRS = \ + . \ + po + +plugindir = $(libdir)/NetworkManager +plugin_LTLIBRARIES = dbusservicedir = $(sysconfdir)/dbus-1/system.d dbusservice_DATA = nm-openvpn-service.conf @@ -12,6 +28,314 @@ nmvpnservicedir = $(NM_VPN_SERVICE_DIR) nmvpnservice_DATA = nm-openvpn-service.name +uidir = $(datadir)/gnome-vpn-properties/openvpn +ui_DATA = + +############################################################################### + +shared_sources = \ + shared/nm-utils/nm-shared-utils.c \ + shared/utils.c + +############################################################################### + +src_cppflags = \ + -DBINDIR=\"$(bindir)\" \ + -DPREFIX=\""$(prefix)"\" \ + -DSYSCONFDIR=\""$(sysconfdir)"\" \ + -DLIBDIR=\""$(libdir)"\" \ + -DLIBEXECDIR=\""$(libexecdir)"\" \ + -DLOCALSTATEDIR=\""$(localstatedir)"\" \ + -DDATADIR=\"$(datadir)\" \ + -DNM_OPENVPN_LOCALEDIR=\"$(datadir)/locale\" \ + -DG_LOG_DOMAIN=\"nm-openvpn\" \ + -I$(srcdir)/shared \ + $(GLIB_CFLAGS) \ + $(LIBNM_CFLAGS) + +noinst_LTLIBRARIES += src/libnm-utils.la + +src_libnm_utils_la_SOURCES = $(shared_sources) +src_libnm_utils_la_CPPFLAGS = $(src_cppflags) +src_libnm_utils_la_LIBADD = \ + $(GLIB_LIBS) \ + $(LIBNM_LIBS) + +libexec_PROGRAMS += src/nm-openvpn-service + +src_nm_openvpn_service_CPPFLAGS = $(src_cppflags) +src_nm_openvpn_service_LDFLAGS = \ + -Wl,--version-script="$(srcdir)/linker-script-binary.ver" +src_nm_openvpn_service_LDADD = \ + src/libnm-utils.la \ + $(GLIB_LIBS) \ + $(LIBNM_LIBS) +EXTRA_src_nm_openvpn_service_DEPENDENCIES = \ + linker-script-binary.ver + +libexec_PROGRAMS += src/nm-openvpn-service-openvpn-helper + +src_nm_openvpn_service_openvpn_helper_CPPFLAGS = $(src_cppflags) +src_nm_openvpn_service_openvpn_helper_LDFLAGS = \ + -Wl,--version-script="$(srcdir)/linker-script-binary.ver" +src_nm_openvpn_service_openvpn_helper_LDADD = \ + src/libnm-utils.la \ + $(GLIB_LIBS) \ + $(LIBNM_LIBS) +EXTRA_src_nm_openvpn_service_openvpn_helper_DEPENDENCIES = \ + linker-script-binary.ver + +############################################################################### + +plugin_sources = \ + properties/nm-openvpn-editor-plugin.c \ + properties/nm-openvpn-editor-plugin.h \ + properties/import-export.c \ + properties/import-export.h + +editor_sources = \ + properties/nm-openvpn-editor.c \ + properties/nm-openvpn-editor.h \ + properties/auth-helpers.c \ + properties/auth-helpers.h + +properties_cppflags = \ + -DICONDIR=\""$(datadir)/pixmaps"\" \ + -DUIDIR=\""$(uidir)"\" \ + -DLOCALEDIR=\"$(datadir)/locale\" \ + -I$(srcdir)/shared \ + $(GLIB_CFLAGS) + +############################################################################### + +noinst_LTLIBRARIES += properties/libnm-vpn-plugin-openvpn-utils.la + +properties_libnm_vpn_plugin_openvpn_utils_la_SOURCES = \ + $(shared_sources) + +properties_libnm_vpn_plugin_openvpn_utils_la_CPPFLAGS = \ + -DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_LIB_BASE \ + -DNM_PLUGIN_DIR=\"$(NM_PLUGIN_DIR)\" \ + $(properties_cppflags) \ + $(LIBNM_CFLAGS) + +properties_libnm_vpn_plugin_openvpn_utils_la_LIBADD = \ + $(LIBNM_LIBS) \ + $(DL_LIBS) + +noinst_LTLIBRARIES += properties/libnm-vpn-plugin-openvpn-core.la + +properties_libnm_vpn_plugin_openvpn_core_la_SOURCES = \ + shared/nm-utils/nm-vpn-plugin-utils.c \ + shared/nm-utils/nm-vpn-plugin-utils.h \ + shared/nm-utils/nm-vpn-plugin-macros.h \ + $(plugin_sources) + +properties_libnm_vpn_plugin_openvpn_core_la_CPPFLAGS = \ + -DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_LIB_BASE \ + -DNM_PLUGIN_DIR=\"$(NM_PLUGIN_DIR)\" \ + $(properties_cppflags) \ + $(LIBNM_CFLAGS) + +properties_libnm_vpn_plugin_openvpn_core_la_LIBADD = \ + properties/libnm-vpn-plugin-openvpn-utils.la \ + $(LIBNM_LIBS) \ + $(DL_LIBS) + +plugin_LTLIBRARIES += properties/libnm-vpn-plugin-openvpn.la + +properties_libnm_vpn_plugin_openvpn_la_SOURCES = +properties_libnm_vpn_plugin_openvpn_la_LIBADD = \ + properties/libnm-vpn-plugin-openvpn-core.la +properties_libnm_vpn_plugin_openvpn_la_LDFLAGS = \ + -avoid-version \ + -Wl,--version-script=$(srcdir)/properties/libnm-vpn-plugin-openvpn.ver + +############################################################################### + +if WITH_GNOME +ui_DATA += properties/nm-openvpn-dialog.ui +endif + +if WITH_GNOME +plugin_LTLIBRARIES += properties/libnm-vpn-plugin-openvpn-editor.la +endif + +properties_libnm_vpn_plugin_openvpn_editor_la_SOURCES = \ + $(editor_sources) + +properties_libnm_vpn_plugin_openvpn_editor_la_CPPFLAGS = \ + -DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_LIB_EDITOR \ + $(properties_cppflags) \ + $(GTK_CFLAGS) \ + $(LIBNM_CFLAGS) \ + $(LIBNMA_CFLAGS) + +properties_libnm_vpn_plugin_openvpn_editor_la_LIBADD = \ + properties/libnm-vpn-plugin-openvpn-utils.la \ + $(GLIB_LIBS) \ + $(GTK_LIBS) \ + $(LIBNM_LIBS) \ + $(LIBNMA_LIBS) + +properties_libnm_vpn_plugin_openvpn_editor_la_LDFLAGS = \ + -avoid-version \ + -Wl,--version-script=$(srcdir)/properties/libnm-vpn-plugin-openvpn-editor.ver + +############################################################################### + +if WITH_LIBNM_GLIB +noinst_LTLIBRARIES += properties/libnm-openvpn-properties-core.la +endif + +properties_libnm_openvpn_properties_core_la_SOURCES = \ + $(shared_sources) \ + $(plugin_sources) \ + $(editor_sources) + +properties_libnm_openvpn_properties_core_la_CPPFLAGS = \ + -DNM_VPN_OLD \ + -DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_LIB \ + $(properties_cppflags) \ + $(GTK_CFLAGS) \ + $(LIBNM_GLIB_CFLAGS) \ + $(LIBNM_GTK_CFLAGS) + +properties_libnm_openvpn_properties_core_la_LIBADD = \ + $(GLIB_LIBS) \ + $(GTK_LIBS) \ + $(LIBNM_GLIB_LIBS) \ + $(LIBNM_GTK_LIBS) + + +if WITH_LIBNM_GLIB +plugin_LTLIBRARIES += properties/libnm-openvpn-properties.la +endif + +properties_libnm_openvpn_properties_la_SOURCES = +properties_libnm_openvpn_properties_la_LIBADD = \ + properties/libnm-openvpn-properties-core.la +properties_libnm_openvpn_properties_la_LDFLAGS = \ + -avoid-version \ + -Wl,--version-script=$(srcdir)/properties/libnm-openvpn-properties.ver + +EXTRA_DIST += \ + properties/libnm-vpn-plugin-openvpn.ver \ + properties/libnm-vpn-plugin-openvpn-editor.ver \ + properties/libnm-openvpn-properties.ver \ + properties/nm-openvpn-dialog.ui + +############################################################################### + +properties_tests_cppflags = \ + -DTEST_SRCDIR="\"$(abs_srcdir)/properties/tests\"" \ + -DTEST_BUILDDIR="\"$(abs_builddir)/properties/tests\"" \ + -I$(srcdir)/shared \ + -I$(srcdir)/properties \ + $(GLIB_CFLAGS) + + +check_programs += properties/tests/test-import-export + +properties_tests_test_import_export_SOURCES = \ + properties/tests/test-import-export.c + +properties_tests_test_import_export_CPPFLAGS = \ + $(properties_tests_cppflags) \ + $(LIBNM_CFLAGS) \ + $(LIBNMA_CFLAGS) + +properties_tests_test_import_export_LDADD = \ + properties/libnm-vpn-plugin-openvpn-core.la \ + $(GLIB_LIBS) \ + $(LIBNM_LIBS) \ + $(LIBNMA_LIBS) + + +if WITH_LIBNM_GLIB +check_programs += properties/tests/test-import-export-glib +endif + +properties_tests_test_import_export_glib_SOURCES = \ + properties/tests/test-import-export.c + +properties_tests_test_import_export_glib_CPPFLAGS = \ + -DNM_VPN_OLD \ + $(properties_tests_cppflags) \ + $(GTK_CFLAGS) \ + $(LIBNM_GLIB_CFLAGS) \ + $(LIBNM_GTK_CFLAGS) + +properties_tests_test_import_export_glib_LDADD = \ + properties/libnm-openvpn-properties-core.la \ + $(GLIB_LIBS) \ + $(GTK_LIBS) \ + $(LIBNM_GLIB_LIBS) \ + $(LIBNM_GTK_LIBS) + + +EXTRA_DIST += \ + properties/tests/conf/iso885915.ovpn \ + properties/tests/conf/mtu-disc.ovpn \ + properties/tests/conf/password.conf \ + properties/tests/conf/pkcs12.ovpn \ + properties/tests/conf/port.ovpn \ + properties/tests/conf/rport.ovpn \ + properties/tests/conf/static.key \ + properties/tests/conf/static.ovpn \ + properties/tests/conf/tls.ovpn \ + properties/tests/conf/tls2.ovpn \ + properties/tests/conf/tun-opts.conf \ + properties/tests/conf/proxy-http.ovpn \ + properties/tests/conf/httpauthfile \ + properties/tests/conf/proxy-socks.ovpn \ + properties/tests/conf/proxy-http-with-auth.ovpn \ + properties/tests/conf/keysize.ovpn \ + properties/tests/conf/device.ovpn \ + properties/tests/conf/device-notype.ovpn \ + properties/tests/conf/keepalive.ovpn \ + properties/tests/conf/ping-with-exit.ovpn \ + properties/tests/conf/ping-with-restart.ovpn \ + properties/tests/conf/route.ovpn \ + properties/tests/conf/tls-inline.ovpn \ + properties/tests/conf/tls-inline-ca.pem \ + properties/tests/conf/tls-inline-cert.pem \ + properties/tests/conf/tls-inline-key.pem \ + properties/tests/conf/tls-inline-ta.pem + +############################################################################### + +if WITH_GNOME +libexec_PROGRAMS += auth-dialog/nm-openvpn-auth-dialog +endif + +auth_dialog_nm_openvpn_auth_dialog_SOURCES = \ + $(shared_sources) \ + auth-dialog/main.c +auth_dialog_nm_openvpn_auth_dialog_CPPFLAGS = \ + -DICONDIR=\""$(datadir)/pixmaps"\" \ + -DUIDIR=\""$(uidir)"\" \ + -DBINDIR=\""$(bindir)"\" \ + -DGNOMELOCALEDIR=\"$(datadir)/locale\" \ + -I$(srcdir)/shared \ + $(GLIB_CFLAGS) \ + $(GTK_CFLAGS) \ + $(LIBNM_CFLAGS) \ + $(LIBNMA_CFLAGS) \ + $(LIBSECRET_CFLAGS) +auth_dialog_nm_openvpn_auth_dialog_LDFLAGS = \ + -Wl,--version-script="$(srcdir)/linker-script-binary.ver" +auth_dialog_nm_openvpn_auth_dialog_LDADD = \ + $(GLIB_LIBS) \ + $(GTK_LIBS) \ + $(LIBNM_LIBS) \ + $(LIBNMA_LIBS) \ + $(LIBSECRET_LIBS) +EXTRA_auth_dialog_nm_openvpn_auth_dialog_DEPENDENCIES = \ + linker-script-binary.ver + +############################################################################### + if WITH_LIBNM_GLIB # Install a file with full path to plugins for an old gnome-shell # https://bugzilla.gnome.org/show_bug.cgi?id=693590 @@ -40,20 +364,41 @@ -e 's|[@]PLUGINDIR[@]/|@NM_PLUGIN_DIR_NAME_FILE@|g' \ $^ >$@ -DISTCHECK_CONFIGURE_FLAGS = \ - --enable-more-warnings=yes - -EXTRA_DIST = nm-openvpn-service.name.in \ - $(dbusservice_DATA) \ - $(appdata_in_files) \ - $(appdata_files) \ - intltool-extract.in \ - intltool-merge.in \ - intltool-update.in +# we always build the tests during regular build. +noinst_PROGRAMS += $(check_programs) -CLEANFILES = $(nmvpnservice_DATA) \ - $(appdata_files) +TESTS = $(check_programs) -DISTCLEANFILES = intltool-extract intltool-merge intltool-update +EXTRA_DIST += \ + linker-script-binary.ver \ + nm-openvpn-service.name.in \ + $(dbusservice_DATA) \ + $(appdata_in_files) \ + $(appdata_files) \ + intltool-extract.in \ + intltool-merge.in \ + intltool-update.in \ + \ + shared/README \ + shared/nm-utils/gsystem-local-alloc.h \ + shared/nm-utils/nm-glib.h \ + shared/nm-utils/nm-macros-internal.h \ + shared/nm-utils/nm-shared-utils.c \ + shared/nm-utils/nm-shared-utils.h \ + shared/nm-utils/nm-test-utils.h \ + shared/nm-default.h \ + shared/nm-service-defines.h \ + shared/utils.c \ + shared/utils.h \ + $(NULL) + +CLEANFILES += \ + $(nmvpnservice_DATA) \ + $(appdata_files) + +DISTCLEANFILES = \ + intltool-extract \ + intltool-merge \ + intltool-update ACLOCAL_AMFLAGS = -I m4 diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/NEWS network-manager-openvpn-1.2.10/NEWS --- network-manager-openvpn-1.2.6/NEWS 2016-10-03 17:05:19.000000000 +0200 +++ network-manager-openvpn-1.2.10/NEWS 2017-05-17 16:04:17.000000000 +0200 @@ -1,5 +1,35 @@ ======================================================= -NetworkManagerg-openvpn-1.2.6 +NetworkManager-openvpn-1.2.10 +Overview of changes since NetworkManager-openvpn-1.2.8 +======================================================= + +This is a new stable release of NetworkManager-openvpn. Notable changes include: + +* Add support for "tls-crypt" and "mtu-disc" options +* Add support for dynamic challenge-response protocol +* Allow choosing Adaptive or None LZO compression methods in the connection + properties dialog +* Avoid passing the obsolete "tls-remote" option to OpenVPN versions that no + longer support it and discourage its use in the properties dialog +* Updated the build system to use non-recursive make +* Many bug fixes +* Updated Brazilian, Danish, Hungarian, Indonesian, Lithuanian, Polish, Serbian + and Swedish translations + +======================================================= +NetworkManager-openvpn-1.2.8 +Overview of changes since NetworkManager-openvpn-1.2.6 +======================================================= + +This is a new stable release of NetworkManager-openvpn. Notable changes include: + +* Treat cipher and hmac options case insensitive in the properties GUI +* Support numeric argument to mssfix option +* Fixes to translatable strings and use Unicode +* Updated Czech, German, Hungarian, Polish, Spanish translations + +======================================================= +NetworkManager-openvpn-1.2.6 Overview of changes since NetworkManager-openvpn-1.2.4 ======================================================= @@ -14,7 +44,7 @@ * Various cleanups ======================================================= -NetworkManagerg-openvpn-1.2.4 +NetworkManager-openvpn-1.2.4 Overview of changes since NetworkManager-openvpn-1.2.2 ======================================================= @@ -37,7 +67,7 @@ ======================================================= -NetworkManagerg-openvpn-1.2.2 +NetworkManager-openvpn-1.2.2 Overview of changes since NetworkManager-openvpn-1.2 ======================================================= @@ -49,7 +79,7 @@ ======================================================= -NetworkManagerg-openvpn-1.2 +NetworkManager-openvpn-1.2 Overview of changes since network-manager-openvpn-1.0 ======================================================= diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/properties/auth-helpers.c network-manager-openvpn-1.2.10/properties/auth-helpers.c --- network-manager-openvpn-1.2.6/properties/auth-helpers.c 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/properties/auth-helpers.c 2017-05-17 15:11:37.000000000 +0200 @@ -38,6 +38,40 @@ #define BLOCK_HANDLER_ID "block-handler-id" +/*****************************************************************************/ + +static const char *comp_lzo_values[] = { + "adaptive", + "yes", + "no-by-default", +}; + +static const char * +comp_lzo_values_conf_coerce (const char *value_conf) +{ + if (!value_conf || nm_streq (value_conf, "no")) + return NULL; + if (nm_streq (value_conf, "yes")) + return "yes"; + if (nm_streq (value_conf, "no-by-default")) + return "no-by-default"; + return "adaptive"; +} + +static const char * +comp_lzo_values_conf_to_display (const char *value_conf) +{ + if (nm_streq (value_conf, "yes")) + return "yes"; + if (nm_streq (value_conf, "no-by-default")) + return "no"; + if (nm_streq (value_conf, "adaptive")) + return "adaptive"; + g_return_val_if_reached ("adaptive"); +} + +/*****************************************************************************/ + static void show_password (GtkToggleButton *togglebutton, GtkEntry *password_entry) { @@ -176,7 +210,7 @@ gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (cert), filter); gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (cert), TRUE); gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (cert), - _("Choose your personal certificate...")); + _("Choose your personal certificate…")); g_signal_connect (G_OBJECT (cert), "selection-changed", G_CALLBACK (changed_cb), user_data); if (s_vpn) { @@ -194,7 +228,7 @@ gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (key), filter); gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (key), TRUE); gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (key), - _("Choose your private key...")); + _("Choose your private key…")); g_signal_connect (G_OBJECT (key), "selection-changed", G_CALLBACK (changed_cb), user_data); if (s_vpn) { @@ -310,7 +344,7 @@ gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (ca), filter); gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (ca), TRUE); gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (ca), - _("Choose a Certificate Authority certificate...")); + _("Choose a Certificate Authority certificate…")); g_signal_connect (G_OBJECT (ca), "selection-changed", G_CALLBACK (changed_cb), user_data); if (s_vpn) { @@ -354,7 +388,7 @@ gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter); gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE); gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget), - _("Choose an OpenVPN static key...")); + _("Choose an OpenVPN static key…")); g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data); if (s_vpn) { @@ -906,6 +940,7 @@ NM_OPENVPN_KEY_AUTH, NM_OPENVPN_KEY_TA_DIR, NM_OPENVPN_KEY_TA, + NM_OPENVPN_KEY_TLS_CRYPT, NM_OPENVPN_KEY_RENEG_SECONDS, NM_OPENVPN_KEY_TLS_REMOTE, NM_OPENVPN_KEY_VERIFY_X509_NAME, @@ -917,6 +952,7 @@ NM_OPENVPN_KEY_PING_EXIT, NM_OPENVPN_KEY_PING_RESTART, NM_OPENVPN_KEY_MAX_ROUTES, + NM_OPENVPN_KEY_MTU_DISC, NULL }; @@ -1003,7 +1039,7 @@ gboolean user_added = FALSE; char *argv[3]; GError *error = NULL; - gboolean success, found_blank = FALSE; + gboolean success, ignore_lines = TRUE; openvpn_binary = nm_find_openvpn (); if (!openvpn_binary) @@ -1042,15 +1078,21 @@ g_free (tmp); for (item = items; *item; item++) { - char *space = strchr (*item, ' '); + char *space; - /* Don't add anything until after the first blank line */ - if (!found_blank) { - if (!strlen (*item)) - found_blank = TRUE; + /* Don't add anything until after the first blank line. Also, + * any blank line indicates the start of a comment, ended by + * another blank line. + */ + if (!strlen (*item)) { + ignore_lines = !ignore_lines; continue; } + if (ignore_lines) + continue; + + space = strchr (*item, ' '); if (space) *space = '\0'; @@ -1062,7 +1104,7 @@ gtk_list_store_set (store, &iter, TLS_CIPHER_COL_NAME, *item, TLS_CIPHER_COL_DEFAULT, FALSE, -1); - if (!user_added && user_cipher && !strcmp (*item, user_cipher)) { + if (!user_added && user_cipher && !g_ascii_strcasecmp (*item, user_cipher)) { gtk_combo_box_set_active_iter (box, &iter); user_added = TRUE; } @@ -1074,7 +1116,7 @@ gtk_list_store_insert (store, &iter, 1); gtk_list_store_set (store, &iter, TLS_CIPHER_COL_NAME, user_cipher, - TLS_CIPHER_COL_DEFAULT, FALSE -1); + TLS_CIPHER_COL_DEFAULT, FALSE, -1); gtk_combo_box_set_active_iter (box, &iter); } else if (!user_added) { gtk_combo_box_set_active (box, 0); @@ -1147,7 +1189,7 @@ HMACAUTH_COL_NAME, name, HMACAUTH_COL_VALUE, *item, HMACAUTH_COL_DEFAULT, FALSE, -1); - if (hmacauth && !strcmp (*item, hmacauth)) { + if (hmacauth && !g_ascii_strcasecmp (*item, hmacauth)) { gtk_combo_box_set_active_iter (box, &iter); active_initialized = TRUE; } @@ -1181,7 +1223,7 @@ gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, - TLS_REMOTE_MODE_COL_NAME, _("Don't verify certificate identification"), + TLS_REMOTE_MODE_COL_NAME, _("Don’t verify certificate identification"), TLS_REMOTE_MODE_COL_VALUE, TLS_REMOTE_MODE_NONE, -1); @@ -1205,7 +1247,7 @@ gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, - TLS_REMOTE_MODE_COL_NAME, _("Verify subject partially (legacy mode)"), + TLS_REMOTE_MODE_COL_NAME, _("Verify subject partially (legacy mode, strongly discouraged)"), TLS_REMOTE_MODE_COL_VALUE, TLS_REMOTE_MODE_LEGACY, -1); @@ -1244,6 +1286,7 @@ GtkWidget *entry, *combo, *ok_button; GtkTreeIter iter; gboolean entry_enabled = TRUE, entry_has_error = FALSE; + gboolean legacy_tls_remote = FALSE; entry = GTK_WIDGET (gtk_builder_get_object (builder, "tls_remote_entry")); combo = GTK_WIDGET (gtk_builder_get_object (builder, "tls_remote_mode_combo")); @@ -1266,6 +1309,7 @@ entry_enabled = TRUE; entry_has_error = !subject || !subject[0]; + legacy_tls_remote = nm_streq (tls_remote_mode, TLS_REMOTE_MODE_LEGACY); } } @@ -1274,9 +1318,17 @@ widget_set_error (entry); gtk_widget_set_sensitive (ok_button, FALSE); } else { - widget_unset_error (entry); + if (legacy_tls_remote) { + /* selecting tls-remote is not an error, but strongly discouraged. I wish + * there would be a warning-class as well. Anyway, mark the widget as + * erroneous, although this doesn't make the connection invalid (which + * is an ugly inconsistency). */ + widget_set_error (entry); + } else + widget_unset_error (entry); gtk_widget_set_sensitive (ok_button, TRUE); } + } static void @@ -1326,23 +1378,28 @@ g_object_unref (store); } +#define TLS_AUTH_MODE_NONE 0 +#define TLS_AUTH_MODE_AUTH 1 +#define TLS_AUTH_MODE_CRYPT 2 + static void tls_auth_toggled_cb (GtkWidget *widget, gpointer user_data) { GtkBuilder *builder = (GtkBuilder *) user_data; - gboolean use_auth = FALSE; + gint active; - widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_checkbutton")); - use_auth = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)); + widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_mode")); + active = gtk_combo_box_get_active (GTK_COMBO_BOX (widget)); widget = GTK_WIDGET (gtk_builder_get_object (builder, "direction_label")); - gtk_widget_set_sensitive (widget, use_auth); + gtk_widget_set_sensitive (widget, active == TLS_AUTH_MODE_AUTH); + widget = GTK_WIDGET (gtk_builder_get_object (builder, "direction_combo")); + gtk_widget_set_sensitive (widget, active == TLS_AUTH_MODE_AUTH); + widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_label")); - gtk_widget_set_sensitive (widget, use_auth); + gtk_widget_set_sensitive (widget, active != TLS_AUTH_MODE_NONE); widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_chooser")); - gtk_widget_set_sensitive (widget, use_auth); - widget = GTK_WIDGET (gtk_builder_get_object (builder, "direction_combo")); - gtk_widget_set_sensitive (widget, use_auth); + gtk_widget_set_sensitive (widget, active != TLS_AUTH_MODE_NONE); } static void @@ -1392,6 +1449,19 @@ g_object_unref (store); } +static void +mtu_disc_toggled_cb (GtkWidget *widget, gpointer user_data) +{ + GtkBuilder *builder = (GtkBuilder *) user_data; + gboolean use_mtu_disc; + + widget = GTK_WIDGET (gtk_builder_get_object (builder, "mtu_disc_checkbutton")); + use_mtu_disc = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)); + + widget = GTK_WIDGET (gtk_builder_get_object (builder, "mtu_disc_combo")); + gtk_widget_set_sensitive (widget, use_mtu_disc); +} + #define PROXY_TYPE_NONE 0 #define PROXY_TYPE_HTTP 1 #define PROXY_TYPE_SOCKS 2 @@ -1553,7 +1623,7 @@ return nm_streq0 (value, "yes"); } -static void +static GtkToggleButton * _builder_init_toggle_button (GtkBuilder *builder, const char *widget_name, gboolean active_state) @@ -1561,9 +1631,10 @@ GtkToggleButton *widget; widget = (GtkToggleButton *) gtk_builder_get_object (builder, widget_name); - g_return_if_fail (GTK_IS_TOGGLE_BUTTON (widget)); + g_return_val_if_fail (GTK_IS_TOGGLE_BUTTON (widget), NULL); gtk_toggle_button_set_active (widget, active_state); + return widget; } static void @@ -1617,6 +1688,7 @@ const char *dev, *dev_type, *tap_dev; GtkListStore *store; GtkTreeIter iter; + guint i; guint32 active; guint32 pw_flags = NM_SETTING_SECRET_FLAG_NONE; GError *error = NULL; @@ -1744,13 +1816,23 @@ _nm_utils_ascii_str_to_int64 (value, 10, 0, 65535, 1300)); - /* the UI currently only supports "--comp-lzo yes" or omitting the "--comp-lzo" - * flag. - * - * Internally, we also support "--comp-lzo [adaptive]" and "--comp-lzo no" - * which have different meaning for openvpn. */ - value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_COMP_LZO); - _builder_init_toggle_button (builder, "lzo_checkbutton", NM_IN_STRSET (value, "yes", "adaptive")); + value = comp_lzo_values_conf_coerce (g_hash_table_lookup (hash, NM_OPENVPN_KEY_COMP_LZO)); + widget = GTK_WIDGET (_builder_init_toggle_button (builder, "lzo_checkbutton", value != NULL)); + combo = GTK_WIDGET (gtk_builder_get_object (builder, "lzo_combo")); + store = gtk_list_store_new (1, G_TYPE_STRING); + active = 0; + for (i = 0; i < G_N_ELEMENTS (comp_lzo_values); i++) { + gtk_list_store_append (store, &iter); + gtk_list_store_set (store, &iter, + 0, comp_lzo_values_conf_to_display (comp_lzo_values[i]), + -1); + if (nm_streq (comp_lzo_values[i], value ?: "adaptive")) + active = i; + } + gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (store)); + g_object_unref (store); + gtk_combo_box_set_active (GTK_COMBO_BOX (combo), active); + g_object_bind_property (widget, "active", combo, "sensitive", G_BINDING_SYNC_CREATE); _builder_init_toggle_button (builder, "mssfix_checkbutton", _hash_get_boolean (hash, NM_OPENVPN_KEY_MSSFIX)); _builder_init_toggle_button (builder, "float_checkbutton", _hash_get_boolean (hash, NM_OPENVPN_KEY_FLOAT)); @@ -1838,52 +1920,49 @@ value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_NS_CERT_TYPE); populate_ns_cert_type_combo (GTK_COMBO_BOX (widget), value); - if ( !strcmp (contype, NM_OPENVPN_CONTYPE_TLS) - || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS) - || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) { + if (NM_IN_STRSET (contype, + NM_OPENVPN_CONTYPE_TLS, + NM_OPENVPN_CONTYPE_PASSWORD_TLS, + NM_OPENVPN_CONTYPE_PASSWORD)) { int direction = -1; - active = 0; - widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_checkbutton")); - value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA); - if (value && strlen (value)) - gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); - g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (tls_auth_toggled_cb), builder); - tls_auth_toggled_cb (widget, builder); - - widget = GTK_WIDGET (gtk_builder_get_object (builder, "direction_combo")); - value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA_DIR); - if (value && strlen (value)) { - direction = (int) strtol (value, NULL, 10); - /* If direction is not 0 or 1, use no direction */ - if (direction != 0 && direction != 1) - direction = -1; - } - + /* Initialize direction combo */ + combo = GTK_WIDGET (gtk_builder_get_object (builder, "direction_combo")); store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_INT); - gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, TA_DIR_COL_NAME, _("None"), TA_DIR_COL_NUM, -1, -1); - gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, TA_DIR_COL_NAME, "0", TA_DIR_COL_NUM, 0, -1); - if (direction == 0) - active = 1; - gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, TA_DIR_COL_NAME, "1", TA_DIR_COL_NUM, 1, -1); - if (direction == 1) - active = 2; - - gtk_combo_box_set_model (GTK_COMBO_BOX (widget), GTK_TREE_MODEL (store)); + gtk_combo_box_set_model (GTK_COMBO_BOX (combo), GTK_TREE_MODEL (store)); g_object_unref (store); - gtk_combo_box_set_active (GTK_COMBO_BOX (widget), active); + gtk_combo_box_set_active (GTK_COMBO_BOX (combo), 0); + combo = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_mode")); + widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_chooser")); value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA); - if (value && strlen (value)) { - widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_chooser")); + value2 = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TLS_CRYPT); + if (value2 && value2[0]) { + gtk_combo_box_set_active (GTK_COMBO_BOX (combo), TLS_AUTH_MODE_CRYPT); + gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value2); + } else if (value && value[0]) { + gtk_combo_box_set_active (GTK_COMBO_BOX (combo), TLS_AUTH_MODE_AUTH); gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value); - } + value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA_DIR); + if (value && value[0]) { + direction = (int) strtol (value, NULL, 10); + /* If direction is not 0 or 1, use no direction */ + if (direction != 0 && direction != 1) + direction = -1; + } + widget = GTK_WIDGET (gtk_builder_get_object (builder, "direction_combo")); + gtk_combo_box_set_active (GTK_COMBO_BOX (widget), direction + 1); + } else + gtk_combo_box_set_active (GTK_COMBO_BOX (combo), TLS_AUTH_MODE_NONE); + + g_signal_connect (G_OBJECT (combo), "changed", G_CALLBACK (tls_auth_toggled_cb), builder); + tls_auth_toggled_cb (combo, builder); } else { widget = GTK_WIDGET (gtk_builder_get_object (builder, "options_notebook")); gtk_notebook_remove_page (GTK_NOTEBOOK (widget), 2); @@ -1924,6 +2003,21 @@ gtk_widget_set_sensitive (spin, !!value); gtk_toggle_button_set_active ((GtkToggleButton *) widget, !!value); + /* MTU discovery */ + widget = GTK_WIDGET (gtk_builder_get_object (builder, "mtu_disc_checkbutton")); + value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_MTU_DISC); + if (value && value[0]) { + gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); + combo = GTK_WIDGET (gtk_builder_get_object (builder, "mtu_disc_combo")); + if (nm_streq (value, "maybe")) + gtk_combo_box_set_active (GTK_COMBO_BOX (combo), 1); + else if (nm_streq (value, "yes")) + gtk_combo_box_set_active (GTK_COMBO_BOX (combo), 2); + else + gtk_combo_box_set_active (GTK_COMBO_BOX (combo), 0); + } + g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (mtu_disc_toggled_cb), builder); + mtu_disc_toggled_cb (widget, builder); value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_MAX_ROUTES); _builder_init_optional_spinbutton (builder, "max_routes_checkbutton", "max_routes_spinbutton", !!value, @@ -1943,6 +2037,7 @@ GtkBuilder *builder; const char *contype = NULL; const char *value; + int active; int proxy_type = PROXY_TYPE_NONE; GtkTreeModel *model; GtkTreeIter iter; @@ -2050,13 +2145,10 @@ widget = GTK_WIDGET (gtk_builder_get_object (builder, "lzo_checkbutton")); if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { - /* we only have a checkbox, which we either map to "--comp-lzo yes" or - * no "--comp-lzo" flag. In the UI, we cannot express "--comp-lzo [adaptive]" - * or "--comp-lzo no". - * - * Note that "--comp-lzo no" must be encoded as "comp-lzo=no-by-default" (bgo#769177). - */ - g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_COMP_LZO), g_strdup ("yes")); + combo = GTK_WIDGET (gtk_builder_get_object (builder, "lzo_combo")); + active = gtk_combo_box_get_active (GTK_COMBO_BOX (combo)); + if (active >= 0 && active < G_N_ELEMENTS (comp_lzo_values)) + g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_COMP_LZO), g_strdup (comp_lzo_values[active])); } widget = GTK_WIDGET (gtk_builder_get_object (builder, "mssfix_checkbutton")); @@ -2136,6 +2228,7 @@ if ( !strcmp (contype, NM_OPENVPN_CONTYPE_TLS) || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD_TLS) || !strcmp (contype, NM_OPENVPN_CONTYPE_PASSWORD)) { + char *filename; entry = GTK_WIDGET (gtk_builder_get_object (builder, "tls_remote_entry")); value = gtk_entry_get_text (GTK_ENTRY (entry)); @@ -2187,15 +2280,13 @@ } } - widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_checkbutton")); - if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { - char *filename; - + combo = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_mode")); + switch (gtk_combo_box_get_active (GTK_COMBO_BOX (combo))) { + case TLS_AUTH_MODE_AUTH: widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_chooser")); filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); - if (filename && strlen (filename)) { + if (filename && filename[0]) g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_TA), g_strdup (filename)); - } g_free (filename); widget = GTK_WIDGET (gtk_builder_get_object (builder, "direction_combo")); @@ -2209,10 +2300,20 @@ g_strdup_printf ("%d", direction)); } } + break; + case TLS_AUTH_MODE_CRYPT: + widget = GTK_WIDGET (gtk_builder_get_object (builder, "tls_auth_chooser")); + filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget)); + if (filename && filename[0]) + g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_TLS_CRYPT), g_strdup (filename)); + g_free (filename); + break; + case TLS_AUTH_MODE_NONE: + break; } } - widget = GTK_WIDGET (gtk_builder_get_object (builder, "ping_checkbutton")); + widget = GTK_WIDGET (gtk_builder_get_object (builder, "ping_checkbutton")); if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { int ping_val; @@ -2251,6 +2352,30 @@ g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_MAX_ROUTES), g_strdup_printf ("%d", max_routes)); } + /* MTU discovery */ + widget = GTK_WIDGET (gtk_builder_get_object (builder, "mtu_disc_checkbutton")); + if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { + char *val = NULL; + + combo = GTK_WIDGET (gtk_builder_get_object (builder, "mtu_disc_combo")); + switch (gtk_combo_box_get_active (GTK_COMBO_BOX (combo))) { + case 0: + val = "no"; + break; + case 1: + val = "maybe"; + break; + case 2: + val = "yes"; + break; + } + if (val) { + g_hash_table_insert (hash, + g_strdup (NM_OPENVPN_KEY_MTU_DISC), + g_strdup (val)); + } + } + return hash; } diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/properties/import-export.c network-manager-openvpn-1.2.10/properties/import-export.c --- network-manager-openvpn-1.2.6/properties/import-export.c 2016-10-01 15:39:58.000000000 +0200 +++ network-manager-openvpn-1.2.10/properties/import-export.c 2017-05-16 19:29:15.000000000 +0200 @@ -44,6 +44,7 @@ #define INLINE_BLOB_PKCS12 "pkcs12" #define INLINE_BLOB_SECRET "secret" #define INLINE_BLOB_TLS_AUTH "tls-auth" +#define INLINE_BLOB_TLS_CRYPT "tls-crypt" const char *_nmovpn_test_temp_path = NULL; @@ -218,9 +219,9 @@ if (params[n_param][0] == '\0') { if (argument_name) - *out_error = g_strdup_printf (_("argument %s of \"%s\" can not be empty"), argument_name, params[0]); + *out_error = g_strdup_printf (_("argument %s of “%s” can not be empty"), argument_name, params[0]); else - *out_error = g_strdup_printf (_("argument of \"%s\" can not be empty"), params[0]); + *out_error = g_strdup_printf (_("argument of “%s” can not be empty"), params[0]); return FALSE; } return TRUE; @@ -236,9 +237,9 @@ return FALSE; if (!