debian/0000755000000000000000000000000012306165756007201 5ustar debian/control0000644000000000000000000000353312305712354010577 0ustar Source: network-manager-openvpn Section: net Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Utopia Maintenance Team Uploaders: Michael Biebl Build-Depends: debhelper (>= 8), dpkg-dev (>= 1.16.1), dh-autoreconf, network-manager-dev (>= 0.9.8), libnm-util-dev (>= 0.9.8), libnm-glib-dev (>= 0.9.8), libnm-glib-vpn-dev (>= 0.9.8), intltool, libdbus-glib-1-dev (>= 0.74), libgnome-keyring-dev, libgtk-3-dev (>= 3.0), libglib2.0-dev Standards-Version: 3.9.4 Homepage: http://www.gnome.org/projects/NetworkManager/ Package: network-manager-openvpn Architecture: linux-any Depends: ${shlibs:Depends}, ${misc:Depends}, openvpn (>= 2.1~rc9) Recommends: network-manager-openvpn-gnome | plasma-widget-networkmanagement Description: network management framework (OpenVPN plugin core) NetworkManager is a system network service that manages your network devices and connections, attempting to keep active network connectivity when available. It manages ethernet, WiFi, mobile broadband (WWAN), and PPPoE devices, and provides VPN integration with a variety of different VPN services. . This package provides a VPN plugin for OpenVPN. Package: network-manager-openvpn-gnome Architecture: linux-any Depends: ${shlibs:Depends}, ${misc:Depends}, network-manager-openvpn (= ${binary:Version}) Description: network management framework (OpenVPN plugin GNOME GUI) NetworkManager is a system network service that manages your network devices and connections, attempting to keep active network connectivity when available. It manages ethernet, WiFi, mobile broadband (WWAN), and PPPoE devices, and provides VPN integration with a variety of different VPN services. . This package provides the GNOME bits of NetworkManager's OpenVPN plugin. debian/watch0000644000000000000000000000016212305712354010220 0ustar version=3 http://download.gnome.org/sources/NetworkManager-openvpn/([\d\.]+)/NetworkManager-openvpn-(.*)\.tar\.xz debian/changelog0000644000000000000000000002731612306165753011061 0ustar network-manager-openvpn (0.9.8.2-1ubuntu4) trusty; urgency=medium * Fix IPv6 DNS support. Return IPv6 DNS servers are now passed to Network Manager and the list of domains is also now passed for both IPv4 and IPv6 so that split DNS works as expected. -- Stéphane Graber Thu, 06 Mar 2014 16:43:05 -0500 network-manager-openvpn (0.9.8.2-1ubuntu3) trusty; urgency=medium * debian/patches/enable_ipv6.patch: allow openvpn to tunnel IPv6. (LP: #777161) -- Mathieu Trudel-Lapierre Thu, 06 Mar 2014 11:58:16 -0500 network-manager-openvpn (0.9.8.2-1ubuntu2) saucy; urgency=low * Sync with Debian. Remaining changes: - Recommends: network-manager-openvpn-gnome or plasma-widget-networkmanagement. - Drop Vcs-* fields. - debian/patches/gtk_table_to_gtk_grid.patch: port GtkTable uses in vpn password dialog to a GtkGrid. * Dropped changes: - debian/patches/auth_dialog_libexecdir.patch: Applied in new version -- Jeremy Bicha Mon, 10 Jun 2013 20:00:37 -0400 network-manager-openvpn (0.9.8.2-1) unstable; urgency=low * New upstream release. * Bump network-manager Build-Depends to (>= 0.9.8). * Fix path to connection-editor plugin in service file. Patch cherry-picked from upstream Git. * Use dh-autoreconf to update the build system. -- Michael Biebl Tue, 11 Jun 2013 00:19:06 +0200 network-manager-openvpn (0.9.8.0-2) unstable; urgency=low * Mark binary packages as linux-any. * Upload to unstable. * Bump Standards-Version to 3.9.4. No further changes. -- Michael Biebl Mon, 06 May 2013 18:03:37 +0200 network-manager-openvpn (0.9.8.0-1) experimental; urgency=low * New upstream release. * Use --list-missing to show uninstalled files. * Drop obsolete Breaks/Replaces. * 01-export-user-nobody.patch: When exporting an OpenVPN connection, use user nobody / group nogroup. Debian doesn't have a dedicated openvpn system account for this purpose. (Closes: #592527) -- Michael Biebl Thu, 21 Feb 2013 15:09:10 +0100 network-manager-openvpn (0.9.6.0-1) experimental; urgency=low * New upstream release. * Bump Build-Depends on libnm-*-dev and network-manager-dev to (>= 0.9.6). -- Michael Biebl Sat, 27 Oct 2012 00:04:11 +0200 network-manager-openvpn (0.9.4.0-1) unstable; urgency=low * New upstream release. * Fix versioned Build-Depends on dpkg-dev. The buildflags.mk snippet was added in version 1.16.1, not 1.6.1. * Bump Build-Depends on libnm-*-dev and network-manager-dev to (>= 0.9.4). * Drop Build-Depends on libgconf2-dev. * Update debian/copyright using the machine-readable copyright format 1.0. * Bump Standards-Version to 3.9.3. -- Michael Biebl Sat, 24 Mar 2012 23:27:08 +0100 network-manager-openvpn (0.9.2.0-1) unstable; urgency=low * New upstream release. * debian/control - Bump Build-Depends on libnm-*-dev