|
Packit Service |
639700 |
// SPDX-License-Identifier: GPL-2.0+
|
|
Packit |
fabffb |
/* NetworkManager Applet -- allow user control over networking
|
|
Packit |
fabffb |
*
|
|
Packit |
fabffb |
* Dan Williams <dcbw@redhat.com>
|
|
Packit |
fabffb |
*
|
|
Packit |
fabffb |
* Copyright 2004 - 2019 Red Hat, Inc.
|
|
Packit |
fabffb |
* (C) Copyright 2018 Lubomir Rintel
|
|
Packit |
fabffb |
*/
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
#include "nm-default.h"
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
#include "applet-vpn-request.h"
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
#include <stdio.h>
|
|
Packit |
fabffb |
#include <stdlib.h>
|
|
Packit |
fabffb |
#include <string.h>
|
|
Packit |
fabffb |
#include <sys/types.h>
|
|
Packit |
fabffb |
#include <sys/wait.h>
|
|
Packit |
fabffb |
#include <unistd.h>
|
|
Packit |
fabffb |
#include <errno.h>
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
#include "nma-vpn-password-dialog.h"
|
|
Packit |
fabffb |
#include "nm-utils/nm-compat.h"
|
|
Packit |
fabffb |
#include "nm-utils/nm-shared-utils.h"
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/*****************************************************************************/
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
typedef struct {
|
|
Packit Service |
639700 |
char *name;
|
|
Packit Service |
639700 |
char *label;
|
|
Packit Service |
639700 |
char *value;
|
|
Packit Service |
639700 |
gboolean is_secret;
|
|
Packit Service |
639700 |
gboolean should_ask;
|
|
Packit Service |
639700 |
} EuiSecret;
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
typedef struct {
|
|
Packit |
fabffb |
char *uuid;
|
|
Packit |
fabffb |
char *id;
|
|
Packit |
fabffb |
char *service_type;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
guint watch_id;
|
|
Packit |
fabffb |
GPid pid;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
int child_stdout;
|
|
Packit |
fabffb |
GString *child_response;
|
|
Packit |
fabffb |
GIOChannel *channel;
|
|
Packit |
fabffb |
guint channel_eventid;
|
|
Packit |
fabffb |
GVariantBuilder secrets_builder;
|
|
Packit |
fabffb |
gboolean external_ui_mode;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/* These are just for the external UI mode */
|
|
Packit Service |
639700 |
EuiSecret *eui_secrets;
|
|
Packit Service |
639700 |
GtkDialog *dialog;
|
|
Packit |
fabffb |
} RequestData;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
typedef struct {
|
|
Packit |
fabffb |
SecretsRequest req;
|
|
Packit |
fabffb |
RequestData *req_data;
|
|
Packit |
fabffb |
} VpnSecretsInfo;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/*****************************************************************************/
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static void complete_request (VpnSecretsInfo *info);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/*****************************************************************************/
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
size_t
|
|
Packit |
fabffb |
applet_vpn_request_get_secrets_size (void)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
return sizeof (VpnSecretsInfo);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/*****************************************************************************/
|
|
Packit |
fabffb |
|
|
Packit Service |
639700 |
static void
|
|
Packit Service |
639700 |
external_ui_add_secrets (VpnSecretsInfo *info)
|
|
Packit |
fabffb |
{
|
|
Packit Service |
639700 |
RequestData *req_data = info->req_data;
|
|
Packit Service |
639700 |
EuiSecret *secret;
|
|
Packit Service |
639700 |
guint i;
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
for (i = 0; req_data->eui_secrets[i].name; i++) {
|
|
Packit Service |
639700 |
secret = &req_data->eui_secrets[i];
|
|
Packit Service |
639700 |
if ( secret->is_secret
|
|
Packit Service |
639700 |
&& secret->value
|
|
Packit Service |
639700 |
&& secret->value[0]) {
|
|
Packit Service |
639700 |
g_variant_builder_add (&req_data->secrets_builder, "{ss}",
|
|
Packit Service |
639700 |
secret->name,
|
|
Packit Service |
639700 |
secret->value);
|
|
Packit Service |
639700 |
}
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static void
|
|
Packit |
fabffb |
external_ui_dialog_response (GtkDialog *dialog, int response_id, gpointer user_data)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
VpnSecretsInfo *info = user_data;
|
|
Packit |
fabffb |
RequestData *req_data = info->req_data;
|
|
Packit |