_is_utf8 (params[n_param])) { if (argument_name) - *out_error = g_strdup_printf (_("argument %s of \"%s\" must be UTF-8 encoded"), argument_name, params[0]); + *out_error = g_strdup_printf (_("argument %s of “%s” must be UTF-8 encoded"), argument_name, params[0]); else - *out_error = g_strdup_printf (_("argument of \"%s\" must be UTF-8 encoded"), params[0]); + *out_error = g_strdup_printf (_("argument of “%s” must be UTF-8 encoded"), params[0]); return FALSE; } return TRUE; @@ -262,7 +263,7 @@ v = _nm_utils_ascii_str_to_int64 (params[n_param], 10, min, max, -1); if (errno) { - *out_error = g_strdup_printf (_("invalid %uth argument to '%s' where number expected"), + *out_error = g_strdup_printf (_("invalid %uth argument to “%s” where number expected"), n_param, params[0]); return FALSE; @@ -303,7 +304,7 @@ && NM_IN_STRSET (params[n_param], "vpn_gateway", "net_gateway", "remote_host")) { /* we don't support these special destinations, as they currently cannot be expressed * in a connection. */ - *out_error = g_strdup_printf (_("unsupported %uth argument %s to '%s'"), + *out_error = g_strdup_printf (_("unsupported %uth argument %s to “%s”"), n_param, params[n_param], params[0]); @@ -321,14 +322,14 @@ goto not_dns; } /* we also don't support specifing a FQDN. */ - *out_error = g_strdup_printf (_("unsupported %uth argument to '%s' which looks like a FQDN but only IPv4 address supported"), + *out_error = g_strdup_printf (_("unsupported %uth argument to “%s” which looks like a FQDN but only IPv4 address supported"), n_param, params[0]); return FALSE; } not_dns: - *out_error = g_strdup_printf (_("invalid %uth argument to '%s' where IPv4 address expected"), + *out_error = g_strdup_printf (_("invalid %uth argument to “%s” where IPv4 address expected"), n_param, params[0]); return FALSE; @@ -353,7 +354,7 @@ else if (nm_streq (params[n_param], "1")) *out_key_direction = "1"; else { - *out_error = g_strdup_printf (_("invalid %uth key-direction argument to '%s'"), n_param, params[0]); + *out_error = g_strdup_printf (_("invalid %uth key-direction argument to “%s”"), n_param, params[0]); return FALSE; } return TRUE; @@ -367,7 +368,7 @@ g_return_val_if_fail (n_param > 0, FALSE); g_return_val_if_fail (n_param < g_strv_length ((char **) params), FALSE); - return g_strdup_printf (_("invalid %uth argument to '%s'"), n_param, params[0]); + return g_strdup_printf (_("invalid %uth argument to “%s”"), n_param, params[0]); } /*****************************************************************************/ @@ -717,7 +718,7 @@ return TRUE; if (g_file_test (dirname, G_FILE_TEST_EXISTS)) { - *out_error = g_strdup_printf (_("'%s' is not a directory"), dirname); + *out_error = g_strdup_printf (_("“%s” is not a directory"), dirname); return FALSE; } @@ -725,7 +726,7 @@ return FALSE; if (mkdir (dirname, 0755) < 0) { - *out_error = g_strdup_printf (_("cannot create '%s' directory"), dirname); + *out_error = g_strdup_printf (_("cannot create “%s” directory"), dirname); return FALSE; } @@ -762,7 +763,7 @@ g_set_error (error, NMV_EDITOR_PLUGIN_ERROR, NMV_EDITOR_PLUGIN_ERROR_FAILED, - _("cannot write <%s> blob from line %ld to file '%s'"), + _("cannot write <%s> blob from line %ld to file “%s”"), data->token, (long) data->token_start_line, data->path); @@ -916,8 +917,23 @@ if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_MSSFIX)) { if (!args_params_check_nargs_minmax (params, 0, 1, &line_error)) goto handle_line_error; - /* TODO: handle the mssfix argument. */ - setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_MSSFIX, "yes"); + if (params[1]) { + if (!args_params_parse_int64 (params, 1, 1, G_MAXINT32, &v_int64, &line_error)) + goto handle_line_error; + setting_vpn_add_data_item_int64 (s_vpn, NM_OPENVPN_KEY_MSSFIX, v_int64); + } else + setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_MSSFIX, "yes"); + continue; + } + + if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_MTU_DISC)) { + if (!args_params_check_nargs_n (params, 1, &line_error)) + goto handle_line_error; + if (!NM_IN_STRSET (params[1], "no", "maybe", "yes")) { + line_error = g_strdup_printf (_("unsupported mtu-disc argument")); + goto handle_line_error; + } + setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_MTU_DISC, params[1]); continue; } @@ -1151,7 +1167,8 @@ NMV_OVPN_TAG_CERT, NMV_OVPN_TAG_KEY, NMV_OVPN_TAG_SECRET, - NMV_OVPN_TAG_TLS_AUTH)) { + NMV_OVPN_TAG_TLS_AUTH, + NMV_OVPN_TAG_TLS_CRYPT)) { const char *file; gs_free char *file_free = NULL; gboolean can_have_direction; @@ -1196,7 +1213,9 @@ setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_TA, file); if (s_direction) setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR, s_direction); - } else + } else if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_TLS_CRYPT)) + setting_vpn_add_data_item_path (s_vpn, NM_OPENVPN_KEY_TLS_CRYPT, file); + else g_assert_not_reached (); continue; } @@ -1252,7 +1271,7 @@ } if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_VERIFY_X509_NAME)) { - const char *type = "subject"; + const char *type = NM_OPENVPN_VERIFY_X509_NAME_TYPE_SUBJECT; gs_free char *item = NULL; if (!args_params_check_nargs_minmax (params, 1, 2, &line_error)) @@ -1383,6 +1402,7 @@ gs_free char *end_token = NULL; gsize end_token_len; gsize my_contents_cur_line = contents_cur_line; + gboolean is_base64 = FALSE; char *f_path; const char *key; gboolean can_have_direction = FALSE; @@ -1395,8 +1415,11 @@ key = NM_OPENVPN_KEY_CERT; else if (nm_streq (token, INLINE_BLOB_KEY)) key = NM_OPENVPN_KEY_KEY; - else if (nm_streq (token, INLINE_BLOB_PKCS12)) + else if (nm_streq (token, INLINE_BLOB_PKCS12)) { + is_base64 = TRUE; key = NULL; + } else if (nm_streq (token, INLINE_BLOB_TLS_CRYPT)) + key = NM_OPENVPN_KEY_TLS_CRYPT; else if (nm_streq (token, INLINE_BLOB_TLS_AUTH)) { key = NM_OPENVPN_KEY_TA; can_have_direction = TRUE; @@ -1438,6 +1461,15 @@ goto handle_line_error; } + if (is_base64) { + gs_free guint8 *d = NULL; + gsize l; + + d = g_base64_decode (blob_data->str, &l); + g_string_truncate (blob_data, 0); + g_string_append_len (blob_data, (const char *) d, l); + } + /* the latest cert wins... */ for (sl_iter = inline_blobs; sl_iter; sl_iter = sl_iter->next) { InlineBlobData *d = sl_iter->data; @@ -1494,7 +1526,7 @@ g_set_error_literal (error, NMV_EDITOR_PLUGIN_ERROR, NMV_EDITOR_PLUGIN_ERROR_FILE_NOT_VPN, - _("The file to import wasn't a valid OpenVPN client configuration")); + _("The file to import wasn’t a valid OpenVPN client configuration")); goto out_error; } @@ -1502,7 +1534,7 @@ g_set_error_literal (error, NMV_EDITOR_PLUGIN_ERROR, NMV_EDITOR_PLUGIN_ERROR_FILE_NOT_VPN, - _("The file to import wasn't a valid OpenVPN configure (no remote)")); + _("The file to import wasn’t a valid OpenVPN configure (no remote)")); goto out_error; } @@ -1872,8 +1904,13 @@ if (nm_streq0 (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_FLOAT), "yes")) args_write_line (f, NMV_OVPN_TAG_FLOAT); - if (nm_streq0 (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_MSSFIX), "yes")) + value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_MSSFIX); + if (nm_streq0 (value, "yes")) args_write_line (f, NMV_OVPN_TAG_MSSFIX); + else if (value) + args_write_line_setting_value_int (f, NMV_OVPN_TAG_MSSFIX, s_vpn, NM_OPENVPN_KEY_MSSFIX); + + args_write_line_setting_value (f, NMV_OVPN_TAG_MTU_DISC, s_vpn, NM_OPENVPN_KEY_MTU_DISC); args_write_line_setting_value_int (f, NMV_OVPN_TAG_TUN_MTU, s_vpn, NM_OPENVPN_KEY_TUNNEL_MTU); @@ -1917,7 +1954,7 @@ if (NM_IN_STRSET (connection_type, NM_OPENVPN_CONTYPE_TLS, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) { - const char *x509_name, *ta_key; + const char *x509_name, *key; args_write_line_setting_value (f, NMV_OVPN_TAG_REMOTE_CERT_TLS, s_vpn, NM_OPENVPN_KEY_REMOTE_CERT_TLS); args_write_line_setting_value (f, NMV_OVPN_TAG_NS_CERT_TYPE, s_vpn, NM_OPENVPN_KEY_NS_CERT_TYPE); @@ -1938,15 +1975,23 @@ args_write_line (f, NMV_OVPN_TAG_VERIFY_X509_NAME, name, type); } - ta_key = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA); - if (_arg_is_set (ta_key)) { + key = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA); + if (_arg_is_set (key)) { gs_free char *s_free = NULL; - args_write_line (f, NMV_OVPN_TAG_TLS_AUTH, - nmv_utils_str_utf8safe_unescape_c (ta_key, &s_free), + nmv_utils_str_utf8safe_unescape_c (key, &s_free), _arg_is_set (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR))); } + + key = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TLS_CRYPT); + if (_arg_is_set (key)) { + gs_free char *s_free = NULL; + args_write_line (f, + NMV_OVPN_TAG_TLS_CRYPT, + nmv_utils_str_utf8safe_unescape_c (key, &s_free)); + } + } proxy_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PROXY_TYPE); @@ -2086,4 +2131,3 @@ return TRUE; } - diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/properties/Makefile.am network-manager-openvpn-1.2.10/properties/Makefile.am --- network-manager-openvpn-1.2.6/properties/Makefile.am 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/properties/Makefile.am 1970-01-01 01:00:00.000000000 +0100 @@ -1,143 +0,0 @@ -SUBDIRS = . tests - -plugindir = $(libdir)/NetworkManager -plugin_LTLIBRARIES = libnm-vpn-plugin-openvpn.la -if WITH_GNOME -plugin_LTLIBRARIES += libnm-vpn-plugin-openvpn-editor.la -if WITH_LIBNM_GLIB -plugin_LTLIBRARIES += libnm-openvpn-properties.la -endif -endif - -shared_sources = \ - $(top_srcdir)/shared/nm-utils/nm-shared-utils.c \ - $(top_srcdir)/shared/nm-utils/nm-shared-utils.h \ - $(top_srcdir)/shared/utils.c \ - $(top_srcdir)/shared/utils.h \ - $(top_srcdir)/shared/nm-service-defines.h \ - $(NULL) - -plugin_sources = \ - nm-openvpn-editor-plugin.c \ - nm-openvpn-editor-plugin.h \ - import-export.c \ - import-export.h - -editor_sources = \ - nm-openvpn-editor.c \ - nm-openvpn-editor.h \ - auth-helpers.c \ - auth-helpers.h - -uidir = $(datadir)/gnome-vpn-properties/openvpn -if WITH_GNOME -ui_DATA = nm-openvpn-dialog.ui -endif - -common_CFLAGS = \ - $(GLIB_CFLAGS) \ - -I$(top_srcdir)/shared \ - -DICONDIR=\""$(datadir)/pixmaps"\" \ - -DUIDIR=\""$(uidir)"\" \ - -DLOCALEDIR=\"$(datadir)/locale\" - -############################################################################### - -libnm_vpn_plugin_openvpn_la_SOURCES = \ - $(shared_sources) \ - $(top_srcdir)/shared/nm-utils/nm-vpn-plugin-utils.c \ - $(top_srcdir)/shared/nm-utils/nm-vpn-plugin-utils.h \ - $(top_srcdir)/shared/nm-utils/nm-vpn-plugin-macros.h \ - $(plugin_sources) - -libnm_vpn_plugin_openvpn_la_CFLAGS = \ - $(common_CFLAGS) \ - -DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_LIB_BASE \ - -DNM_PLUGIN_DIR=\"$(NM_PLUGIN_DIR)\" \ - $(LIBNM_CFLAGS) - -libnm_vpn_plugin_openvpn_la_LIBADD = \ - $(LIBNM_LIBS) \ - $(DL_LIBS) \ - $(NULL) - -libnm_vpn_plugin_openvpn_la_LDFLAGS = \ - -avoid-version \ - -Wl,--version-script=$(srcdir)/libnm-vpn-plugin-openvpn.ver - -############################################################################### - -libnm_vpn_plugin_openvpn_editor_la_SOURCES = \ - $(shared_sources) \ - $(editor_sources) - -libnm_vpn_plugin_openvpn_editor_la_CFLAGS = \ - $(common_CFLAGS) \ - $(GTK_CFLAGS) \ - -DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_LIB_EDITOR \ - $(LIBNM_CFLAGS) \ - $(LIBNMA_CFLAGS) - -libnm_vpn_plugin_openvpn_editor_la_LIBADD = \ - $(GTK_LIBS) \ - $(LIBNM_LIBS) \ - $(LIBNMA_LIBS) - -libnm_vpn_plugin_openvpn_editor_la_LDFLAGS = \ - -avoid-version \ - -Wl,--version-script=$(srcdir)/libnm-vpn-plugin-openvpn-editor.ver - -############################################################################### - -libnm_openvpn_properties_la_SOURCES = \ - $(shared_sources) \ - $(plugin_sources) \ - $(editor_sources) - -libnm_openvpn_properties_la_CFLAGS = \ - -DNM_VPN_OLD \ - $(common_CFLAGS) \ - $(GTK_CFLAGS) \ - -DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_LIB \ - $(LIBNM_GLIB_CFLAGS) \ - $(LIBNM_GTK_CFLAGS) - -libnm_openvpn_properties_la_LIBADD = \ - $(GTK_LIBS) \ - $(LIBNM_GLIB_LIBS) \ - $(LIBNM_GTK_LIBS) - -libnm_openvpn_properties_la_LDFLAGS = \ - -avoid-version \ - -Wl,--version-script=$(srcdir)/libnm-openvpn-properties.ver - -############################################################################### - -libnm_vpn_plugin_openvpn_test_la_SOURCES = $(libnm_vpn_plugin_openvpn_la_SOURCES) -libnm_vpn_plugin_openvpn_test_la_CFLAGS = $(libnm_vpn_plugin_openvpn_la_CFLAGS) -libnm_vpn_plugin_openvpn_test_la_LIBADD = $(libnm_vpn_plugin_openvpn_la_LIBADD) -libnm_vpn_plugin_openvpn_test_la_LDFLAGS = \ - -avoid-version - -libnm_openvpn_properties_test_la_SOURCES = $(libnm_openvpn_properties_la_SOURCES) -libnm_openvpn_properties_test_la_CFLAGS = $(libnm_openvpn_properties_la_CFLAGS) -libnm_openvpn_properties_test_la_LIBADD = $(libnm_openvpn_properties_la_LIBADD) -libnm_openvpn_properties_test_la_LDFLAGS = \ - -avoid-version - -############################################################################### - -noinst_LTLIBRARIES = \ - libnm-vpn-plugin-openvpn-test.la -if WITH_LIBNM_GLIB -noinst_LTLIBRARIES += libnm-openvpn-properties-test.la -endif - -CLEANFILES = *.bak *~ - -EXTRA_DIST = \ - libnm-vpn-plugin-openvpn.ver \ - libnm-vpn-plugin-openvpn-editor.ver \ - libnm-openvpn-properties.ver \ - nm-openvpn-dialog.ui - diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/properties/nm-openvpn-dialog.ui network-manager-openvpn-1.2.10/properties/nm-openvpn-dialog.ui --- network-manager-openvpn-1.2.6/properties/nm-openvpn-dialog.ui 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/properties/nm-openvpn-dialog.ui 2017-05-17 15:11:37.000000000 +0200 @@ -54,13 +54,11 @@ 10 - 0 100000000 100 1 10 - @@ -70,7 +68,41 @@ - + + + + + + + + + + + + None + + + TLS-Auth + + + TLS-Crypt + + + + + + + + + + + No + + + Maybe + + + Yes @@ -81,7 +113,7 @@ - + @@ -101,9 +133,11 @@ True False - <b>General</b> - True + General 0 + + + False @@ -183,9 +217,11 @@ True False - <b>Authentication</b> - True + Authentication 0 + + + False @@ -274,7 +310,7 @@ True False - Local peer's private key in .pem format. + Local peer’s private key in .pem format. config: key True @@ -351,7 +387,7 @@ True False - Local peer's signed certificate in .pem format (signed by CA of CA Certificate). + Local peer’s signed certificate in .pem format (signed by CA of CA Certificate). config: cert @@ -543,7 +579,7 @@ True False - Local peer's private key in .pem format. + Local peer’s private key in .pem format. config: key @@ -609,7 +645,7 @@ True False - Local peer's signed certificate in .pem format (signed by CA of CA Certificate). + Local peer’s signed certificate in .pem format (signed by CA of CA Certificate). config: cert @@ -839,7 +875,7 @@ True False Direction for Static Key encryption mode (non-TLS). -If key direction is used, it must be the opposite of that used on the VPN peer. For example, if the peer uses '1', this connection must use '0'. If you are unsure what value to use, contact your system administrator. +If key direction is used, it must be the opposite of that used on the VPN peer. For example, if the peer uses “1”, this connection must use “0”. If you are unsure what value to use, contact your system administrator. config: static <file> [direction] model1 @@ -975,8 +1011,7 @@ True False - Ad_vanced... - True + Ad_vanced… True @@ -1005,7 +1040,7 @@ - + @@ -1016,7 +1051,7 @@ - + @@ -1027,7 +1062,7 @@ - + @@ -1049,7 +1084,7 @@ - + @@ -1060,7 +1095,7 @@ - + @@ -1071,7 +1106,7 @@ - + @@ -1239,17 +1274,49 @@ - - Use L_ZO data compression - False + True - True - False - Use fast LZO compression. + False + 6 + + + Use L_ZO data compression + False + True + True + False + Use fast LZO compression. config: comp-lzo - True - 0 - True + True + 0 + True + + + False + True + 0 + + + + + True + True + Select the LZO data compression mode. +config: comp-lzo + model4 + + + + 0 + + + + + False + False + 1 + + False @@ -1339,7 +1406,7 @@ True True - Use custom name for TUN/TAP virtual device (instead of default "tun" or "tap"). + Use custom name for TUN/TAP virtual device (instead of default “tun” or “tap”). config: dev <name> 15 @@ -1514,7 +1581,7 @@ True True False - Allow remote peer to change its IP address and/or port number, such as due to DHCP (this is the default if --remote is not used). --float when specified with --remote allows an OpenVPN session to initially connect to a peer at a known address, however if packets arrive from a new address and pass all authentication tests, the new address will take control of the session. This is useful when you are connecting to a peer which holds a dynamic address such as a dial-in user or DHCP client. + Allow remote peer to change its IP address and/or port number, such as due to DHCP (this is the default if --remote is not used). --float when specified with --remote allows an OpenVPN session to initially connect to a peer at a known address, however if packets arrive from a new address and pass all authentication tests, the new address will take control of the session. This is useful when you are connecting to a peer which holds a dynamic address such as a dial-in user or DHCP client. Essentially, --float tells OpenVPN to accept authenticated packets from any address, not only the address which was specified in the --remote option. @@ -1577,19 +1644,19 @@ - + True False 6 - - Specify max routes: + + Specify _exit or restart ping: False True True False - Specify the maximum number of routes the server is allowed to specify. -config: max-routes <n> + Exit or restart after n seconds pass without reception of a ping or other packet from remote. +config: ping-exit | ping-restart <n> True 0.5 True @@ -1601,42 +1668,62 @@ - + True True - Specify the maximum number of routes the server is allowed to specify. -config: max-routes <n> - adjustment9 + Exit or restart after n seconds pass without reception of a ping or other packet from remote. +config: ping-exit | ping-restart <n> + model8 + + + + 0 + + + + + False + False + 1 + + + + + True + True + Exit or restart after n seconds pass without reception of a ping or other packet from remote. +config: ping-exit | ping-restart <n> + adjustment8 1 True False False - 1 + 2 False True - 12 + 11 - + True False 6 - - Specify _exit or restart ping: + + Specify max routes: False True True False - Exit or restart after n seconds pass without reception of a ping or other packet from remote. -config: ping-exit | ping-restart <n> + Specify the maximum number of routes the server is allowed to specify. +config: max-routes <n> True 0.5 True @@ -1648,46 +1735,26 @@ - - True - True - Exit or restart after n seconds pass without reception of a ping or other packet from remote. -config: ping-exit | ping-restart <n> - model8 - - - - 0 - - - - - False - False - 1 - - - - + True True - Exit or restart after n seconds pass without reception of a ping or other packet from remote. -config: ping-exit | ping-restart <n> - adjustment8 + Specify the maximum number of routes the server is allowed to specify. +config: max-routes <n> + adjustment9 1 True False False - 2 + 1 False True - 11 + 12 @@ -1879,11 +1946,11 @@ True True - True Subject or Common Name to verify server certificate information against. config: verify-x509-name subject-or-name [mode] config (legacy mode): tls-remote subject-or-name + True 1 @@ -1908,15 +1975,17 @@ True False - True Verify server certificate identification. When enabled, connection will only succeed if the server certificate matches some expected properties. Matching can either apply to the whole certificate subject (all the fields), or just the Common Name (CN field). +The legacy option tls-remote is deprecated and removed from OpenVPN 2.4 and newer. Do not use it anymore. + config: verify-x509-name subject-or-name [mode] config (legacy mode): tls-remote subject-or-name + True model9 @@ -1930,9 +1999,6 @@ 0 - - - True @@ -2081,23 +2147,6 @@ 6 12 - - Use additional _TLS authentication - False - True - True - False - Add an additional layer of HMAC authentication. - True - 0 - True - - - 0 - 0 - - - True False @@ -2117,7 +2166,7 @@ 0 - 1 + 2 @@ -2130,7 +2179,7 @@ 1 - 0 + 1 @@ -2138,7 +2187,7 @@ True False Direction parameter for static key mode. -If key direction is used, it must be the opposite of that used on the VPN peer. For example, if the peer uses '1', this connection must use '0'. If you are unsure what value to use, contact your system administrator. +If key direction is used, it must be the opposite of that used on the VPN peer. For example, if the peer uses “1”, this connection must use “0”. If you are unsure what value to use, contact your system administrator. config: tls-auth <file> [direction] model5 @@ -2150,7 +2199,7 @@ 1 - 1 + 2 @@ -2164,6 +2213,37 @@ 0 + 1 + + + + + True + False + Mode + + + 0 + 0 + + + + + True + False + model10 + 0 + Add an additional layer of encryption or HMAC authentication. + 0 + + + + 0 + + + + + 1 0 @@ -2173,6 +2253,20 @@ 1 + + + True + False + start + start + Additional TLS authentication or encryption + Add an additional layer of encryption or HMAC authentication. + + + 0 + 0 + + True @@ -2460,6 +2554,75 @@ False + + + True + False + 12 + vertical + 6 + + + True + False + 6 + + + Path mtu discovery + True + True + False + True + + + False + True + 1 + + + + + True + False + model11 + 0 + 0 + + + + 0 + + + + + False + True + 2 + + + + + False + True + 0 + + + + + 4 + + + + + True + False + Misc + + + 4 + False + + False diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/properties/tests/conf/Makefile.am network-manager-openvpn-1.2.10/properties/tests/conf/Makefile.am --- network-manager-openvpn-1.2.6/properties/tests/conf/Makefile.am 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/properties/tests/conf/Makefile.am 1970-01-01 01:00:00.000000000 +0100 @@ -1,26 +0,0 @@ -EXTRA_DIST = \ - iso885915.ovpn \ - password.conf \ - pkcs12.ovpn \ - port.ovpn \ - rport.ovpn \ - static.key \ - static.ovpn \ - tls.ovpn \ - tun-opts.conf \ - proxy-http.ovpn \ - httpauthfile \ - proxy-socks.ovpn \ - proxy-http-with-auth.ovpn \ - keysize.ovpn \ - device.ovpn \ - device-notype.ovpn \ - keepalive.ovpn \ - ping-with-exit.ovpn \ - ping-with-restart.ovpn \ - route.ovpn \ - tls-inline.ovpn \ - tls-inline-ca.pem \ - tls-inline-cert.pem \ - tls-inline-key.pem \ - tls-inline-ta.pem diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/properties/tests/conf/mtu-disc.ovpn network-manager-openvpn-1.2.10/properties/tests/conf/mtu-disc.ovpn --- network-manager-openvpn-1.2.6/properties/tests/conf/mtu-disc.ovpn 1970-01-01 01:00:00.000000000 +0100 +++ network-manager-openvpn-1.2.10/properties/tests/conf/mtu-disc.ovpn 2017-05-16 19:29:15.000000000 +0200 @@ -0,0 +1,28 @@ +client +dev company0 +dev-type tun +proto tcp +topology subnet +remote miami.proxpn.com 443 +resolv-retry infinite +nobind +persist-key +persist-tun +user openvpn +group openvpn +comp-lzo +tun-mtu 1500 +mssfix 1450 +auth-user-pass +auth-nocache +reneg-sec 0 + +cd /etc/openvpn +ca CompanyISCA.pem +cipher AES-256-CBC +reneg-sec 0 +mtu-disc yes + +ping 30 +ping-exit 120 +verb 4 diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/properties/tests/conf/tls2.ovpn network-manager-openvpn-1.2.10/properties/tests/conf/tls2.ovpn --- network-manager-openvpn-1.2.6/properties/tests/conf/tls2.ovpn 1970-01-01 01:00:00.000000000 +0100 +++ network-manager-openvpn-1.2.10/properties/tests/conf/tls2.ovpn 2017-05-16 19:29:15.000000000 +0200 @@ -0,0 +1,26 @@ +remote 173.8.149.245 1194 +resolv-retry infinite + +dev tun +persist-key +persist-tun +link-mtu 1400 +proto udp +nobind +pull +tls-client + +float + +ca keys/mg8.ca +cert keys/clee.crt +key keys/clee.key + +tls-crypt keys/46.key +remote-cert-tls server +tls-remote "/CN=myvpn.company.com" +verify-x509-name "C=US, L=Cambridge, CN=GNOME, emailAddress=networkmanager-list@gnome.org" subject + +comp-lzo +verb 3 + diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/properties/tests/Makefile.am network-manager-openvpn-1.2.10/properties/tests/Makefile.am --- network-manager-openvpn-1.2.6/properties/tests/Makefile.am 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/properties/tests/Makefile.am 1970-01-01 01:00:00.000000000 +0100 @@ -1,56 +0,0 @@ -SUBDIRS = conf - -AM_CFLAGS = \ - -I${top_srcdir}/shared \ - -I${top_srcdir}/properties \ - -DTEST_SRCDIR="\"$(abs_srcdir)\"" \ - -DTEST_BUILDDIR="\"$(abs_builddir)\"" - -noinst_PROGRAMS = \ - test-import-export -if WITH_LIBNM_GLIB -noinst_PROGRAMS += test-import-export-glib -endif - - -test_import_export_SOURCES = \ - test-import-export.c - -test_import_export_CPPFLAGS = \ - $(GLIB_CFLAGS) \ - $(GTK_CFLAGS) \ - $(LIBNM_CFLAGS) \ - $(LIBNMA_CFLAGS) - -test_import_export_LDADD = \ - $(GTHREAD_LIBS) \ - $(GTK_LIBS) \ - $(LIBNM_LIBS) \ - $(LIBNMA_LIBS) \ - $(top_builddir)/properties/libnm-vpn-plugin-openvpn-test.la - - -test_import_export_glib_SOURCES = \ - test-import-export.c - -test_import_export_glib_CPPFLAGS = \ - -DNM_VPN_OLD \ - $(GLIB_CFLAGS) \ - $(GTK_CFLAGS) \ - $(LIBNM_GLIB_CFLAGS) \ - $(LIBNM_GTK_CFLAGS) - -test_import_export_glib_LDADD = \ - $(GTHREAD_LIBS) \ - $(GTK_LIBS) \ - $(LIBNM_GLIB_LIBS) \ - $(LIBNM_GTK_LIBS) \ - $(top_builddir)/properties/libnm-openvpn-properties-test.la - - -TESTS = \ - test-import-export -if WITH_LIBNM_GLIB -TESTS += test-import-export-glib -endif - diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/properties/tests/test-import-export.c network-manager-openvpn-1.2.10/properties/tests/test-import-export.c --- network-manager-openvpn-1.2.6/properties/tests/test-import-export.c 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/properties/tests/test-import-export.c 2017-05-16 19:29:15.000000000 +0200 @@ -34,7 +34,12 @@ #include "nm-utils/nm-test-utils.h" #define SRCDIR TEST_SRCDIR"/conf" -#define TMPDIR TEST_BUILDDIR"/conf-tmp" + +#ifdef NM_VPN_OLD +#define TMPDIR TEST_BUILDDIR"/conf-tmp-old" +#else +#define TMPDIR TEST_BUILDDIR"/conf-tmp-new" +#endif /*****************************************************************************/ @@ -171,9 +176,8 @@ g_slist_free (keys); } -#define PASSWORD_EXPORTED_NAME "password.ovpntest" static void -test_password_export (void) +test_export_compare (gconstpointer test_data) { _CREATE_PLUGIN (plugin); NMConnection *connection; @@ -181,17 +185,20 @@ char *path; gboolean success; GError *error = NULL; + const char *file, *exported_name; - connection = get_basic_connection (plugin, SRCDIR, "password.conf"); + nmtst_test_data_unpack (test_data, &file, &exported_name); + + connection = get_basic_connection (plugin, SRCDIR, file); g_assert (connection); - path = g_build_path ("/", TMPDIR, PASSWORD_EXPORTED_NAME, NULL); + path = g_build_path ("/", TMPDIR, exported_name, NULL); success = nm_vpn_editor_plugin_export (plugin, path, connection, &error); g_assert_no_error (error); g_assert (success); /* Now re-import it and compare the connections to ensure they are the same */ - reimported = get_basic_connection (plugin, TMPDIR, PASSWORD_EXPORTED_NAME); + reimported = get_basic_connection (plugin, TMPDIR, exported_name); (void) unlink (path); g_assert (reimported); @@ -273,6 +280,71 @@ } static void +test_tls_import_2 (void) +{ + _CREATE_PLUGIN (plugin); + NMConnection *connection; + NMSettingConnection *s_con; + NMSettingVpn *s_vpn; + char *expected_path; + + connection = get_basic_connection (plugin, SRCDIR, "tls2.ovpn"); + g_assert (connection); + + /* Connection setting */ + s_con = nm_connection_get_setting_connection (connection); + g_assert (s_con); + g_assert_cmpstr (nm_setting_connection_get_id (s_con), ==, "tls2"); + g_assert (!nm_setting_connection_get_uuid (s_con)); + + /* VPN setting */ + s_vpn = nm_connection_get_setting_vpn (connection); + g_assert (s_vpn); + + /* Data items */ + _check_item (s_vpn, NM_OPENVPN_KEY_CONNECTION_TYPE, NM_OPENVPN_CONTYPE_TLS); + _check_item (s_vpn, NM_OPENVPN_KEY_DEV, "tun"); + _check_item (s_vpn, NM_OPENVPN_KEY_PROTO_TCP, NULL); + _check_item (s_vpn, NM_OPENVPN_KEY_COMP_LZO, "adaptive"); + _check_item (s_vpn, NM_OPENVPN_KEY_FLOAT, "yes"); + _check_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS, NULL); + _check_item (s_vpn, NM_OPENVPN_KEY_REMOTE, "173.8.149.245:1194"); + _check_item (s_vpn, NM_OPENVPN_KEY_PORT, NULL); + _check_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY, NULL); + _check_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY_DIRECTION, NULL); + _check_item (s_vpn, NM_OPENVPN_KEY_CIPHER, NULL); + _check_item (s_vpn, NM_OPENVPN_KEY_LOCAL_IP, NULL); + _check_item (s_vpn, NM_OPENVPN_KEY_REMOTE_IP, NULL); + _check_item (s_vpn, NM_OPENVPN_KEY_AUTH, NULL); + _check_item (s_vpn, NM_OPENVPN_KEY_TLS_REMOTE, "/CN=myvpn.company.com"); + _check_item (s_vpn, NM_OPENVPN_KEY_VERIFY_X509_NAME, + "subject:C=US, L=Cambridge, CN=GNOME, emailAddress=networkmanager-list@gnome.org"); + _check_item (s_vpn, NM_OPENVPN_KEY_REMOTE_CERT_TLS, "server"); + + expected_path = g_strdup_printf ("%s/keys/mg8.ca", SRCDIR); + _check_item (s_vpn, NM_OPENVPN_KEY_CA, expected_path); + g_free (expected_path); + + expected_path = g_strdup_printf ("%s/keys/clee.crt", SRCDIR); + _check_item (s_vpn, NM_OPENVPN_KEY_CERT, expected_path); + g_free (expected_path); + + expected_path = g_strdup_printf ("%s/keys/clee.key", SRCDIR); + _check_item (s_vpn, NM_OPENVPN_KEY_KEY, expected_path); + g_free (expected_path); + + expected_path = g_strdup_printf ("%s/keys/46.key", SRCDIR); + _check_item (s_vpn, NM_OPENVPN_KEY_TLS_CRYPT, expected_path); + g_free (expected_path); + + /* Secrets */ + _check_secret (s_vpn, NM_OPENVPN_KEY_PASSWORD, NULL); + _check_secret (s_vpn, NM_OPENVPN_KEY_CERTPASS, NULL); + + g_object_unref (connection); +} + +static void test_file_contents (const char *id, const char *dir, NMSettingVpn *s_vpn, @@ -358,42 +430,6 @@ g_object_unref (connection); } - -#define TLS_EXPORTED_NAME "tls.ovpntest" -static void -test_tls_export (void) -{ - _CREATE_PLUGIN (plugin); - NMConnection *connection; - NMConnection *reimported; - char *path; - gboolean success; - GError *error = NULL; - - connection = get_basic_connection (plugin, SRCDIR, "tls.ovpn"); - g_assert (connection); - - path = g_build_path ("/", TMPDIR, TLS_EXPORTED_NAME, NULL); - success = nm_vpn_editor_plugin_export (plugin, path, connection, &error); - g_assert_no_error (error); - g_assert (success); - - /* Now re-import it and compare the connections to ensure they are the same */ - reimported = get_basic_connection (plugin, TMPDIR, TLS_EXPORTED_NAME); - (void) unlink (path); - g_assert (reimported); - - /* Clear secrets first, since they don't get exported, and thus would - * make the connection comparison below fail. - */ - remove_secrets (connection); - g_assert (nm_connection_compare (connection, reimported, NM_SETTING_COMPARE_FLAG_EXACT)); - - g_object_unref (reimported); - g_object_unref (connection); - g_free (path); -} - static void test_pkcs12_import (void) { @@ -452,41 +488,6 @@ g_object_unref (connection); } -#define PKCS12_EXPORTED_NAME "pkcs12.ovpntest" -static void -test_pkcs12_export (void) -{ - _CREATE_PLUGIN (plugin); - NMConnection *connection; - NMConnection *reimported; - char *path; - gboolean success; - GError *error = NULL; - - connection = get_basic_connection (plugin, SRCDIR, "pkcs12.ovpn"); - g_assert (connection); - - path = g_build_path ("/", TMPDIR, PKCS12_EXPORTED_NAME, NULL); - success = nm_vpn_editor_plugin_export (plugin, path, connection, &error); - g_assert_no_error (error); - g_assert (success); - - /* Now re-import it and compare the connections to ensure they are the same */ - reimported = get_basic_connection (plugin, TMPDIR, PKCS12_EXPORTED_NAME); - (void) unlink (path); - g_assert (reimported); - - /* Clear secrets first, since they don't get exported, and thus would - * make the connection comparison below fail. - */ - remove_secrets (connection); - g_assert (nm_connection_compare (connection, reimported, NM_SETTING_COMPARE_FLAG_EXACT)); - - g_object_unref (reimported); - g_object_unref (connection); - g_free (path); -} - static void test_non_utf8_import (void) { @@ -572,41 +573,6 @@ g_object_unref (connection); } -#define STATIC_KEY_EXPORTED_NAME "static.ovpntest" -static void -test_static_key_export (void) -{ - _CREATE_PLUGIN (plugin); - NMConnection *connection; - NMConnection *reimported; - char *path; - gboolean success; - GError *error = NULL; - - connection = get_basic_connection (plugin, SRCDIR, "static.ovpn"); - g_assert (connection); - - path = g_build_path ("/", TMPDIR, STATIC_KEY_EXPORTED_NAME, NULL); - success = nm_vpn_editor_plugin_export (plugin, path, connection, &error); - g_assert_no_error (error); - g_assert (success); - - /* Now re-import it and compare the connections to ensure they are the same */ - reimported = get_basic_connection (plugin, TMPDIR, STATIC_KEY_EXPORTED_NAME); - (void) unlink (path); - g_assert (reimported); - - /* Clear secrets first, since they don't get exported, and thus would - * make the connection comparison below fail. - */ - remove_secrets (connection); - g_assert (nm_connection_compare (connection, reimported, NM_SETTING_COMPARE_FLAG_EXACT)); - - g_object_unref (reimported); - g_object_unref (connection); - g_free (path); -} - static void test_port_import (gconstpointer test_data) { @@ -668,43 +634,6 @@ } static void -test_port_export (gconstpointer test_data) -{ - _CREATE_PLUGIN (plugin); - NMConnection *connection; - NMConnection *reimported; - char *path; - gboolean success; - GError *error = NULL; - const char *file, *exported_name; - - nmtst_test_data_unpack (test_data, &file, &exported_name); - - connection = get_basic_connection (plugin, SRCDIR, file); - g_assert (connection); - - path = g_build_path ("/", TMPDIR, exported_name, NULL); - success = nm_vpn_editor_plugin_export (plugin, path, connection, &error); - g_assert_no_error (error); - g_assert (success); - - /* Now re-import it and compare the connections to ensure they are the same */ - reimported = get_basic_connection (plugin, TMPDIR, exported_name); - (void) unlink (path); - g_assert (reimported); - - /* Clear secrets first, since they don't get exported, and thus would - * make the connection comparison below fail. - */ - remove_secrets (connection); - g_assert (nm_connection_compare (connection, reimported, NM_SETTING_COMPARE_FLAG_EXACT)); - - g_object_unref (reimported); - g_object_unref (connection); - g_free (path); -} - -static void test_tun_opts_import (void) { _CREATE_PLUGIN (plugin); @@ -726,41 +655,6 @@ g_object_unref (connection); } -#define TUNOPTS_EXPORTED_NAME "tun-opts.ovpntest" -static void -test_tun_opts_export (void) -{ - _CREATE_PLUGIN (plugin); - NMConnection *connection; - NMConnection *reimported; - char *path; - gboolean success; - GError *error = NULL; - - connection = get_basic_connection (plugin, SRCDIR, "tun-opts.conf"); - g_assert (connection); - - path = g_build_path ("/", TMPDIR, TUNOPTS_EXPORTED_NAME, NULL); - success = nm_vpn_editor_plugin_export (plugin, path, connection, &error); - g_assert_no_error (error); - g_assert (success); - - /* Now re-import it and compare the connections to ensure they are the same */ - reimported = get_basic_connection (plugin, TMPDIR, TUNOPTS_EXPORTED_NAME); - (void) unlink (path); - g_assert (reimported); - - /* Clear secrets first, since they don't get exported, and thus would - * make the connection comparison below fail. - */ - remove_secrets (connection); - g_assert (nm_connection_compare (connection, reimported, NM_SETTING_COMPARE_FLAG_EXACT)); - - g_object_unref (reimported); - g_object_unref (connection); - g_free (path); -} - static void test_proxy_http_import (void) { @@ -924,41 +818,6 @@ g_object_unref (connection); } -#define PROXY_SOCKS_EXPORTED_NAME "proxy-socks.ovpntest" -static void -test_proxy_socks_export (void) -{ - _CREATE_PLUGIN (plugin); - NMConnection *connection; - NMConnection *reimported; - char *path; - gboolean success; - GError *error = NULL; - - connection = get_basic_connection (plugin, SRCDIR, "proxy-socks.ovpn"); - g_assert (connection); - - path = g_build_path ("/", TMPDIR, PROXY_SOCKS_EXPORTED_NAME, NULL); - success = nm_vpn_editor_plugin_export (plugin, path, connection, &error); - g_assert_no_error (error); - g_assert (success); - - /* Now re-import it and compare the connections to ensure they are the same */ - reimported = get_basic_connection (plugin, TMPDIR, PROXY_SOCKS_EXPORTED_NAME); - (void) unlink (path); - g_assert (reimported); - - /* Clear secrets first, since they don't get exported, and thus would - * make the connection comparison below fail. - */ - remove_secrets (connection); - g_assert (nm_connection_compare (connection, reimported, NM_SETTING_COMPARE_FLAG_EXACT)); - - g_object_unref (reimported); - g_object_unref (connection); - g_free (path); -} - static void test_keysize_import (void) { @@ -979,41 +838,6 @@ g_object_unref (connection); } -#define KEYSIZE_EXPORTED_NAME "keysize.ovpntest" -static void -test_keysize_export (void) -{ - _CREATE_PLUGIN (plugin); - NMConnection *connection; - NMConnection *reimported; - char *path; - gboolean success; - GError *error = NULL; - - connection = get_basic_connection (plugin, SRCDIR, "keysize.ovpn"); - g_assert (connection); - - path = g_build_path ("/", TMPDIR, KEYSIZE_EXPORTED_NAME, NULL); - success = nm_vpn_editor_plugin_export (plugin, path, connection, &error); - g_assert_no_error (error); - g_assert (success); - - /* Now re-import it and compare the connections to ensure they are the same */ - reimported = get_basic_connection (plugin, TMPDIR, KEYSIZE_EXPORTED_NAME); - (void) unlink (path); - g_assert (reimported); - - /* Clear secrets first, since they don't get exported, and thus would - * make the connection comparison below fail. - */ - remove_secrets (connection); - g_assert (nm_connection_compare (connection, reimported, NM_SETTING_COMPARE_FLAG_EXACT)); - - g_object_unref (reimported); - g_object_unref (connection); - g_free (path); -} - static void