and network-manager-dev to (>= 0.9.2). * Enable default hardening options from dpkg-buildflags. - Use buildflags.mk snippet in debian/rules. - Add Build-Depends on dpkg-dev (>= 1.6.1). -- Michael Biebl Sat, 12 Nov 2011 06:19:00 +0100 network-manager-openvpn (0.9.0-3) unstable; urgency=low * debian/watch: Track .xz tarballs. * Build against GTK 3. -- Michael Biebl Sun, 16 Oct 2011 08:53:47 +0200 network-manager-openvpn (0.9.0-2) unstable; urgency=low * Upload to unstable. -- Michael Biebl Fri, 16 Sep 2011 21:09:27 +0200 network-manager-openvpn (0.9.0-1) experimental; urgency=low * New upstream release. * debian/control - Bump Build-Depends on libnm-*-dev and network-manager-dev to (>= 0.9). -- Michael Biebl Wed, 24 Aug 2011 15:29:05 +0200 network-manager-openvpn (0.8.999-1) experimental; urgency=low * New upstream release (0.9 rc2). -- Michael Biebl Wed, 04 May 2011 23:54:48 +0200 network-manager-openvpn (0.8.998-1) experimental; urgency=low * New upstream release. * debian/control - Bump Build-Depends on libnm-*-dev and network-manager-dev to (>= 0.8.998). - Bump Build-Depends on libgtk2.0-dev to (>= 2.20). * debian/rules - Build against GTK+ version 2. -- Michael Biebl Tue, 03 May 2011 01:04:35 +0200 network-manager-openvpn (0.8.4-1) unstable; urgency=low * New upstream release. * debian/control - Bump Build-Depends on libnm-*-dev and network-manager-dev to (>= 0.8.4). - Bump Standards-Version to 3.9.2. No further changes. - Update package descriptions. * debian/watch - Switch to bzip2. -- Michael Biebl Thu, 21 Apr 2011 17:16:03 +0200 network-manager-openvpn (0.8.3.995-1) unstable; urgency=low * New upstream release (0.8.4 beta1). * Bump debhelper compatibility level to 8. * debian/control - Drop Build-Depends on libglade2-dev, converted to GtkBuilder. - Bump Build-Depends on libnm-*-dev and network-manager-dev to (>= 0.8.3.995). -- Michael Biebl Sat, 19 Mar 2011 10:31:05 +0100 network-manager-openvpn (0.8.2-3) unstable; urgency=low * Upload to unstable. -- Michael Biebl Mon, 07 Feb 2011 01:23:08 +0100 network-manager-openvpn (0.8.2-2) experimental; urgency=low * Switch from cdbs to dh - Drop Build-Depends on cdbs. - Bump Build-Depends on debhelper to (>= 7.0.50~) for override targets. - Convert debian/rules to use dh. - Rename debian/docs to debian/network-manager-openvpn.docs so it is correctly picked up by dh_installdocs. -- Michael Biebl Wed, 22 Dec 2010 04:38:53 +0100 network-manager-openvpn (0.8.2-1) experimental; urgency=low * New upstream release. * Update Vcs-* fields: Move packaging from svn to git. * debian/control - Bump Build-Depends on libnm-* packages to (>= 0.8.2). -- Michael Biebl Sat, 18 Dec 2010 07:38:45 +0100 network-manager-openvpn (0.8.1-1) unstable; urgency=low * New upstream release. * Switch to source format 3.0 (quilt). - Add debian/source/format. - Drop Build-Depends on quilt. - Remove /usr/share/cdbs/1/rules/patchsys-quilt.mk from debian/rules. - Remove debian/README.source. * debian/control - Bump Build-Depends on libnm-* packages to (>= 0.8.1). - Bump Standards-Version to 3.9.1. Use Breaks instead of Conflicts as recommended by the new policy. -- Michael Biebl Tue, 27 Jul 2010 14:14:38 +0200 network-manager-openvpn (0.8-1) unstable; urgency=low * New upstream release. * debian/control - Bump Build-Depends on libnm-* packages to (>= 0.8). - Bump Standards-Version to 3.8.4. No further changes. * debian/network-manager-openvpn-gnome.install - Remove .desktop file and icons, no longer installed upstream. -- Michael Biebl Mon, 22 Feb 2010 09:41:59 +0100 network-manager-openvpn (0.7.999-2) unstable; urgency=low * Upload to unstable. -- Michael Biebl Wed, 27 Jan 2010 00:49:41 +0100 network-manager-openvpn (0.7.999-1) experimental; urgency=low * New upstream release (0.8 RC3). * debian/control - Bump Build-Depends on libnm-* packages to (>= 0.7.999). - Bump Build-Depends on libdbus-glib-1-dev to (>= 0.74). * debian/patches/03_allow_servercert_override.diff - Drop, does no longer apply and has been disabled for quite a while. -- Michael Biebl Sat, 23 Jan 2010 01:07:20 +0100 network-manager-openvpn (0.7.2-1) unstable; urgency=low [ Soren Hansen ] * Remove myself from Uploaders. [ Michael Biebl ] * New upstream release. * debian/control - Bump build dependencies on nm packages to (>= 0.7.2). - Bump Standards-Version to 3.8.3. No further changes. -- Michael Biebl Fri, 27 Nov 2009 10:12:21 +0100 network-manager-openvpn (0.7.1-1) unstable; urgency=low * New upstream release. * Bump Standards-Version to 3.8.1. No further changes. -- Michael Biebl Thu, 16 Apr 2009 16:50:50 +0200 network-manager-openvpn (0.7.0.99-1) unstable; urgency=low * New upstream release (0.7.1 rc3). -- Michael Biebl Thu, 05 Mar 2009 13:35:17 +0100 network-manager-openvpn (0.7.0.97-1) unstable; urgency=low * New upstream release. * debian/patches/01_dbus_policy.patch - Removed, merged upstream. * debian/control - Drop libgnomeui-dev from Build-Depends, no longer required. -- Michael Biebl Wed, 25 Feb 2009 10:43:09 +0100 network-manager-openvpn (0.7.0-2) experimental; urgency=low * debian/control - Wrap build dependencies. - Bump build dependency on debhelper to (>= 7). * debian/compat - Bump to debhelper v7 compat mode. * debian/patches/01_dbus_policy.patch - Remove bare send_interface. (Closes: #510730) * debian/rules - Include gnome.mk cdbs class instead of autotools.mk. -- Michael Biebl Sat, 14 Feb 2009 13:50:13 +0100 network-manager-openvpn (0.7.0-1) experimental; urgency=low * New upstream release. * debian/control - Add Vcs-* fields pointing to the Subversion repository of the package. - Bump Standards-Version to 3.8.0. Add REAME.source as recommended by the new policy. - Fix GNOME spelling error in the package description. - Set Utopia Maintenance Team as Maintainer, add myself and Soren to Uploaders. - Add Homepage: field. - Update build dependencies. - Bump dependency on openvpn to (>= 2.1~rc9) for the --script-security option. * debian/rules - Do not run autogen.sh, the upstream tarball contains a proper build system now. - Install plugins into /usr/lib/NetworkManager, so NetworkManager can find them. * debian/*.install - Update accordingly. * Switch patch management system to quilt. * Drop obsolete patches - debian/patches/01_fix_dbus_signal_name.diff - debian/patches/02_fix_wrong_awk_path.diff - debian/patches/07_nm-openvpn-server-name.diff * Disable patches which do not apply cleanly anymore - debian/patches/03_allow_servercert_override.diff - debian/patches/04_increase_timeout.diff - debian/patches/06_pull_dns_domain.diff * debian/network-manager-openvpn.postinst - Do no longer restart NetworkManager, only tell dbus to reload the config files. * debian/watch - Add watch file which allows to track new upstream releases. * debian/copyright - Revised and updated. -- Michael Biebl Mon, 15 Dec 2008 21:15:16 +0100 network-manager-openvpn (0.3.2svn2855-1) unstable; urgency=low * New SVN checkout (Closes: #444907) * Fixed wrong awk path (Closes: #421381) * Added libnm-util-dev to build-depends (Closes: #441188) * Split package into n-m-o and n-m-o-gnome (added Replaces and Conflicts accordingly) (Closes: #425126) * Pick up patches from Ubuntu (Thanks to Philipp Kern for collecting these!) - 03_allow_servercert_override.diff + Allow the user to turn off the check for a proper nsCertType=server extension bit set in the server's certificate. - 04_increase_timeout.diff + Increased the timeout before openvpn gets killed forcefully from 5s to 15s. - 06_pull_dns_domain.diff + Pull DNS domain setting from remote OpenVPN server. * 06_pull_dns_domain.diff - Don't crash if the server doesn't provide us with a DNS domain. * Use /etc/init.d/network-manager instead of /etc/dbus/event.d/25NetworkManager. -- Soren Hansen Tue, 02 Oct 2007 12:30:00 +0200 network-manager-openvpn (0.3.2svn2342-1) unstable; urgency=low * Initial upload to Debian (Closes: #368748) -- Soren Hansen Tue, 6 Mar 2007 15:50:48 +0100 debian/compat0000644000000000000000000000000212305712354010366 0ustar 8 debian/gbp.conf0000644000000000000000000000006512305712354010610 0ustar [DEFAULT] pristine-tar = True debian-branch = master debian/network-manager-openvpn.install0000644000000000000000000000014712305712354015346 0ustar etc usr/lib/NetworkManager/nm-openvpn-service usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper debian/network-manager-openvpn-gnome.install0000644000000000000000000000017312305712354016450 0ustar usr/lib/NetworkManager/*.so* usr/lib/NetworkManager/nm-openvpn-auth-dialog usr/share/gnome-vpn-properties usr/share/locale debian/rules0000755000000000000000000000055312305712354010253 0ustar #!/usr/bin/make -f DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk %: dh $@ --with autoreconf override_dh_auto_configure: dh_auto_configure -- \ --libexecdir=/usr/lib/NetworkManager \ --disable-static \ --with-gtkver=3 override_dh_makeshlibs: dh_makeshlibs -X/usr/lib/NetworkManager/ override_dh_install: dh_install --list-missing debian/network-manager-openvpn.postinst0000644000000000000000000000040612305712354015561 0ustar #!