fabffb |
NMAVpnPasswordDialog *vpn_dialog = NMA_VPN_PASSWORD_DIALOG (dialog);
|
|
Packit Service |
639700 |
EuiSecret *secret;
|
|
Packit Service |
639700 |
const char *value;
|
|
Packit Service |
639700 |
guint i_secret, i_pw;
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
for (i_secret = 0, i_pw = 0; req_data->eui_secrets[i_secret].name; i_secret++) {
|
|
Packit Service |
639700 |
secret = &req_data->eui_secrets[i_secret];
|
|
Packit Service |
639700 |
if ( secret->is_secret
|
|
Packit Service |
639700 |
&& secret->should_ask) {
|
|
Packit Service |
639700 |
switch (i_pw) {
|
|
Packit Service |
639700 |
case 0:
|
|
Packit Service |
639700 |
value = nma_vpn_password_dialog_get_password (vpn_dialog);
|
|
Packit Service |
639700 |
break;
|
|
Packit Service |
639700 |
case 1:
|
|
Packit Service |
639700 |
value = nma_vpn_password_dialog_get_password_secondary (vpn_dialog);
|
|
Packit Service |
639700 |
break;
|
|
Packit Service |
639700 |
case 2:
|
|
Packit Service |
639700 |
value = nma_vpn_password_dialog_get_password_ternary (vpn_dialog);
|
|
Packit Service |
639700 |
break;
|
|
Packit Service |
639700 |
default:
|
|
Packit Service |
639700 |
continue;
|
|
Packit Service |
639700 |
}
|
|
Packit Service |
639700 |
g_free (secret->value);
|
|
Packit Service |
639700 |
secret->value = g_strdup (value);
|
|
Packit Service |
639700 |
i_pw++;
|
|
Packit Service |
639700 |
}
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
gtk_widget_destroy (GTK_WIDGET (dialog));
|
|
Packit Service |
639700 |
g_clear_object (&req_data->dialog);
|
|
Packit Service |
639700 |
external_ui_add_secrets (info);
|
|
Packit |
fabffb |
complete_request (info);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static gboolean
|
|
Packit |
fabffb |
external_ui_from_child_response (VpnSecretsInfo *info, GError **error)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
RequestData *req_data = info->req_data;
|
|
Packit |
fabffb |
gs_unref_keyfile GKeyFile *keyfile = NULL;
|
|
Packit |
fabffb |
gs_strfreev char **groups = NULL;
|
|
Packit Service |
639700 |
NMAVpnPasswordDialog *dialog = NULL;
|
|
Packit |
fabffb |
gs_free char *version = NULL;
|
|
Packit |
fabffb |
gs_free char *title = NULL;
|
|
Packit |
fabffb |
gs_free char *message = NULL;
|
|
Packit Service |
639700 |
gsize num_groups;
|
|
Packit Service |
639700 |
guint num_ask = 0;
|
|
Packit Service |
639700 |
guint i_group, i_secret, i_pw;
|
|
Packit |
fabffb |
|
|
Packit Service |
639700 |
/* Parse response key file */
|
|
Packit |
fabffb |
keyfile = g_key_file_new ();
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if (!g_key_file_load_from_data (keyfile,
|
|
Packit |
fabffb |
req_data->child_response->str,
|
|
Packit |
fabffb |
req_data->child_response->len,
|
|
Packit |
fabffb |
G_KEY_FILE_NONE,
|
|
Packit |
fabffb |
error)) {
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit Service |
639700 |
groups = g_key_file_get_groups (keyfile, &num_groups);
|
|
Packit |
fabffb |
if (g_strcmp0 (groups[0], "VPN Plugin UI") != 0) {
|
|
Packit |
fabffb |
g_set_error_literal (error,
|
|
Packit |
fabffb |
NM_SECRET_AGENT_ERROR,
|
|
Packit |
fabffb |
NM_SECRET_AGENT_ERROR_FAILED,
|
|
Packit |
fabffb |
"Expected [VPN Plugin UI]");
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
version = g_key_file_get_string (keyfile, "VPN Plugin UI", "Version", error);
|
|
Packit |
fabffb |
if (!version)
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
if (strcmp (version, "2") != 0) {
|
|
Packit |
fabffb |
g_set_error_literal (error,
|
|
Packit |
fabffb |
NM_SECRET_AGENT_ERROR,
|
|
Packit |
fabffb |
NM_SECRET_AGENT_ERROR_FAILED,
|
|
Packit |
fabffb |
"Expected Version=2");
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
title = g_key_file_get_string (keyfile, "VPN Plugin UI", "Title", error);
|
|
Packit |
fabffb |
if (!title)
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
message = g_key_file_get_string (keyfile, "VPN Plugin UI", "Description", error);
|
|
Packit |
fabffb |
if (!message)
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
|
|
Packit Service |
639700 |
/* Create a secret instance for each group */
|
|
Packit Service |
639700 |
req_data->eui_secrets = g_new0 (EuiSecret, num_groups);
|
|
Packit Service |
639700 |
for (i_group = 1, i_secret = 0; i_group < num_groups; i_group++) {
|
|
Packit Service |
639700 |
EuiSecret *secret = &req_data->eui_secrets[i_secret];
|
|
Packit Service |
639700 |
const char *group = groups[i_group];
|
|
Packit Service |