test_device_import (gconstpointer test_data) { @@ -1039,40 +863,26 @@ } static void -test_device_export (gconstpointer test_data) +test_mtu_disc_import (gconstpointer test_data) { _CREATE_PLUGIN (plugin); NMConnection *connection; - NMConnection *reimported; - char *path; - gboolean success; - GError *error = NULL; - const char *file, *exported_name; + NMSettingVpn *s_vpn; + const char *file, *expected_val; - nmtst_test_data_unpack (test_data, &file, &exported_name); + nmtst_test_data_unpack (test_data, &file, &expected_val); connection = get_basic_connection (plugin, SRCDIR, file); g_assert (connection); - path = g_build_path ("/", TMPDIR, exported_name, NULL); - success = nm_vpn_editor_plugin_export (plugin, path, connection, &error); - g_assert_no_error (error); - g_assert (success); - - /* Now re-import it and compare the connections to ensure they are the same */ - reimported = get_basic_connection (plugin, TMPDIR, exported_name); - (void) unlink (path); - g_assert (reimported); + /* VPN setting */ + s_vpn = nm_connection_get_setting_vpn (connection); + g_assert (s_vpn); - /* Clear secrets first, since they don't get exported, and thus would - * make the connection comparison below fail. - */ - remove_secrets (connection); - g_assert (nm_connection_compare (connection, reimported, NM_SETTING_COMPARE_FLAG_EXACT)); + /* Data items */ + _check_item (s_vpn, NM_OPENVPN_KEY_MTU_DISC, expected_val); - g_object_unref (reimported); g_object_unref (connection); - g_free (path); } static void @@ -1177,41 +987,6 @@ g_object_unref (connection); } -#define ROUTE_EXPORTED_NAME "route.ovpntest" -static void -test_route_export (void) -{ - _CREATE_PLUGIN (plugin); - NMConnection *connection; - NMConnection *reimported; - char *path; - gboolean success; - GError *error = NULL; - - connection = get_basic_connection (plugin, SRCDIR, "route.ovpn"); - g_assert (connection); - - path = g_build_path ("/", TMPDIR, ROUTE_EXPORTED_NAME, NULL); - success = nm_vpn_editor_plugin_export (plugin, path, connection, &error); - g_assert_no_error (error); - g_assert (success); - - /* Now re-import it and compare the connections to ensure they are the same */ - reimported = get_basic_connection (plugin, TMPDIR, ROUTE_EXPORTED_NAME); - (void) unlink (path); - g_assert (reimported); - - /* Clear secrets first, since they don't get exported, and thus would - * make the connection comparison below fail. - */ - remove_secrets (connection); - g_assert (nm_connection_compare (connection, reimported, NM_SETTING_COMPARE_FLAG_EXACT)); - - g_object_unref (reimported); - g_object_unref (connection); - g_free (path); -} - /*****************************************************************************/ static void @@ -1395,37 +1170,40 @@ #define _add_test_func(detail, func, ...) nmtst_add_test_func ("/ovpn/properties/" detail, func, ##__VA_ARGS__) _add_test_func_simple (test_password_import); - _add_test_func_simple (test_password_export); + _add_test_func ("password-export", test_export_compare, "password.conf", "password.ovpntest"); _add_test_func_simple (test_tls_import); _add_test_func_simple (test_tls_inline_import); - _add_test_func_simple (test_tls_export); + _add_test_func ("tls-export", test_export_compare, "tls.ovpn", "tls.ovpntest"); + + _add_test_func_simple (test_tls_import_2); + _add_test_func ("tls2-export", test_export_compare, "tls2.ovpn", "tls2.ovpntest"); _add_test_func_simple (test_pkcs12_import); - _add_test_func_simple (test_pkcs12_export); + _add_test_func ("pkcs12-export", test_export_compare, "pkcs12.ovpn", "pkcs12.ovpntest"); _add_test_func_simple (test_non_utf8_import); _add_test_func_simple (test_static_key_import); - _add_test_func_simple (test_static_key_export); + _add_test_func ("static", test_export_compare, "static.ovpn", "static.ovpntest"); _add_test_func ("port-import", test_port_import, "port.ovpn", "port", "2345"); - _add_test_func ("port-export", test_port_export, "port.ovpn", "port.ovpntest"); + _add_test_func ("port-export", test_export_compare, "port.ovpn", "port.ovpntest"); _add_test_func ("rport-import", test_port_import, "rport.ovpn", "rport", "6789"); - _add_test_func ("rport-export", test_port_export, "rport.ovpn", "rport.ovpntest"); + _add_test_func ("rport-export", test_export_compare, "rport.ovpn", "rport.ovpntest"); _add_test_func_simple (test_tun_opts_import); - _add_test_func_simple (test_tun_opts_export); + _add_test_func ("tun-opts-export", test_export_compare, "tun-opts.conf", "tun-opts.ovpntest"); _add_test_func ("ping-with-exit-import", test_ping_import, "ping-with-exit.ovpn", "10", "120", NULL); _add_test_func ("ping-with-restart-import", test_ping_import, "ping-with-restart.ovpn", "10", NULL, "30"); - _add_test_func ("ping-with-exit-export", test_port_export, "ping-with-exit.ovpn", "ping-with-exit.ovpntest"); - _add_test_func ("ping-with-restart-export", test_port_export, "ping-with-restart.ovpn", "ping-with-restart.ovpntest"); + _add_test_func ("ping-with-exit-export", test_export_compare, "ping-with-exit.ovpn", "ping-with-exit.ovpntest"); + _add_test_func ("ping-with-restart-export", test_export_compare, "ping-with-restart.ovpn", "ping-with-restart.ovpntest"); _add_test_func ("keepalive-import", test_ping_import, "keepalive.ovpn", "10", NULL, "30"); - _add_test_func ("keepalive-export", test_port_export, "keepalive.ovpn", "keepalive.ovpntest"); + _add_test_func ("keepalive-export", test_export_compare, "keepalive.ovpn", "keepalive.ovpntest"); _add_test_func_simple (test_proxy_http_import); _add_test_func_simple (test_proxy_http_export); @@ -1433,19 +1211,22 @@ _add_test_func_simple (test_proxy_http_with_auth_import); _add_test_func_simple (test_proxy_socks_import); - _add_test_func_simple (test_proxy_socks_export); + _add_test_func ("proxy-socks-export", test_export_compare, "proxy-socks.ovpn", "proxy-socks.ovpntest"); _add_test_func_simple (test_keysize_import); - _add_test_func_simple (test_keysize_export); + _add_test_func ("keysize-export", test_export_compare, "keysize.ovpn", "keysize.ovpntest"); _add_test_func ("device-import-default", test_device_import, "device.ovpn", "company0", "tun"); - _add_test_func ("device-export-default", test_device_export, "device.ovpn", "device.ovpntest"); + _add_test_func ("device-export-default", test_export_compare, "device.ovpn", "device.ovpntest"); _add_test_func ("device-import-notype", test_device_import, "device-notype.ovpn", "tap", NULL); - _add_test_func ("device-export-notype", test_device_export, "device-notype.ovpn", "device-notype.ovpntest"); + _add_test_func ("device-export-notype", test_export_compare, "device-notype.ovpn", "device-notype.ovpntest"); + + _add_test_func ("mtu-disc-import", test_mtu_disc_import, "mtu-disc.ovpn", "yes"); + _add_test_func ("mtu-disc-export", test_export_compare, "mtu-disc.ovpn", "mtu-disc.ovpntest"); _add_test_func_simple (test_route_import); - _add_test_func_simple (test_route_export); + _add_test_func ("route-export", test_export_compare, "route.ovpn", "route.ovpntest"); _add_test_func_simple (test_args_parse_line); diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/shared/Makefile.am network-manager-openvpn-1.2.10/shared/Makefile.am --- network-manager-openvpn-1.2.6/shared/Makefile.am 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/shared/Makefile.am 1970-01-01 01:00:00.000000000 +0100 @@ -1,13 +0,0 @@ -EXTRA_DIST = \ - README \ - nm-utils/gsystem-local-alloc.h \ - nm-utils/nm-glib.h \ - nm-utils/nm-macros-internal.h \ - nm-utils/nm-shared-utils.c \ - nm-utils/nm-shared-utils.h \ - nm-utils/nm-test-utils.h \ - nm-default.h \ - nm-service-defines.h \ - utils.c \ - utils.h \ - $(NULL) diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/shared/nm-service-defines.h network-manager-openvpn-1.2.10/shared/nm-service-defines.h --- network-manager-openvpn-1.2.6/shared/nm-service-defines.h 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/shared/nm-service-defines.h 2017-05-16 19:29:15.000000000 +0200 @@ -40,6 +40,7 @@ #define NM_OPENVPN_KEY_KEY "key" #define NM_OPENVPN_KEY_LOCAL_IP "local-ip" /* ??? */ #define NM_OPENVPN_KEY_MSSFIX "mssfix" +#define NM_OPENVPN_KEY_MTU_DISC "mtu-disc" #define NM_OPENVPN_KEY_NS_CERT_TYPE "ns-cert-type" #define NM_OPENVPN_KEY_PING "ping" #define NM_OPENVPN_KEY_PING_EXIT "ping-exit" @@ -65,6 +66,7 @@ #define NM_OPENVPN_KEY_DEV_TYPE "dev-type" #define NM_OPENVPN_KEY_TUN_IPV6 "tun-ipv6" #define NM_OPENVPN_KEY_TLS_CIPHER "tls-cipher" +#define NM_OPENVPN_KEY_TLS_CRYPT "tls-crypt" #define NM_OPENVPN_KEY_TLS_REMOTE "tls-remote" #define NM_OPENVPN_KEY_VERIFY_X509_NAME "verify-x509-name" #define NM_OPENVPN_KEY_REMOTE_CERT_TLS "remote-cert-tls" diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/shared/nm-utils/nm-glib.h network-manager-openvpn-1.2.10/shared/nm-utils/nm-glib.h --- network-manager-openvpn-1.2.6/shared/nm-utils/nm-glib.h 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/shared/nm-utils/nm-glib.h 2017-03-06 19:32:12.000000000 +0100 @@ -134,14 +134,17 @@ /* Rumtime check for glib version. First do a compile time check which * (if satisfied) shortcuts the runtime check. */ -#define nm_glib_check_version(major, minor, micro) \ - ( GLIB_CHECK_VERSION ((major), (minor), (micro)) \ - || ( ( glib_major_version > (major)) \ - || ( glib_major_version == (major) \ - && glib_minor_version > (minor)) \ - || ( glib_major_version == (major) \ - && glib_minor_version == (minor) \ - && glib_micro_version >= (micro)))) +inline static gboolean +nm_glib_check_version (guint major, guint minor, guint micro) +{ + return GLIB_CHECK_VERSION (major, minor, micro) + || ( ( glib_major_version > major) + || ( glib_major_version == major + && glib_minor_version > minor) + || ( glib_major_version == major + && glib_minor_version == minor + && glib_micro_version < micro)); +} /* g_test_skip() is only available since glib 2.38. Add a compatibility wrapper. */ inline static void @@ -313,14 +316,14 @@ #if GLIB_CHECK_VERSION (2, 36, 0) #define g_credentials_get_unix_pid(creds, error) \ - G_GNUC_EXTENSION ({ \ + ({ \ G_GNUC_BEGIN_IGNORE_DEPRECATIONS \ (g_credentials_get_unix_pid) ((creds), (error)); \ G_GNUC_END_IGNORE_DEPRECATIONS \ }) #else #define g_credentials_get_unix_pid(creds, error) \ - G_GNUC_EXTENSION ({ \ + ({ \ struct ucred *native_creds; \ \ native_creds = g_credentials_get_native ((creds), G_CREDENTIALS_TYPE_LINUX_UCRED); \ @@ -357,12 +360,12 @@ #endif #if !GLIB_CHECK_VERSION(2, 40, 0) #define g_hash_table_get_keys_as_array(hash_table, length) \ - G_GNUC_EXTENSION ({ \ + ({ \ _nm_g_hash_table_get_keys_as_array (hash_table, length); \ }) #else #define g_hash_table_get_keys_as_array(hash_table, length) \ - G_GNUC_EXTENSION ({ \ + ({ \ G_GNUC_BEGIN_IGNORE_DEPRECATIONS \ (g_hash_table_get_keys_as_array) ((hash_table), (length)); \ G_GNUC_END_IGNORE_DEPRECATIONS \ @@ -394,4 +397,59 @@ (0 ? (*(pp)) : (g_steal_pointer) (pp)) #endif + +static inline gboolean +_nm_g_strv_contains (const gchar * const *strv, + const gchar *str) +{ +#if !GLIB_CHECK_VERSION(2, 44, 0) + g_return_val_if_fail (strv != NULL, FALSE); + g_return_val_if_fail (str != NULL, FALSE); + + for (; *strv != NULL; strv++) { + if (g_str_equal (str, *strv)) + return TRUE; + } + + return FALSE; +#else + G_GNUC_BEGIN_IGNORE_DEPRECATIONS + return g_strv_contains (strv, str); + G_GNUC_END_IGNORE_DEPRECATIONS +#endif +} +#define g_strv_contains _nm_g_strv_contains + +static inline GVariant * +_nm_g_variant_new_take_string (gchar *string) +{ +#if !GLIB_CHECK_VERSION(2, 36, 0) + GVariant *value; + + g_return_val_if_fail (string != NULL, NULL); + g_return_val_if_fail (g_utf8_validate (string, -1, NULL), NULL); + + value = g_variant_new_string (string); + g_free (string); + return value; +#elif !GLIB_CHECK_VERSION(2, 38, 0) + GVariant *value; + GBytes *bytes; + + g_return_val_if_fail (string != NULL, NULL); + g_return_val_if_fail (g_utf8_validate (string, -1, NULL), NULL); + + bytes = g_bytes_new_take (string, strlen (string) + 1); + value = g_variant_new_from_bytes (G_VARIANT_TYPE_STRING, bytes, TRUE); + g_bytes_unref (bytes); + + return value; +#else + G_GNUC_BEGIN_IGNORE_DEPRECATIONS + return g_variant_new_take_string (string); + G_GNUC_END_IGNORE_DEPRECATIONS +#endif +} +#define g_variant_new_take_string _nm_g_variant_new_take_string + #endif /* __NM_GLIB_H__ */ diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/shared/nm-utils/nm-macros-internal.h network-manager-openvpn-1.2.10/shared/nm-utils/nm-macros-internal.h --- network-manager-openvpn-1.2.6/shared/nm-utils/nm-macros-internal.h 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/shared/nm-utils/nm-macros-internal.h 2017-03-06 19:32:12.000000000 +0100 @@ -22,11 +22,13 @@ #ifndef __NM_MACROS_INTERNAL_H__ #define __NM_MACROS_INTERNAL_H__ +#include #include +#include #include "nm-glib.h" -/********************************************************/ +/*****************************************************************************/ #define _nm_packed __attribute__ ((packed)) #define _nm_unused __attribute__ ((unused)) @@ -34,6 +36,8 @@ #define _nm_const __attribute__ ((const)) #define _nm_printf(a,b) __attribute__ ((__format__ (__printf__, a, b))) +#define nm_offsetofend(t,m) (G_STRUCT_OFFSET (t,m) + sizeof (((t *) NULL)->m)) + #define nm_auto(fcn) __attribute__ ((cleanup(fcn))) /** @@ -51,7 +55,46 @@ } #define nm_auto_unset_gvalue nm_auto(_nm_auto_unset_gvalue_impl) -/********************************************************/ +static inline void +_nm_auto_free_gstring_impl (GString **str) +{ + if (*str) + g_string_free (*str, TRUE); +} +#define nm_auto_free_gstring nm_auto(_nm_auto_free_gstring_impl) + +static inline void +_nm_auto_close_impl (int *pfd) +{ + if (*pfd >= 0) { + int errsv = errno; + + (void) close (*pfd); + errno = errsv; + } +} +#define nm_auto_close nm_auto(_nm_auto_close_impl) + +static inline void +_nm_auto_fclose_impl (FILE **pfd) +{ + if (*pfd) { + int errsv = errno; + + (void) fclose (*pfd); + errno = errsv; + } +} +#define nm_auto_fclose nm_auto(_nm_auto_fclose_impl) + +static inline void +_nm_auto_protect_errno (int *p_saved_errno) +{ + errno = *p_saved_errno; +} +#define NM_AUTO_PROTECT_ERRNO(errsv_saved) nm_auto(_nm_auto_protect_errno) _nm_unused const int errsv_saved = (errno) + +/*****************************************************************************/ /* http://stackoverflow.com/a/11172679 */ #define _NM_UTILS_MACRO_FIRST(...) __NM_UTILS_MACRO_FIRST_HELPER(__VA_ARGS__, throwaway) @@ -70,7 +113,7 @@ TWOORMORE, TWOORMORE, TWOORMORE, ONE, throwaway) #define __NM_UTILS_MACRO_REST_SELECT_20TH(a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20, ...) a20 -/********************************************************/ +/*****************************************************************************/ /* http://stackoverflow.com/a/2124385/354393 */ @@ -95,7 +138,7 @@ 19,18,17,16,15,14,13,12,11,10, \ 9,8,7,6,5,4,3,2,1,0 -/********************************************************/ +/*****************************************************************************/ #if defined (__GNUC__) #define _NM_PRAGMA_WARNING_DO(warning) G_STRINGIFY(GCC diagnostic ignored warning) @@ -131,7 +174,7 @@ #define NM_PRAGMA_WARNING_REENABLE #endif -/********************************************************/ +/*****************************************************************************/ /** * NM_G_ERROR_MSG: @@ -151,11 +194,16 @@ return error ? (error->message ? : "(null)") : "(no-error)"; \ } -/********************************************************/ +/*****************************************************************************/ /* macro to return strlen() of a compile time string. */ #define NM_STRLEN(str) ( sizeof ("" str) - 1 ) +/* Note: @value is only evaluated when *out_val is present. + * Thus, + * NM_SET_OUT (out_str, g_strdup ("hallo")); + * does the right thing. + */ #define NM_SET_OUT(out_val, value) \ G_STMT_START { \ typeof(*(out_val)) *_out_val = (out_val); \ @@ -165,47 +213,26 @@ } \ } G_STMT_END -/********************************************************/ - -#define _NM_IN_SET_EVAL_1(op, _x, y1) \ - (_x == (y1)) +/*****************************************************************************/ -#define _NM_IN_SET_EVAL_2(op, _x, y1, y2) \ - ( (_x == (y1)) \ - op (_x == (y2)) \ - ) - -#define _NM_IN_SET_EVAL_3(op, _x, y1, y2, y3) \ - ( (_x == (y1)) \ - op (_x == (y2)) \ - op (_x == (y3)) \ - ) - -#define _NM_IN_SET_EVAL_4(op, _x, y1, y2, y3, y4) \ - ( (_x == (y1)) \ - op (_x == (y2)) \ - op (_x == (y3)) \ - op (_x == (y4)) \ - ) - -#define _NM_IN_SET_EVAL_5(op, _x, y1, y2, y3, y4, y5) \ - ( (_x == (y1)) \ - op (_x == (y2)) \ - op (_x == (y3)) \ - op (_x == (y4)) \ - op (_x == (y5)) \ - ) - -#define _NM_IN_SET_EVAL_6(op, _x, y1, y2, y3, y4, y5, y6) \ - ( (_x == (y1)) \ - op (_x == (y2)) \ - op (_x == (y3)) \ - op (_x == (y4)) \ - op (_x == (y5)) \ - op (_x == (y6)) \ - ) +#define _NM_IN_SET_EVAL_1( op, _x, y) (_x == (y)) +#define _NM_IN_SET_EVAL_2( op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_1 (op, _x, __VA_ARGS__) +#define _NM_IN_SET_EVAL_3( op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_2 (op, _x, __VA_ARGS__) +#define _NM_IN_SET_EVAL_4( op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_3 (op, _x, __VA_ARGS__) +#define _NM_IN_SET_EVAL_5( op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_4 (op, _x, __VA_ARGS__) +#define _NM_IN_SET_EVAL_6( op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_5 (op, _x, __VA_ARGS__) +#define _NM_IN_SET_EVAL_7( op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_6 (op, _x, __VA_ARGS__) +#define _NM_IN_SET_EVAL_8( op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_7 (op, _x, __VA_ARGS__) +#define _NM_IN_SET_EVAL_9( op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_8 (op, _x, __VA_ARGS__) +#define _NM_IN_SET_EVAL_10(op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_9 (op, _x, __VA_ARGS__) +#define _NM_IN_SET_EVAL_11(op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_10 (op, _x, __VA_ARGS__) +#define _NM_IN_SET_EVAL_12(op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_11 (op, _x, __VA_ARGS__) +#define _NM_IN_SET_EVAL_13(op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_12 (op, _x, __VA_ARGS__) +#define _NM_IN_SET_EVAL_14(op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_13 (op, _x, __VA_ARGS__) +#define _NM_IN_SET_EVAL_15(op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_14 (op, _x, __VA_ARGS__) +#define _NM_IN_SET_EVAL_16(op, _x, y, ...) (_x == (y)) op _NM_IN_SET_EVAL_15 (op, _x, __VA_ARGS__) -#define _NM_IN_SET_EVAL_N2(op, _x, n, ...) _NM_IN_SET_EVAL_##n(op, _x, __VA_ARGS__) +#define _NM_IN_SET_EVAL_N2(op, _x, n, ...) (_NM_IN_SET_EVAL_##n(op, _x, __VA_ARGS__)) #define _NM_IN_SET_EVAL_N(op, x, n, ...) \ ({ \ typeof(x) _x = (x); \ @@ -222,7 +249,7 @@ * side-effects. */ #define NM_IN_SET_SE(x, ...) _NM_IN_SET_EVAL_N(|, x, NM_NARG (__VA_ARGS__), __VA_ARGS__) -/********************************************************/ +/*****************************************************************************/ static inline gboolean _NM_IN_STRSET_streq (const char *x, const char *s) @@ -230,45 +257,24 @@ return s && strcmp (x, s) == 0; } -#define _NM_IN_STRSET_EVAL_1(op, _x, y1) \ - _NM_IN_STRSET_streq (_x, y1) +#define _NM_IN_STRSET_EVAL_1( op, _x, y) _NM_IN_STRSET_streq (_x, y) +#define _NM_IN_STRSET_EVAL_2( op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_1 (op, _x, __VA_ARGS__) +#define _NM_IN_STRSET_EVAL_3( op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_2 (op, _x, __VA_ARGS__) +#define _NM_IN_STRSET_EVAL_4( op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_3 (op, _x, __VA_ARGS__) +#define _NM_IN_STRSET_EVAL_5( op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_4 (op, _x, __VA_ARGS__) +#define _NM_IN_STRSET_EVAL_6( op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_5 (op, _x, __VA_ARGS__) +#define _NM_IN_STRSET_EVAL_7( op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_6 (op, _x, __VA_ARGS__) +#define _NM_IN_STRSET_EVAL_8( op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_7 (op, _x, __VA_ARGS__) +#define _NM_IN_STRSET_EVAL_9( op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_8 (op, _x, __VA_ARGS__) +#define _NM_IN_STRSET_EVAL_10(op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_9 (op, _x, __VA_ARGS__) +#define _NM_IN_STRSET_EVAL_11(op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_10 (op, _x, __VA_ARGS__) +#define _NM_IN_STRSET_EVAL_12(op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_11 (op, _x, __VA_ARGS__) +#define _NM_IN_STRSET_EVAL_13(op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_12 (op, _x, __VA_ARGS__) +#define _NM_IN_STRSET_EVAL_14(op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_13 (op, _x, __VA_ARGS__) +#define _NM_IN_STRSET_EVAL_15(op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_14 (op, _x, __VA_ARGS__) +#define _NM_IN_STRSET_EVAL_16(op, _x, y, ...) _NM_IN_STRSET_streq (_x, y) op _NM_IN_STRSET_EVAL_15 (op, _x, __VA_ARGS__) -#define _NM_IN_STRSET_EVAL_2(op, _x, y1, y2) \ - ( _NM_IN_STRSET_streq (_x, y1) \ - op _NM_IN_STRSET_streq (_x, y2) \ - ) - -#define _NM_IN_STRSET_EVAL_3(op, _x, y1, y2, y3) \ - ( _NM_IN_STRSET_streq (_x, y1) \ - op _NM_IN_STRSET_streq (_x, y2) \ - op _NM_IN_STRSET_streq (_x, y3) \ - ) - -#define _NM_IN_STRSET_EVAL_4(op, _x, y1, y2, y3, y4) \ - ( _NM_IN_STRSET_streq (_x, y1) \ - op _NM_IN_STRSET_streq (_x, y2) \ - op _NM_IN_STRSET_streq (_x, y3) \ - op _NM_IN_STRSET_streq (_x, y4) \ - ) - -#define _NM_IN_STRSET_EVAL_5(op, _x, y1, y2, y3, y4, y5) \ - ( _NM_IN_STRSET_streq (_x, y1) \ - op _NM_IN_STRSET_streq (_x, y2) \ - op _NM_IN_STRSET_streq (_x, y3) \ - op _NM_IN_STRSET_streq (_x, y4) \ - op _NM_IN_STRSET_streq (_x, y5) \ - ) - -#define _NM_IN_STRSET_EVAL_6(op, _x, y1, y2, y3, y4, y5, y6) \ - ( _NM_IN_STRSET_streq (_x, y1) \ - op _NM_IN_STRSET_streq (_x, y2) \ - op _NM_IN_STRSET_streq (_x, y3) \ - op _NM_IN_STRSET_streq (_x, y4) \ - op _NM_IN_STRSET_streq (_x, y5) \ - op _NM_IN_STRSET_streq (_x, y6) \ - ) - -#define _NM_IN_STRSET_EVAL_N2(op, _x, n, ...) _NM_IN_STRSET_EVAL_##n(op, _x, __VA_ARGS__) +#define _NM_IN_STRSET_EVAL_N2(op, _x, n, ...) (_NM_IN_STRSET_EVAL_##n(op, _x, __VA_ARGS__)) #define _NM_IN_STRSET_EVAL_N(op, x, n, ...) \ ({ \ const char *_x = (x); \ @@ -287,6 +293,86 @@ * side-effects. */ #define NM_IN_STRSET_SE(x, ...) _NM_IN_STRSET_EVAL_N(|, x, NM_NARG (__VA_ARGS__), __VA_ARGS__) +#define NM_STRCHAR_ALL(str, ch_iter, predicate) \ + ({ \ + gboolean _val = TRUE; \ + const char *_str = (str); \ + \ + if (_str) { \ + for (;;) { \ + const char ch_iter = _str[0]; \ + \ + if (ch_iter != '\0') { \ + if (predicate) {\ + _str++; \ + continue; \ + } \ + _val = FALSE; \ + } \ + break; \ + } \ + } \ + _val; \ + }) + +#define NM_STRCHAR_ANY(str, ch_iter, predicate) \ + ({ \ + gboolean _val = FALSE; \ + const char *_str = (str); \ + \ + if (_str) { \ + for (;;) { \ + const char ch_iter = _str[0]; \ + \ + if (ch_iter != '\0') { \ + if (predicate) { \ + ; \ + } else { \ + _str++; \ + continue; \ + } \ + _val = TRUE; \ + } \ + break; \ + } \ + } \ + _val; \ + }) + +/*****************************************************************************/ + +/* NM_CACHED_QUARK() returns the GQuark for @string, but caches + * it in a static variable to speed up future lookups. + * + * @string must be a string literal. + */ +#define NM_CACHED_QUARK(string) \ + ({ \ + static GQuark _nm_cached_quark = 0; \ + \ + (G_LIKELY (_nm_cached_quark != 0) \ + ? _nm_cached_quark \ + : (_nm_cached_quark = g_quark_from_static_string (""string""))); \ + }) + +/* NM_CACHED_QUARK_FCN() is essentially the same as G_DEFINE_QUARK + * with two differences: + * - @string must be a quited string-literal + * - @fcn must be the full function name, while G_DEFINE_QUARK() appends + * "_quark" to the function name. + * Both properties of G_DEFINE_QUARK() are non favorable, because you can no + * longer grep for string/fcn -- unless you are aware that you are searching + * for G_DEFINE_QUARK() and omit quotes / append _quark(). With NM_CACHED_QUARK_FCN(), + * ctags/cscope can locate the use of @fcn (though it doesn't recognize that + * NM_CACHED_QUARK_FCN() defines it). + */ +#define NM_CACHED_QUARK_FCN(string, fcn) \ +GQuark \ +fcn (void) \ +{ \ + return NM_CACHED_QUARK (string); \ +} + /*****************************************************************************/ #define nm_streq(s1, s2) (strcmp (s1, s2) == 0) @@ -294,6 +380,39 @@ /*****************************************************************************/ +static inline const char * +nm_str_not_empty (const char *str) +{ + return str && str[0] ? str : NULL; +} + +static inline char * +nm_strdup_not_empty (const char *str) +{ + return str && str[0] ? g_strdup (str) : NULL; +} + +static inline char * +nm_str_realloc (char *str) +{ + gs_free char *s = str; + + /* Returns a new clone of @str and frees @str. The point is that @str + * possibly points to a larger chunck of memory. We want to freshly allocate + * a buffer. + * + * We could use realloc(), but that might not do anything or leave + * @str in its memory pool for chunks of a different size (bad for + * fragmentation). + * + * This is only useful when we want to keep the buffer around for a long + * time and want to re-allocate a more optimal buffer. */ + + return g_strdup (s); +} + +/*****************************************************************************/ + #define NM_PRINT_FMT_QUOTED(cond, prefix, str, suffix, str_else) \ (cond) ? (prefix) : "", \ (cond) ? (str) : (str_else), \ @@ -320,9 +439,11 @@ #if NM_MORE_ASSERTS #define nm_assert(cond) G_STMT_START { g_assert (cond); } G_STMT_END +#define nm_assert_se(cond) G_STMT_START { if (G_LIKELY (cond)) { ; } else { g_assert (FALSE && (cond)); } } G_STMT_END #define nm_assert_not_reached() G_STMT_START { g_assert_not_reached (); } G_STMT_END #else #define nm_assert(cond) G_STMT_START { if (FALSE) { if (cond) { } } } G_STMT_END +#define nm_assert_se(cond) G_STMT_START { if (G_LIKELY (cond)) { ; } } G_STMT_END #define nm_assert_not_reached() G_STMT_START { ; } G_STMT_END #endif @@ -348,6 +469,24 @@ /*****************************************************************************/ +#define __NM_GET_PRIVATE(self, type, is_check, result_cmd) \ + ({ \ + /* preserve the const-ness of self. Unfortunately, that + * way, @self cannot be a void pointer */ \ + typeof (self) _self = (self); \ + \ + /* Get compiler error if variable is of wrong type */ \ + _nm_unused const type *_self2 = (_self); \ + \ + nm_assert (is_check (_self)); \ + ( result_cmd ); \ + }) + +#define _NM_GET_PRIVATE(self, type, is_check) __NM_GET_PRIVATE(self, type, is_check, &_self->_priv) +#define _NM_GET_PRIVATE_PTR(self, type, is_check) __NM_GET_PRIVATE(self, type, is_check, _self->_priv) + +/*****************************************************************************/ + static inline gpointer nm_g_object_ref (gpointer obj) { @@ -368,6 +507,27 @@ g_object_unref (obj); } +/* basically, replaces + * g_clear_pointer (&location, g_free) + * with + * nm_clear_g_free (&location) + * + * Another advantage is that by using a macro and typeof(), it is more + * typesafe and gives you for example a compiler warning when pp is a const + * pointer or points to a const-pointer. + */ +#define nm_clear_g_free(pp) \ + ({ \ + typeof (*(pp)) *_pp = (pp); \ + typeof (**_pp) *_p = *_pp; \ + \ + if (_p) { \ + *_pp = NULL; \ + g_free (_p); \ + } \ + !!_p; \ + }) + static inline gboolean nm_clear_g_source (guint *id) { @@ -479,6 +639,18 @@ /*****************************************************************************/ +#define nm_str_skip_leading_spaces(str) \ + ({ \ + typeof (*(str)) *_str = (str); \ + _nm_unused const char *_str_type_check = _str; \ + \ + if (_str) { \ + while (g_ascii_isspace (_str[0])) \ + _str++; \ + } \ + _str; \ + }) + static inline char * nm_strstrip (char *str) { @@ -516,6 +688,63 @@ return strcmp (s1, s2); } +static inline int +nm_cmp_uint32_p_with_data (gconstpointer p_a, gconstpointer p_b, gpointer user_data) +{ + const guint32 a = *((const guint32 *) p_a); + const guint32 b = *((const guint32 *) p_b); + + if (a < b) + return -1; + if (a > b) + return 1; + return 0; +} + +/*****************************************************************************/ + +/* Taken from systemd's UNIQ_T and UNIQ macros. */ + +#define NM_UNIQ_T(x, uniq) G_PASTE(__unique_prefix_, G_PASTE(x, uniq)) +#define NM_UNIQ __COUNTER__ + +/*****************************************************************************/ + +/* glib's MIN()/MAX() macros don't have function-like behavior, in that they evaluate + * the argument possibly twice. + * + * Taken from systemd's MIN()/MAX() macros. */ + +#define NM_MIN(a, b) __NM_MIN(NM_UNIQ, a, NM_UNIQ, b) +#define __NM_MIN(aq, a, bq, b) \ + ({ \ + typeof (a) NM_UNIQ_T(A, aq) = (a); \ + typeof (b) NM_UNIQ_T(B, bq) = (b); \ + ((NM_UNIQ_T(A, aq) < NM_UNIQ_T(B, bq)) ? NM_UNIQ_T(A, aq) : NM_UNIQ_T(B, bq)); \ + }) + +#define NM_MAX(a, b) __NM_MAX(NM_UNIQ, a, NM_UNIQ, b) +#define __NM_MAX(aq, a, bq, b) \ + ({ \ + typeof (a) NM_UNIQ_T(A, aq) = (a); \ + typeof (b) NM_UNIQ_T(B, bq) = (b); \ + ((NM_UNIQ_T(A, aq) > NM_UNIQ_T(B, bq)) ? NM_UNIQ_T(A, aq) : NM_UNIQ_T(B, bq)); \ + }) + +#define NM_CLAMP(x, low, high) __NM_CLAMP(NM_UNIQ, x, NM_UNIQ, low, NM_UNIQ, high) +#define __NM_CLAMP(xq, x, lowq, low, highq, high) \ + ({ \ + typeof(x)NM_UNIQ_T(X,xq) = (x); \ + typeof(low) NM_UNIQ_T(LOW,lowq) = (low); \ + typeof(high) NM_UNIQ_T(HIGH,highq) = (high); \ + \ + ( (NM_UNIQ_T(X,xq) > NM_UNIQ_T(HIGH,highq)) \ + ? NM_UNIQ_T(HIGH,highq) \ + : (NM_UNIQ_T(X,xq) < NM_UNIQ_T(LOW,lowq)) \ + ? NM_UNIQ_T(LOW,lowq) \ + : NM_UNIQ_T(X,xq)); \ + }) + /*****************************************************************************/ static inline guint @@ -530,27 +759,72 @@ *minor = (version & 0x0000FF00u) >> 8; *micro = (version & 0x000000FFu); } + +/*****************************************************************************/ + +/* taken from systemd's DECIMAL_STR_MAX() + * + * Returns the number of chars needed to format variables of the + * specified type as a decimal string. Adds in extra space for a + * negative '-' prefix (hence works correctly on signed + * types). Includes space for the trailing NUL. */ +#define NM_DECIMAL_STR_MAX(type) \ + (2+(sizeof(type) <= 1 ? 3 : \ + sizeof(type) <= 2 ? 5 : \ + sizeof(type) <= 4 ? 10 : \ + sizeof(type) <= 8 ? 20 : sizeof(int[-2*(sizeof(type) > 8)]))) + /*****************************************************************************/ +/* if @str is NULL, return "(null)". Otherwise, allocate a buffer using + * alloca() of and fill it with @str. @str will be quoted with double quote. + * If @str is longer then @trunc_at, the string is truncated and the closing + * quote is instead '^' to indicate truncation. + * + * Thus, the maximum stack allocated buffer will be @trunc_at+3. */ +#define nm_strquote_a(trunc_at, str) \ + ({ \ + const char *const _str = (str); \ + \ + (_str \ + ? ({ \ + const gsize _trunc_at = (trunc_at); \ + const gsize _strlen_trunc = NM_MIN (strlen (_str), _trunc_at); \ + char *_buf; \ + \ + _buf = g_alloca (_strlen_trunc + 3); \ + _buf[0] = '"'; \ + memcpy (&_buf[1], _str, _strlen_trunc); \ + _buf[_strlen_trunc + 1] = _str[_strlen_trunc] ? '^' : '"'; \ + _buf[_strlen_trunc + 2] = '\0'; \ + _buf; \ + }) \ + : "(null)"); \ + }) + #define nm_sprintf_buf(buf, format, ...) ({ \ char * _buf = (buf); \ + int _buf_len; \ \ /* some static assert trying to ensure that the buffer is statically allocated. * It disallows a buffer size of sizeof(gpointer) to catch that. */ \ G_STATIC_ASSERT (G_N_ELEMENTS (buf) == sizeof (buf) && sizeof (buf) != sizeof (char *)); \ - g_snprintf (_buf, sizeof (buf), \ - ""format"", ##__VA_ARGS__); \ + _buf_len = g_snprintf (_buf, sizeof (buf), \ + ""format"", ##__VA_ARGS__); \ + nm_assert (_buf_len < sizeof (buf)); \ _buf; \ }) #define nm_sprintf_bufa(n_elements, format, ...) \ ({ \ char *_buf; \ + int _buf_len; \ + typeof (n_elements) _n_elements = (n_elements); \ \ - G_STATIC_ASSERT (sizeof (char[MAX ((n_elements), 1)]) == (n_elements)); \ - _buf = g_alloca (n_elements); \ - g_snprintf (_buf, n_elements, \ - ""format"", ##__VA_ARGS__); \ + _buf = g_alloca (_n_elements); \ + _buf_len = g_snprintf (_buf, _n_elements, \ + ""format"", ##__VA_ARGS__); \ + nm_assert (_buf_len < _n_elements); \ _buf; \ }) @@ -601,6 +875,33 @@ #define false 0 #endif + +#ifdef _G_BOOLEAN_EXPR +/* g_assert() uses G_LIKELY(), which in turn uses _G_BOOLEAN_EXPR(). + * As glib's implementation uses a local variable _g_boolean_var_, + * we cannot do + * g_assert (some_macro ()); + * where some_macro() itself expands to ({g_assert(); ...}). + * In other words, you cannot have a g_assert() inside a g_assert() + * without getting a -Werror=shadow failure. + * + * Workaround that by re-defining _G_BOOLEAN_EXPR() + **/ +#undef _G_BOOLEAN_EXPR +#define __NM_G_BOOLEAN_EXPR_IMPL(v, expr) \ + ({ \ + int NM_UNIQ_T(V, v); \ + \ + if (expr) \ + NM_UNIQ_T(V, v) = 1; \ + else \ + NM_UNIQ_T(V, v) = 0; \ + NM_UNIQ_T(V, v); \ + }) +#define _G_BOOLEAN_EXPR(expr) __NM_G_BOOLEAN_EXPR_IMPL (NM_UNIQ, expr) +#endif + + /*****************************************************************************/ #endif /* __NM_MACROS_INTERNAL_H__ */ diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/shared/nm-utils/nm-shared-utils.c network-manager-openvpn-1.2.10/shared/nm-utils/nm-shared-utils.c --- network-manager-openvpn-1.2.6/shared/nm-utils/nm-shared-utils.c 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/shared/nm-utils/nm-shared-utils.c 2017-03-06 19:32:12.000000000 +0100 @@ -27,6 +27,85 @@ /*****************************************************************************/ +void +nm_utils_strbuf_append_c (char **buf, gsize *len, char c) +{ + switch (*len) { + case 0: + return; + case 1: + (*buf)[0] = '\0'; + *len = 0; + (*buf)++; + return; + default: + (*buf)[0] = c; + (*buf)[1] = '\0'; + (*len)--; + (*buf)++; + return; + } +} + +void +nm_utils_strbuf_append_str (char **buf, gsize *len, const char *str) +{ + gsize src_len; + + switch (*len) { + case 0: + return; + case 1: + if (!str || !*str) { + (*buf)[0] = '\0'; + return; + } + (*buf)[0] = '\0'; + *len = 0; + (*buf)++; + return; + default: + if (!str || !