/bin/sh set -e case "$1" in configure) if [ -x "/etc/init.d/dbus" ]; then if [ -x /usr/sbin/invoke-rc.d ]; then invoke-rc.d dbus force-reload || true else /etc/init.d/dbus force-reload || true fi fi ;; esac #DEBHELPER# exit 0 debian/patches/0000755000000000000000000000000012306165620010616 5ustar debian/patches/enable_ipv6.patch0000644000000000000000000004146012306000162014023 0ustar From 77115c5377e009220c3c98102450f92d3a7f6f9e Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Thu, 09 Jan 2014 22:11:37 +0000 Subject: merge: add IPv6 tunnel support (bgo #682620) Requires NM commit: 90782cf platform: ignore errors adding IPv6 point-to-point address --- diff --git a/properties/nm-openvpn.c b/properties/nm-openvpn.c index 09d8a51..a7404b9 100644 --- a/properties/nm-openvpn.c +++ b/properties/nm-openvpn.c @@ -692,7 +692,9 @@ get_suggested_name (NMVpnPluginUiInterface *iface, NMConnection *connection) static guint32 get_capabilities (NMVpnPluginUiInterface *iface) { - return (NM_VPN_PLUGIN_UI_CAPABILITY_IMPORT | NM_VPN_PLUGIN_UI_CAPABILITY_EXPORT); + return (NM_VPN_PLUGIN_UI_CAPABILITY_IMPORT | + NM_VPN_PLUGIN_UI_CAPABILITY_EXPORT | + NM_VPN_PLUGIN_UI_CAPABILITY_IPV6); } static NMVpnPluginUiWidgetInterface * diff --git a/src/nm-openvpn-service-openvpn-helper.c b/src/nm-openvpn-service-openvpn-helper.c index 766703d..601229e 100644 --- a/src/nm-openvpn-service-openvpn-helper.c +++ b/src/nm-openvpn-service-openvpn-helper.c @@ -53,6 +53,9 @@ extern char **environ; #define DBUS_TYPE_G_ARRAY_OF_UINT (dbus_g_type_get_collection ("GArray", G_TYPE_UINT)) #define DBUS_TYPE_G_ARRAY_OF_ARRAY_OF_UINT (dbus_g_type_get_collection ("GPtrArray", DBUS_TYPE_G_ARRAY_OF_UINT)) #define DBUS_TYPE_G_PTR_ARRAY_OF_STRING (dbus_g_type_get_collection ("GPtrArray", G_TYPE_STRING)) +#define DBUS_TYPE_G_MAP_OF_VARIANT (dbus_g_type_get_map ("GHashTable", G_TYPE_STRING, G_TYPE_VALUE)) +#define DBUS_TYPE_G_IP6_ROUTE (dbus_g_type_get_struct ("GValueArray", DBUS_TYPE_G_UCHAR_ARRAY, G_TYPE_UINT, DBUS_TYPE_G_UCHAR_ARRAY, G_TYPE_UINT, G_TYPE_INVALID)) +#define DBUS_TYPE_G_ARRAY_OF_IP6_ROUTE (dbus_g_type_get_collection ("GPtrArray", DBUS_TYPE_G_IP6_ROUTE)) static void helper_failed (DBusGConnection *connection, const char *reason) @@ -83,25 +86,49 @@ helper_failed (DBusGConnection *connection, const char *reason) } static void -send_ip4_config (DBusGConnection *connection, GHashTable *config) +send_config (DBusGConnection *connection, GHashTable *config, + GHashTable *ip4config, GHashTable *ip6config) { DBusGProxy *proxy; GError *err = NULL; proxy = dbus_g_proxy_new_for_name (connection, - NM_DBUS_SERVICE_OPENVPN, - NM_VPN_DBUS_PLUGIN_PATH, - NM_VPN_DBUS_PLUGIN_INTERFACE); + NM_DBUS_SERVICE_OPENVPN, + NM_VPN_DBUS_PLUGIN_PATH, + NM_VPN_DBUS_PLUGIN_INTERFACE); + + if (!dbus_g_proxy_call (proxy, "SetConfig", &err, + DBUS_TYPE_G_MAP_OF_VARIANT, + config, + G_TYPE_INVALID, + G_TYPE_INVALID) && err) { + g_warning ("Could not send configuration information: %s", err->message); + g_error_free (err); + err = NULL; + } - dbus_g_proxy_call (proxy, "SetIp4Config", &err, - dbus_g_type_get_map ("GHashTable", G_TYPE_STRING, G_TYPE_VALUE), - config, - G_TYPE_INVALID, - G_TYPE_INVALID); + if (ip4config) { + if (!dbus_g_proxy_call (proxy, "SetIp4Config", &err, + DBUS_TYPE_G_MAP_OF_VARIANT, + ip4config, + G_TYPE_INVALID, + G_TYPE_INVALID) && err) { + g_warning ("Could not send IPv4 configuration information: %s", err->message); + g_error_free (err); + err = NULL; + } + } - if (err) { - g_warning ("Could not send failure information: %s", err->message); - g_error_free (err); + if (ip6config) { + if (!dbus_g_proxy_call (proxy, "SetIp6Config", &err, + DBUS_TYPE_G_MAP_OF_VARIANT, + ip6config, + G_TYPE_INVALID, + G_TYPE_INVALID) && err) { + g_warning ("Could not send IPv6 configuration information: %s", err->message); + g_error_free (err); + err = NULL; + } } g_object_unref (proxy); @@ -148,7 +175,18 @@ uint_to_gvalue (guint32 num) } static GValue * -addr_to_gvalue (const char *str) +bool_to_gvalue (gboolean b) +{ + GValue *val; + + val = g_slice_new0 (GValue); + g_value_init (val, G_TYPE_BOOLEAN); + g_value_set_boolean (val, b); + return val; +} + +static GValue * +addr4_to_gvalue (const char *str) { struct in_addr temp_addr; GValue *val; @@ -168,11 +206,11 @@ addr_to_gvalue (const char *str) } static GValue * -parse_addr_list (GValue *value_array, const char *str) +parse_addr4_list (GValue *value_array, const char *str) { char **split; int i; - struct in_addr temp_addr; + struct in_addr temp_addr; GArray *array; /* Empty */ @@ -197,26 +235,50 @@ parse_addr_list (GValue *value_array, const char *str) g_value_init (value_array, DBUS_TYPE_G_UINT_ARRAY); g_value_set_boxed (value_array, array); } + if (!value_array) + g_array_free (array, TRUE); return value_array; } +static GValue * +addr6_to_gvalue (const char *str) +{ + struct in6_addr temp_addr; + GValue *val; + GByteArray *ba; + + /* Empty */ + if (!str || strlen (str) < 1) + return NULL; + + if (inet_pton (AF_INET6, str, &temp_addr) <= 0) + return NULL; + + val = g_slice_new0 (GValue); + g_value_init (val, DBUS_TYPE_G_UCHAR_ARRAY); + ba = g_byte_array_new (); + g_byte_array_append (ba, (guint8 *) &temp_addr, sizeof (temp_addr)); + g_value_take_boxed (val, ba); + return val; +} + static inline gboolean is_domain_valid (const char *str) { return (str && (strlen(str) >= 1) && (strlen(str) <= 255)); } +#define BUFLEN 256 + static