639700 |
char *label;
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
label = g_key_file_get_string (keyfile, group, "Label", NULL);
|
|
Packit Service |
639700 |
if (!label) {
|
|
Packit Service |
639700 |
g_warning ("Skipping entry: no label\n");
|
|
Packit Service |
639700 |
continue;
|
|
Packit |
fabffb |
}
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
secret->name = g_strdup (group);
|
|
Packit Service |
639700 |
secret->label = label;
|
|
Packit Service |
639700 |
secret->value = g_key_file_get_string (keyfile, group, "Value", NULL);
|
|
Packit Service |
639700 |
secret->is_secret = g_key_file_get_boolean (keyfile, group, "IsSecret", NULL);
|
|
Packit Service |
639700 |
secret->should_ask = g_key_file_get_boolean (keyfile, group, "ShouldAsk", NULL);
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
i_secret++;
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
if (secret->is_secret && secret->should_ask)
|
|
Packit Service |
639700 |
num_ask++;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit Service |
639700 |
/* If there are any secrets that must be asked to user,
|
|
Packit Service |
639700 |
* create a dialog and display it. */
|
|
Packit Service |
639700 |
if (num_ask > 0) {
|
|
Packit Service |
639700 |
dialog = (NMAVpnPasswordDialog *) nma_vpn_password_dialog_new (title, message, NULL);
|
|
Packit Service |
639700 |
req_data->dialog = g_object_ref_sink (dialog);
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
nma_vpn_password_dialog_set_show_password (dialog, FALSE);
|
|
Packit Service |
639700 |
nma_vpn_password_dialog_set_show_password_secondary (dialog, FALSE);
|
|
Packit Service |
639700 |
nma_vpn_password_dialog_set_show_password_ternary (dialog, FALSE);
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
for (i_secret = 0, i_pw = 0; req_data->eui_secrets[i_secret].name; i_secret++) {
|
|
Packit Service |
639700 |
EuiSecret *secret = &req_data->eui_secrets[i_secret];
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
if ( secret->is_secret
|
|
Packit Service |
639700 |
&& secret->should_ask) {
|
|
Packit Service |
639700 |
switch (i_pw) {
|
|
Packit Service |
639700 |
case 0:
|
|
Packit Service |
639700 |
nma_vpn_password_dialog_set_show_password (dialog, TRUE);
|
|
Packit Service |
639700 |
nma_vpn_password_dialog_set_password_label (dialog, secret->label);
|
|
Packit Service |
639700 |
if (secret->value)
|
|
Packit Service |
639700 |
nma_vpn_password_dialog_set_password (dialog, secret->value);
|
|
Packit Service |
639700 |
break;
|
|
Packit Service |
639700 |
case 1:
|
|
Packit Service |
639700 |
nma_vpn_password_dialog_set_show_password_secondary (dialog, TRUE);
|
|
Packit Service |
639700 |
nma_vpn_password_dialog_set_password_secondary_label (dialog, secret->label);
|
|
Packit Service |
639700 |
if (secret->value)
|
|
Packit Service |
639700 |
nma_vpn_password_dialog_set_password_secondary (dialog, secret->value);
|
|
Packit Service |
639700 |
break;
|
|
Packit Service |
639700 |
case 2:
|
|
Packit Service |
639700 |
nma_vpn_password_dialog_set_show_password_ternary (dialog, TRUE);
|
|
Packit Service |
639700 |
nma_vpn_password_dialog_set_password_ternary_label (dialog, secret->label);
|
|
Packit Service |
639700 |
if (secret->value)
|
|
Packit Service |
639700 |
nma_vpn_password_dialog_set_password_ternary (dialog, secret->value);
|
|
Packit Service |
639700 |
break;
|
|
Packit Service |
639700 |
default:
|
|
Packit Service |
639700 |
g_warning ("Skipping entry: more than 3 passwords not supported\n");
|
|
Packit Service |
639700 |
continue;
|
|
Packit Service |
639700 |
}
|
|
Packit Service |
639700 |
i_pw++;
|
|
Packit Service |
639700 |
}
|
|
Packit Service |
639700 |
}
|
|
Packit |
fabffb |
g_signal_connect (dialog,
|
|
Packit |
fabffb |
"response",
|
|
Packit |
fabffb |
G_CALLBACK (external_ui_dialog_response),
|
|
Packit |
fabffb |
info);
|
|
Packit Service |
639700 |
gtk_widget_show (GTK_WIDGET (dialog));
|
|
Packit Service |
639700 |
return TRUE;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit Service |
639700 |
/* Nothing to ask, return known secrets */
|
|
Packit Service |
639700 |
external_ui_add_secrets (info);
|
|
Packit Service |
639700 |
complete_request (info);
|
|
Packit |
fabffb |
return TRUE;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/*****************************************************************************/
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static void
|
|
Packit |
fabffb |