*str) { + (*buf)[0] = '\0'; + return; + } + src_len = g_strlcpy (*buf, str, *len); + if (src_len >= *len) { + *buf = &(*buf)[*len]; + *len = 0; + } else { + *buf = &(*buf)[src_len]; + *len -= src_len; + } + return; + } +} + +void +nm_utils_strbuf_append (char **buf, gsize *len, const char *format, ...) +{ + char *p = *buf; + va_list args; + gint retval; + + if (*len == 0) + return; + + va_start (args, format); + retval = g_vsnprintf (p, *len, format, args); + va_end (args); + + if (retval >= *len) { + *buf = &p[*len]; + *len = 0; + } else { + *buf = &p[retval]; + *len -= retval; + } +} + +/*****************************************************************************/ + /* _nm_utils_ascii_str_to_int64: * * A wrapper for g_ascii_strtoll, that checks whether the whole string @@ -45,7 +124,7 @@ _nm_utils_ascii_str_to_int64 (const char *str, guint base, gint64 min, gint64 max, gint64 fallback) { gint64 v; - char *s = NULL; + const char *s = NULL; if (str) { while (g_ascii_isspace (str[0])) @@ -57,7 +136,7 @@ } errno = 0; - v = g_ascii_strtoll (str, &s, base); + v = g_ascii_strtoll (str, (char **) &s, base); if (errno != 0) return fallback; @@ -79,6 +158,54 @@ /*****************************************************************************/ +/** + * nm_utils_strv_find_first: + * @list: the strv list to search + * @len: the length of the list, or a negative value if @list is %NULL terminated. + * @needle: the value to search for. The search is done using strcmp(). + * + * Searches @list for @needle and returns the index of the first match (based + * on strcmp()). + * + * For convenience, @list has type 'char**' instead of 'const char **'. + * + * Returns: index of first occurrence or -1 if @needle is not found in @list. + */ +gssize +nm_utils_strv_find_first (char **list, gssize len, const char *needle) +{ + gssize i; + + if (len > 0) { + g_return_val_if_fail (list, -1); + + if (!needle) { + /* if we search a list with known length, %NULL is a valid @needle. */ + for (i = 0; i < len; i++) { + if (!list[i]) + return i; + } + } else { + for (i = 0; i < len; i++) { + if (list[i] && !strcmp (needle, list[i])) + return i; + } + } + } else if (len < 0) { + g_return_val_if_fail (needle, -1); + + if (list) { + for (i = 0; list[i]; i++) { + if (strcmp (needle, list[i]) == 0) + return i; + } + } + } + return -1; +} + +/*****************************************************************************/ + gint _nm_utils_ascii_str_to_bool (const char *str, gint default_value) @@ -113,7 +240,7 @@ /*****************************************************************************/ -G_DEFINE_QUARK (nm-utils-error-quark, nm_utils_error) +NM_CACHED_QUARK_FCN ("nm-utils-error-quark", nm_utils_error_quark) void nm_utils_error_set_cancelled (GError **error, diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/shared/nm-utils/nm-shared-utils.h network-manager-openvpn-1.2.10/shared/nm-utils/nm-shared-utils.h --- network-manager-openvpn-1.2.6/shared/nm-utils/nm-shared-utils.h 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/shared/nm-utils/nm-shared-utils.h 2017-03-06 19:32:12.000000000 +0100 @@ -22,14 +22,37 @@ #ifndef __NM_SHARED_UTILS_H__ #define __NM_SHARED_UTILS_H__ -/******************************************************************************/ +/*****************************************************************************/ + +static inline void +_nm_utils_strbuf_init (char *buf, gsize len, char **p_buf_ptr, gsize *p_buf_len) +{ + NM_SET_OUT (p_buf_len, len); + NM_SET_OUT (p_buf_ptr, buf); + buf[0] = '\0'; +} + +#define nm_utils_strbuf_init(buf, p_buf_ptr, p_buf_len) \ + G_STMT_START { \ + G_STATIC_ASSERT (G_N_ELEMENTS (buf) == sizeof (buf) && sizeof (buf) > sizeof (char *)); \ + _nm_utils_strbuf_init ((buf), sizeof (buf), (p_buf_ptr), (p_buf_len)); \ + } G_STMT_END +void nm_utils_strbuf_append (char **buf, gsize *len, const char *format, ...) _nm_printf (3, 4); +void nm_utils_strbuf_append_c (char **buf, gsize *len, char c); +void nm_utils_strbuf_append_str (char **buf, gsize *len, const char *str); + +/*****************************************************************************/ + +gssize nm_utils_strv_find_first (char **list, gssize len, const char *needle); + +/*****************************************************************************/ gint64 _nm_utils_ascii_str_to_int64 (const char *str, guint base, gint64 min, gint64 max, gint64 fallback); gint _nm_utils_ascii_str_to_bool (const char *str, gint default_value); -/******************************************************************************/ +/*****************************************************************************/ /** * NMUtilsError: @@ -54,13 +77,13 @@ gboolean nm_utils_error_is_cancelled (GError *error, gboolean consider_is_disposing); -/******************************************************************************/ +/*****************************************************************************/ gboolean nm_g_object_set_property (GObject *object, const gchar *property_name, const GValue *value, GError **error); -/******************************************************************************/ +/*****************************************************************************/ #endif /* __NM_SHARED_UTILS_H__ */ diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/shared/nm-utils/nm-test-utils.h network-manager-openvpn-1.2.10/shared/nm-utils/nm-test-utils.h --- network-manager-openvpn-1.2.6/shared/nm-utils/nm-test-utils.h 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/shared/nm-utils/nm-test-utils.h 2017-03-06 19:32:12.000000000 +0100 @@ -106,12 +106,12 @@ #include "nm-utils.h" -/*******************************************************************************/ +/*****************************************************************************/ #define NMTST_G_RETURN_MSG_S(expr) "*: assertion '"NM_ASSERT_G_RETURN_EXPR(expr)"' failed" #define NMTST_G_RETURN_MSG(expr) NMTST_G_RETURN_MSG_S(#expr) -/*******************************************************************************/ +/*****************************************************************************/ /* general purpose functions that have no dependency on other nmtst functions */ @@ -168,7 +168,7 @@ g_assert (!(success)); \ } G_STMT_END -/*******************************************************************************/ +/*****************************************************************************/ struct __nmtst_internal { @@ -832,6 +832,31 @@ return dst; } +inline static GSList * +nmtst_rand_perm_gslist (GRand *rand, GSList *list) +{ + GSList *result; + guint l; + + if (!rand) + rand = nmtst_get_rand (); + + /* no need for an efficient implementation :) */ + + result = 0; + for (l = g_slist_length (list); l > 0; l--) { + GSList *tmp; + + tmp = g_slist_nth (list, g_rand_int (rand) % l); + g_assert (tmp); + + list = g_slist_remove_link (list, tmp); + result = g_slist_concat (tmp, result); + } + g_assert (!list); + return result; +} + /*****************************************************************************/ inline static gboolean @@ -979,6 +1004,10 @@ __define_nmtst_static(03, 1024) #undef __define_nmtst_static +#define NMTST_UUID_INIT(uuid) \ + gs_free char *_nmtst_hidden_##uuid = nm_utils_uuid_generate (); \ + const char *const uuid = _nmtst_hidden_##uuid + inline static const char * nmtst_uuid_generate (void) { @@ -1123,7 +1152,7 @@ return exit_status; } -/*******************************************************************************/ +/*****************************************************************************/ inline static char * nmtst_file_resolve_relative_path (const char *rel, const char *cwd) @@ -1140,6 +1169,62 @@ return g_build_filename (cwd, rel, NULL); } +inline static char * +nmtst_file_get_contents (const char *filename) +{ + GError *error = NULL; + gboolean success; + char *contents = NULL; + gsize len; + + success = g_file_get_contents (filename, &contents, &len, &error); + nmtst_assert_success (success && contents, error); + g_assert_cmpint (strlen (contents), ==, len); + return contents; +} + +/*****************************************************************************/ + +inline static void +nmtst_file_unlink_if_exists (const char *name) +{ + int errsv; + + g_assert (name && name[0]); + + if (unlink (name) != 0) { + errsv = errno; + if (errsv != ENOENT) + g_error ("nmtst_file_unlink_if_exists(%s): failed with %s", name, strerror (errsv)); + } +} + +inline static void +nmtst_file_unlink (const char *name) +{ + int errsv; + + g_assert (name && name[0]); + + if (unlink (name) != 0) { + errsv = errno; + g_error ("nmtst_file_unlink(%s): failed with %s", name, strerror (errsv)); + } +} + +inline static void +_nmtst_auto_unlinkfile (char **p_name) +{ + if (*p_name) { + nmtst_file_unlink (*p_name); + nm_clear_g_free (p_name); + } +} + +#define nmtst_auto_unlinkfile nm_auto(_nmtst_auto_unlinkfile) + +/*****************************************************************************/ + inline static void _nmtst_assert_resolve_relative_path_equals (const char *f1, const char *f2, const char *file, int line) { @@ -1156,7 +1241,7 @@ } #define nmtst_assert_resolve_relative_path_equals(f1, f2) _nmtst_assert_resolve_relative_path_equals (f1, f2, __FILE__, __LINE__); -/*******************************************************************************/ +/*****************************************************************************/ #ifdef NM_SETTING_IP_CONFIG_H inline static void diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/shared/nm-utils/nm-vpn-plugin-macros.h network-manager-openvpn-1.2.10/shared/nm-utils/nm-vpn-plugin-macros.h --- network-manager-openvpn-1.2.6/shared/nm-utils/nm-vpn-plugin-macros.h 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/shared/nm-utils/nm-vpn-plugin-macros.h 2017-03-06 19:32:12.000000000 +0100 @@ -24,6 +24,38 @@ #include +static inline int +nm_utils_syslog_coerce_from_nm (int syslog_level) +{ + /* NetworkManager uses internally NMLogLevel levels. When spawning + * the VPN plugin, it maps those levels to syslog levels as follows: + * + * LOGL_INFO = LOG_NOTICE, + * LOGL_DEBUG = LOG_INFO, + * LOGL_TRACE = LOG_DEBUG, + * + * However, when actually printing to syslog, we don't want to print messages + * with LOGL_INFO level as LOG_NOTICE, because they are *not* to be highlighted. + * + * In other words: NetworkManager has 3 levels that should not require highlighting: + * LOGL_INFO, LOGL_DEBUG, LOGL_TRACE. syslog on the other hand has only LOG_INFO and LOG_DEBUG. + * + * So, coerce those values before printing to syslog. When you receive the syslog_level + * from NetworkManager, instead of calling + * syslog(syslog_level, ...) + * you should call + * syslog(nm_utils_syslog_coerce_from_nm(syslog_level), ...) + */ + switch (syslog_level) { + case LOG_INFO: + return LOG_DEBUG; + case LOG_NOTICE: + return LOG_INFO; + default: + return syslog_level; + } +} + static inline const char * nm_utils_syslog_to_str (int syslog_level) { @@ -43,6 +75,10 @@ /* possibly missing defines from newer libnm API. */ +#ifndef NM_VPN_PLUGIN_CONFIG_PROXY_PAC +#define NM_VPN_PLUGIN_CONFIG_PROXY_PAC "pac" +#endif + #ifndef NM_VPN_PLUGIN_IP4_CONFIG_PRESERVE_ROUTES #define NM_VPN_PLUGIN_IP4_CONFIG_PRESERVE_ROUTES "preserve-routes" #endif diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/shared/utils.h network-manager-openvpn-1.2.10/shared/utils.h --- network-manager-openvpn-1.2.6/shared/utils.h 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/shared/utils.h 2017-05-16 19:29:15.000000000 +0200 @@ -44,6 +44,7 @@ #define NMV_OVPN_TAG_KEYSIZE "keysize" #define NMV_OVPN_TAG_MAX_ROUTES "max-routes" #define NMV_OVPN_TAG_MSSFIX "mssfix" +#define NMV_OVPN_TAG_MTU_DISC "mtu-disc" #define NMV_OVPN_TAG_NOBIND "nobind" #define NMV_OVPN_TAG_NS_CERT_TYPE "ns-cert-type" #define NMV_OVPN_TAG_PERSIST_KEY "persist-key" @@ -67,6 +68,7 @@ #define NMV_OVPN_TAG_TLS_AUTH "tls-auth" #define NMV_OVPN_TAG_TLS_CIPHER "tls-cipher" #define NMV_OVPN_TAG_TLS_CLIENT "tls-client" +#define NMV_OVPN_TAG_TLS_CRYPT "tls-crypt" #define NMV_OVPN_TAG_TLS_REMOTE "tls-remote" #define NMV_OVPN_TAG_TOPOLOGY "topology" #define NMV_OVPN_TAG_TUN_IPV6 "tun-ipv6" diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/src/Makefile.am network-manager-openvpn-1.2.10/src/Makefile.am --- network-manager-openvpn-1.2.6/src/Makefile.am 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/src/Makefile.am 1970-01-01 01:00:00.000000000 +0100 @@ -1,48 +0,0 @@ -AM_CPPFLAGS = \ - $(GLIB_CFLAGS) \ - $(LIBNM_CFLAGS) \ - -I$(top_srcdir)/shared \ - -DBINDIR=\"$(bindir)\" \ - -DPREFIX=\""$(prefix)"\" \ - -DSYSCONFDIR=\""$(sysconfdir)"\" \ - -DLIBDIR=\""$(libdir)"\" \ - -DLIBEXECDIR=\""$(libexecdir)"\" \ - -DLOCALSTATEDIR=\""$(localstatedir)"\" \ - -DDATADIR=\"$(datadir)\" \ - -DNM_OPENVPN_LOCALEDIR=\"$(datadir)/locale\" \ - -DG_LOG_DOMAIN=\"nm-openvpn\" - -libexec_PROGRAMS = \ - nm-openvpn-service \ - nm-openvpn-service-openvpn-helper - -shared_sources = \ - $(top_srcdir)/shared/nm-utils/nm-shared-utils.c \ - $(top_srcdir)/shared/nm-utils/nm-shared-utils.h \ - $(top_srcdir)/shared/utils.c \ - $(top_srcdir)/shared/utils.h \ - $(top_srcdir)/shared/nm-service-defines.h \ - $(NULL) - -############################################################################### - -nm_openvpn_service_SOURCES = \ - $(shared_sources) \ - nm-openvpn-service.c \ - nm-openvpn-service.h - -nm_openvpn_service_LDADD = \ - $(LIBNM_LIBS) - -############################################################################### - -nm_openvpn_service_openvpn_helper_SOURCES = \ - $(shared_sources) \ - nm-openvpn-service-openvpn-helper.c - -nm_openvpn_service_openvpn_helper_LDADD = \ - $(LIBNM_LIBS) - -############################################################################### - -CLEANFILES = *~ diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/src/nm-openvpn-service.c network-manager-openvpn-1.2.10/src/nm-openvpn-service.c --- network-manager-openvpn-1.2.6/src/nm-openvpn-service.c 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/src/nm-openvpn-service.c 2017-05-16 19:29:15.000000000 +0200 @@ -24,8 +24,6 @@ #include "nm-default.h" -#include "nm-openvpn-service.h" - #include #include #include @@ -66,9 +64,42 @@ #define NM_OPENVPN_HELPER_PATH LIBEXECDIR"/nm-openvpn-service-openvpn-helper" -G_DEFINE_TYPE (NMOpenvpnPlugin, nm_openvpn_plugin, NM_TYPE_VPN_SERVICE_PLUGIN) +/*****************************************************************************/ -#define NM_OPENVPN_PLUGIN_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_OPENVPN_PLUGIN, NMOpenvpnPluginPrivate)) +#define NM_TYPE_OPENVPN_PLUGIN (nm_openvpn_plugin_get_type ()) +#define NM_OPENVPN_PLUGIN(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_OPENVPN_PLUGIN, NMOpenvpnPlugin)) +#define NM_OPENVPN_PLUGIN_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_OPENVPN_PLUGIN, NMOpenvpnPluginClass)) +#define NM_IS_OPENVPN_PLUGIN(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_OPENVPN_PLUGIN)) +#define NM_IS_OPENVPN_PLUGIN_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_OPENVPN_PLUGIN)) +#define NM_OPENVPN_PLUGIN_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_OPENVPN_PLUGIN, NMOpenvpnPluginClass)) + +typedef struct { + NMVpnServicePlugin parent; +} NMOpenvpnPlugin; + +typedef struct { + NMVpnServicePluginClass parent; +} NMOpenvpnPluginClass; + +GType nm_openvpn_plugin_get_type (void); + +NMOpenvpnPlugin *nm_openvpn_plugin_new (const char *bus_name); + +/*****************************************************************************/ + +typedef enum { + OPENVPN_BINARY_VERSION_INVALID, + OPENVPN_BINARY_VERSION_UNKNOWN, + OPENVPN_BINARY_VERSION_2_3_OR_OLDER, + OPENVPN_BINARY_VERSION_2_4_OR_NEWER, +} OpenvpnBinaryVersion; + +typedef struct { + GPid pid; + guint watch_id; + guint kill_id; + NMOpenvpnPlugin *plugin; +} PidsPendingData; typedef struct { char *default_username; @@ -78,6 +109,8 @@ char *proxy_username; char *proxy_password; char *pending_auth; + char *challenge_state_id; + char *challenge_text; GIOChannel *socket_channel; guint socket_channel_eventid; } NMOpenvpnPluginIOData; @@ -91,6 +124,12 @@ char *mgt_path; } NMOpenvpnPluginPrivate; +G_DEFINE_TYPE (NMOpenvpnPlugin, nm_openvpn_plugin, NM_TYPE_VPN_SERVICE_PLUGIN) + +#define NM_OPENVPN_PLUGIN_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_OPENVPN_PLUGIN, NMOpenvpnPluginPrivate)) + +/*****************************************************************************/ + typedef struct { const char *name; GType type; @@ -99,14 +138,7 @@ gboolean address; } ValidProperty; -typedef struct { - GPid pid; - guint watch_id; - guint kill_id; - NMOpenvpnPlugin *plugin; -} PidsPendingData; - -static ValidProperty valid_properties[] = { +static const ValidProperty valid_properties[] = { { NM_OPENVPN_KEY_AUTH, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_CA, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_CERT, G_TYPE_STRING, 0, 0, FALSE }, @@ -118,7 +150,8 @@ { NM_OPENVPN_KEY_FRAGMENT_SIZE, G_TYPE_INT, 0, G_MAXINT, FALSE }, { NM_OPENVPN_KEY_KEY, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_LOCAL_IP, G_TYPE_STRING, 0, 0, TRUE }, - { NM_OPENVPN_KEY_MSSFIX, G_TYPE_BOOLEAN, 0, 0, FALSE }, + { NM_OPENVPN_KEY_MSSFIX, G_TYPE_STRING, 0, 0, FALSE }, + { NM_OPENVPN_KEY_MTU_DISC, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_PING, G_TYPE_INT, 0, G_MAXINT, FALSE }, { NM_OPENVPN_KEY_PING_EXIT, G_TYPE_INT, 0, G_MAXINT, FALSE }, { NM_OPENVPN_KEY_PING_RESTART, G_TYPE_INT, 0, G_MAXINT, FALSE }, @@ -143,6 +176,7 @@ { NM_OPENVPN_KEY_DEV_TYPE, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_TUN_IPV6, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_TLS_CIPHER, G_TYPE_STRING, 0, 0, FALSE }, + { NM_OPENVPN_KEY_TLS_CRYPT, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_TLS_REMOTE, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_VERIFY_X509_NAME, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_REMOTE_CERT_TLS, G_TYPE_STRING, 0, 0, FALSE }, @@ -156,7 +190,7 @@ { NULL, G_TYPE_NONE, FALSE } }; -static ValidProperty valid_secrets[] = { +static const ValidProperty valid_secrets[] = { { NM_OPENVPN_KEY_PASSWORD, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_CERTPASS, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_NOSECRET, G_TYPE_STRING, 0, 0, FALSE }, @@ -188,6 +222,83 @@ /*****************************************************************************/ +static const char * +openvpn_binary_find_exepath (void) +{ + static const char *paths[] = { + "/usr/sbin/openvpn", + "/sbin/openvpn", + "/usr/local/sbin/openvpn", + }; + int i; + + for (i = 0; i < G_N_ELEMENTS (paths); i++) { + if (g_file_test (paths[i], G_FILE_TEST_EXISTS)) + return paths[i]; + } + return NULL; +} + +static OpenvpnBinaryVersion +openvpn_binary_detect_version (const char *exepath) +{ + gs_free char *s_stdout = NULL; + const char *s; + int exit_code; + int n; + + g_return_val_if_fail (exepath && exepath[0] == '/', OPENVPN_BINARY_VERSION_UNKNOWN); + + if (!g_spawn_sync (NULL, + (char *[]) { (char *) exepath, "--version", NULL }, + NULL, + G_SPAWN_STDERR_TO_DEV_NULL, + NULL, + NULL, + &s_stdout, + NULL, + &exit_code, + NULL)) + return OPENVPN_BINARY_VERSION_UNKNOWN; + + if ( !WIFEXITED (exit_code) + || WEXITSTATUS (exit_code) != 1) { + /* expect return code 1 (OPENVPN_EXIT_STATUS_USAGE) */ + return OPENVPN_BINARY_VERSION_UNKNOWN; + } + + /* the output for --version starts with title_string, which starts with PACKAGE_STRING, + * which looks like "OpenVPN 2.