GValue * -get_routes (void) +get_ip4_routes (void) { GValue *value = NULL; GPtrArray *routes; char *tmp; int i; -#define BUFLEN 256 - routes = g_ptr_array_new (); for (i = 1; i < 256; i++) { @@ -287,14 +349,106 @@ get_routes (void) } static GValue * +get_ip6_routes (void) +{ + GValue *value = NULL; + GSList *routes; + char *tmp; + int i; + + routes = NULL; + + for (i = 1; i < 256; i++) { + NMIP6Route *route; + char buf[BUFLEN]; + struct in6_addr network, gateway; + guint32 prefix; + gchar **dest_prefix; + + snprintf (buf, BUFLEN, "route_ipv6_network_%d", i); + tmp = getenv (buf); + if (!tmp || strlen (tmp) < 1) + break; + + /* Split network string in "dest/prefix" format */ + dest_prefix = g_strsplit (tmp, "/", 2); + + tmp = dest_prefix[0]; + if (inet_pton (AF_INET6, tmp, &network) <= 0) { + g_warning ("Ignoring invalid static route address '%s'", tmp ? tmp : "NULL"); + g_strfreev (dest_prefix); + continue; + } + + tmp = dest_prefix[1]; + if (tmp) { + long int tmp_prefix; + + errno = 0; + tmp_prefix = strtol (tmp, NULL, 10); + if (errno || tmp_prefix <= 0 || tmp_prefix > 128) { + g_warning ("Ignoring invalid static route prefix '%s'", tmp ? tmp : "NULL"); + g_strfreev (dest_prefix); + continue; + } + prefix = (guint32) tmp_prefix; + } else { + g_warning ("Ignoring static route %d with no prefix length", i); + g_strfreev (dest_prefix); + continue; + } + g_strfreev (dest_prefix); + + snprintf (buf, BUFLEN, "route_ipv6_gateway_%d", i); + tmp = getenv (buf); + /* gateway can be missing */ + if (tmp && (inet_pton (AF_INET6, tmp, &gateway) <= 0)) { + g_warning ("Ignoring invalid static route gateway '%s'", tmp ? tmp : "NULL"); + continue; + } + + route = nm_ip6_route_new (); + nm_ip6_route_set_dest (route, &network); + nm_ip6_route_set_prefix (route, prefix); + nm_ip6_route_set_next_hop (route, &gateway); + + routes = g_slist_append (routes, route); + } + + if (routes) { + GSList *iter; + + value = g_slice_new0 (GValue); + g_value_init (value, DBUS_TYPE_G_ARRAY_OF_IP6_ROUTE); + nm_utils_ip6_routes_to_gvalue (routes, value); + + for (iter = routes; iter; iter = iter->next) + nm_ip6_route_unref (iter->data); + g_slist_free (routes); + } + + return value; +} + +static GValue * trusted_remote_to_gvalue (void) { char *tmp; GValue *val = NULL; - struct in_addr addr; const char *p; gboolean is_name = FALSE; + tmp = getenv ("trusted_ip6"); + if (tmp) { + val = addr6_to_gvalue(tmp); + if (val == NULL) { + g_warning ("%s: failed to convert VPN gateway address '%s' (%d)", + __func__, tmp, errno); + return NULL; + } + return val; + } + tmp = getenv ("trusted_ip"); if (!tmp) tmp = getenv ("remote_1"); @@ -303,7 +457,7 @@ trusted_remote_to_gvalue (void) return NULL; } - /* Check if it seems to be a hostname hostname */ + /* Check if it seems to be a hostname */ p = tmp; while (*p) { if (*p != '.' && !isdigit (*p)) { @@ -313,12 +467,14 @@ trusted_remote_to_gvalue (void) p++; } - /* Resolve a hostname if required */ + /* Resolve a hostname if required. Only look for IPv4 addresses */ if (is_name) { + struct in_addr addr; struct addrinfo hints; struct addrinfo *result = NULL, *rp; int err; + addr.s_addr = 0; memset (&hints, 0, sizeof (hints)); hints.ai_family = AF_INET; @@ -345,24 +501,22 @@ trusted_remote_to_gvalue (void) } freeaddrinfo (result); + if (addr.s_addr != 0) + return uint_to_gvalue (addr.s_addr); + else { + g_warning ("%s: failed to convert or look up VPN gateway address '%s'", + __func__, tmp); + return NULL; + } } else { - errno = 0; - if (inet_pton (AF_INET, tmp, &addr) <= 0) { + val = addr4_to_gvalue (tmp); + if (val == NULL) { g_warning ("%s: failed to convert VPN gateway address '%s' (%d)", __func__, tmp, errno); return NULL; } } - if (addr.s_addr != 0) { - val = g_slice_new0 (GValue); - g_value_init (val, G_TYPE_UINT); - g_value_set_uint (val, addr.s_addr); - } else { - g_warning ("%s: failed to convert or look up VPN gateway address '%s'", - __func__, tmp); - } - return val; } @@ -370,7 +524,7 @@ int main (int argc, char *argv[]) { DBusGConnection *connection; - GHashTable *config; + GHashTable *config, *ip4config, *ip6config; char *tmp; GValue *val; int i; @@ -401,39 +555,50 @@ main (int argc, char *argv[]) } config = g_hash_table_new (g_str_hash, g_str_equal); + ip4config = g_hash_table_new (g_str_hash, g_str_equal); + ip6config = g_hash_table_new (g_str_hash, g_str_equal); /* External world-visible VPN gateway */ val = trusted_remote_to_gvalue (); if (val) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY, val); + g_hash_table_insert (config, NM_VPN_PLUGIN_CONFIG_EXT_GATEWAY, val); else helper_failed (connection, "VPN Gateway"); /* Internal VPN subnet gateway */ - val = addr_to_gvalue (getenv ("route_vpn_gateway")); + tmp = getenv ("route_vpn_gateway"); + val = addr4_to_gvalue (tmp); if (val) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_INT_GATEWAY, val); + g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_INT_GATEWAY, val); + else { + val = addr6_to_gvalue (tmp); + if (val) + g_hash_table_insert (ip6config, NM_VPN_PLUGIN_IP6_CONFIG_INT_GATEWAY, val); + } /* VPN device */ tmp = getenv ("dev"); val = str_to_gvalue (tmp, FALSE); if (val) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); + g_hash_table_insert (config, NM_VPN_PLUGIN_CONFIG_TUNDEV, val); else helper_failed (connection, "Tunnel Device"); if (strncmp (tmp, "tap", 3) == 0) tapdev = TRUE; - /* IP address */ - val = addr_to_gvalue (getenv ("ifconfig_local")); - if (val) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val); - else - helper_failed (connection, "IP4 Address"); + /* IPv4 address */ + tmp = getenv ("ifconfig_local"); + if (tmp && strlen (tmp)) { + val = addr4_to_gvalue (tmp); + if (val) + g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val); + else + helper_failed (connection, "IP4 Address"); + } /* PTP address; for vpnc PTP address == internal IP4 address */ - val = addr_to_gvalue (getenv ("ifconfig_remote")); + val = addr4_to_gvalue (getenv ("ifconfig_remote")); if (val) { /* Sigh. Openvpn added 'topology' stuff in 2.1 that changes the meaning * of the ifconfig bits without actually telling you what they are @@ -446,9 +611,9 @@ main (int argc, char *argv[]) /* probably a netmask, not a PTP address; topology == subnet */ addr = g_value_get_uint (val); g_value_set_uint (val, nm_utils_ip4_netmask_to_prefix (addr)); - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val); + g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val); } else - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PTP, val); + g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_PTP, val); } /* Netmask @@ -463,22 +628,61 @@ main (int argc, char *argv[]) val = g_slice_new0 (GValue); g_value_init (val, G_TYPE_UINT); g_value_set_uint (val, nm_utils_ip4_netmask_to_prefix (temp_addr.s_addr)); - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val); + g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val); } else if (!tapdev) { - if (!g_hash_table_lookup (config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX)) { + if (!g_hash_table_lookup (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX)) { val = g_slice_new0 (GValue); g_value_init (val, G_TYPE_UINT); g_value_set_uint (val, 32); - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val); + g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val); } } else g_warning ("No IP4 netmask/prefix (missing or invalid 'ifconfig_netmask')"); - val = get_routes (); + val = get_ip4_routes (); if (val) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_ROUTES, val); + g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_ROUTES, val); + + /* IPv6 address */ + tmp = getenv ("ifconfig_ipv6_local"); + if (tmp && strlen (tmp)) { + val = addr6_to_gvalue (tmp); + if (val) + g_hash_table_insert (ip6config, NM_VPN_PLUGIN_IP6_CONFIG_ADDRESS, val); + else + helper_failed (connection, "IP6 Address"); + } + + /* IPv6 remote address */ + tmp = getenv ("ifconfig_ipv6_remote"); + if (tmp && strlen (tmp)) { + val = addr6_to_gvalue (tmp); + if (val) + g_hash_table_insert (ip6config, NM_VPN_PLUGIN_IP6_CONFIG_PTP, val); + else + helper_failed (connection, "IP6 PTP Address"); + } - /* DNS and WINS servers */ + /* IPv6 netbits */ + tmp = getenv ("ifconfig_ipv6_netbits"); + if (tmp && strlen (tmp)) { + long int netbits; + + errno = 0; + netbits = strtol (tmp, NULL, 10); + if (errno || netbits < 0 || netbits > 128) { + g_warning ("Ignoring invalid prefix '%s'", tmp); + } else { + val = uint_to_gvalue ((guint32) netbits); + g_hash_table_insert (ip6config, NM_VPN_PLUGIN_IP6_CONFIG_PREFIX, val); + } + } + + val = get_ip6_routes (); + if (val) + g_hash_table_insert (ip6config, NM_VPN_PLUGIN_IP6_CONFIG_ROUTES, val); + + /* DNS and WINS servers */ dns_domains = g_ptr_array_sized_new (3); for (i = 1; i < 256; i++) { char *env_name; @@ -496,22 +700,22 @@ main (int argc, char *argv[]) tmp += 12; /* strlen ("dhcp-option ") */ if (g_str_has_prefix (tmp, "DNS ")) - dns_list = parse_addr_list (dns_list, tmp + 4); + dns_list = parse_addr4_list (dns_list, tmp + 4); else if (g_str_has_prefix (tmp, "WINS ")) - nbns_list = parse_addr_list (nbns_list, tmp + 5); + nbns_list = parse_addr4_list (nbns_list, tmp + 5); else if (g_str_has_prefix (tmp, "DOMAIN ") && is_domain_valid (tmp + 7)) g_ptr_array_add (dns_domains, tmp + 7); } if (dns_list) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, dns_list); + g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, dns_list); if (nbns_list) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, nbns_list); + g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, nbns_list); if (dns_domains->len) { val = g_slice_new0 (GValue); g_value_init (val, DBUS_TYPE_G_PTR_ARRAY_OF_STRING); g_value_take_boxed (val, dns_domains); - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAINS, val); + g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAINS, val); } else g_ptr_array_free (dns_domains, TRUE); @@ -526,12 +730,28 @@ main (int argc, char *argv[]) g_warning ("Ignoring invalid tunnel MTU '%s'", tmp); } else { val = uint_to_gvalue ((guint32) mtu); - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_MTU, val); + g_hash_table_insert (config, NM_VPN_PLUGIN_CONFIG_MTU, val); } } + if (g_hash_table_size (ip4config)) { + g_hash_table_insert (config, NM_VPN_PLUGIN_CONFIG_HAS_IP4, + bool_to_gvalue (TRUE)); + } else { + g_hash_table_destroy (ip4config); + ip4config = NULL; + } + + if (g_hash_table_size (ip6config)) { + g_hash_table_insert (config, NM_VPN_PLUGIN_CONFIG_HAS_IP6, + bool_to_gvalue (TRUE)); + } else { + g_hash_table_destroy (ip6config); + ip6config = NULL; + } + /* Send the config info to nm-openvpn-service */ - send_ip4_config (connection, config); + send_config (connection, config, ip4config, ip6config); return 0; } -- cgit v0.9.2 debian/patches/gtk_table_to_gtk_grid.patch0000644000000000000000000000343712305712354016157 0ustar From: Mathieu Trudel-Lapierre Subject: Port GtkTable uses to GtkGrid. Index: network-manager-openvpn/auth-dialog/vpn-password-dialog.c =================================================================== --- network-manager-openvpn.orig/auth-dialog/vpn-password-dialog.c 2012-02-15 09:43:48.542026000 -0500 +++ network-manager-openvpn/auth-dialog/vpn-password-dialog.c 2012-02-15 11:53:10.116649610 -0500 @@ -124,8 +124,8 @@ label = gtk_label_new_with_mnemonic (label_text); gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5); - gtk_table_attach_defaults (GTK_TABLE (table), label, 0, 1, row, row + 1); - gtk_table_attach_defaults (GTK_TABLE (table), entry, 1, 2, row, row + 1); + gtk_grid_attach (GTK_GRID (table), label, 0, row, 1, 1); + gtk_grid_attach (GTK_GRID (table), entry, 1, row, 1, 1); gtk_label_set_mnemonic_widget (GTK_LABEL (label), entry); } @@ -154,7 +154,7 @@ if (priv->show_password_secondary) add_row (priv->table, row++, priv->secondary_password_label, priv->password_entry_secondary); - gtk_table_attach_defaults (GTK_TABLE (priv->table), priv->show_passwords_checkbox, 1, 2, row, row + 1); + gtk_grid_attach (GTK_GRID (priv->table), priv->show_passwords_checkbox, 1, row, 1, 1); gtk_widget_show_all (priv->table); } @@ -228,9 +228,9 @@ priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL); - priv->table = gtk_table_new (4, 2, FALSE); - gtk_table_set_col_spacings (GTK_TABLE (priv->table), 12); - gtk_table_set_row_spacings (GTK_TABLE (priv->table), 6); + priv->table = gtk_grid_new (); + gtk_grid_set_column_spacing (GTK_GRID (priv->table), 12); + gtk_grid_set_row_spacing (GTK_GRID (priv->table), 6); gtk_container_add (GTK_CONTAINER (priv->table_alignment), priv->table); priv->password_entry = gtk_entry_new (); debian/patches/02-fix-path-to-connection-editor-plugin-in-service-file.patch0000644000000000000000000000220412305712354024111 0ustar From 5112af38ab11b3199b59f26954d6a9d6434a4715 Mon Sep 17 00:00:00 2001 From: Dan Winship Date: Mon, 10 Jun 2013 13:16:03 -0300 Subject: [PATCH] Fix path to connection-editor plugin in service file --- Makefile.am | 2 +- nm-openvpn-service.name.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index edbe579..dcd4bcf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -28,7 +28,7 @@ endif nm-openvpn-service.name: $(srcdir)/nm-openvpn-service.name.in sed -e 's|[@]LIBEXECDIR[@]|$(libexecdir)|g' \ - -e 's|[@]LIBDIR[@]|$(libdir)|g' \ + -e 's|[@]PLUGINDIR[@]|$(libdir)/NetworkManager|g' \ $< >$@ DISTCHECK_CONFIGURE_FLAGS = \ diff --git a/nm-openvpn-service.name.in b/nm-openvpn-service.name.in index 50b1ba6..2ee066a 100644 --- a/nm-openvpn-service.name.in +++ b/nm-openvpn-service.name.in @@ -5,6 +5,6 @@ program=@LIBEXECDIR@/nm-openvpn-service [GNOME] auth-dialog=@LIBEXECDIR@/nm-openvpn-auth-dialog -properties=@LIBDIR@/libnm-openvpn-properties +properties=@PLUGINDIR@/libnm-openvpn-properties supports-external-ui-mode=true -- 1.7.10.4 debian/patches/support-ipv6-dns0000644000000000000000000000624212306150122013714 0ustar Description: Add support for IPv6 DNS servers and domains This detects IPv6 addresses in th DNS field, parse them and sets the DNS property for the IPv6 connection. If IPv6 DNS servers are provided, the DNS domains are also passed for the IPv6 connection. Origin: vendor Author: Stéphane Graber Index: network-manager-openvpn-0.9.8.2/src/nm-openvpn-service-openvpn-helper.c =================================================================== --- network-manager-openvpn-0.9.8.2.orig/src/nm-openvpn-service-openvpn-helper.c 2014-03-06 12:47:41.000000000 -0500 +++ network-manager-openvpn-0.9.8.2/src/nm-openvpn-service-openvpn-helper.c 2014-03-06 14:36:20.277425406 -0500 @@ -263,6 +263,46 @@ return val; } +static GValue * +parse_addr6_list (GValue *value_array, const char *str) +{ + char **split; + int i; + struct in6_addr temp_addr; + GPtrArray *array; + GByteArray *ba; + + /* Empty */ + if (!str || strlen (str) < 1) + return value_array; + + if (value_array) + array = (GPtrArray *) g_value_get_boxed (value_array); + else + array = g_ptr_array_new(); + + split = g_strsplit (str, " ", -1); + for (i = 0; split[i]; i++) { + if (inet_pton (AF_INET6, split[i], &temp_addr) > 0) { + ba = g_byte_array_new (); + g_byte_array_append (ba, (guint8 *) &temp_addr, sizeof (temp_addr)); + g_ptr_array_add (array, ba); + } + } + + g_strfreev (split); + + if (!value_array && array->len > 0) { + value_array = g_slice_new0 (GValue); + g_value_init (value_array, DBUS_TYPE_G_ARRAY_OF_ARRAY_OF_UINT); + g_value_set_boxed (value_array, array); + } + if (!value_array) + g_ptr_array_free (array, TRUE); + + return value_array; +} + static inline gboolean is_domain_valid (const char *str) { @@ -530,6 +570,7 @@ int i; GError *err = NULL; GValue *dns_list = NULL; + GValue *dns6_list = NULL; GValue *nbns_list = NULL; GPtrArray *dns_domains = NULL; struct in_addr temp_addr; @@ -699,8 +740,12 @@ tmp += 12; /* strlen ("dhcp-option ") */ - if (g_str_has_prefix (tmp, "DNS ")) - dns_list = parse_addr4_list (dns_list, tmp + 4); + if (g_str_has_prefix (tmp, "DNS ")) { + if (strstr(tmp + 4, ":")) + dns6_list = parse_addr6_list (dns6_list, tmp + 4); + else + dns_list = parse_addr4_list (dns_list, tmp + 4); + } else if (g_str_has_prefix (tmp, "WINS ")) nbns_list = parse_addr4_list (nbns_list, tmp + 5); else if (g_str_has_prefix (tmp, "DOMAIN ") && is_domain_valid (tmp + 7)) @@ -709,13 +754,18 @@ if (dns_list) g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, dns_list); + if (dns6_list) + g_hash_table_insert (ip6config, NM_VPN_PLUGIN_IP6_CONFIG_DNS, dns6_list); if (nbns_list) g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, nbns_list); if (dns_domains->len) { val = g_slice_new0 (GValue); g_value_init (val, DBUS_TYPE_G_PTR_ARRAY_OF_STRING); g_value_take_boxed (val, dns_domains); - g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAINS, val); + if (dns_list) + g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAINS, val); + if (dns6_list) + g_hash_table_insert (ip6config, NM_VPN_PLUGIN_IP6_CONFIG_DOMAINS, val); } else g_ptr_array_free (dns_domains, TRUE); debian/patches/01-export-user-nobody.patch0000644000000000000000000000165312305712354015650 0ustar Description: Use user nobody / group nogroup when exporting an OpenVPN connection Debian doesn't have a separate openvpn system account, so when exporting a connection use nobody / nogroup instead. This is safe, since we use persist-key and persist-tun, which will make openvpn drop privileges after everything has been setup properly. Author: Michael Biebl Bugs-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592527 diff --git a/properties/import-export.c b/properties/import-export.c index 5312e36..191b7f3 100644 --- a/properties/import-export.c +++ b/properties/import-export.c @@ -1007,8 +1007,8 @@ do_export (const char *path, NMConnection *connection, GError **error) "script-security 2\n" "persist-key\n" "persist-tun\n" - "user openvpn\n" - "group openvpn\n"); + "user nobody\n" + "group nogroup\n"); success = TRUE; done: debian/patches/series0000644000000000000000000000030612306132275012032 0ustar # Debian patches for network-manager-openvpn 01-export-user-nobody.patch 02-fix-path-to-connection-editor-plugin-in-service-file.patch gtk_table_to_gtk_grid.patch enable_ipv6.patch support-ipv6-dns debian/network-manager-openvpn.docs0000644000000000000000000000002412305712354014622 0ustar README NEWS AUTHORS debian/copyright0000644000000000000000000000406512305712354011130 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: NetworkManager-openvpn Source: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openvpn/ Files: * Copyright: 2005 - 2011 Red Hat, Inc. 2005 - 2011 Dan Williams 2005 - 2008 Tim Niemueller 2008 Tambet Ingo License: GPL-2+ Files: auth-dialog/vpn-password-dialog.* Copyright: 1999, 2000 Eazel, Inc. 2011 Red Hat, Inc. License: LGPL-2+ License: GPL-2+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . On Debian systems, the complete text of the GNU General Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". License: LGPL-2+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . . On Debian systems, the complete text of the GNU Lesser General Public License can be found in "/usr/share/common-licenses/LGPL-2". debian/source/0000755000000000000000000000000012306124456010471 5ustar debian/source/format0000644000000000000000000000001412305712354011676 0ustar 3.0 (quilt)