complete_request (VpnSecretsInfo *info)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
SecretsRequest *req = (SecretsRequest *) info;
|
|
Packit |
fabffb |
RequestData *req_data = info->req_data;
|
|
Packit |
fabffb |
GVariantBuilder settings_builder, vpn_builder;
|
|
Packit |
fabffb |
gs_unref_variant GVariant *settings = NULL;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
g_variant_builder_init (&settings_builder, NM_VARIANT_TYPE_CONNECTION);
|
|
Packit |
fabffb |
g_variant_builder_init (&vpn_builder, NM_VARIANT_TYPE_SETTING);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
g_variant_builder_add (&vpn_builder, "{sv}",
|
|
Packit |
fabffb |
NM_SETTING_VPN_SECRETS,
|
|
Packit |
fabffb |
g_variant_builder_end (&req_data->secrets_builder));
|
|
Packit |
fabffb |
g_variant_builder_add (&settings_builder, "{sa{sv}}",
|
|
Packit |
fabffb |
NM_SETTING_VPN_SETTING_NAME,
|
|
Packit |
fabffb |
&vpn_builder);
|
|
Packit Service |
639700 |
settings = g_variant_ref_sink (g_variant_builder_end (&settings_builder));
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
applet_secrets_request_complete (req, settings, NULL);
|
|
Packit |
fabffb |
applet_secrets_request_free (req);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static void
|
|
Packit |
fabffb |
process_child_response (VpnSecretsInfo *info)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
SecretsRequest *req = (SecretsRequest *) info;
|
|
Packit |
fabffb |
RequestData *req_data = info->req_data;
|
|
Packit |
fabffb |
gs_free_error GError *error = NULL;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if (req_data->external_ui_mode) {
|
|
Packit |
fabffb |
if (!external_ui_from_child_response (info, &error)) {
|
|
Packit |
fabffb |
applet_secrets_request_complete (req, NULL, error);
|
|
Packit |
fabffb |
applet_secrets_request_free (req);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
} else {
|
|
Packit |
fabffb |
char **lines = g_strsplit (req_data->child_response->str, "\n", -1);
|
|
Packit |
fabffb |
int i;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
for (i = 0; lines[i] && *(lines[i]); i += 2) {
|
|
Packit |
fabffb |
if (lines[i + 1] == NULL)
|
|
Packit |
fabffb |
break;
|
|
Packit |
fabffb |
g_variant_builder_add (&req_data->secrets_builder, "{ss}", lines[i], lines[i + 1]);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
g_strfreev (lines);
|
|
Packit |
fabffb |
complete_request (info);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static void
|
|
Packit |
fabffb |
child_finished_cb (GPid pid, int status, gpointer user_data)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
VpnSecretsInfo *info = user_data;
|
|
Packit |
fabffb |
SecretsRequest *req = (SecretsRequest *) info;
|
|
Packit |
fabffb |
RequestData *req_data = info->req_data;
|
|
Packit |
fabffb |
gs_free_error GError *error = NULL;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
req_data->pid = 0;
|
|
Packit |
fabffb |
req_data->watch_id = 0;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if (status) {
|
|
Packit |
fabffb |
error = g_error_new (NM_SECRET_AGENT_ERROR,
|
|
Packit |
fabffb |
NM_SECRET_AGENT_ERROR_USER_CANCELED,
|
|
Packit |
fabffb |
"%s.%d (%s): canceled", __FILE__, __LINE__, __func__);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
applet_secrets_request_complete (req, NULL, error);
|
|
Packit |
fabffb |
applet_secrets_request_free (req);
|
|
Packit |
fabffb |
} else if (req_data->channel_eventid == 0) {
|
|
Packit |
fabffb |
/* We now have both the child response and its exit status. Process it. */
|
|
Packit |
fabffb |
process_child_response (info);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static gboolean
|
|
Packit |
fabffb |
child_stdout_data_cb (GIOChannel *source, GIOCondition condition, gpointer user_data)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
SecretsRequest *req = user_data;
|
|
Packit |
fabffb |
VpnSecretsInfo *info = (VpnSecretsInfo *) req;
|
|
Packit |
fabffb |
RequestData *req_data = info->req_data;
|
|
Packit |
fabffb |
GIOStatus status;
|
|
Packit |
fabffb |
char buf[4096];
|
|
Packit |
fabffb |
size_t bytes_read;
|
|
Packit |
fabffb |
gs_free_error GError *error = NULL;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
status = g_io_channel_read_chars (source, buf, sizeof (buf)-1, &bytes_read, &error);
|
|
Packit |
fabffb |
switch (status) {
|
|
Packit |
fabffb |
case G_IO_STATUS_ERROR:
|
|
Packit |
fabffb |
req_data->channel_eventid = 0;
|
|
Packit |
fabffb |