#...". Do a strict parsing here... */ + if ( !s_stdout + || !g_str_has_prefix (s_stdout, "OpenVPN 2.")) + return OPENVPN_BINARY_VERSION_UNKNOWN; + s = &s_stdout[NM_STRLEN ("OpenVPN 2.")]; + + if (!g_ascii_isdigit (s[0])) + return OPENVPN_BINARY_VERSION_UNKNOWN; + + n = 0; + do { + if (n > G_MAXINT / 100) + return OPENVPN_BINARY_VERSION_UNKNOWN; + n = (n * 10) + (s[0] - '0'); + } while (g_ascii_isdigit ((++s)[0])); + + if (n <= 3) + return OPENVPN_BINARY_VERSION_2_3_OR_OLDER; + return OPENVPN_BINARY_VERSION_2_4_OR_NEWER; +} + +static OpenvpnBinaryVersion +openvpn_binary_detect_version_cached (const char *exepath, OpenvpnBinaryVersion *cached) +{ + if (G_UNLIKELY (*cached == OPENVPN_BINARY_VERSION_INVALID)) + *cached = openvpn_binary_detect_version (exepath); + return *cached; +} + +/*****************************************************************************/ + static void pids_pending_data_free (PidsPendingData *pid_data) { @@ -328,7 +439,7 @@ } typedef struct ValidateInfo { - ValidProperty *table; + const ValidProperty *table; GError **error; gboolean have_items; } ValidateInfo; @@ -349,34 +460,34 @@ return; for (i = 0; info->table[i].name; i++) { - ValidProperty prop = info->table[i]; + const ValidProperty *prop = &info->table[i]; long int tmp; - if (strcmp (prop.name, key)) + if (strcmp (prop->name, key)) continue; - switch (prop.type) { + switch (prop->type) { case G_TYPE_STRING: - if (!prop.address || validate_address (value)) + if (!prop->address || validate_address (value)) return; /* valid */ g_set_error (info->error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("invalid address '%s'"), + _("invalid address “%s”"), key); break; case G_TYPE_INT: errno = 0; tmp = strtol (value, NULL, 10); - if (errno == 0 && tmp >= prop.int_min && tmp <= prop.int_max) + if (errno == 0 && tmp >= prop->int_min && tmp <= prop->int_max) return; /* valid */ g_set_error (info->error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("invalid integer property '%s' or out of range [%d -> %d]"), - key, prop.int_min, prop.int_max); + _("invalid integer property “%s” or out of range [%d -> %d]"), + key, prop->int_min, prop->int_max); break; case G_TYPE_BOOLEAN: if (!strcmp (value, "yes") || !strcmp (value, "no")) @@ -386,15 +497,15 @@ NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, /* Translators: keep "yes" and "no" untranslated! */ - _("invalid boolean property '%s' (not yes or no)"), + _("invalid boolean property “%s” (not yes or no)"), key); break; default: g_set_error (info->error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("unhandled property '%s' type %s"), - key, g_type_name (prop.type)); + _("unhandled property “%s” type %s"), + key, g_type_name (prop->type)); break; } } @@ -404,7 +515,7 @@ g_set_error (info->error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("property '%s' invalid or not supported"), + _("property “%s” invalid or not supported"), key); } } @@ -478,6 +589,8 @@ if (io_data->proxy_password) memset (io_data->proxy_password, 0, strlen (io_data->proxy_password)); g_free (io_data->proxy_password); + g_free (io_data->challenge_state_id); + g_free (io_data->challenge_text); g_free (priv->io_data); priv->io_data = NULL; @@ -503,33 +616,55 @@ return quoted; } -/* sscanf is evil, and since we can't use glib regexp stuff since it's still - * too new for some distros, do a simple match here. - */ static char * get_detail (const char *input, const char *prefix) { - char *ret = NULL; - guint32 i = 0; - const char *p, *start; + const char *end; - g_return_val_if_fail (prefix != NULL, NULL); + nm_assert (prefix); if (!g_str_has_prefix (input, prefix)) return NULL; /* Grab characters until the next ' */ - p = start = input + strlen (prefix); - while (*p) { - if (*p == '\'') { - ret = g_malloc0 (i + 1); - strncpy (ret, start, i); - break; - } - p++, i++; - } + input += strlen (prefix); + end = strchr (input, '\''); + if (end) + return g_strndup (input, end - input); + return NULL; +} - return ret; +/* Parse challenge response protocol message of the form + * CRV1:flags:state_id:username:text + */ +static gboolean +parse_challenge (const char *failure_reason, char **challenge_state_id, char **challenge_text) +{ + const char *colon[4]; + + if ( !failure_reason + || !g_str_has_prefix (failure_reason, "CRV1:")) + return FALSE; + + colon[0] = strchr (failure_reason, ':'); + if (!colon[0]) + return FALSE; + + colon[1] = strchr (colon[0] + 1, ':'); + if (!colon[1]) + return FALSE; + + colon[2] = strchr (colon[1] + 1, ':'); + if (!colon[2]) + return FALSE; + + colon[3] = strchr (colon[2] + 1, ':'); + if (!colon[3]) + return FALSE; + + *challenge_state_id = g_strndup (colon[1] + 1, colon[2] - colon[1] - 1); + *challenge_text = g_strdup (colon[3] + 1); + return TRUE; } static void @@ -580,7 +715,19 @@ if (!username) username = io_data->default_username; - if (username != NULL && io_data->password != NULL) { + if (username != NULL && io_data->password != NULL && io_data->challenge_state_id) { + gs_free char *response = NULL; + + response = g_strdup_printf ("CRV1::%s::%s", + io_data->challenge_state_id, + io_data->password); + write_user_pass (io_data->socket_channel, + requested_auth, + username, + response); + nm_clear_g_free (&io_data->challenge_state_id); + nm_clear_g_free (&io_data->challenge_text); + } else if (username != NULL && io_data->password != NULL) { write_user_pass (io_data->socket_channel, requested_auth, username, @@ -597,6 +744,8 @@ } if (!username && !io_data->password) *out_message = _("A username and password are required."); + if (io_data->challenge_text) + *out_message = io_data->challenge_text; } handled = TRUE; } else if (!strcmp (requested_auth, "Private Key")) { @@ -710,7 +859,16 @@ gboolean fail = TRUE; if (!strcmp (auth, "Auth")) { - _LOGW ("Password verification failed"); + gs_free char *failure_reason = NULL; + + failure_reason = get_detail (auth, ">PASSWORD:Verification Failed: 'Auth' ['"); + if (parse_challenge (failure_reason, &priv->io_data->challenge_state_id, &priv->io_data->challenge_text)) { + _LOGD ("Received challenge '%s' for state '%s'", + priv->io_data->challenge_state_id, + priv->io_data->challenge_text); + } else + _LOGW ("Password verification failed"); + if (priv->interactive) { /* Clear existing password in interactive mode, openvpn * will request a new one after restarting. @@ -886,26 +1044,6 @@ || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS) == 0; } -static const char * -nm_find_openvpn (void) -{ - static const char *openvpn_binary_paths[] = { - "/usr/sbin/openvpn", - "/sbin/openvpn", - "/usr/local/sbin/openvpn", - NULL - }; - const char **openvpn_binary = openvpn_binary_paths; - - while (*openvpn_binary != NULL) { - if (g_file_test (*openvpn_binary, G_FILE_TEST_EXISTS)) - break; - openvpn_binary++; - } - - return *openvpn_binary; -} - static void add_openvpn_arg (GPtrArray *args, const char *arg) { @@ -1120,10 +1258,14 @@ gboolean dev_type_is_tap; char *stmp; const char *defport, *proto_tcp; + const char *tls_remote = NULL; const char *nm_openvpn_user, *nm_openvpn_group, *nm_openvpn_chroot; gs_free char *bus_name = NULL; NMSettingVpn *s_vpn; const char *connection_type; + gint64 v_int64; + char sbuf_64[65]; + OpenvpnBinaryVersion openvpn_binary_version = OPENVPN_BINARY_VERSION_INVALID; s_vpn = nm_connection_get_setting_vpn (connection); if (!s_vpn) { @@ -1152,7 +1294,7 @@ return FALSE; /* Find openvpn */ - openvpn_binary = nm_find_openvpn (); + openvpn_binary = openvpn_binary_find_exepath (); if (!openvpn_binary) { g_set_error_literal (error, NM_VPN_PLUGIN_ERROR, @@ -1209,7 +1351,7 @@ g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("Invalid port number '%s'."), port); + _("Invalid port number “%s”."), port); return FALSE; } } else if (defport) { @@ -1217,7 +1359,7 @@ g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("Invalid port number '%s'."), + _("Invalid port number “%s”."), defport); return FALSE; } @@ -1233,7 +1375,7 @@ g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("Invalid proto '%s'."), proto); + _("Invalid proto “%s”."), proto); return FALSE; } } else if (proto_tcp && !strcmp (proto_tcp, "yes")) @@ -1275,7 +1417,7 @@ g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("Invalid proxy type '%s'."), + _("Invalid proxy type “%s”."), tmp); return FALSE; } @@ -1323,7 +1465,7 @@ g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("Invalid ping duration '%s'."), + _("Invalid ping duration “%s”."), tmp); return FALSE; } @@ -1336,7 +1478,7 @@ g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("Invalid ping-exit duration '%s'."), + _("Invalid ping-exit duration “%s”."), tmp); return FALSE; } @@ -1349,7 +1491,7 @@ g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("Invalid ping-restart duration '%s'."), + _("Invalid ping-restart duration “%s”."), tmp); return FALSE; } @@ -1368,7 +1510,7 @@ g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("Invalid max-routes argument '%s'."), + _("Invalid max-routes argument “%s”."), tmp); return FALSE; } @@ -1404,7 +1546,7 @@ /* Cipher */ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CIPHER); - if (tmp && strlen (tmp)) { + if (tmp && tmp[0]) { add_openvpn_arg (args, "--cipher"); add_openvpn_arg (args, tmp); } @@ -1417,13 +1559,13 @@ /* Keysize */ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEYSIZE); - if (tmp && strlen (tmp)) { + if (tmp && tmp[0]) { add_openvpn_arg (args, "--keysize"); if (!add_openvpn_arg_int (args, tmp)) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("Invalid keysize '%s'."), + _("Invalid keysize “%s”."), tmp); return FALSE; } @@ -1436,30 +1578,54 @@ } add_openvpn_arg (args, "--auth-nocache"); - /* TA */ + /* tls-auth */ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA); - if (tmp && strlen (tmp)) { + if (tmp && tmp[0]) { add_openvpn_arg (args, "--tls-auth"); add_openvpn_arg_utf8safe (args, tmp); tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TA_DIR); - if (tmp && strlen (tmp)) + if (tmp && tmp[0]) add_openvpn_arg (args, tmp); } + /* tls-crypt */ + tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TLS_CRYPT); + if (tmp && tmp[0]) { + add_openvpn_arg (args, "--tls-crypt"); + add_openvpn_arg_utf8safe (args, tmp); + } + + /* tls-remote */ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TLS_REMOTE); - if (tmp && strlen (tmp)) { - add_openvpn_arg (args, "--tls-remote"); - add_openvpn_arg (args, tmp); + if (tmp && tmp[0]) { + if (openvpn_binary_detect_version_cached (openvpn_binary, &openvpn_binary_version) != OPENVPN_BINARY_VERSION_2_4_OR_NEWER) { + _LOGW ("the tls-remote option is deprecated and removed from OpenVPN 2.4. Update your connection to use verify-x509-name"); + add_openvpn_arg (args, "--tls-remote"); + add_openvpn_arg (args, tmp); + } else { + _LOGW ("the tls-remote option is deprecated and removed from OpenVPN 2.4. For compatibility, the plugin uses \"verify-x509-name\" \"%s\" \"name\" instead. Update your connection to use verify-x509-name", tmp); + add_openvpn_arg (args, "--verify-x509-name"); + add_openvpn_arg (args, tmp); + add_openvpn_arg (args, "name"); + } + tls_remote = tmp; } /* verify-x509-name */ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_VERIFY_X509_NAME); - if (tmp && strlen (tmp)) { + if (tmp && tmp[0]) { const char *name; gs_free char *type = NULL; + if (tls_remote) { + g_set_error (error, NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + _("Invalid configuration with tls-remote and verify-x509-name.")); + return FALSE; + } + name = strchr (tmp, ':'); if (name) { type = g_strndup (tmp, name - tmp); @@ -1481,7 +1647,7 @@ /* remote-cert-tls */ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_CERT_TLS); - if (tmp && strlen (tmp)) { + if (tmp && tmp[0]) { add_openvpn_arg (args, "--remote-cert-tls"); add_openvpn_arg (args, tmp); } @@ -1498,13 +1664,13 @@ if (!connection_type_is_tls_mode (connection_type)) { /* Ignore --reneg-sec option if we are not in TLS mode (as enabled * by --client below). openvpn will error out otherwise, see bgo#749050. */ - } else if (tmp && strlen (tmp)) { + } else if (tmp && tmp[0]) { add_openvpn_arg (args, "--reneg-sec"); if (!add_openvpn_arg_int (args, tmp)) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("Invalid reneg seconds '%s'."), + _("Invalid reneg seconds “%s”."), tmp); return FALSE; } @@ -1519,10 +1685,8 @@ } if (gl.log_level_ovpn >= 0) { - char buf[20]; - add_openvpn_arg (args, "--verb"); - add_openvpn_arg (args, nm_sprintf_buf (buf, "%d", gl.log_level_ovpn)); + add_openvpn_arg (args, nm_sprintf_buf (sbuf_64, "%d", gl.log_level_ovpn)); } if (gl.log_syslog) { @@ -1532,13 +1696,13 @@ /* TUN MTU size */ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TUNNEL_MTU); - if (tmp && strlen (tmp)) { + if (tmp && tmp[0]) { add_openvpn_arg (args, "--tun-mtu"); if (!add_openvpn_arg_int (args, tmp)) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("Invalid TUN MTU size '%s'."), + _("Invalid TUN MTU size “%s”."), tmp); return FALSE; } @@ -1546,13 +1710,13 @@ /* fragment size */ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_FRAGMENT_SIZE); - if (tmp && strlen (tmp)) { + if (tmp && tmp[0]) { add_openvpn_arg (args, "--fragment"); if (!add_openvpn_arg_int (args, tmp)) { g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("Invalid fragment size '%s'."), + _("Invalid fragment size “%s”."), tmp); return FALSE; } @@ -1560,8 +1724,20 @@ /* mssfix */ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_MSSFIX); - if (tmp && !strcmp (tmp, "yes")) { - add_openvpn_arg (args, "--mssfix"); + if (tmp) { + if (nm_streq (tmp, "yes")) + add_openvpn_arg (args, "--mssfix"); + else if ((v_int64 = _nm_utils_ascii_str_to_int64 (tmp, 10, 1, G_MAXINT32, 0))) { + add_openvpn_arg (args, "--mssfix"); + add_openvpn_arg (args, nm_sprintf_buf (sbuf_64, "%d", (int) v_int64)); + } + } + + /* mtu-disc */ + tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_MTU_DISC); + if (NM_IN_STRSET (tmp, "no", "maybe", "yes")) { + add_openvpn_arg (args, "--mtu-disc"); + add_openvpn_arg (args, tmp); } /* Punch script security in the face; this option was added to OpenVPN 2.1-rc9 @@ -1615,12 +1791,12 @@ add_cert_args (args, s_vpn); } else if (!strcmp (connection_type, NM_OPENVPN_CONTYPE_STATIC_KEY)) { tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY); - if (tmp && strlen (tmp)) { + if (tmp && tmp[0]) { add_openvpn_arg (args, "--secret"); add_openvpn_arg_utf8safe (args, tmp); tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_STATIC_KEY_DIRECTION); - if (tmp && strlen (tmp)) + if (tmp && tmp[0]) add_openvpn_arg (args, tmp); } @@ -1654,7 +1830,7 @@ add_openvpn_arg (args, "--auth-user-pass"); tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CA); - if (tmp && strlen (tmp)) { + if (tmp && tmp[0]) { add_openvpn_arg (args, "--ca"); add_openvpn_arg_utf8safe (args, tmp); } @@ -1667,7 +1843,7 @@ g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("Unknown connection type '%s'."), + _("Unknown connection type “%s”."), connection_type); return FALSE; } @@ -1686,7 +1862,7 @@ g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("User '%s' not found, check NM_OPENVPN_USER."), + _("User “%s” not found, check NM_OPENVPN_USER."), nm_openvpn_user); return FALSE; } @@ -1699,7 +1875,7 @@ g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - _("Group '%s' not found, check NM_OPENVPN_GROUP."), + _("Group “%s” not found, check NM_OPENVPN_GROUP."), nm_openvpn_group); return FALSE; } @@ -2060,7 +2236,7 @@ GMainLoop *loop; GOptionEntry options[] = { - { "persist", 0, 0, G_OPTION_ARG_NONE, &persist, N_("Don't quit when VPN connection terminates"), NULL }, + { "persist", 0, 0, G_OPTION_ARG_NONE, &persist, N_("Don’t quit when VPN connection terminates"), NULL }, { "debug", 0, 0, G_OPTION_ARG_NONE, &gl.debug, N_("Enable verbose debug logging (may expose passwords)"), NULL }, { "bus-name", 0, 0, G_OPTION_ARG_STRING, &bus_name, N_("D-Bus name to use for this instance"), NULL }, {NULL} diff -Nru --exclude po --exclude m4 --exclude Makefile.in --exclude configure --exclude appdata network-manager-openvpn-1.2.6/src/nm-openvpn-service.h network-manager-openvpn-1.2.10/src/nm-openvpn-service.h --- network-manager-openvpn-1.2.6/src/nm-openvpn-service.h 2016-09-29 13:37:01.000000000 +0200 +++ network-manager-openvpn-1.2.10/src/nm-openvpn-service.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,45 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ -/* nm-openvpn-service - openvpn integration with NetworkManager - * - * Copyright (C) 2005 - 2008 Tim Niemueller - * Copyright (C) 2005 - 2008 Dan Williams - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - * - */ - -#ifndef NM_OPENVPN_SERVICE_H -#define NM_OPENVPN_SERVICE_H - -#define NM_TYPE_OPENVPN_PLUGIN (nm_openvpn_plugin_get_type ()) -#define NM_OPENVPN_PLUGIN(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_OPENVPN_PLUGIN, NMOpenvpnPlugin)) -#define NM_OPENVPN_PLUGIN_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_OPENVPN_PLUGIN, NMOpenvpnPluginClass)) -#define NM_IS_OPENVPN_PLUGIN(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_OPENVPN_PLUGIN)) -#define NM_IS_OPENVPN_PLUGIN_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_OPENVPN_PLUGIN)) -#define NM_OPENVPN_PLUGIN_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_OPENVPN_PLUGIN, NMOpenvpnPluginClass)) - -typedef struct { - NMVpnServicePlugin parent; -} NMOpenvpnPlugin; - -typedef struct { - NMVpnServicePluginClass parent; -} NMOpenvpnPluginClass; - -GType nm_openvpn_plugin_get_type (void); - -NMOpenvpnPlugin *nm_openvpn_plugin_new (const char *bus_name); - -#endif /* NM_OPENVPN_SERVICE_H */