applet_secrets_request_complete (req, NULL, error);
|
|
Packit |
fabffb |
applet_secrets_request_free (req);
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
case G_IO_STATUS_EOF:
|
|
Packit |
fabffb |
req_data->channel_eventid = 0;
|
|
Packit |
fabffb |
if (req_data->pid == 0) {
|
|
Packit |
fabffb |
/* We now have both the childe respons and
|
|
Packit |
fabffb |
* its exit status. Process it. */
|
|
Packit |
fabffb |
process_child_response (info);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
case G_IO_STATUS_NORMAL:
|
|
Packit |
fabffb |
g_string_append_len (req_data->child_response, buf, bytes_read);
|
|
Packit |
fabffb |
break;
|
|
Packit |
fabffb |
default:
|
|
Packit |
fabffb |
/* What just happened... */
|
|
Packit |
fabffb |
g_return_val_if_reached (FALSE);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
return TRUE;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/*****************************************************************************/
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static void
|
|
Packit |
fabffb |
_str_append (GString *str,
|
|
Packit |
fabffb |
const char *tag,
|
|
Packit |
fabffb |
const char *val)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
const char *s;
|
|
Packit |
fabffb |
gsize i;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
nm_assert (str);
|
|
Packit |
fabffb |
nm_assert (tag && tag[0]);
|
|
Packit |
fabffb |
nm_assert (val);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
g_string_append (str, tag);
|
|
Packit |
fabffb |
g_string_append_c (str, '=');
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
s = strchr (val, '\n');
|
|
Packit |
fabffb |
if (s) {
|
|
Packit |
fabffb |
gs_free char *val2 = g_strdup (val);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
for (i = 0; val2[i]; i++) {
|
|
Packit |
fabffb |
if (val2[i] == '\n')
|
|
Packit |
fabffb |
val2[i] = ' ';
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
g_string_append (str, val2);
|
|
Packit |
fabffb |
} else
|
|
Packit |
fabffb |
g_string_append (str, val);
|
|
Packit |
fabffb |
g_string_append_c (str, '\n');
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static char *
|
|
Packit |
fabffb |
connection_to_data (NMConnection *connection,
|
|
Packit |
fabffb |
gsize *out_length,
|
|
Packit |
fabffb |
GError **error)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
NMSettingVpn *s_vpn;
|
|
Packit |
fabffb |
GString *buf;
|
|
Packit |
fabffb |
const char **keys;
|
|
Packit |
fabffb |
guint i, len;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
s_vpn = nm_connection_get_setting_vpn (connection);
|
|
Packit |
fabffb |
if (!s_vpn) {
|
|
Packit |
fabffb |
g_set_error_literal (error,
|
|
Packit |
fabffb |
NM_SECRET_AGENT_ERROR,
|
|
Packit |
fabffb |
NM_SECRET_AGENT_ERROR_FAILED,
|
|
Packit |
fabffb |
_("Connection had no VPN setting"));
|
|
Packit |
fabffb |
return NULL;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
buf = g_string_new_len (NULL, 100);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
keys = nm_setting_vpn_get_data_keys (s_vpn, &len;;
|
|
Packit |
fabffb |
for (i = 0; i < len; i++) {
|
|
Packit |
fabffb |
_str_append (buf, "DATA_KEY", keys[i]);
|
|
Packit |
fabffb |
_str_append (buf, "DATA_VAL", nm_setting_vpn_get_data_item (s_vpn, keys[i]));
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
nm_clear_g_free (&keys);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
keys = nm_setting_vpn_get_secret_keys (s_vpn, &len;;
|
|
Packit |
fabffb |
for (i = 0; i < len; i++) {
|
|
Packit |
fabffb |
_str_append (buf, "SECRET_KEY", keys[i]);
|
|
Packit |
fabffb |
_str_append (buf, "SECRET_VAL", nm_setting_vpn_get_secret (s_vpn, keys[i]));
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
nm_clear_g_free (&keys);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
g_string_append (buf, "DONE\n\nQUIT\n\n");
|
|
Packit |
fabffb |
NM_SET_OUT (out_length, buf->len);
|
|
Packit |
fabffb |
return g_string_free (buf, FALSE);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/*****************************************************************************/
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static gboolean
|
|
Packit |
fabffb |
connection_to_fd (NMConnection *connection,
|
|
Packit |
fabffb |
int fd,
|
|
Packit |
fabffb |
GError **error)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
gs_free char *data = NULL;
|
|
Packit |
fabffb |
gsize data_len;
|
|
Packit |
fabffb |
gssize w;
|
|
Packit |
fabffb |
int errsv;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
data = connection_to_data (connection, &data_len, error);
|
|
Packit |
fabffb |
if (!data)
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
again:
|
|
Packit |
fabffb |
w = write (fd, data, data_len);
|
|
Packit |
fabffb |
if (w < 0) {
|
|
Packit |
fabffb |
errsv = errno;
|
|
Packit |
fabffb |
if (errsv == EINTR)
|
|
Packit |
fabffb |
goto again;
|
|
Packit |
fabffb |
g_set_error (error,
|
|
Packit |
fabffb |
NM_SECRET_AGENT_ERROR,
|
|
Packit |
fabffb |
NM_SECRET_AGENT_ERROR_FAILED,
|
|
Packit |
fabffb |
_("Failed to write connection to VPN UI: %s (%d)"), g_strerror (errsv), errsv);
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if ((gsize) w != data_len) {
|
|
Packit |
fabffb |
g_set_error_literal (error,
|
|
Packit |
fabffb |
NM_SECRET_AGENT_ERROR,
|
|
Packit |
fabffb |
NM_SECRET_AGENT_ERROR_FAILED,
|
|
Packit |
fabffb |
_("Failed to write connection to VPN UI: incomplete write"));
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
return TRUE;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/*****************************************************************************/
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static void
|
|
Packit |
fabffb |
vpn_child_setup (gpointer user_data)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
/* We are in the child process at this point */
|
|
Packit |
fabffb |
pid_t pid = getpid ();
|
|
Packit |
fabffb |
setpgid (pid, pid);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
static gboolean
|
|
Packit |
fabffb |
auth_dialog_spawn (const char *con_id,
|
|
Packit |
fabffb |
const char *con_uuid,
|
|
Packit |
fabffb |
const char *const*hints,
|
|
Packit |
fabffb |
const char *auth_dialog,
|
|
Packit |
fabffb |
const char *service_type,
|
|
Packit |
fabffb |
gboolean supports_hints,
|
|
Packit |
fabffb |
gboolean external_ui_mode,
|
|
Packit |
fabffb |
guint32 flags,
|
|
Packit |
fabffb |
GPid *out_pid,
|
|
Packit |
fabffb |
int *out_stdin,
|
|
Packit |
fabffb |
int *out_stdout,
|
|
Packit |
fabffb |
GError **error)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
gsize hints_len;
|
|
Packit |
fabffb |
gsize i, j;
|
|
Packit |
fabffb |
gs_free const char **argv = NULL;
|
|
Packit |
fabffb |
gs_free const char **envp = NULL;
|
|
Packit |
fabffb |
gsize environ_len;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
g_return_val_if_fail (con_id, FALSE);
|
|
Packit |
fabffb |
g_return_val_if_fail (con_uuid, FALSE);
|
|
Packit |
fabffb |
g_return_val_if_fail (auth_dialog, FALSE);
|
|
Packit |
fabffb |
g_return_val_if_fail (service_type, FALSE);
|
|
Packit |
fabffb |
g_return_val_if_fail (out_pid, FALSE);
|
|
Packit |
fabffb |
g_return_val_if_fail (out_stdin, FALSE);
|
|
Packit |
fabffb |
g_return_val_if_fail (out_stdout, FALSE);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
hints_len = NM_PTRARRAY_LEN (hints);
|
|
Packit |
fabffb |
argv = g_new (const char *, 11 + (2 * hints_len));
|
|
Packit |
fabffb |
i = 0;
|
|
Packit |
fabffb |
argv[i++] = auth_dialog;
|
|
Packit |
fabffb |
argv[i++] = "-u";
|
|
Packit |
fabffb |
argv[i++] = con_uuid;
|
|
Packit |
fabffb |
argv[i++] = "-n";
|
|
Packit |
fabffb |
argv[i++] = con_id;
|
|
Packit |
fabffb |
argv[i++] = "-s";
|
|
Packit |
fabffb |
argv[i++] = service_type;
|
|
Packit |
fabffb |
if (flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_ALLOW_INTERACTION)
|
|
Packit |
fabffb |
argv[i++] = "-i";
|
|
Packit |
fabffb |
if (flags & NM_SECRET_AGENT_GET_SECRETS_FLAG_REQUEST_NEW)
|
|
Packit |
fabffb |
argv[i++] = "-r";
|
|
Packit |
fabffb |
for (j = 0; supports_hints && (j < hints_len); j++) {
|
|
Packit |
fabffb |
argv[i++] = "-t";
|
|
Packit |
fabffb |
argv[i++] = hints[j];
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
if (external_ui_mode)
|
|
Packit |
fabffb |
argv[i++] = "--external-ui-mode";
|
|
Packit |
fabffb |
nm_assert (i <= 10 + (2 * hints_len));
|
|
Packit |
fabffb |
argv[i++] = NULL;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
environ_len = NM_PTRARRAY_LEN (environ);
|
|
Packit |
fabffb |
envp = g_new (const char *, environ_len + 1);
|
|
Packit |
fabffb |
memcpy (envp, environ, sizeof (const char *) * environ_len);
|
|
Packit |
fabffb |
for (i = 0, j = 0; i < environ_len; i++) {
|
|
Packit |
fabffb |
const char *e = environ[i];
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if (g_str_has_prefix (e, "G_MESSAGES_DEBUG=")) {
|
|
Packit |
fabffb |
/* skip this environment variable. We interact with the auth-dialog via stdout.
|
|
Packit |
fabffb |
* G_MESSAGES_DEBUG may enable additional debugging messages from GTK. */
|
|
Packit |
fabffb |
continue;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
envp[j++] = e;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
envp[j] = NULL;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if (!g_spawn_async_with_pipes (NULL,
|
|
Packit |
fabffb |
(char **) argv,
|
|
Packit |
fabffb |
(char **) envp,
|
|
Packit |
fabffb |
G_SPAWN_DO_NOT_REAP_CHILD,
|
|
Packit |
fabffb |
vpn_child_setup,
|
|
Packit |
fabffb |
NULL,
|
|
Packit |
fabffb |
out_pid,
|
|
Packit |
fabffb |
out_stdin,
|
|
Packit |
fabffb |
out_stdout,
|
|
Packit |
fabffb |
NULL,
|
|
Packit |
fabffb |
error))
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
return TRUE;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/*****************************************************************************/
|
|
Packit |
fabffb |
|
|
Packit Service |
639700 |
static gboolean
|
|
Packit Service |
639700 |
ensure_killed (gpointer data)
|
|
Packit Service |
639700 |
{
|
|
Packit Service |
639700 |
pid_t pid = GPOINTER_TO_INT (data);
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
kill (pid, SIGKILL);
|
|
Packit Service |
639700 |
waitpid (pid, NULL, 0);
|
|
Packit Service |
639700 |
return FALSE;
|
|
Packit Service |
639700 |
}
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
static void
|
|
Packit Service |
639700 |
dialog_response_destroy (GtkDialog *dialog, int response_id, gpointer user_data)
|
|
Packit Service |
639700 |
{
|
|
Packit Service |
639700 |
gtk_widget_destroy (GTK_WIDGET (dialog));
|
|
Packit Service |
639700 |
g_object_unref (dialog);
|
|
Packit Service |
639700 |
}
|
|
Packit Service |
639700 |
|
|
Packit |
fabffb |
static void
|
|
Packit |
fabffb |
free_vpn_secrets_info (SecretsRequest *req)
|
|
Packit |
fabffb |
{
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
RequestData *req_data;
|
|
Packit Service |
639700 |
guint i;
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
req_data = ((VpnSecretsInfo *) req)->req_data;
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
if (!req_data)
|
|
Packit Service |
639700 |
return;
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
g_free (req_data->uuid);
|
|
Packit Service |
639700 |
g_free (req_data->id);
|
|
Packit Service |
639700 |
g_free (req_data->service_type);
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
nm_clear_g_source (&req_data->watch_id);
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
nm_clear_g_source (&req_data->channel_eventid);
|
|
Packit Service |
639700 |
if (req_data->channel)
|
|
Packit Service |
639700 |
g_io_channel_unref (req_data->channel);
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
if (req_data->pid) {
|
|
Packit Service |
639700 |
if (kill (req_data->pid, SIGTERM) == 0)
|
|
Packit Service |
639700 |
g_timeout_add_seconds (2, ensure_killed, GINT_TO_POINTER (req_data->pid));
|
|
Packit Service |
639700 |
else {
|
|
Packit Service |
639700 |
kill (req_data->pid, SIGKILL);
|
|
Packit Service |
639700 |
waitpid (req_data->pid, NULL, 0);
|
|
Packit Service |
639700 |
}
|
|
Packit Service |
639700 |
}
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
if (req_data->child_response)
|
|
Packit Service |
639700 |
g_string_free (req_data->child_response, TRUE);
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
g_variant_builder_clear (&req_data->secrets_builder);
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
if (req_data->eui_secrets) {
|
|
Packit Service |
639700 |
for (i = 0; req_data->eui_secrets[i].name; i++) {
|
|
Packit Service |
639700 |
g_free (req_data->eui_secrets[i].name);
|
|
Packit Service |
639700 |
g_free (req_data->eui_secrets[i].label);
|
|
Packit Service |
639700 |
g_free (req_data->eui_secrets[i].value);
|
|
Packit Service |
639700 |
}
|
|
Packit Service |
639700 |
g_free (req_data->eui_secrets);
|
|
Packit Service |
639700 |
}
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
if (req_data->dialog) {
|
|
Packit Service |
639700 |
g_signal_handlers_disconnect_by_func (req_data->dialog,
|
|
Packit Service |
639700 |
external_ui_dialog_response,
|
|
Packit Service |
639700 |
req);
|
|
Packit Service |
639700 |
g_signal_connect (req_data->dialog,
|
|
Packit Service |
639700 |
"response",
|
|
Packit Service |
639700 |
G_CALLBACK (dialog_response_destroy),
|
|
Packit Service |
639700 |
NULL);
|
|
Packit Service |
639700 |
req_data->dialog = NULL;
|
|
Packit Service |
639700 |
}
|
|
Packit Service |
639700 |
|
|
Packit Service |
639700 |
g_slice_free (RequestData, req_data);
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
gboolean
|
|
Packit |
fabffb |
applet_vpn_request_get_secrets (SecretsRequest *req, GError **error)
|
|
Packit |
fabffb |
{
|
|
Packit |
fabffb |
VpnSecretsInfo *info = (VpnSecretsInfo *) req;
|
|
Packit |
fabffb |
RequestData *req_data;
|
|
Packit |
fabffb |
NMSettingConnection *s_con;
|
|
Packit |
fabffb |
NMSettingVpn *s_vpn;
|
|
Packit |
fabffb |
const char *connection_type;
|
|
Packit |
fabffb |
const char *service_type;
|
|
Packit |
fabffb |
const char *auth_dialog;
|
|
Packit |
fabffb |
gs_unref_object NMVpnPluginInfo *plugin = NULL;
|
|
Packit |
fabffb |
int child_stdin;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
applet_secrets_request_set_free_func (req, free_vpn_secrets_info);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
s_con = nm_connection_get_setting_connection (req->connection);
|
|
Packit |
fabffb |
s_vpn = nm_connection_get_setting_vpn (req->connection);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
connection_type = nm_setting_connection_get_connection_type (s_con);
|
|
Packit |
fabffb |
g_return_val_if_fail (nm_streq0 (connection_type, NM_SETTING_VPN_SETTING_NAME), FALSE);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
service_type = nm_setting_vpn_get_service_type (s_vpn);
|
|
Packit |
fabffb |
g_return_val_if_fail (service_type, FALSE);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
plugin = nm_vpn_plugin_info_new_search_file (NULL, service_type);
|
|
Packit |
fabffb |
auth_dialog = plugin ? nm_vpn_plugin_info_get_auth_dialog (plugin) : NULL;
|
|
Packit |
fabffb |
if (!auth_dialog) {
|
|
Packit |
fabffb |
g_set_error (error,
|
|
Packit |
fabffb |
NM_SECRET_AGENT_ERROR,
|
|
Packit |
fabffb |
NM_SECRET_AGENT_ERROR_FAILED,
|
|
Packit |
fabffb |
"Could not find the authentication dialog for VPN connection type '%s'",
|
|
Packit |
fabffb |
service_type);
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
info->req_data = g_slice_new0 (RequestData);
|
|
Packit |
fabffb |
if (!info->req_data) {
|
|
Packit |
fabffb |
g_set_error_literal (error,
|
|
Packit |
fabffb |
NM_SECRET_AGENT_ERROR,
|
|
Packit |
fabffb |
NM_SECRET_AGENT_ERROR_FAILED,
|
|
Packit |
fabffb |
"Could not create VPN secrets request object");
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
}
|
|
Packit |
fabffb |
req_data = info->req_data;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
g_variant_builder_init (&req_data->secrets_builder, G_VARIANT_TYPE ("a{ss}"));
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
req_data->external_ui_mode = _nm_utils_ascii_str_to_bool (
|
|
Packit |
fabffb |
nm_vpn_plugin_info_lookup_property (plugin,
|
|
Packit |
fabffb |
"GNOME",
|
|
Packit |
fabffb |
"supports-external-ui-mode"),
|
|
Packit |
fabffb |
FALSE);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if (!auth_dialog_spawn (nm_setting_connection_get_id (s_con),
|
|
Packit |
fabffb |
nm_setting_connection_get_uuid (s_con),
|
|
Packit |
fabffb |
(const char *const*) req->hints,
|
|
Packit |
fabffb |
auth_dialog,
|
|
Packit |
fabffb |
service_type,
|
|
Packit |
fabffb |
nm_vpn_plugin_info_supports_hints (plugin),
|
|
Packit |
fabffb |
req_data->external_ui_mode,
|
|
Packit |
fabffb |
req->flags,
|
|
Packit |
fabffb |
&req_data->pid,
|
|
Packit |
fabffb |
&child_stdin,
|
|
Packit |
fabffb |
&req_data->child_stdout,
|
|
Packit |
fabffb |
error))
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/* catch when child is reaped */
|
|
Packit |
fabffb |
req_data->watch_id = g_child_watch_add (req_data->pid, child_finished_cb, info);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/* listen to what child has to say */
|
|
Packit |
fabffb |
req_data->channel = g_io_channel_unix_new (req_data->child_stdout);
|
|
Packit |
fabffb |
req_data->child_response = g_string_sized_new (4096);
|
|
Packit |
fabffb |
req_data->channel_eventid = g_io_add_watch (req_data->channel,
|
|
Packit |
fabffb |
G_IO_IN | G_IO_ERR | G_IO_HUP | G_IO_NVAL,
|
|
Packit |
fabffb |
child_stdout_data_cb,
|
|
Packit |
fabffb |
info);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
if (!connection_to_fd (req->connection, child_stdin, error))
|
|
Packit |
fabffb |
return FALSE;
|
|
Packit |
fabffb |
close (child_stdin);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
g_io_channel_set_encoding (req_data->channel, NULL, NULL);
|
|
Packit |
fabffb |
|
|
Packit |
fabffb |
/* Dump parts of the connection to the child */
|
|
Packit |
fabffb |
return TRUE;
|
|
Packit |
fabffb |
}
|